New upstream version 1.4.0

6 files changed, 184 insertions, 102 deletions

diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am
index 30cc879a..8ea02d83 100644
--- a/modules/pam_securetty/Makefile.am
+++ b/modules/pam_securetty/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty
+EXTRA_DIST = $(XMLS)
 
-TESTS = tst-pam_securetty
-
-man_MANS = pam_securetty.8
+if HAVE_DOC
+dist_man_MANS = pam_securetty.8
+endif
 XMLS = README.xml pam_securetty.8.xml
+dist_check_SCRIPTS = tst-pam_securetty
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_securetty.la
 pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_securetty.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_securetty/Makefile.in b/modules/pam_securetty/Makefile.in
index ee1c94cb..87245e61 100644
--- a/modules/pam_securetty/Makefile.in
+++ b/modules/pam_securetty/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_securetty
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_securetty.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty
-TESTS = tst-pam_securetty
-man_MANS = pam_securetty.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_securetty.8
 XMLS = README.xml pam_securetty.8.xml
+dist_check_SCRIPTS = tst-pam_securetty
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_securetty.la
 pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_securetty/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_securetty/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_securetty.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_securetty.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_securetty.log: tst-pam_securetty
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_securetty.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_securetty.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_securetty.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_securetty/README b/modules/pam_securetty/README
index 14518411..21764e43 100644
--- a/modules/pam_securetty/README
+++ b/modules/pam_securetty/README
@@ -5,11 +5,12 @@ pam_securetty — Limit root login to special devices
 DESCRIPTION
 
 pam_securetty is a PAM module that allows root logins only if the user is
-logging in on a "secure" tty, as defined by the listing in /etc/securetty.
-pam_securetty also checks to make sure that /etc/securetty is a plain file and
-not world writable. It will also allow root logins on the tty specified with
-console= switch on the kernel command line and on ttys from the /sys/class/tty/
-console/active.
+logging in on a "secure" tty, as defined by the listing in the securetty file.
+pam_securetty checks at first, if /etc/securetty exists. If not and it was
+built with vendordir support, it will use <vendordir>/securetty. pam_securetty
+also checks that the securetty files are plain files and not world writable. It
+will also allow root logins on the tty specified with console= switch on the
+kernel command line and on ttys from the /sys/class/tty/console/active.
 
 This module has no effect on non-root users and requires that the application
 fills in the PAM_TTY item correctly.
@@ -27,7 +28,7 @@ noconsole
 
     Do not automatically allow root logins on the kernel console device, as
     specified on the kernel command line or by the sys file, if it is not also
-    specified in the /etc/securetty file.
+    specified in the securetty file.
 
