diff options
| author | Sam Hartman <hartmans@debian.org> | 2025-01-14 15:52:15 -0700 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2025-01-14 15:52:15 -0700 |
| commit | 4b5550d19d33e748a144700bb7f105e588bae29c (patch) | |
| tree | a97cea59e7487d46e5e9beab6f9f616dc2b4853c | |
| parent | 4ff277973391ae6879656bb534665e3a4f1f1a1a (diff) | |
| download | pam-4b5550d19d33e748a144700bb7f105e588bae29c.tar.gz pam-4b5550d19d33e748a144700bb7f105e588bae29c.tar.bz2 pam-4b5550d19d33e748a144700bb7f105e588bae29c.zip | |
Rebuild patches
24 files changed, 687 insertions, 1932 deletions
diff --git a/debian/patches/0003-pam_unix-obscure-checks.patch b/debian/patches/0003-pam_unix-obscure-checks.patch index 12651a0b..e14d7af3 100644 --- a/debian/patches/0003-pam_unix-obscure-checks.patch +++ b/debian/patches/0003-pam_unix-obscure-checks.patch @@ -3,85 +3,33 @@ Date: Mon, 11 Sep 2023 14:00:42 -0600 Subject: pam_unix: obscure checks * Bring in the obscure checks that used to live in shadow so we can still support them - -* Set default minimum password length to 6 --- - modules/pam_unix/Makefile.am | 2 +- - modules/pam_unix/README | 36 ++++++- - modules/pam_unix/obscure.c | 198 +++++++++++++++++++++++++++++++++++++ - modules/pam_unix/pam_unix.8 | 33 ++++++- - modules/pam_unix/pam_unix.8.xml | 77 ++++++++++++++- + modules/module-meson.build | 1 + + modules/pam_unix/obscure.c | 199 +++++++++++++++++++++++++++++++++++++ + modules/pam_unix/pam_unix.8.xml | 75 +++++++++++++- modules/pam_unix/pam_unix_passwd.c | 10 +- - modules/pam_unix/support.h | 78 ++++++++------- - 7 files changed, 389 insertions(+), 45 deletions(-) + modules/pam_unix/support.h | 79 ++++++++------- + 5 files changed, 324 insertions(+), 40 deletions(-) create mode 100644 modules/pam_unix/obscure.c -diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am -index a1dfe44..ddba63c 100644 ---- a/modules/pam_unix/Makefile.am -+++ b/modules/pam_unix/Makefile.am -@@ -43,7 +43,7 @@ noinst_PROGRAMS = bigcrypt - - pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ - pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ -- passverify.c md5_good.c md5_broken.c -+ passverify.c md5_good.c md5_broken.c obscure.c - if HAVE_NIS - pam_unix_la_SOURCES += yppasswd_xdr.c - endif -diff --git a/modules/pam_unix/README b/modules/pam_unix/README -index 67a2d21..be11095 100644 ---- a/modules/pam_unix/README -+++ b/modules/pam_unix/README -@@ -171,8 +171,40 @@ broken_shadow - - minlen=n - -- Set a minimum password length of n characters. The max. for DES crypt based -- passwords are 8 characters. -+ Set a minimum password length of n characters. The default value is 6. The -+ maximum for DES crypt-based passwords is 8 characters. -+ -+obscure -+ -+ Enable some extra checks on password strength. These checks are based on -+ the "obscure" checks in the original shadow package. The behavior is -+ similar to the pam_cracklib module, but for non-dictionary-based checks. -+ The following checks are implemented: -+ -+ Palindrome -+ -+ Verifies that the new password is not a palindrome of (i.e., the -+ reverse of) the previous one. -+ -+ Case Change Only -+ -+ Verifies that the new password isn't the same as the old one with a -+ change of case. -+ -+ Similar -+ -+ Verifies that the new password isn't too much like the previous one. -+ -+ Simple -+ -+ Is the new password too simple? This is based on the length of the -+ password and the number of different types of characters (alpha, -+ numeric, etc.) used. -+ -+ Rotated -+ -+ Is the new password a rotated version of the old password? (E.g., -+ "billy" and "illyb") - - no_pass_expiry - +diff --git a/modules/module-meson.build b/modules/module-meson.build +index d55dad2..edf9d57 100644 +--- a/modules/module-meson.build ++++ b/modules/module-meson.build +@@ -106,6 +106,7 @@ if module == 'pam_unix' + 'pam_unix_auth.c', + 'pam_unix_passwd.c', + 'pam_unix_sess.c', ++ 'obscure.c', + 'support.c', + 'passverify.c', + 'md5_good.c', diff --git a/modules/pam_unix/obscure.c b/modules/pam_unix/obscure.c new file mode 100644 -index 0000000..2ffac92 +index 0000000..9dbbe6e --- /dev/null +++ b/modules/pam_unix/obscure.c -@@ -0,0 +1,198 @@ +@@ -0,0 +1,199 @@ +/* + * Copyright 1989 - 1994, Julianne Frances Haugh + * All rights reserved. @@ -123,6 +71,7 @@ index 0000000..2ffac92 +#include <security/_pam_macros.h> + + ++#include "pam_i18n.h" +#include "support.h" + +/* can't be a palindrome - like `R A D A R' or `M A D A M' */ @@ -280,65 +229,14 @@ index 0000000..2ffac92 + + return msg; +} -diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8 -index 438717f..6f5f19b 100644 ---- a/modules/pam_unix/pam_unix.8 -+++ b/modules/pam_unix/pam_unix.8 -@@ -216,7 +216,38 @@ minlen=n - .RS 4 - Set a minimum password length of - \fIn\fR --characters\&. The max\&. for DES crypt based passwords are 8 characters\&. -+characters\&. The default value is 6\&. The maximum for DES crypt\-based passwords is 8 characters\&. -+.RE -+.PP -+\fBobscure\fR -+.RS 4 -+Enable some extra checks on password strength\&. These checks are based on the "obscure" checks in the original shadow package\&. The behavior is similar to the pam_cracklib module, but for non\-dictionary\-based checks\&. The following checks are implemented: -+.PP -+\fBPalindrome\fR -+.RS 4 -+Verifies that the new password is not a palindrome of (i\&.e\&., the reverse of) the previous one\&. -+.RE -+.PP -+\fBCase Change Only\fR -+.RS 4 -+Verifies that the new password isn\*(Aqt the same as the old one with a change of case\&. -+.RE -+.PP -+\fBSimilar\fR -+.RS 4 -+Verifies that the new password isn\*(Aqt too much like the previous one\&. -+.RE -+.PP -+\fBSimple\fR -+.RS 4 -+Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc\&.) used\&. -+.RE -+.PP -+\fBRotated\fR -+.RS 4 -+Is the new password a rotated version of the old password? (E\&.g\&., "billy" and "illyb") -+.RE -+.sp - .RE - .PP - no_pass_expiry diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml -index dfc0427..4e63a49 100644 +index d2cd198..d02320b 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml -@@ -397,8 +397,81 @@ - <listitem> - <para> - Set a minimum password length of <replaceable>n</replaceable> -- characters. The max. for DES crypt based passwords are 8 -- characters. -+ characters. The default value is 6. The maximum for DES -+ crypt-based passwords is 8 characters. -+ </para> -+ </listitem> -+ </varlistentry> +@@ -402,6 +402,79 @@ + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>obscure</option> @@ -409,14 +307,24 @@ index dfc0427..4e63a49 100644 + </listitem> + </varlistentry> + </variablelist> - </para> - </listitem> - </varlistentry> ++ </para> ++ </listitem> ++ </varlistentry> + <varlistentry> + <term> + no_pass_expiry +@@ -495,4 +568,4 @@ session required pam_unix.so + </para> + </refsect1> + +-</refentry> +\ No newline at end of file ++</refentry> diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index c341741..652f3c5 100644 +index 4a3784a..ea941fe 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c -@@ -86,6 +86,9 @@ extern int getrpcport(const char *host, unsigned long prognum, +@@ -87,6 +87,9 @@ extern int getrpcport(const char *host, unsigned long prognum, # endif /* GNU libc 2.1 */ #endif @@ -426,7 +334,7 @@ index c341741..652f3c5 100644 /* How it works: Gets in username (has to be done) from the calling program -@@ -584,6 +587,11 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh +@@ -588,6 +591,11 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh return retval; } } @@ -438,20 +346,28 @@ index c341741..652f3c5 100644 } if (remark) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); -@@ -599,7 +607,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +@@ -603,7 +611,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) int retval; int remember = -1; int rounds = 0; - int pass_min_len = 0; + int pass_min_len = 6; + struct passwd *pwd; /* <DO NOT free() THESE> */ - const char *user; diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index 8105400..91e7478 100644 +index e8f629d..425ff66 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h -@@ -101,50 +101,52 @@ typedef struct { +@@ -6,6 +6,7 @@ + #define _PAM_UNIX_SUPPORT_H + + #include <pwd.h> ++#include "pam_inline.h" + + /* + * File to read value of ENCRYPT_METHOD from. +@@ -101,50 +102,52 @@ typedef struct { #define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */ #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ diff --git a/debian/patches/0018-Libpam-is-both-shared-and-static.patch b/debian/patches/0018-Libpam-is-both-shared-and-static.patch new file mode 100644 index 00000000..c50cffee --- /dev/null +++ b/debian/patches/0018-Libpam-is-both-shared-and-static.patch @@ -0,0 +1,21 @@ +From: Sam Hartman <hartmans@debian.org> +Date: Tue, 14 Jan 2025 15:04:41 -0700 +Subject: Libpam is both shared and static + +--- + libpam/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libpam/meson.build b/libpam/meson.build +index 3e8a531..95a6054 100644 +--- a/libpam/meson.build ++++ b/libpam/meson.build +@@ -43,7 +43,7 @@ libpam_map_path = meson.current_source_dir() / libpam_map + libpam_link_deps = [libpam_map] + libpam_link_args = ['-Wl,--version-script=' + libpam_map_path] + +-libpam = shared_library( ++libpam = both_libraries( + 'pam', + sources: libpam_src, + include_directories: [libpam_inc], diff --git a/debian/patches/008_modules_pam_limits_chroot b/debian/patches/008_modules_pam_limits_chroot index 5466536f..e25debec 100644 --- a/debian/patches/008_modules_pam_limits_chroot +++ b/debian/patches/008_modules_pam_limits_chroot @@ -5,10 +5,9 @@ Subject: _modules_pam_limits_chroot =================================================================== --- modules/pam_limits/limits.conf | 2 ++ - modules/pam_limits/limits.conf.5 | 5 +++++ modules/pam_limits/limits.conf.5.xml | 6 ++++++ - modules/pam_limits/pam_limits.c | 25 ++++++++++++++++++++++--- - 4 files changed, 35 insertions(+), 3 deletions(-) + modules/pam_limits/pam_limits.c | 26 ++++++++++++++++++++++---- + 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf index c6b058a..6b3865c 100644 @@ -30,24 +29,8 @@ index c6b058a..6b3865c 100644 #@student - maxlogins 4 # End of file -diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5 -index 32c4b2f..ce0ca35 100644 ---- a/modules/pam_limits/limits.conf.5 -+++ b/modules/pam_limits/limits.conf.5 -@@ -283,6 +283,11 @@ rtprio - .RS 4 - maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) - .RE -+.PP -+\fBchroot\fR -+.RS 4 -+the directory to chroot the user to -+.RE - .RE - .PP - All items support the values diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml -index 9f2662a..f6f7d87 100644 +index 803cb4e..348758a 100644 --- a/modules/pam_limits/limits.conf.5.xml +++ b/modules/pam_limits/limits.conf.5.xml @@ -271,6 +271,12 @@ @@ -64,10 +47,10 @@ index 9f2662a..f6f7d87 100644 </listitem> </varlistentry> diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index 746c441..529d2fc 100644 +index be0b637..5c9cdc8 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c -@@ -104,6 +104,7 @@ struct pam_limit_s { +@@ -109,6 +109,7 @@ struct pam_limit_s { specific user or to count all logins */ int priority; /* the priority to run user process with */ int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */ @@ -75,24 +58,27 @@ index 746c441..529d2fc 100644 struct user_limits_struct limits[RLIM_NLIMITS]; const char *conf_file; int utmp_after_pam_call; -@@ -115,6 +116,7 @@ struct pam_limit_s { +@@ -117,9 +118,9 @@ struct pam_limit_s { - #define LIMIT_PRI RLIM_NLIMITS+3 - #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4 -+#define LIMIT_CHROOT RLIM_NLIMITS+5 + #define LIMIT_LOGIN (RLIM_NLIMITS+1) + #define LIMIT_NUMSYSLOGINS (RLIM_NLIMITS+2) +- + #define LIMIT_PRI (RLIM_NLIMITS+3) + #define LIMIT_NONEWPRIVS (RLIM_NLIMITS+4) ++#define LIMIT_CHROOT (RLIM_NLIMITS+5) #define LIMIT_SOFT 1 #define LIMIT_HARD 2 -@@ -570,6 +572,8 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) - pl->login_limit = -2; +@@ -652,6 +653,8 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) pl->login_limit_def = LIMITS_DEF_NONE; + pl->login_group = NULL; + pl->chroot_dir[0] = '\0'; + return retval; } -@@ -677,6 +681,8 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, +@@ -762,6 +765,8 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, limit_item = LIMIT_PRI; } else if (strcmp(lim_item, "nonewprivs") == 0) { limit_item = LIMIT_NONEWPRIVS; @@ -101,7 +87,7 @@ index 746c441..529d2fc 100644 } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; -@@ -726,9 +732,9 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, +@@ -811,9 +816,9 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); @@ -113,7 +99,7 @@ index 746c441..529d2fc 100644 #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else -@@ -803,7 +809,11 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, +@@ -888,7 +893,11 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, break; } @@ -126,8 +112,8 @@ index 746c441..529d2fc 100644 && (limit_item != LIMIT_NUMSYSLOGINS) && (limit_item != LIMIT_PRI) && (limit_item != LIMIT_NONEWPRIVS) ) { -@@ -1163,6 +1173,15 @@ static int setup_limits(pam_handle_t *pamh, - } +@@ -1306,6 +1315,15 @@ static int setup_limits(pam_handle_t *pamh, + #endif } + if (!retval && pl->chroot_dir[0]) { diff --git a/debian/patches/022_pam_unix_group_time_miscfixes b/debian/patches/022_pam_unix_group_time_miscfixes index 1c8c3b67..922778a7 100644 --- a/debian/patches/022_pam_unix_group_time_miscfixes +++ b/debian/patches/022_pam_unix_group_time_miscfixes @@ -9,10 +9,10 @@ http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c -index 6877849..7d11f59 100644 +index 21c04d7..7d89dd0 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c -@@ -773,9 +773,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, +@@ -772,9 +772,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, unsigned setting; /* only interested in establishing credentials */ diff --git a/debian/patches/026_pam_unix_passwd_unknown_user b/debian/patches/026_pam_unix_passwd_unknown_user deleted file mode 100644 index 45967e1d..00000000 --- a/debian/patches/026_pam_unix_passwd_unknown_user +++ /dev/null @@ -1,38 +0,0 @@ -From: Martin Schwenke <martin@meltin.net> -Date: Mon, 11 Sep 2023 14:00:42 -0600 -Subject: distinguish between password manipulation failure and missing user. - ---- - modules/pam_unix/passverify.