Relevant BUGIDs: none

Purpose of commit: new feature Commit summary: --------------- Big "automake/autoconf/libtool" commit
author: Thorsten Kukuk <kukuk@thkukuk.de> 2005-08-16 12:27:38 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2005-08-16 12:27:38 +0000
commit: 23624ea6f78ec8acc167a2491c00998907fc76b1 (patch)
tree: a57b3caee23a167d442d7d4e0419c4689dfba565 /modules/pam_unix
parent: 2b5457bbf7352200f7bc77795adbbcfd47550855 (diff)
download: pam-23624ea6f78ec8acc167a2491c00998907fc76b1.tar.gz
pam-23624ea6f78ec8acc167a2491c00998907fc76b1.tar.bz2
pam-23624ea6f78ec8acc167a2491c00998907fc76b1.zip
8 files changed, 146 insertions, 205 deletions
diff --git a/modules/pam_unix/Makefile b/modules/pam_unix/Makefile
deleted file mode 100644
index 749982a1..00000000
--- a/modules/pam_unix/Makefile
+++ /dev/null
@@ -1,195 +0,0 @@
-# $Id$
-#
-# This Makefile controls a build process of the pam_unix modules
-# for Linux-PAM. You should not modify this Makefile.
-#
-
-include ../../Make.Rules
-
-########################################################################
-# some options... uncomment to take effect
-########################################################################
-
-# Unless someone wants to work out how to make this work with the new
-# autoconf stuff, you should use a separate module for this type of thing
-# pam_cracklib perhaps..?
-# do you want cracklib?
-#ifeq ($(HAVE_CRACKLIB),yes)
-#USE_CRACKLIB=-D"USE_CRACKLIB"
-#endif
-
-ifeq ($(shell if [ -f /usr/lib/cracklib_dict.hwm ]; then echo yes ; fi),yes)
- CRACKLIB_DICTPATH=/usr/lib/cracklib_dict
-else
- CRACKLIB_DICTPATH=/usr/share/dict/cracklib_dict
-endif
-EXTRAS += -DCRACKLIB_DICTS=\"$(CRACKLIB_DICTPATH)\"
-
-ifeq ($(HAVE_LIBCRYPT),yes)
-  EXTRALS += -lcrypt
-endif
-ifeq ($(HAVE_LIBNSL),yes)
-  EXTRALS += -lnsl
-endif
-# do you want to use lckpwdf?
-ifeq ($(WITH_LCKPWDF),yes)
-USE_LCKPWDF=-D"USE_LCKPWDF"
-# do you need to include the locking functions in the source?
-ifeq ($(HAVE_LCKPWDF),no)
-  NEED_LCKPWDF=-D"NEED_LCKPWDF"
-endif
-endif
-
-ifeq ($(HAVE_LIBSELINUX),yes)
-  USE_SELINUX=-D"WITH_SELINUX"
-  EXTRALS += -lselinux
-endif
-
-ifeq ($(HAVE_LIBNSL),yes)
-  LIBNSL = -lnsl
-endif
-
-ifeq ($(HAVE_LIBCRYPT),yes)
-  LIBCRYPT=-lcrypt
-endif
-
-CHKPWD=unix_chkpwd
-
-BIGCRYPT=bigcrypt
-
-EXTRAS += -DCHKPWD_HELPER=\"$(SUPLEMENTED)/$(CHKPWD)\"
-
-LINK_PAMMODUTILS = -L../pammodutil -lpammodutil
-INCLUDE_PAMMODUTILS = -I../pammodutil/include
-
-########################################################################
-
-CFLAGS += $(USE_CRACKLIB) $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS) \
-	 $(INCLUDE_PAMMODUTILS) $(USE_SELINUX)
-
-LDLIBS = $(EXTRALS) $(LINK_PAMMODUTILS)
-
-ifdef USE_CRACKLIB
-CRACKLIB = -lcrack
-endif
-
-
-LIBOBJ = pam_unix_auth.o pam_unix_acct.o pam_unix_sess.o pam_unix_passwd.o \
-		support.o
-LIBSRC = pam_unix_auth.c pam_unix_acct.c pam_unix_sess.c pam_unix_passwd.c \
-		support.c
-LIBOBJD = $(addprefix dynamic/,$(LIBOBJ))
-LIBOBJS = $(addprefix static/,$(LIBOBJ))
-
-PLUS = md5_good.o md5_broken.o md5_crypt_good.o md5_crypt_broken.o \
-		yppasswd_xdr.o bigcrypt.o
-
-ifdef DYNAMIC
-LIBSHARED = pam_unix.so
-endif
-ifdef STATIC
-LIBSTATIC = libpam_unix.o
-endif
-
-
-########################### don't edit below #######################
-
-all: dirs info $(PLUS) $(LIBSHARED) $(LIBSTATIC) $(CHKPWD) $(BIGCRYPT) \
-	register
-
-dynamic/%.o : %.c
-	$(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
-
-static/%.o: %.c
-	$(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
-
-dummy:
-	@echo "**** This is not a top-level Makefile "
-	exit
-
-info:
-	@echo
-	@echo "*** Building pam-unix module of the framework..."
