openkylin
/
pam
mirror of https://gitee.com/openkylin/pam.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Import Upstream version 1.3.1

This commit is contained in:
openKylinBot 2022-05-14 02:37:31 +08:00
commit 719c250c79
1064 changed files with 283054 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1282
ABOUT-NLS Normal file
View File

File diff suppressed because it is too large Load Diff

7
AUTHORS Normal file
View File

@ -0,0 +1,7 @@
Original authors and current maintainers of Linux-PAM:
Andrew G. Morgan <morgan@kernel.org>
Dmitry V. Levin <ldv@altlinux.org>
Thorsten Kukuk <kukuk@thkukuk.de>
Sebastien Tricaud <toady@gscore.org>
Tomas Mraz <t8m@centrum.cz>

1765
CHANGELOG Normal file
View File

File diff suppressed because it is too large Load Diff

40
COPYING Normal file
View File

@ -0,0 +1,40 @@
Unless otherwise *explicitly* stated the following text describes the
licensed conditions under which the contents of this Linux-PAM release
may be distributed:
-------------------------------------------------------------------------
Redistribution and use in source and binary forms of Linux-PAM, with
or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain any existing copyright
notice, and this entire permission notice in its entirety,
including the disclaimer of warranties.
2. Redistributions in binary form must reproduce all prior and current
copyright notices, this list of conditions, and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
3. The name of any author may not be used to endorse or promote
products derived from this software without their specific prior
written permission.
ALTERNATIVELY, this product may be distributed under the terms of the
GNU General Public License, in which case the provisions of the GNU
GPL are required INSTEAD OF the above restrictions. (This clause is
necessary due to a potential conflict between the GNU GPL and the
restrictions contained in a BSD-style copyright.)
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
-------------------------------------------------------------------------

1920
ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

5099
ChangeLog-CVS Normal file
View File

File diff suppressed because it is too large Load Diff

40
Copyright Normal file
View File

@ -0,0 +1,40 @@
Unless otherwise *explicitly* stated the following text describes the
licensed conditions under which the contents of this Linux-PAM release
may be distributed:
-------------------------------------------------------------------------
Redistribution and use in source and binary forms of Linux-PAM, with
or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain any existing copyright
notice, and this entire permission notice in its entirety,
including the disclaimer of warranties.
2. Redistributions in binary form must reproduce all prior and current
copyright notices, this list of conditions, and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
3. The name of any author may not be used to endorse or promote
products derived from this software without their specific prior
written permission.
ALTERNATIVELY, this product may be distributed under the terms of the
GNU General Public License, in which case the provisions of the GNU
GPL are required INSTEAD OF the above restrictions. (This clause is
necessary due to a potential conflict between the GNU GPL and the
restrictions contained in a BSD-style copyright.)
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
-------------------------------------------------------------------------

370
INSTALL Normal file
View File

@ -0,0 +1,370 @@
Installation Instructions
*************************
Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without warranty of any kind.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
HP-UX `make' updates targets which have the same time stamps as
their prerequisites, which makes it generally unusable when shipped
generated files such as `configure' are involved. Use GNU `make'
instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf limitation. Until the limitation is lifted, you can use
this workaround:
CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.

24
Make.xml.rules Normal file
View File

@ -0,0 +1,24 @@
#
# Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de>
#
README: README.xml
$(XSLTPROC) --path $(srcdir) --xinclude --stringparam generate.toc "none" --nonet http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $(srcdir)/$@
%.1: %.1.xml
$(XMLLINT) --nonet --xinclude --postvalid --noout $<
$(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
%.3: %.3.xml
$(XMLLINT) --nonet --xinclude --postvalid --noout $<
$(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
%.5: %.5.xml
$(XMLLINT) --nonet --xinclude --postvalid --noout $<
$(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
%.8: %.8.xml
$(XMLLINT) --nonet --xinclude --postvalid --noout $<
$(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
#CLEANFILES += $(man_MANS) README

51
Makefile.am Normal file
View File

@ -0,0 +1,51 @@
#
# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
#
AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 dist-xz check-news
SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
CLEANFILES = *~
EXTRA_DIST = pgp.keys.asc CHANGELOG ChangeLog-CVS Copyright Make.xml.rules
ACLOCAL_AMFLAGS = -I m4
release: dist releasedocs
release-docs: releasedocs
releasedocs:
rm -rf Linux-PAM-$(VERSION)
mkdir -p Linux-PAM-$(VERSION)/doc
make -C doc releasedocs
tar zfc Linux-PAM-$(VERSION)-docs.tar.gz \
Linux-PAM-$(VERSION)/doc
tar jfc Linux-PAM-$(VERSION)-docs.tar.bz2 \
Linux-PAM-$(VERSION)/doc
tar Jfc Linux-PAM-$(VERSION)-docs.tar.xz \
Linux-PAM-$(VERSION)/doc
rm -rf Linux-PAM-$(VERSION)
xtests:
make -C xtests xtests
.PHONY: xtests
gen_changelog_start_date = 2011-10-26
gen-ChangeLog:
if test -d .git; then \
( $(top_srcdir)/gitlog-to-changelog --append-dot \
--since=$(gen_changelog_start_date) && \
echo && echo && \
echo 'See ChangeLog-CVS for earlier changes.' \
) > $(distdir)/ChangeLog.new && \
rm -f $(distdir)/ChangeLog && \
mv $(distdir)/ChangeLog.new $(distdir)/ChangeLog; \
fi
dist-hook: gen-ChangeLog
.PHONY: gen-ChangeLog
export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner --mode=go-w,go+rX

924
Makefile.in Normal file
View File

@ -0,0 +1,924 @@
# Makefile.in generated by automake 1.13.4 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
#
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = .
DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \
$(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/configure $(am__configure_deps) \
$(srcdir)/config.h.in ABOUT-NLS COPYING build-aux/compile \
build-aux/config.guess build-aux/config.rpath \
build-aux/config.sub build-aux/depcomp build-aux/install-sh \
build-aux/missing build-aux/ylwrap build-aux/ltmain.sh \
$(top_srcdir)/build-aux/compile \
$(top_srcdir)/build-aux/config.guess \
$(top_srcdir)/build-aux/config.rpath \
$(top_srcdir)/build-aux/config.sub \
$(top_srcdir)/build-aux/install-sh \
$(top_srcdir)/build-aux/ltmain.sh \
$(top_srcdir)/build-aux/missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/japhar_grep_cflags.m4 \
$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
ctags-recursive dvi-recursive html-recursive info-recursive \
install-data-recursive install-dvi-recursive \
install-exec-recursive install-html-recursive \
install-info-recursive install-pdf-recursive \
install-ps-recursive install-recursive installcheck-recursive \
installdirs-recursive pdf-recursive ps-recursive \
tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
$(RECURSIVE_TARGETS) \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
cscope distdir dist dist-all distcheck
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
$(LISP)config.h.in
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
if test -d "$(distdir)"; then \
find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -rf "$(distdir)" \
|| { sleep 5 && rm -rf "$(distdir)"; }; \
else :; fi
am__post_remove_distdir = $(am__remove_distdir)
am__relativize = \
dir0=`pwd`; \
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
sed_rest='s,^[^/]*/*,,'; \
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
sed_butlast='s,/*[^/]*$$,,'; \
while test -n "$$dir1"; do \
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
if test "$$first" != "."; then \
if test "$$first" = ".."; then \
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
else \
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
if test "$$first2" = "$$first"; then \
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
else \
dir2="../$$dir2"; \
fi; \
dir0="$$dir0"/"$$first"; \
fi; \
fi; \
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
done; \
reldir="$$dir2"
DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.bz2 $(distdir).tar.xz
GZIP_ENV = --best
DIST_TARGETS = dist-xz dist-bzip2 dist-gzip
distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
distcleancheck_listfiles = find . -type f -print
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BROWSER = @BROWSER@
BUILD_CFLAGS = @BUILD_CFLAGS@
BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
BUILD_LDFLAGS = @BUILD_LDFLAGS@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CC_FOR_BUILD = @CC_FOR_BUILD@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FO2PDF = @FO2PDF@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBAUDIT = @LIBAUDIT@
LIBCRACK = @LIBCRACK@
LIBCRYPT = @LIBCRYPT@
LIBDB = @LIBDB@
LIBDL = @LIBDL@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBOBJS = @LIBOBJS@
LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
LIBS = @LIBS@
LIBSELINUX = @LIBSELINUX@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NIS_CFLAGS = @NIS_CFLAGS@
NIS_LIBS = @NIS_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSL_CFLAGS = @NSL_CFLAGS@
NSL_LIBS = @NSL_LIBS@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PIE_CFLAGS = @PIE_CFLAGS@
PIE_LDFLAGS = @PIE_LDFLAGS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POSUB = @POSUB@
RANLIB = @RANLIB@
SCONFIGDIR = @SCONFIGDIR@
SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLCATALOG = @XMLCATALOG@
XMLLINT = @XMLLINT@
XML_CATALOG_FILE = @XML_CATALOG_FILE@
XSLTPROC = @XSLTPROC@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libc_cv_fpie = @libc_cv_fpie@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pam_cv_ld_O1 = @pam_cv_ld_O1@
pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
pam_xauth_path = @pam_xauth_path@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 dist-xz check-news
SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
CLEANFILES = *~
EXTRA_DIST = pgp.keys.asc CHANGELOG ChangeLog-CVS Copyright Make.xml.rules
ACLOCAL_AMFLAGS = -I m4
gen_changelog_start_date = 2011-10-26
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
.SUFFIXES:
am--refresh: Makefile
@:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
$(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
echo ' $(SHELL) ./config.status'; \
$(SHELL) ./config.status;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
$(top_srcdir)/configure: $(am__configure_deps)
$(am__cd) $(srcdir) && $(AUTOCONF)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
$(am__aclocal_m4_deps):
config.h: stamp-h1
@if test ! -f $@; then rm -f stamp-h1; else :; fi
@if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
@rm -f stamp-h1
cd $(top_builddir) && $(SHELL) ./config.status config.h
$(srcdir)/config.h.in: $(am__configure_deps)
($(am__cd) $(top_srcdir) && $(AUTOHEADER))
rm -f stamp-h1
touch $@
distclean-hdr:
-rm -f config.h stamp-h1
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
-rm -f libtool config.lt
# This directory's subdirectories are mostly independent; you can cd
# into them and run 'make' without going through this Makefile.
# To change the values of 'make' variables: instead of editing Makefiles,
# (1) if the variable is set in 'config.status', edit 'config.status'
# (which will cause the Makefiles to be regenerated when you run 'make');
# (2) otherwise, pass the desired values on the 'make' command line.
$(am__recursive_targets):
@fail=; \
if $(am__make_keepgoing); then \
failcom='fail=yes'; \
else \
failcom='exit 1'; \
fi; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-recursive
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
empty_fix=.; \
else \
include_option=--include; \
empty_fix=; \
fi; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-recursive
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscope: cscope.files
test ! -s cscope.files \
|| $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
clean-cscope:
-rm -f cscope.files
cscope.files: clean-cscope cscopelist
cscopelist: cscopelist-recursive
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
distdir: $(DISTFILES)
@case `sed 15q $(srcdir)/NEWS` in \
*"$(VERSION)"*) : ;; \
*) \
echo "NEWS not updated; not releasing" 1>&2; \
exit 1;; \
esac
$(am__remove_distdir)
test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
$(am__make_dryrun) \
|| test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
$(am__relativize); \
new_distdir=$$reldir; \
dir1=$$subdir; dir2="$(top_distdir)"; \
$(am__relativize); \
new_top_distdir=$$reldir; \
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
($(am__cd) $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$$new_top_distdir" \
distdir="$$new_distdir" \
am__remove_distdir=: \
am__skip_length_check=: \
am__skip_mode_fix=: \
distdir) \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$(top_distdir)" distdir="$(distdir)" \
dist-hook
-test -n "$(am__skip_mode_fix)" \
|| find "$(distdir)" -type d ! -perm -755 \
-exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__post_remove_distdir)
dist-bzip2: distdir
tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
$(am__post_remove_distdir)
dist-lzip: distdir
tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
$(am__post_remove_distdir)
dist-xz: distdir
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
dist-tarZ: distdir
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir)
dist-shar: distdir
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__post_remove_distdir)
dist-zip: distdir
-rm -f $(distdir).zip
zip -rq $(distdir).zip $(distdir)
$(am__post_remove_distdir)
dist dist-all:
$(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
$(am__post_remove_distdir)
# This target untars the dist file and tries a VPATH configuration. Then
# it guarantees that the distribution is self-contained by making another
# tarfile.
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \
lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
*.tar.xz*) \
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
chmod -R a-w $(distdir)
chmod u+w $(distdir)
mkdir $(distdir)/_build $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
&& $(MAKE) $(AM_MAKEFLAGS) uninstall \
&& $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
distuninstallcheck \
&& chmod -R a-w "$$dc_install_base" \
&& ({ \
(cd ../.. && umask 077 && mkdir "$$dc_destdir") \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
} || { rm -rf "$$dc_destdir"; exit 1; }) \
&& rm -rf "$$dc_destdir" \
&& $(MAKE) $(AM_MAKEFLAGS) dist \
&& rm -rf $(DIST_ARCHIVES) \
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
&& cd "$$am__cwd" \
|| exit 1
$(am__post_remove_distdir)
@(echo "$(distdir) archives ready for distribution: "; \
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
distuninstallcheck:
@test -n '$(distuninstallcheck_dir)' || { \
echo 'ERROR: trying to run $@ with an empty' \
'$$(distuninstallcheck_dir)' >&2; \
exit 1; \
}; \
$(am__cd) '$(distuninstallcheck_dir)' || { \
echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
exit 1; \
}; \
test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
|| { echo "ERROR: files left after uninstall:" ; \
if test -n "$(DESTDIR)"; then \
echo " (check DESTDIR support)"; \
fi ; \
$(distuninstallcheck_listfiles) ; \
exit 1; } >&2
distcleancheck: distclean
@if test '$(srcdir)' = . ; then \
echo "ERROR: distcleancheck can only run from a VPATH build" ; \
exit 1 ; \
fi
@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
|| { echo "ERROR: files left in build directory after distclean:" ; \
$(distcleancheck_listfiles) ; \
exit 1; } >&2
check-am: all-am
check: check-recursive
all-am: Makefile config.h
installdirs: installdirs-recursive
installdirs-am:
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-hdr \
distclean-libtool distclean-tags
dvi: dvi-recursive
dvi-am:
html: html-recursive
html-am:
info: info-recursive
info-am:
install-data-am:
install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am:
install-html: install-html-recursive
install-html-am:
install-info: install-info-recursive
install-info-am:
install-man:
install-pdf: install-pdf-recursive
install-pdf-am:
install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-recursive
pdf-am:
ps: ps-recursive
ps-am:
uninstall-am:
.MAKE: $(am__recursive_targets) all install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
am--refresh check check-am clean clean-cscope clean-generic \
clean-libtool cscope cscopelist-am ctags ctags-am dist \
dist-all dist-bzip2 dist-gzip dist-hook dist-lzip dist-shar \
dist-tarZ dist-xz dist-zip distcheck distclean \
distclean-generic distclean-hdr distclean-libtool \
distclean-tags distcleancheck distdir distuninstallcheck dvi \
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs installdirs-am \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
release: dist releasedocs
release-docs: releasedocs
releasedocs:
rm -rf Linux-PAM-$(VERSION)
mkdir -p Linux-PAM-$(VERSION)/doc
make -C doc releasedocs
tar zfc Linux-PAM-$(VERSION)-docs.tar.gz \
Linux-PAM-$(VERSION)/doc
tar jfc Linux-PAM-$(VERSION)-docs.tar.bz2 \
Linux-PAM-$(VERSION)/doc
tar Jfc Linux-PAM-$(VERSION)-docs.tar.xz \
Linux-PAM-$(VERSION)/doc
rm -rf Linux-PAM-$(VERSION)
xtests:
make -C xtests xtests
.PHONY: xtests
gen-ChangeLog:
if test -d .git; then \
( $(top_srcdir)/gitlog-to-changelog --append-dot \
--since=$(gen_changelog_start_date) && \
echo && echo && \
echo 'See ChangeLog-CVS for earlier changes.' \
) > $(distdir)/ChangeLog.new && \
rm -f $(distdir)/ChangeLog && \
mv $(distdir)/ChangeLog.new $(distdir)/ChangeLog; \
fi
dist-hook: gen-ChangeLog
.PHONY: gen-ChangeLog
export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner --mode=go-w,go+rX
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

343
NEWS Normal file
View File

@ -0,0 +1,343 @@
Linux-PAM NEWS -- history of user-visible changes.
Release 1.3.1
* pam_motd: add support for a motd.d directory
* pam_umask: Fix documentation to align with order of loading umask
* pam_get_user.3: Fix missing word in documentation
* pam_tally2 --reset: avoid creating a missing tallylog file
* pam_mkhomedir: Allow creating parent of homedir under /
* access.conf.5: Add note about spaces around ':'
* pam.8: Workaround formatting problem
* pam_unix: Check return value of malloc used for setcred data
* pam_cracklib: Drop unused prompt macros
* pam_tty_audit: Support matching users by uid range
* pam_access: support parsing files in /etc/security/access.d/*.conf
* pam_localuser: Correct documentation
* pam_issue: Fix no prompting in parse escape codes mode
* Unification and cleanup of syslog log levels
Release 1.3.0
* Remove of static modules support
* pam_unix: pass_not_set was removed
* Lot of documentation fixes
* Use TI-RPC function calls if we build against libtirpc
* Add support for new, IPv6 enabled libnsl
* Lot of bug fixes
* Use fedora.zanata.org for translations
Release 1.2.1
* Fix CVE-2015-3238, affected PAM modules are pam_unix and pam_exec
Release 1.2.0
* Update documentation
* Update translations
* pam_unix: add quiet option
* libpam: support alternative configuration files in /usr/lib/pam.d
as fallback
* pam_env: add support for @{HOME} and @{SHELL}
* libpam: add grantor field to audit records
* libpam: Introduce pam_modutil_sanitize_helper_fds
Release 1.1.8
* pam_unix: bug fix for compiling with SELinux, fix crash at login time
Release 1.1.7
* Update translations
* pam_exec: add stdout and type= options
* pam_tty_audit: add options to control logging of passwords
* pam_unix: Read defaults from /etc/login.defs
* pam_userdb: Allow modern password hashes
* pam_selinux/pam_tally2: Add tty and rhost to audit data
* Lot of docu and code fixes
Release 1.1.6
* Update translations
* pam_cracklib: Add more checks for weak passwords
* pam_lastlog: Never lock out root
* Lot of bug fixes and smaller enhancements
Release 1.1.5
* pam_env: Fix CVE-2011-3148 and CVE-2011-3149
* pam_access: Add hostname resolution cache
* Documentation: Improvements/fixes
Release 1.1.4
* Add vietnamese translation
* pam_namepace: Add new functionality
* pam_securetty: Honour console= kernel option, add noconsole option
* pam_limits: Add %group syntax, drop change_uid option, add set_all option
* Lot of small bug fixes
* Lot of compiler warnings fixed
* Add support for libtirpc
Release 1.1.3
* pam_namespace: Clean environment for childs (CVE-2010-3853)
* libpam: New interface to drop/regain privilegs
* Drop root privilegs in pam_env, pam_mail and pam_xauth before
accessing user files (CVE-2010-3430, CVE-2010-3431)
* pam_unix: Add minlen option, change default from 6 to 0
* Documentation improvements
* Lot of small bug fixes
Release 1.1.2
* pam_unix: Add minlen= option
* pam_group: Add support for UNIX groups beside netgroups
* pam_tally: Document that it is deprecated
* pam_rootok: Add support for chauthtok and acct_mgmt
* Update translations
Release 1.1.1
* Update translations
* pam_access: Revert netgroup match to original behavior, add new
syntax for adding the local hostname to netgroup match
* libpam: Add new functions pam_get_authtok_noverify() and
pam_get_authtok_verify()
* Add sepermit.conf.5 manual page
* Lot of bug fixes
Release 1.1.0
* Update translations
* Documentation updates and fixes
Release 1.0.92
* Update translations
* pam_succeed_if: Use provided username
* pam_mkhomedir: Fix handling of options
Release 1.0.91
* Fixed CVE-2009-0579 (minimum days limit on password change is ignored).
* Fix libpam internal config/argument parser
* Add optional file locking to pam_tally2
* Update translations
* pam_access improvements
* Changes in the behavior of the password stack. Results of PRELIM_CHECK
are not used for the final run.
Release 1.0.90
* Supply hostname of the machine to netgroup match call in pam_access
* Make pam_namespace to work safe on child directories of parent directories
owned by users
* Redefine LOCAL keyword of pam_access configuration file
* Add support for try_first_pass and use_first_pass to pam_cracklib
* Print informative messages for rejected login and add silent and
no_log_info options to pam_tally
* Add support for passing PAM_AUTHTOK to stdin of helpers from pam_exec
* New password quality tests in pam_cracklib
* New options for pam_lastlog to show last failed login attempt and
to disable lastlog update
* New pam_pwhistory module to store last used passwords
* New pam_tally2 module similar to pam_tally with wordsize independent
tally data format
* Make libpam not log missing module if its type is prepended with '-'
* New pam_timestamp module for authentication based on recent successful
login.
* Add blowfish support to pam_unix.
* Add support for user specific environment file to pam_env.
* Add pam_get_authtok to libpam as Linux-PAM extension.
* Rename type option of pam_cracklib to authtok_type.
Release 1.0.3
* Small bug fix release
Release 1.0.2
* Regression fixed in pam_selinux
* Problem with big UIDs fixed in pam_loginuid
Release 1.0.1
* Regression fixed in pam_set_item()
Release 1.0.0
* Small bug fixes
* Translation updates
Release 0.99.10.0
* New substack directive in config file syntax.
* New module pam_tty_audit.so for enabling and disabling tty
auditing.
* New PAM items PAM_XDISPLAY and PAM_XAUTHDATA.
* Auditing login denials based by origin (pam_access), time (pam_time),
and number of sessions (pam_limits) to the Linux audit subsystem.
* Support sha256 and sha512 algorithms in pam_unix when they are supported
by crypt().
* New pam_sepermit.so module for allowing/rejecting access based on
SELinux mode.
* Improved functionality of pam_namespace.so module (method flags,
namespace.d configuration directory, new options).
* Finaly removed deprecated pam_rhosts_auth module.
Release 0.99.9.0
* misc_conv no longer blocks SIGINT; applications that don't want
user-interruptable prompts should block SIGINT themselves
* Merge fixes from Debian
* Fix parser for pam_group and pam_time
Release 0.99.8.1
* Fix a regression in audit code introduced with last release
* Fix compiling with --disable-nls
Release 0.99.8.0
* Add translations for ar, ca, da, ru, sv and zu.
* Update hungarian translation.
* Add support for limits.d directory to pam_limits.
* Improve pam_namespace module tobe more useful
for MLS, fixed crash with bad config files.
* Improve pam_selinux module to be more useful
for MLS.
* Add minclass option to pam_cracklib
* Add new group syntax to pam_access
Release 0.99.7.1
* Security fix for pam_unix.so (CVE-2007-0003).
Release 0.99.7.0
* Add manual page for pam_unix.so.
* Add pam_faildelay module to set pam_fail_delay() value.
* Fix possible seg.fault in libpam/pam_set_data().
* Cleanup of configure options.
* Update hungarian translation, fix german translation.
Release 0.99.6.3
* pam_loginuid: New PAM module.
* pam_access, pam_succeed_if: Support passwd and session services.
Release 0.99.6.2
* pam_lastlog: Don't refuse login if lastlog file got lost.
* pam_cracklib: Fix a user triggerable crash.
* documentation: Regenerate with fixed docbook stylesheet.
Release 0.99.6.1
* Fix bootstrapping problems.
* Bug fixes: pam_keyinit, pam_umask
Release 0.99.6.0
* pam_namespace: Code cleanup, add init script to tar archive.
* pam_succeed_if: Add support for service match.
* Add xtests (to run after installation).
* Documentation: Convert sgml guides to XML, unify documentation
for PAM functions and modules.
Release 0.99.5.0
* pam_tally: Fix support for large UIDs
* Fixed all problems found by Coverity
* Add support for Intel C Compiler
* Add manual page for pam_mkhomedir, pam_umask, pam_filter,
pam_issue, pam_ftp, pam_group, pam_lastlog, pam_listfile,
pam_localuser, pam_mail, pam_motd, pam_nologin, pam_permit,
pam_rootok, pam_securetty, pam_shells, pam_userdb, pam_warn,
pam_time, pam_limits, pam_debug, pam_tally
* The libpam memory debug code was removed
* pam_keyinit: New module to initialise kernel session keyring.
* pam_namespace: New module to configure private namespace for a session.
* pam_rhosts: New module which replaces pam_rhosts_auth, now IPv6 capable.
* pam_rhosts_auth: This module is now deprecated.
Release 0.99.4.0
* Add test suite
* Fix building of static variants of libpam, libpamc and libpam_misc
* pam_listfile: Add support for password and session management
* pam_exec: New PAM module to execute arbitary commands
* Fix building of a static libpam including all PAM modules
* New/updated translations for: nl, pt, pl, fi, km, tr, uk, fr
* pam_access: Add network(address) / netmask and IPv6 support
* Add manual pages for pam_cracklib, pam_deny and pam_access
* pam_pwdb: This deprecated module was removed
* Manual pages: Major rewrite/cleanup
Release 0.99.3.0
* Fix NULL pointer checks in libpam.so
* pam_succeed_if, pam_group, pam_time: Support netgroup matching
* New translations for: nb, hu, fi, de, es, fr, it, ja, pt_BR, zh_CN, zh_TW
* Audit PAM calls if Linux Audit is available
* Compile upperLOWER and unix_chkpwd as PIE binaries
Release 0.99.2.1
* Fix install of PS, PDF, TXT and HTML files
* pam_mail: Update README
* Use %m consistent
* pam_modutil_getlogin: Fix parsing of PAM_TTY variable
Release 0.99.2.0
* Fix parsing of full path tty name in various modules
* pam_xauth: Look for xauth executable in multiple places
* pam_unix: Disable user check in unix_chkpwd only if real uid
is 0 (CVE-2005-2977). Log failed password check attempt.
* pam_env: Support /etc/environment again, but don't treat it as
error if it is missing.
* pam_userdb: Fix memory leak.
Release 0.99.1.0
* Use autoconf/automake/libtool
* Add gettext support
* Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR,
pt, zh_CN and zh_TW
* libpam: Remove pam_authenticate_secondary stub
* libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info
and pam_vinfo functions for use by modules as extension
* libpam: Add pam_syslog function for unified syslog messages from
PAM modules
* libpam: Moved functions from pammodutil to libpam
* pam_umask: New module for setting umask from GECOS field, /etc/login.defs
or /etc/default/login
* pam_echo: New PAM module for message output
* pam_userdb: Fix regression (crash when crypt param not specified)
* pam_limits: Fix regression from RLIMIT_NICE support (wrong limit
values for other limits are applied)
* pam_access: Support for NULL tty - matches ALL and NONE keywords
* pam_lastlog: Enable log to wtmp by default. Add "nowtmp" option
* pam_radius: This module was removed

61
README Normal file
View File

@ -0,0 +1,61 @@
Hello!
Thanks for downloading Linux-PAM.
NOTES:
How to use it is as follows:
./configure --help | less
./configure <your-options>
make
To make sure everything was compiled correct, run:
make check
If a test fails, you should not continue to install this build.
These tests require a suitable file /etc/pam.d/other; if necessary,
create such a file containing, e.g., these five lines (not indented)
#%PAM-1.0
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Note, if you are worried - don't even think about doing the next line
(most Linux distributions already support PAM out of the box, so if
something goes wrong with installing the code from this version your
box may stop working..)
make install
That said, please report problems to the bug reporting database
on sourceforge.net.
You can run additional checks after installing by executing
make xtests
as root.
WARNING: Running "make xtests" can overwrite configuration data
or make the system insecure/unfunctional for a short time!
Backup all important data before!
If you do not wish to make the modules dynamically loadable, but
build a static libpam including all PAM modules, you have to call:
./configure --enable-static-modules --disable-pie
To run the build checks with static modules, you need to run the
following command: make -C test check && make check
To regenerate manual pages from the XML source files you need the
docbook-xsl stylesheets in version 1.69.1 or newer, older versions had
a bug which generates a broken layout.

1323
aclocal.m4 vendored Normal file
View File

File diff suppressed because it is too large Load Diff

347
build-aux/compile Executable file
View File

@ -0,0 +1,347 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2012-10-14.11; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
nl='
'
# We need space, tab and new line, in precisely that order. Quoting is
# there to prevent tools from complaining about whitespace usage.
IFS=" "" $nl"
file_conv=
# func_file_conv build_file lazy
# Convert a $build file to $host form and store it in $file
# Currently only supports Windows hosts. If the determined conversion
# type is listed in (the comma separated) LAZY, no conversion will
# take place.
func_file_conv ()
{
file=$1
case $file in
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
CYGWIN*)
file_conv=cygwin
;;
*)
file_conv=wine
;;
esac
fi
case $file_conv/,$2, in
*,$file_conv,*)
;;
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
file=`winepath -w "$file" || echo "$file"`
;;
esac
;;
esac
}
# func_cl_dashL linkdir
# Make cl look for libraries in LINKDIR
func_cl_dashL ()
{
func_file_conv "$1"
if test -z "$lib_path"; then
lib_path=$file
else
lib_path="$lib_path;$file"
fi
linker_opts="$linker_opts -LIBPATH:$file"
}
# func_cl_dashl library
# Do a library search-path lookup for cl
func_cl_dashl ()
{
lib=$1
found=no
save_IFS=$IFS
IFS=';'
for dir in $lib_path $LIB
do
IFS=$save_IFS
if $shared && test -f "$dir/$lib.dll.lib"; then
found=yes
lib=$dir/$lib.dll.lib
break
fi
if test -f "$dir/$lib.lib"; then
found=yes
lib=$dir/$lib.lib
break
fi
if test -f "$dir/lib$lib.a"; then
found=yes
lib=$dir/lib$lib.a
break
fi
done
IFS=$save_IFS
if test "$found" != yes; then
lib=$lib.lib
fi
}
# func_cl_wrapper cl arg...
# Adjust compile command to suit cl
func_cl_wrapper ()
{
# Assume a capable shell
lib_path=
shared=:
linker_opts=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
eat=1
case $2 in
*.o | *.[oO][bB][jJ])
func_file_conv "$2"
set x "$@" -Fo"$file"
shift
;;
*)
func_file_conv "$2"
set x "$@" -Fe"$file"
shift
;;
esac
;;
-I)
eat=1
func_file_conv "$2" mingw
set x "$@" -I"$file"
shift
;;
-I*)
func_file_conv "${1#-I}" mingw
set x "$@" -I"$file"
shift
;;
-l)
eat=1
func_cl_dashl "$2"
set x "$@" "$lib"
shift
;;
-l*)
func_cl_dashl "${1#-l}"
set x "$@" "$lib"
shift
;;
-L)
eat=1
func_cl_dashL "$2"
;;
-L*)
func_cl_dashL "${1#-L}"
;;
-static)
shared=false
;;
-Wl,*)
arg=${1#-Wl,}
save_ifs="$IFS"; IFS=','
for flag in $arg; do
IFS="$save_ifs"
linker_opts="$linker_opts $flag"
done
IFS="$save_ifs"
;;
-Xlinker)
eat=1
linker_opts="$linker_opts $2"
;;
-*)
set x "$@" "$1"
shift
;;
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
func_file_conv "$1"
set x "$@" -Tp"$file"
shift
;;
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
func_file_conv "$1" mingw
set x "$@" "$file"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -n "$linker_opts"; then
linker_opts="-link$linker_opts"
fi
exec "$@" $linker_opts
exit 1
}
eat=
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
Wrapper for compilers which do not understand '-c -o'.
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
ofile=
cfile=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
# So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
ofile=$2
;;
*)
set x "$@" -o "$2"
shift
;;
esac
;;
*.c)
cfile=$1
set x "$@" "$1"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -z "$ofile" || test -z "$cfile"; then
# If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
# '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
# Name of file we expect compiler to create.
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
while true; do
if mkdir "$lockdir" >/dev/null 2>&1; then
break
fi
sleep 1
done
# FIXME: race condition here if user kills between mkdir and trap.
trap "rmdir '$lockdir'; exit 1" 1 2 15
# Run the compile.
"$@"
ret=$?
if test -f "$cofile"; then
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