 EXAMPLES
 
diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8
index 95747fea..011f9409 100644
--- a/modules/pam_securetty/pam_securetty.8
+++ b/modules/pam_securetty/pam_securetty.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_securetty
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SECURETTY" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SECURETTY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -34,10 +34,14 @@ pam_securetty \- Limit root login to special devices
 \fBpam_securetty\&.so\fR [debug]
 .SH "DESCRIPTION"
 .PP
-pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
-/etc/securetty\&. pam_securetty also checks to make sure that
+pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in the
+securetty
+file\&. pam_securetty checks at first, if
 /etc/securetty
-is a plain file and not world writable\&. It will also allow root logins on the tty specified with
+exists\&. If not and it was built with vendordir support, it will use
+<vendordir>/securetty\&. pam_securetty also checks that the
+securetty
+files are plain files and not world writable\&. It will also allow root logins on the tty specified with
 \fBconsole=\fR
 switch on the kernel command line and on ttys from the
 /sys/class/tty/console/active\&.
@@ -61,7 +65,7 @@ Print debug information\&.
 \fBnoconsole\fR
 .RS 4
 Do not automatically allow root logins on the kernel console device, as specified on the kernel command line or by the sys file, if it is not also specified in the
-/etc/securetty
+securetty
 file\&.
 .RE
 .SH "MODULE TYPES PROVIDED"
@@ -79,19 +83,30 @@ The user is allowed to continue authentication\&. Either the user is not root, o
 PAM_AUTH_ERR
 .RS 4
 Authentication is rejected\&. Either root is attempting to log in via an unacceptable device, or the
-/etc/securetty
+securetty
 file is world writable or not a normal file\&.
 .RE
 .PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
 PAM_INCOMPLETE
 .RS 4
-An application error occurred\&. pam_securetty was not able to get information it required from the application that called it\&.
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
 .RE
 .PP
 PAM_SERVICE_ERR
 .RS 4
-An error occurred while the module was determining the user\*(Aqs name or tty, or the module could not open
-/etc/securetty\&.
+An error occurred while the module was determining the user\*(Aqs name or tty, or the module could not open the
+securetty
+file\&.
 .RE
 .PP
 PAM_USER_UNKNOWN
diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml
index 48215f5f..e49d572b 100644
--- a/modules/pam_securetty/pam_securetty.8.xml
+++ b/modules/pam_securetty/pam_securetty.8.xml
@@ -31,9 +31,12 @@
     <para>
       pam_securetty is a PAM module that allows root logins only if the
       user is logging in on a "secure" tty, as defined by the listing
-      in <filename>/etc/securetty</filename>. pam_securetty also checks
-      to make sure that <filename>/etc/securetty</filename> is a plain
-      file and not world writable. It will also allow root logins on
+      in the <filename>securetty</filename> file. pam_securetty checks at
+      first, if <filename>/etc/securetty</filename> exists. If not and
+      it was built with vendordir support, it will use
+      <filename>%vendordir%/securetty</filename>. pam_securetty also
+      checks that the <filename>securetty</filename> files are plain
+      files and not world writable. It will also allow root logins on
       the tty specified with <option>console=</option> switch on the
       kernel command line and on ttys from the
       <filename>/sys/class/tty/console/active</filename>.
@@ -73,7 +76,7 @@
             Do not automatically allow root logins on the kernel console
             device, as specified on the kernel command line or by the sys file,
             if it is not also specified in the
-            <filename>/etc/securetty</filename> file.
+            <filename>securetty</filename> file.
           </para>
         </listitem>
       </varlistentry>
@@ -106,18 +109,34 @@
           <para>
             Authentication is rejected. Either root is attempting to
             log in via an unacceptable device, or the
-            <filename>/etc/securetty</filename> file is world writable or
+            <filename>securetty</filename> file is world writable or
             not a normal file.
           </para>
         </listitem>
       </varlistentry>
       <varlistentry>
+        <term>PAM_BUF_ERR</term>
+        <listitem>
+          <para>
+            Memory buffer error.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_CONV_ERR</term>
+        <listitem>
+          <para>
+            The conversation method supplied by the application
+            failed to obtain the username.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
         <term>PAM_INCOMPLETE</term>
         <listitem>
           <para>
-            An application error occurred. pam_securetty was not able
-            to get information it required from the application that
-            called it.
+            The conversation method supplied by the application
+            returned PAM_CONV_AGAIN.
           </para>
         </listitem>
       </varlistentry>
@@ -127,7 +146,7 @@
           <para>
             An error occurred while the module was determining the
             user's name or tty, or the module could not open
-            <filename>/etc/securetty</filename>.
+            the <filename>securetty</filename> file.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index cb1da252..b4d71751 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -1,11 +1,6 @@
-/* pam_securetty module */
-
-#define SECURETTY_FILE "/etc/securetty"
-#define TTY_PREFIX     "/dev/"
-#define CMDLINE_FILE   "/proc/cmdline"
-#define CONSOLEACTIVE_FILE	"/sys/class/tty/console/active"
-
 /*
+ * pam_securetty module
+ *
  * by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
  * July 25, 1996.
  * This code shamelessly ripped from the pam_rootok module.
@@ -25,24 +20,24 @@
 #include <string.h>
 #include <ctype.h>
 #include <limits.h>
-
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
+#include <errno.h>
 