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index 81b10d8..7ff8bf0 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -804,7 +804,7 @@ PAMH_ARG_DECL(int unix_update_passwd, - struct passwd *tmpent = NULL; - struct stat st; - FILE *pwfile, *opwfile; -- int err = 1; -+ int err = 1, found = 0; - int oldmask; - #ifdef WITH_SELINUX - char *prev_context_raw = NULL; -@@ -875,6 +875,7 @@ PAMH_ARG_DECL(int unix_update_passwd, - - tmpent->pw_passwd = assigned_passwd.charp; - err = 0; -+ found = 1; - } - if (putpwent(tmpent, pwfile)) { - D(("error writing entry to password file: %m")); -@@ -917,7 +918,7 @@ done: - return PAM_SUCCESS; - } else { - unlink(PW_TMPFILE); -- return PAM_AUTHTOK_ERR; -+ return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN; - } - } - diff --git a/debian/patches/027_pam_limits_better_init_allow_explicit_root b/debian/patches/027_pam_limits_better_init_allow_explicit_root index 7d0fdded..a0975548 100644 --- a/debian/patches/027_pam_limits_better_init_allow_explicit_root +++ b/debian/patches/027_pam_limits_better_init_allow_explicit_root @@ -16,25 +16,11 @@ Also, don't apply wildcard limits to the root account; only apply limits to root that reference root by name. =================================================================== --- - modules/pam_limits/README | 1 + modules/pam_limits/limits.conf | 4 ++ - modules/pam_limits/limits.conf.5 | 5 ++ modules/pam_limits/limits.conf.5.xml | 6 +++ modules/pam_limits/pam_limits.c | 89 ++++++++++++++++++++++++++++++++---- - 5 files changed, 96 insertions(+), 9 deletions(-) + 3 files changed, 90 insertions(+), 9 deletions(-) -diff --git a/modules/pam_limits/README b/modules/pam_limits/README -index 98264b9..dc560ef 100644 ---- a/modules/pam_limits/README -+++ b/modules/pam_limits/README -@@ -68,6 +68,7 @@ These are some example lines which might be specified in /etc/security/ - limits.conf. - - * soft core 0 -+root hard core 100000 - * hard nofile 512 - @student hard nproc 20 - @faculty soft nproc 20 diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf index e8a746c..c6b058a 100644 --- a/modules/pam_limits/limits.conf @@ -57,31 +43,8 @@ index e8a746c..c6b058a 100644 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 -diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5 -index 25f4459..32c4b2f 100644 ---- a/modules/pam_limits/limits.conf.5 -+++ b/modules/pam_limits/limits.conf.5 -@@ -145,6 +145,10 @@ a gid specified as - \fB%:\fR\fI<gid>\fR - applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. - .RE -+.sp -+\fBNOTE:\fR -+group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username -+\fBroot\fR\&. - .RE - .PP - <type> -@@ -322,6 +326,7 @@ These are some example lines which might be specified in - .\} - .nf - * soft core 0 -+root hard core 100000 - * hard nofile 512 - @student hard nproc 20 - @faculty soft nproc 20 diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml -index 2177da1..9f2662a 100644 +index dd8d68b..803cb4e 100644 --- a/modules/pam_limits/limits.conf.5.xml +++ b/modules/pam_limits/limits.conf.5.xml @@ -89,6 +89,11 @@ @@ -105,10 +68,10 @@ index 2177da1..9f2662a 100644 @student hard nproc 20 @faculty soft nproc 20 diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index 87bb4b7..adda08b 100644 +index 1e4dfa3..7e2d93d 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c -@@ -47,10 +47,19 @@ +@@ -54,10 +54,19 @@ #include <libaudit.h> #endif @@ -126,9 +89,9 @@ index 87bb4b7..adda08b 100644 +#endif + /* Module defines */ - #define LINE_LENGTH 1024 - -@@ -88,6 +97,7 @@ struct user_limits_struct { + #define LIMITS_DEF_USER 0 /* limit was set by a user entry */ + #define LIMITS_DEF_GROUP 1 /* limit was set by a group entry */ +@@ -93,6 +102,7 @@ struct user_limits_struct { /* internal data */ struct pam_limit_s { @@ -136,7 +99,7 @@ index 87bb4b7..adda08b 100644 int login_limit; /* the max logins limit */ int login_limit_def; /* which entry set the login limit */ int flag_numsyslogins; /* whether to limit logins only for a -@@ -455,9 +465,18 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) +@@ -536,9 +546,18 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) { int i; int retval = PAM_SUCCESS; @@ -155,7 +118,7 @@ index 87bb4b7..adda08b 100644 for(i = 0; i < RLIM_NLIMITS; i++) { int r = getrlimit(i, &pl->limits[i].limit); if (r == -1) { -@@ -473,18 +492,68 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) +@@ -554,18 +573,68 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) } #ifdef __linux__ @@ -230,16 +193,16 @@ index 87bb4b7..adda08b 100644 errno = 0; pl->priority = getpriority (PRIO_PROCESS, 0); -@@ -885,7 +954,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, +@@ -1020,7 +1089,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, - if (strcmp(uname, domain) == 0) /* this user have a limit */ + if (strcmp(uname, domain) == 0) /* this user has a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); - else if (domain[0]=='@') { + else if (domain[0]=='@' && !pl->root) { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -911,7 +980,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, +@@ -1046,7 +1115,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } @@ -248,7 +211,7 @@ index 87bb4b7..adda08b 100644 if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -945,7 +1014,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, +@@ -1081,7 +1150,7 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, } else { switch(rngtype) { case LIMIT_RANGE_NONE: @@ -257,7 +220,7 @@ index 87bb4b7..adda08b 100644 process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); break; -@@ -1228,6 +1297,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, +@@ -1372,6 +1441,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, return PAM_ABORT; } diff --git a/debian/patches/031_pam_include b/debian/patches/031_pam_include index 5b632e2a..1a91c325 100644 --- a/debian/patches/031_pam_include +++ b/debian/patches/031_pam_include @@ -6,16 +6,18 @@ Patch to implement an @include directive for use in pam.d config files. Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> +Updated for pam 1.7.0 by Sam Hartman <hartmans@debian.org> + Upstream status: not yet submitted --- libpam/pam_handlers.c | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c -index 1f1917b..c7045d2 100644 +index 7fd6ce8..1df5e40 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c -@@ -123,6 +123,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f +@@ -127,6 +127,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f module_type = PAM_T_ACCT; } else if (!strcasecmp("password", tok)) { module_type = PAM_T_PASS; @@ -25,27 +27,27 @@ index 1f1917b..c7045d2 100644 + goto parsing_done; } else { /* Illegal module type */ - D(("_pam_init_handlers: bad module type: %s", tok)); -@@ -193,8 +197,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f + D(("bad module type: %s", tok)); +@@ -197,8 +201,10 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f _pam_set_default_control(actions, _PAM_ACTION_BAD); } +parsing_done: - tok = _pam_StrTok(NULL, " \n\t", &nexttok); + tok = _pam_tokenize(NULL, &nexttok); if (pam_include) { + struct stat include_dir; if (substack) { res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, stack_level, module_type, actions, tok, -@@ -205,13 +211,35 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f +@@ -209,13 +215,35 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f return PAM_ABORT; } } - if (_pam_load_conf_file(pamh, tok, this_service, module_type, -- stack_level + substack +- include_level + 1, stack_level + substack + if (tok[0] == '/') { + if (_pam_load_conf_file(pamh, tok, this_service, -+ module_type, stack_level + substack ++ module_type, include_level+1, stack_level + substack +#ifdef PAM_READ_BOTH_CONFS + , !other +#endif /* PAM_READ_BOTH_CONFS */ @@ -61,7 +63,7 @@ index 1f1917b..c7045d2 100644 + return PAM_ABORT; + } + if (_pam_load_conf_file(pamh, include_file, this_service, -+ module_type, stack_level + substack ++ module_type, include_level+1, stack_level + substack #ifdef PAM_READ_BOTH_CONFS , !other #endif /* PAM_READ_BOTH_CONFS */ diff --git a/debian/patches/032_pam_limits_EPERM_NOT_FATAL b/debian/patches/032_pam_limits_EPERM_NOT_FATAL index 62656746..e4d35418 100644 --- a/debian/patches/032_pam_limits_EPERM_NOT_FATAL +++ b/debian/patches/032_pam_limits_EPERM_NOT_FATAL @@ -15,10 +15,10 @@ Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> 1 file changed, 2 insertions(+) diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index a58d424..746c441 100644 +index 2603028..be0b637 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c -@@ -1124,6 +1124,8 @@ static int setup_limits(pam_handle_t *pamh, +@@ -1263,6 +1263,8 @@ static int setup_limits(pam_handle_t *pamh, if (res != 0) pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", rlimit2str(i)); diff --git a/debian/patches/036_pam_wheel_getlogin_considered_harmful b/debian/patches/036_pam_wheel_getlogin_considered_harmful index 43979153..0983f23d 100644 --- a/debian/patches/036_pam_wheel_getlogin_considered_harmful +++ b/debian/patches/036_pam_wheel_getlogin_considered_harmful @@ -12,28 +12,10 @@ Authors: Ben Collins <bcollins@debian.org> Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net> --- - modules/pam_wheel/README | 6 ------ modules/pam_wheel/pam_wheel.8.xml | 17 +-------------- modules/pam_wheel/pam_wheel.c | 45 ++++++++------------------------------- - 3 files changed, 10 insertions(+), 58 deletions(-) + 2 files changed, 10 insertions(+), 52 deletions(-) -diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README -index 5dae4b6..ec9e7d7 100644 ---- a/modules/pam_wheel/README -+++ b/modules/pam_wheel/README -@@ -39,12 +39,6 @@ trust - modules the wheel members may be able to su to root without being prompted - for a passwd). - --use_uid -- -- The check will be done against the real uid of the calling process, instead -- of trying to obtain the user from the login session associated with the -- terminal in use. -- - EXAMPLES - - The root account gains access by default (rootok), only wheel members can diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml index af0fd61..b42e27d 100644 --- a/modules/pam_wheel/pam_wheel.8.xml @@ -75,7 +57,7 @@ index af0fd61..b42e27d 100644 \ No newline at end of file +</refentry> diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c -index 179f56b..5eb7b82 100644 +index dd047af..93000ce 100644 --- a/modules/pam_wheel/pam_wheel.c +++ b/modules/pam_wheel/pam_wheel.c @@ -47,9 +47,8 @@ diff --git a/debian/patches/040_pam_limits_log_failure b/debian/patches/040_pam_limits_log_failure index acb79450..c0848c27 100644 --- a/debian/patches/040_pam_limits_log_failure +++ b/debian/patches/040_pam_limits_log_failure @@ -15,10 +15,10 @@ Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index 529d2fc..da83b70 100644 +index 5c9cdc8..47f59ef 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c -@@ -1131,9 +1131,19 @@ static int setup_limits(pam_handle_t *pamh, +@@ -1269,9 +1269,19 @@ static int setup_limits(pam_handle_t *pamh, if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; res = setrlimit(i, &pl->limits[i].limit); diff --git a/debian/patches/045_pam_dispatch_jump_is_ignore b/debian/patches/045_pam_dispatch_jump_is_ignore index af08a9e4..fb0f780f 100644 --- a/debian/patches/045_pam_dispatch_jump_is_ignore +++ b/debian/patches/045_pam_dispatch_jump_is_ignore @@ -11,7 +11,7 @@ to be consistent. 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c -index 974104a..15cad01 100644 +index 3a1d59e..b341774 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -260,22 +260,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, diff --git a/debian/patches/PAM-manpage-section b/debian/patches/PAM-manpage-section index 705ce58e..944a91cd 100644 --- a/debian/patches/PAM-manpage-section +++ b/debian/patches/PAM-manpage-section @@ -9,508 +9,91 @@ Authors: Steve Langasek <vorlon@debian.org> Upstream status: maybe provide a backwards-compatibility link first? --- - doc/man/Makefile.am | 5 +- - doc/man/Makefile.in | 58 +++++----- - doc/man/PAM.7 | 138 ++++++++++++++++++++++++ - doc/man/misc_conv.3 | 2 +- + doc/man/meson.build | 2 +- doc/man/misc_conv.3.xml | 2 +- - doc/man/pam.7 | 1 + - doc/man/pam.8.xml | 2 +- - doc/man/pam_acct_mgmt.3 | 2 +- + doc/man/pam.7.xml | 212 ++++++++++++++++++++++++ + doc/man/pam.8.xml | 212 ------------------------ doc/man/pam_acct_mgmt.3.xml | 2 +- - doc/man/pam_authenticate.3 | 2 +- doc/man/pam_authenticate.3.xml | 2 +- - doc/man/pam_chauthtok.3 | 2 +- doc/man/pam_chauthtok.3.xml | 2 +- - doc/man/pam_conv.3 | 2 +- doc/man/pam_conv.3.xml | 2 +- - doc/man/pam_error.3 | 2 +- doc/man/pam_error.3.xml | 2 +- - doc/man/pam_get_authtok.3 | 2 +- doc/man/pam_get_authtok.3.xml | 2 +- - doc/man/pam_get_item.3 | 4 +- - doc/man/pam_getenv.3 | 2 +- doc/man/pam_getenv.3.xml | 2 +- - doc/man/pam_getenvlist.3 | 2 +- doc/man/pam_getenvlist.3.xml | 2 +- - doc/man/pam_info.3 | 2 +- doc/man/pam_info.3.xml | 2 +- - doc/man/pam_misc_drop_env.3 | 2 +- doc/man/pam_misc_drop_env.3.xml | 2 +- - doc/man/pam_misc_paste_env.3 | 2 +- doc/man/pam_misc_paste_env.3.xml | 2 +- - doc/man/pam_misc_setenv.3 | 2 +- doc/man/pam_misc_setenv.3.xml | 2 +- - doc/man/pam_prompt.3 | 6 +- doc/man/pam_prompt.3.xml | 2 +- - doc/man/pam_putenv.3 | 2 +- doc/man/pam_putenv.3.xml | 2 +- - doc/man/pam_strerror.3 | 2 +- doc/man/pam_strerror.3.xml | 2 +- - doc/man/pam_syslog.3 | 2 +- doc/man/pam_syslog.3.xml | 2 +- - modules/pam_access/access.conf.5 | 2 +- modules/pam_access/access.conf.5.xml | 2 +- - modules/pam_access/pam_access.8 | 2 +- modules/pam_access/pam_access.8.xml | 2 +- - modules/pam_debug/pam_debug.8 | 2 +- modules/pam_debug/pam_debug.8.xml | 2 +- - modules/pam_deny/pam_deny.8 | 2 +- modules/pam_deny/pam_deny.8.xml | 2 +- - modules/pam_echo/pam_echo.8 | 2 +- modules/pam_echo/pam_echo.8.xml | 2 +- - modules/pam_env/pam_env.8 | 6 +- modules/pam_env/pam_env.8.xml | 2 +- - modules/pam_env/pam_env.conf.5 | 2 +- modules/pam_env/pam_env.conf.5.xml | 2 +- - modules/pam_exec/pam_exec.8 | 2 +- modules/pam_exec/pam_exec.8.xml | 2 +- - modules/pam_faildelay/pam_faildelay.8 | 2 +- modules/pam_faildelay/pam_faildelay.8.xml | 2 +- - modules/pam_filter/pam_filter.8 | 2 +- modules/pam_filter/pam_filter.8.xml | 2 +- - modules/pam_ftp/pam_ftp.8 | 2 +- modules/pam_ftp/pam_ftp.8.xml | 2 +- - modules/pam_group/group.conf.5 | 2 +- modules/pam_group/group.conf.5.xml | 2 +- - modules/pam_group/pam_group.8 | 2 +- modules/pam_group/pam_group.8.xml | 2 +- - modules/pam_issue/pam_issue.8 | 2 +- modules/pam_issue/pam_issue.8.xml | 2 +- - modules/pam_keyinit/pam_keyinit.8 | 2 +- modules/pam_keyinit/pam_keyinit.8.xml | 2 +- - modules/pam_lastlog/pam_lastlog.8 | 2 +- modules/pam_lastlog/pam_lastlog.8.xml | 2 +- - modules/pam_limits/limits.conf.5 | 2 +- modules/pam_limits/limits.conf.5.xml | 2 +- - modules/pam_limits/pam_limits.8 | 2 +- modules/pam_limits/pam_limits.8.xml | 2 +- - modules/pam_listfile/pam_listfile.8 | 2 +- modules/pam_listfile/pam_listfile.8.xml | 2 +- - modules/pam_localuser/pam_localuser.8 | 2 +- modules/pam_localuser/pam_localuser.8.xml | 2 +- - modules/pam_loginuid/pam_loginuid.8 | 2 +- modules/pam_loginuid/pam_loginuid.8.xml | 2 +- - modules/pam_mail/pam_mail.8 | 2 +- modules/pam_mail/pam_mail.8.xml | 2 +- - modules/pam_mkhomedir/pam_mkhomedir.8 | 2 +- modules/pam_mkhomedir/pam_mkhomedir.8.xml | 2 +- - modules/pam_motd/pam_motd.8 | 2 +- modules/pam_motd/pam_motd.8.xml | 2 +- - modules/pam_namespace/namespace.conf.5 | 2 +- modules/pam_namespace/namespace.conf.5.xml | 2 +- - modules/pam_namespace/pam_namespace.8 | 2 +- modules/pam_namespace/pam_namespace.8.xml | 2 +- - modules/pam_nologin/pam_nologin.8 | 2 +- modules/pam_nologin/pam_nologin.8.xml | 2 +- - modules/pam_permit/pam_permit.8 | 2 +- modules/pam_permit/pam_permit.8.xml | 2 +- - modules/pam_pwhistory/pam_pwhistory.8 | 2 +- modules/pam_pwhistory/pam_pwhistory.8.xml | 2 +- - modules/pam_rhosts/pam_rhosts.8 | 2 +- modules/pam_rhosts/pam_rhosts.8.xml | 2 +- - modules/pam_rootok/pam_rootok.8 | 2 +- modules/pam_rootok/pam_rootok.8.xml | 2 +- - modules/pam_securetty/pam_securetty.8 | 2 +- modules/pam_securetty/pam_securetty.8.xml | 2 +- - modules/pam_selinux/pam_selinux.8 | 6 +- modules/pam_selinux/pam_selinux.8.xml | 2 +- - modules/pam_sepermit/pam_sepermit.8 | 2 +- modules/pam_sepermit/pam_sepermit.8.xml | 2 +- - modules/pam_sepermit/sepermit.conf.5 | 2 +- modules/pam_sepermit/sepermit.conf.5.xml | 2 +- - modules/pam_shells/pam_shells.8 | 2 +- modules/pam_shells/pam_shells.8.xml | 2 +- - modules/pam_succeed_if/pam_succeed_if.8 | 2 +- modules/pam_succeed_if/pam_succeed_if.8.xml | 2 +- - modules/pam_time/pam_time.8 | 2 +- modules/pam_time/pam_time.8.xml | 2 +- - modules/pam_time/time.conf.5 | 2 +- modules/pam_time/time.conf.5.xml | 2 +- - modules/pam_timestamp/pam_timestamp.8 | 2 +- modules/pam_timestamp/pam_timestamp.8.xml | 2 +- - modules/pam_timestamp/pam_timestamp_check.8 | 2 +- modules/pam_timestamp/pam_timestamp_check.8.xml | 2 +- - modules/pam_tty_audit/pam_tty_audit.8 | 2 +- modules/pam_tty_audit/pam_tty_audit.8.xml | 2 +- - modules/pam_umask/pam_umask.8 | 2 +- modules/pam_umask/pam_umask.8.xml | 2 +- - modules/pam_unix/pam_unix.8 | 2 +- modules/pam_unix/pam_unix.8.xml | 2 +- - modules/pam_userdb/pam_userdb.8 | 2 +- modules/pam_userdb/pam_userdb.8.xml | 2 +- - modules/pam_warn/pam_warn.8 | 2 +- modules/pam_warn/pam_warn.8.xml | 2 +- - modules/pam_wheel/pam_wheel.8 | 13 +-- modules/pam_wheel/pam_wheel.8.xml | 2 +- - modules/pam_xauth/pam_xauth.8 | 2 +- modules/pam_xauth/pam_xauth.8.xml | 2 +- - 136 files changed, 315 insertions(+), 176 deletions(-) - create mode 100644 doc/man/PAM.7 - create mode 100644 doc/man/pam.7 + 68 files changed, 278 insertions(+), 278 deletions(-) + create mode 100644 doc/man/pam.7.xml + delete mode 100644 doc/man/pam.8.xml -diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am -index aec365c..b81ca72 100644 ---- a/doc/man/Makefile.am -+++ b/doc/man/Makefile.am -@@ -7,7 +7,7 @@ MAINTAINERCLEANFILES = $(MANS) +diff --git a/doc/man/meson.build b/doc/man/meson.build +index b90b157..71650ec 100644 +--- a/doc/man/meson.build ++++ b/doc/man/meson.build +@@ -35,7 +35,7 @@ foreach man: [['misc_conv.3', []], + ['pam_syslog.3', ['pam_vsyslog.3']], + ['pam_xauth_data.3', []], + ['pam.conf.5', ['pam.d.5']], +- ['pam.8', ['PAM.8']], ++ ['pam.7', ['PAM.7']], + ] + xml = man[0] + '.xml' - EXTRA_DIST = $(MANS) $(XMLS) - --man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ -+man_MANS = pam.3 PAM.7 pam.7 pam.conf.5 pam.d.5 \ - pam_acct_mgmt.3 pam_authenticate.3 \ - pam_chauthtok.3 pam_close_session.3 pam_conv.3 \ - pam_end.3 pam_error.3 \ -@@ -46,7 +46,8 @@ XMLS = pam.3.xml pam.8.xml pam.conf.5.xml \ - - - if ENABLE_REGENERATE_MAN --PAM.8: pam.8 -+pam.8: pam.8.xml -+PAM.7 pam.7: pam.8 - pam_get_authtok_noverify.3: pam_get_authtok.3 - pam_get_authtok_verify.3: pam_get_authtok.3 - pam_verror.3: pam_error.3 -diff --git a/doc/man/Makefile.in b/doc/man/Makefile.in -index d18dc7d..30da4d0 100644 ---- a/doc/man/Makefile.in -+++ b/doc/man/Makefile.in -@@ -1,7 +1,7 @@ --# Makefile.in generated by automake 1.16.3 from Makefile.am. -+# Makefile.in generated by automake 1.16.5 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994-2020 Free Software Foundation, Inc. -+# Copyright (C) 1994-2021 Free Software Foundation, Inc. - - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, -@@ -163,9 +163,9 @@ am__uninstall_files_from_dir = { \ - } - man3dir = $(mandir)/man3 - am__installdirs = "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \ -- "$(DESTDIR)$(man8dir)" -+ "$(DESTDIR)$(man7dir)" - man5dir = $(mandir)/man5 --man8dir = $(mandir)/man8 -+man7dir = $(mandir)/man7 - NROFF = nroff - MANS = $(man_MANS) - am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -@@ -192,6 +192,8 @@ CPPFLAGS = @CPPFLAGS@ - CRYPTO_LIBS = @CRYPTO_LIBS@ - CRYPT_CFLAGS = @CRYPT_CFLAGS@ - CRYPT_LIBS = @CRYPT_LIBS@ -+CSCOPE = @CSCOPE@ -+CTAGS = @CTAGS@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -@@ -205,6 +207,7 @@ ECHO_T = @ECHO_T@ - ECONF_CFLAGS = @ECONF_CFLAGS@ - ECONF_LIBS = @ECONF_LIBS@ - EGREP = @EGREP@ -+ETAGS = @ETAGS@ - EXEEXT = @EXEEXT@ - EXE_CFLAGS = @EXE_CFLAGS@ - EXE_LDFLAGS = @EXE_LDFLAGS@ -@@ -354,6 +357,7 @@ pdfdir = @pdfdir@ - prefix = @prefix@ - program_transform_name = @program_transform_name@ - psdir = @psdir@ -+runstatedir = @runstatedir@ - sbindir = @sbindir@ - sharedstatedir = @sharedstatedir@ - srcdir = @srcdir@ -@@ -366,7 +370,7 @@ top_srcdir = @top_srcdir@ - CLEANFILES = *~ - MAINTAINERCLEANFILES = $(MANS) - EXTRA_DIST = $(MANS) $(XMLS) --man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ -+man_MANS = pam.3 PAM.7 pam.7 pam.conf.5 pam.d.5 \ - pam_acct_mgmt.3 pam_authenticate.3 \ - pam_chauthtok.3 pam_close_session.3 pam_conv.3 \ - pam_end.3 pam_error.3 \ -@@ -528,56 +532,55 @@ uninstall-man5: - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) --install-man8: $(man_MANS) -+install-man7: $(man_MANS) - @$(NORMAL_INSTALL) - @list1=''; \ - list2='$(man_MANS)'; \ -- test -n "$(man8dir)" \ -+ test -n "$(man7dir)" \ - && test -n "`echo $$list1$$list2`" \ - || exit 0; \ -- echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -- $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \ - { for i in $$list1; do echo "$$i"; done; \ - if test -n "$$list2"; then \ - for i in $$list2; do echo "$$i"; done \ -- | sed -n '/\.8[a-z]*$$/p'; \ -+ | sed -n '/\.7[a-z]*$$/p'; \ - fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ -- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ -- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ -- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ -+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \ -+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ -- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ -- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ -+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \ -+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \ - done; } - --uninstall-man8: -+uninstall-man7: - @$(NORMAL_UNINSTALL) -- @list=''; test -n "$(man8dir)" || exit 0; \ -+ @list=''; test -n "$(man7dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -+ sed -n '/\.7[a-z]*$$/p'; \ -+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) -+ dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir) - tags TAGS: - - ctags CTAGS: - - cscope cscopelist: - -- - distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -@@ -615,7 +618,7 @@ check-am: all-am - check: check-am - all-am: Makefile $(MANS) - installdirs: -- for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ -+ for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done - install: install-am -@@ -686,7 +689,7 @@ install-info: install-info-am - - install-info-am: - --install-man: install-man3 install-man5 install-man8 -+install-man: install-man3 install-man5 install-man7 - - install-pdf: install-pdf-am - -@@ -716,7 +719,7 @@ ps-am: - - uninstall-am: uninstall-man - --uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 -+uninstall-man: uninstall-man3 uninstall-man5 uninstall-man7 - - .MAKE: install-am install-strip - -@@ -726,18 +729,19 @@ uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ -- install-man3 install-man5 install-man8 install-pdf \ -+ install-man3 install-man5 install-man7 install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ - uninstall-am uninstall-man uninstall-man3 uninstall-man5 \ -- uninstall-man8 -+ uninstall-man7 - - .PRECIOUS: Makefile - - --@ENABLE_REGENERATE_MAN_TRUE@PAM.8: pam.8 -+@ENABLE_REGENERATE_MAN_TRUE@pam.8: pam.8.xml -+@ENABLE_REGENERATE_MAN_TRUE@PAM.7 pam.7: pam.8 - @ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_noverify.3: pam_get_authtok.3 - @ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_verify.3: pam_get_authtok.3 - @ENABLE_REGENERATE_MAN_TRUE@pam_verror.3: pam_error.3 -diff --git a/doc/man/PAM.7 b/doc/man/PAM.7 -new file mode 100644 -index 0000000..00b313f ---- /dev/null -+++ b/doc/man/PAM.7 -@@ -0,0 +1,138 @@ -+'\" t -+.\" Title: pam -+.\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] -+.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> -+.\" Date: 09/15/2023 -+.\" Manual: Linux-PAM Manual -+.\" Source: Linux-PAM -+.\" Language: English -+.\" -+.TH "PAM" "7" "09/15/2023" "Linux\-PAM" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * Define some portability stuff -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" http://bugs.debian.org/507673 -+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.ie \n(.g .ds Aq \(aq -+.el .ds Aq ' -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- -+.\" disable hyphenation -+.nh -+.\" disable justification (adjust text to left margin only) -+.ad l -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "NAME" -+PAM, pam \- Pluggable Authentication Modules for Linux -+.SH "DESCRIPTION" -+.PP -+This manual is intended to offer a quick introduction to -+\fBLinux\-PAM\fR\&. For more information the reader is directed to the -+\fBLinux\-PAM system administrators\*(Aq guide\fR\&. -+.PP -+\fBLinux\-PAM\fR -+is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as -+\fBlogin\fR(1) -+and -+\fBsu\fR(1)) defer to to perform standard authentication tasks\&. -+.PP -+The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single -+\fBLinux\-PAM\fR -+configuration file -+/etc/pam\&.conf\&. Alternatively and preferably, the configuration can be set by individual configuration files located in a -+pam\&.d -+directory\&. The presence of this directory will cause -+\fBLinux\-PAM\fR -+to -+\fIignore\fR -+/etc/pam\&.conf\&. -+.PP -+Vendor\-supplied PAM configuration files might be installed in the system directory -+/usr/lib/pam\&.d/ -+or a configurable vendor specific directory instead of the machine configuration directory -+/etc/pam\&.d/\&. If no machine configuration file is found, the vendor\-supplied file is used\&. All files in -+/etc/pam\&.d/ -+override files with the same name in other directories\&. -+.PP -+From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the -+\fBLinux\-PAM\fR -+library\&. The important point to recognize is that the configuration file(s) -+\fIdefine\fR -+the connection between applications -+(\fBservices\fR) and the pluggable authentication modules -+(\fBPAM\fRs) that perform the actual authentication tasks\&. -+.PP -+\fBLinux\-PAM\fR -+separates the tasks of -+\fIauthentication\fR -+into four independent management groups: -+\fBaccount\fR -+management; -+\fBauth\fRentication management; -+\fBpassword\fR -+management; and -+\fBsession\fR -+management\&. (We highlight the abbreviations used for these groups in the configuration file\&.) -+.PP -+Simply put, these groups take care of different aspects of a typical user\*(Aqs request for a restricted service: -+.PP -+\fBaccount\fR -+\- provide account verification types of service: has the user\*(Aqs password expired?; is this user permitted access to the requested service? -+.PP -+\fBauth\fRentication \- authenticate a user and set up user credentials\&. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\&. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of -+\fBLinux\-PAM\fR\&. -+.PP -+\fBpassword\fR -+\- this group\*(Aqs responsibility is the task of updating authentication mechanisms\&. Typically, such services are strongly coupled to those of the -+\fBauth\fR -+group\&. Some authentication mechanisms lend themselves well to being updated with such a function\&. Standard UN*X password\-based access is the obvious example: please enter a replacement password\&. -+.PP -+\fBsession\fR -+\- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\&. Such tasks include the maintenance of audit trails and the mounting of the user\*(Aqs home directory\&. The -+\fBsession\fR -+management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&. -+.SH "FILES" -+.PP -+/etc/pam\&.conf -+.RS 4 -+the configuration file -+.RE -+.PP -+/etc/pam\&.d -+.RS 4 -+the -+\fBLinux\-PAM\fR -+configuration directory\&. Generally, if this directory is present, the -+/etc/pam\&.conf -+file is ignored\&. -+.RE -+.PP -+/usr/lib/pam\&.d -+.RS 4 -+the -+\fBLinux\-PAM\fR -+vendor configuration directory\&. Files in -+/etc/pam\&.d -+override files with the same name in this directory\&. -+.RE -+.SH "ERRORS" -+.PP -+Typically errors generated by the -+\fBLinux\-PAM\fR -+system of libraries, will be written to -+\fBsyslog\fR(3)\&. -+.SH "CONFORMING TO" -+.PP -+DCE\-RFC 86\&.0, October 1995\&. Contains additional features, but remains backwardly compatible with this RFC\&. -+.SH "SEE ALSO" -+.PP -+\fBpam\fR(3), -+\fBpam_authenticate\fR(3), -+\fBpam_sm_setcred\fR(3), -+\fBpam_strerror\fR(3), -+\fBPAM\fR(8) -diff --git a/doc/man/misc_conv.3 b/doc/man/misc_conv.3 -index 6265664..85d32db 100644 ---- a/doc/man/misc_conv.3 -+++ b/doc/man/misc_conv.3 -@@ -117,7 +117,7 @@ This function pointer is initialized to - .SH "SEE ALSO" - .PP - \fBpam_conv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/doc/man/misc_conv.3.xml b/doc/man/misc_conv.3.xml index 92d4acd..2971b3a 100644 --- a/doc/man/misc_conv.3.xml @@ -524,36 +107,442 @@ index 92d4acd..2971b3a 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam.7 b/doc/man/pam.7 +diff --git a/doc/man/pam.7.xml b/doc/man/pam.7.xml new file mode 100644 -index 0000000..a15cab9 +index 0000000..cb6a7d8 --- /dev/null -+++ b/doc/man/pam.7 -@@ -0,0 +1 @@ -+.so PAM.7 ++++ b/doc/man/pam.7.xml +@@ -0,0 +1,212 @@ ++<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam8"> ++ ++ <refmeta> ++ <refentrytitle>pam</refentrytitle> ++ <manvolnum>7</manvolnum> ++ <refmiscinfo class="source">Linux-PAM</refmiscinfo> ++ <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> ++ </refmeta> ++ ++ <refnamediv xml:id="pam8-name"> ++ <refname>PAM</refname> ++ <refname>pam</refname> ++ <refpurpose>Pluggable Authentication Modules for Linux</refpurpose> ++ </refnamediv> ++ ++ <refsect1 xml:id="pam8-description"> ++ <title>DESCRIPTION</title> ++ <para> ++ This manual is intended to offer a quick introduction to ++ <emphasis remap="B">Linux-PAM</emphasis>. For more information ++ the reader is directed to the ++ <emphasis remap="B">Linux-PAM system administrators' guide</emphasis>. ++ </para> ++ ++ <para> ++ <emphasis remap="B">Linux-PAM</emphasis> is a system of libraries ++ that handle the authentication tasks of