1568
build-aux/config.guess vendored Executable file
View File

File diff suppressed because it is too large Load Diff

690
build-aux/config.rpath Executable file
View File

@ -0,0 +1,690 @@
#! /bin/sh
# Output a system dependent set of variables, describing how to set the
# run time search path of shared libraries in an executable.
#
# Copyright 1996-2013 Free Software Foundation, Inc.
# Taken from GNU libtool, 2001
# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
#
# This file is free software; the Free Software Foundation gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# The first argument passed to this file is the canonical host specification,
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
# or
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld
# should be set by the caller.
#
# The set of defined variables is at the end of this script.
# Known limitations:
# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer
# than 256 bytes, otherwise the compiler driver will dump core. The only
# known workaround is to choose shorter directory names for the build
# directory and/or the installation directory.
# All known linkers require a '.a' archive for static linking (except MSVC,
# which needs '.lib').
libext=a
shrext=.so
host="$1"
host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
# Code taken from libtool.m4's _LT_CC_BASENAME.
for cc_temp in $CC""; do
case $cc_temp in
compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
\-*) ;;
*) break;;
esac
done
cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'`
# Code taken from libtool.m4's _LT_COMPILER_PIC.
wl=
if test "$GCC" = yes; then
wl='-Wl,'
else
case "$host_os" in
aix*)
wl='-Wl,'
;;
mingw* | cygwin* | pw32* | os2* | cegcc*)
;;
hpux9* | hpux10* | hpux11*)
wl='-Wl,'
;;
irix5* | irix6* | nonstopux*)
wl='-Wl,'
;;
linux* | k*bsd*-gnu | kopensolaris*-gnu)
case $cc_basename in
ecc*)
wl='-Wl,'
;;
icc* | ifort*)
wl='-Wl,'
;;
lf95*)
wl='-Wl,'
;;
nagfor*)
wl='-Wl,-Wl,,'
;;
pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
wl='-Wl,'
;;
ccc*)
wl='-Wl,'
;;
xl* | bgxl* | bgf* | mpixl*)
wl='-Wl,'
;;
como)
wl='-lopt='
;;
*)
case `$CC -V 2>&1 | sed 5q` in
*Sun\ F* | *Sun*Fortran*)
wl=
;;
*Sun\ C*)
wl='-Wl,'
;;
esac
;;
esac
;;
newsos6)
;;
*nto* | *qnx*)
;;
osf3* | osf4* | osf5*)
wl='-Wl,'
;;
rdos*)
;;
solaris*)
case $cc_basename in
f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
wl='-Qoption ld '
;;
*)
wl='-Wl,'
;;
esac
;;
sunos4*)
wl='-Qoption ld '
;;
sysv4 | sysv4.2uw2* | sysv4.3*)
wl='-Wl,'
;;
sysv4*MP*)
;;
sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
wl='-Wl,'
;;
unicos*)
wl='-Wl,'
;;
uts4*)
;;
esac
fi
# Code taken from libtool.m4's _LT_LINKER_SHLIBS.
hardcode_libdir_flag_spec=
hardcode_libdir_separator=
hardcode_direct=no
hardcode_minus_L=no
case "$host_os" in
cygwin* | mingw* | pw32* | cegcc*)
# FIXME: the MSVC++ port hasn't been tested in a loooong time
# When not using gcc, we currently assume that we are using
# Microsoft Visual C++.
if test "$GCC" != yes; then
with_gnu_ld=no
fi
;;
interix*)
# we just hope/assume this is gcc and not c89 (= MSVC++)
with_gnu_ld=yes
;;
openbsd*)
with_gnu_ld=no
;;
esac
ld_shlibs=yes
if test "$with_gnu_ld" = yes; then
# Set some defaults for GNU ld with shared library support. These
# are reset later if shared libraries are not supported. Putting them
# here allows them to be overridden if necessary.
# Unlike libtool, we use -rpath here, not --rpath, since the documented
# option of GNU ld is called -rpath, not --rpath.
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
case "$host_os" in
aix[3-9]*)
# On AIX/PPC, the GNU linker is very broken
if test "$host_cpu" != ia64; then
ld_shlibs=no
fi
;;
amigaos*)
case "$host_cpu" in
powerpc)
;;
m68k)
hardcode_libdir_flag_spec='-L$libdir'
hardcode_minus_L=yes
;;
esac
;;
beos*)
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
:
else
ld_shlibs=no
fi
;;
cygwin* | mingw* | pw32* | cegcc*)
# hardcode_libdir_flag_spec is actually meaningless, as there is
# no search path for DLLs.
hardcode_libdir_flag_spec='-L$libdir'
if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
:
else
ld_shlibs=no
fi
;;
haiku*)
;;
interix[3-9]*)
hardcode_direct=no
hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
;;
gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
:
else
ld_shlibs=no
fi
;;
netbsd*)
;;
solaris*)
if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
ld_shlibs=no
elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
:
else
ld_shlibs=no
fi
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
case `$LD -v 2>&1` in
*\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
ld_shlibs=no
;;
*)
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
else
ld_shlibs=no
fi
;;
esac
;;
sunos4*)
hardcode_direct=yes
;;
*)
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
:
else
ld_shlibs=no
fi
;;
esac
if test "$ld_shlibs" = no; then
hardcode_libdir_flag_spec=
fi
else
case "$host_os" in
aix3*)
# Note: this linker hardcodes the directories in LIBPATH if there
# are no directories specified by -L.
hardcode_minus_L=yes
if test "$GCC" = yes; then
# Neither direct hardcoding nor static linking is supported with a
# broken collect2.
hardcode_direct=unsupported
fi
;;
aix[4-9]*)
if test "$host_cpu" = ia64; then
# On IA64, the linker does run time linking by default, so we don't
# have to do anything special.
aix_use_runtimelinking=no
else
aix_use_runtimelinking=no
# Test if we are trying to use run time linking or normal
# AIX style linking. If -brtl is somewhere in LDFLAGS, we
# need to do runtime linking.
case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
for ld_flag in $LDFLAGS; do
if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
aix_use_runtimelinking=yes
break
fi
done
;;
esac
fi
hardcode_direct=yes
hardcode_libdir_separator=':'
if test "$GCC" = yes; then
case $host_os in aix4.[012]|aix4.[012].*)
collect2name=`${CC} -print-prog-name=collect2`
if test -f "$collect2name" && \
strings "$collect2name" | grep resolve_lib_name >/dev/null
then
# We have reworked collect2
:
else
# We have old collect2
hardcode_direct=unsupported
hardcode_minus_L=yes
hardcode_libdir_flag_spec='-L$libdir'
hardcode_libdir_separator=
fi
;;
esac
fi
# Begin _LT_AC_SYS_LIBPATH_AIX.
echo 'int main () { return 0; }' > conftest.c
${CC} ${LDFLAGS} conftest.c -o conftest
aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
}'`
if test -z "$aix_libpath"; then
aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
}'`
fi
if test -z "$aix_libpath"; then
aix_libpath="/usr/lib:/lib"
fi
rm -f conftest.c conftest
# End _LT_AC_SYS_LIBPATH_AIX.
if test "$aix_use_runtimelinking" = yes; then
hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
else
if test "$host_cpu" = ia64; then
hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
else
hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
fi
fi
;;
amigaos*)
case "$host_cpu" in
powerpc)
;;
m68k)
hardcode_libdir_flag_spec='-L$libdir'
hardcode_minus_L=yes
;;
esac
;;
bsdi[45]*)
;;
cygwin* | mingw* | pw32* | cegcc*)
# When not using gcc, we currently assume that we are using
# Microsoft Visual C++.
# hardcode_libdir_flag_spec is actually meaningless, as there is
# no search path for DLLs.
hardcode_libdir_flag_spec=' '
libext=lib
;;
darwin* | rhapsody*)
hardcode_direct=no
if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then
:
else
ld_shlibs=no
fi
;;
dgux*)
hardcode_libdir_flag_spec='-L$libdir'
;;
freebsd2.2*)
hardcode_libdir_flag_spec='-R$libdir'
hardcode_direct=yes
;;
freebsd2*)
hardcode_direct=yes
hardcode_minus_L=yes
;;
freebsd* | dragonfly*)
hardcode_libdir_flag_spec='-R$libdir'
hardcode_direct=yes
;;
hpux9*)
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
hardcode_libdir_separator=:
hardcode_direct=yes
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
hardcode_minus_L=yes
;;
hpux10*)
if test "$with_gnu_ld" = no; then
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
hardcode_libdir_separator=:
hardcode_direct=yes
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
hardcode_minus_L=yes
fi
;;
hpux11*)
if test "$with_gnu_ld" = no; then
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
hardcode_libdir_separator=:
case $host_cpu in
hppa*64*|ia64*)
hardcode_direct=no
;;
*)
hardcode_direct=yes
# hardcode_minus_L: Not really in the search PATH,
# but as the default location of the library.
hardcode_minus_L=yes
;;
esac
fi
;;
irix5* | irix6* | nonstopux*)
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
hardcode_libdir_separator=:
;;
netbsd*)
hardcode_libdir_flag_spec='-R$libdir'
hardcode_direct=yes
;;
newsos6)
hardcode_direct=yes
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
hardcode_libdir_separator=:
;;
*nto* | *qnx*)
;;
openbsd*)
if test -f /usr/libexec/ld.so; then
hardcode_direct=yes
if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
else
case "$host_os" in
openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
hardcode_libdir_flag_spec='-R$libdir'
;;
*)
hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
;;
esac
fi
else
ld_shlibs=no
fi
;;
os2*)
hardcode_libdir_flag_spec='-L$libdir'
hardcode_minus_L=yes
;;
osf3*)
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
hardcode_libdir_separator=:
;;
osf4* | osf5*)
if test "$GCC" = yes; then
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
else
# Both cc and cxx compiler support -rpath directly
hardcode_libdir_flag_spec='-rpath $libdir'
fi
hardcode_libdir_separator=:
;;
solaris*)
hardcode_libdir_flag_spec='-R$libdir'
;;
sunos4*)
hardcode_libdir_flag_spec='-L$libdir'
hardcode_direct=yes
hardcode_minus_L=yes
;;
sysv4)
case $host_vendor in
sni)
hardcode_direct=yes # is this really true???
;;
siemens)
hardcode_direct=no
;;
motorola)
hardcode_direct=no #Motorola manual says yes, but my tests say they lie
;;
esac
;;
sysv4.3*)
;;
sysv4*MP*)
if test -d /usr/nec; then
ld_shlibs=yes
fi
;;
sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
;;
sysv5* | sco3.2v5* | sco5v6*)
hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
hardcode_libdir_separator=':'
;;
uts4*)
hardcode_libdir_flag_spec='-L$libdir'
;;
*)
ld_shlibs=no
;;
esac
fi
# Check dynamic linker characteristics
# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER.
# Unlike libtool.m4, here we don't care about _all_ names of the library, but
# only about the one the linker finds when passed -lNAME. This is the last
# element of library_names_spec in libtool.m4, or possibly two of them if the
# linker has special search rules.
library_names_spec= # the last element of library_names_spec in libtool.m4
libname_spec='lib$name'
case "$host_os" in
aix3*)
library_names_spec='$libname.a'
;;
aix[4-9]*)
library_names_spec='$libname$shrext'
;;
amigaos*)
case "$host_cpu" in
powerpc*)
library_names_spec='$libname$shrext' ;;
m68k)
library_names_spec='$libname.a' ;;
esac
;;
beos*)
library_names_spec='$libname$shrext'
;;
bsdi[45]*)
library_names_spec='$libname$shrext'
;;
cygwin* | mingw* | pw32* | cegcc*)
shrext=.dll
library_names_spec='$libname.dll.a $libname.lib'
;;
darwin* | rhapsody*)
shrext=.dylib
library_names_spec='$libname$shrext'
;;
dgux*)
library_names_spec='$libname$shrext'
;;
freebsd* | dragonfly*)
case "$host_os" in
freebsd[123]*)
library_names_spec='$libname$shrext$versuffix' ;;
*)
library_names_spec='$libname$shrext' ;;
esac
;;
gnu*)
library_names_spec='$libname$shrext'
;;
haiku*)
library_names_spec='$libname$shrext'
;;
hpux9* | hpux10* | hpux11*)
case $host_cpu in
ia64*)
shrext=.so
;;
hppa*64*)
shrext=.sl
;;
*)
shrext=.sl
;;
esac
library_names_spec='$libname$shrext'
;;
interix[3-9]*)
library_names_spec='$libname$shrext'
;;
irix5* | irix6* | nonstopux*)
library_names_spec='$libname$shrext'
case "$host_os" in
irix5* | nonstopux*)
libsuff= shlibsuff=
;;
*)
case $LD in
*-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;;
*-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;;
*-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;;
*) libsuff= shlibsuff= ;;
esac
;;
esac
;;
linux*oldld* | linux*aout* | linux*coff*)
;;
linux* | k*bsd*-gnu | kopensolaris*-gnu)
library_names_spec='$libname$shrext'
;;
knetbsd*-gnu)
library_names_spec='$libname$shrext'
;;
netbsd*)
library_names_spec='$libname$shrext'
;;
newsos6)
library_names_spec='$libname$shrext'
;;
*nto* | *qnx*)
library_names_spec='$libname$shrext'
;;
openbsd*)
library_names_spec='$libname$shrext$versuffix'
;;
os2*)
libname_spec='$name'
shrext=.dll
library_names_spec='$libname.a'
;;
osf3* | osf4* | osf5*)
library_names_spec='$libname$shrext'
;;
rdos*)
;;
solaris*)
library_names_spec='$libname$shrext'
;;
sunos4*)
library_names_spec='$libname$shrext$versuffix'
;;
sysv4 | sysv4.3*)
library_names_spec='$libname$shrext'
;;
sysv4*MP*)
library_names_spec='$libname$shrext'
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
library_names_spec='$libname$shrext'
;;
tpf*)
library_names_spec='$libname$shrext'
;;
uts4*)
library_names_spec='$libname$shrext'
;;
esac
sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
# How to pass a linker flag through the compiler.
wl="$escaped_wl"
# Static library suffix (normally "a").
libext="$libext"
# Shared library suffix (normally "so").
shlibext="$shlibext"
# Format of library name prefix.
libname_spec="$escaped_libname_spec"
# Library names that the linker finds when passed -lNAME.
library_names_spec="$escaped_library_names_spec"
# Flag to hardcode \$libdir into a binary during linking.
# This must work even if \$libdir does not exist.
hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
# Whether we need a single -rpath flag with a separated argument.
hardcode_libdir_separator="$hardcode_libdir_separator"
# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
# resulting binary.
hardcode_direct="$hardcode_direct"
# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
# resulting binary.
hardcode_minus_L="$hardcode_minus_L"
EOF

1788
build-aux/config.sub vendored Executable file
View File

File diff suppressed because it is too large Load Diff

791
build-aux/depcomp Executable file
View File

@ -0,0 +1,791 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2013-05-30.07; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: depcomp [--help] [--version] PROGRAM [ARGS]
Run PROGRAMS ARGS to compile a file, generating dependencies
as side-effects.
Environment variables:
depmode Dependency tracking mode.
source Source file read by 'PROGRAMS ARGS'.
object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
tmpdepfile Temporary file to use when outputting dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "depcomp $scriptversion"
exit $?
;;
esac
# Get the directory component of the given path, and save it in the
# global variables '$dir'. Note that this directory component will
# be either empty or ending with a '/' character. This is deliberate.
set_dir_from ()
{
case $1 in
*/*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
*) dir=;;
esac
}
# Get the suffix-stripped basename of the given path, and save it the
# global variable '$base'.
set_base_from ()
{
base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
}
# If no dependency file was actually created by the compiler invocation,
# we still have to create a dummy depfile, to avoid errors with the
# Makefile "include basename.Plo" scheme.
make_dummy_depfile ()
{
echo "#dummy" > "$depfile"
}
# Factor out some common post-processing of the generated depfile.
# Requires the auxiliary global variable '$tmpdepfile' to be set.
aix_post_process_depfile ()
{
# If the compiler actually managed to produce a dependency file,
# post-process it.
if test -f "$tmpdepfile"; then
# Each line is of the form 'foo.o: dependency.h'.
# Do two passes, one to just change these to
# $object: dependency.h
# and one to simply output
# dependency.h:
# which is needed to avoid the deleted-header problem.
{ sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
} > "$depfile"
rm -f "$tmpdepfile"
else
make_dummy_depfile
fi
}
# A tabulation character.
tab=' '
# A newline character.
nl='
'
# Character ranges might be problematic outside the C locale.
# These definitions help.
upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
lower=abcdefghijklmnopqrstuvwxyz
digits=0123456789
alpha=${upper}${lower}
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
fi
# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
depfile=${depfile-`echo "$object" |
sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
rm -f "$tmpdepfile"
# Avoid interferences from the environment.
gccflag= dashmflag=
# Some modes work just like other modes, but use different flags. We
# parameterize here, but still list the modes in the big case below,
# to make depend.m4 easier to write. Note that we *cannot* use a case
# here, because this file can only contain one case statement.
if test "$depmode" = hp; then
# HP compiler uses -M and no extra arg.
gccflag=-M
depmode=gcc
fi
if test "$depmode" = dashXmstdout; then
# This is just like dashmstdout with a different argument.
dashmflag=-xM
depmode=dashmstdout
fi
cygpath_u="cygpath -u -f -"
if test "$depmode" = msvcmsys; then
# This is just like msvisualcpp but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvisualcpp
fi
if test "$depmode" = msvc7msys; then
# This is just like msvc7 but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvc7
fi
if test "$depmode" = xlc; then
# IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
gccflag=-qmakedep=gcc,-MF
depmode=gcc
fi
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
## we want. Yay! Note: for some reason libtool 1.4 doesn't like
## it if -MD -MP comes after the -MF stuff. Hmm.
## Unfortunately, FreeBSD c89 acceptance of flags depends upon
## the command line argument order; so add the flags where they
## appear in depend2.am. Note that the slowdown incurred here
## affects only configure: in makefiles, %FASTDEP% shortcuts this.
for arg
do
case $arg in
-c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
*) set fnord "$@" "$arg" ;;
esac
shift # fnord
shift # $arg
done
"$@"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
mv "$tmpdepfile" "$depfile"
;;
gcc)
## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
## (see the conditional assignment to $gccflag above).
## There are various ways to get dependency output from gcc. Here's
## why we pick this rather obscure method:
## - Don't want to use -MD because we'd like the dependencies to end
## up in a subdir. Having to rename by hand is ugly.
## (We might end up doing this anyway to support other compilers.)
## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
## -MM, not -M (despite what the docs say). Also, it might not be
## supported by the other compilers which use the 'gcc' depmode.
## - Using -M directly means running the compiler twice (even worse
## than renaming).
if test -z "$gccflag"; then
gccflag=-MD,
fi
"$@" -Wp,"$gccflag$tmpdepfile"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
# The second -e expression handles DOS-style file names with drive
# letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
## well. hp depmode also adds that space, but also prefixes the VPATH
## to the object. Take care to not repeat it in the output.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
sgi)
if test "$libtool" = yes; then
"$@" "-Wp,-MDupdate,$tmpdepfile"
else
"$@" -MDupdate "$tmpdepfile"
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
echo "$object : \\" > "$depfile"
# Clip off the initial element (the dependent). Don't try to be
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
# the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
| tr "$nl" ' ' >> "$depfile"
echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> "$depfile"
else
make_dummy_depfile
fi
rm -f "$tmpdepfile"
;;
xlc)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
# current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.u
tmpdepfile2=$base.u
tmpdepfile3=$dir.libs/$base.u
"$@" -Wc,-M
else
tmpdepfile1=$dir$base.u
tmpdepfile2=$dir$base.u
tmpdepfile3=$dir$base.u
"$@" -M
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
aix_post_process_depfile
;;
tcc)
# tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
# FIXME: That version still under development at the moment of writing.
# Make that this statement remains true also for stable, released
# versions.
# It will wrap lines (doesn't matter whether long or short) with a
# trailing '\', as in:
#
# foo.o : \
# foo.c \
# foo.h \
#
# It will put a trailing '\' even on the last line, and will use leading
# spaces rather than leading tabs (at least since its commit 0394caf7
# "Emit spaces for -MD").
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
# We have to change lines of the first kind to '$object: \'.
sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
# And for each line of the second kind, we have to emit a 'dep.h:'
# dummy dependency, to avoid the deleted-header problem.
sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
## The order of this option in the case statement is important, since the
## shell code in configure will try each of these formats in the order
## listed in this file. A plain '-MD' option would be understood by many
## compilers, so we must ensure this comes after the gcc and icc options.
pgcc)
# Portland's C compiler understands '-MD'.
# Will always output deps to 'file.d' where file is the root name of the
# source file under compilation, even if file resides in a subdirectory.
# The object file name does not affect the name of the '.d' file.
# pgcc 10.2 will output
# foo.o: sub/foo.c sub/foo.h
# and will wrap long lines using '\' :
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
set_dir_from "$object"
# Use the source, not the object, to determine the base name, since
# that's sadly what pgcc will do too.
set_base_from "$source"
tmpdepfile=$base.d
# For projects that build the same source file twice into different object
# files, the pgcc approach of using the *source* file root name can cause
# problems in parallel builds. Use a locking strategy to avoid stomping on
# the same $tmpdepfile.
lockdir=$base.d-lock
trap "
echo '$0: caught signal, cleaning up...' >&2
rmdir '$lockdir'
exit 1
" 1 2 13 15
numtries=100
i=$numtries
while test $i -gt 0; do
# mkdir is a portable test-and-set.
if mkdir "$lockdir" 2>/dev/null; then
# This process acquired the lock.
"$@" -MD
stat=$?
# Release the lock.
rmdir "$lockdir"
break
else
# If the lock is being held by a different process, wait
# until the winning process is done or we timeout.
while test -d "$lockdir" && test $i -gt 0; do
sleep 1
i=`expr $i - 1`
done
fi
i=`expr $i - 1`
done
trap - 1 2 13 15
if test $i -le 0; then
echo "$0: failed to acquire lock after $numtries attempts" >&2
echo "$0: check lockdir '$lockdir'" >&2
exit 1
fi
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each line is of the form `foo.o: dependent.h',
# or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp2)
# The "hp" stanza above does not work with aCC (C++) and HP's ia64
# compilers, which have integrated preprocessors. The correct option
# to use with these is +Maked; it writes dependencies to a file named
# 'foo.d', which lands next to the object file, wherever that
# happens to be.
# Much of this is similar to the tru64 case; see comments there.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir.libs/$base.d
"$@" -Wc,+Maked
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
"$@" +Maked
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
# Add 'dependent.h:' lines.
sed -ne '2,${
s/^ *//
s/ \\*$//
s/$/:/
p
}' "$tmpdepfile" >> "$depfile"
else
make_dummy_depfile
fi
rm -f "$tmpdepfile" "$tmpdepfile2"
;;
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
# effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
# dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
# Libtool generates 2 separate objects for the 2 libraries. These
# two compilations output dependencies in $dir.libs/$base.o.d and
# in $dir$base.o.d. We have to check for both files, because
# one of the two compilations can be disabled. We should prefer
# $dir$base.o.d over $dir.libs/$base.o.d because the latter is
# automatically cleaned when .libs/ is deleted, while ignoring
# the former would cause a distcleancheck panic.
tmpdepfile1=$dir$base.o.d # libtool 1.5
tmpdepfile2=$dir.libs/$base.o.d # Likewise.
tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504
"$@" -Wc,-MD
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
tmpdepfile3=$dir$base.d
"$@" -MD
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
# Same post-processing that is required for AIX mode.
aix_post_process_depfile
;;
msvc7)
if test "$libtool" = yes; then
showIncludes=-Wc,-showIncludes
else
showIncludes=-showIncludes
fi
"$@" $showIncludes > "$tmpdepfile"
stat=$?
grep -v '^Note: including file: ' "$tmpdepfile"
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
# The first sed program below extracts the file names and escapes
# backslashes for cygpath. The second sed program outputs the file
# name when reading, but also accumulates all include files in the
# hold buffer in order to output them again at the end. This only
# works with sed implementations that can handle large buffers.
sed < "$tmpdepfile" -n '
/^Note: including file: *\(.*\)/ {
s//\1/
s/\\/\\\\/g
p
}' | $cygpath_u | sort -u | sed -n '
s/ /\\ /g
s/\(.*\)/'"$tab"'\1 \\/p
s/.\(.*\) \\/\1:/
H
$ {
s/.*/'"$tab"'/
G
p
}' >> "$depfile"
echo >> "$depfile" # make sure the fragment doesn't end with a backslash
rm -f "$tmpdepfile"
;;
msvc7msys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
#nosideeffect)
# This comment above is used by automake to tell side-effect
# dependency tracking mechanisms from slower ones.
dashmstdout)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout, regardless of -o.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove '-o $object'.
IFS=" "
for arg
do
case $arg in
-o)
shift
;;
$object)
shift
;;
*)
set fnord "$@" "$arg"
shift # fnord
shift # $arg
;;
esac
done
test -z "$dashmflag" && dashmflag=-M
# Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
# a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this sed invocation
# correctly. Breaking it into two sed invocations is a workaround.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
dashXmstdout)
# This case only exists to satisfy depend.m4. It is never actually
# run, as this mode is specially recognized in the preamble.
exit 1
;;
makedepend)
"$@" || exit $?
# Remove any Libtool call
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# X makedepend
shift
cleared=no eat=no
for arg
do
case $cleared in
no)
set ""; shift
cleared=yes ;;
esac
if test $eat = yes; then
eat=no
continue
fi
case "$arg" in
-D*|-I*)
set fnord "$@" "$arg"; shift ;;
# Strip any option that makedepend may not understand. Remove
# the object too, otherwise makedepend will parse it as a source file.
-arch)
eat=yes ;;
-*|$object)
;;
*)
set fnord "$@" "$arg"; shift ;;
esac
done
obj_suffix=`echo "$object" | sed 's/^.*\././'`
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
# makedepend may prepend the VPATH from the source file name to the object.
# No need to regex-escape $object, excess matching of '.' is harmless.
sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process the last invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed '1,2d' "$tmpdepfile" \
| tr ' ' "$nl" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile" "$tmpdepfile".bak
;;
cpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove '-o $object'.
IFS=" "
for arg
do
case $arg in
-o)
shift
;;
$object)
shift
;;
*)
set fnord "$@" "$arg"
shift # fnord
shift # $arg
;;
esac
done
"$@" -E \
| sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
| sed '$ s: \\$::' > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
cat < "$tmpdepfile" >> "$depfile"
sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvisualcpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
IFS=" "
for arg
do
case "$arg" in
-o)
shift
;;
$object)
shift
;;
"-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
set fnord "$@"
shift
shift
;;
*)
set fnord "$@" "$arg"
shift
shift
;;
esac
done
"$@" -E 2>/dev/null |
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
echo "$tab" >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvcmsys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
none)
exec "$@"
;;
*)
echo "Unknown depmode $depmode" 1>&2
exit 1
;;
esac
exit 0
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

527
build-aux/install-sh Executable file
View File

@ -0,0 +1,527 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2011-11-20.07; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# 'make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
nl='
'
IFS=" "" $nl"
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
chgrpprog=${CHGRPPROG-chgrp}
chmodprog=${CHMODPROG-chmod}
chownprog=${CHOWNPROG-chown}
cmpprog=${CMPPROG-cmp}
cpprog=${CPPROG-cp}
mkdirprog=${MKDIRPROG-mkdir}
mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
mode=0755
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
mvcmd=$mvprog
rmcmd="$rmprog -f"
stripcmd=
src=
dst=
dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
or: $0 [OPTION]... SRCFILES... DIRECTORY
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
or: $0 [OPTION]... -d DIRECTORIES...
In the 1st form, copy SRCFILE to DSTFILE.
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
In the 4th, create DIRECTORIES.
Options:
--help display this help and exit.
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-s $stripprog installed files.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
"
while test $# -ne 0; do
case $1 in
-c) ;;
-C) copy_on_change=true;;
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) no_target_directory=true;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
# Otherwise, the last argument is the destination. Remove it from $@.
for arg
do
if test -n "$dst_arg"; then
# $@ is not empty: it contains at least $arg.
set fnord "$@" "$dst_arg"
shift # fnord
fi
shift # arg
dst_arg=$arg
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
done
fi
if test $# -eq 0; then
if test -z "$dir_arg"; then
echo "$0: no input file specified." >&2
exit 1
fi
# It's OK to call 'install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
trap "ret=130; $do_exit" 2
trap "ret=141; $do_exit" 13
trap "ret=143; $do_exit" 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
case $mode in
# Optimize common cases.
*644) cp_umask=133;;
*755) cp_umask=22;;
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
fi
for src
do
# Protect names problematic for 'test' and other utilities.
case $src in
-* | [=\(\)!]) src=./$src;;
esac
if test -n "$dir_arg"; then
dst=$src
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if test ! -f "$src" && test ! -d "$src"; then
echo "$0: $src does not exist." >&2
exit 1
fi
if test -z "$dst_arg"; then
echo "$0: no destination specified." >&2
exit 1
fi
dst=$dst_arg
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir"
dstdir_status=$?
fi
fi
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set fnord $dstdir
shift
$posix_glob set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
if test -n "$dir_arg"; then
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
# The rename failed, perhaps because mv can't rename something else
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
trap '' 0
fi
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

9655
build-aux/ltmain.sh Normal file
View File

File diff suppressed because it is too large Load Diff

215
build-aux/missing Executable file
View File

@ -0,0 +1,215 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
scriptversion=2012-06-26.16; # UTC
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
if test $# -eq 0; then
echo 1>&2 "Try '$0 --help' for more information"
exit 1
fi
case $1 in
--is-lightweight)
# Used by our autoconf macros to check whether the available missing
# script is modern enough.
exit 0
;;
--run)
# Back-compat with the calling convention used by older automake.
shift
;;
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
to PROGRAM being missing or too old.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
Supported PROGRAM values:
aclocal autoconf autoheader autom4te automake makeinfo
bison yacc flex lex help2man
Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
'g' are ignored when checking the name.
Send bug reports to <bug-automake@gnu.org>."
exit $?
;;
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
echo "missing $scriptversion (GNU Automake)"
exit $?
;;
-*)
echo 1>&2 "$0: unknown '$1' option"
echo 1>&2 "Try '$0 --help' for more information"
exit 1
;;
esac
# Run the given program, remember its exit status.
"$@"; st=$?
# If it succeeded, we are done.
test $st -eq 0 && exit 0
# Also exit now if we it failed (or wasn't found), and '--version' was
# passed; such an option is passed most likely to detect whether the
# program is present and works.
case $2 in --version|--help) exit $st;; esac
# Exit code 63 means version mismatch. This often happens when the user
# tries to use an ancient version of a tool on a file that requires a
# minimum version.
if test $st -eq 63; then
msg="probably too old"
elif test $st -eq 127; then
# Program was missing.
msg="missing on your system"
else
# Program was found and executed, but failed. Give up.
exit $st
fi
perl_URL=http://www.perl.org/
flex_URL=http://flex.sourceforge.net/
gnu_software_URL=http://www.gnu.org/software
program_details ()
{
case $1 in
aclocal|automake)
echo "The '$1' program is part of the GNU Automake package:"
echo "<$gnu_software_URL/automake>"
echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
echo "<$gnu_software_URL/autoconf>"
echo "<$gnu_software_URL/m4/>"
echo "<$perl_URL>"
;;
autoconf|autom4te|autoheader)
echo "The '$1' program is part of the GNU Autoconf package:"
echo "<$gnu_software_URL/autoconf/>"
echo "It also requires GNU m4 and Perl in order to run:"
echo "<$gnu_software_URL/m4/>"
echo "<$perl_URL>"
;;
esac
}
give_advice ()
{
# Normalize program name to check for.
normalized_program=`echo "$1" | sed '
s/^gnu-//; t
s/^gnu//; t
s/^g//; t'`
printf '%s\n' "'$1' is $msg."
configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
case $normalized_program in
autoconf*)
echo "You should only need it if you modified 'configure.ac',"
echo "or m4 files included by it."
program_details 'autoconf'
;;
autoheader*)
echo "You should only need it if you modified 'acconfig.h' or"
echo "$configure_deps."
program_details 'autoheader'
;;
automake*)
echo "You should only need it if you modified 'Makefile.am' or"
echo "$configure_deps."
program_details 'automake'
;;
aclocal*)
echo "You should only need it if you modified 'acinclude.m4' or"
echo "$configure_deps."
program_details 'aclocal'
;;
autom4te*)
echo "You might have modified some maintainer files that require"
echo "the 'automa4te' program to be rebuilt."
program_details 'autom4te'
;;
bison*|yacc*)
echo "You should only need it if you modified a '.y' file."
echo "You may want to install the GNU Bison package:"
echo "<$gnu_software_URL/bison/>"
;;
lex*|flex*)
echo "You should only need it if you modified a '.l' file."
echo "You may want to install the Fast Lexical Analyzer package:"
echo "<$flex_URL>"
;;
help2man*)
echo "You should only need it if you modified a dependency" \
"of a man page."
echo "You may want to install the GNU Help2man package:"
echo "<$gnu_software_URL/help2man/>"
;;
makeinfo*)
echo "You should only need it if you modified a '.texi' file, or"
echo "any other file indirectly affecting the aspect of the manual."
echo "You might want to install the Texinfo package:"
echo "<$gnu_software_URL/texinfo/>"
echo "The spurious makeinfo call might also be the consequence of"
echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
echo "want to install GNU make:"
echo "<$gnu_software_URL/make/>"
;;
*)
echo "You might have modified some files without having the proper"
echo "tools for further handling them. Check the 'README' file, it"
echo "often tells you about the needed prerequisites for installing"
echo "this package. You may also peek at any GNU archive site, in"
echo "case some other package contains this missing '$1' program."
;;
esac
}
give_advice "$1" | sed -e '1s/^/WARNING: /' \
-e '2,$s/^/ /' >&2
# Propagate the correct exit status (expected to be 127 for a program
# not found, 63 for a program that failed due to version mismatch).
exit $st
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

127
build-aux/test-driver Executable file
View File

@ -0,0 +1,127 @@
#! /bin/sh
# test-driver - basic testsuite driver script.
scriptversion=2012-06-27.10; # UTC
# Copyright (C) 2011-2013 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
# Make unconditional expansion of undefined variables an error. This
# helps a lot in preventing typo-related bugs.
set -u
usage_error ()
{
echo "$0: $*" >&2
print_usage >&2
exit 2
}
print_usage ()
{
cat <<END
Usage:
test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
[--expect-failure={yes|no}] [--color-tests={yes|no}]
[--enable-hard-errors={yes|no}] [--] TEST-SCRIPT
The '--test-name', '--log-file' and '--trs-file' options are mandatory.
END
}
# TODO: better error handling in option parsing (in particular, ensure
# TODO: $log_file, $trs_file and $test_name are defined).
test_name= # Used for reporting.
log_file= # Where to save the output of the test script.
trs_file= # Where to save the metadata of the test run.
expect_failure=no
color_tests=no
enable_hard_errors=yes
while test $# -gt 0; do
case $1 in
--help) print_usage; exit $?;;
--version) echo "test-driver $scriptversion"; exit $?;;
--test-name) test_name=$2; shift;;
--log-file) log_file=$2; shift;;
--trs-file) trs_file=$2; shift;;
--color-tests) color_tests=$2; shift;;
--expect-failure) expect_failure=$2; shift;;
--enable-hard-errors) enable_hard_errors=$2; shift;;
--) shift; break;;
-*) usage_error "invalid option: '$1'";;
esac
shift
done
if test $color_tests = yes; then
# Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
red='' # Red.
grn='' # Green.
lgn='' # Light green.
blu='' # Blue.
mgn='' # Magenta.
std='' # No color.
else
red= grn= lgn= blu= mgn= std=
fi
do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
trap "st=129; $do_exit" 1
trap "st=130; $do_exit" 2
trap "st=141; $do_exit" 13
trap "st=143; $do_exit" 15
# Test script is run here.
"$@" >$log_file 2>&1
estatus=$?
if test $enable_hard_errors = no && test $estatus -eq 99; then
estatus=1
fi
case $estatus:$expect_failure in
0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
0:*) col=$grn res=PASS recheck=no gcopy=no;;
77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;;
*:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;;
*:*) col=$red res=FAIL recheck=yes gcopy=yes;;
esac
# Report outcome to console.
echo "${col}${res}${std}: $test_name"
# Register the test result, and other relevant metadata.
echo ":test-result: $res" > $trs_file
echo ":global-test-result: $res" >> $trs_file
echo ":recheck: $recheck" >> $trs_file
echo ":copy-in-global-log: $gcopy" >> $trs_file
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