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 #define PAM_DEBUG_ARG       0x0001
 #define PAM_NOCONSOLE_ARG   0x0002
 
+#define SECURETTY_FILE "/etc/securetty"
+#ifdef VENDORDIR
+#define SECURETTY2_FILE VENDORDIR"/securetty"
+#endif
+#define TTY_PREFIX     "/dev/"
+#define CMDLINE_FILE   "/proc/cmdline"
+#define CONSOLEACTIVE_FILE	"/sys/class/tty/console/active"
+
 static int
 _pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
 {
@@ -70,8 +65,10 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 			 const char *function_name)
 {
     int retval = PAM_AUTH_ERR;
+    const char *securettyfile;
     const char *username;
     const char *uttyname;
+    const char *str;
     const void *void_uttyname;
     char ttyfileline[256];
     char ptname[256];
@@ -86,9 +83,10 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
     }
 
     retval = pam_get_user(pamh, &username, NULL);
-    if (retval != PAM_SUCCESS || username == NULL) {
-        pam_syslog(pamh, LOG_WARNING, "cannot determine username");
-	return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR);
+    if (retval != PAM_SUCCESS) {
+	pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+		   pam_strerror(pamh, retval));
+	return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE : retval);
     }
 
     user_pwd = pam_modutil_getpwnam(pamh, username);
@@ -106,15 +104,31 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
     }
 
     /* The PAM_TTY item may be prefixed with "/dev/" - skip that */
-    if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) {
-	uttyname += sizeof(TTY_PREFIX)-1;
-    }
+    if ((str = pam_str_skip_prefix(uttyname, TTY_PREFIX)) != NULL)
+	uttyname = str;
 
     if (stat(SECURETTY_FILE, &ttyfileinfo)) {
+#ifdef VENDORDIR
+      if (errno == ENOENT) {
+	if (stat(SECURETTY2_FILE, &ttyfileinfo)) {
+	  pam_syslog(pamh, LOG_NOTICE,
+		     "Couldn't open %s: %m", SECURETTY2_FILE);
+	  return PAM_SUCCESS; /* for compatibility with old securetty handling,
+				 this needs to succeed.  But we still log the
+				 error. */
+	}
+	securettyfile = SECURETTY2_FILE;
+      } else {
+#endif
 	pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE);
 	return PAM_SUCCESS; /* for compatibility with old securetty handling,
 			       this needs to succeed.  But we still log the
 			       error. */
+#ifdef VENDORDIR
+      }
+#endif
+    } else {
+      securettyfile = SECURETTY_FILE;
     }
 
     if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) {
@@ -122,13 +136,13 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 	   normal file, return error */
 	pam_syslog(pamh, LOG_ERR,
 		   "%s is either world writable or not a normal file",
-		   SECURETTY_FILE);
+		   securettyfile);
 	return PAM_AUTH_ERR;
     }
 
-    ttyfile = fopen(SECURETTY_FILE,"r");
+    ttyfile = fopen(securettyfile,"r");
     if (ttyfile == NULL) { /* Check that we opened it successfully */
-	pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE);
+	pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", securettyfile);
 	return PAM_SERVICE_ERR;
     }
 
@@ -163,18 +177,17 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
             fclose(cmdlinefile);
 
             for (; p; p = strstr(p+1, "console=")) {
-                char *e;
+                const char *e;
 
                 /* Test whether this is a beginning of a word? */
                 if (p > line && p[-1] != ' ')
                     continue;
 
                 /* Is this our console? */
-                if (strncmp(p + 8, uttyname, strlen(uttyname)))
+                if ((e = pam_str_skip_prefix_len(p + 8, uttyname, strlen(uttyname))) == NULL)
                     continue;
 
                 /* Is there any garbage after the TTY name? */
-                e = p + 8 + strlen(uttyname);
                 if (*e == ',' || *e == ' ' || *e == '\n' || *e == 0) {
                     retval = 0;
                     break;