applications (services) on ++ the system. The library provides a stable general interface ++ (Application Programming Interface - API) that privilege granting ++ programs (such as <citerefentry> ++ <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> ++ </citerefentry> and <citerefentry> ++ <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> ++ </citerefentry>) defer to to perform standard authentication tasks. ++ </para> ++ ++ <para> ++ The principal feature of the PAM approach is that the nature of the ++ authentication is dynamically configurable. In other words, the ++ system administrator is free to choose how individual ++ service-providing applications will authenticate users. This dynamic ++ configuration is set by the contents of the single ++ <emphasis remap="B">Linux-PAM</emphasis> configuration file ++ <filename>/etc/pam.conf</filename>. Alternatively and preferably, ++ the configuration can be set by individual configuration files ++ located in a <filename>pam.d</filename> directory. The presence of this ++ directory will cause <emphasis remap="B">Linux-PAM</emphasis> to ++ <emphasis remap="I">ignore</emphasis> <filename>/etc/pam.conf</filename>. ++ </para> ++ ++ <para> ++ Vendor-supplied PAM configuration files might be installed in ++ the system directory <filename>/usr/lib/pam.d/</filename> or ++ a configurable vendor specific directory instead ++ of the machine configuration directory <filename>/etc/pam.d/</filename>. ++ If no machine configuration file is found, the vendor-supplied file ++ is used. All files in <filename>/etc/pam.d/</filename> override ++ files with the same name in other directories. ++ </para> ++ ++<para>From the point of view of the system administrator, for whom this ++manual is provided, it is not of primary importance to understand the ++internal behavior of the ++<emphasis remap="B">Linux-PAM</emphasis> ++library. The important point to recognize is that the configuration ++file(s) ++<emphasis remap="I">define</emphasis> ++the connection between applications ++<emphasis remap="B"/>(<emphasis remap="B">services</emphasis>) ++and the pluggable authentication modules ++<emphasis remap="B"/>(<emphasis remap="B">PAM</emphasis>s) ++that perform the actual authentication tasks.</para> ++ ++ ++<para><emphasis remap="B">Linux-PAM</emphasis> ++separates the tasks of ++<emphasis remap="I">authentication</emphasis> ++into four independent management groups: ++<emphasis remap="B">account</emphasis> management; ++<emphasis remap="B">auth</emphasis>entication management; ++<emphasis remap="B">password</emphasis> management; ++and ++<emphasis remap="B">session</emphasis> management. ++(We highlight the abbreviations used for these groups in the ++configuration file.)</para> ++ ++ ++<para>Simply put, these groups take care of different aspects of a typical ++user's request for a restricted service:</para> ++ ++ ++<para><emphasis remap="B">account</emphasis> - ++provide account verification types of service: has the user's password ++expired?; is this user permitted access to the requested service?</para> ++ ++<!-- .br --> ++<para><emphasis remap="B">auth</emphasis>entication - ++authenticate a user and set up user credentials. Typically this is via ++some challenge-response request that the user must satisfy: if you are ++who you claim to be please enter your password. Not all authentications ++are of this type, there exist hardware based authentication schemes ++(such as the use of smart-cards and biometric devices), with suitable ++modules, these may be substituted seamlessly for more standard ++approaches to authentication - such is the flexibility of ++<emphasis remap="B">Linux-PAM</emphasis>.</para> ++ ++<!-- .br --> ++<para><emphasis remap="B">password</emphasis> - ++this group's responsibility is the task of updating authentication ++mechanisms. Typically, such services are strongly coupled to those of ++the ++<emphasis remap="B">auth</emphasis> ++group. Some authentication mechanisms lend themselves well to being ++updated with such a function. Standard UN*X password-based access is ++the obvious example: please enter a replacement password.</para> ++ ++<!-- .br --> ++<para><emphasis remap="B">session</emphasis> - ++this group of tasks cover things that should be done prior to a ++service being given and after it is withdrawn. Such tasks include the ++maintenance of audit trails and the mounting of the user's home ++directory. The ++<emphasis remap="B">session</emphasis> ++management group is important as it provides both an opening and ++closing hook for modules to affect the services available to a user.</para> ++ ++</refsect1> ++ ++ <refsect1 xml:id="pam8-files"> ++ <title>FILES</title> ++ <variablelist> ++ <varlistentry> ++ <term>/etc/pam.conf</term> ++ <listitem> ++ <para>the configuration file</para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term>/etc/pam.d</term> ++ <listitem> ++ <para> ++ the <emphasis remap="B">Linux-PAM</emphasis> configuration ++ directory. Generally, if this directory is present, the ++ <filename>/etc/pam.conf</filename> file is ignored. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term>/usr/lib/pam.d</term> ++ <listitem> ++ <para> ++ the <emphasis remap="B">Linux-PAM</emphasis> vendor configuration ++ directory. Files in <filename>/etc/pam.d</filename> override ++ files with the same name in this directory. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry condition="with_vendordir"> ++ <term>%vendordir%/pam.d</term> ++ <listitem> ++ <para> ++ additional <emphasis remap="B">Linux-PAM</emphasis> vendor ++ configuration directory. Files in <filename>/etc/pam.d</filename> ++ and <filename>/usr/lib/pam.d</filename> override files with the ++ same name in this directory. ++ </para> ++ </listitem> ++ </varlistentry> ++ </variablelist> ++ </refsect1> ++ ++ <refsect1 xml:id="pam8-errors"> ++ <title>ERRORS</title> ++ <para> ++ Typically errors generated by the ++ <emphasis remap="B">Linux-PAM</emphasis> system of libraries, will ++ be written to <citerefentry> ++ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> ++ </citerefentry>. ++ </para> ++ </refsect1> ++ ++ <refsect1 xml:id="pam8-conforming_to"> ++ <title>CONFORMING TO</title> ++ <para> ++ DCE-RFC 86.0, October 1995. ++ Contains additional features, but remains backwardly compatible ++ with this RFC. ++ </para> ++ </refsect1> ++ ++ <refsect1 xml:id="pam8-see_also"> ++ <title>SEE ALSO</title> ++ <para> ++ <citerefentry> ++ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> ++ </citerefentry>, ++ <citerefentry> ++ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> ++ </citerefentry>, ++ <citerefentry> ++ <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> ++ </citerefentry>, ++ <citerefentry> ++ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> ++ </citerefentry>, ++ <citerefentry> ++ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> ++ </citerefentry> ++ </para> ++ </refsect1> ++</refentry> diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml -index 7f3b051..cb6a7d8 100644 +deleted file mode 100644 +index 7f3b051..0000000 --- a/doc/man/pam.8.xml -+++ b/doc/man/pam.8.xml -@@ -2,7 +2,7 @@ - - <refmeta> - <refentrytitle>pam</refentrytitle> ++++ /dev/null +@@ -1,212 +0,0 @@ +-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam8"> +- +- <refmeta> +- <refentrytitle>pam</refentrytitle> - <manvolnum>8</manvolnum> -+ <manvolnum>7</manvolnum> - <refmiscinfo class="source">Linux-PAM</refmiscinfo> - <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> - </refmeta> -diff --git a/doc/man/pam_acct_mgmt.3 b/doc/man/pam_acct_mgmt.3 -index 18e91d5..1cfb501 100644 ---- a/doc/man/pam_acct_mgmt.3 -+++ b/doc/man/pam_acct_mgmt.3 -@@ -97,4 +97,4 @@ User unknown to password service\&. - \fBpam_authenticate\fR(3), - \fBpam_chauthtok\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) +- <refmiscinfo class="source">Linux-PAM</refmiscinfo> +- <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> +- </refmeta> +- +- <refnamediv xml:id="pam8-name"> +- <refname>PAM</refname> +- <refname>pam</refname> +- <refpurpose>Pluggable Authentication Modules for Linux</refpurpose> +- </refnamediv> +- +- <refsect1 xml:id="pam8-description"> +- <title>DESCRIPTION</title> +- <para> +- This manual is intended to offer a quick introduction to +- <emphasis remap="B">Linux-PAM</emphasis>. For more information +- the reader is directed to the +- <emphasis remap="B">Linux-PAM system administrators' guide</emphasis>. +- </para> +- +- <para> +- <emphasis remap="B">Linux-PAM</emphasis> is a system of libraries +- that handle the authentication tasks of applications (services) on +- the system. The library provides a stable general interface +- (Application Programming Interface - API) that privilege granting +- programs (such as <citerefentry> +- <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> +- </citerefentry> and <citerefentry> +- <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> +- </citerefentry>) defer to to perform standard authentication tasks. +- </para> +- +- <para> +- The principal feature of the PAM approach is that the nature of the +- authentication is dynamically configurable. In other words, the +- system administrator is free to choose how individual +- service-providing applications will authenticate users. This dynamic +- configuration is set by the contents of the single +- <emphasis remap="B">Linux-PAM</emphasis> configuration file +- <filename>/etc/pam.conf</filename>. Alternatively and preferably, +- the configuration can be set by individual configuration files +- located in a <filename>pam.d</filename> directory. The presence of this +- directory will cause <emphasis remap="B">Linux-PAM</emphasis> to +- <emphasis remap="I">ignore</emphasis> <filename>/etc/pam.conf</filename>. +- </para> +- +- <para> +- Vendor-supplied PAM configuration files might be installed in +- the system directory <filename>/usr/lib/pam.d/</filename> or +- a configurable vendor specific directory instead +- of the machine configuration directory <filename>/etc/pam.d/</filename>. +- If no machine configuration file is found, the vendor-supplied file +- is used. All files in <filename>/etc/pam.d/</filename> override +- files with the same name in other directories. +- </para> +- +-<para>From the point of view of the system administrator, for whom this +-manual is provided, it is not of primary importance to understand the +-internal behavior of the +-<emphasis remap="B">Linux-PAM</emphasis> +-library. The important point to recognize is that the configuration +-file(s) +-<emphasis remap="I">define</emphasis> +-the connection between applications +-<emphasis remap="B"/>(<emphasis remap="B">services</emphasis>) +-and the pluggable authentication modules +-<emphasis remap="B"/>(<emphasis remap="B">PAM</emphasis>s) +-that perform the actual authentication tasks.</para> +- +- +-<para><emphasis remap="B">Linux-PAM</emphasis> +-separates the tasks of +-<emphasis remap="I">authentication</emphasis> +-into four independent management groups: +-<emphasis remap="B">account</emphasis> management; +-<emphasis remap="B">auth</emphasis>entication management; +-<emphasis remap="B">password</emphasis> management; +-and +-<emphasis remap="B">session</emphasis> management. +-(We highlight the abbreviations used for these groups in the +-configuration file.)</para> +- +- +-<para>Simply put, these groups take care of different aspects of a typical +-user's request for a restricted service:</para> +- +- +-<para><emphasis remap="B">account</emphasis> - +-provide account verification types of service: has the user's password +-expired?; is this user permitted access to the requested service?</para> +- +-<!-- .br --> +-<para><emphasis remap="B">auth</emphasis>entication - +-authenticate a user and set up user credentials. Typically this is via +-some challenge-response request that the user must satisfy: if you are +-who you claim to be please enter your password. Not all authentications +-are of this type, there exist hardware based authentication schemes +-(such as the use of smart-cards and biometric devices), with suitable +-modules, these may be substituted seamlessly for more standard +-approaches to authentication - such is the flexibility of +-<emphasis remap="B">Linux-PAM</emphasis>.</para> +- +-<!-- .br --> +-<para><emphasis remap="B">password</emphasis> - +-this group's responsibility is the task of updating authentication +-mechanisms. Typically, such services are strongly coupled to those of +-the +-<emphasis remap="B">auth</emphasis> +-group. Some authentication mechanisms lend themselves well to being +-updated with such a function. Standard UN*X password-based access is +-the obvious example: please enter a replacement password.</para> +- +-<!-- .br --> +-<para><emphasis remap="B">session</emphasis> - +-this group of tasks cover things that should be done prior to a +-service being given and after it is withdrawn. Such tasks include the +-maintenance of audit trails and the mounting of the user's home +-directory. The +-<emphasis remap="B">session</emphasis> +-management group is important as it provides both an opening and +-closing hook for modules to affect the services available to a user.