249
build-aux/ylwrap Executable file
View File

@ -0,0 +1,249 @@
#! /bin/sh
# ylwrap - wrapper for lex/yacc invocations.
scriptversion=2012-12-21.17; # UTC
# Copyright (C) 1996-2013 Free Software Foundation, Inc.
#
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
get_dirname ()
{
case $1 in
*/*|*\\*) printf '%s\n' "$1" | sed -e 's|\([\\/]\)[^\\/]*$|\1|';;
# Otherwise, we want the empty string (not ".").
esac
}
# guard FILE
# ----------
# The CPP macro used to guard inclusion of FILE.
guard()
{
printf '%s\n' "$1" \
| sed \
-e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
-e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g' \
-e 's/__*/_/g'
}
# quote_for_sed [STRING]
# ----------------------
# Return STRING (or stdin) quoted to be used as a sed pattern.
quote_for_sed ()
{
case $# in
0) cat;;
1) printf '%s\n' "$1";;
esac \
| sed -e 's|[][\\.*]|\\&|g'
}
case "$1" in
'')
echo "$0: No files given. Try '$0 --help' for more information." 1>&2
exit 1
;;
--basedir)
basedir=$2
shift 2
;;
-h|--h*)
cat <<\EOF
Usage: ylwrap [--help|--version] INPUT [OUTPUT DESIRED]... -- PROGRAM [ARGS]...
Wrapper for lex/yacc invocations, renaming files as desired.
INPUT is the input file
OUTPUT is one file PROG generates
DESIRED is the file we actually want instead of OUTPUT
PROGRAM is program to run
ARGS are passed to PROG
Any number of OUTPUT,DESIRED pairs may be used.
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v|--v*)
echo "ylwrap $scriptversion"
exit $?
;;
esac
# The input.
input="$1"
shift
# We'll later need for a correct munging of "#line" directives.
input_sub_rx=`get_dirname "$input" | quote_for_sed`
case "$input" in
[\\/]* | ?:[\\/]*)
# Absolute path; do nothing.
;;
*)
# Relative path. Make it absolute.
input="`pwd`/$input"
;;
esac
input_rx=`get_dirname "$input" | quote_for_sed`
# Since DOS filename conventions don't allow two dots,
# the DOS version of Bison writes out y_tab.c instead of y.tab.c
# and y_tab.h instead of y.tab.h. Test to see if this is the case.
y_tab_nodot=false
if test -f y_tab.c || test -f y_tab.h; then
y_tab_nodot=true
fi
# The parser itself, the first file, is the destination of the .y.c
# rule in the Makefile.
parser=$1
# A sed program to s/FROM/TO/g for all the FROM/TO so that, for
# instance, we rename #include "y.tab.h" into #include "parse.h"
# during the conversion from y.tab.c to parse.c.
sed_fix_filenames=
# Also rename header guards, as Bison 2.7 for instance uses its header
# guard in its implementation file.
sed_fix_header_guards=
while test "$#" -ne 0; do
if test "$1" = "--"; then
shift
break
fi
from=$1
# Handle y_tab.c and y_tab.h output by DOS
if $y_tab_nodot; then
case $from in
"y.tab.c") from=y_tab.c;;
"y.tab.h") from=y_tab.h;;
esac
fi
shift
to=$1
shift
sed_fix_filenames="${sed_fix_filenames}s|"`quote_for_sed "$from"`"|$to|g;"
sed_fix_header_guards="${sed_fix_header_guards}s|"`guard "$from"`"|"`guard "$to"`"|g;"
done
# The program to run.
prog="$1"
shift
# Make any relative path in $prog absolute.
case "$prog" in
[\\/]* | ?:[\\/]*) ;;
*[\\/]*) prog="`pwd`/$prog" ;;
esac
# FIXME: add hostname here for parallel makes that run commands on
# other machines. But that might take us over the 14-char limit.
dirname=ylwrap$$
do_exit="cd '`pwd`' && rm -rf $dirname > /dev/null 2>&1;"' (exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
trap "ret=130; $do_exit" 2
trap "ret=141; $do_exit" 13
trap "ret=143; $do_exit" 15
mkdir $dirname || exit 1
cd $dirname
case $# in
0) "$prog" "$input" ;;
*) "$prog" "$@" "$input" ;;
esac
ret=$?
if test $ret -eq 0; then
for from in *
do
to=`printf '%s\n' "$from" | sed "$sed_fix_filenames"`
if test -f "$from"; then
# If $2 is an absolute path name, then just use that,
# otherwise prepend '../'.
case $to in
[\\/]* | ?:[\\/]*) target=$to;;
*) target="../$to";;
esac
# Do not overwrite unchanged header files to avoid useless
# recompilations. Always update the parser itself: it is the
# destination of the .y.c rule in the Makefile. Divert the
# output of all other files to a temporary file so we can
# compare them to existing versions.
if test $from != $parser; then
realtarget="$target"
target=tmp-`printf '%s\n' "$target" | sed 's|.*[\\/]||g'`
fi
# Munge "#line" or "#" directives. Don't let the resulting
# debug information point at an absolute srcdir. Use the real
# output file name, not yy.lex.c for instance. Adjust the
# include guards too.
sed -e "/^#/!b" \
-e "s|$input_rx|$input_sub_rx|" \
-e "$sed_fix_filenames" \
-e "$sed_fix_header_guards" \
"$from" >"$target" || ret=$?
# Check whether files must be updated.
if test "$from" != "$parser"; then
if test -f "$realtarget" && cmp -s "$realtarget" "$target"; then
echo "$to is unchanged"
rm -f "$target"
else
echo "updating $to"
mv -f "$target" "$realtarget"
fi
fi
else
# A missing file is only an error for the parser. This is a
# blatant hack to let us support using "yacc -d". If -d is not
# specified, don't fail when the header file is "missing".
if test "$from" = "$parser"; then
ret=1
fi
fi
done
fi
# Remove the directory.
cd ..
rm -rf $dirname
exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

6
conf/Makefile.am Normal file
View File

@ -0,0 +1,6 @@
SUBDIRS = pam_conv1
CLEANFILES = *~
EXTRA_DIST = install_conf md5itall pam.conf

677
conf/Makefile.in Normal file
View File

@ -0,0 +1,677 @@
# Makefile.in generated by automake 1.13.4 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = conf
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/japhar_grep_cflags.m4 \
$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
ctags-recursive dvi-recursive html-recursive info-recursive \
install-data-recursive install-dvi-recursive \
install-exec-recursive install-html-recursive \
install-info-recursive install-pdf-recursive \
install-ps-recursive install-recursive installcheck-recursive \
installdirs-recursive pdf-recursive ps-recursive \
tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
$(RECURSIVE_TARGETS) \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
distdir
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
sed_rest='s,^[^/]*/*,,'; \
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
sed_butlast='s,/*[^/]*$$,,'; \
while test -n "$$dir1"; do \
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
if test "$$first" != "."; then \
if test "$$first" = ".."; then \
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
else \
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
if test "$$first2" = "$$first"; then \
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
else \
dir2="../$$dir2"; \
fi; \
dir0="$$dir0"/"$$first"; \
fi; \
fi; \
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
done; \
reldir="$$dir2"
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BROWSER = @BROWSER@
BUILD_CFLAGS = @BUILD_CFLAGS@
BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
BUILD_LDFLAGS = @BUILD_LDFLAGS@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CC_FOR_BUILD = @CC_FOR_BUILD@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FO2PDF = @FO2PDF@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBAUDIT = @LIBAUDIT@
LIBCRACK = @LIBCRACK@
LIBCRYPT = @LIBCRYPT@
LIBDB = @LIBDB@
LIBDL = @LIBDL@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBOBJS = @LIBOBJS@
LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
LIBS = @LIBS@
LIBSELINUX = @LIBSELINUX@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NIS_CFLAGS = @NIS_CFLAGS@
NIS_LIBS = @NIS_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSL_CFLAGS = @NSL_CFLAGS@
NSL_LIBS = @NSL_LIBS@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PIE_CFLAGS = @PIE_CFLAGS@
PIE_LDFLAGS = @PIE_LDFLAGS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POSUB = @POSUB@
RANLIB = @RANLIB@
SCONFIGDIR = @SCONFIGDIR@
SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLCATALOG = @XMLCATALOG@
XMLLINT = @XMLLINT@
XML_CATALOG_FILE = @XML_CATALOG_FILE@
XSLTPROC = @XSLTPROC@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libc_cv_fpie = @libc_cv_fpie@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pam_cv_ld_O1 = @pam_cv_ld_O1@
pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
pam_xauth_path = @pam_xauth_path@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = pam_conv1
CLEANFILES = *~
EXTRA_DIST = install_conf md5itall pam.conf
all: all-recursive
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu conf/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
# This directory's subdirectories are mostly independent; you can cd
# into them and run 'make' without going through this Makefile.
# To change the values of 'make' variables: instead of editing Makefiles,
# (1) if the variable is set in 'config.status', edit 'config.status'
# (which will cause the Makefiles to be regenerated when you run 'make');
# (2) otherwise, pass the desired values on the 'make' command line.
$(am__recursive_targets):
@fail=; \
if $(am__make_keepgoing); then \
failcom='fail=yes'; \
else \
failcom='exit 1'; \
fi; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-recursive
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
empty_fix=.; \
else \
include_option=--include; \
empty_fix=; \
fi; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-recursive
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-recursive
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
$(am__make_dryrun) \
|| test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
$(am__relativize); \
new_distdir=$$reldir; \
dir1=$$subdir; dir2="$(top_distdir)"; \
$(am__relativize); \
new_top_distdir=$$reldir; \
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
($(am__cd) $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$$new_top_distdir" \
distdir="$$new_distdir" \
am__remove_distdir=: \
am__skip_length_check=: \
am__skip_mode_fix=: \
distdir) \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-recursive
all-am: Makefile
installdirs: installdirs-recursive
installdirs-am:
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-recursive
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-tags
dvi: dvi-recursive
dvi-am:
html: html-recursive
html-am:
info: info-recursive
info-am:
install-data-am:
install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am:
install-html: install-html-recursive
install-html-am:
install-info: install-info-recursive
install-info-am:
install-man:
install-pdf: install-pdf-recursive
install-pdf-am:
install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-recursive
pdf-am:
ps: ps-recursive
ps-am:
uninstall-am:
.MAKE: $(am__recursive_targets) install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
check-am clean clean-generic clean-libtool cscopelist-am ctags \
ctags-am distclean distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
installdirs-am maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags tags-am uninstall uninstall-am
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

36
conf/install_conf Executable file
View File

@ -0,0 +1,36 @@
#!/bin/sh
CONFILE="$FAKEROOT"$CONFIGED/pam.conf
IGNORE_AGE=./.ignore_age
CONF=./pam.conf
echo
if [ -f "$IGNORE_AGE" ]; then
echo "you don't want to be bothered with the age of your $CONFILE file"
yes="n"
elif [ ! -f "$CONFILE" ] || [ "$CONF" -nt "$CONFILE" ]; then
if [ -f "$CONFILE" ]; then
echo "\
An older Linux-PAM configuration file already exists ($CONFILE)"
WRITE=overwrite
fi
echo -n "\
Do you wish to copy the $CONF file in this distribution
to $CONFILE ? (y/n) [n] "
read yes
else
yes=n
fi
if [ "$yes" = "y" ]; then
echo " copying $CONF to $CONFILE"
cp $CONF $CONFILE
else
touch "$IGNORE_AGE"
echo " Skipping $CONF installation"
fi
echo
exit 0

43
conf/md5itall Executable file
View File

@ -0,0 +1,43 @@
#!/bin/bash
#
# $Id$
#
# Created by Andrew G. Morgan (morgan@parc.power.net)
#
MD5SUM=md5sum
CHKFILE1=./.md5sum
CHKFILE2=./.md5sum-new
which $MD5SUM > /dev/null
result=$?
if [ -x "$MD5SUM" ] || [ $result -eq 0 ]; then
rm -f $CHKFILE2
echo -n "computing md5 checksums."
for x in `cat ../.filelist` ; do
(cd ../.. ; $MD5SUM $x) >> $CHKFILE2
echo -n "."
done
echo
if [ -f "$CHKFILE1" ]; then
echo "\
---> Note, since the last \`make check', the following file(s) have changed:
==========================================================================="
diff $CHKFILE1 $CHKFILE2
if [ $? -eq 0 ]; then
echo "\
--------------------------- Nothing has changed ---------------------------"
fi
echo "\
==========================================================================="
fi
rm -f "$CHKFILE1"
mv "$CHKFILE2" "$CHKFILE1"
chmod 400 "$CHKFILE1"
else
echo "\
Please install \`$MD5SUM'.
[It is used to check the integrity of this distribution]
---> no check done."
fi

125
conf/pam.conf Normal file
View File

@ -0,0 +1,125 @@
# ---------------------------------------------------------------------------#
# /etc/pam.conf #
# #
# Last modified by Andrew G. Morgan <morgan@kernel.org> #
# ---------------------------------------------------------------------------#
# $Id$
# ---------------------------------------------------------------------------#
# serv. module ctrl module [path] ...[args..] #
# name type flag #
# ---------------------------------------------------------------------------#
#
# The PAM configuration file for the `chfn' service
#
chfn auth required pam_unix.so
chfn account required pam_unix.so
chfn password required pam_cracklib.so retry=3
chfn password required pam_unix.so shadow md5 use_authtok
#
# The PAM configuration file for the `chsh' service
#
chsh auth required pam_unix.so
chsh account required pam_unix.so
chsh password required pam_cracklib.so retry=3
chsh password required pam_unix.so shadow md5 use_authtok
#
# The PAM configuration file for the `ftp' service
#
ftp auth requisite pam_listfile.so \
item=user sense=deny file=/etc/ftpusers onerr=succeed
ftp auth requisite pam_shells.so
ftp auth required pam_unix.so
ftp account required pam_unix.so
#
# The PAM configuration file for the `imap' service
#
imap auth required pam_unix.so
imap account required pam_unix.so
#
# The PAM configuration file for the `login' service
#
login auth requisite pam_securetty.so
login auth required pam_unix.so
login auth optional pam_group.so
login account requisite pam_time.so
login account required pam_unix.so
login password required pam_cracklib.so retry=3
login password required pam_unix.so shadow md5 use_authtok
login session required pam_unix.so
#
# The PAM configuration file for the `netatalk' service
#
netatalk auth required pam_unix.so
netatalk account required pam_unix.so
#
# The PAM configuration file for the `other' service
#
other auth required pam_deny.so
other auth required pam_warn.so
other account required pam_deny.so
other password required pam_deny.so
other password required pam_warn.so
other session required pam_deny.so
#
# The PAM configuration file for the `passwd' service
#
passwd password requisite pam_cracklib.so retry=3
passwd password required pam_unix.so shadow md5 use_authtok
#
# The PAM configuration file for the `rexec' service
#
rexec auth requisite pam_securetty.so
rexec auth requisite pam_nologin.so
rexec auth sufficient pam_rhosts_auth.so
rexec auth required pam_unix.so
rexec account required pam_unix.so
rexec session required pam_unix.so
rexec session required pam_limits.so
#
# The PAM configuration file for the `rlogin' service
# this application passes control to `login' if it fails
#
rlogin auth requisite pam_securetty.so
rlogin auth requisite pam_nologin.so
rlogin auth required pam_rhosts_auth.so
rlogin account required pam_unix.so
rlogin password required pam_cracklib.so retry=3
rlogin password required pam_unix.so shadow md5 use_authtok
rlogin session required pam_unix.so
rlogin session required pam_limits.so
#
# The PAM configuration file for the `rsh' service
#
rsh auth requisite pam_securetty.so
rsh auth requisite pam_nologin.so
rsh auth sufficient pam_rhosts_auth.so
rsh auth required pam_unix.so
rsh account required pam_unix.so
rsh session required pam_unix.so
rsh session required pam_limits.so
#
# The PAM configuration file for the `samba' service
#
samba auth required pam_unix.so
samba account required pam_unix.so
#
# The PAM configuration file for the `su' service
#
su auth required pam_wheel.so
su auth sufficient pam_rootok.so
su auth required pam_unix.so
su account required pam_unix.so
su session required pam_unix.so
#
# The PAM configuration file for the `vlock' service
#
vlock auth required pam_unix.so
#
# The PAM configuration file for the `xdm' service
#
xdm auth required pam_unix.so
xdm account required pam_unix.so
#
# The PAM configuration file for the `xlock' service
#
xlock auth required pam_unix.so

15
conf/pam_conv1/Makefile.am Normal file
View File

@ -0,0 +1,15 @@
#
# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
#
CLEANFILES = *~
EXTRA_DIST = README
AM_YFLAGS = -d
BUILT_SOURCES = pam_conv_y.h
noinst_PROGRAMS = pam_conv1
pam_conv1_SOURCES = pam_conv_l.l pam_conv_y.y

685
conf/pam_conv1/Makefile.in Normal file
View File

@ -0,0 +1,685 @@
# Makefile.in generated by automake 1.13.4 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
#
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
noinst_PROGRAMS = pam_conv1$(EXEEXT)
subdir = conf/pam_conv1
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am pam_conv_l.c \
pam_conv_y.h pam_conv_y.c $(top_srcdir)/build-aux/depcomp \
$(top_srcdir)/build-aux/ylwrap README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/japhar_grep_cflags.m4 \
$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
PROGRAMS = $(noinst_PROGRAMS)
am_pam_conv1_OBJECTS = pam_conv_l.$(OBJEXT) pam_conv_y.$(OBJEXT)
pam_conv1_OBJECTS = $(am_pam_conv1_OBJECTS)
pam_conv1_LDADD = $(LDADD)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
$(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
LEXCOMPILE = $(LEX) $(AM_LFLAGS) $(LFLAGS)
LTLEXCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(LEX) $(AM_LFLAGS) $(LFLAGS)
AM_V_LEX = $(am__v_LEX_@AM_V@)
am__v_LEX_ = $(am__v_LEX_@AM_DEFAULT_V@)
am__v_LEX_0 = @echo " LEX " $@;
am__v_LEX_1 =
YLWRAP = $(top_srcdir)/build-aux/ylwrap
am__yacc_c2h = sed -e s/cc$$/hh/ -e s/cpp$$/hpp/ -e s/cxx$$/hxx/ \
-e s/c++$$/h++/ -e s/c$$/h/
YACCCOMPILE = $(YACC) $(AM_YFLAGS) $(YFLAGS)
LTYACCCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS)
AM_V_YACC = $(am__v_YACC_@AM_V@)
am__v_YACC_ = $(am__v_YACC_@AM_DEFAULT_V@)
am__v_YACC_0 = @echo " YACC " $@;
am__v_YACC_1 =
SOURCES = $(pam_conv1_SOURCES)
DIST_SOURCES = $(pam_conv1_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BROWSER = @BROWSER@
BUILD_CFLAGS = @BUILD_CFLAGS@
BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
BUILD_LDFLAGS = @BUILD_LDFLAGS@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CC_FOR_BUILD = @CC_FOR_BUILD@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FO2PDF = @FO2PDF@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBAUDIT = @LIBAUDIT@
LIBCRACK = @LIBCRACK@
LIBCRYPT = @LIBCRYPT@
LIBDB = @LIBDB@
LIBDL = @LIBDL@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBOBJS = @LIBOBJS@
LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
LIBS = @LIBS@
LIBSELINUX = @LIBSELINUX@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NIS_CFLAGS = @NIS_CFLAGS@
NIS_LIBS = @NIS_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSL_CFLAGS = @NSL_CFLAGS@
NSL_LIBS = @NSL_LIBS@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PIE_CFLAGS = @PIE_CFLAGS@
PIE_LDFLAGS = @PIE_LDFLAGS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POSUB = @POSUB@
RANLIB = @RANLIB@
SCONFIGDIR = @SCONFIGDIR@
SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLCATALOG = @XMLCATALOG@
XMLLINT = @XMLLINT@
XML_CATALOG_FILE = @XML_CATALOG_FILE@
XSLTPROC = @XSLTPROC@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libc_cv_fpie = @libc_cv_fpie@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pam_cv_ld_O1 = @pam_cv_ld_O1@
pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
pam_xauth_path = @pam_xauth_path@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
EXTRA_DIST = README
AM_YFLAGS = -d
BUILT_SOURCES = pam_conv_y.h
pam_conv1_SOURCES = pam_conv_l.l pam_conv_y.y
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-am
.SUFFIXES:
.SUFFIXES: .c .l .lo .o .obj .y
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/pam_conv1/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu conf/pam_conv1/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
clean-noinstPROGRAMS:
@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
rm -f $$list || exit $$?; \
test -n "$(EXEEXT)" || exit 0; \
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
pam_conv_y.h: pam_conv_y.c
@if test ! -f $@; then rm -f pam_conv_y.c; else :; fi
@if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) pam_conv_y.c; else :; fi
pam_conv1$(EXEEXT): $(pam_conv1_OBJECTS) $(pam_conv1_DEPENDENCIES) $(EXTRA_pam_conv1_DEPENDENCIES)
@rm -f pam_conv1$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(pam_conv1_OBJECTS) $(pam_conv1_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_conv_l.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_conv_y.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
.l.c:
$(AM_V_LEX)$(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE)
.y.c:
$(AM_V_YACC)$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h `echo $@ | $(am__yacc_c2h)` y.output $*.output -- $(YACCCOMPILE)
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-am
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-am
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
all-am: Makefile $(PROGRAMS)
installdirs:
install: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-rm -f pam_conv_l.c
-rm -f pam_conv_y.c
-rm -f pam_conv_y.h
-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
clean: clean-am
clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am:
.MAKE: all check install install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-libtool clean-noinstPROGRAMS cscopelist-am ctags \
ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

8
conf/pam_conv1/README Normal file
View File

@ -0,0 +1,8 @@
This directory contains a untility to convert pam.conf files to a pam.d/
tree. The conversion program takes pam.conf from the standard input and
creates the pam.d/ directory in the current directory.
The program will fail if ./pam.d/ already exists.
Andrew Morgan, February 1997

1794
conf/pam_conv1/pam_conv_l.c Normal file
View File

File diff suppressed because it is too large Load Diff

51
conf/pam_conv1/pam_conv_l.l Normal file
View File

@ -0,0 +1,51 @@
%{
/*
* $Id$
*
* Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
*
* This file is covered by the Linux-PAM License (which should be
* distributed with this file.)
*/
static const char lexid[]=
"$Id$\n"
"Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>\n";
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <stdio.h>
#include "pam_conv_y.h"
extern int current_line;
%}
%option noyywrap
%%
"#"[^\n]* ; /* skip comments (sorry) */
"\\\n" {
++current_line;
}
([^\n\t ]|[\\][^\n])+ {
return TOK;
}
[ \t]+ ; /* Ignore */
<<EOF>> {
return EOFILE;
}
[\n] {
++current_line;
return NL;
}
%%

1790
conf/pam_conv1/pam_conv_y.c Normal file
View File

File diff suppressed because it is too large Load Diff

95
conf/pam_conv1/pam_conv_y.h Normal file
View File

@ -0,0 +1,95 @@
/* A Bison parser, made by GNU Bison 2.7. */
/* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
under terms of your choice, so long as that work isn't itself a
parser generator using the skeleton or a modified version thereof
as a parser skeleton. Alternatively, if you modify or redistribute
the parser skeleton itself, you may (at your option) remove this
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY_YY_PAM_CONV_Y_H_INCLUDED
# define YY_YY_PAM_CONV_Y_H_INCLUDED
/* Enabling traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
#endif
#if YYDEBUG
extern int yydebug;
#endif
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
NL = 258,
EOFILE = 259,
TOK = 260
};
#endif
/* Tokens. */
#define NL 258
#define EOFILE 259
#define TOK 260
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
{
/* Line 2058 of yacc.c */
#line 47 "pam_conv_y.y"
int def;
char *string;
/* Line 2058 of yacc.c */
#line 73 "pam_conv_y.h"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif
extern YYSTYPE yylval;
#ifdef YYPARSE_PARAM
#if defined __STDC__ || defined __cplusplus
int yyparse (void *YYPARSE_PARAM);
#else
int yyparse ();
#endif
#else /* ! YYPARSE_PARAM */
#if defined __STDC__ || defined __cplusplus
int yyparse (void);
#else
int yyparse ();
#endif
#endif /* ! YYPARSE_PARAM */
#endif /* !YY_YY_PAM_CONV_Y_H_INCLUDED */

210
conf/pam_conv1/pam_conv_y.y Normal file
View File

@ -0,0 +1,210 @@
%{
/*
* $Id$
*
* Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
*
* This file is covered by the Linux-PAM License (which should be
* distributed with this file.)
*/
static const char bisonid[]=
"$Id$\n"
"Copyright (c) Andrew G. Morgan 1997-8 <morgan@linux.kernel.org>\n";
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <string.h>
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <ctype.h>
#include <sys/stat.h>
extern int yylex(void);
int current_line=1;
extern char *yytext;
/* XXX - later we'll change this to be the specific conf file(s) */
#define newpamf stderr
#define PAM_D "./pam.d"
#define PAM_D_MODE 0755
#define PAM_D_MAGIC_HEADER \
"#%%PAM-1.0\n" \
"#[For version 1.0 syntax, the above header is optional]\n"
#define PAM_D_FILE_FMT PAM_D "/%s"
const char *old_to_new_ctrl_flag(const char *old);
void yyerror(const char *format, ...);
%}
%union {
int def;
char *string;
}
%token NL EOFILE TOK
%type <string> tok path tokenls
%start complete
%%
complete
:
| complete NL
| complete line
| complete EOFILE {
return 0;
}
;
line
: tok tok tok path tokenls NL {
char *filename;
FILE *conf;
int i;
/* make sure we have lower case */
for (i=0; $1[i]; ++i) {
$1[i] = tolower($1[i]);
}
/* $1 = service-name */
yyerror("Appending to " PAM_D "/%s", $1);
filename = malloc(strlen($1) + sizeof(PAM_D) + 6);
sprintf(filename, PAM_D_FILE_FMT, $1);
conf = fopen(filename, "r");
if (conf == NULL) {
/* new file */
conf = fopen(filename, "w");
if (conf != NULL) {
fprintf(conf, PAM_D_MAGIC_HEADER);
fprintf(conf,
"#\n"
"# The PAM configuration file for the `%s' service\n"
"#\n", $1);
}
} else {
fclose(conf);
conf = fopen(filename, "a");
}
if (conf == NULL) {
yyerror("trouble opening %s - aborting", filename);
exit(1);
}
free(filename);
/* $2 = module-type */
fprintf(conf, "%-10s", $2);
free($2);
/* $3 = required etc. */
{
const char *trans;
trans = old_to_new_ctrl_flag($3);
free($3);
fprintf(conf, " %-10s", trans);
}
/* $4 = module-path */
fprintf(conf, " %s", $4);
free($4);
/* $5 = arguments */
if ($5 != NULL) {
fprintf(conf, " \\\n\t\t%s", $5);
free($5);
}
/* end line */
fprintf(conf, "\n");
fclose(conf);
}
| error NL {
yyerror("malformed line");
}
;
tokenls
: {
$$=NULL;
}
| tokenls tok {
int len;
if ($1) {
len = strlen($1) + strlen($2) + 2;
$$ = malloc(len);
sprintf($$,"%s %s",$1,$2);
free($1);
free($2);
} else {
$$ = $2;
}
}
;
path
: TOK {
/* XXX - this could be used to check if file present */
$$ = strdup(yytext);
}
tok
: TOK {
$$ = strdup(yytext);
}
%%
const char *old_to_new_ctrl_flag(const char *old)
{
static const char *clist[] = {
"requisite",
"required",
"sufficient",
"optional",
NULL,
};
int i;
for (i=0; clist[i]; ++i) {
if (strcasecmp(clist[i], old) == 0) {
break;
}
}
return clist[i];
}
void yyerror(const char *format, ...)
{
va_list args;
fprintf(stderr, "line %d: ", current_line);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fprintf(stderr, "\n");
}
int main(void)
{
if (mkdir(PAM_D, PAM_D_MODE) != 0) {
yyerror(PAM_D " already exists.. aborting");
exit(1);
}
yyparse();
exit(0);
}

458
config.h.in Normal file
View File

@ -0,0 +1,458 @@
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
/* Define to 1 if translation of program messages to the user's native
language is requested. */
#undef ENABLE_NLS
/* Define to the type of elements in the array set by `getgroups'. Usually
this is either `int' or `gid_t'. */
#undef GETGROUPS_T
/* Define to 1 if struct audit_tty_status exists. */
#undef HAVE_AUDIT_TTY_STATUS
/* Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the
CoreFoundation framework. */
#undef HAVE_CFLOCALECOPYCURRENT
/* Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in
the CoreFoundation framework. */
#undef HAVE_CFPREFERENCESCOPYAPPVALUE
/* Define to 1 if you have the <crack.h> header file. */
#undef HAVE_CRACK_H
/* Define to 1 if you have the `crypt_gensalt_r' function. */
#undef HAVE_CRYPT_GENSALT_R
/* Define to 1 if you have the <crypt.h> header file. */
#undef HAVE_CRYPT_H
/* Define to 1 if you have the `crypt_r' function. */
#undef HAVE_CRYPT_R
/* Define to 1 if you have the `dbm_store' function. */
#undef HAVE_DBM_STORE
/* Define to 1 if you have the `db_create' function. */
#undef HAVE_DB_CREATE
/* Define to 1 if you have the <db.h> header file. */
#undef HAVE_DB_H
/* Define if the GNU dcgettext() function is already present or preinstalled.
*/
#undef HAVE_DCGETTEXT
/* Define to 1 if you have the declaration of `getrpcport', and to 0 if you
don't. */
#undef HAVE_DECL_GETRPCPORT
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
*/
#undef HAVE_DIRENT_H
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
/* Define to 1 if you have the `dngettext' function. */
#undef HAVE_DNGETTEXT
/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
#undef HAVE_DOPRNT
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
/* Define to 1 if you have the `fseeko' function. */
#undef HAVE_FSEEKO
/* Define to 1 if you have the `getdelim' function. */
#undef HAVE_GETDELIM
/* Define to 1 if you have the `getdomainname' function. */
#undef HAVE_GETDOMAINNAME
/* Define to 1 if you have the `getgrgid_r' function. */
#undef HAVE_GETGRGID_R
/* Define to 1 if you have the `getgrnam_r' function. */
#undef HAVE_GETGRNAM_R
/* Define to 1 if you have the `getgrouplist' function. */
#undef HAVE_GETGROUPLIST
/* Define to 1 if you have the `gethostname' function. */
#undef HAVE_GETHOSTNAME
/* Define to 1 if you have the `getline' function. */
#undef HAVE_GETLINE
/* Define to 1 if you have the `getpwnam_r' function. */
#undef HAVE_GETPWNAM_R
/* Define to 1 if you have the `getpwuid_r' function. */
#undef HAVE_GETPWUID_R
/* Define to 1 if you have the `getrpcport' function. */
#undef HAVE_GETRPCPORT
/* Define to 1 if you have the `getseuser' function. */
#undef HAVE_GETSEUSER
/* Define to 1 if you have the `getspnam_r' function. */
#undef HAVE_GETSPNAM_R
/* Define if the GNU gettext() function is already present or preinstalled. */
#undef HAVE_GETTEXT
/* Define to 1 if you have the `gettimeofday' function. */
#undef HAVE_GETTIMEOFDAY
/* Define to 1 if you have the `getutent_r' function. */
#undef HAVE_GETUTENT_R
/* Define if you have the iconv() function and it works. */
#undef HAVE_ICONV
/* Define to 1 if you have the `inet_ntop' function. */
#undef HAVE_INET_NTOP
/* Define to 1 if you have the `inet_pton' function. */
#undef HAVE_INET_PTON
/* Define to 1 if you have the <inittypes.h> header file. */
#undef HAVE_INITTYPES_H
/* Define to 1 if you have the `innetgr' function. */
#undef HAVE_INNETGR
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Defined if the kernel key management facility is available */
#undef HAVE_KEY_MANAGEMENT
/* Define to 1 if you have the <lastlog.h> header file. */
#undef HAVE_LASTLOG_H
/* Define to 1 if you have the `lckpwdf' function. */
#undef HAVE_LCKPWDF
/* Define to 1 if audit support should be compiled in. */
#undef HAVE_LIBAUDIT
/* Define to 1 if you have cracklib. */
#undef HAVE_LIBCRACK
/* Define to 1 if xcrypt support should be compiled in. */
#undef HAVE_LIBXCRYPT
/* Define to 1 if you have the <limits.h> header file. */
#undef HAVE_LIMITS_H
/* Define to 1 if you have the <malloc.h> header file. */
#undef HAVE_MALLOC_H
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the `mkdir' function. */
#undef HAVE_MKDIR
/* Define to 1 if you have the <ndbm.h> header file. */
#undef HAVE_NDBM_H
/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
#undef HAVE_NDIR_H
/* Define to 1 if you have the <net/if.h> header file. */
#undef HAVE_NET_IF_H
/* Define to 1 if you have the <paths.h> header file. */
#undef HAVE_PATHS_H
/* Define to 1 if you have the `rpcb_getaddr' function. */
#undef HAVE_RPCB_GETADDR
/* Define to 1 if you have the <rpcsvc/ypclnt.h> header file. */
#undef HAVE_RPCSVC_YPCLNT_H
/* Define to 1 if you have the <rpcsvc/yp_prot.h> header file. */
#undef HAVE_RPCSVC_YP_PROT_H
/* Define to 1 if you have the <rpc/rpc.h> header file. */
#undef HAVE_RPC_RPC_H
/* Define to 1 if you have the `ruserok_af' function. */
#undef HAVE_RUSEROK_AF
/* Define to 1 if you have the `select' function. */
#undef HAVE_SELECT
/* Define to 1 if you have the `setkeycreatecon' function. */
#undef HAVE_SETKEYCREATECON
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the `strcspn' function. */
#undef HAVE_STRCSPN
/* Define to 1 if you have the `strdup' function. */
#undef HAVE_STRDUP
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the `strspn' function. */
#undef HAVE_STRSPN
/* Define to 1 if you have the `strstr' function. */
#undef HAVE_STRSTR
/* Define to 1 if you have the `strtol' function. */
#undef HAVE_STRTOL
/* Define to 1 if `log_passwd' is a member of `struct audit_tty_status'. */
#undef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
*/
#undef HAVE_SYS_DIR_H
/* Define to 1 if you have the <sys/file.h> header file. */
#undef HAVE_SYS_FILE_H
/* Define to 1 if you have the <sys/fsuid.h> header file. */
#undef HAVE_SYS_FSUID_H
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
*/
#undef HAVE_SYS_NDIR_H
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
#undef HAVE_SYS_WAIT_H
/* Define to 1 if you have the <termio.h> header file. */
#undef HAVE_TERMIO_H
/* Define to 1 if you have the `uname' function. */
#undef HAVE_UNAME
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to 1 if you have the `unshare' function. */
#undef HAVE_UNSHARE
/* Define to 1 if you have the <utmpx.h> header file. */
#undef HAVE_UTMPX_H
/* Define to 1 if you have the <utmp.h> header file. */
#undef HAVE_UTMP_H
/* Define to 1 if you have the `vprintf' function. */
#undef HAVE_VPRINTF
/* Define to 1 if you have the <xcrypt.h> header file. */
#undef HAVE_XCRYPT_H
/* Define to 1 if you have the `yperr_string' function. */
#undef HAVE_YPERR_STRING
/* Define to 1 if you have the `yp_bind' function. */
#undef HAVE_YP_BIND
/* Define to 1 if you have the `yp_get_default_domain' function. */
#undef HAVE_YP_GET_DEFAULT_DOMAIN
/* Define to 1 if you have the `yp_master' function. */
#undef HAVE_YP_MASTER
/* Define to 1 if you have the `yp_match' function. */
#undef HAVE_YP_MATCH
/* Define to 1 if you have the `yp_unbind' function. */
#undef HAVE_YP_UNBIND
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#undef LT_OBJDIR
/* Define to 1 if your C compiler doesn't accept -c and -o together. */
#undef NO_MINUS_C_MINUS_O
/* Name of package */
#undef PACKAGE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
/* Define to the full name of this package. */
#undef PACKAGE_NAME
/* Define to the full name and version of this package. */
#undef PACKAGE_STRING
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* lots of stuff gets written to /var/run/pam-debug.log */
#undef PAM_DEBUG
/* libpam should observe a global authentication lock */
#undef PAM_LOCKING
/* Path where mails are stored */
#undef PAM_PATH_MAILDIR
/* Random device path. */
#undef PAM_PATH_RANDOMDEV
/* Additional path of xauth executable */
#undef PAM_PATH_XAUTH
/* read both /etc/pam.d and /etc/pam.conf files */
#undef PAM_READ_BOTH_CONFS
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define to 1 if your <sys/time.h> declares `struct tm'. */
#undef TM_IN_SYS_TIME
/* define if your compiler has __att ribute__ ((unused)) */
#undef UNUSED
/* Define to 1 if the lckpwdf function should be used */
#undef USE_LCKPWDF
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* Version number of package */
#undef VERSION
/* Defined if SE Linux support is compiled in */
#undef WITH_SELINUX
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
# undef WORDS_BIGENDIAN
# endif
#endif
/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
`char[]'. */
#undef YYTEXT_POINTER
/* Enable large inode numbers on Mac OS X 10.5. */
#ifndef _DARWIN_USE_64_BIT_INODE
# define _DARWIN_USE_64_BIT_INODE 1
#endif
/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS
/* Define for large files, on AIX-style hosts. */
#undef _LARGE_FILES
/* Define to 1 if on MINIX. */
#undef _MINIX
/* Define to the path, relative to SECUREDIR, where PAMs specific to this
architecture can be found. */
#undef _PAM_ISA
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
#undef _POSIX_1_SOURCE
/* Define to 1 if you need to in order for `stat' and other things to work. */
#undef _POSIX_SOURCE
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
/* Define to `int' if <sys/types.h> doesn't define. */
#undef gid_t
/* Define to `long int' if <sys/types.h> does not define. */
#undef off_t
/* Define to `int' if <sys/types.h> does not define. */
#undef pid_t
/* Define to `unsigned int' if <sys/types.h> does not define. */
#undef size_t
/* Define to `int' if <sys/types.h> doesn't define. */
#undef uid_t
#ifdef ENABLE_NLS
#include <libintl.h>
#define _(msgid) dgettext(PACKAGE, msgid)
#define N_(msgid) msgid
#else
#define _(msgid) (msgid)
#define N_(msgid) msgid
#endif /* ENABLE_NLS */

20993
configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

642
configure.ac Normal file
View File

@ -0,0 +1,642 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT([Linux-PAM], [1.3.1], , [Linux-PAM])
AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y])
AC_CONFIG_AUX_DIR([build-aux])
AM_INIT_AUTOMAKE([-Wall -Wno-portability])
AC_PREREQ([2.61])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
AC_CANONICAL_HOST
AC_SUBST(PACKAGE)
AC_SUBST(VERSION)
dnl
dnl By default, everything under PAM is installed below /usr.
dnl
AC_PREFIX_DEFAULT(/usr)
dnl and some hacks to use /etc and /lib
test "${prefix}" = "NONE" && prefix="/usr"
if test ${prefix} = '/usr'
then
dnl If we use /usr as prefix, use /etc for config files
if test ${sysconfdir} = '${prefix}/etc'
then
sysconfdir="/etc"
fi
if test ${libdir} = '${exec_prefix}/lib'
then
case "$host_cpu" in
x86_64|ppc64|s390x|sparc64)
libdir="/lib64" ;;
*)
libdir="/lib" ;;
esac
fi
if test ${sbindir} = '${exec_prefix}/sbin'
then
sbindir="/sbin"
fi
dnl If we use /usr as prefix, use /usr/share/man for manual pages
if test ${mandir} = '${prefix}/man'
then
mandir='${prefix}/share/man'
fi
dnl Add security to include directory
if test ${includedir} = '${prefix}/include'
then
includedir="${prefix}/include/security"
fi
dnl Add /var directory
if test ${localstatedir} = '${prefix}/var'
then
localstatedir="/var"
fi
fi
dnl This should be called before any macros that run the C compiler.
AC_USE_SYSTEM_EXTENSIONS
LT_INIT([disable-static])
AC_ENABLE_STATIC([no])
AC_ENABLE_SHARED([yes])
dnl Checks for programs.
AC_PROG_CC
AC_PROG_YACC
AM_PROG_LEX
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AM_PROG_CC_C_O
PAM_LD_AS_NEEDED
PAM_LD_NO_UNDEFINED
PAM_LD_O1
dnl Largefile support
AC_SYS_LARGEFILE
dnl icc claims to be GCC compatible, but use other flags for warnings
if eval "test x$GCC = xyes -a $CC != icc"; then
for flag in \
-W \
-Wall \
-Wbad-function-cast \
-Wcast-align \
-Wcast-qual \
-Wmissing-declarations \
-Wmissing-prototypes \
-Wpointer-arith \
-Wreturn-type \
-Wstrict-prototypes \
-Wwrite-strings \
-Winline \
-Wshadow
do
JAPHAR_GREP_CFLAGS($flag, [ CFLAGS="$CFLAGS $flag" ])
done
fi
dnl icc has special warning flags
if eval "test x$CC = xicc"; then
for flag in \
-Wall \
-Wmissing-prototypes \
-Wpointer-arith \
-Wreturn-type \
-Wstrict-prototypes \
-Wwrite-strings \
-Wshadow \
-Wp64 \
-Wdeprecated \
-Wuninitialized \
-Wmain
do
JAPHAR_GREP_CFLAGS($flag, [ CFLAGS="$CFLAGS $flag" ])
done
fi
if test "x${CC_FOR_BUILD+set}" != "xset" ; then
if test "x$cross_compiling" = "xyes" ; then
AC_CHECK_PROGS(CC_FOR_BUILD, gcc cc)
else
CC_FOR_BUILD=${CC}
fi
fi
AC_MSG_CHECKING([for CC_FOR_BUILD])
AC_MSG_RESULT([$CC_FOR_BUILD])
AC_SUBST(CC_FOR_BUILD)
if test "x${BUILD_CPPFLAGS+set}" != "xset" ; then
if test "x$cross_compiling" = "xyes" ; then
BUILD_CPPFLAGS=
else
BUILD_CPPFLAGS=${CPPFLAGS}
fi
fi
AC_SUBST(BUILD_CPPFLAGS)
if test "x${BUILD_CFLAGS+set}" != "xset" ; then
if test "x$cross_compiling" = "xyes" ; then
BUILD_CFLAGS=
else
BUILD_CFLAGS=${CFLAGS}
fi
fi
AC_SUBST(BUILD_CFLAGS)
if test "x${BUILD_LDFLAGS+set}" != "xset" ; then
if test "x$cross_compiling" = "xyes" ; then
BUILD_LDFLAGS=
else
BUILD_LDFLAGS=${LDFLAGS}
fi
fi
AC_SUBST(BUILD_LDFLAGS)
AC_C___ATTRIBUTE__
dnl
dnl Check if --version-script is supported by ld
dnl
AC_CACHE_CHECK(for .symver assembler directive, libc_cv_asm_symver_directive,
[cat > conftest.s <<EOF
${libc_cv_dot_text}
_sym:
.symver _sym,sym@VERS
EOF
if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
libc_cv_asm_symver_directive=yes
else
libc_cv_asm_symver_directive=no
fi
rm -f conftest*])
AC_CACHE_CHECK(for ld --version-script, libc_cv_ld_version_script_option, [dnl
if test $libc_cv_asm_symver_directive = yes; then
cat > conftest.s <<EOF
${libc_cv_dot_text}
_sym:
.symver _sym,sym@VERS
EOF
cat > conftest.map <<EOF
VERS_1 {
global: sym;
};
VERS_2 {
global: sym;
} VERS_1;
EOF
if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD;
then
if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared
-o conftest.so conftest.o
-nostartfiles -nostdlib
-Wl,--version-script,conftest.map
1>&AS_MESSAGE_LOG_FD]);
then
libc_cv_ld_version_script_option=yes
else
libc_cv_ld_version_script_option=no
fi
else
libc_cv_ld_version_script_option=no
fi
else
libc_cv_ld_version_script_option=no
fi
rm -f conftest*])
AM_CONDITIONAL([HAVE_VERSIONING],
[test "$libc_cv_ld_version_script_option" = "yes"])
dnl
dnl check for -fPIE/-pie support
dnl
dnl icc handles -fpie as -fp without error, so blacklist icc
dnl
AC_ARG_ENABLE(pie,AS_HELP_STRING([--disable-pie],
[disable position-independent executeables (PIE)]),
USE_PIE=$enableval, USE_PIE=yes)
AC_CACHE_CHECK(for -fpie, libc_cv_fpie, [dnl
cat > conftest.c <<EOF
int foo;
main () { return 0;}
EOF
if test "$USE_PIE" = "yes" -a "$CC" != "icc" &&
AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -pie -fpie
-o conftest conftest.c 1>&AS_MESSAGE_LOG_FD])
then
libc_cv_fpie=yes
PIE_CFLAGS="-fpie"
PIE_LDFLAGS="-pie"
else
libc_cv_fpie=no
PIE_CFLAGS=""
PIE_LDFLAGS=""
fi
rm -f conftest*])
AC_SUBST(libc_cv_fpie)
AC_SUBST(PIE_CFLAGS)
AC_SUBST(PIE_LDFLAGS)
dnl
dnl options and defaults
dnl
AC_ARG_ENABLE([prelude],
AS_HELP_STRING([--disable-prelude],[do not use prelude]),
WITH_PRELUDE=$enableval, WITH_PRELUDE=yes)
if test "$WITH_PRELUDE" = "yes" ; then
AM_PATH_LIBPRELUDE([0.9.0])
if test "$LIBPRELUDE_CONFIG" != "no" ; then
LIBPRELUDE_CFLAGS="$LIBPRELUDE_CFLAGS -DPRELUDE=1"
fi
fi
dnl lots of debugging information goes to /var/run/pam-debug.log
AC_ARG_ENABLE([debug],
AS_HELP_STRING([--enable-debug],[specify you are building with debugging on]))
if test x"$enable_debug" = x"yes" ; then
AC_DEFINE([PAM_DEBUG],,
[lots of stuff gets written to /var/run/pam-debug.log])
fi
AC_ARG_ENABLE(securedir,
AS_HELP_STRING([--enable-securedir=DIR],[path to location of PAMs @<:@default=$libdir/security@:>@]),
SECUREDIR=$enableval, SECUREDIR=$libdir/security)
AC_SUBST(SECUREDIR)
AC_ARG_ENABLE([isadir],
AS_HELP_STRING([--enable-isadir=DIR],[path to arch-specific module files @<:@default=../../(basename of $libdir)/security@:>@]),
ISA=$enableval,
ISA=../../`basename $libdir`/security)
unset mylibdirbase
AC_DEFINE_UNQUOTED(_PAM_ISA,"$ISA",[Define to the path, relative to SECUREDIR, where PAMs specific to this architecture can be found.])
AC_MSG_RESULT([Defining \$ISA to "$ISA"])
AC_ARG_ENABLE(sconfigdir,
AS_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]),
SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security)
AC_SUBST(SCONFIGDIR)
AC_ARG_ENABLE(pamlocking,
AS_HELP_STRING([--enable-pamlocking],[configure libpam to observe a global authentication lock]))
if test x"$enable_pamlocking" = "xyes"; then
AC_DEFINE([PAM_LOCKING],,
[libpam should observe a global authentication lock])
fi
AC_ARG_ENABLE(read-both-confs,
AS_HELP_STRING([--enable-read-both-confs],[read both /etc/pam.d and /etc/pam.conf files]))
if test x"$enable_read_both_confs" = "xyes"; then
AC_DEFINE([PAM_READ_BOTH_CONFS],,
[read both /etc/pam.d and /etc/pam.conf files])
fi
AC_ARG_ENABLE([lckpwdf],
AS_HELP_STRING([--disable-lckpwdf],[do not use the lckpwdf function]),
WITH_LCKPWDF=$enableval, WITH_LCKPWDF=yes)
if test "$WITH_LCKPWDF" = "yes" ; then
AC_DEFINE([USE_LCKPWDF], 1,
[Define to 1 if the lckpwdf function should be used])
fi
AC_CHECK_HEADERS(paths.h)
AC_ARG_WITH(mailspool,
[ --with-mailspool path to mail spool directory
[default _PATH_MAILDIR if defined in paths.h, otherwise /var/spool/mail]],
with_mailspool=${withval})
if test x$with_mailspool != x ; then
pam_mail_spool="\"$with_mailspool\""
else
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <paths.h>
int main() {
#ifdef _PATH_MAILDIR
exit(0);
#else
exit(1);
#endif
}]])],[pam_mail_spool="_PATH_MAILDIR"],[pam_mail_spool="\"/var/spool/mail\""],[pam_mail_spool="\"/var/spool/mail\""])
fi
AC_DEFINE_UNQUOTED(PAM_PATH_MAILDIR, $pam_mail_spool,
[Path where mails are stored])
AC_ARG_WITH(xauth,
[ --with-xauth additional path to check for xauth when it is called from pam_xauth
[added to the default of /usr/X11R6/bin/xauth, /usr/bin/xauth, /usr/bin/X11/xauth]],
pam_xauth_path=${withval})
if test x$with_xauth = x ; then
AC_PATH_PROG(pam_xauth_path, xauth)
dnl There is no sense in adding the first default path
if test x$pam_xauth_path = x/usr/X11R6/bin/xauth ; then
unset pam_xauth_path
fi
fi
if test x$pam_xauth_path != x ; then
AC_DEFINE_UNQUOTED(PAM_PATH_XAUTH, "$pam_xauth_path",
[Additional path of xauth executable])
fi
dnl Checks for the existence of libdl - on BSD and Tru64 its part of libc
AC_CHECK_LIB([dl], [dlopen], LIBDL="-ldl", LIBDL="")
AC_SUBST(LIBDL)
# Check for cracklib
AC_ARG_ENABLE([cracklib],
AS_HELP_STRING([--disable-cracklib],[do not use cracklib]),
WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes)
if test x"$WITH_CRACKLIB" != xno ; then
AC_CHECK_HEADERS([crack.h],
AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK=""))
else
LIBCRACK=""
fi
if test -n "$LIBCRACK"; then
AC_DEFINE([HAVE_LIBCRACK], [1], [Define to 1 if you have cracklib.])
fi
AC_SUBST(LIBCRACK)
AM_CONDITIONAL([HAVE_LIBCRACK], [test -n "$LIBCRACK"])
dnl Look for Linux Auditing library - see documentation
AC_ARG_ENABLE([audit],
AS_HELP_STRING([--disable-audit],[do not enable audit support]),
WITH_LIBAUDIT=$enableval, WITH_LIBAUDIT=yes)
if test x"$WITH_LIBAUDIT" != xno ; then
AC_CHECK_HEADER([libaudit.h],
[AC_CHECK_LIB(audit, audit_log_acct_message, LIBAUDIT=-laudit, LIBAUDIT="")
AC_CHECK_TYPE([struct audit_tty_status],
[HAVE_AUDIT_TTY_STATUS=yes],
[HAVE_AUDIT_TTY_STATUS=""],
[#include <libaudit.h>])]
)
if test ! -z "$LIBAUDIT" -a "$ac_cv_header_libaudit_h" != "no" ; then
AC_DEFINE([HAVE_LIBAUDIT], 1, [Define to 1 if audit support should be compiled in.])
fi
if test ! -z "$HAVE_AUDIT_TTY_STATUS" ; then
AC_DEFINE([HAVE_AUDIT_TTY_STATUS], 1, [Define to 1 if struct audit_tty_status exists.])
AC_CHECK_MEMBERS([struct audit_tty_status.log_passwd], [],
AC_MSG_WARN([audit_tty_status.log_passwd is not available. The log_passwd option is disabled.]),
[[#include <libaudit.h>]])
fi
else
LIBAUDIT=""
fi
AC_SUBST(LIBAUDIT)
AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS],
[test "x$HAVE_AUDIT_TTY_STATUS" = xyes])
AC_CHECK_HEADERS(xcrypt.h crypt.h)
AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
[crypt_libs="xcrypt crypt"],
[crypt_libs="crypt"])
BACKUP_LIBS=$LIBS
AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="${ac_lib:+-l$ac_lib}", LIBCRYPT="")
AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
LIBS=$BACKUP_LIBS
AC_SUBST(LIBCRYPT)
if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then
AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.])
fi
AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(<path>|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval)
if test "$opt_randomdev" = yes -o -z "$opt_randomdev"; then
opt_randomdev="/dev/urandom"
elif test "$opt_randomdev" = no; then
opt_randomdev=
fi
if test -n "$opt_randomdev"; then
AC_DEFINE_UNQUOTED(PAM_PATH_RANDOMDEV, "$opt_randomdev", [Random device path.])
fi
dnl check for libdb or libndbm as fallback. Some libndbm compat
dnl libraries are unuseable, so try libdb first.
AC_ARG_ENABLE([db],
AS_HELP_STRING([--enable-db=(db|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support.]),
WITH_DB=$enableval, WITH_DB=yes)
AC_ARG_WITH([db-uniquename],
AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
if test x"$WITH_DB" != xno ; then
if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
old_libs=$LIBS
LIBS="$LIBS -ldb$with_db_uniquename"
AC_CHECK_FUNCS([db_create$with_db_uniquename db_create dbm_store$with_db_uniquename dbm_store],
[LIBDB="-ldb$with_db_uniquename"; break])
LIBS=$old_libs
fi
if test -z "$LIBDB" ; then
AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="")
if test ! -z "$LIBDB" ; then
AC_CHECK_HEADERS(ndbm.h)
fi
else
AC_CHECK_HEADERS(db.h)
fi
fi
AC_SUBST(LIBDB)
AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"])
AC_ARG_ENABLE([nis],
AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix]))
AS_IF([test "x$enable_nis" != "xno"], [
old_CFLAGS=$CFLAGS
old_CPPFLAGS=$CPPFLAGS
old_LIBS=$LIBS
dnl if there's libtirpc available, prefer that over the system
dnl implementation.
PKG_CHECK_MODULES([TIRPC], [libtirpc], [
CFLAGS="$CFLAGS $TIRPC_CFLAGS"
CPPFLAGS="$CPPFLAGS $TIRPC_CFLAGS"
LIBS="$LIBS $TIRPC_LIBS"
], [:;])
PKG_CHECK_MODULES([NSL], [libnsl], [],
[AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])])
CFLAGS="$CFLAGS $NSL_CFLAGS"
CPPFLAGS="$CPPFLAGS $NSL_CFLAGS"
LIBS="$LIBS $NSL_LIBS"
AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind])
AC_CHECK_FUNCS([getrpcport rpcb_getaddr])
AC_CHECK_HEADERS([rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h])
AC_CHECK_DECLS([getrpcport], , , [
#if HAVE_RPC_RPC_H
# include <rpc/rpc.h>
#endif
])
CFLAGS="$old_CFLAGS"
CPPFLAGS="$old_CPPFLAGS"
LIBS="$old_LIBS"
])
AC_SUBST([NIS_CFLAGS])
AC_SUBST([NIS_LIBS])
AC_ARG_ENABLE([selinux],
AS_HELP_STRING([--disable-selinux],[do not use SELinux]),
WITH_SELINUX=$enableval, WITH_SELINUX=yes)
if test "$WITH_SELINUX" = "yes" ; then
AC_CHECK_LIB([selinux],[getfilecon], LIBSELINUX="-lselinux", LIBSELINUX="")
else
LIBSELINUX=""
fi
AC_SUBST(LIBSELINUX)
AM_CONDITIONAL([HAVE_LIBSELINUX], [test ! -z "$LIBSELINUX"])
if test ! -z "$LIBSELINUX" ; then
AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in])
BACKUP_LIBS=$LIBS
LIBS="$LIBS $LIBSELINUX"
AC_CHECK_FUNCS(setkeycreatecon)
AC_CHECK_FUNCS(getseuser)
LIBS=$BACKUP_LIBS
fi
dnl Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h)
dnl For module/pam_lastlog
AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_BIGENDIAN
AC_C_CONST
AC_TYPE_UID_T
AC_TYPE_OFF_T
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
AC_STRUCT_TM
dnl Checks for library functions.
AC_TYPE_GETGROUPS
AC_PROG_GCC_TRADITIONAL
AC_FUNC_MEMCMP
AC_FUNC_VPRINTF
AC_CHECK_FUNCS(fseeko getdomainname gethostname gettimeofday lckpwdf mkdir select)
AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
AC_CHECK_FUNCS(getgrouplist getline getdelim)
AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
AC_ARG_ENABLE([regenerate-docu],
AS_HELP_STRING([--disable-regenerate-docu],[Don't re-build documentation from XML sources]),
[enable_docu=$enableval], [enable_docu=yes])
dnl
dnl Check for xsltproc
dnl
AC_PATH_PROG([XSLTPROC], [xsltproc])
if test -z "$XSLTPROC"; then
enable_docu=no
fi
AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true])
dnl check for DocBook DTD and stylesheets in the local catalog.
JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN],
[DocBook XML DTD V4.4], [], enable_docu=no)
JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
[DocBook XSL Stylesheets], [], enable_docu=no)
AC_PATH_PROG([BROWSER], [w3m])
if test ! -z "$BROWSER"; then
BROWSER="$BROWSER -T text/html -dump"
else
AC_PATH_PROG([BROWSER], [elinks])
if test ! -z "$BROWSER"; then
BROWSER="$BROWSER -no-numbering -no-references -dump"
else
enable_docu=no
fi
fi
AC_PATH_PROG([FO2PDF], [fop])
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test x$enable_docu != xno)
AM_CONDITIONAL(ENABLE_GENERATE_PDF, test ! -z "$FO2PDF")
AM_GNU_GETTEXT_VERSION([0.18.3])
AM_GNU_GETTEXT([external])
AC_CHECK_FUNCS(dngettext)
AH_BOTTOM([#ifdef ENABLE_NLS
#include <libintl.h>
#define _(msgid) dgettext(PACKAGE, msgid)
#define N_(msgid) msgid
#else
#define _(msgid) (msgid)
#define N_(msgid) msgid
#endif /* ENABLE_NLS */])
dnl
dnl Check for the availability of the kernel key management facility
dnl - The pam_keyinit module only requires the syscalls, not the error codes
dnl
AC_CHECK_DECL(__NR_keyctl, [have_key_syscalls=1],[have_key_syscalls=0],[#include <sys/syscall.h>])
AC_CHECK_DECL(ENOKEY, [have_key_errors=1],[have_key_errors=0],[#include <errno.h>])
HAVE_KEY_MANAGEMENT=0
if test $have_key_syscalls$have_key_errors = 11
then
HAVE_KEY_MANAGEMENT=1
fi
if test $HAVE_KEY_MANAGEMENT = 1; then
AC_DEFINE([HAVE_KEY_MANAGEMENT], 1,
[Defined if the kernel key management facility is available])
fi
AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KEY_MANAGEMENT)
AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1])
dnl Files to be created from when we run configure
AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
po/Makefile.in \
modules/Makefile \
modules/pam_access/Makefile modules/pam_cracklib/Makefile \
modules/pam_debug/Makefile modules/pam_deny/Makefile \
modules/pam_echo/Makefile modules/pam_env/Makefile \
modules/pam_faildelay/Makefile \
modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
modules/pam_ftp/Makefile modules/pam_group/Makefile \
modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
modules/pam_lastlog/Makefile modules/pam_limits/Makefile \
modules/pam_listfile/Makefile modules/pam_localuser/Makefile \
modules/pam_loginuid/Makefile modules/pam_mail/Makefile \
modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile \
modules/pam_namespace/Makefile \
modules/pam_nologin/Makefile modules/pam_permit/Makefile \
modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile \
modules/pam_rootok/Makefile modules/pam_exec/Makefile \
modules/pam_securetty/Makefile modules/pam_selinux/Makefile \
modules/pam_sepermit/Makefile \
modules/pam_shells/Makefile modules/pam_stress/Makefile \
modules/pam_succeed_if/Makefile modules/pam_tally/Makefile \
modules/pam_tally2/Makefile modules/pam_time/Makefile \
modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \
modules/pam_umask/Makefile \
modules/pam_unix/Makefile modules/pam_userdb/Makefile \
modules/pam_warn/Makefile modules/pam_wheel/Makefile \
modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \
doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \
doc/mwg/Makefile examples/Makefile tests/Makefile \
xtests/Makefile])
AC_OUTPUT

21
doc/Makefile.am Normal file
View File

@ -0,0 +1,21 @@
#
# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
#
SUBDIRS = man specs sag adg mwg
CLEANFILES = *~
dist_html_DATA = index.html
#######################################################
releasedocs: all
$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs
cp -av specs/draft-morgan-pam-current.txt \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
cp -av $(srcdir)/specs/rfc86.0.txt \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
make -C sag releasedocs
make -C adg releasedocs
make -C mwg releasedocs

749
doc/Makefile.in Normal file
View File

@ -0,0 +1,749 @@
# Makefile.in generated by automake 1.13.4 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
#
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = doc
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(dist_html_DATA)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/japhar_grep_cflags.m4 \
$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
ctags-recursive dvi-recursive html-recursive info-recursive \
install-data-recursive install-dvi-recursive \
install-exec-recursive install-html-recursive \
install-info-recursive install-pdf-recursive \
install-ps-recursive install-recursive installcheck-recursive \
installdirs-recursive pdf-recursive ps-recursive \
tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(htmldir)"
DATA = $(dist_html_DATA)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
$(RECURSIVE_TARGETS) \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
distdir
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
sed_rest='s,^[^/]*/*,,'; \
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
sed_butlast='s,/*[^/]*$$,,'; \
while test -n "$$dir1"; do \
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
if test "$$first" != "."; then \
if test "$$first" = ".."; then \
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
else \
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
if test "$$first2" = "$$first"; then \
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
else \
dir2="../$$dir2"; \
fi; \
dir0="$$dir0"/"$$first"; \
fi; \
fi; \
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
done; \
reldir="$$dir2"
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BROWSER = @BROWSER@
BUILD_CFLAGS = @BUILD_CFLAGS@
BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
BUILD_LDFLAGS = @BUILD_LDFLAGS@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CC_FOR_BUILD = @CC_FOR_BUILD@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FO2PDF = @FO2PDF@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBAUDIT = @LIBAUDIT@
LIBCRACK = @LIBCRACK@
LIBCRYPT = @LIBCRYPT@
LIBDB = @LIBDB@
LIBDL = @LIBDL@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBOBJS = @LIBOBJS@
LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
LIBS = @LIBS@
LIBSELINUX = @LIBSELINUX@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NIS_CFLAGS = @NIS_CFLAGS@
NIS_LIBS = @NIS_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSL_CFLAGS = @NSL_CFLAGS@
NSL_LIBS = @NSL_LIBS@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PIE_CFLAGS = @PIE_CFLAGS@
PIE_LDFLAGS = @PIE_LDFLAGS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POSUB = @POSUB@
RANLIB = @RANLIB@
SCONFIGDIR = @SCONFIGDIR@
SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLCATALOG = @XMLCATALOG@
XMLLINT = @XMLLINT@
XML_CATALOG_FILE = @XML_CATALOG_FILE@
XSLTPROC = @XSLTPROC@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libc_cv_fpie = @libc_cv_fpie@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pam_cv_ld_O1 = @pam_cv_ld_O1@
pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
pam_xauth_path = @pam_xauth_path@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = man specs sag adg mwg
CLEANFILES = *~
dist_html_DATA = index.html
all: all-recursive
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-dist_htmlDATA: $(dist_html_DATA)
@$(NORMAL_INSTALL)
@list='$(dist_html_DATA)'; test -n "$(htmldir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)'"; \
$(MKDIR_P) "$(DESTDIR)$(htmldir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
done | $(am__base_list) | \
while read files; do \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \
done
uninstall-dist_htmlDATA:
@$(NORMAL_UNINSTALL)
@list='$(dist_html_DATA)'; test -n "$(htmldir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(htmldir)'; $(am__uninstall_files_from_dir)
# This directory's subdirectories are mostly independent; you can cd
# into them and run 'make' without going through this Makefile.
# To change the values of 'make' variables: instead of editing Makefiles,
# (1) if the variable is set in 'config.status', edit 'config.status'
# (which will cause the Makefiles to be regenerated when you run 'make');
# (2) otherwise, pass the desired values on the 'make' command line.
$(am__recursive_targets):
@fail=; \
if $(am__make_keepgoing); then \
failcom='fail=yes'; \
else \
failcom='exit 1'; \
fi; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-recursive
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
empty_fix=.; \
else \
include_option=--include; \
empty_fix=; \
fi; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-recursive
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-recursive
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
$(am__make_dryrun) \
|| test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
$(am__relativize); \
new_distdir=$$reldir; \
dir1=$$subdir; dir2="$(top_distdir)"; \
$(am__relativize); \
new_top_distdir=$$reldir; \
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
($(am__cd) $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$$new_top_distdir" \
distdir="$$new_distdir" \
am__remove_distdir=: \
am__skip_length_check=: \
am__skip_mode_fix=: \
distdir) \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-recursive
all-am: Makefile $(DATA)
installdirs: installdirs-recursive
installdirs-am:
for dir in "$(DESTDIR)$(htmldir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-recursive
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-recursive
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-tags
dvi: dvi-recursive
dvi-am:
html: html-recursive
html-am:
info: info-recursive
info-am:
install-data-am: install-dist_htmlDATA
install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am:
install-html: install-html-recursive
install-html-am:
install-info: install-info-recursive
install-info-am:
install-man:
install-pdf: install-pdf-recursive
install-pdf-am:
install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-recursive
pdf-am:
ps: ps-recursive
ps-am:
uninstall-am: uninstall-dist_htmlDATA
.MAKE: $(am__recursive_targets) install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
check-am clean clean-generic clean-libtool cscopelist-am ctags \
ctags-am distclean distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am \
install-dist_htmlDATA install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs installdirs-am maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-dist_htmlDATA
#######################################################
releasedocs: all
$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs
cp -av specs/draft-morgan-pam-current.txt \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
cp -av $(srcdir)/specs/rfc86.0.txt \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/
make -C sag releasedocs
make -C adg releasedocs
make -C mwg releasedocs
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