</para> +- +-</refsect1> +- +- <refsect1 xml:id="pam8-files"> +- <title>FILES</title> +- <variablelist> +- <varlistentry> +- <term>/etc/pam.conf</term> +- <listitem> +- <para>the configuration file</para> +- </listitem> +- </varlistentry> +- <varlistentry> +- <term>/etc/pam.d</term> +- <listitem> +- <para> +- the <emphasis remap="B">Linux-PAM</emphasis> configuration +- directory. Generally, if this directory is present, the +- <filename>/etc/pam.conf</filename> file is ignored. +- </para> +- </listitem> +- </varlistentry> +- <varlistentry> +- <term>/usr/lib/pam.d</term> +- <listitem> +- <para> +- the <emphasis remap="B">Linux-PAM</emphasis> vendor configuration +- directory. Files in <filename>/etc/pam.d</filename> override +- files with the same name in this directory. +- </para> +- </listitem> +- </varlistentry> +- <varlistentry condition="with_vendordir"> +- <term>%vendordir%/pam.d</term> +- <listitem> +- <para> +- additional <emphasis remap="B">Linux-PAM</emphasis> vendor +- configuration directory. Files in <filename>/etc/pam.d</filename> +- and <filename>/usr/lib/pam.d</filename> override files with the +- same name in this directory. +- </para> +- </listitem> +- </varlistentry> +- </variablelist> +- </refsect1> +- +- <refsect1 xml:id="pam8-errors"> +- <title>ERRORS</title> +- <para> +- Typically errors generated by the +- <emphasis remap="B">Linux-PAM</emphasis> system of libraries, will +- be written to <citerefentry> +- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>. +- </para> +- </refsect1> +- +- <refsect1 xml:id="pam8-conforming_to"> +- <title>CONFORMING TO</title> +- <para> +- DCE-RFC 86.0, October 1995. +- Contains additional features, but remains backwardly compatible +- with this RFC. +- </para> +- </refsect1> +- +- <refsect1 xml:id="pam8-see_also"> +- <title>SEE ALSO</title> +- <para> +- <citerefentry> +- <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>, +- <citerefentry> +- <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>, +- <citerefentry> +- <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>, +- <citerefentry> +- <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry>, +- <citerefentry> +- <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> +- </citerefentry> +- </para> +- </refsect1> +-</refentry> diff --git a/doc/man/pam_acct_mgmt.3.xml b/doc/man/pam_acct_mgmt.3.xml index de6a94a..6ff3ccb 100644 --- a/doc/man/pam_acct_mgmt.3.xml @@ -567,16 +556,6 @@ index de6a94a..6ff3ccb 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_authenticate.3 b/doc/man/pam_authenticate.3 -index 1760e2a..463a518 100644 ---- a/doc/man/pam_authenticate.3 -+++ b/doc/man/pam_authenticate.3 -@@ -107,4 +107,4 @@ User unknown to authentication service\&. - \fBpam_setcred\fR(3), - \fBpam_chauthtok\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) diff --git a/doc/man/pam_authenticate.3.xml b/doc/man/pam_authenticate.3.xml index 794a5c7..948b950 100644 --- a/doc/man/pam_authenticate.3.xml @@ -590,16 +569,6 @@ index 794a5c7..948b950 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_chauthtok.3 b/doc/man/pam_chauthtok.3 -index 60d267f..d7a1c1b 100644 ---- a/doc/man/pam_chauthtok.3 -+++ b/doc/man/pam_chauthtok.3 -@@ -106,4 +106,4 @@ User unknown to password service\&. - \fBpam_setcred\fR(3), - \fBpam_get_item\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) diff --git a/doc/man/pam_chauthtok.3.xml b/doc/man/pam_chauthtok.3.xml index e184f45..95af359 100644 --- a/doc/man/pam_chauthtok.3.xml @@ -613,16 +582,6 @@ index e184f45..95af359 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_conv.3 b/doc/man/pam_conv.3 -index 5ada083..35c35d0 100644 ---- a/doc/man/pam_conv.3 -+++ b/doc/man/pam_conv.3 -@@ -174,4 +174,4 @@ Success\&. - \fBpam_set_item\fR(3), - \fBpam_get_item\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) diff --git a/doc/man/pam_conv.3.xml b/doc/man/pam_conv.3.xml index 31834f3..96bfd23 100644 --- a/doc/man/pam_conv.3.xml @@ -636,19 +595,6 @@ index 31834f3..96bfd23 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_error.3 b/doc/man/pam_error.3 -index 9a6c3f8..6f04998 100644 ---- a/doc/man/pam_error.3 -+++ b/doc/man/pam_error.3 -@@ -80,7 +80,7 @@ System error\&. - \fBpam_vinfo\fR(3), - \fBpam_prompt\fR(3), - \fBpam_vprompt\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/doc/man/pam_error.3.xml b/doc/man/pam_error.3.xml index 0f294c2..82ea709 100644 --- a/doc/man/pam_error.3.xml @@ -662,24 +608,11 @@ index 0f294c2..82ea709 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_get_authtok.3 b/doc/man/pam_get_authtok.3 -index 105a217..3e6ddda 100644 ---- a/doc/man/pam_get_authtok.3 -+++ b/doc/man/pam_get_authtok.3 -@@ -162,7 +162,7 @@ New authentication tokens mismatch\&. - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/doc/man/pam_get_authtok.3.xml b/doc/man/pam_get_authtok.3.xml -index ba6d955..1cb7566 100644 +index 60e0a45..bfb04c1 100644 --- a/doc/man/pam_get_authtok.3.xml +++ b/doc/man/pam_get_authtok.3.xml -@@ -229,7 +229,7 @@ +@@ -230,7 +230,7 @@ <title>SEE ALSO</title> <para> <citerefentry> @@ -688,35 +621,6 @@ index ba6d955..1cb7566 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3 -index d08fde5..30434bb 100644 ---- a/doc/man/pam_get_item.3 -+++ b/doc/man/pam_get_item.3 -@@ -2,12 +2,12 @@ - .\" Title: pam_get_item - .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] - .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> --.\" Date: 05/07/2023 -+.\" Date: 02/29/2024 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM - .\" Language: English - .\" --.TH "PAM_GET_ITEM" "3" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" -+.TH "PAM_GET_ITEM" "3" "02/29/2024" "Linux\-PAM" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff --git a/doc/man/pam_getenv.3 b/doc/man/pam_getenv.3 -index d0d3999..f639ef9 100644 ---- a/doc/man/pam_getenv.3 -+++ b/doc/man/pam_getenv.3 -@@ -57,4 +57,4 @@ function returns NULL on failure\&. - \fBpam_start\fR(3), - \fBpam_getenvlist\fR(3), - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) diff --git a/doc/man/pam_getenv.3.xml b/doc/man/pam_getenv.3.xml index df25863..b5dbc12 100644 --- a/doc/man/pam_getenv.3.xml @@ -730,16 +634,6 @@ index df25863..b5dbc12 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_getenvlist.3 b/doc/man/pam_getenvlist.3 -index 8369764..e2ae949 100644 ---- a/doc/man/pam_getenvlist.3 -+++ b/doc/man/pam_getenvlist.3 -@@ -63,4 +63,4 @@ function returns NULL on failure\&. - \fBpam_start\fR(3), - \fBpam_getenv\fR(3), - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) diff --git a/doc/man/pam_getenvlist.3.xml b/doc/man/pam_getenvlist.3.xml index 54b1f41..7f755e5 100644 --- a/doc/man/pam_getenvlist.3.xml @@ -753,19 +647,6 @@ index 54b1f41..7f755e5 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_info.3 b/doc/man/pam_info.3 -index d66dee4..a76e039 100644 ---- a/doc/man/pam_info.3 -+++ b/doc/man/pam_info.3 -@@ -76,7 +76,7 @@ System error\&. - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/doc/man/pam_info.3.xml b/doc/man/pam_info.3.xml index 5155d41..9b4a3f0 100644 --- a/doc/man/pam_info.3.xml @@ -779,19 +660,6 @@ index 5155d41..9b4a3f0 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_misc_drop_env.3 b/doc/man/pam_misc_drop_env.3 -index b3d162c..ca84c1c 100644 ---- a/doc/man/pam_misc_drop_env.3 -+++ b/doc/man/pam_misc_drop_env.3 -@@ -52,7 +52,7 @@ all memory before - .SH "SEE ALSO" - .PP - \fBpam_getenvlist\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/doc/man/pam_misc_drop_env.3.xml b/doc/man/pam_misc_drop_env.3.xml index a7f6cc8..c7a2576 100644 --- a/doc/man/pam_misc_drop_env.3.xml @@ -805,19 +673,6 @@ index a7f6cc8..c7a2576 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_misc_paste_env.3 b/doc/man/pam_misc_paste_env.3 -index d707daa..6ca8c50 100644 ---- a/doc/man/pam_misc_paste_env.3 -+++ b/doc/man/pam_misc_paste_env.3 -@@ -47,7 +47,7 @@ PAM_SUCCESS\&. - .SH "SEE ALSO" - .PP - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/doc/man/pam_misc_paste_env.3.xml b/doc/man/pam_misc_paste_env.3.xml index 06194a9..2d99a1f 100644 --- a/doc/man/pam_misc_paste_env.3.xml @@ -831,19 +686,6 @@ index 06194a9..2d99a1f 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_misc_setenv.3 b/doc/man/pam_misc_setenv.3 -index 70030b7..0b1380a 100644 ---- a/doc/man/pam_misc_setenv.3 -+++ b/doc/man/pam_misc_setenv.3 -@@ -52,7 +52,7 @@ are concatenated with an \*(Aq=\*(Aq to form a name=value and passed to - .SH "SEE ALSO" - .PP - \fBpam_putenv\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/doc/man/pam_misc_setenv.3.xml b/doc/man/pam_misc_setenv.3.xml index 4414d54..c9403c5 100644 --- a/doc/man/pam_misc_setenv.3.xml @@ -857,34 +699,6 @@ index 4414d54..c9403c5 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_prompt.3 b/doc/man/pam_prompt.3 -index 3070747..aeaaac0 100644 ---- a/doc/man/pam_prompt.3 -+++ b/doc/man/pam_prompt.3 -@@ -2,12 +2,12 @@ - .\" Title: pam_prompt - .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] - .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> --.\" Date: 05/07/2023 -+.\" Date: 09/15/2023 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM - .\" Language: English - .\" --.TH "PAM_PROMPT" "3" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" -+.TH "PAM_PROMPT" "3" "09/15/2023" "Linux\-PAM" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -70,7 +70,7 @@ System error\&. - .RE - .SH "SEE ALSO" - .PP --\fBpam\fR(8), -+\fBpam\fR(7), - \fBpam_conv\fR(3) - .SH "STANDARDS" - .PP diff --git a/doc/man/pam_prompt.3.xml b/doc/man/pam_prompt.3.xml index c65a0c9..b53f502 100644 --- a/doc/man/pam_prompt.3.xml @@ -898,16 +712,6 @@ index c65a0c9..b53f502 100644 </citerefentry>, <citerefentry> <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> -diff --git a/doc/man/pam_putenv.3 b/doc/man/pam_putenv.3 -index 3b826b1..0e1002b 100644 ---- a/doc/man/pam_putenv.3 -+++ b/doc/man/pam_putenv.3 -@@ -108,4 +108,4 @@ The environment variable was successfully updated\&. - \fBpam_getenv\fR(3), - \fBpam_getenvlist\fR(3), - \fBpam_strerror\fR(3), --\fBpam\fR(8) -+\fBpam\fR(7) diff --git a/doc/man/pam_putenv.3.xml b/doc/man/pam_putenv.3.xml index 7267046..8daca00 100644 --- a/doc/man/pam_putenv.3.xml @@ -921,16 +725,6 @@ index 7267046..8daca00 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_strerror.3 b/doc/man/pam_strerror.3 -index 408eb3a..d6c5d51 100644 ---- a/doc/man/pam_strerror.3 -+++ b/doc/man/pam_strerror.3 -@@ -49,4 +49,4 @@ function returns a pointer to a string describing the error code passed in the a - This function returns always a pointer to a string\&. - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) diff --git a/doc/man/pam_strerror.3.xml b/doc/man/pam_strerror.3.xml index b76cbc4..2c7a8a9 100644 --- a/doc/man/pam_strerror.3.xml @@ -944,19 +738,6 @@ index b76cbc4..2c7a8a9 100644 </citerefentry> </para> </refsect1> -diff --git a/doc/man/pam_syslog.3 b/doc/man/pam_syslog.3 -index 8223131..d1f2589 100644 ---- a/doc/man/pam_syslog.3 -+++ b/doc/man/pam_syslog.3 -@@ -67,7 +67,7 @@ with the difference that it takes a set of arguments which have been obtained us - variable argument list macros\&. - .SH "SEE ALSO" - .PP --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "STANDARDS" - .PP - The diff --git a/doc/man/pam_syslog.3.xml b/doc/man/pam_syslog.3.xml index f5be287..5005476 100644 --- a/doc/man/pam_syslog.3.xml @@ -970,24 +751,11 @@ index f5be287..5005476 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5 -index b45e914..774e5cd 100644 ---- a/modules/pam_access/access.conf.5 -+++ b/modules/pam_access/access.conf.5 -@@ -210,7 +210,7 @@ option, the spaces will become part of the actual item and the line will be most - .PP - \fBpam_access\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHORS" - .PP - Original diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml -index ff1cb22..e1e5531 100644 +index 0b93db0..65c6b69 100644 --- a/modules/pam_access/access.conf.5.xml +++ b/modules/pam_access/access.conf.5.xml -@@ -229,7 +229,7 @@ +@@ -240,7 +240,7 @@ <para> <citerefentry><refentrytitle>pam_access</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, @@ -996,24 +764,11 @@ index ff1cb22..e1e5531 100644 </para> </refsect1> -diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8 -index c9f9d40..5b0e1a3 100644 ---- a/modules/pam_access/pam_access.8 -+++ b/modules/pam_access/pam_access.8 -@@ -133,7 +133,7 @@ Default configuration file - .PP - \fBaccess.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" - .PP - The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&. diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml -index 010e749..cc01d5c 100644 +index c991d7a..dcc5039 100644 --- a/modules/pam_access/pam_access.8.xml +++ b/modules/pam_access/pam_access.8.xml -@@ -270,7 +270,7 @@ +@@ -285,7 +285,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1022,19 +777,6 @@ index 010e749..cc01d5c 100644 </citerefentry>. </para> </refsect1> -diff --git a/modules/pam_debug/pam_debug.8 b/modules/pam_debug/pam_debug.8 -index b1a6de7..2b2dee3 100644 ---- a/modules/pam_debug/pam_debug.8 -+++ b/modules/pam_debug/pam_debug.8 -@@ -138,7 +138,7 @@ auth sufficient pam_debug\&.so auth=success cred=success - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_debug was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml index 1c98f17..939c19b 100644 --- a/modules/pam_debug/pam_debug.8.xml @@ -1048,19 +790,6 @@ index 1c98f17..939c19b 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8 -index 85146f1..81d5343 100644 ---- a/modules/pam_deny/pam_deny.8 -+++ b/modules/pam_deny/pam_deny.8 -@@ -96,7 +96,7 @@ other session required pam_deny\&.so - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_deny was written by Andrew G\&. Morgan <morgan@kernel\&.org> diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml index db8fcb6..de41a59 100644 --- a/modules/pam_deny/pam_deny.8.xml @@ -1074,19 +803,6 @@ index db8fcb6..de41a59 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_echo/pam_echo.8 b/modules/pam_echo/pam_echo.8 -index c927488..5f0712b 100644 ---- a/modules/pam_echo/pam_echo.8 -+++ b/modules/pam_echo/pam_echo.8 -@@ -126,7 +126,7 @@ password required pam_unix\&.so - .PP - \fBpam.conf\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - Thorsten Kukuk <kukuk@thkukuk\&.de> diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml index 07b793d..cf2d006 100644 --- a/modules/pam_echo/pam_echo.8.xml @@ -1100,39 +816,11 @@ index 07b793d..cf2d006 100644 </citerefentry></para> </refsect1> -diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8 -index f4e15f3..afef8b1 100644 ---- a/modules/pam_env/pam_env.8 -+++ b/modules/pam_env/pam_env.8 -@@ -2,12 +2,12 @@ - .\" Title: pam_env - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> --.\" Date: 05/07/2023 -+.\" Date: 09/13/2023 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM - .\" Language: English - .\" --.TH "PAM_ENV" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" -+.TH "PAM_ENV" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -153,7 +153,7 @@ User specific environment file - .PP - \fBpam_env.