780
doc/adg/Linux-PAM_ADG.xml Normal file
View File

@ -0,0 +1,780 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<book id="adg">
<bookinfo>
<title>The Linux-PAM Application Developers' Guide</title>
<authorgroup>
<author>
<firstname>Andrew G.</firstname>
<surname>Morgan</surname>
<email>morgan@kernel.org</email>
</author>
<author>
<firstname>Thorsten</firstname>
<surname>Kukuk</surname>
<email>kukuk@thkukuk.de</email>
</author>
</authorgroup>
<releaseinfo>Version 1.1.2, 31. August 2010</releaseinfo>
<abstract>
<para>
This manual documents what an application developer needs to know
about the <emphasis remap='B'>Linux-PAM</emphasis> library. It
describes how an application might use the
<emphasis remap='B'>Linux-PAM</emphasis> library to authenticate
users. In addition it contains a description of the functions
to be found in <filename>libpam_misc</filename> library, that can
be used in general applications. Finally, it contains some comments
on PAM related security issues for the application developer.
</para>
</abstract>
</bookinfo>
<chapter id="adg-introduction">
<title>Introduction</title>
<section id="adg-introduction-description">
<title>Description</title>
<para>
<emphasis remap='B'>Linux-PAM</emphasis>
(Pluggable Authentication Modules for Linux) is a library that enables
the local system administrator to choose how individual applications
authenticate users. For an overview of the
<emphasis remap='B'>Linux-PAM</emphasis> library see the
<emphasis>Linux-PAM System Administrators' Guide</emphasis>.
</para>
<para>
It is the purpose of the <emphasis remap='B'>Linux-PAM</emphasis>
project to liberate the development of privilege granting software
from the development of secure and appropriate authentication schemes.
This is accomplished by providing a documented library of functions
that an application may use for all forms of user authentication
management. This library dynamically loads locally configured
authentication modules that actually perform the authentication tasks.
</para>
<para>
From the perspective of an application developer the information
contained in the local configuration of the PAM library should not be
important. Indeed it is intended that an application treat the
functions documented here as a 'black box' that will deal with all
aspects of user authentication. 'All aspects' includes user
verification, account management, session initialization/termination
and also the resetting of passwords
(<emphasis>authentication tokens</emphasis>).
</para>
</section>
<section id="adg-introduction-synopsis">
<title>Synopsis</title>
<para>
For general applications that wish to use the services provided by
<emphasis remap='B'>Linux-PAM</emphasis> the following is a summary
of the relevant linking information:
<programlisting>
#include &lt;security/pam_appl.h&gt;
cc -o application .... -lpam
</programlisting>
</para>
<para>
In addition to <command>libpam</command>, there is a library of
miscellaneous functions that make the job of writing
<emphasis>PAM-aware</emphasis> applications easier (this library is not
covered in the DCE-RFC for PAM and is specific to the Linux-PAM
distribution):
<programlisting>
#include &lt;security/pam_appl.h&gt;
#include &lt;security/pam_misc.h&gt;
cc -o application .... -lpam -lpam_misc
</programlisting>
</para>
</section>
</chapter>
<chapter id="adg-overview">
<title>Overview</title>
<para>
Most service-giving applications are restricted. In other words,
their service is not available to all and every prospective client.
Instead, the applying client must jump through a number of hoops to
convince the serving application that they are authorized to obtain
service.
</para>
<para>
The process of <emphasis>authenticating</emphasis> a client is what
PAM is designed to manage. In addition to authentication, PAM provides
account management, credential management, session management and
authentication-token (password changing) management services. It is
important to realize when writing a PAM based application that these
services are provided in a manner that is
<emphasis remap='B'>transparent</emphasis> to the application. That is
to say, when the application is written, no assumptions can be made
about <emphasis>how</emphasis> the client will be authenticated.
</para>
<para>
The process of authentication is performed by the PAM library via a
call to <function>pam_authenticate()</function>. The return value
of this function will indicate whether a named client (the
<emphasis>user</emphasis>) has been authenticated. If the PAM library
needs to prompt the user for any information, such as their
<emphasis>name</emphasis> or a <emphasis>password</emphasis>
then it will do so. If the PAM library is configured to authenticate
the user using some silent protocol, it will do this too. (This
latter case might be via some hardware interface for example.)
</para>
<para>
It is important to note that the application must leave all decisions
about when to prompt the user at the discretion of the PAM library.
</para>
<para>
The PAM library, however, must work equally well for different styles
of application. Some applications, like the familiar
<command>login</command> and <command>passwd</command> are terminal
based applications, exchanges of information with the client in
these cases is as plain text messages. Graphically based applications,
however, have a more sophisticated interface. They generally interact
with the user via specially constructed dialogue boxes. Additionally,
network based services require that text messages exchanged with the
client are specially formatted for automated processing: one such
example is <command>ftpd</command> which prefixes each exchanged
message with a numeric identifier.
</para>
<para>
The presentation of simple requests to a client is thus something very
dependent on the protocol that the serving application will use. In
spite of the fact that PAM demands that it drives the whole
authentication process, it is not possible to leave such protocol
subtleties up to the PAM library. To overcome this potential problem,
the application provides the PAM library with a
<emphasis>conversation</emphasis> function. This function is called
from <emphasis>within</emphasis> the PAM library and enables the PAM
to directly interact with the client. The sorts of things that this
conversation function must be able to do are prompt the user with
text and/or obtain textual input from the user for processing by the
PAM library. The details of this function are provided in a later
section.
</para>
<para>
For example, the conversation function may be called by the PAM
library with a request to prompt the user for a password. Its job is
to reformat the prompt request into a form that the client will
understand. In the case of <command>ftpd</command>, this might involve
prefixing the string with the number <command>331</command> and sending
the request over the network to a connected client. The conversation
function will then obtain any reply and, after extracting the typed
password, will return this string of text to the PAM library. Similar
concerns need to be addressed in the case of an X-based graphical
server.
</para>
<para>
There are a number of issues that need to be addressed when one is
porting an existing application to become PAM compliant. A section
below has been devoted to this: Porting legacy applications.
</para>
<para>
Besides authentication, PAM provides other forms of management.
Session management is provided with calls to
<function>pam_open_session()</function> and
<function>pam_close_session()</function>. What these functions
actually do is up to the local administrator. But typically, they
could be used to log entry and exit from the system or for mounting
and unmounting the user's home directory. If an application provides
continuous service for a period of time, it should probably call
these functions, first open after the user is authenticated and then
close when the service is terminated.
</para>
<para>
Account management is another area that an application developer
should include with a call to <function>pam_acct_mgmt()</function>.
This call will perform checks on the good health of the user's account
(has it expired etc.). One of the things this function may check is
whether the user's authentication token has expired - in such a case the
application may choose to attempt to update it with a call to
<function>pam_chauthtok()</function>, although some applications
are not suited to this task (<command>ftp</command> for example)
and in this case the application should deny access to the user.
</para>
<para>
PAM is also capable of setting and deleting the user's credentials with
the call <function>pam_setcred()</function>. This function should
always be called after the user is authenticated and before service
is offered to the user. By convention, this should be the last call
to the PAM library before the PAM session is opened. What exactly a
credential is, is not well defined. However, some examples are given
in the glossary below.
</para>
</chapter>
<chapter id="adg-interface">
<title>
The public interface to <emphasis remap='B'>Linux-PAM</emphasis>
</title>
<para>
Firstly, the relevant include file for the
<emphasis remap='B'>Linux-PAM</emphasis> library is
<function>&lt;security/pam_appl.h&gt;</function>.
It contains the definitions for a number of functions. After
listing these functions, we collect some guiding remarks for
programmers.
</para>
<section id="adg-interface-by-app-expected">
<title>What can be expected by the application</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_start.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_end.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_set_item.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_get_item.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_strerror.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_fail_delay.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_authenticate.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_setcred.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_acct_mgmt.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_chauthtok.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_open_session.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_close_session.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_putenv.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_getenv.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_getenvlist.xml"/>
</section>
<section id="adg-interface-of-app-expected">
<title>What is expected of an application</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_conv.xml"/>
</section>
<section id="adg-interface-programming-notes">
<title>Programming notes</title>
<para>
Note, all of the authentication service function calls accept the
token <emphasis remap='B'>PAM_SILENT</emphasis>, which instructs
the modules to not send messages to the application. This token
can be logically OR'd with any one of the permitted tokens specific
to the individual function calls.
<emphasis remap='B'>PAM_SILENT</emphasis> does not override the
prompting of the user for passwords etc., it only stops informative
messages from being generated.
</para>
</section>
</chapter>
<chapter id="adg-security">
<title>
Security issues of <emphasis remap='B'>Linux-PAM</emphasis>
</title>
<para>
PAM, from the perspective of an application, is a convenient API for
authenticating users. PAM modules generally have no increased
privilege over that possessed by the application that is making use of
it. For this reason, the application must take ultimate responsibility
for protecting the environment in which PAM operates.
</para>
<para>
A poorly (or maliciously) written application can defeat any
<emphasis remap='B'>Linux-PAM</emphasis> module's authentication
mechanisms by simply ignoring it's return values. It is the
applications task and responsibility to grant privileges and access
to services. The <emphasis remap='B'>Linux-PAM</emphasis> library
simply assumes the responsibility of <emphasis>authenticating</emphasis>
the user; ascertaining that the user <emphasis>is</emphasis> who they
say they are. Care should be taken to anticipate all of the documented
behavior of the <emphasis remap='B'>Linux-PAM</emphasis> library
functions. A failure to do this will most certainly lead to a future
security breach.
</para>
<section id="adg-security-library-calls">
<title>Care about standard library calls</title>
<para>
In general, writers of authorization-granting applications should
assume that each module is likely to call any or
<emphasis>all</emphasis> 'libc' functions. For 'libc' functions
that return pointers to static/dynamically allocated structures
(ie. the library allocates the memory and the user is not expected
to '<function>free()</function>' it) any module call to this
function is likely to corrupt a pointer previously
obtained by the application. The application programmer should
either re-call such a 'libc' function after a call to the
<emphasis remap='B'>Linux-PAM</emphasis> library, or copy the
structure contents to some safe area of memory before passing
control to the <emphasis remap='B'>Linux-PAM</emphasis> library.
</para>
<para>
Two important function classes that fall into this category are
<citerefentry>
<refentrytitle>getpwnam</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> and <citerefentry>
<refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
</section>
<section id="adg-security-service-name">
<title>Choice of a service name</title>
<para>
When picking the <emphasis>service-name</emphasis> that
corresponds to the first entry in the
<emphasis remap='B'>Linux-PAM</emphasis> configuration file,
the application programmer should <emphasis>avoid</emphasis>
the temptation of choosing something related to
<varname>argv[0]</varname>. It is a trivial matter for any user
to invoke any application on a system under a different name and
this should not be permitted to cause a security breach.
</para>
<para>
In general, this is always the right advice if the program is
setuid, or otherwise more privileged than the user that invokes
it. In some cases, avoiding this advice is convenient, but as an
author of such an application, you should consider well the ways
in which your program will be installed and used. (Its often the
case that programs are not intended to be setuid, but end up
being installed that way for convenience. If your program falls
into this category, don't fall into the trap of making this mistake.)
</para>
<para>
To invoke some <emphasis>target</emphasis> application by
another name, the user may symbolically link the target application
with the desired name. To be precise all the user need do is,
<command>ln -s /target/application ./preferred_name</command>
and then run <command>./preferred_name</command>.
</para>
<para>
By studying the <emphasis remap='B'>Linux-PAM</emphasis>
configuration file(s), an attacker can choose the
<command>preferred_name</command> to be that of a service enjoying
minimal protection; for example a game which uses
<emphasis remap='B'>Linux-PAM</emphasis> to restrict access to
certain hours of the day. If the service-name were to be linked
to the filename under which the service was invoked, it
is clear that the user is effectively in the position of
dictating which authentication scheme the service uses. Needless
to say, this is not a secure situation.
</para>
<para>
The conclusion is that the application developer should carefully
define the service-name of an application. The safest thing is to
make it a single hard-wired name.
</para>
</section>
<section id="adg-security-conv-function">
<title>The conversation function</title>
<para>
Care should be taken to ensure that the <function>conv()</function>
function is robust. Such a function is provided in the library
<command>libpam_misc</command> (see
<link linkend="adg-libpam-functions">below</link>).
</para>
</section>
<section id="adg-security-user-identity">
<title>The identity of the user</title>
<para>
The <emphasis remap='B'>Linux-PAM</emphasis> modules will need
to determine the identity of the user who requests a service,
and the identity of the user who grants the service. These two
users will seldom be the same. Indeed there is generally a third
user identity to be considered, the new (assumed) identity of
the user once the service is granted.
</para>
<para>
The need for keeping tabs on these identities is clearly an
issue of security. One convention that is actively used by
some modules is that the identity of the user requesting a
service should be the current <emphasis>UID</emphasis>
(user ID) of the running process; the identity of the
privilege granting user is the <emphasis>EUID</emphasis>
(effective user ID) of the running process; the identity of
the user, under whose name the service will be executed, is
given by the contents of the <emphasis>PAM_USER</emphasis>
<citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>. Note, modules can change the values of
<emphasis>PAM_USER</emphasis> and <emphasis>PAM_RUSER</emphasis>
during any of the <function>pam_*()</function> library calls.
For this reason, the application should take care to use the
<function>pam_get_item()</function> every time it wishes to
establish who the authenticated user is (or will currently be).
</para>
<para>
For network-serving databases and other applications that provide
their own security model (independent of the OS kernel) the above
scheme is insufficient to identify the requesting user.
</para>
<para>
A more portable solution to storing the identity of the requesting
user is to use the <emphasis>PAM_RUSER</emphasis> <citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>. The application should supply this value before
attempting to authenticate the user with
<function>pam_authenticate()</function>. How well this name can be
trusted will ultimately be at the discretion of the local
administrator (who configures PAM for your application) and a
selected module may attempt to override the value where it can
obtain more reliable data. If an application is unable to determine
the identity of the requesting entity/user, it should not call
<citerefentry>
<refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> to set <emphasis>PAM_RUSER</emphasis>.
</para>
<para>
In addition to the <emphasis>PAM_RUSER</emphasis> item, the
application should supply the <emphasis>PAM_RHOST</emphasis>
(<emphasis>requesting host</emphasis>) item. As a general rule,
the following convention for its value can be assumed:
NULL = unknown; localhost = invoked directly from the local system;
<emphasis>other.place.xyz</emphasis> = some component of the
user's connection originates from this remote/requesting host. At
present, PAM has no established convention for indicating whether
the application supports a trusted path to communication from
this host.
</para>
</section>
<section id="adg-security-resources">
<title>Sufficient resources</title>
<para>
Care should be taken to ensure that the proper execution of an
application is not compromised by a lack of system resources. If an
application is unable to open sufficient files to perform its service,
it should fail gracefully, or request additional resources.
Specifically, the quantities manipulated by the <citerefentry>
<refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum>
</citerefentry> family of commands should be taken into consideration.
</para>
<para>
This is also true of conversation prompts. The application should not
accept prompts of arbitrary length with out checking for resource
allocation failure and dealing with such extreme conditions gracefully
and in a manner that preserves the PAM API. Such tolerance may be
especially important when attempting to track a malicious adversary.
</para>
</section>
</chapter>
<chapter id='adg-libpam_misc'>
<title>A library of miscellaneous helper functions</title>
<para>
To aid the work of the application developer a library of
miscellaneous functions is provided. It is called
<command>libpam_misc</command>, and contains a text based
conversation function, and routines for enhancing the standard
PAM-environment variable support.
</para>
<para>
The functions, structures and macros, made available by this
library can be defined by including
<function>&lt;security/pam_misc.h&gt;</function>. It should be
noted that this library is specific to
<emphasis remap='B'>Linux-PAM</emphasis> and is not referred to in
the defining DCE-RFC (see <link linkend="adg-see-also">See also</link>)
below.
</para>
<section id='adg-libpam-functions'>
<title>Functions supplied</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_misc_conv.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_misc_paste_env.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_misc_drop_env.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="pam_misc_setenv.xml"/>
</section>
</chapter>
<chapter id='adg-porting'>
<title>Porting legacy applications</title>
<para>
The point of PAM is that the application is not supposed to
have any idea how the attached authentication modules will choose
to authenticate the user. So all they can do is provide a conversation
function that will talk directly to the user(client) on the modules'
behalf.
</para>
<para>
Consider the case that you plug a retinal scanner into the login
program. In this situation the user would be prompted: "please look
into the scanner". No username or password would be needed - all this
information could be deduced from the scan and a database lookup. The
point is that the retinal scanner is an ideal task for a "module".
</para>
<para>
While it is true that a pop-daemon program is designed with the POP
protocol in mind and no-one ever considered attaching a retinal
scanner to it, it is also the case that the "clean" PAM'ification of
such a daemon would allow for the possibility of a scanner module
being be attached to it. The point being that the "standard"
pop-authentication protocol(s) [which will be needed to satisfy
inflexible/legacy clients] would be supported by inserting an
appropriate pam_qpopper module(s). However, having rewritten
<command>popd</command> once in this way any new protocols can be
implemented in-situ.
</para>
<para>
One simple test of a ported application would be to insert the
<command>pam_permit</command> module and see if the application
demands you type a password... In such a case, <command>xlock</command>
would fail to lock the terminal - or would at best be a screen-saver,
ftp would give password free access to all etc.. Neither of
these is a very secure thing to do, but they do illustrate how
much flexibility PAM puts in the hands of the local admin.
</para>
<para>
The key issue, in doing things correctly, is identifying what is part
of the authentication procedure (how many passwords etc..) the
exchange protocol (prefixes to prompts etc., numbers like 331 in the
case of ftpd) and what is part of the service that the application
delivers. PAM really needs to have total control in the
authentication "procedure", the conversation function should only
deal with reformatting user prompts and extracting responses from raw
input.
</para>
</chapter>
<chapter id='adg-glossary'>
<title>Glossary of PAM related terms</title>
<para>
The following are a list of terms used within this document.
</para>
<variablelist>
<varlistentry>
<term>Authentication token</term>
<listitem>
<para>
Generally, this is a password. However, a user can authenticate
him/herself in a variety of ways. Updating the user's
authentication token thus corresponds to
<emphasis>refreshing</emphasis> the object they use to
authenticate themself with the system. The word password is
avoided to keep open the possibility that the authentication
involves a retinal scan or other non-textual mode of
challenge/response.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Credentials</term>
<listitem>
<para>
Having successfully authenticated the user, PAM is able to
establish certain characteristics/attributes of the user.
These are termed <emphasis>credentials</emphasis>. Examples
of which are group memberships to perform privileged tasks
with, and <emphasis>tickets</emphasis> in the form of
environment variables etc. . Some user-credentials, such as
the user's UID and GID (plus default group memberships) are
not deemed to be PAM-credentials. It is the responsibility
of the application to grant these directly.
</para>
</listitem>
</varlistentry>
</variablelist>
</chapter>
<chapter id='adg-example'>
<title>An example application</title>
<para>
To get a flavor of the way a <emphasis remap='B'>Linux-PAM</emphasis>
application is written we include the following example. It prompts
the user for their password and indicates whether their account
is valid on the standard output, its return code also indicates
the success (<returnvalue>0</returnvalue> for success;
<returnvalue>1</returnvalue> for failure).
</para>
<programlisting><![CDATA[
/*
This program was contributed by Shane Watts
[modifications by AGM and kukuk]
You need to add the following (or equivalent) to the
/etc/pam.d/check_user file:
# check authorization
auth required pam_unix.so
account required pam_unix.so
*/
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>
static struct pam_conv conv = {
misc_conv,
NULL
};
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user="nobody";
if(argc == 2) {
user = argv[1];
}
if(argc > 2) {
fprintf(stderr, "Usage: check_user [username]\n");
exit(1);
}
retval = pam_start("check_user", user, &conv, &pamh);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0); /* is user really user? */
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
/* This is where we have been authorized or not. */
if (retval == PAM_SUCCESS) {
fprintf(stdout, "Authenticated\n");
} else {
fprintf(stdout, "Not Authenticated\n");
}
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "check_user: failed to release authenticator\n");
exit(1);
}
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
}
]]>
</programlisting>
</chapter>
<chapter id='adg-files'>
<title>Files</title>
<variablelist>
<varlistentry>
<term><filename>/usr/include/security/pam_appl.h</filename></term>
<listitem>
<para>
Header file with interfaces for
<emphasis remap='B'>Linux-PAM</emphasis> applications.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/usr/include/security/pam_misc.h</filename></term>
<listitem>
<para>
Header file for useful library functions for making
applications easier to write.
</para>
</listitem>
</varlistentry>
</variablelist>
</chapter>
<chapter id="adg-see-also">
<title>See also</title>
<itemizedlist>
<listitem>
<para>
The Linux-PAM System Administrators' Guide.
</para>
</listitem>
<listitem>
<para>
The Linux-PAM Module Writers' Guide.
</para>
</listitem>
<listitem>
<para>
The V. Samar and R. Schemers (SunSoft), ``UNIFIED LOGIN WITH
PLUGGABLE AUTHENTICATION MODULES'', Open Software Foundation
Request For Comments 86.0, October 1995.
</para>
</listitem>
</itemizedlist>
</chapter>
<chapter id='adg-author'>
<title>Author/acknowledgments</title>
<para>
This document was written by Andrew G. Morgan (morgan@kernel.org)
with many contributions from
Chris Adams, Peter Allgeyer, Tim Baverstock, Tim Berger, Craig S. Bell,
Derrick J. Brashear, Ben Buxton, Seth Chaiklin, Oliver Crow, Chris Dent,
Marc Ewing, Cristian Gafton, Emmanuel Galanos, Brad M. Garcia,
Eric Hester, Roger Hu, Eric Jacksch, Michael K. Johnson, David Kinchlea,
Olaf Kirch, Marcin Korzonek, Thorsten Kukuk, Stephen Langasek,
Nicolai Langfeldt, Elliot Lee, Luke Kenneth Casson Leighton,
Al Longyear, Ingo Luetkebohle, Marek Michalkiewicz, Robert Milkowski,
Aleph One, Martin Pool, Sean Reifschneider, Jan Rekorajski, Erik Troan,
Theodore Ts'o, Jeff Uphoff, Myles Uyema, Savochkin Andrey Vladimirovich,
Ronald Wahl, David Wood, John Wilmes, Joseph S. D. Yao
and Alex O. Yuriev.
</para>
<para>
Thanks are also due to Sun Microsystems, especially to Vipin Samar and
Charlie Lai for their advice. At an early stage in the development of
<emphasis remap='B'>Linux-PAM</emphasis>, Sun graciously made the
documentation for their implementation of PAM available. This act
greatly accelerated the development of
<emphasis remap='B'>Linux-PAM</emphasis>.
</para>
</chapter>
<chapter id='adg-copyright'>
<title>Copyright information for this document</title>
<programlisting>
Copyright (c) 2006 Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;
Copyright (c) 1996-2002 Andrew G. Morgan &lt;morgan@kernel.org&gt;
</programlisting>
<para>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
</para>
<programlisting>
1. Redistributions of source code must retain the above copyright
notice, and the entire permission notice in its entirety,
including the disclaimer of warranties.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote
products derived from this software without specific prior
written permission.
</programlisting>
<para>
Alternatively, this product may be distributed under the terms of
the GNU General Public License (GPL), in which case the provisions
of the GNU GPL are required instead of the above restrictions.
(This clause is necessary due to a potential bad interaction between
the GNU GPL and the restrictions contained in a BSD-style copyright.)
</para>
<programlisting>
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
</programlisting>
</chapter>
</book>

113
doc/adg/Makefile.am Normal file
View File

@ -0,0 +1,113 @@
#
# Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de>
#
CLEANFILES = Linux-PAM_ADG.fo *~
EXTRA_DIST = $(XMLS)
XMLS = Linux-PAM_ADG.xml $(shell ls $(srcdir)/pam_*.xml)
DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml)
if ENABLE_REGENERATE_MAN
MAINTAINERCLEANFILES = Linux-PAM_ADG.txt Linux-PAM_ADG.pdf html/*.html
all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf
Linux-PAM_ADG.pdf: $(XMLS) $(DEP_XMLS)
if ENABLE_GENERATE_PDF
$(XMLLINT) --nonet --xinclude --postvalid --noent --noout $<
$(XSLTPROC) --stringparam generate.toc "book toc" \
--stringparam section.autolabel 1 \
--stringparam section.label.includes.component.label 1 \
--stringparam toc.max.depth 3 --xinclude --nonet \
http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_ADG.fo
$(FO2PDF) Linux-PAM_ADG.fo $@
else
echo "No fo2pdf processor installed, skip PDF generation"
endif
Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS)
$(XMLLINT) --nonet --xinclude --postvalid --noent --noout $<
$(XSLTPROC) --stringparam generate.toc "book toc" \
--stringparam section.autolabel 1 \
--stringparam section.label.includes.component.label 1 \
--stringparam toc.max.depth 3 --xinclude --nonet \
http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@
html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS)
@test -d html || mkdir -p html
$(XMLLINT) --nonet --xinclude --postvalid --noent --noout $<
$(XSLTPROC) --stringparam base.dir html/ \
--stringparam root.filename Linux-PAM_ADG \
--stringparam use.id.as.filename 1 \
--stringparam chunk.first.sections 1 \
--stringparam section.autolabel 1 \
--stringparam section.label.includes.component.label 1 \
--stringparam toc.max.depth 3 --xinclude --nonet \
--stringparam chunker.output.encoding UTF-8 \
http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $<
distclean-local:
-rm -rf html Linux-PAM_ADG.txt Linux-PAM_ADG.pdf
endif
install-data-local:
$(mkinstalldirs) $(DESTDIR)$(docdir)
$(mkinstalldirs) $(DESTDIR)$(pdfdir)
$(mkinstalldirs) $(DESTDIR)$(htmldir)
if test -f html/Linux-PAM_ADG.html; then \
$(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \
$(DESTDIR)$(htmldir)/; \
elif test -f $(srcdir)/html/Linux-PAM_ADG.html; then \
$(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \
$(srcdir)/html/adg-*.html \
$(DESTDIR)$(htmldir)/; \
fi
if test -f Linux-PAM_ADG.txt; then \
$(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/; \
elif test -f $(srcdir)/Linux-PAM_ADG.txt; then \
$(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \
$(DESTDIR)$(docdir)/; \
fi
if test -f Linux-PAM_ADG.pdf; then \
$(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/; \
elif test -f $(srcdir)/Linux-PAM_ADG.pdf; then \
$(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \
$(DESTDIR)$(pdfdir)/; \
fi
uninstall-local:
-rm $(DESTDIR)$(htmldir)/Linux-PAM_ADG.html
-rm $(DESTDIR)$(htmldir)/adg-*.html
-rm $(DESTDIR)$(docdir)/Linux-PAM_ADG.txt
-rm $(DESTDIR)$(pdfdir)/Linux-PAM_ADG.pdf
releasedocs: all
$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html
if test -f html/Linux-PAM_ADG.html; then \
cp -ap html/Linux-PAM_ADG.html html/adg-*.html \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/; \
elif test -f $(srcdir)/html/Linux-PAM_ADG.html; then \
cp -ap $(srcdir)/html/Linux-PAM_ADG.html \
$(srcdir)/html/adg-*.html \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/; \
else exit 1; \
fi
if test -f Linux-PAM_ADG.txt; then \
cp -p Linux-PAM_ADG.txt \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \
elif test -f $(srcdir)/Linux-PAM_ADG.txt; then \
cp -p $(srcdir)/Linux-PAM_ADG.txt \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \
else exit 1; \
fi
if test -f Linux-PAM_ADG.pdf; then \
cp -p Linux-PAM_ADG.pdf \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \
elif test -f $(srcdir)/Linux-PAM_ADG.pdf; then \
cp -p $(srcdir)/Linux-PAM_ADG.pdf \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \
else exit 1; \
fi

601
doc/adg/Makefile.in Normal file
View File

@ -0,0 +1,601 @@
# Makefile.in generated by automake 1.13.4 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de>
#
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = doc/adg
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/japhar_grep_cflags.m4 \
$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BROWSER = @BROWSER@
BUILD_CFLAGS = @BUILD_CFLAGS@
BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
BUILD_LDFLAGS = @BUILD_LDFLAGS@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CC_FOR_BUILD = @CC_FOR_BUILD@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FO2PDF = @FO2PDF@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBAUDIT = @LIBAUDIT@
LIBCRACK = @LIBCRACK@
LIBCRYPT = @LIBCRYPT@
LIBDB = @LIBDB@
LIBDL = @LIBDL@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBOBJS = @LIBOBJS@
LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
LIBS = @LIBS@
LIBSELINUX = @LIBSELINUX@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NIS_CFLAGS = @NIS_CFLAGS@
NIS_LIBS = @NIS_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSL_CFLAGS = @NSL_CFLAGS@
NSL_LIBS = @NSL_LIBS@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PIE_CFLAGS = @PIE_CFLAGS@
PIE_LDFLAGS = @PIE_LDFLAGS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POSUB = @POSUB@
RANLIB = @RANLIB@
SCONFIGDIR = @SCONFIGDIR@
SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLCATALOG = @XMLCATALOG@
XMLLINT = @XMLLINT@
XML_CATALOG_FILE = @XML_CATALOG_FILE@
XSLTPROC = @XSLTPROC@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libc_cv_fpie = @libc_cv_fpie@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pam_cv_ld_O1 = @pam_cv_ld_O1@
pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
pam_xauth_path = @pam_xauth_path@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = Linux-PAM_ADG.fo *~
EXTRA_DIST = $(XMLS)
XMLS = Linux-PAM_ADG.xml $(shell ls $(srcdir)/pam_*.xml)
DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml)
@ENABLE_REGENERATE_MAN_TRUE@MAINTAINERCLEANFILES = Linux-PAM_ADG.txt Linux-PAM_ADG.pdf html/*.html
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/adg/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/adg/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
@ENABLE_REGENERATE_MAN_FALSE@distclean-local:
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-local
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am: install-data-local
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-local
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distclean-local distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-data-local install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-local
@ENABLE_REGENERATE_MAN_TRUE@all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf
@ENABLE_REGENERATE_MAN_TRUE@Linux-PAM_ADG.pdf: $(XMLS) $(DEP_XMLS)
@ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $<
@ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam generate.toc "book toc" \
@ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \
@ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \
@ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \
@ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_ADG.fo
@ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(FO2PDF) Linux-PAM_ADG.fo $@
@ENABLE_GENERATE_PDF_FALSE@@ENABLE_REGENERATE_MAN_TRUE@ echo "No fo2pdf processor installed, skip PDF generation"
@ENABLE_REGENERATE_MAN_TRUE@Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS)
@ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $<
@ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam generate.toc "book toc" \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \
@ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@
@ENABLE_REGENERATE_MAN_TRUE@html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS)
@ENABLE_REGENERATE_MAN_TRUE@ @test -d html || mkdir -p html
@ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $<
@ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam base.dir html/ \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam root.filename Linux-PAM_ADG \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam use.id.as.filename 1 \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunk.first.sections 1 \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \
@ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunker.output.encoding UTF-8 \
@ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $<
@ENABLE_REGENERATE_MAN_TRUE@distclean-local:
@ENABLE_REGENERATE_MAN_TRUE@ -rm -rf html Linux-PAM_ADG.txt Linux-PAM_ADG.pdf
install-data-local:
$(mkinstalldirs) $(DESTDIR)$(docdir)
$(mkinstalldirs) $(DESTDIR)$(pdfdir)
$(mkinstalldirs) $(DESTDIR)$(htmldir)
if test -f html/Linux-PAM_ADG.html; then \
$(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \
$(DESTDIR)$(htmldir)/; \
elif test -f $(srcdir)/html/Linux-PAM_ADG.html; then \
$(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \
$(srcdir)/html/adg-*.html \
$(DESTDIR)$(htmldir)/; \
fi
if test -f Linux-PAM_ADG.txt; then \
$(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/; \
elif test -f $(srcdir)/Linux-PAM_ADG.txt; then \
$(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \
$(DESTDIR)$(docdir)/; \
fi
if test -f Linux-PAM_ADG.pdf; then \
$(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/; \
elif test -f $(srcdir)/Linux-PAM_ADG.pdf; then \
$(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \
$(DESTDIR)$(pdfdir)/; \
fi
uninstall-local:
-rm $(DESTDIR)$(htmldir)/Linux-PAM_ADG.html
-rm $(DESTDIR)$(htmldir)/adg-*.html
-rm $(DESTDIR)$(docdir)/Linux-PAM_ADG.txt
-rm $(DESTDIR)$(pdfdir)/Linux-PAM_ADG.pdf
releasedocs: all
$(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html
if test -f html/Linux-PAM_ADG.html; then \
cp -ap html/Linux-PAM_ADG.html html/adg-*.html \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/; \
elif test -f $(srcdir)/html/Linux-PAM_ADG.html; then \
cp -ap $(srcdir)/html/Linux-PAM_ADG.html \
$(srcdir)/html/adg-*.html \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/; \
else exit 1; \
fi
if test -f Linux-PAM_ADG.txt; then \
cp -p Linux-PAM_ADG.txt \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \
elif test -f $(srcdir)/Linux-PAM_ADG.txt; then \
cp -p $(srcdir)/Linux-PAM_ADG.txt \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \
else exit 1; \
fi
if test -f Linux-PAM_ADG.pdf; then \
cp -p Linux-PAM_ADG.pdf \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \
elif test -f $(srcdir)/Linux-PAM_ADG.pdf; then \
cp -p $(srcdir)/Linux-PAM_ADG.pdf \
$(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \
else exit 1; \
fi
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

18
doc/adg/pam_acct_mgmt.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_acct_mgmt'>
<title>Account validation management</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_acct_mgmt.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_acct_mgmt-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_acct_mgmt-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_acct_mgmt.3.xml" xpointer='xpointer(//refsect1[@id = "pam_acct_mgmt-description"]/*)'/>
</section>
<section id='adg-pam_acct_mgmt-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_acct_mgmt.3.xml" xpointer='xpointer(//refsect1[@id = "pam_acct_mgmt-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_authenticate.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_authenticate'>
<title>Authenticating the user</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_authenticate.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_authenticate-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_authenticate-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_authenticate.3.xml" xpointer='xpointer(//refsect1[@id = "pam_authenticate-description"]/*)'/>
</section>
<section id='adg-pam_authenticate-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_authenticate.3.xml" xpointer='xpointer(//refsect1[@id = "pam_authenticate-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_chauthtok.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_chauthtok'>
<title>Updating authentication tokens</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_chauthtok.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_chauthtok-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_chauthtok-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_chauthtok.3.xml" xpointer='xpointer(//refsect1[@id = "pam_chauthtok-description"]/*)'/>
</section>
<section id='adg-pam_chauthtok-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_chauthtok.3.xml" xpointer='xpointer(//refsect1[@id = "pam_chauthtok-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_close_session.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_close_session'>
<title>terminating PAM session management</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_close_session.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_close_session-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_close_session-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_close_session.3.xml" xpointer='xpointer(//refsect1[@id = "pam_close_session-description"]/*)'/>
</section>
<section id='adg-pam_close_session-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_close_session.3.xml" xpointer='xpointer(//refsect1[@id = "pam_close_session-return_values"]/*)'/>
</section>
</section>

35
doc/adg/pam_conv.xml Normal file
View File

@ -0,0 +1,35 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_conv'>
<title>The conversation function</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_conv.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_conv-synopsis"]/*)'/>
</funcsynopsis>
<programlisting>
struct pam_message {
int msg_style;
const char *msg;
};
struct pam_response {
char *resp;
int resp_retcode;
};
struct pam_conv {
int (*conv)(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
void *appdata_ptr;
};
</programlisting>
<section id='adg-pam_conv-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_conv.3.xml" xpointer='xpointer(//refsect1[@id = "pam_conv-description"]/*)'/>
</section>
<section id='adg-pam_conv-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_conv.3.xml" xpointer='xpointer(//refsect1[@id = "pam_conv-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_end.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_end'>
<title>Termination of PAM transaction</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_end.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_end-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_end-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_end.3.xml" xpointer='xpointer(//refsect1[@id = "pam_end-description"]/*)'/>
</section>
<section id='adg-pam_end-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_end.3.xml" xpointer='xpointer(//refsect1[@id = "pam_end-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_fail_delay.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_fail_delay'>
<title>Request a delay on failure</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_fail_delay.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_fail_delay-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_fail_delay-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_fail_delay.3.xml" xpointer='xpointer(//refsect1[@id = "pam_fail_delay-description"]/*)'/>
</section>
<section id='adg-pam_fail_delay-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_fail_delay.3.xml" xpointer='xpointer(//refsect1[@id = "pam_fail_delay-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_get_item.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_get_item'>
<title>Getting PAM items</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_get_item.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_get_item-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_get_item-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_get_item.3.xml" xpointer='xpointer(//refsect1[@id = "pam_get_item-description"]/*)'/>
</section>
<section id='adg-pam_get_item-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_get_item.3.xml" xpointer='xpointer(//refsect1[@id = "pam_get_item-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_getenv.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_getenv'>
<title>Get a PAM environment variable</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_getenv.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_getenv-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_getenv-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_getenv.3.xml" xpointer='xpointer(//refsect1[@id = "pam_getenv-description"]/*)'/>
</section>
<section id='adg-pam_getenv-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_getenv.3.xml" xpointer='xpointer(//refsect1[@id = "pam_getenv-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_getenvlist.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_getenvlist'>
<title>Getting the PAM environment</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_getenvlist.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_getenvlist-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_getenvlist-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_getenvlist.3.xml" xpointer='xpointer(//refsect1[@id = "pam_getenvlist-description"]/*)'/>
</section>
<section id='adg-pam_getenvlist-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_getenvlist.3.xml" xpointer='xpointer(//refsect1[@id = "pam_getenvlist-return_values"]/*)'/>
</section>
</section>

14
doc/adg/pam_misc_conv.xml Normal file
View File

@ -0,0 +1,14 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-misc_conv'>
<title>Text based conversation function</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/misc_conv.3.xml" xpointer='xpointer(//funcsynopsis[@id = "misc_conv-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-misc_conv-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/misc_conv.3.xml" xpointer='xpointer(//refsect1[@id = "misc_conv-description"]/*)'/>
</section>
</section>

14
doc/adg/pam_misc_drop_env.xml Normal file
View File

@ -0,0 +1,14 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_misc_drop_env'>
<title>Liberating a locally saved environment</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_misc_drop_env.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_misc_drop_env-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_misc_drop_env-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_misc_drop_env.3.xml" xpointer='xpointer(//refsect1[@id = "pam_misc_drop_env-description"]/*)'/>
</section>
</section>

14
doc/adg/pam_misc_paste_env.xml Normal file
View File

@ -0,0 +1,14 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_misc_paste_env'>
<title>Transcribing an environment to that of PAM</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_misc_paste_env.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_misc_paste_env-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_misc_paste_env-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_misc_paste_env.3.xml" xpointer='xpointer(//refsect1[@id = "pam_misc_paste_env-description"]/*)'/>
</section>
</section>

14
doc/adg/pam_misc_setenv.xml Normal file
View File

@ -0,0 +1,14 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_misc_setenv'>
<title>BSD like PAM environment variable setting</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_misc_setenv.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_misc_setenv-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_misc_setenv-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_misc_setenv.3.xml" xpointer='xpointer(//refsect1[@id = "pam_misc_setenv-description"]/*)'/>
</section>
</section>

18
doc/adg/pam_open_session.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_open_session'>
<title>Start PAM session management</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_open_session.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_open_session-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_open_session-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_open_session.3.xml" xpointer='xpointer(//refsect1[@id = "pam_open_session-description"]/*)'/>
</section>
<section id='adg-pam_open_session-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_open_session.3.xml" xpointer='xpointer(//refsect1[@id = "pam_open_session-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_putenv.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_putenv'>
<title>Set or change PAM environment variable</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_putenv.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_putenv-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_putenv-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_putenv.3.xml" xpointer='xpointer(//refsect1[@id = "pam_putenv-description"]/*)'/>
</section>
<section id='adg-pam_putenv-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_putenv.3.xml" xpointer='xpointer(//refsect1[@id = "pam_putenv-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_set_item.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_set_item'>
<title>Setting PAM items</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_set_item.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_set_item-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_set_item-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_set_item.3.xml" xpointer='xpointer(//refsect1[@id = "pam_set_item-description"]/*)'/>
</section>
<section id='adg-pam_set_item-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_set_item.3.xml" xpointer='xpointer(//refsect1[@id = "pam_set_item-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_setcred.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_setcred'>
<title>Setting user credentials</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_setcred.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_setcred-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_setcred-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_setcred.3.xml" xpointer='xpointer(//refsect1[@id = "pam_setcred-description"]/*)'/>
</section>
<section id='adg-pam_setcred-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_setcred.3.xml" xpointer='xpointer(//refsect1[@id = "pam_setcred-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_start.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_start'>
<title>Initialization of PAM transaction</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_start.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_start-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_start-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_start.3.xml" xpointer='xpointer(//refsect1[@id = "pam_start-description"]/*)'/>
</section>
<section id='adg-pam_start-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_start.3.xml" xpointer='xpointer(//refsect1[@id = "pam_start-return_values"]/*)'/>
</section>
</section>

18
doc/adg/pam_strerror.xml Normal file
View File

@ -0,0 +1,18 @@
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<section id='adg-pam_strerror'>
<title>Strings describing PAM error codes</title>
<funcsynopsis>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_strerror.3.xml" xpointer='xpointer(//funcsynopsis[@id = "pam_strerror-synopsis"]/*)'/>
</funcsynopsis>
<section id='adg-pam_strerror-description'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_strerror.3.xml" xpointer='xpointer(//refsect1[@id = "pam_strerror-description"]/*)'/>
</section>
<section id='adg-pam_strerror-return_values'>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../man/pam_strerror.3.xml" xpointer='xpointer(//refsect1[@id = "pam_strerror-return_values"]/*)'/>
</section>
</section>

21
doc/index.html Normal file
View File

@ -0,0 +1,21 @@
<html>
<head>
<title>The Linux-PAM Administration and Developer Guides</title>
</head>
<body>
<center>
<h1>The Linux-PAM Guides</h1>
</center>
<hr>
<p>
Here is the documentation for Linux-PAM. As you will see it is
currently not complete.
<p>
<ul>
<li> <a href="Linux-PAM_SAG.html">The System Administrators' Guide</a>
<li> <a href="Linux-PAM_MWG.html">The Module Writers' Guide</a>
<li> <a href="Linux-PAM_ADG.html">The Application Developers' Guide</a>
</ul>
<hr>
</body>
</html>