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBenviron\fR(7)\&. - .SH "AUTHOR" - .PP diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml -index fb172e1..a720d37 100644 +index c7889e0..082c1d5 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml -@@ -295,7 +295,7 @@ +@@ -312,7 +312,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1141,21 +829,8 @@ index fb172e1..a720d37 100644 </citerefentry>, <citerefentry> <refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum> -diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5 -index 90de5ea..9d9af67 100644 ---- a/modules/pam_env/pam_env.conf.5 -+++ b/modules/pam_env/pam_env.conf.5 -@@ -125,7 +125,7 @@ Silly examples of escaped variables, just to show how they work\&. - .PP - \fBpam_env\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBenviron\fR(7) - .SH "AUTHOR" - .PP diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml -index 81fc961..38bc5fd 100644 +index 46df480..da74046 100644 --- a/modules/pam_env/pam_env.conf.5.xml +++ b/modules/pam_env/pam_env.conf.5.xml @@ -135,7 +135,7 @@ @@ -1167,21 +842,8 @@ index 81fc961..38bc5fd 100644 <citerefentry><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> </para> </refsect1> -diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8 -index 4c7023d..bfa49f8 100644 ---- a/modules/pam_exec/pam_exec.8 -+++ b/modules/pam_exec/pam_exec.8 -@@ -182,7 +182,7 @@ with effective user ID\&. - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_exec was written by Thorsten Kukuk <kukuk@thkukuk\&.de> and Josh Triplett <josh@joshtriplett\&.org>\&. diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml -index 13abe6e..2eedb28 100644 +index 677d598..00b4b77 100644 --- a/modules/pam_exec/pam_exec.8.xml +++ b/modules/pam_exec/pam_exec.8.xml @@ -300,7 +300,7 @@ @@ -1193,19 +855,6 @@ index 13abe6e..2eedb28 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_faildelay/pam_faildelay.8 b/modules/pam_faildelay/pam_faildelay.8 -index 9d1d475..0e798cd 100644 ---- a/modules/pam_faildelay/pam_faildelay.8 -+++ b/modules/pam_faildelay/pam_faildelay.8 -@@ -87,7 +87,7 @@ auth optional pam_faildelay\&.so delay=10000000 - \fBpam_fail_delay\fR(3), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_faildelay was written by Darren Tucker <dtucker@zip\&.com\&.au>\&. diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml index c31b507..49ec46f 100644 --- a/modules/pam_faildelay/pam_faildelay.8.xml @@ -1219,19 +868,6 @@ index c31b507..49ec46f 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_filter/pam_filter.8 b/modules/pam_filter/pam_filter.8 -index 7a0735b..c9b2ee7 100644 ---- a/modules/pam_filter/pam_filter.8 -+++ b/modules/pam_filter/pam_filter.8 -@@ -166,7 +166,7 @@ to see how to configure login to transpose upper and lower case letters once the - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_filter was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml index 8015f41..0b85e82 100644 --- a/modules/pam_filter/pam_filter.8.xml @@ -1245,19 +881,6 @@ index 8015f41..0b85e82 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_ftp/pam_ftp.8 b/modules/pam_ftp/pam_ftp.8 -index e15dda7..c705ea1 100644 ---- a/modules/pam_ftp/pam_ftp.8 -+++ b/modules/pam_ftp/pam_ftp.8 -@@ -119,7 +119,7 @@ auth required pam_listfile\&.so \e - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_ftp was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml index 03f3678..90079d3 100644 --- a/modules/pam_ftp/pam_ftp.8.xml @@ -1271,19 +894,6 @@ index 03f3678..90079d3 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_group/group.conf.5 b/modules/pam_group/group.conf.5 -index 96009fe..96bb061 100644 ---- a/modules/pam_group/group.conf.5 -+++ b/modules/pam_group/group.conf.5 -@@ -115,7 +115,7 @@ xsh; tty* ;%admin;Al0000\-2400;plugdev - .PP - \fBpam_group\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml index a8875b3..8d5b2d4 100644 --- a/modules/pam_group/group.conf.5.xml @@ -1297,19 +907,6 @@ index a8875b3..8d5b2d4 100644 </para> </refsect1> -diff --git a/modules/pam_group/pam_group.8 b/modules/pam_group/pam_group.8 -index 959c749..1553f20 100644 ---- a/modules/pam_group/pam_group.8 -+++ b/modules/pam_group/pam_group.8 -@@ -103,7 +103,7 @@ Default configuration file - .PP - \fBgroup.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" - .PP - pam_group was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml index 695a7ba..292ee1c 100644 --- a/modules/pam_group/pam_group.8.xml @@ -1323,19 +920,6 @@ index 695a7ba..292ee1c 100644 </citerefentry>. </para> </refsect1> -diff --git a/modules/pam_issue/pam_issue.8 b/modules/pam_issue/pam_issue.8 -index fdeed52..745cc42 100644 ---- a/modules/pam_issue/pam_issue.8 -+++ b/modules/pam_issue/pam_issue.8 -@@ -152,7 +152,7 @@ to set the user specific issue at login: - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_issue was written by Ben Collins <bcollins@debian\&.org>\&. diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml index 20d3245..02b31f6 100644 --- a/modules/pam_issue/pam_issue.8.xml @@ -1349,19 +933,6 @@ index 20d3245..02b31f6 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_keyinit/pam_keyinit.8 b/modules/pam_keyinit/pam_keyinit.8 -index 5d7b3e4..50e4fe6 100644 ---- a/modules/pam_keyinit/pam_keyinit.8 -+++ b/modules/pam_keyinit/pam_keyinit.8 -@@ -137,7 +137,7 @@ This will prevent keys from one session leaking into another session for the sam - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBkeyctl\fR(1) - .SH "AUTHOR" - .PP diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml index 7b0a73b..0bab086 100644 --- a/modules/pam_keyinit/pam_keyinit.8.xml @@ -1375,21 +946,8 @@ index 7b0a73b..0bab086 100644 </citerefentry>, <citerefentry> <refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum> -diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8 -index 3a85ede..3c161ff 100644 ---- a/modules/pam_lastlog/pam_lastlog.8 -+++ b/modules/pam_lastlog/pam_lastlog.8 -@@ -189,7 +189,7 @@ Lastlog logging file - \fBlimits.conf\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_lastlog was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml -index 1fd9d9d..7c15b93 100644 +index d990978..d641387 100644 --- a/modules/pam_lastlog/pam_lastlog.8.xml +++ b/modules/pam_lastlog/pam_lastlog.8.xml @@ -322,7 +322,7 @@ @@ -1401,21 +959,8 @@ index 1fd9d9d..7c15b93 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5 -index ce0ca35..c9c4187 100644 ---- a/modules/pam_limits/limits.conf.5 -+++ b/modules/pam_limits/limits.conf.5 -@@ -351,7 +351,7 @@ ftp hard nproc 0 - .PP - \fBpam_limits\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBgetrlimit\fR(2), - \fBgetrlimit\fR(3p) - .SH "AUTHOR" diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml -index f6f7d87..d389335 100644 +index 348758a..652e37a 100644 --- a/modules/pam_limits/limits.conf.5.xml +++ b/modules/pam_limits/limits.conf.5.xml @@ -350,7 +350,7 @@ ftp hard nproc 0 @@ -1427,19 +972,6 @@ index f6f7d87..d389335 100644 <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>, <citerefentry><refentrytitle>getrlimit</refentrytitle><manvolnum>3p</manvolnum></citerefentry> </para> -diff --git a/modules/pam_limits/pam_limits.8 b/modules/pam_limits/pam_limits.8 -index a3d15f2..f971b64 100644 ---- a/modules/pam_limits/pam_limits.8 -+++ b/modules/pam_limits/pam_limits.8 -@@ -146,7 +146,7 @@ Replace "login" for each service you are using this module\&. - .PP - \fBlimits.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" - .PP - pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com> diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml index cca046c..8f026f0 100644 --- a/modules/pam_limits/pam_limits.8.xml @@ -1453,21 +985,8 @@ index cca046c..8f026f0 100644 </citerefentry>. </para> </refsect1> -diff --git a/modules/pam_listfile/pam_listfile.8 b/modules/pam_listfile/pam_listfile.8 -index 5052664..a23e6e5 100644 ---- a/modules/pam_listfile/pam_listfile.8 -+++ b/modules/pam_listfile/pam_listfile.8 -@@ -205,7 +205,7 @@ to the root account\&. - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_listfile was written by Michael K\&. Johnson <johnsonm@redhat\&.com> and Elliot Lee <sopwith@cuc\&.edu>\&. diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml -index 8847415..af747c1 100644 +index 40a553d..d74fee1 100644 --- a/modules/pam_listfile/pam_listfile.8.xml +++ b/modules/pam_listfile/pam_listfile.8.xml @@ -278,7 +278,7 @@ auth required pam_listfile.so \ @@ -1479,19 +998,6 @@ index 8847415..af747c1 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8 -index 455fdb2..f4f2b29 100644 ---- a/modules/pam_localuser/pam_localuser.8 -+++ b/modules/pam_localuser/pam_localuser.8 -@@ -117,7 +117,7 @@ Local user account information\&. - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_localuser was written by Nalin Dahyabhai <nalin@redhat\&.com>\&. diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml index 2002d1d..e4b9e07 100644 --- a/modules/pam_localuser/pam_localuser.8.xml @@ -1505,19 +1011,6 @@ index 2002d1d..e4b9e07 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_loginuid/pam_loginuid.8 b/modules/pam_loginuid/pam_loginuid.8 -index 32f1b54..70669a2 100644 ---- a/modules/pam_loginuid/pam_loginuid.8 -+++ b/modules/pam_loginuid/pam_loginuid.8 -@@ -85,7 +85,7 @@ session required pam_loginuid\&.so - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBauditctl\fR(8), - \fBauditd\fR(8) - .SH "AUTHOR" diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml index d5285f0..1beba98 100644 --- a/modules/pam_loginuid/pam_loginuid.8.xml @@ -1531,19 +1024,6 @@ index d5285f0..1beba98 100644 </citerefentry>, <citerefentry> <refentrytitle>auditctl</refentrytitle><manvolnum>8</manvolnum> -diff --git a/modules/pam_mail/pam_mail.8 b/modules/pam_mail/pam_mail.8 -index 36b95ba..ae4b890 100644 ---- a/modules/pam_mail/pam_mail.8 -+++ b/modules/pam_mail/pam_mail.8 -@@ -153,7 +153,7 @@ session optional pam_mail\&.so standard - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_mail was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_mail/pam_mail.8.xml b/modules/pam_mail/pam_mail.8.xml index 2c0c054..9b4ce36 100644 --- a/modules/pam_mail/pam_mail.8.xml @@ -1557,19 +1037,6 @@ index 2c0c054..9b4ce36 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8 b/modules/pam_mkhomedir/pam_mkhomedir.8 -index 112b39b..6962971 100644 ---- a/modules/pam_mkhomedir/pam_mkhomedir.8 -+++ b/modules/pam_mkhomedir/pam_mkhomedir.8 -@@ -129,7 +129,7 @@ A sample /etc/pam\&.d/login file: - .SH "SEE ALSO" - .PP - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHOR" - .PP - pam_mkhomedir was written by Jason Gunthorpe <jgg@debian\&.org>\&. diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml index ad95724..25f5497 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml @@ -1583,19 +1050,6 @@ index ad95724..25f5497 100644 </citerefentry>. </para> </refsect1> -diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8 -index b1a70c0..3f65bb5 100644 ---- a/modules/pam_motd/pam_motd.8 -+++ b/modules/pam_motd/pam_motd.8 -@@ -185,7 +185,7 @@ session optional pam_motd\&.so motd=/elsewhere/motd motd_dir=/elsewhere/motd\& - \fBmotd\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_motd was written by Ben Collins <bcollins@debian\&.org>\&. diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index 7442037..2fc5310 100644 --- a/modules/pam_motd/pam_motd.8.xml @@ -1609,24 +1063,11 @@ index 7442037..2fc5310 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_namespace/namespace.conf.5 b/modules/pam_namespace/namespace.conf.5 -index cf2509c..e4e8cfd 100644 ---- a/modules/pam_namespace/namespace.conf.5 -+++ b/modules/pam_namespace/namespace.conf.5 -@@ -162,7 +162,7 @@ This module also depends on pam_selinux\&.so setting the context\&. - .PP - \fBpam_namespace\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHORS" - .PP - The namespace\&.conf manual page was written by Janak Desai <janak@us\&.ibm\&.com>\&. More features added by Tomas Mraz <tmraz@redhat\&.com>\&. diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml -index d398639..dcf6973 100644 +index 54f9431..15aef5c 100644 --- a/modules/pam_namespace/namespace.conf.5.xml +++ b/modules/pam_namespace/namespace.conf.5.xml -@@ -222,7 +222,7 @@ +@@ -226,7 +226,7 @@ <para> <citerefentry><refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, @@ -1635,24 +1076,11 @@ index d398639..dcf6973 100644 </para> </refsect1> -diff --git a/modules/pam_namespace/pam_namespace.8 b/modules/pam_namespace/pam_namespace.8 -index 3c9e9b3..d69f9fd 100644 ---- a/modules/pam_namespace/pam_namespace.8 -+++ b/modules/pam_namespace/pam_namespace.8 -@@ -148,7 +148,7 @@ To use polyinstantiation with graphical display manager gdm, please refer to gdm - \fBnamespace.conf\fR(5), - \fBpam.d\fR(5), - \fBmount\fR(8), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHORS" - .PP - The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai <janak@us\&.ibm\&.com>, Chad Sellers <csellers@tresys\&.com> and Steve Grubb <sgrubb@redhat\&.com>\&. Additional improvements by Xavier Toth <txtoth@gmail\&.com> and Tomas Mraz <tmraz@redhat\&.com>\&. diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml -index 598037a..954093d 100644 +index a866d2e..0896372 100644 --- a/modules/pam_namespace/pam_namespace.8.xml +++ b/modules/pam_namespace/pam_namespace.8.xml -@@ -389,7 +389,7 @@ +@@ -392,7 +392,7 @@ <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> @@ -1661,19 +1089,6 @@ index 598037a..954093d 100644 </citerefentry>. </para> </refsect1> -diff --git a/modules/pam_nologin/pam_nologin.8 b/modules/pam_nologin/pam_nologin.8 -index ceb0237..c5df1b7 100644 ---- a/modules/pam_nologin/pam_nologin.8 -+++ b/modules/pam_nologin/pam_nologin.8 -@@ -124,7 +124,7 @@ modules would lead to a successful login because the nologin module - \fBnologin\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_nologin was written by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml index 1ea725c..1cc721a 100644 --- a/modules/pam_nologin/pam_nologin.8.xml @@ -1687,19 +1102,6 @@ index 1ea725c..1cc721a 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_permit/pam_permit.8 b/modules/pam_permit/pam_permit.8 -index 5b1881f..5432b75 100644 ---- a/modules/pam_permit/pam_permit.8 -+++ b/modules/pam_permit/pam_permit.8 -@@ -78,7 +78,7 @@ account required pam_permit\&.so - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_permit was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. diff --git a/modules/pam_permit/pam_permit.8.xml b/modules/pam_permit/pam_permit.8.xml index 0634e5e..9e6c7d0 100644 --- a/modules/pam_permit/pam_permit.8.xml @@ -1713,19 +1115,6 @@ index 0634e5e..9e6c7d0 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_pwhistory/pam_pwhistory.8 b/modules/pam_pwhistory/pam_pwhistory.8 -index df95ee3..e430bcd 100644 ---- a/modules/pam_pwhistory/pam_pwhistory.8 -+++ b/modules/pam_pwhistory/pam_pwhistory.8 -@@ -179,7 +179,7 @@ Config file for pam_pwhistory options - \fBpwhistory.conf\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - \fBpam_get_authtok\fR(3) - .SH "AUTHOR" - .PP diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml index d83d8d9..a5185fc 100644 --- a/modules/pam_pwhistory/pam_pwhistory.8.xml @@ -1739,19 +1128,6 @@ index d83d8d9..a5185fc 100644 </citerefentry> <citerefentry> <refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum> -diff --git a/modules/pam_rhosts/pam_rhosts.8 b/modules/pam_rhosts/pam_rhosts.8 -index 36077de..327ad22 100644 ---- a/modules/pam_rhosts/pam_rhosts.8 -+++ b/modules/pam_rhosts/pam_rhosts.8 -@@ -122,7 +122,7 @@ auth required pam_unix\&.so - \fBrhosts\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\&.de> diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml index b8a5c1c..41d541c 100644 --- a/modules/pam_rhosts/pam_rhosts.8.xml @@ -1765,19 +1141,6 @@ index b8a5c1c..41d541c 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8 -index 5fc021f..984cadd 100644 ---- a/modules/pam_rootok/pam_rootok.8 -+++ b/modules/pam_rootok/pam_rootok.8 -@@ -100,7 +100,7 @@ auth required pam_unix\&.so - \fBsu\fR(1), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_rootok was written by Andrew G\&. Morgan, <morgan@kernel\&.org>\&. diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml index a79c073..f30ad37 100644 --- a/modules/pam_rootok/pam_rootok.8.xml @@ -1791,19 +1154,6 @@ index a79c073..f30ad37 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8 -index ca90438..95804fb 100644 ---- a/modules/pam_securetty/pam_securetty.8 -+++ b/modules/pam_securetty/pam_securetty.8 -@@ -134,7 +134,7 @@ auth required pam_unix\&.so - \fBsecuretty\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_securetty was written by Elliot Lee <sopwith@cuc\&.edu>\&. diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml index 9038f5b..fcf0e88 100644 --- a/modules/pam_securetty/pam_securetty.8.xml @@ -1817,34 +1167,6 @@ index 9038f5b..fcf0e88 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_selinux/pam_selinux.8 b/modules/pam_selinux/pam_selinux.8 -index 260bc47..12fe015 100644 ---- a/modules/pam_selinux/pam_selinux.8 -+++ b/modules/pam_selinux/pam_selinux.8 -@@ -2,12 +2,12 @@ - .