63
doc/man/Makefile.am Normal file
View File

@ -0,0 +1,63 @@
#
# Copyright (c) 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
#
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS)
EXTRA_DIST = $(MANS) $(XMLS)
man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \
pam_acct_mgmt.3 pam_authenticate.3 \
pam_chauthtok.3 pam_close_session.3 pam_conv.3 \
pam_end.3 pam_error.3 \
pam_fail_delay.3 pam_xauth_data.3 \
pam_get_authtok.3 pam_get_authtok_noverify.3 pam_get_authtok_verify.3 \
pam_get_data.3 pam_get_item.3 pam_get_user.3 \
pam_getenv.3 pam_getenvlist.3 \
pam_info.3 \
pam_open_session.3 \
pam_prompt.3 pam_putenv.3 \
pam_set_data.3 pam_set_item.3 pam_syslog.3 \
pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 \
pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 \
pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 \
pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 \
misc_conv.3 pam_misc_paste_env.3 pam_misc_drop_env.3 \
pam_misc_setenv.3
XMLS = pam.3.xml pam.8.xml \
pam_acct_mgmt.3.xml pam_authenticate.3.xml \
pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \
pam_end.3.xml pam_error.3.xml \
pam_fail_delay.3.xml pam_xauth_data.3 \
pam_get_authtok.3.xml pam_get_data.3.xml pam_get_item.3.xml \
pam_get_user.3.xml pam_getenv.3.xml pam_getenvlist.3.xml \
pam_info.3.xml \
pam_open_session.3.xml \
pam_prompt.3.xml pam_putenv.3.xml \
pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \
pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \
pam_sm_close_session.3.xml pam_sm_open_session.3.xml \
pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \
pam_sm_chauthtok.3.xml \
pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \
pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \
misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \
pam_misc_setenv.3.xml
if ENABLE_REGENERATE_MAN
PAM.8: pam.8
pam_get_authtok_noverify.3: pam_get_authtok.3
pam_get_authtok_verify.3: pam_get_authtok.3
pam_verror.3: pam_error.3
pam_vinfo.3: pam_info.3
pam_vprompt.3: pam_prompt.3
pam_vsyslog.3: pam_syslog.3
pam.d.5: pam.conf.5
test -f $(srcdir)/pam\\.d.5 && mv $(srcdir)/pam\\.d.5 $(srcdir)/pam.d.5 ||:
pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml
-include $(top_srcdir)/Make.xml.rules
endif

726
doc/man/Makefile.in Normal file
View File

@ -0,0 +1,726 @@
# Makefile.in generated by automake 1.13.4 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
#
# Copyright (c) 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
#
VPATH = @srcdir@
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = doc/man
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/japhar_grep_cflags.m4 \
$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
man3dir = $(mandir)/man3
am__installdirs = "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \
"$(DESTDIR)$(man8dir)"
man5dir = $(mandir)/man5
man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(man_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
BROWSER = @BROWSER@
BUILD_CFLAGS = @BUILD_CFLAGS@
BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
BUILD_LDFLAGS = @BUILD_LDFLAGS@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CC_FOR_BUILD = @CC_FOR_BUILD@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FO2PDF = @FO2PDF@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
LD = @LD@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBAUDIT = @LIBAUDIT@
LIBCRACK = @LIBCRACK@
LIBCRYPT = @LIBCRYPT@
LIBDB = @LIBDB@
LIBDL = @LIBDL@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBOBJS = @LIBOBJS@
LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
LIBS = @LIBS@
LIBSELINUX = @LIBSELINUX@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NIS_CFLAGS = @NIS_CFLAGS@
NIS_LIBS = @NIS_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSL_CFLAGS = @NSL_CFLAGS@
NSL_LIBS = @NSL_LIBS@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PIE_CFLAGS = @PIE_CFLAGS@
PIE_LDFLAGS = @PIE_LDFLAGS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POSUB = @POSUB@
RANLIB = @RANLIB@
SCONFIGDIR = @SCONFIGDIR@
SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLCATALOG = @XMLCATALOG@
XMLLINT = @XMLLINT@
XML_CATALOG_FILE = @XML_CATALOG_FILE@
XSLTPROC = @XSLTPROC@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libc_cv_fpie = @libc_cv_fpie@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pam_cv_ld_O1 = @pam_cv_ld_O1@
pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
pam_xauth_path = @pam_xauth_path@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS)
EXTRA_DIST = $(MANS) $(XMLS)
man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \
pam_acct_mgmt.3 pam_authenticate.3 \
pam_chauthtok.3 pam_close_session.3 pam_conv.3 \
pam_end.3 pam_error.3 \
pam_fail_delay.3 pam_xauth_data.3 \
pam_get_authtok.3 pam_get_authtok_noverify.3 pam_get_authtok_verify.3 \
pam_get_data.3 pam_get_item.3 pam_get_user.3 \
pam_getenv.3 pam_getenvlist.3 \
pam_info.3 \
pam_open_session.3 \
pam_prompt.3 pam_putenv.3 \
pam_set_data.3 pam_set_item.3 pam_syslog.3 \
pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 \
pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 \
pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 \
pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 \
misc_conv.3 pam_misc_paste_env.3 pam_misc_drop_env.3 \
pam_misc_setenv.3
XMLS = pam.3.xml pam.8.xml \
pam_acct_mgmt.3.xml pam_authenticate.3.xml \
pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \
pam_end.3.xml pam_error.3.xml \
pam_fail_delay.3.xml pam_xauth_data.3 \
pam_get_authtok.3.xml pam_get_data.3.xml pam_get_item.3.xml \
pam_get_user.3.xml pam_getenv.3.xml pam_getenvlist.3.xml \
pam_info.3.xml \
pam_open_session.3.xml \
pam_prompt.3.xml pam_putenv.3.xml \
pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \
pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \
pam_sm_close_session.3.xml pam_sm_open_session.3.xml \
pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \
pam_sm_chauthtok.3.xml \
pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \
pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \
misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \
pam_misc_setenv.3.xml
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/man/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu doc/man/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-man3: $(man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
list2='$(man_MANS)'; \
test -n "$(man3dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.3[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \
done; }
uninstall-man3:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man3dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.3[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir)
install-man5: $(man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
list2='$(man_MANS)'; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.5[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
done; }
uninstall-man5:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man5dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.5[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
install-man8: $(man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
list2='$(man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.8[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
done; }
uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(MANS)
installdirs:
for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am: install-man
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man: install-man3 install-man5 install-man8
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-man
uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-man3 install-man5 install-man8 install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-man uninstall-man3 uninstall-man5 \
uninstall-man8
@ENABLE_REGENERATE_MAN_TRUE@PAM.8: pam.8
@ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_noverify.3: pam_get_authtok.3
@ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_verify.3: pam_get_authtok.3
@ENABLE_REGENERATE_MAN_TRUE@pam_verror.3: pam_error.3
@ENABLE_REGENERATE_MAN_TRUE@pam_vinfo.3: pam_info.3
@ENABLE_REGENERATE_MAN_TRUE@pam_vprompt.3: pam_prompt.3
@ENABLE_REGENERATE_MAN_TRUE@pam_vsyslog.3: pam_syslog.3
@ENABLE_REGENERATE_MAN_TRUE@pam.d.5: pam.conf.5
@ENABLE_REGENERATE_MAN_TRUE@ test -f $(srcdir)/pam\\.d.5 && mv $(srcdir)/pam\\.d.5 $(srcdir)/pam.d.5 ||:
@ENABLE_REGENERATE_MAN_TRUE@pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
@ENABLE_REGENERATE_MAN_TRUE@pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
@ENABLE_REGENERATE_MAN_TRUE@pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

138
doc/man/PAM.8 Normal file
View File

@ -0,0 +1,138 @@
'\" t
.\" Title: pam
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2018
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM" "8" "05/18/2018" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
PAM, pam \- Pluggable Authentication Modules for Linux
.SH "DESCRIPTION"
.PP
This manual is intended to offer a quick introduction to
\fBLinux\-PAM\fR\&. For more information the reader is directed to the
\fBLinux\-PAM system administrators\*(Aq guide\fR\&.
.PP
\fBLinux\-PAM\fR
is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
\fBlogin\fR(1)
and
\fBsu\fR(1)) defer to to perform standard authentication tasks\&.
.PP
The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single
\fBLinux\-PAM\fR
configuration file
/etc/pam\&.conf\&. Alternatively, the configuration can be set by individual configuration files located in the
/etc/pam\&.d/
directory\&. The presence of this directory will cause
\fBLinux\-PAM\fR
to
\fIignore\fR/etc/pam\&.conf\&.
.PP
Vendor\-supplied PAM configuration files might be installed in the system directory
/usr/lib/pam\&.d/
instead of the machine configuration directory
/etc/pam\&.d/\&. If no machine configuration file is found, the vendor\-supplied file is used\&. All files in
/etc/pam\&.d/
override files with the same name in
/usr/lib/pam\&.d/\&.
.PP
From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the
\fBLinux\-PAM\fR
library\&. The important point to recognize is that the configuration file(s)
\fIdefine\fR
the connection between applications
(\fBservices\fR) and the pluggable authentication modules
(\fBPAM\fRs) that perform the actual authentication tasks\&.
.PP
\fBLinux\-PAM\fR
separates the tasks of
\fIauthentication\fR
into four independent management groups:
\fBaccount\fR
management;
\fBauth\fRentication management;
\fBpassword\fR
management; and
\fBsession\fR
management\&. (We highlight the abbreviations used for these groups in the configuration file\&.)
.PP
Simply put, these groups take care of different aspects of a typical user\*(Aqs request for a restricted service:
.PP
\fBaccount\fR
\- provide account verification types of service: has the user\*(Aqs password expired?; is this user permitted access to the requested service?
.PP
\fBauth\fRentication \- authenticate a user and set up user credentials\&. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\&. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of
\fBLinux\-PAM\fR\&.
.PP
\fBpassword\fR
\- this group\*(Aqs responsibility is the task of updating authentication mechanisms\&. Typically, such services are strongly coupled to those of the
\fBauth\fR
group\&. Some authentication mechanisms lend themselves well to being updated with such a function\&. Standard UN*X password\-based access is the obvious example: please enter a replacement password\&.
.PP
\fBsession\fR
\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\&. Such tasks include the maintenance of audit trails and the mounting of the user\*(Aqs home directory\&. The
\fBsession\fR
management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&.
.SH "FILES"
.PP
/etc/pam\&.conf
.RS 4
the configuration file
.RE
.PP
/etc/pam\&.d
.RS 4
the
\fBLinux\-PAM\fR
configuration directory\&. Generally, if this directory is present, the
/etc/pam\&.conf
file is ignored\&.
.RE
.PP
/usr/lib/pam\&.d
.RS 4
the
\fBLinux\-PAM\fR
vendor configuration directory\&. Files in
/etc/pam\&.d
override files with the same name in this directory\&.
.RE
.SH "ERRORS"
.PP
Typically errors generated by the
\fBLinux\-PAM\fR
system of libraries, will be written to
\fBsyslog\fR(3)\&.
.SH "CONFORMING TO"
.PP
DCE\-RFC 86\&.0, October 1995\&. Contains additional features, but remains backwardly compatible with this RFC\&.
.SH "SEE ALSO"
.PP
\fBpam\fR(3),
\fBpam_authenticate\fR(3),
\fBpam_sm_setcred\fR(3),
\fBpam_strerror\fR(3),
\fBPAM\fR(8)

127
doc/man/misc_conv.3 Normal file
View File

@ -0,0 +1,127 @@
'\" t
.\" Title: misc_conv
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "MISC_CONV" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
misc_conv \- text based conversation function
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_misc\&.h>
.fi
.ft
.HP \w'int\ misc_conv('u
.BI "int misc_conv(int\ " "num_msg" ", const\ struct\ pam_message\ **" "msgm" ", struct\ pam_response\ **" "response" ", void\ *" "appdata_ptr" ");"
.SH "DESCRIPTION"
.PP
The
\fBmisc_conv\fR
function is part of
\fBlibpam_misc\fR
and not of the standard
\fBlibpam\fR
library\&. This function will prompt the user with the appropriate comments and obtain the appropriate inputs as directed by authentication modules\&.
.PP
In addition to simply slotting into the appropriate
\fBpam_conv\fR(3), this function provides some time\-out facilities\&. The function exports five variables that can be used by an application programmer to limit the amount of time this conversation function will spend waiting for the user to type something\&. The five variabls are as follows:
.PP
\fBtime_t\fR \fIpam_misc_conv_warn_time\fR;
.RS 4
This variable contains the
\fItime\fR
(as returned by
\fBtime\fR(2)) that the user should be first warned that the clock is ticking\&. By default it has the value
0, which indicates that no such warning will be given\&. The application may set its value to sometime in the future, but this should be done prior to passing control to the
\fILinux\-PAM\fR
library\&.
.RE
.PP
\fBconst char *\fR\fIpam_misc_conv_warn_line\fR;
.RS 4
Used in conjuction with
\fIpam_misc_conv_warn_time\fR, this variable is a pointer to the string that will be displayed when it becomes time to warn the user that the timeout is approaching\&. Its default value is a translated version of
\(lq\&.\&.\&.Time is running out\&.\&.\&.\(rq, but this can be changed by the application prior to passing control to
\fILinux\-PAM\fR\&.
.RE
.PP
\fBtime_t\fR \fIpam_misc_conv_die_time\fR;
.RS 4
This variable contains the
\fItime\fR
(as returned by
\fBtime\fR(2)) that the will time out\&. By default it has the value
0, which indicates that the conversation function will not timeout\&. The application may set its value to sometime in the future, but this should be done prior to passing control to the
\fILinux\-PAM\fR
library\&.
.RE
.PP
\fBconst char *\fR\fIpam_misc_conv_die_line\fR;
.RS 4
Used in conjuction with
\fIpam_misc_conv_die_time\fR, this variable is a pointer to the string that will be displayed when the conversation times out\&. Its default value is a translated version of
\(lq\&.\&.\&.Sorry, your time is up!\(rq, but this can be changed by the application prior to passing control to
\fILinux\-PAM\fR\&.
.RE
.PP
\fBint\fR \fIpam_misc_conv_died\fR;
.RS 4
Following a return from the
\fILinux\-PAM\fR
libraray, the value of this variable indicates whether the conversation has timed out\&. A value of
1
indicates the time\-out occurred\&.
.RE
.PP
The following two function pointers are available for supporting binary prompts in the conversation function\&. They are optimized for the current incarnation of the
\fBlibpamc\fR
library and are subject to change\&.
.PP
\fBint\fR \fI(*pam_binary_handler_fn)\fR(\fBvoid *\fR\fIappdata\fR, \fBpamc_bp_t *\fR\fIprompt_p\fR);
.RS 4
This function pointer is initialized to
NULL
but can be filled with a function that provides machine\-machine (hidden) message exchange\&. It is intended for use with hidden authentication protocols such as RSA or Diffie\-Hellman key exchanges\&. (This is still under development\&.)
.RE
.PP
\fBint\fR \fI(*pam_binary_handler_free)\fR(\fBvoid *\fR\fIappdata\fR, \fBpamc_bp_t *\fR\fIdelete_me\fR);
.RS 4
This function pointer is initialized to
\fBPAM_BP_RENEW(delete_me, 0, 0)\fR, but can be redefined as desired by the application\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_conv\fR(3),
\fBpam\fR(8)
.SH "STANDARDS"
.PP
The
\fBmisc_conv\fR
function is part of the
\fBlibpam_misc\fR
Library and not defined in any standard\&.

188
doc/man/misc_conv.3.xml Normal file
View File

@ -0,0 +1,188 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id="misc_conv">
<refmeta>
<refentrytitle>misc_conv</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="misc_conv-name">
<refname>misc_conv</refname>
<refpurpose>text based conversation function</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis id="misc_conv-synopsis">
<funcsynopsisinfo>#include &lt;security/pam_misc.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>misc_conv</function></funcdef>
<paramdef>int <parameter>num_msg</parameter></paramdef>
<paramdef>const struct pam_message **<parameter>msgm</parameter></paramdef>
<paramdef>struct pam_response **<parameter>response</parameter></paramdef>
<paramdef>void *<parameter>appdata_ptr</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id='misc_conv-description'>
<title>DESCRIPTION</title>
<para>
The <function>misc_conv</function> function is part of
<command>libpam_misc</command> and not of the standard
<command>libpam</command> library. This function will prompt
the user with the appropriate comments and obtain the appropriate
inputs as directed by authentication modules.
</para>
<para>
In addition to simply slotting into the appropriate <citerefentry>
<refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, this function provides some time-out facilities.
The function exports five variables that can be used by an
application programmer to limit the amount of time this conversation
function will spend waiting for the user to type something. The
five variabls are as follows:
</para>
<variablelist>
<varlistentry>
<term><type>time_t</type> <varname>pam_misc_conv_warn_time</varname>;</term>
<listitem>
<para>
This variable contains the <emphasis>time</emphasis> (as
returned by <citerefentry>
<refentrytitle>time</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>) that the user should be first warned that
the clock is ticking. By default it has the value
<returnvalue>0</returnvalue>, which indicates that no such
warning will be given. The application may set its value to
sometime in the future, but this should be done prior to
passing control to the <emphasis>Linux-PAM</emphasis> library.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><type>const char *</type><varname>pam_misc_conv_warn_line</varname>;</term>
<listitem>
<para>
Used in conjuction with
<varname>pam_misc_conv_warn_time</varname>, this variable is
a pointer to the string that will be displayed when it becomes
time to warn the user that the timeout is approaching. Its
default value is a translated version of
<quote>...Time is running out...</quote>, but this can be
changed by the application prior to passing control to
<emphasis>Linux-PAM</emphasis>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><type>time_t</type> <varname>pam_misc_conv_die_time</varname>;</term>
<listitem>
<para>
This variable contains the <emphasis>time</emphasis> (as
returned by <citerefentry>
<refentrytitle>time</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>) that the will time out. By default it has
the value <returnvalue>0</returnvalue>, which indicates that
the conversation function will not timeout. The application
may set its value to sometime in the future, but this should
be done prior to passing control to the
<emphasis>Linux-PAM</emphasis> library.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><type>const char *</type><varname>pam_misc_conv_die_line</varname>;</term>
<listitem>
<para>
Used in conjuction with
<varname>pam_misc_conv_die_time</varname>, this variable is
a pointer to the string that will be displayed when the
conversation times out. Its default value is a translated
version of
<quote>...Sorry, your time is up!</quote>, but this can be
changed by the application prior to passing control to
<emphasis>Linux-PAM</emphasis>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><type>int</type> <varname>pam_misc_conv_died</varname>;</term>
<listitem>
<para>
Following a return from the <emphasis>Linux-PAM</emphasis>
libraray, the value of this variable indicates whether the
conversation has timed out. A value of
<returnvalue>1</returnvalue> indicates the time-out occurred.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
The following two function pointers are available for supporting
binary prompts in the conversation function. They are optimized
for the current incarnation of the <command>libpamc</command>
library and are subject to change.
</para>
<variablelist>
<varlistentry>
<term>
<type>int</type> <varname>(*pam_binary_handler_fn)</varname>(<type>void *</type><varname>appdata</varname>, <type>pamc_bp_t *</type><varname>prompt_p</varname>);
</term>
<listitem>
<para>
This function pointer is initialized to
<returnvalue>NULL</returnvalue> but can be filled with a
function that provides machine-machine (hidden) message
exchange. It is intended for use with hidden authentication
protocols such as RSA or Diffie-Hellman key exchanges.
(This is still under development.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<type>int</type> <varname>(*pam_binary_handler_free)</varname>(<type>void *</type><varname>appdata</varname>, <type>pamc_bp_t *</type><varname>delete_me</varname>);
</term>
<listitem>
<para>
This function pointer is initialized to
<function>PAM_BP_RENEW(delete_me, 0, 0)</function>, but can be
redefined as desired by the application.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='misc_conv-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='misc_conv-standards'>
<title>STANDARDS</title>
<para>
The <function>misc_conv</function> function is part of the
<command>libpam_misc</command> Library and not defined in any
standard.
</para>
</refsect1>
</refentry>

302
doc/man/pam.3 Normal file
View File

@ -0,0 +1,302 @@
'\" t
.\" Title: pam
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam \- Pluggable Authentication Modules Library
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.sp
.ft B
.nf
#include <security/pam_modules\&.h>
.fi
.ft
.sp
.ft B
.nf
#include <security/pam_ext\&.h>
.fi
.ft
.SH "DESCRIPTION"
.PP
\fBPAM\fR
is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as
\fBlogin\fR(1)
and
\fBsu\fR(1)) defer to to perform standard authentication tasks\&.
.SS "Initialization and Cleanup"
.PP
The
\fBpam_start\fR(3)
function creates the PAM context and initiates the PAM transaction\&. It is the first of the PAM functions that needs to be called by an application\&. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel\&. But it is not possible to use the same handle for different transactions, a new one is needed for every new context\&.
.PP
The
\fBpam_end\fR(3)
function terminates the PAM transaction and is the last function an application should call in the PAM context\&. Upon return the handle pamh is no longer valid and all memory associated with it will be invalid\&. It can be called at any time to terminate a PAM transaction\&.
.SS "Authentication"
.PP
The
\fBpam_authenticate\fR(3)
function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&.
.PP
The
\fBpam_setcred\fR(3)
function manages the user\*(Aqs credentials\&.
.SS "Account Management"
.PP
The
\fBpam_acct_mgmt\fR(3)
function is used to determine if the user\*(Aqs account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&.
.SS "Password Management"
.PP
The
\fBpam_chauthtok\fR(3)
function is used to change the authentication token for a given user on request or because the token has expired\&.
.SS "Session Management"
.PP
The
\fBpam_open_session\fR(3)
function sets up a user session for a previously successful authenticated user\&. The session should later be terminated with a call to
\fBpam_close_session\fR(3)\&.
.SS "Conversation"
.PP
The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the
\fIstruct pam_conv\fR
passed to
\fBpam_start\fR(3)
at the start of the transaction\&. See
\fBpam_conv\fR(3)
for details\&.
.SS "Data Objects"
.PP
The
\fBpam_set_item\fR(3)
and
\fBpam_get_item\fR(3)
functions allows applications and PAM service modules to set and retrieve PAM informations\&.
.PP
The
\fBpam_get_user\fR(3)
function is the preferred method to obtain the username\&.
.PP
The
\fBpam_set_data\fR(3)
and
\fBpam_get_data\fR(3)
functions allows PAM service modules to set and retrieve free\-form data from one invocation to another\&.
.SS "Environment and Error Management"
.PP
The
\fBpam_putenv\fR(3),
\fBpam_getenv\fR(3)
and
\fBpam_getenvlist\fR(3)
functions are for maintaining a set of private environment variables\&.
.PP
The
\fBpam_strerror\fR(3)
function returns a pointer to a string describing the given PAM error code\&.
.SH "RETURN VALUES"
.PP
The following return codes are known by PAM:
.PP
PAM_ABORT
.RS 4
Critical error, immediate abort\&.
.RE
.PP
PAM_ACCT_EXPIRED
.RS 4
User account has expired\&.
.RE
.PP
PAM_AUTHINFO_UNAVAIL
.RS 4
Authentication service cannot retrieve authentication info\&.
.RE
.PP
PAM_AUTHTOK_DISABLE_AGING
.RS 4
Authentication token aging disabled\&.
.RE
.PP
PAM_AUTHTOK_ERR
.RS 4
Authentication token manipulation error\&.
.RE
.PP
PAM_AUTHTOK_EXPIRED
.RS 4
Authentication token expired\&.
.RE
.PP
PAM_AUTHTOK_LOCK_BUSY
.RS 4
Authentication token lock busy\&.
.RE
.PP
PAM_AUTHTOK_RECOVERY_ERR
.RS 4
Authentication information cannot be recovered\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
Authentication failure\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
Conversation failure\&.
.RE
.PP
PAM_CRED_ERR
.RS 4
Failure setting user credentials\&.
.RE
.PP
PAM_CRED_EXPIRED
.RS 4
User credentials expired\&.
.RE
.PP
PAM_CRED_INSUFFICIENT
.RS 4
Insufficient credentials to access authentication data\&.
.RE
.PP
PAM_CRED_UNAVAIL
.RS 4
Authentication service cannot retrieve user credentials\&.
.RE
.PP
PAM_IGNORE
.RS 4
The return value should be ignored by PAM dispatch\&.
.RE
.PP
PAM_MAXTRIES
.RS 4
Have exhausted maximum number of retries for service\&.
.RE
.PP
PAM_MODULE_UNKNOWN
.RS 4
Module is unknown\&.
.RE
.PP
PAM_NEW_AUTHTOK_REQD
.RS 4
Authentication token is no longer valid; new one required\&.
.RE
.PP
PAM_NO_MODULE_DATA
.RS 4
No module specific data is present\&.
.RE
.PP
PAM_OPEN_ERR
.RS 4
Failed to load module\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
Permission denied\&.
.RE
.PP
PAM_SERVICE_ERR
.RS 4
Error in service module\&.
.RE
.PP
PAM_SESSION_ERR
.RS 4
Cannot make/remove an entry for the specified session\&.
.RE
.PP
PAM_SUCCESS
.RS 4
Success\&.
.RE
.PP
PAM_SYMBOL_ERR
.RS 4
Symbol not found\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
System error\&.
.RE
.PP
PAM_TRY_AGAIN
.RS 4
Failed preliminary check by password service\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User not known to the underlying authentication module\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_acct_mgmt\fR(3),
\fBpam_authenticate\fR(3),
\fBpam_chauthtok\fR(3),
\fBpam_close_session\fR(3),
\fBpam_conv\fR(3),
\fBpam_end\fR(3),
\fBpam_get_data\fR(3),
\fBpam_getenv\fR(3),
\fBpam_getenvlist\fR(3),
\fBpam_get_item\fR(3),
\fBpam_get_user\fR(3),
\fBpam_open_session\fR(3),
\fBpam_putenv\fR(3),
\fBpam_set_data\fR(3),
\fBpam_set_item\fR(3),
\fBpam_setcred\fR(3),
\fBpam_start\fR(3),
\fBpam_strerror\fR(3)
.SH "NOTES"
.PP
The
\fIlibpam\fR
interfaces are only thread\-safe if each thread within the multithreaded application uses its own PAM handle\&.

439
doc/man/pam.3.xml Normal file
View File

@ -0,0 +1,439 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam3'>
<refmeta>
<refentrytitle>pam</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id='pam3-name'>
<refname>pam</refname>
<refpurpose>Pluggable Authentication Modules Library</refpurpose>
</refnamediv>
<refsynopsisdiv id='pam3-synopsis'>
<funcsynopsis>
<funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
<funcsynopsisinfo>#include &lt;security/pam_modules.h&gt;</funcsynopsisinfo>
<funcsynopsisinfo>#include &lt;security/pam_ext.h&gt;</funcsynopsisinfo>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id='pam3-description'>
<title>DESCRIPTION</title>
<para>
<emphasis remap='B'>PAM</emphasis> is a system of libraries
that handle the authentication tasks of applications (services)
on the system. The library provides a stable general interface
(Application Programming Interface - API) that privilege granting
programs (such as
<citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> and <citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>)
defer to to perform standard authentication tasks.
</para>
<refsect2 id='pam3-initialization_and_cleanup'>
<title>Initialization and Cleanup</title>
<para>
The
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> function creates the PAM context and initiates the
PAM transaction. It is the first of the PAM functions that needs to
be called by an application. The transaction state is contained
entirely within the structure identified by this handle, so it is
possible to have multiple transactions in parallel. But it is not
possible to use the same handle for different transactions, a new
one is needed for every new context.
</para>
<para>
The
<citerefentry>
<refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> function terminates the PAM transaction and is the last
function an application should call in the PAM context. Upon return
the handle pamh is no longer valid and all memory associated with it
will be invalid. It can be called at any time to terminate a PAM
transaction.
</para>
</refsect2>
<refsect2 id='pam3-authentication'>
<title>Authentication</title>
<para>
The
<citerefentry>
<refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
function is used to
authenticate the user. The user is required to provide an
authentication token depending upon the authentication service,
usually this is a password, but could also be a finger print.
</para>
<para>
The
<citerefentry>
<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
function manages the user's credentials.
</para>
</refsect2>
<refsect2 id='pam3-account_management'>
<title>Account Management</title>
<para>
The
<citerefentry>
<refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> function is used to determine if the user's account is
valid. It checks for authentication token and account expiration and
verifies access restrictions. It is typically called after the user
has been authenticated.
</para>
</refsect2>
<refsect2 id='pam3-password_management'>
<title>Password Management</title>
<para>
The
<citerefentry>
<refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> function is used to change the authentication token
for a given user on request or because the token has expired.
</para>
</refsect2>
<refsect2 id='pam3-session_management'>
<title>Session Management</title>
<para>
The
<citerefentry>
<refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> function sets up a user session for a previously
successful authenticated user. The session should later be terminated
with a call to
<citerefentry>
<refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
</refsect2>
<refsect2 id='pam3-conversation'>
<title>Conversation</title>
<para>
The PAM library uses an application-defined callback to allow
a direct communication between a loaded module and the application.
This callback is specified by the
<emphasis>struct pam_conv</emphasis> passed to
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> at the start of the transaction. See
<citerefentry>
<refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
for details.
</para>
</refsect2>
<refsect2 id='pam3-data'>
<title>Data Objects</title>
<para>
The
<citerefentry>
<refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
and
<citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
functions allows applications and PAM service modules to set and
retrieve PAM informations.
</para>
<para>
The
<citerefentry>
<refentrytitle>pam_get_user</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
function is the preferred method to obtain the username.
</para>
<para>
The
<citerefentry>
<refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
and
<citerefentry>
<refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
functions allows PAM service modules to set and retrieve free-form
data from one invocation to another.
</para>
</refsect2>
<refsect2 id='pam3-miscellaneous'>
<title>Environment and Error Management</title>
<para>
The
<citerefentry>
<refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_getenv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> and
<citerefentry>
<refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
functions are for maintaining a set of private environment variables.
</para>
<para>
The
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> function returns a pointer to a string describing the
given PAM error code.
</para>
</refsect2>
</refsect1>
<refsect1 id='pam3-return_values'>
<title>RETURN VALUES</title>
<para>
The following return codes are known by PAM:
</para>
<variablelist>
<varlistentry>
<term>PAM_ABORT</term>
<listitem>
<para>Critical error, immediate abort.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_ACCT_EXPIRED</term>
<listitem>
<para>User account has expired.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHINFO_UNAVAIL</term>
<listitem>
<para>
Authentication service cannot retrieve authentication info.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_DISABLE_AGING</term>
<listitem>
<para>Authentication token aging disabled.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_ERR</term>
<listitem>
<para>Authentication token manipulation error.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_EXPIRED</term>
<listitem>
<para>Authentication token expired.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_LOCK_BUSY</term>
<listitem>
<para>Authentication token lock busy.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_RECOVERY_ERR</term>
<listitem>
<para>Authentication information cannot be recovered.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>Authentication failure.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_BUF_ERR</term>
<listitem>
<para>Memory buffer error.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CONV_ERR</term>
<listitem>
<para>Conversation failure.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CRED_ERR</term>
<listitem>
<para>Failure setting user credentials.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CRED_EXPIRED</term>
<listitem>
<para>User credentials expired.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CRED_INSUFFICIENT</term>
<listitem>
<para>Insufficient credentials to access authentication data.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CRED_UNAVAIL</term>
<listitem>
<para>Authentication service cannot retrieve user credentials.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_IGNORE</term>
<listitem>
<para>The return value should be ignored by PAM dispatch.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_MAXTRIES</term>
<listitem>
<para>Have exhausted maximum number of retries for service.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_MODULE_UNKNOWN</term>
<listitem>
<para>Module is unknown.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_NEW_AUTHTOK_REQD</term>
<listitem>
<para>
Authentication token is no longer valid; new one required.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_NO_MODULE_DATA</term>
<listitem>
<para>No module specific data is present.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_OPEN_ERR</term>
<listitem>
<para>Failed to load module.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_PERM_DENIED</term>
<listitem>
<para>Permission denied.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SERVICE_ERR</term>
<listitem>
<para>Error in service module.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SESSION_ERR</term>
<listitem>
<para>Cannot make/remove an entry for the specified session.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>Success.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SYMBOL_ERR</term>
<listitem>
<para>Symbol not found.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SYSTEM_ERR</term>
<listitem>
<para>System error.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_TRY_AGAIN</term>
<listitem>
<para>Failed preliminary check by password service.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>User not known to the underlying authentication module.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'><title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_getenv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_get_user</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam3-notes'><title>NOTES</title>
<para>
The <emphasis>libpam</emphasis> interfaces are only thread-safe if each
thread within the multithreaded application uses its own PAM handle.
</para>
</refsect1>
</refentry>

1
doc/man/pam.8 Normal file
View File

@ -0,0 +1 @@
.so PAM.8

203
doc/man/pam.8.xml Normal file
View File

@ -0,0 +1,203 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam8'>
<refmeta>
<refentrytitle>pam</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id='pam8-name'>
<refname>PAM</refname>
<refname>pam</refname>
<refpurpose>Pluggable Authentication Modules for Linux</refpurpose>
</refnamediv>
<refsect1 id='pam8-description'>
<title>DESCRIPTION</title>
<para>
This manual is intended to offer a quick introduction to
<emphasis remap='B'>Linux-PAM</emphasis>. For more information
the reader is directed to the
<emphasis remap='B'>Linux-PAM system administrators' guide</emphasis>.
</para>
<para>
<emphasis remap='B'>Linux-PAM</emphasis> is a system of libraries
that handle the authentication tasks of applications (services) on
the system. The library provides a stable general interface
(Application Programming Interface - API) that privilege granting
programs (such as <citerefentry>
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> and <citerefentry>
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>) defer to to perform standard authentication tasks.
</para>
<para>
The principal feature of the PAM approach is that the nature of the
authentication is dynamically configurable. In other words, the
system administrator is free to choose how individual
service-providing applications will authenticate users. This dynamic
configuration is set by the contents of the single
<emphasis remap='B'>Linux-PAM</emphasis> configuration file
<filename>/etc/pam.conf</filename>. Alternatively, the configuration
can be set by individual configuration files located in the
<filename>/etc/pam.d/</filename> directory. The presence of this
directory will cause <emphasis remap='B'>Linux-PAM</emphasis> to
<emphasis remap='I'>ignore</emphasis> <filename>/etc/pam.conf</filename>.
</para>
<para>
Vendor-supplied PAM configuration files might be installed in
the system directory <filename>/usr/lib/pam.d/</filename> instead
of the machine configuration directory <filename>/etc/pam.d/</filename>.
If no machine configuration file is found, the vendor-supplied file
is used. All files in <filename>/etc/pam.d/</filename> override
files with the same name in <filename>/usr/lib/pam.d/</filename>.
</para>
<para>From the point of view of the system administrator, for whom this
manual is provided, it is not of primary importance to understand the
internal behavior of the
<emphasis remap='B'>Linux-PAM</emphasis>
library. The important point to recognize is that the configuration
file(s)
<emphasis remap='I'>define</emphasis>
the connection between applications
<emphasis remap='B'></emphasis>(<emphasis remap='B'>services</emphasis>)
and the pluggable authentication modules
<emphasis remap='B'></emphasis>(<emphasis remap='B'>PAM</emphasis>s)
that perform the actual authentication tasks.</para>
<para><emphasis remap='B'>Linux-PAM</emphasis>
separates the tasks of
<emphasis remap='I'>authentication</emphasis>
into four independent management groups:
<emphasis remap='B'>account</emphasis> management;
<emphasis remap='B'>auth</emphasis>entication management;
<emphasis remap='B'>password</emphasis> management;
and
<emphasis remap='B'>session</emphasis> management.
(We highlight the abbreviations used for these groups in the
configuration file.)</para>
<para>Simply put, these groups take care of different aspects of a typical
user's request for a restricted service:</para>
<para><emphasis remap='B'>account</emphasis> -
provide account verification types of service: has the user's password
expired?; is this user permitted access to the requested service?</para>
<!-- .br -->
<para><emphasis remap='B'>auth</emphasis>entication -
authenticate a user and set up user credentials. Typically this is via
some challenge-response request that the user must satisfy: if you are
who you claim to be please enter your password. Not all authentications
are of this type, there exist hardware based authentication schemes
(such as the use of smart-cards and biometric devices), with suitable
modules, these may be substituted seamlessly for more standard
approaches to authentication - such is the flexibility of
<emphasis remap='B'>Linux-PAM</emphasis>.</para>
<!-- .br -->
<para><emphasis remap='B'>password</emphasis> -
this group's responsibility is the task of updating authentication
mechanisms. Typically, such services are strongly coupled to those of
the
<emphasis remap='B'>auth</emphasis>
group. Some authentication mechanisms lend themselves well to being
updated with such a function. Standard UN*X password-based access is
the obvious example: please enter a replacement password.</para>
<!-- .br -->
<para><emphasis remap='B'>session</emphasis> -
this group of tasks cover things that should be done prior to a
service being given and after it is withdrawn. Such tasks include the
maintenance of audit trails and the mounting of the user's home
directory. The
<emphasis remap='B'>session</emphasis>
management group is important as it provides both an opening and
closing hook for modules to affect the services available to a user.</para>
</refsect1>
<refsect1 id='pam8-files'>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/pam.conf</filename></term>
<listitem>
<para>the configuration file</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/pam.d</filename></term>
<listitem>
<para>
the <emphasis remap='B'>Linux-PAM</emphasis> configuration
directory. Generally, if this directory is present, the
<filename>/etc/pam.conf</filename> file is ignored.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/usr/lib/pam.d</filename></term>
<listitem>
<para>
the <emphasis remap='B'>Linux-PAM</emphasis> vendor configuration
directory. Files in <filename>/etc/pam.d</filename> override
files with the same name in this directory.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam8-errors'>
<title>ERRORS</title>
<para>
Typically errors generated by the
<emphasis remap='B'>Linux-PAM</emphasis> system of libraries, will
be written to <citerefentry>
<refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
</refsect1>
<refsect1 id='pam8-conforming_to'>
<title>CONFORMING TO</title>
<para>
DCE-RFC 86.0, October 1995.
Contains additional features, but remains backwardly compatible
with this RFC.
</para>
</refsect1>
<refsect1 id='pam8-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>