\" Title: pam_selinux - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> --.\" Date: 05/07/2023 -+.\" Date: 09/13/2023 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM - .\" Language: English - .\" --.TH "PAM_SELINUX" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -144,7 +144,7 @@ session optional pam_selinux\&.so - \fBexecve\fR(2), - \fBtty\fR(4), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBselinux\fR(8) - .SH "AUTHOR" - .PP diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index 3aa632c..7ec5daf 100644 --- a/modules/pam_selinux/pam_selinux.8.xml @@ -1858,21 +1180,8 @@ index 3aa632c..7ec5daf 100644 </citerefentry>, <citerefentry> <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> -diff --git a/modules/pam_sepermit/pam_sepermit.8 b/modules/pam_sepermit/pam_sepermit.8 -index f47f4a8..3270746 100644 ---- a/modules/pam_sepermit/pam_sepermit.8 -+++ b/modules/pam_sepermit/pam_sepermit.8 -@@ -124,7 +124,7 @@ session required pam_permit\&.so - \fBsepermit.conf\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - \fBselinux\fR(8) - .SH "AUTHOR" - .PP diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml -index 791d2bb..1ead429 100644 +index 114864a..9efb204 100644 --- a/modules/pam_sepermit/pam_sepermit.8.xml +++ b/modules/pam_sepermit/pam_sepermit.8.xml @@ -177,7 +177,7 @@ session required pam_permit.so @@ -1884,19 +1193,6 @@ index 791d2bb..1ead429 100644 </citerefentry> <citerefentry> <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum> -diff --git a/modules/pam_sepermit/sepermit.conf.5 b/modules/pam_sepermit/sepermit.conf.5 -index e2b1736..d2cd381 100644 ---- a/modules/pam_sepermit/sepermit.conf.5 -+++ b/modules/pam_sepermit/sepermit.conf.5 -@@ -110,7 +110,7 @@ These are some example lines which might be specified in - .PP - \fBpam_sepermit\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8), -+\fBpam\fR(7), - \fBselinux\fR(8), - .SH "AUTHOR" - .PP diff --git a/modules/pam_sepermit/sepermit.conf.5.xml b/modules/pam_sepermit/sepermit.conf.5.xml index ff924ce..1f1dcae 100644 --- a/modules/pam_sepermit/sepermit.conf.5.xml @@ -1910,24 +1206,11 @@ index ff924ce..1f1dcae 100644 <citerefentry><refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>, </para> </refsect1> -diff --git a/modules/pam_shells/pam_shells.8 b/modules/pam_shells/pam_shells.8 -index af3dc66..7962bad 100644 ---- a/modules/pam_shells/pam_shells.8 -+++ b/modules/pam_shells/pam_shells.8 -@@ -84,7 +84,7 @@ auth required pam_shells\&.so - \fBshells\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_shells was written by Erik Troan <ewt@redhat\&.com>\&. diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml -index b9f90e9..bff889f 100644 +index e1b35a3..7889702 100644 --- a/modules/pam_shells/pam_shells.8.xml +++ b/modules/pam_shells/pam_shells.8.xml -@@ -107,7 +107,7 @@ auth required pam_shells.so +@@ -115,7 +115,7 @@ auth required pam_shells.so <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -1936,19 +1219,6 @@ index b9f90e9..bff889f 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_succeed_if/pam_succeed_if.8 b/modules/pam_succeed_if/pam_succeed_if.8 -index e61af0c..98a9d85 100644 ---- a/modules/pam_succeed_if/pam_succeed_if.8 -+++ b/modules/pam_succeed_if/pam_succeed_if.8 -@@ -220,7 +220,7 @@ type required othermodule\&.so arguments\&.\&.\&. - .SH "SEE ALSO" - .PP - \fBglob\fR(7), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - Nalin Dahyabhai <nalin@redhat\&.com> diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index 90fd114..b8f65e7 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -1962,19 +1232,6 @@ index 90fd114..b8f65e7 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_time/pam_time.8 b/modules/pam_time/pam_time.8 -index 48c7ffc..13a53ef 100644 ---- a/modules/pam_time/pam_time.8 -+++ b/modules/pam_time/pam_time.8 -@@ -116,7 +116,7 @@ login account required pam_time\&.so - .PP - \fBtime.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8)\&. -+\fBpam\fR(7)\&. - .SH "AUTHOR" - .PP - pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml index 1fa60a1..748bcd1 100644 --- a/modules/pam_time/pam_time.8.xml @@ -1988,19 +1245,6 @@ index 1fa60a1..748bcd1 100644 </citerefentry>. </para> </refsect1> -diff --git a/modules/pam_time/time.conf.5 b/modules/pam_time/time.conf.5 -index c68dfa7..9064977 100644 ---- a/modules/pam_time/time.conf.5 -+++ b/modules/pam_time/time.conf.5 -@@ -109,7 +109,7 @@ games ; * ; !waster ; Wd0000\-2400 | Wk1800\-0800 - .PP - \fBpam_time\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_time was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml index 3fe263d..30c9a92 100644 --- a/modules/pam_time/time.conf.5.xml @@ -2014,19 +1258,6 @@ index 3fe263d..30c9a92 100644 </para> </refsect1> -diff --git a/modules/pam_timestamp/pam_timestamp.8 b/modules/pam_timestamp/pam_timestamp.8 -index a7b7e1c..347724b 100644 ---- a/modules/pam_timestamp/pam_timestamp.8 -+++ b/modules/pam_timestamp/pam_timestamp.8 -@@ -124,7 +124,7 @@ timestamp files and directories - \fBpam_timestamp_check\fR(8), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_timestamp was written by Nalin Dahyabhai\&. diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml index a763ad8..e6b2df7 100644 --- a/modules/pam_timestamp/pam_timestamp.8.xml @@ -2040,21 +1271,8 @@ index a763ad8..e6b2df7 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_timestamp/pam_timestamp_check.8 b/modules/pam_timestamp/pam_timestamp_check.8 -index 3425a36..f19a225 100644 ---- a/modules/pam_timestamp/pam_timestamp_check.8 -+++ b/modules/pam_timestamp/pam_timestamp_check.8 -@@ -127,7 +127,7 @@ timestamp files and directories - \fBpam_timestamp_check\fR(8), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_timestamp was written by Nalin Dahyabhai\&. diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml -index f0c0956..e947f75 100644 +index 7f850ae..7a7770a 100644 --- a/modules/pam_timestamp/pam_timestamp_check.8.xml +++ b/modules/pam_timestamp/pam_timestamp_check.8.xml @@ -189,7 +189,7 @@ session optional pam_timestamp.so @@ -2066,19 +1284,6 @@ index f0c0956..e947f75 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_tty_audit/pam_tty_audit.8 b/modules/pam_tty_audit/pam_tty_audit.8 -index ada11ae..2ba5335 100644 ---- a/modules/pam_tty_audit/pam_tty_audit.8 -+++ b/modules/pam_tty_audit/pam_tty_audit.8 -@@ -129,7 +129,7 @@ session required pam_tty_audit\&.so disable=* enable=root - \fBaureport\fR(8), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_tty_audit was written by Miloslav Trmač <mitr@redhat\&.com>\&. The log_passwd option was added by Richard Guy Briggs <rgb@redhat\&.com>\&. diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml index b46bbf7..79d8115 100644 --- a/modules/pam_tty_audit/pam_tty_audit.8.xml @@ -2092,24 +1297,11 @@ index b46bbf7..79d8115 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_umask/pam_umask.8 b/modules/pam_umask/pam_umask.8 -index 741c316..c7636e2 100644 ---- a/modules/pam_umask/pam_umask.8 -+++ b/modules/pam_umask/pam_umask.8 -@@ -170,7 +170,7 @@ to set the user specific umask at login: - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_umask was written by Thorsten Kukuk <kukuk@thkukuk\&.de>\&. diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml -index 0527667..acb3bc0 100644 +index d2cead4..54a44ef 100644 --- a/modules/pam_umask/pam_umask.8.xml +++ b/modules/pam_umask/pam_umask.8.xml -@@ -243,7 +243,7 @@ +@@ -245,7 +245,7 @@ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> @@ -2118,21 +1310,8 @@ index 0527667..acb3bc0 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8 -index 6f5f19b..07f8308 100644 ---- a/modules/pam_unix/pam_unix.8 -+++ b/modules/pam_unix/pam_unix.8 -@@ -310,7 +310,7 @@ session required pam_unix\&.so - \fBlogin.defs\fR(5), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_unix was written by various people\&. diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml -index 4e63a49..a025c0e 100644 +index d02320b..7e4fd5d 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -556,7 +556,7 @@ session required pam_unix.so @@ -2144,19 +1323,6 @@ index 4e63a49..a025c0e 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_userdb/pam_userdb.8 b/modules/pam_userdb/pam_userdb.8 -index c639772..a2493b5 100644 ---- a/modules/pam_userdb/pam_userdb.8 -+++ b/modules/pam_userdb/pam_userdb.8 -@@ -152,7 +152,7 @@ auth sufficient pam_userdb\&.so icase db=/etc/dbtest - \fBcrypt\fR(3), - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml index 0f96410..86ba895 100644 --- a/modules/pam_userdb/pam_userdb.8.xml @@ -2170,19 +1336,6 @@ index 0f96410..86ba895 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_warn/pam_warn.8 b/modules/pam_warn/pam_warn.8 -index 3e507d7..0138c70 100644 ---- a/modules/pam_warn/pam_warn.8 -+++ b/modules/pam_warn/pam_warn.8 -@@ -83,7 +83,7 @@ other session required pam_deny\&.so - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_warn was written by Andrew G\&. Morgan <morgan@kernel\&.org>\&. diff --git a/modules/pam_warn/pam_warn.8.xml b/modules/pam_warn/pam_warn.8.xml index a20c5f7..a69e1d6 100644 --- a/modules/pam_warn/pam_warn.8.xml @@ -2196,55 +1349,6 @@ index a20c5f7..a69e1d6 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8 -index 8077e81..ca687e5 100644 ---- a/modules/pam_wheel/pam_wheel.8 -+++ b/modules/pam_wheel/pam_wheel.8 -@@ -2,12 +2,12 @@ - .\" Title: pam_wheel - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> --.\" Date: 05/07/2023 -+.\" Date: 09/13/2023 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM - .\" Language: English - .\" --.TH "PAM_WHEEL" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" -+.TH "PAM_WHEEL" "8" "09/13/2023" "Linux\-PAM" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -31,7 +31,7 @@ - pam_wheel \- Only permit root access to members of group wheel - .SH "SYNOPSIS" - .HP \w'\fBpam_wheel\&.so\fR\ 'u --\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] -+\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] - .SH "DESCRIPTION" - .PP - The pam_wheel PAM module is used to enforce the so\-called -@@ -72,11 +72,6 @@ trust - .RS 4 - The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. - .RE --.PP --use_uid --.RS 4 --The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&. --.RE - .SH "MODULE TYPES PROVIDED" - .PP - The -@@ -141,7 +136,7 @@ su auth required pam_unix\&.so - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&. diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml index b42e27d..86f2828 100644 --- a/modules/pam_wheel/pam_wheel.8.xml @@ -2258,19 +1362,6 @@ index b42e27d..86f2828 100644 </citerefentry> </para> </refsect1> -diff --git a/modules/pam_xauth/pam_xauth.8 b/modules/pam_xauth/pam_xauth.8 -index 31c9074..e6f23c1 100644 ---- a/modules/pam_xauth/pam_xauth.8 -+++ b/modules/pam_xauth/pam_xauth.8 -@@ -177,7 +177,7 @@ XXX - .PP - \fBpam.conf\fR(5), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(7) - .SH "AUTHOR" - .PP - pam_xauth was written by Nalin Dahyabhai <nalin@redhat\&.com>, based on original version by Michael K\&. Johnson <johnsonm@redhat\&.com>\&. diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml index f5fc5a3..214226b 100644 --- a/modules/pam_xauth/pam_xauth.8.xml diff --git a/debian/patches/fix-autoreconf.patch b/debian/patches/fix-autoreconf.patch deleted file mode 100644 index 927a0473..00000000 --- a/debian/patches/fix-autoreconf.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Andreas Henriksson <andreas@fatal.se> -Date: Thu, 8 Nov 2018 19:09:21 +0100 -Subject: fix-autoreconf.patch - -Do not override user variables in Makefile.am, see the -"Flag Variables Ordering" section of the automake manual. ---- - doc/specs/Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am -index 58e14b3..2ebd980 100644 ---- a/doc/specs/Makefile.am -+++ b/doc/specs/Makefile.am -@@ -12,9 +12,9 @@ draft-morgan-pam-current.txt: padout draft-morgan-pam.raw - AM_YFLAGS = -d - - CC = @CC_FOR_BUILD@ --CPPFLAGS = @BUILD_CPPFLAGS@ --CFLAGS = @BUILD_CFLAGS@ --LDFLAGS = @BUILD_LDFLAGS@ -+AM_CPPFLAGS = @BUILD_CPPFLAGS@ -+AM_CFLAGS = @BUILD_CFLAGS@ -+AM_LDFLAGS = @BUILD_LDFLAGS@ - - padout_CFLAGS = $(WARN_CFLAGS) -Wno-unused-function -Wno-sign-compare - diff --git a/debian/patches/ftbfs-implicit-function-declaration b/debian/patches/ftbfs-implicit-function-declaration deleted file mode 100644 index c79aff51..00000000 --- a/debian/patches/ftbfs-implicit-function-declaration +++ /dev/null @@ -1,23 +0,0 @@ -From: Sam Hartman <hartmans@debian.org> -Date: Mon, 8 Apr 2024 15:40:35 -0600 -Subject: Fix FTBFS when built with -Werror=implicit-function-declaration - -Bug-Ubuntu: https://bugs.launchpad.net/bugs/2055453 -Forwarded: no -Last-Update: 2024-02-29 ---- - modules/pam_unix/support.