21
doc/man/pam.conf-desc.xml Normal file
View File

@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<section id='pam.conf-desc'>
<para>
When a <emphasis>PAM</emphasis> aware privilege granting application
is started, it activates its attachment to the PAM-API. This
activation performs a number of tasks, the most important being the
reading of the configuration file(s): <filename>/etc/pam.conf</filename>.
Alternatively, this may be the contents of the
<filename>/etc/pam.d/</filename> directory. The presence of this
directory will cause Linux-PAM to ignore
<filename>/etc/pam.conf</filename>.
</para>
<para>
These files list the <emphasis>PAM</emphasis>s that will do the
authentication tasks required by this service, and the appropriate
behavior of the PAM-API in the event that individual
<emphasis>PAM</emphasis>s fail.
</para>
</section>

30
doc/man/pam.conf-dir.xml Normal file
View File

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<section id='pam.conf-dir'>
<para>
More flexible than the single configuration file is it to
configure libpam via the contents of the
<filename>/etc/pam.d/</filename> directory. In this case the
directory is filled with files each of which has a filename
equal to a service-name (in lower-case): it is the personal
configuration file for the named service.
</para>
<para>
The syntax of each file in /etc/pam.d/ is similar to that of the
<filename>/etc/pam.conf</filename> file and is made up of lines
of the following form:
</para>
<programlisting>
type control module-path module-arguments
</programlisting>
<para>
The only difference being that the service-name is not present. The
service-name is of course the name of the given configuration file.
For example, <filename>/etc/pam.d/login</filename> contains the
configuration for the <emphasis remap='B'>login</emphasis> service.
</para>
</section>

407
doc/man/pam.conf-syntax.xml Normal file
View File

@ -0,0 +1,407 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<section id='pam.conf-syntax'>
<para>
The syntax of the <filename>/etc/pam.conf</filename>
configuration file is as follows. The file is made up of a list
of rules, each rule is typically placed on a single line,
but may be extended with an escaped end of line: `\&lt;LF&gt;'.
Comments are preceded with `#' marks and extend to the next end of
line.
</para>
<para>
The format of each rule is a space separated collection of tokens,
the first three being case-insensitive:
</para>
<para>
<emphasis remap='B'> service type control module-path module-arguments</emphasis>
</para>
<para>
The syntax of files contained in the <filename>/etc/pam.d/</filename>
directory, are identical except for the absence of any
<emphasis>service</emphasis> field. In this case, the
<emphasis>service</emphasis> is the name of the file in the
<filename>/etc/pam.d/</filename> directory. This filename must be
in lower case.
</para>
<para>
An important feature of <emphasis>PAM</emphasis>, is that a
number of rules may be <emphasis>stacked</emphasis> to combine
the services of a number of PAMs for a given authentication task.
</para>
<para>
The <emphasis>service</emphasis> is typically the familiar name of
the corresponding application: <emphasis>login</emphasis> and
<emphasis>su</emphasis> are good examples. The
<emphasis>service</emphasis>-name, <emphasis>other</emphasis>,
is reserved for giving <emphasis>default</emphasis> rules.
Only lines that mention the current service (or in the absence
of such, the <emphasis>other</emphasis> entries) will be associated
with the given service-application.
</para>
<para>
The <emphasis>type</emphasis> is the management group that the rule
corresponds to. It is used to specify which of the management groups
the subsequent module is to be associated with. Valid entries are:
</para>
<variablelist>
<varlistentry>
<term>account</term>
<listitem>
<para>
this module type performs non-authentication based account
management. It is typically used to restrict/permit access
to a service based on the time of day, currently available
system resources (maximum number of users) or perhaps the
location of the applicant user -- 'root' login only on the
console.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>auth</term>
<listitem>
<para>
this module type provides two aspects of authenticating
the user. Firstly, it establishes that the user is who they
claim to be, by instructing the application to prompt the user
for a password or other means of identification. Secondly, the
module can grant group membership or other privileges through
its credential granting properties.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>password</term>
<listitem>
<para>
this module type is required for updating the authentication
token associated with the user. Typically, there is one module
for each 'challenge/response' based authentication (auth) type.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>session</term>
<listitem>
<para>
this module type is associated with doing things that need to
be done for the user before/after they can be given service.
Such things include the logging of information concerning the
opening/closing of some data exchange with a user, mounting
directories, etc.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
If the <emphasis>type</emphasis> value from the list above is prepended
with a <emphasis>-</emphasis> character the PAM library will not log to
the system log if it is not possible to load the module because it is
missing in the system. This can be useful especially for modules which
are not always installed on the system and are not required for correct
authentication and authorization of the login session.
</para>
<para>
The third field, <emphasis>control</emphasis>, indicates the
behavior of the PAM-API should the module fail to succeed in its
authentication task. There are two types of syntax for this control
field: the simple one has a single simple keyword; the more
complicated one involves a square-bracketed selection of
<emphasis>value=action</emphasis> pairs.
</para>
<para>
For the simple (historical) syntax valid <emphasis>control</emphasis>
values are:
</para>
<variablelist>
<varlistentry>
<term>required</term>
<listitem>
<para>
failure of such a PAM will ultimately lead to the PAM-API
returning failure but only after the remaining
<emphasis>stacked</emphasis> modules (for this
<emphasis>service</emphasis> and <emphasis>type</emphasis>)
have been invoked.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>requisite</term>
<listitem>
<para>
like <emphasis>required</emphasis>, however, in the case that
such a module returns a failure, control is directly returned
to the application or to the superior PAM stack.
The return value is that associated with
the first required or requisite module to fail. Note, this flag
can be used to protect against the possibility of a user getting
the opportunity to enter a password over an unsafe medium. It is
conceivable that such behavior might inform an attacker of valid
accounts on a system. This possibility should be weighed against
the not insignificant concerns of exposing a sensitive password
in a hostile environment.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>sufficient</term>
<listitem>
<para>
if such a module succeeds and no prior <emphasis>required</emphasis>
module has failed the PAM framework returns success to
the application or to the superior PAM stack immediately without
calling any further modules in the stack. A failure of a
<emphasis>sufficient</emphasis> module is ignored and processing
of the PAM module stack continues unaffected.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>optional</term>
<listitem>
<para>
the success or failure of this module is only important if
it is the only module in the stack associated with this
<emphasis>service</emphasis>+<emphasis>type</emphasis>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>include</term>
<listitem>
<para>
include all lines of given type from the configuration
file specified as an argument to this control.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>substack</term>
<listitem>
<para>
include all lines of given type from the configuration
file specified as an argument to this control. This differs from
<emphasis>include</emphasis> in that evaluation of the
<emphasis>done</emphasis> and <emphasis>die</emphasis> actions
in a substack does not cause skipping the rest of the complete
module stack, but only of the substack. Jumps in a substack
also can not make evaluation jump out of it, and the whole substack
is counted as one module when the jump is done in a parent stack.
The <emphasis>reset</emphasis> action will reset the state of a
module stack to the state it was in as of beginning of the substack
evaluation.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
For the more complicated syntax valid <emphasis>control</emphasis>
values have the following form:
</para>
<programlisting>
[value1=action1 value2=action2 ...]
</programlisting>
<para>
Where <emphasis>valueN</emphasis> corresponds to the return code
from the function invoked in the module for which the line is
defined. It is selected from one of these:
<emphasis>success</emphasis>, <emphasis>open_err</emphasis>,
<emphasis>symbol_err</emphasis>, <emphasis>service_err</emphasis>,
<emphasis>system_err</emphasis>, <emphasis>buf_err</emphasis>,
<emphasis>perm_denied</emphasis>, <emphasis>auth_err</emphasis>,
<emphasis>cred_insufficient</emphasis>,
<emphasis>authinfo_unavail</emphasis>,
<emphasis>user_unknown</emphasis>, <emphasis>maxtries</emphasis>,
<emphasis>new_authtok_reqd</emphasis>,
<emphasis>acct_expired</emphasis>, <emphasis>session_err</emphasis>,
<emphasis>cred_unavail</emphasis>, <emphasis>cred_expired</emphasis>,
<emphasis>cred_err</emphasis>, <emphasis>no_module_data</emphasis>,
<emphasis>conv_err</emphasis>, <emphasis>authtok_err</emphasis>,
<emphasis>authtok_recover_err</emphasis>,
<emphasis>authtok_lock_busy</emphasis>,
<emphasis>authtok_disable_aging</emphasis>,
<emphasis>try_again</emphasis>, <emphasis>ignore</emphasis>,
<emphasis>abort</emphasis>, <emphasis>authtok_expired</emphasis>,
<emphasis>module_unknown</emphasis>, <emphasis>bad_item</emphasis>,
<emphasis>conv_again</emphasis>, <emphasis>incomplete</emphasis>,
and <emphasis>default</emphasis>.
</para>
<para>
The last of these, <emphasis>default</emphasis>, implies 'all
<emphasis>valueN</emphasis>'s not mentioned explicitly. Note, the
full list of PAM errors is available in
<filename>/usr/include/security/_pam_types.h</filename>. The
<emphasis>actionN</emphasis> can take one of the following forms:
</para>
<variablelist>
<varlistentry>
<term>ignore</term>
<listitem>
<para>
when used with a stack of modules, the module's return
status will not contribute to the return code the application
obtains.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>bad</term>
<listitem>
<para>
this action indicates that the return code should be thought
of as indicative of the module failing. If this module is the
first in the stack to fail, its status value will be used for
that of the whole stack.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>die</term>
<listitem>
<para>
equivalent to bad with the side effect of terminating the
module stack and PAM immediately returning to the application.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ok</term>
<listitem>
<para>
this tells PAM that the administrator thinks this return code
should contribute directly to the return code of the full
stack of modules. In other words, if the former state of the
stack would lead to a return of <emphasis>PAM_SUCCESS</emphasis>,
the module's return code will override this value. Note, if
the former state of the stack holds some value that is
indicative of a modules failure, this 'ok' value will not be
used to override that value.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>done</term>
<listitem>
<para>
equivalent to ok with the side effect of terminating the module
stack and PAM immediately returning to the application.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>N (an unsigned integer)</term>
<listitem>
<para>
equivalent to ok with the side effect of jumping over the
next N modules in the stack. Note that N equal to 0 is not
allowed (and it would be identical to ok in such case).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>reset</term>
<listitem>
<para>
clear all memory of the state of the module stack and
start again with the next stacked module.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
Each of the four keywords: required; requisite; sufficient; and
optional, have an equivalent expression in terms of the [...]
syntax. They are as follows:
</para>
<variablelist>
<varlistentry>
<term>required</term>
<listitem>
<para>
[success=ok new_authtok_reqd=ok ignore=ignore default=bad]
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>requisite</term>
<listitem>
<para>
[success=ok new_authtok_reqd=ok ignore=ignore default=die]
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>sufficient</term>
<listitem>
<para>
[success=done new_authtok_reqd=done default=ignore]
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>optional</term>
<listitem>
<para>
[success=ok new_authtok_reqd=ok default=ignore]
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
<emphasis>module-path</emphasis> is either the full filename
of the PAM to be used by the application (it begins with a '/'),
or a relative pathname from the default module location:
<filename>/lib/security/</filename> or
<filename>/lib64/security/</filename>, depending on the architecture.
</para>
<para>
<emphasis>module-arguments</emphasis> are a space separated list
of tokens that can be used to modify the specific behavior of the
given PAM. Such arguments will be documented for each individual
module. Note, if you wish to include spaces in an argument, you
should surround that argument with square brackets.
</para>
<programlisting>
squid auth required pam_mysql.so user=passwd_query passwd=mada \
db=eminence [query=select user_name from internet_service \
where user_name='%u' and password=PASSWORD('%p') and \
service='web_proxy']
</programlisting>
<para>
When using this convention, you can include `[' characters
inside the string, and if you wish to include a `]' character
inside the string that will survive the argument parsing, you
should use `\]'. In other words:
</para>
<programlisting>
[..[..\]..] --> ..[..]..
</programlisting>
<para>
Any line in (one of) the configuration file(s), that is not formatted
correctly, will generally tend (erring on the side of caution) to make
the authentication process fail. A corresponding error is written to
the system log files with a call to
<citerefentry>
<refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
</section>

355
doc/man/pam.conf.5 Normal file
View File

@ -0,0 +1,355 @@
'\" t
.\" Title: pam.conf
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam.conf, pam.d \- PAM configuration files
.SH "DESCRIPTION"
.PP
When a
\fIPAM\fR
aware privilege granting application is started, it activates its attachment to the PAM\-API\&. This activation performs a number of tasks, the most important being the reading of the configuration file(s):
/etc/pam\&.conf\&. Alternatively, this may be the contents of the
/etc/pam\&.d/
directory\&. The presence of this directory will cause Linux\-PAM to ignore
/etc/pam\&.conf\&.
.PP
These files list the
\fIPAM\fRs that will do the authentication tasks required by this service, and the appropriate behavior of the PAM\-API in the event that individual
\fIPAM\fRs fail\&.
.PP
The syntax of the
/etc/pam\&.conf
configuration file is as follows\&. The file is made up of a list of rules, each rule is typically placed on a single line, but may be extended with an escaped end of line: `\e<LF>\*(Aq\&. Comments are preceded with `#\*(Aq marks and extend to the next end of line\&.
.PP
The format of each rule is a space separated collection of tokens, the first three being case\-insensitive:
.PP
\fB service type control module\-path module\-arguments\fR
.PP
The syntax of files contained in the
/etc/pam\&.d/
directory, are identical except for the absence of any
\fIservice\fR
field\&. In this case, the
\fIservice\fR
is the name of the file in the
/etc/pam\&.d/
directory\&. This filename must be in lower case\&.
.PP
An important feature of
\fIPAM\fR, is that a number of rules may be
\fIstacked\fR
to combine the services of a number of PAMs for a given authentication task\&.
.PP
The
\fIservice\fR
is typically the familiar name of the corresponding application:
\fIlogin\fR
and
\fIsu\fR
are good examples\&. The
\fIservice\fR\-name,
\fIother\fR, is reserved for giving
\fIdefault\fR
rules\&. Only lines that mention the current service (or in the absence of such, the
\fIother\fR
entries) will be associated with the given service\-application\&.
.PP
The
\fItype\fR
is the management group that the rule corresponds to\&. It is used to specify which of the management groups the subsequent module is to be associated with\&. Valid entries are:
.PP
account
.RS 4
this module type performs non\-authentication based account management\&. It is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user \-\- \*(Aqroot\*(Aq login only on the console\&.
.RE
.PP
auth
.RS 4
this module type provides two aspects of authenticating the user\&. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification\&. Secondly, the module can grant group membership or other privileges through its credential granting properties\&.
.RE
.PP
password
.RS 4
this module type is required for updating the authentication token associated with the user\&. Typically, there is one module for each \*(Aqchallenge/response\*(Aq based authentication (auth) type\&.
.RE
.PP
session
.RS 4
this module type is associated with doing things that need to be done for the user before/after they can be given service\&. Such things include the logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc\&.
.RE
.PP
If the
\fItype\fR
value from the list above is prepended with a
\fI\-\fR
character the PAM library will not log to the system log if it is not possible to load the module because it is missing in the system\&. This can be useful especially for modules which are not always installed on the system and are not required for correct authentication and authorization of the login session\&.
.PP
The third field,
\fIcontrol\fR, indicates the behavior of the PAM\-API should the module fail to succeed in its authentication task\&. There are two types of syntax for this control field: the simple one has a single simple keyword; the more complicated one involves a square\-bracketed selection of
\fIvalue=action\fR
pairs\&.
.PP
For the simple (historical) syntax valid
\fIcontrol\fR
values are:
.PP
required
.RS 4
failure of such a PAM will ultimately lead to the PAM\-API returning failure but only after the remaining
\fIstacked\fR
modules (for this
\fIservice\fR
and
\fItype\fR) have been invoked\&.
.RE
.PP
requisite
.RS 4
like
\fIrequired\fR, however, in the case that such a module returns a failure, control is directly returned to the application or to the superior PAM stack\&. The return value is that associated with the first required or requisite module to fail\&. Note, this flag can be used to protect against the possibility of a user getting the opportunity to enter a password over an unsafe medium\&. It is conceivable that such behavior might inform an attacker of valid accounts on a system\&. This possibility should be weighed against the not insignificant concerns of exposing a sensitive password in a hostile environment\&.
.RE
.PP
sufficient
.RS 4
if such a module succeeds and no prior
\fIrequired\fR
module has failed the PAM framework returns success to the application or to the superior PAM stack immediately without calling any further modules in the stack\&. A failure of a
\fIsufficient\fR
module is ignored and processing of the PAM module stack continues unaffected\&.
.RE
.PP
optional
.RS 4
the success or failure of this module is only important if it is the only module in the stack associated with this
\fIservice\fR+\fItype\fR\&.
.RE
.PP
include
.RS 4
include all lines of given type from the configuration file specified as an argument to this control\&.
.RE
.PP
substack
.RS 4
include all lines of given type from the configuration file specified as an argument to this control\&. This differs from
\fIinclude\fR
in that evaluation of the
\fIdone\fR
and
\fIdie\fR
actions in a substack does not cause skipping the rest of the complete module stack, but only of the substack\&. Jumps in a substack also can not make evaluation jump out of it, and the whole substack is counted as one module when the jump is done in a parent stack\&. The
\fIreset\fR
action will reset the state of a module stack to the state it was in as of beginning of the substack evaluation\&.
.RE
.PP
For the more complicated syntax valid
\fIcontrol\fR
values have the following form:
.sp
.if n \{\
.RS 4
.\}
.nf
[value1=action1 value2=action2 \&.\&.\&.]
.fi
.if n \{\
.RE
.\}
.PP
Where
\fIvalueN\fR
corresponds to the return code from the function invoked in the module for which the line is defined\&. It is selected from one of these:
\fIsuccess\fR,
\fIopen_err\fR,
\fIsymbol_err\fR,
\fIservice_err\fR,
\fIsystem_err\fR,
\fIbuf_err\fR,
\fIperm_denied\fR,
\fIauth_err\fR,
\fIcred_insufficient\fR,
\fIauthinfo_unavail\fR,
\fIuser_unknown\fR,
\fImaxtries\fR,
\fInew_authtok_reqd\fR,
\fIacct_expired\fR,
\fIsession_err\fR,
\fIcred_unavail\fR,
\fIcred_expired\fR,
\fIcred_err\fR,
\fIno_module_data\fR,
\fIconv_err\fR,
\fIauthtok_err\fR,
\fIauthtok_recover_err\fR,
\fIauthtok_lock_busy\fR,
\fIauthtok_disable_aging\fR,
\fItry_again\fR,
\fIignore\fR,
\fIabort\fR,
\fIauthtok_expired\fR,
\fImodule_unknown\fR,
\fIbad_item\fR,
\fIconv_again\fR,
\fIincomplete\fR, and
\fIdefault\fR\&.
.PP
The last of these,
\fIdefault\fR, implies \*(Aqall
\fIvalueN\fR\*(Aqs not mentioned explicitly\&. Note, the full list of PAM errors is available in
/usr/include/security/_pam_types\&.h\&. The
\fIactionN\fR
can take one of the following forms:
.PP
ignore
.RS 4
when used with a stack of modules, the module\*(Aqs return status will not contribute to the return code the application obtains\&.
.RE
.PP
bad
.RS 4
this action indicates that the return code should be thought of as indicative of the module failing\&. If this module is the first in the stack to fail, its status value will be used for that of the whole stack\&.
.RE
.PP
die
.RS 4
equivalent to bad with the side effect of terminating the module stack and PAM immediately returning to the application\&.
.RE
.PP
ok
.RS 4
this tells PAM that the administrator thinks this return code should contribute directly to the return code of the full stack of modules\&. In other words, if the former state of the stack would lead to a return of
\fIPAM_SUCCESS\fR, the module\*(Aqs return code will override this value\&. Note, if the former state of the stack holds some value that is indicative of a modules failure, this \*(Aqok\*(Aq value will not be used to override that value\&.
.RE
.PP
done
.RS 4
equivalent to ok with the side effect of terminating the module stack and PAM immediately returning to the application\&.
.RE
.PP
N (an unsigned integer)
.RS 4
equivalent to ok with the side effect of jumping over the next N modules in the stack\&. Note that N equal to 0 is not allowed (and it would be identical to ok in such case)\&.
.RE
.PP
reset
.RS 4
clear all memory of the state of the module stack and start again with the next stacked module\&.
.RE
.PP
Each of the four keywords: required; requisite; sufficient; and optional, have an equivalent expression in terms of the [\&.\&.\&.] syntax\&. They are as follows:
.PP
required
.RS 4
[success=ok new_authtok_reqd=ok ignore=ignore default=bad]
.RE
.PP
requisite
.RS 4
[success=ok new_authtok_reqd=ok ignore=ignore default=die]
.RE
.PP
sufficient
.RS 4
[success=done new_authtok_reqd=done default=ignore]
.RE
.PP
optional
.RS 4
[success=ok new_authtok_reqd=ok default=ignore]
.RE
.PP
\fImodule\-path\fR
is either the full filename of the PAM to be used by the application (it begins with a \*(Aq/\*(Aq), or a relative pathname from the default module location:
/lib/security/
or
/lib64/security/, depending on the architecture\&.
.PP
\fImodule\-arguments\fR
are a space separated list of tokens that can be used to modify the specific behavior of the given PAM\&. Such arguments will be documented for each individual module\&. Note, if you wish to include spaces in an argument, you should surround that argument with square brackets\&.
.sp
.if n \{\
.RS 4
.\}
.nf
squid auth required pam_mysql\&.so user=passwd_query passwd=mada \e
db=eminence [query=select user_name from internet_service \e
where user_name=\*(Aq%u\*(Aq and password=PASSWORD(\*(Aq%p\*(Aq) and \e
service=\*(Aqweb_proxy\*(Aq]
.fi
.if n \{\
.RE
.\}
.PP
When using this convention, you can include `[\*(Aq characters inside the string, and if you wish to include a `]\*(Aq character inside the string that will survive the argument parsing, you should use `\e]\*(Aq\&. In other words:
.sp
.if n \{\
.RS 4
.\}
.nf
[\&.\&.[\&.\&.\e]\&.\&.] \-\-> \&.\&.[\&.\&.]\&.\&.
.fi
.if n \{\
.RE
.\}
.PP
Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the side of caution) to make the authentication process fail\&. A corresponding error is written to the system log files with a call to
\fBsyslog\fR(3)\&.
.PP
More flexible than the single configuration file is it to configure libpam via the contents of the
/etc/pam\&.d/
directory\&. In this case the directory is filled with files each of which has a filename equal to a service\-name (in lower\-case): it is the personal configuration file for the named service\&.
.PP
The syntax of each file in /etc/pam\&.d/ is similar to that of the
/etc/pam\&.conf
file and is made up of lines of the following form:
.sp
.if n \{\
.RS 4
.\}
.nf
type control module\-path module\-arguments
.fi
.if n \{\
.RE
.\}
.PP
The only difference being that the service\-name is not present\&. The service\-name is of course the name of the given configuration file\&. For example,
/etc/pam\&.d/login
contains the configuration for the
\fBlogin\fR
service\&.
.SH "SEE ALSO"
.PP
\fBpam\fR(3),
\fBPAM\fR(8),
\fBpam_start\fR(3)

1
doc/man/pam.d.5 Normal file
View File

@ -0,0 +1 @@
.so pam.conf.5

100
doc/man/pam_acct_mgmt.3 Normal file
View File

@ -0,0 +1,100 @@
'\" t
.\" Title: pam_acct_mgmt
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_ACCT_MGMT" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_acct_mgmt \- PAM account validation management
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.HP \w'int\ pam_acct_mgmt('u
.BI "int pam_acct_mgmt(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_acct_mgmt\fR
function is used to determine if the user\*(Aqs account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&.
.PP
The
\fIpamh\fR
argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
Do not emit any messages\&.
.RE
.PP
PAM_DISALLOW_NULL_AUTHTOK
.RS 4
The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ACCT_EXPIRED
.RS 4
User account has expired\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
Authentication failure\&.
.RE
.PP
PAM_NEW_AUTHTOK_REQD
.RS 4
The user account is valid but their authentication token is
\fIexpired\fR\&. The correct response to this return\-value is to require that the user satisfies the
\fBpam_chauthtok()\fR
function before obtaining service\&. It may not be possible for some applications to do this\&. In such cases, the user should be denied access until such time as they can update their password\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
Permission denied\&.
.RE
.PP
PAM_SUCCESS
.RS 4
The authentication token was successfully updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_start\fR(3),
\fBpam_authenticate\fR(3),
\fBpam_chauthtok\fR(3),
\fBpam_strerror\fR(3),
\fBpam\fR(8)

145
doc/man/pam_acct_mgmt.3.xml Normal file
View File

@ -0,0 +1,145 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam_acct_mgmt'>
<refmeta>
<refentrytitle>pam_acct_mgmt</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_acct_mgmt-name">
<refname>pam_acct_mgmt</refname>
<refpurpose>PAM account validation management</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis id='pam_acct_mgmt-synopsis'>
<funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_acct_mgmt</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>int <parameter>flags</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id='pam_acct_mgmt-description'>
<title>DESCRIPTION</title>
<para>
The <function>pam_acct_mgmt</function> function is used to determine
if the user's account is valid. It checks for authentication token
and account expiration and verifies access restrictions. It is
typically called after the user has been authenticated.
</para>
<para>
The <emphasis>pamh</emphasis> argument is an authentication
handle obtained by a prior call to pam_start().
The flags argument is the binary or of zero or more of the
following values:
</para>
<variablelist>
<varlistentry>
<term>PAM_SILENT</term>
<listitem>
<para>
Do not emit any messages.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_DISALLOW_NULL_AUTHTOK</term>
<listitem>
<para>
The PAM module service should return PAM_NEW_AUTHTOK_REQD
if the user has a null authentication token.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_acct_mgmt-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_ACCT_EXPIRED</term>
<listitem>
<para>
User account has expired.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>
Authentication failure.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_NEW_AUTHTOK_REQD</term>
<listitem>
<para>
The user account is valid but their authentication token
is <emphasis>expired</emphasis>. The correct response to
this return-value is to require that the user satisfies
the <function>pam_chauthtok()</function> function before
obtaining service. It may not be possible for some
applications to do this. In such cases, the user should be
denied access until such time as they can update their password.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_PERM_DENIED</term>
<listitem>
<para>
Permission denied.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The authentication token was successfully updated.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
User unknown to password service.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_acct_mgmt-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>

110
doc/man/pam_authenticate.3 Normal file
View File

@ -0,0 +1,110 @@
'\" t
.\" Title: pam_authenticate
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_AUTHENTICATE" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_authenticate \- account authentication
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.HP \w'int\ pam_authenticate('u
.BI "int pam_authenticate(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_authenticate\fR
function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&.
.PP
The PAM service module may request that the user enter their username via the conversation mechanism (see
\fBpam_start\fR(3)
and
\fBpam_conv\fR(3))\&. The name of the authenticated user will be present in the PAM item PAM_USER\&. This item may be recovered with a call to
\fBpam_get_item\fR(3)\&.
.PP
The
\fIpamh\fR
argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
Do not emit any messages\&.
.RE
.PP
PAM_DISALLOW_NULL_AUTHTOK
.RS 4
The PAM module service should return PAM_AUTH_ERR if the user does not have a registered authentication token\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ABORT
.RS 4
The application should exit immediately after calling
\fBpam_end\fR(3)
first\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
The user was not authenticated\&.
.RE
.PP
PAM_CRED_INSUFFICIENT
.RS 4
For some reason the application does not have sufficient credentials to authenticate the user\&.
.RE
.PP
PAM_AUTHINFO_UNAVAIL
.RS 4
The modules were not able to access the authentication information\&. This might be due to a network or hardware failure etc\&.
.RE
.PP
PAM_MAXTRIES
.RS 4
One or more of the authentication modules has reached its limit of tries authenticating the user\&. Do not try again\&.
.RE
.PP
PAM_SUCCESS
.RS 4
The user was successfully authenticated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User unknown to authentication service\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_start\fR(3),
\fBpam_setcred\fR(3),
\fBpam_chauthtok\fR(3),
\fBpam_strerror\fR(3),
\fBpam\fR(8)

169
doc/man/pam_authenticate.3.xml Normal file
View File

@ -0,0 +1,169 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam_authenticate'>
<refmeta>
<refentrytitle>pam_authenticate</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_authenticate-name">
<refname>pam_authenticate</refname>
<refpurpose>account authentication</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis id='pam_authenticate-synopsis'>
<funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_authenticate</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>int <parameter>flags</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id='pam_authenticate-description'>
<title>DESCRIPTION</title>
<para>
The <function>pam_authenticate</function> function is used to
authenticate the user. The user is required to provide an
authentication token depending upon the authentication service,
usually this is a password, but could also be a finger print.
</para>
<para>
The PAM service module may request that the user enter their
username via the conversation mechanism (see
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> and
<citerefentry>
<refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>). The name of the authenticated user
will be present in the PAM item PAM_USER. This item may be
recovered with a call to
<citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
<para>
The <emphasis>pamh</emphasis> argument is an authentication
handle obtained by a prior call to pam_start().
The flags argument is the binary or of zero or more of the
following values:
</para>
<variablelist>
<varlistentry>
<term>PAM_SILENT</term>
<listitem>
<para>
Do not emit any messages.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_DISALLOW_NULL_AUTHTOK</term>
<listitem>
<para>
The PAM module service should return PAM_AUTH_ERR
if the user does not have a registered authentication token.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_authenticate-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_ABORT</term>
<listitem>
<para>
The application should exit immediately after calling
<citerefentry>
<refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> first.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>
The user was not authenticated.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CRED_INSUFFICIENT</term>
<listitem>
<para>
For some reason the application does not have sufficient
credentials to authenticate the user.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHINFO_UNAVAIL</term>
<listitem>
<para>
The modules were not able to access the authentication
information. This might be due to a network or hardware
failure etc.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_MAXTRIES</term>
<listitem>
<para>
One or more of the authentication modules has reached its
limit of tries authenticating the user. Do not try again.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The user was successfully authenticated.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
User unknown to authentication service.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_authenticate-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>

109
doc/man/pam_chauthtok.3 Normal file
View File

@ -0,0 +1,109 @@
'\" t
.\" Title: pam_chauthtok
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_CHAUTHTOK" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_chauthtok \- updating authentication tokens
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.HP \w'int\ pam_chauthtok('u
.BI "int pam_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_chauthtok\fR
function is used to change the authentication token for a given user (as indicated by the state associated with the handle
\fIpamh\fR)\&.
.PP
The
\fIpamh\fR
argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
Do not emit any messages\&.
.RE
.PP
PAM_CHANGE_EXPIRED_AUTHTOK
.RS 4
This argument indicates to the modules that the user\*(Aqs authentication token (password) should only be changed if it has expired\&. If this argument is not passed, the application requires that all authentication tokens are to be changed\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_AUTHTOK_ERR
.RS 4
A module was unable to obtain the new authentication token\&.
.RE
.PP
PAM_AUTHTOK_RECOVERY_ERR
.RS 4
A module was unable to obtain the old authentication token\&.
.RE
.PP
PAM_AUTHTOK_LOCK_BUSY
.RS 4
One or more of the modules was unable to change the authentication token since it is currently locked\&.
.RE
.PP
PAM_AUTHTOK_DISABLE_AGING
.RS 4
Authentication token aging has been disabled for at least one of the modules\&.
.RE
.PP
PAM_PERM_DENIED
.RS 4
Permission denied\&.
.RE
.PP
PAM_SUCCESS
.RS 4
The authentication token was successfully updated\&.
.RE
.PP
PAM_TRY_AGAIN
.RS 4
Not all of the modules were in a position to update the authentication token(s)\&. In such a case none of the user\*(Aqs authentication tokens are updated\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User unknown to password service\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_start\fR(3),
\fBpam_authenticate\fR(3),
\fBpam_setcred\fR(3),
\fBpam_get_item\fR(3),
\fBpam_strerror\fR(3),
\fBpam\fR(8)

164
doc/man/pam_chauthtok.3.xml Normal file
View File

@ -0,0 +1,164 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam_chauthtok'>
<refmeta>
<refentrytitle>pam_chauthtok</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_chauthtok-name">
<refname>pam_chauthtok</refname>
<refpurpose>updating authentication tokens</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis id='pam_chauthtok-synopsis'>
<funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_chauthtok</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>int <parameter>flags</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id='pam_chauthtok-description'>
<title>DESCRIPTION</title>
<para>
The <function>pam_chauthtok</function> function is used to change the
authentication token for a given user (as indicated by the state
associated with the handle <emphasis>pamh</emphasis>).
</para>
<para>
The <emphasis>pamh</emphasis> argument is an authentication
handle obtained by a prior call to pam_start().
The flags argument is the binary or of zero or more of the
following values:
</para>
<variablelist>
<varlistentry>
<term>PAM_SILENT</term>
<listitem>
<para>
Do not emit any messages.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CHANGE_EXPIRED_AUTHTOK</term>
<listitem>
<para>
This argument indicates to the modules that the user's
authentication token (password) should only be changed
if it has expired.
If this argument is not passed, the application requires
that all authentication tokens are to be changed.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_chauthtok-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_AUTHTOK_ERR</term>
<listitem>
<para>
A module was unable to obtain the new authentication token.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_RECOVERY_ERR</term>
<listitem>
<para>
A module was unable to obtain the old authentication token.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_LOCK_BUSY</term>
<listitem>
<para>
One or more of the modules was unable to change the
authentication token since it is currently locked.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_DISABLE_AGING</term>
<listitem>
<para>
Authentication token aging has been disabled for at least
one of the modules.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_PERM_DENIED</term>
<listitem>
<para>
Permission denied.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The authentication token was successfully updated.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_TRY_AGAIN</term>
<listitem>
<para>
Not all of the modules were in a position to update the
authentication token(s). In such a case none of the user's
authentication tokens are updated.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
User unknown to password service.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_chauthtok-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>