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index e15ee98..9c065c5 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -6,6 +6,7 @@ - #define _PAM_UNIX_SUPPORT_H - - #include <pwd.h> -+#include "libpam/include/pam_inline.h" - - /* - * File to read value of ENCRYPT_METHOD from. diff --git a/debian/patches/lib_security_multiarch_compat b/debian/patches/lib_security_multiarch_compat index 0e7ada42..fb878a41 100644 --- a/debian/patches/lib_security_multiarch_compat +++ b/debian/patches/lib_security_multiarch_compat @@ -15,18 +15,22 @@ currently abusing the existing variables and inverting their meaning in order to get everything installed where we want it and get absolute paths the way we want them. --- - libpam/pam_handlers.c | 34 ++++++++++++++++++++++------------ - 1 file changed, 22 insertions(+), 12 deletions(-) + libpam/pam_handlers.c | 40 +++++++++++++++++++++++++--------------- + 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c -index c7045d2..dc5f81f 100644 +index 1df5e40..9838fb2 100644 --- a/libpam/pam_handlers.c +++ b/libpam/pam_handlers.c -@@ -737,7 +737,27 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) +@@ -667,10 +667,30 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) + /* Be pessimistic... */ success = PAM_ABORT; - D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); +- D(("_pam_dlopen(%s)", mod_path)); - mod->dl_handle = _pam_dlopen(mod_path); +- D(("_pam_dlopen'ed")); +- D(("dlopen'ed")); ++ D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); + if (mod_path[0] == '/') { + mod->dl_handle = _pam_dlopen(mod_path); + } else { @@ -48,10 +52,12 @@ index c7045d2..dc5f81f 100644 + } + } + } - D(("_pam_load_module: _pam_dlopen'ed")); - D(("_pam_load_module: dlopen'ed")); ++ D(("_pam_load_module: _pam_dlopen'ed")); ++ D(("_pam_load_module: dlopen'ed")); if (mod->dl_handle == NULL) { -@@ -814,7 +834,6 @@ int _pam_add_handler(pam_handle_t *pamh + const char *isa = strstr(mod_path, "$ISA"); + size_t isa_len = strlen("$ISA"); +@@ -736,7 +756,6 @@ static int _pam_add_handler(pam_handle_t *pamh struct handler **handler_p2; struct handlers *the_handlers; const char *sym, *sym2; @@ -59,7 +65,7 @@ index c7045d2..dc5f81f 100644 servicefn func, func2; int mod_type = PAM_MT_FAULTY_MOD; -@@ -826,16 +845,7 @@ int _pam_add_handler(pam_handle_t *pamh +@@ -748,16 +767,7 @@ static int _pam_add_handler(pam_handle_t *pamh if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && mod_path != NULL) { diff --git a/debian/patches/make_documentation_reproducible.patch b/debian/patches/make_documentation_reproducible.patch index 105766a9..60231c8d 100644 --- a/debian/patches/make_documentation_reproducible.patch +++ b/debian/patches/make_documentation_reproducible.patch @@ -2,24 +2,58 @@ From: "jumapico@gmail.com" <jumapico@gmail.com> Date: Mon, 11 Sep 2023 14:00:42 -0600 Subject: Make documentation reproducible -Last-Update: 2019-01-06 - -Add LC_ALL=C.UTF-8 to w3m to avoid changes in the output when build the +Add LC_ALL=C.UTF-8 to w3m to avoid changes in the output when building the documentation with different locales. +Updated for meson build system. --- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + doc/guide-meson.build | 1 + + meson.build | 4 +++- + modules/module-meson.build | 1 + + 3 files changed, 5 insertions(+), 1 deletion(-) -diff --git a/configure.ac b/configure.ac -index b9b0f83..5f11912 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -647,7 +647,7 @@ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl-ns/current/manp +diff --git a/doc/guide-meson.build b/doc/guide-meson.build +index e29d16e..9c40cf0 100644 +--- a/doc/guide-meson.build ++++ b/doc/guide-meson.build +@@ -50,6 +50,7 @@ custom_target( + '@OUTPUT@', + browser, + ], ++ env:docs_env, + install: true, + install_dir: docdir, + install_tag: 'doc', +diff --git a/meson.build b/meson.build +index 2be2128..871f26a 100644 +--- a/meson.build ++++ b/meson.build +@@ -473,6 +473,8 @@ endif - AC_PATH_PROG([BROWSER], [w3m]) - if test -n "$BROWSER"; then -- BROWSER="$BROWSER -T text/html -dump" -+ BROWSER="LC_ALL=C.UTF-8 $BROWSER -T text/html -dump" - else - AC_PATH_PROG([BROWSER], [elinks]) - if test -n "$BROWSER"; then + feature_docs = get_option('docs') + enable_docs = not feature_docs.disabled() ++docs_env = environment() ++docs_env.set('LC_ALL', 'C.UTF-8') + if enable_docs + prog_xsltproc = find_program( + 'xsltproc', +@@ -489,7 +491,7 @@ if enable_docs + required: false, + ) + if prog_w3m.found() +- browser = [prog_w3m, '-T', 'text/html', '-dump'] ++ browser = [ prog_w3m, '-T', 'text/html', '-dump'] + else + prog_elinks = find_program( + 'elinks', +diff --git a/modules/module-meson.build b/modules/module-meson.build +index acb7087..d55dad2 100644 +--- a/modules/module-meson.build ++++ b/modules/module-meson.build +@@ -245,6 +245,7 @@ custom_target( + '@INPUT@', + '@OUTPUT@', + browser], ++ env:docs_env, + install: true, + install_dir: docdir / 'modules', + install_tag: 'doc', diff --git a/debian/patches/no_PATH_MAX_on_hurd b/debian/patches/no_PATH_MAX_on_hurd deleted file mode 100644 index 6c20ab8c..00000000 --- a/debian/patches/no_PATH_MAX_on_hurd +++ /dev/null @@ -1,28 +0,0 @@ -From: Steve Langasek <vorlon@debian.org> -Date: Mon, 11 Sep 2023 14:00:42 -0600 -Subject: define PATH_MAX for compatibility when it's not already set - -Bug-Debian: http://bugs.debian.org/552043 - -Some platforms, such as the Hurd, don't set PATH_MAX. Set a reasonable -default value in this case. ---- - tests/tst-dlopen.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c -index 7092716..535ee1c 100644 ---- a/tests/tst-dlopen.c -+++ b/tests/tst-dlopen.c -@@ -16,6 +16,11 @@ - #include <limits.h> - #include <sys/stat.h> - -+/* Hurd compatibility */ -+#ifndef PATH_MAX -+#define PATH_MAX 4096 -+#endif -+ - /* Simple program to see if dlopen() would succeed. */ - int main(int argc, char **argv) - { diff --git a/debian/patches/nullok_secure-compat.patch b/debian/patches/nullok_secure-compat.patch index a69cd05e..3d83aeb6 100644 --- a/debian/patches/nullok_secure-compat.patch +++ b/debian/patches/nullok_secure-compat.patch @@ -8,10 +8,10 @@ Last-Update: 2020-08-11 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index 91e7478..e15ee98 100644 +index 425ff66..4d52825 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h -@@ -102,8 +102,9 @@ typedef struct { +@@ -103,8 +103,9 @@ typedef struct { #define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */ #define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */ #define UNIX_OBSCURE_CHECKS 34 /* enable obscure checks on passwords */ @@ -22,7 +22,7 @@ index 91e7478..e15ee98 100644 #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)) -@@ -147,6 +148,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = +@@ -148,6 +149,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(0x6EC22000ULL), 0x40000000, 1}, /* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 0x80000000, 0}, /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x100000000, 0}, diff --git a/debian/patches/pam-limits-nofile-fd-setsize-cap b/debian/patches/pam-limits-nofile-fd-setsize-cap index 866ff1e3..d75fec95 100644 --- a/debian/patches/pam-limits-nofile-fd-setsize-cap +++ b/debian/patches/pam-limits-nofile-fd-setsize-cap @@ -45,12 +45,12 @@ Last-Update: 2015-04-22 1 file changed, 8 insertions(+) diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index adda08b..a58d424 100644 +index 7e2d93d..2603028 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c -@@ -459,6 +459,14 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int - pl->limits[i].src_hard = LIMITS_DEF_KERNEL; +@@ -539,6 +539,14 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int } + free(line); fclose(limitsfile); + + /* Cap the default soft nofile limit read from pid 1 to FD_SETSIZE @@ -61,5 +61,5 @@ index adda08b..a58d424 100644 + pl->limits[RLIMIT_NOFILE].limit.rlim_cur = FD_SETSIZE; + } } + #endif - static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) diff --git a/debian/patches/pam_mkhomedir_stat_before_opendir b/debian/patches/pam_mkhomedir_stat_before_opendir index 50026225..dddd5278 100644 --- a/debian/patches/pam_mkhomedir_stat_before_opendir +++ b/debian/patches/pam_mkhomedir_stat_before_opendir @@ -8,18 +8,18 @@ Subject: pam_mkhomedir_stat_before_opendir 1 file changed, 7 insertions(+) diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c -index 3213f02..643d5d0 100644 +index eefb599..fa9089d 100644 --- a/modules/pam_mkhomedir/mkhomedir_helper.c +++ b/modules/pam_mkhomedir/mkhomedir_helper.c -@@ -39,6 +39,7 @@ create_homedir(const struct passwd *pwd, - DIR *d; +@@ -271,6 +271,7 @@ create_homedir(struct dir_spec *parent, const struct passwd *pwd, struct dirent *dent; + struct dir_spec base; int retval = PAM_SESSION_ERR; + struct stat stat_buf; /* Create the new directory */ - if (mkdir(dest, 0700) && errno != EEXIST) -@@ -54,6 +55,12 @@ create_homedir(const struct passwd *pwd, + if (mkdirat(parent->fd, dest, 0700)) +@@ -295,6 +296,12 @@ create_homedir(struct dir_spec *parent, const struct passwd *pwd, goto go_out; } diff --git a/debian/patches/pam_namespace_o_directory b/debian/patches/pam_namespace_o_directory deleted file mode 100644 index f8838223..00000000 --- a/debian/patches/pam_namespace_o_directory +++ /dev/null @@ -1,58 +0,0 @@ -From: Sam Hartman <hartmans@debian.org> -Date: Fri, 2 Feb 2024 11:38:09 -0700 -Subject: From: Matthias Gerstner <matthias.gerstner@suse.de> Date: Wed, - 27 Dec 2023 14:01:59 +0100 Subject: pam_namespace: protect_dir(): use - O_DIRECTORY to prevent local DoS situations Origin: - https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb - Bug-Debian: https://bugs.debian.org/1061097 Bug-Debian-Security: - https://security-tracker.debian.org/tracker/CVE-2024-22365 - -Without O_DIRECTORY the path crawling logic is subject to e.g. FIFOs -being placed in user controlled directories, causing the PAM module to -block indefinitely during `openat()`. - -Pass O_DIRECTORY to cause the `openat()` to fail if the path does not -refer to a directory. - -With this the check whether the final path element is a directory -becomes unnecessary, drop it. ---- - modules/pam_namespace/pam_namespace.c | 18 +----------------- - 1 file changed, 1 insertion(+), 17 deletions(-) - -diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c -index f34ce93..ef85644 100644 ---- a/modules/pam_namespace/pam_namespace.c -+++ b/modules/pam_namespace/pam_namespace.c -@@ -1194,7 +1194,7 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, - int dfd = AT_FDCWD; - int dfd_next; - int save_errno; -- int flags = O_RDONLY; -+ int flags = O_RDONLY | O_DIRECTORY; - int rv = -1; - struct stat st; - -@@ -1248,22 +1248,6 @@ static int protect_dir(const char *path, mode_t mode, int do_mkdir, - rv = openat(dfd, dir, flags); - } - -- if (rv != -1) { -- if (fstat(rv, &st) != 0) { -- save_errno = errno; -- close(rv); -- rv = -1; -- errno = save_errno; -- goto error; -- } -- if (!S_ISDIR(st.st_mode)) { -- close(rv); -- errno = ENOTDIR; -- rv = -1; -- goto error; -- } -- } -- - if (flags & O_NOFOLLOW) { - /* we are inside user-owned dir - protect */ - if (protect_mount(rv, p, idata) == -1) { diff --git a/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch b/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch deleted file mode 100644 index 5a94c25d..00000000 --- a/debian/patches/pam_unix_dont_trust_chkpwd_caller.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Sam Hartman <hartmans@debian.org> -Date: Mon, 11 Sep 2023 14:00:42 -0600 -Subject: pam_unix_dont_trust_chkpwd_caller - -Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd -helper could be sgid shadow instead of suid root, as it is in Debian and -Ubuntu by default. Drop any sgid bits as well. - -Authors: Steve Langasek <vorlon@debian.org>, - Michael Spang <mspang@csclub.uwaterloo.ca> - -Upstream status: to be submitted ---- - modules/pam_unix/unix_chkpwd.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c -index 556a2e2..5e7b571 100644 ---- a/modules/pam_unix/unix_chkpwd.c -+++ b/modules/pam_unix/unix_chkpwd.c -@@ -138,9 +138,10 @@ int main(int argc, char *argv[]) - /* if the caller specifies the username, verify that user - matches it */ - if (user == NULL || strcmp(user, argv[1])) { -+ gid_t gid = getgid(); - user = argv[1]; - /* no match -> permanently change to the real user and proceed */ -- if (setuid(getuid()) != 0) -+ if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0) - return PAM_AUTH_ERR; - } - } diff --git a/debian/patches/series b/debian/patches/series index 590e2847..269d7690 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,8 +1,6 @@ -pam_unix_dont_trust_chkpwd_caller.patch make_documentation_reproducible.patch 0003-pam_unix-obscure-checks.patch 022_pam_unix_group_time_miscfixes -026_pam_unix_passwd_unknown_user 031_pam_include 036_pam_wheel_getlogin_considered_harmful 027_pam_limits_better_init_allow_explicit_root @@ -15,9 +13,6 @@ hurd_no_setfsuid PAM-manpage-section update-motd lib_security_multiarch_compat -no_PATH_MAX_on_hurd -fix-autoreconf.patch nullok_secure-compat.patch pam_mkhomedir_stat_before_opendir -pam_namespace_o_directory -ftbfs-implicit-function-declaration +0018-Libpam-is-both-shared-and-static.patch diff --git a/debian/patches/update-motd b/debian/patches/update-motd index fc9c9d8d..fa515cea 100644 --- a/debian/patches/update-motd +++ b/debian/patches/update-motd @@ -10,45 +10,10 @@ Last-Update: 2019-02-12 Forwarded: no Bug-Ubuntu: https://bugs.launchpad.net/bugs/399071 --- - modules/pam_motd/README | 4 ++++ - modules/pam_motd/pam_motd.8 | 7 +++++++ modules/pam_motd/pam_motd.8.xml | 11 +++++++++++ modules/pam_motd/pam_motd.c | 18 ++++++++++++++++++ - 4 files changed, 40 insertions(+) + 2 files changed, 29 insertions(+) -diff --git a/modules/pam_motd/README b/modules/pam_motd/README -index 01bc64e..375ec80 100644 ---- a/modules/pam_motd/README -+++ b/modules/pam_motd/README -@@ -52,6 +52,10 @@ motd_dir=/path/dirname.d - colon-separated list. By default this option is set to /etc/motd.d:/run/ - motd.d:/usr/lib/motd.d. - -+noupdate -+ -+ Don't run the scripts in /etc/update-motd.d to refresh the motd file. -+ - When no options are given, the default behavior applies for both options. - Specifying either option (or both) will disable the default behavior for both - options. -diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8 -index 3f65bb5..6a6ab4e 100644 ---- a/modules/pam_motd/pam_motd.8 -+++ b/modules/pam_motd/pam_motd.8 -@@ -109,6 +109,13 @@ directory is scanned and each file contained inside of it is displayed\&. Multip - /etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&. - .RE - .PP -+\fBnoupdate\fR -+.RS 4 -+Don\*(Aqt run the scripts in -+/etc/update\-motd\&.d -+to refresh the motd file\&. -+.RE -+.PP - When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&. - .SH "MODULE TYPES PROVIDED" - .PP diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index 2fc5310..8369779 100644 --- a/modules/pam_motd/pam_motd.8.xml @@ -72,26 +37,26 @@ index 2fc5310..8369779 100644 <para> When no options are given, the default behavior applies for both diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c -index 5ca486e..8472dd6 100644 +index 89b2595..e6ce874 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c -@@ -383,6 +383,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, +@@ -387,6 +387,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval = PAM_IGNORE; + int do_update = 1; const char *motd_path = NULL; char *motd_path_copy = NULL; - unsigned int num_motd_paths = 0; -@@ -392,6 +393,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, - unsigned int num_motd_dir_paths = 0; + size_t num_motd_paths = 0; +@@ -396,6 +397,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, + size_t num_motd_dir_paths = 0; char **motd_dir_path_split = NULL; int report_missing; + struct stat st; if (flags & PAM_SILENT) { return retval; -@@ -421,6 +423,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, +@@ -425,6 +427,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, "motd_dir= specification missing argument - ignored"); } } @@ -101,7 +66,7 @@ index 5ca486e..8472dd6 100644 else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } -@@ -433,6 +438,19 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, +@@ -437,6 +442,19 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, report_missing = 1; } |