81
doc/man/pam_close_session.3 Normal file
View File

@ -0,0 +1,81 @@
'\" t
.\" Title: pam_close_session
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_CLOSE_SESSION" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_close_session \- terminate PAM session management
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.HP \w'int\ pam_close_session('u
.BI "int pam_close_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_close_session\fR
function is used to indicate that an authenticated session has ended\&. The session should have been created with a call to
\fBpam_open_session\fR(3)\&.
.PP
It should be noted that the effective uid,
\fBgeteuid\fR(2)\&. of the application should be of sufficient privilege to perform such tasks as unmounting the user\*(Aqs home directory for example\&.
.PP
The flags argument is the binary or of zero or more of the following values:
.PP
PAM_SILENT
.RS 4
Do not emit any messages\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_ABORT
.RS 4
General failure\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
Memory buffer error\&.
.RE
.PP
PAM_SESSION_ERR
.RS 4
Session failure\&.
.RE
.PP
PAM_SUCCESS
.RS 4
Session was successful terminated\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_open_session\fR(3),
\fBpam_strerror\fR(3)

115
doc/man/pam_close_session.3.xml Normal file
View File

@ -0,0 +1,115 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam_send'>
<refmeta>
<refentrytitle>pam_close_session</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_close_session-name">
<refname>pam_close_session</refname>
<refpurpose>terminate PAM session management</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis id="pam_close_session-synopsis">
<funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_close_session</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>int <parameter>flags</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id="pam_close_session-description">
<title>DESCRIPTION</title>
<para>
The <function>pam_close_session</function> function is used
to indicate that an authenticated session has ended.
The session should have been created with a call to
<citerefentry>
<refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
<para>
It should be noted that the effective uid,
<citerefentry>
<refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>. of the application should be of sufficient
privilege to perform such tasks as unmounting the
user's home directory for example.
</para>
<para>
The flags argument is the binary or of zero or more of the
following values:
</para>
<variablelist>
<varlistentry>
<term>PAM_SILENT</term>
<listitem>
<para>
Do not emit any messages.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_close_session-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_ABORT</term>
<listitem>
<para>
General failure.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_BUF_ERR</term>
<listitem>
<para>
Memory buffer error.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SESSION_ERR</term>
<listitem>
<para>
Session failure.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
Session was successful terminated.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_close_session-see_also">
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>

177
doc/man/pam_conv.3 Normal file
View File

@ -0,0 +1,177 @@
'\" t
.\" Title: pam_conv
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_CONV" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_conv \- PAM conversation function
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.sp
.nf
struct pam_message {
int msg_style;
const char *msg;
};
struct pam_response {
char *resp;
int resp_retcode;
};
struct pam_conv {
int (*conv)(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
void *appdata_ptr;
};
.fi
.SH "DESCRIPTION"
.PP
The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the
\fIstruct pam_conv\fR
passed to
\fBpam_start\fR(3)
at the start of the transaction\&.
.PP
When a module calls the referenced conv() function, the argument
\fIappdata_ptr\fR
is set to the second element of this structure\&.
.PP
The other arguments of a call to conv() concern the information exchanged by module and application\&. That is to say,
\fInum_msg\fR
holds the length of the array of pointers,
\fImsg\fR\&. After a successful return, the pointer
\fIresp\fR
points to an array of pam_response structures, holding the application supplied text\&. The
\fIresp_retcode\fR
member of this struct is unused and should be set to zero\&. It is the caller\*(Aqs responsibility to release both, this array and the responses themselves, using
\fBfree\fR(3)\&. Note,
\fI*resp\fR
is a
\fIstruct pam_response\fR
array and not an array of pointers\&.
.PP
The number of responses is always equal to the
\fInum_msg\fR
conversation function argument\&. This does require that the response array is
\fBfree\fR(3)\*(Aqd after every call to the conversation function\&. The index of the responses corresponds directly to the prompt index in the pam_message array\&.
.PP
On failure, the conversation function should release any resources it has allocated, and return one of the predefined PAM error codes\&.
.PP
Each message can have one of four types, specified by the
\fImsg_style\fR
member of
\fIstruct pam_message\fR:
.PP
PAM_PROMPT_ECHO_OFF
.RS 4
Obtain a string without echoing any text\&.
.RE
.PP
PAM_PROMPT_ECHO_ON
.RS 4
Obtain a string whilst echoing text\&.
.RE
.PP
PAM_ERROR_MSG
.RS 4
Display an error message\&.
.RE
.PP
PAM_TEXT_INFO
.RS 4
Display some text\&.
.RE
.PP
The point of having an array of messages is that it becomes possible to pass a number of things to the application in a single call from the module\&. It can also be convenient for the application that related things come at once: a windows based application can then present a single form with many messages/prompts on at once\&.
.PP
In passing, it is worth noting that there is a descrepency between the way Linux\-PAM handles the const struct pam_message **msg conversation function argument from the way that Solaris\*(Aq PAM (and derivitives, known to include HP/UX, are there others?) does\&. Linux\-PAM interprets the msg argument as entirely equivalent to the following prototype const struct pam_message *msg[] (which, in spirit, is consistent with the commonly used prototypes for argv argument to the familiar main() function: char **argv; and char *argv[])\&. Said another way Linux\-PAM interprets the msg argument as a pointer to an array of num_msg read only \*(Aqstruct pam_message\*(Aq pointers\&. Solaris\*(Aq PAM implementation interprets this argument as a pointer to a pointer to an array of num_msg pam_message structures\&. Fortunately, perhaps, for most module/application developers when num_msg has a value of one these two definitions are entirely equivalent\&. Unfortunately, casually raising this number to two has led to unanticipated compatibility problems\&.
.PP
For what its worth the two known module writer work\-arounds for trying to maintain source level compatibility with both PAM implementations are:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
never call the conversation function with num_msg greater than one\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
set up msg as doubly referenced so both types of conversation function can find the messages\&. That is, make
.sp
.if n \{\
.RS 4
.\}
.nf
msg[n] = & (( *msg )[n])
.fi
.if n \{\
.RE
.\}
.RE
.SH "RETURN VALUES"
.PP
PAM_BUF_ERR
.RS 4
Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
Conversation failure\&. The application should not set
\fI*resp\fR\&.
.RE
.PP
PAM_SUCCESS
.RS 4
Success\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_start\fR(3),
\fBpam_set_item\fR(3),
\fBpam_get_item\fR(3),
\fBpam_strerror\fR(3),
\fBpam\fR(8)

228
doc/man/pam_conv.3.xml Normal file
View File

@ -0,0 +1,228 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam_conv'>
<refmeta>
<refentrytitle>pam_conv</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_conv-name">
<refname>pam_conv</refname>
<refpurpose>PAM conversation function</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis id="pam_conv-synopsis">
<funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
</funcsynopsis>
<programlisting>
struct pam_message {
int msg_style;
const char *msg;
};
struct pam_response {
char *resp;
int resp_retcode;
};
struct pam_conv {
int (*conv)(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
void *appdata_ptr;
};
</programlisting>
</refsynopsisdiv>
<refsect1 id='pam_conv-description'>
<title>DESCRIPTION</title>
<para>
The PAM library uses an application-defined callback to allow
a direct communication between a loaded module and the application.
This callback is specified by the
<emphasis>struct pam_conv</emphasis> passed to
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
at the start of the transaction.
</para>
<para>
When a module calls the referenced conv() function, the argument
<emphasis>appdata_ptr</emphasis> is set to the second element of
this structure.
</para>
<para>
The other arguments of a call to conv() concern the information
exchanged by module and application. That is to say,
<emphasis>num_msg</emphasis> holds the length of the array of
pointers, <emphasis>msg</emphasis>. After a successful return, the
pointer <emphasis>resp</emphasis> points to an array of pam_response
structures, holding the application supplied text. The
<emphasis>resp_retcode</emphasis> member of this struct is unused and
should be set to zero. It is the caller's responsibility to release
both, this array and the responses themselves, using
<citerefentry>
<refentrytitle>free</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>. Note, <emphasis>*resp</emphasis> is a
<emphasis>struct pam_response</emphasis> array and not an array of
pointers.
</para>
<para>
The number of responses is always equal to the
<emphasis>num_msg</emphasis> conversation function argument.
This does require that the response array is
<citerefentry>
<refentrytitle>free</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>'d after
every call to the conversation function. The index of the
responses corresponds directly to the prompt index in the
pam_message array.
</para>
<para>
On failure, the conversation function should release any resources
it has allocated, and return one of the predefined PAM error codes.
</para>
<para>
Each message can have one of four types, specified by the
<emphasis>msg_style</emphasis> member of
<emphasis>struct pam_message</emphasis>:
</para>
<variablelist>
<varlistentry>
<term>PAM_PROMPT_ECHO_OFF</term>
<listitem>
<para>
Obtain a string without echoing any text.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_PROMPT_ECHO_ON</term>
<listitem>
<para>
Obtain a string whilst echoing text.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_ERROR_MSG</term>
<listitem>
<para>
Display an error message.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_TEXT_INFO</term>
<listitem>
<para>
Display some text.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
The point of having an array of messages is that it becomes possible
to pass a number of things to the application in a single call from
the module. It can also be convenient for the application that related
things come at once: a windows based application can then present a
single form with many messages/prompts on at once.
</para>
<para>
In passing, it is worth noting that there is a descrepency between
the way Linux-PAM handles the const struct pam_message **msg
conversation function argument from the way that Solaris' PAM
(and derivitives, known to include HP/UX, are there others?) does.
Linux-PAM interprets the msg argument as entirely equivalent to the
following prototype
const struct pam_message *msg[] (which, in spirit, is consistent with
the commonly used prototypes for argv argument to the familiar main()
function: char **argv; and char *argv[]). Said another way Linux-PAM
interprets the msg argument as a pointer to an array of num_msg read
only 'struct pam_message' pointers. Solaris' PAM implementation
interprets this argument as a pointer to a pointer to an array of
num_msg pam_message structures. Fortunately, perhaps, for most
module/application developers when num_msg has a value of one these
two definitions are entirely equivalent. Unfortunately, casually
raising this number to two has led to unanticipated compatibility
problems.
</para>
<para>
For what its worth the two known module writer work-arounds for trying
to maintain source level compatibility with both PAM implementations
are:
</para>
<itemizedlist>
<listitem>
<para>
never call the conversation function with num_msg greater than one.
</para>
</listitem>
<listitem>
<para>
set up msg as doubly referenced so both types of conversation
function can find the messages. That is, make
</para>
<programlisting>
msg[n] = &amp; (( *msg )[n])
</programlisting>
</listitem>
</itemizedlist>
</refsect1>
<refsect1 id="pam_conv-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_BUF_ERR</term>
<listitem>
<para>
Memory buffer error.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CONV_ERR</term>
<listitem>
<para>
Conversation failure. The application should not set
<emphasis>*resp</emphasis>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
Success.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_conv-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>

89
doc/man/pam_end.3 Normal file
View File

@ -0,0 +1,89 @@
'\" t
.\" Title: pam_end
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_END" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_end \- termination of PAM transaction
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.HP \w'int\ pam_end('u
.BI "int pam_end(pam_handle_t\ *" "pamh" ", int\ " "pam_status" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_end\fR
function terminates the PAM transaction and is the last function an application should call in the PAM context\&. Upon return the handle
\fIpamh\fR
is no longer valid and all memory associated with it will be invalid\&.
.PP
The
\fIpam_status\fR
argument should be set to the value returned to the application by the last PAM library call\&.
.PP
The value taken by
\fIpam_status\fR
is used as an argument to the module specific callback function,
\fBcleanup()\fR
(See
\fBpam_set_data\fR(3)
and
\fBpam_get_data\fR(3))\&. In this way the module can be given notification of the pass/fail nature of the tear\-down process, and perform any last minute tasks that are appropriate to the module before it is unlinked\&. This argument can be logically OR\*(Aqd with
\fIPAM_DATA_SILENT\fR
to indicate to indicate that the module should not treat the call too seriously\&. It is generally used to indicate that the current closing of the library is in a
\fBfork\fR(2)ed process, and that the parent will take care of cleaning up things that exist outside of the current process space (files etc\&.)\&.
.PP
This function
\fIfree\fR\*(Aqs all memory for items associated with the
\fBpam_set_item\fR(3)
and
\fBpam_get_item\fR(3)
functions\&. Pointers associated with such objects are not valid anymore after
\fBpam_end\fR
was called\&.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
Transaction was successful terminated\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
System error, for example a NULL pointer was submitted as PAM handle or the function was called by a module\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_get_data\fR(3),
\fBpam_set_data\fR(3),
\fBpam_start\fR(3),
\fBpam_strerror\fR(3)

122
doc/man/pam_end.3.xml Normal file
View File

@ -0,0 +1,122 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id='pam_end'>
<refmeta>
<refentrytitle>pam_end</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_end-name">
<refname>pam_end</refname>
<refpurpose>termination of PAM transaction</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis id="pam_end-synopsis">
<funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_end</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>int <parameter>pam_status</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id="pam_end-description">
<title>DESCRIPTION</title>
<para>
The <function>pam_end</function> function terminates the PAM
transaction and is the last function an application should call
in the PAM context. Upon return the handle <emphasis>pamh</emphasis>
is no longer valid and all memory associated with it will be
invalid.
</para>
<para>
The <emphasis>pam_status</emphasis> argument should be set to
the value returned to the application by the last PAM
library call.
</para>
<para>
The value taken by <emphasis>pam_status</emphasis> is used as
an argument to the module specific callback function,
<function>cleanup()</function>
(See <citerefentry>
<refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> and
<citerefentry>
<refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>). In this way the module can be given notification
of the pass/fail nature of the tear-down process, and perform any
last minute tasks that are appropriate to the module before it is
unlinked. This argument can be logically OR'd with
<emphasis>PAM_DATA_SILENT</emphasis> to indicate to indicate that
the module should not treat the call too seriously. It is generally
used to indicate that the current closing of the library is in a
<citerefentry>
<refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>ed
process, and that the parent will take care of cleaning up things
that exist outside of the current process space (files etc.).
</para>
<para>
This function <emphasis>free</emphasis>'s all memory for items
associated with the
<citerefentry>
<refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> and
<citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> functions. Pointers associated with such objects
are not valid anymore after <function>pam_end</function> was called.
</para>
</refsect1>
<refsect1 id="pam_end-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
Transaction was successful terminated.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SYSTEM_ERR</term>
<listitem>
<para>
System error, for example a NULL pointer was submitted
as PAM handle or the function was called by a module.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_end-see_also">
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
</refsect1>
</refentry>

90
doc/man/pam_error.3 Normal file
View File

@ -0,0 +1,90 @@
'\" t
.\" Title: pam_error
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_ERROR" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_error, pam_verror \- display error messages to the user
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_ext\&.h>
.fi
.ft
.HP \w'int\ pam_error('u
.BI "int pam_error(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");"
.HP \w'int\ pam_verror('u
.BI "int pam_verror(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", va_list\ " "args" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_error\fR
function prints error messages through the conversation function to the user\&.
.PP
The
\fBpam_verror\fR
function performs the same task as
\fBpam_error()\fR
with the difference that it takes a set of arguments which have been obtained using the
\fBstdarg\fR(3)
variable argument list macros\&.
.SH "RETURN VALUES"
.PP
PAM_BUF_ERR
.RS 4
Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
Conversation failure\&.
.RE
.PP
PAM_SUCCESS
.RS 4
Error message was displayed\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
System error\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_info\fR(3),
\fBpam_vinfo\fR(3),
\fBpam_prompt\fR(3),
\fBpam_vprompt\fR(3),
\fBpam\fR(8)
.SH "STANDARDS"
.PP
The
\fBpam_error\fR
and
\fBpam_verror\fR
functions are Linux\-PAM extensions\&.

121
doc/man/pam_error.3.xml Normal file
View File

@ -0,0 +1,121 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id="pam_error">
<refmeta>
<refentrytitle>pam_error</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_error-name">
<refname>pam_error</refname>
<refname>pam_verror</refname>
<refpurpose>display error messages to the user</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id="pam_error-synopsis">
<funcsynopsis>
<funcsynopsisinfo>#include &lt;security/pam_ext.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_error</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>const char *<parameter>fmt</parameter></paramdef>
<paramdef><parameter>...</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>pam_verror</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>const char *<parameter>fmt</parameter></paramdef>
<paramdef>va_list <parameter>args</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id='pam_error-description'>
<title>DESCRIPTION</title>
<para>
The <function>pam_error</function> function prints error messages
through the conversation function to the user.
</para>
<para>
The <function>pam_verror</function> function performs the same
task as <function>pam_error()</function> with the difference
that it takes a set of arguments which have been obtained using
the <citerefentry>
<refentrytitle>stdarg</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> variable argument list macros.
</para>
</refsect1>
<refsect1 id="pam_error-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_BUF_ERR</term>
<listitem>
<para>
Memory buffer error.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CONV_ERR</term>
<listitem>
<para>
Conversation failure.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
Error message was displayed.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SYSTEM_ERR</term>
<listitem>
<para>
System error.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_error-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_info</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_vinfo</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_prompt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_vprompt</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam_error-standards'>
<title>STANDARDS</title>
<para>
The <function>pam_error</function> and <function>pam_verror</function>
functions are Linux-PAM extensions.
</para>
</refsect1>
</refentry>

166
doc/man/pam_fail_delay.3 Normal file
View File

@ -0,0 +1,166 @@
'\" t
.\" Title: pam_fail_delay
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_FAIL_DELAY" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_fail_delay \- request a delay on failure
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_appl\&.h>
.fi
.ft
.HP \w'int\ pam_fail_delay('u
.BI "int pam_fail_delay(pam_handle_t\ *" "pamh" ", unsigned\ int\ " "usec" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_fail_delay\fR
function provides a mechanism by which an application or module can suggest a minimum delay of
\fIusec\fR
micro\-seconds\&. The function keeps a record of the longest time requested with this function\&. Should
\fBpam_authenticate\fR(3)
fail, the failing return to the application is delayed by an amount of time randomly distributed (by up to 50%) about this longest value\&.
.PP
Independent of success, the delay time is reset to its zero default value when the PAM service module returns control to the application\&. The delay occurs
\fIafter\fR
all authentication modules have been called, but
\fIbefore\fR
control is returned to the service application\&.
.PP
When using this function the programmer should check if it is available with:
.sp
.if n \{\
.RS 4
.\}
.nf
#ifdef HAVE_PAM_FAIL_DELAY
\&.\&.\&.\&.
#endif /* HAVE_PAM_FAIL_DELAY */
.fi
.if n \{\
.RE
.\}
.PP
For applications written with a single thread that are event driven in nature, generating this delay may be undesirable\&. Instead, the application may want to register the delay in some other way\&. For example, in a single threaded server that serves multiple authentication requests from a single event loop, the application might want to simply mark a given connection as blocked until an application timer expires\&. For this reason the delay function can be changed with the
\fIPAM_FAIL_DELAY\fR
item\&. It can be queried and set with
\fBpam_get_item\fR(3)
and
\fBpam_set_item \fR(3)
respectively\&. The value used to set it should be a function pointer of the following prototype:
.sp
.if n \{\
.RS 4
.\}
.nf
void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr);
.fi
.if n \{\
.RE
.\}
.sp
The arguments being the
\fIretval\fR
return code of the module stack, the
\fIusec_delay\fR
micro\-second delay that libpam is requesting and the
\fIappdata_ptr\fR
that the application has associated with the current
\fIpamh\fR\&. This last value was set by the application when it called
\fBpam_start\fR(3)
or explicitly with
\fBpam_set_item\fR(3)\&. Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay will be performed\&.
.SH "RATIONALE"
.PP
It is often possible to attack an authentication scheme by exploiting the time it takes the scheme to deny access to an applicant user\&. In cases of
\fIshort\fR
timeouts, it may prove possible to attempt a
\fIbrute force\fR
dictionary attack \-\- with an automated process, the attacker tries all possible passwords to gain access to the system\&. In other cases, where individual failures can take measurable amounts of time (indicating the nature of the failure), an attacker can obtain useful information about the authentication process\&. These latter attacks make use of procedural delays that constitute a
\fIcovert channel\fR
of useful information\&.
.PP
To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process\&. Preferable this value should be set by the application or a special PAM module\&. Standard PAM modules should not modify the delay unconditional\&.
.SH "EXAMPLE"
.PP
For example, a login application may require a failure delay of roughly 3 seconds\&. It will contain the following code:
.sp
.if n \{\
.RS 4
.\}
.nf
pam_fail_delay (pamh, 3000000 /* micro\-seconds */ );
pam_authenticate (pamh, 0);
.fi
.if n \{\
.RE
.\}
.PP
if the modules do not request a delay, the failure delay will be between 1\&.5 and 4\&.5 seconds\&.
.PP
However, the modules, invoked in the authentication process, may also request delays:
.sp
.if n \{\
.RS 4
.\}
.nf
module #1: pam_fail_delay (pamh, 2000000);
module #2: pam_fail_delay (pamh, 4000000);
.fi
.if n \{\
.RE
.\}
.PP
in this case, it is the largest requested value that is used to compute the actual failed delay: here between 2 and 6 seconds\&.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
Delay was successful adjusted\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
A NULL pointer was submitted as PAM handle\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam_start\fR(3),
\fBpam_get_item\fR(3),
\fBpam_strerror\fR(3)
.SH "STANDARDS"
.PP
The
\fBpam_fail_delay\fR
function is an Linux\-PAM extension\&.

202
doc/man/pam_fail_delay.3.xml Normal file
View File

@ -0,0 +1,202 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id="pam_fail_delay">
<refmeta>
<refentrytitle>pam_fail_delay</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_fail_delay-name">
<refname>pam_fail_delay</refname>
<refpurpose>request a delay on failure</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv>
<funcsynopsis id="pam_fail_delay-synopsis">
<funcsynopsisinfo>#include &lt;security/pam_appl.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_fail_delay</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>unsigned int <parameter>usec</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id='pam_fail_delay-description'>
<title>DESCRIPTION</title>
<para>
The <function>pam_fail_delay</function> function provides a
mechanism by which an application or module can suggest a minimum
delay of <emphasis>usec</emphasis> micro-seconds. The
function keeps a record of the longest time requested with this
function. Should
<citerefentry>
<refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> fail, the failing return to the application is
delayed by an amount of time randomly distributed (by up to 50%)
about this longest value.
</para>
<para>
Independent of success, the delay time is reset to its zero
default value when the PAM service module returns control to
the application. The delay occurs <emphasis>after</emphasis> all
authentication modules have been called, but <emphasis>before</emphasis>
control is returned to the service application.
</para>
<para>
When using this function the programmer should check if it is
available with:
</para>
<programlisting>
#ifdef HAVE_PAM_FAIL_DELAY
....
#endif /* HAVE_PAM_FAIL_DELAY */
</programlisting>
<para>
For applications written with a single thread that are event
driven in nature, generating this delay may be undesirable.
Instead, the application may want to register the delay in some
other way. For example, in a single threaded server that serves
multiple authentication requests from a single event loop, the
application might want to simply mark a given connection as
blocked until an application timer expires. For this reason
the delay function can be changed with the
<emphasis>PAM_FAIL_DELAY</emphasis> item. It can be queried and
set with
<citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
and
<citerefentry>
<refentrytitle>pam_set_item </refentrytitle><manvolnum>3</manvolnum>
</citerefentry> respectively. The value used to set it should be
a function pointer of the following prototype:
<programlisting>
void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr);
</programlisting>
The arguments being the <emphasis>retval</emphasis> return code
of the module stack, the <emphasis>usec_delay</emphasis>
micro-second delay that libpam is requesting and the
<emphasis>appdata_ptr</emphasis> that the application has associated
with the current <emphasis>pamh</emphasis>. This last value was set
by the application when it called
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> or explicitly with
<citerefentry>
<refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay
will be performed.
</para>
</refsect1>
<refsect1 id='pam_fail_delay-rationale'>
<title>RATIONALE</title>
<para>
It is often possible to attack an authentication scheme by exploiting
the time it takes the scheme to deny access to an applicant user. In
cases of <emphasis>short</emphasis> timeouts, it may prove possible
to attempt a <emphasis>brute force</emphasis> dictionary attack --
with an automated process, the attacker tries all possible passwords
to gain access to the system. In other cases, where individual
failures can take measurable amounts of time (indicating the nature
of the failure), an attacker can obtain useful information about the
authentication process. These latter attacks make use of procedural
delays that constitute a <emphasis>covert channel</emphasis>
of useful information.
</para>
<para>
To minimize the effectiveness of such attacks, it is desirable to
introduce a random delay in a failed authentication process.
Preferable this value should be set by the application or a special
PAM module. Standard PAM modules should not modify the delay
unconditional.
</para>
</refsect1>
<refsect1 id='pam_fail_delay-example'>
<title>EXAMPLE</title>
<para>
For example, a login application may require a failure delay of
roughly 3 seconds. It will contain the following code:
</para>
<programlisting>
pam_fail_delay (pamh, 3000000 /* micro-seconds */ );
pam_authenticate (pamh, 0);
</programlisting>
<para>
if the modules do not request a delay, the failure delay will be
between 1.5 and 4.5 seconds.
</para>
<para>
However, the modules, invoked in the authentication process, may
also request delays:
</para>
<programlisting>
module #1: pam_fail_delay (pamh, 2000000);
module #2: pam_fail_delay (pamh, 4000000);
</programlisting>
<para>
in this case, it is the largest requested value that is used to
compute the actual failed delay: here between 2 and 6 seconds.
</para>
</refsect1>
<refsect1 id='pam_fail_delay-return_values'>
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
Delay was successful adjusted.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SYSTEM_ERR</term>
<listitem>
<para>
A NULL pointer was submitted as PAM handle.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_fail_delay-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam_fail_delay-standards'>
<title>STANDARDS</title>
<para>
The <function>pam_fail_delay</function> function is an
Linux-PAM extension.
</para>
</refsect1>
</refentry>

169
doc/man/pam_get_authtok.3 Normal file
View File

@ -0,0 +1,169 @@
'\" t
.\" Title: pam_get_authtok
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_GET_AUTHTOK" "3" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_get_authtok, pam_get_authtok_verify, pam_get_authtok_noverify \- get authentication token
.SH "SYNOPSIS"
.sp
.ft B
.nf
#include <security/pam_ext\&.h>
.fi
.ft
.HP \w'int\ pam_get_authtok('u
.BI "int pam_get_authtok(pam_handle_t\ *" "pamh" ", int\ " "item" ", const\ char\ **" "authtok" ", const\ char\ *" "prompt" ");"
.HP \w'int\ pam_get_authtok_noverify('u
.BI "int pam_get_authtok_noverify(pam_handle_t\ *" "pamh" ", const\ char\ **" "authtok" ", const\ char\ *" "prompt" ");"
.HP \w'int\ pam_get_authtok_verify('u
.BI "int pam_get_authtok_verify(pam_handle_t\ *" "pamh" ", const\ char\ **" "authtok" ", const\ char\ *" "prompt" ");"
.SH "DESCRIPTION"
.PP
The
\fBpam_get_authtok\fR
function returns the cached authentication token, or prompts the user if no token is currently cached\&. It is intended for internal use by Linux\-PAM and PAM service modules\&. Upon successful return,
\fIauthtok\fR
contains a pointer to the value of the authentication token\&. Note, this is a pointer to the
\fIactual\fR
data and should
\fBnot\fR
be
\fIfree()\fR\*(Aqed or over\-written!
.PP
The
\fIprompt\fR
argument specifies a prompt to use if no token is cached\&. If a NULL pointer is given,
\fBpam_get_authtok\fR
uses pre\-defined prompts\&.
.PP
The following values are supported for
\fIitem\fR:
.PP
PAM_AUTHTOK
.RS 4
Returns the current authentication token\&. Called from
\fBpam_sm_chauthtok\fR(3)\fBpam_get_authtok\fR
will ask the user to confirm the new token by retyping it\&. If a prompt was specified, "Retype" will be used as prefix\&.
.RE
.PP
PAM_OLDAUTHTOK
.RS 4
Returns the previous authentication token when changing authentication tokens\&.
.RE
.PP
The
\fBpam_get_authtok_noverify\fR
function can only be used for changing the password (from
\fBpam_sm_chauthtok\fR(3))\&. It returns the cached authentication token, or prompts the user if no token is currently cached\&. The difference to
\fBpam_get_authtok\fR
is, that this function does not ask a second time for the password to verify it\&. Upon successful return,
\fIauthtok\fR
contains a pointer to the value of the authentication token\&. Note, this is a pointer to the
\fIactual\fR
data and should
\fBnot\fR
be
\fIfree()\fR\*(Aqed or over\-written!
.PP
The
\fBpam_get_authtok_verify\fR
function can only be used to verify a password for mistypes gotten by
\fBpam_get_authtok_noverify\fR(3)\&. This function asks a second time for the password and verify it with the password provided by
\fIauthtok\fR
argument\&. In case of an error, the value of
\fIauthtok\fR
is undefined\&. Else this argument will point to the
\fIactual\fR
data and should
\fBnot\fR
be
\fIfree()\fR\*(Aqed or over\-written!
.SH "OPTIONS"
.PP
\fBpam_get_authtok\fR
honours the following module options:
.PP
\fBtry_first_pass\fR
.RS 4
Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&.
.RE
.PP
\fBuse_first_pass\fR
.RS 4
The argument
\fBuse_first_pass\fR
forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\&.
.RE
.PP
\fBuse_authtok\fR
.RS 4
When password changing enforce the module to set the new token to the one provided by a previously stacked
\fBpassword\fR
module\&. If no token is available token changing will fail\&.
.RE
.PP
\fBauthtok_type=\fR\fB\fIXXX\fR\fR
.RS 4
The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word
\fIUNIX\fR
can be replaced with this option, by default it is empty\&.
.RE
.SH "RETURN VALUES"
.PP
PAM_AUTH_ERR
.RS 4
Authentication token could not be retrieved\&.
.RE
.PP
PAM_AUTHTOK_ERR
.RS 4
New authentication could not be retrieved\&.
.RE
.PP
PAM_SUCCESS
.RS 4
Authentication token was successfully retrieved\&.
.RE
.PP
PAM_SYSTEM_ERR
.RS 4
No space for an authentication token was provided\&.
.RE
.PP
PAM_TRY_AGAIN
.RS 4
New authentication tokens mismatch\&.
.RE
.SH "SEE ALSO"
.PP
\fBpam\fR(8)
.SH "STANDARDS"
.PP
The
\fBpam_get_authtok\fR
function is a Linux\-PAM extensions\&.

248
doc/man/pam_get_authtok.3.xml Normal file
View File

@ -0,0 +1,248 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry id="pam_get_authtok">
<refmeta>
<refentrytitle>pam_get_authtok</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_get_authtok-name">
<refname>pam_get_authtok</refname>
<refname>pam_get_authtok_verify</refname>
<refname>pam_get_authtok_noverify</refname>
<refpurpose>get authentication token</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id="pam_get_authtok-synopsis">
<funcsynopsis>
<funcsynopsisinfo>#include &lt;security/pam_ext.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>pam_get_authtok</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>int <parameter>item</parameter></paramdef>
<paramdef>const char **<parameter>authtok</parameter></paramdef>
<paramdef>const char *<parameter>prompt</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>pam_get_authtok_noverify</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>const char **<parameter>authtok</parameter></paramdef>
<paramdef>const char *<parameter>prompt</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>pam_get_authtok_verify</function></funcdef>
<paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
<paramdef>const char **<parameter>authtok</parameter></paramdef>
<paramdef>const char *<parameter>prompt</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1 id='pam_get_authtok-description'>
<title>DESCRIPTION</title>
<para>
The <function>pam_get_authtok</function> function returns the
cached authentication token, or prompts the user if no token is
currently cached. It is intended for internal use by Linux-PAM and
PAM service modules. Upon successful return,
<emphasis>authtok</emphasis> contains a pointer to the value of the
authentication token. Note, this is a pointer to the
<emphasis>actual</emphasis> data and should
<emphasis remap="B">not</emphasis> be <emphasis>free()</emphasis>'ed or
over-written!
</para>
<para>
The <emphasis>prompt</emphasis> argument specifies a prompt to use
if no token is cached. If a NULL pointer
is given, <function>pam_get_authtok</function> uses pre-defined prompts.
</para>
<para>
The following values are supported for <emphasis>item</emphasis>:
</para>
<variablelist>
<varlistentry>
<term>PAM_AUTHTOK</term>
<listitem>
<para>
Returns the current authentication token. Called from
<citerefentry><refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> <function>pam_get_authtok</function> will
ask the user to confirm the new token by retyping it. If
a prompt was specified, "Retype" will be used as prefix.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_OLDAUTHTOK</term>
<listitem>
<para>
Returns the previous authentication token when changing
authentication tokens.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
The <function>pam_get_authtok_noverify</function> function can
only be used for changing the password
(from <citerefentry>
<refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>). It returns the cached
authentication token, or prompts the user if no token is
currently cached. The difference to <function>pam_get_authtok</function>
is, that this function does not ask a second time for the password
to verify it. Upon successful return, <emphasis>authtok</emphasis>
contains a pointer to the value of the authentication token. Note,
this is a pointer to the
<emphasis>actual</emphasis> data and should
<emphasis remap="B">not</emphasis> be <emphasis>free()</emphasis>'ed or
over-written!
</para>
<para>
The <function>pam_get_authtok_verify</function> function can
only be used to verify a password for mistypes gotten by
<citerefentry>
<refentrytitle>pam_get_authtok_noverify</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>. This function asks a second time for the password
and verify it with the password provided by <emphasis>authtok</emphasis>
argument. In case of an error, the value of <emphasis>authtok</emphasis>
is undefined. Else this argument will point to the
<emphasis>actual</emphasis> data and should
<emphasis remap="B">not</emphasis> be <emphasis>free()</emphasis>'ed or
over-written!
</para>
</refsect1>
<refsect1 id="pam_get_authtok-options">
<title>OPTIONS</title>
<para>
<function>pam_get_authtok</function> honours the following module
options:
</para>
<variablelist>
<varlistentry>
<term>
<option>try_first_pass</option>
</term>
<listitem>
<para>
Before prompting the user for their password, the module first
tries the previous stacked module's password in case that
satisfies this module as well.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>use_first_pass</option>
</term>
<listitem>
<para>
The argument <option>use_first_pass</option> forces the module
to use a previous stacked modules password and will never prompt
the user - if no password is available or the password is not
appropriate, the user will be denied access.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>use_authtok</option>
</term>
<listitem>
<para>
When password changing enforce the module to set the new
token to the one provided by a previously stacked
<option>password</option> module. If no token is available
token changing will fail.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>authtok_type=<replaceable>XXX</replaceable></option>
</term>
<listitem>
<para>
The default action is for the module to use the
following prompts when requesting passwords:
"New UNIX password: " and "Retype UNIX password: ".
The example word <emphasis>UNIX</emphasis> can
be replaced with this option, by default it is empty.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_get_authtok-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>
Authentication token could not be retrieved.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK_ERR</term>
<listitem>
<para>
New authentication could not be retrieved.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
Authentication token was successfully retrieved.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SYSTEM_ERR</term>
<listitem>
<para>
No space for an authentication token was provided.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_TRY_AGAIN</term>
<listitem>
<para>
New authentication tokens mismatch.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_get_authtok-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam_get_authtok-standards'>
<title>STANDARDS</title>
<para>
The <function>pam_get_authtok</function> function is a Linux-PAM
extensions.
</para>
</refsect1>
</refentry>

1
doc/man/pam_get_authtok_noverify.3 Normal file
View File

@ -0,0 +1 @@
.so pam_get_authtok.3

1
doc/man/pam_get_authtok_verify.3 Normal file
View File

@ -0,0 +1 @@
.so pam_get_authtok.3

Some files were not shown because too many files have changed in this diff Show More