-	@echo
-
-dirs:
-ifdef DYNAMIC
-	mkdir -p ./dynamic
-endif
-ifdef STATIC
-	mkdir -p ./static
-endif
-
-register:
-ifdef STATIC
-	( cd .. ; ./register_static pam_unix_auth pam_unix/$(LIBSTATIC) ; \
-		./register_static pam_unix_acct  "" ; \
-		./register_static pam_unix_session "" ; \
-		./register_static pam_unix_passwd "" ; \
-	)
-endif
-
-ifdef DYNAMIC
-$(LIBOBJD): $(LIBSRC)
-
-$(LIBSHARED):	$(LIBOBJD)
-	$(LD_D) -o $@ $(LIBOBJD) $(PLUS) $(CRACKLIB) $(LDLIBS) $(LIBNSL) $(LIBCRYPT) $(NEED_LINK_LIB_C) -L../../libpam -lpam
-endif
-
-ifdef STATIC
-$(LIBOBJS): $(LIBSRC)
-
-$(LIBSTATIC): $(LIBOBJS)
-	$(LD) -r -o $@ $(LIBOBJS) $(PLUS) $(CRACKLIB) $(LDLIBS) $(LIBNSL) $(LIBCRYPT)
-endif
-
-$(CHKPWD): unix_chkpwd.o md5_good.o md5_broken.o \
-		md5_crypt_good.o md5_crypt_broken.o \
-		bigcrypt.o
-	$(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDLIBS) $(LIBCRYPT)
-
-$(BIGCRYPT): bigcrypt_main.o bigcrypt.o
-	$(CC) -o $(BIGCRYPT) $^ $(LDLIBS) $(LIBCRYPT)
-
-unix_chkpwd.o: unix_chkpwd.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
-
-md5_good.o: md5.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' \
-		$(TARGET_ARCH) -c $< -o $@
-
-md5_broken.o: md5.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \
-		$(TARGET_ARCH) -c $< -o $@
-
-md5_crypt_good.o: md5_crypt.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Good##x' \
-		$(TARGET_ARCH) -c $< -o $@
-
-md5_crypt_broken.o: md5_crypt.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \
-		$(TARGET_ARCH) -c $< -o $@
-
-install: all
-	mkdir -p $(FAKEROOT)$(SECUREDIR)
-ifdef DYNAMIC
-	install -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)
-	for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session;\
-		do ln -sf $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)/$$x.so ; done
-endif
-	$(MKDIR) $(FAKEROOT)$(SUPLEMENTED)
-	install -m 4555 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED)
-
-remove:
-	rm -f $(FAKEROOT)$(SECUREDIR)/$(LIBSHARED)
-	for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session;\
-		do rm -f $(FAKEROOT)$(SECUREDIR)/$$x.so ; done
-	rm -f $(FAKEROOT)$(SUPLEMENTED)/$(CHKPWD)
-
-clean:
-	rm -f $(LIBOBJD) $(LIBOBJS) $(CHKPWD) $(BIGCRYPT) *.o *.so core
-	rm -f *~ *.a *.out *.bak
-	rm -rf dynamic static
-
-.c.o:
-	$(CC) -c $(CFLAGS) $<
diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am
new file mode 100644
index 00000000..d7d61b5a
--- /dev/null
+++ b/modules/pam_unix/Makefile.am
@@ -0,0 +1,45 @@
+#
+# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
+#
+
+CLEANFILES = *~
+
+EXTRA_DIST = README md5.c md5_crypt.c lckpwdf.-c $(MANS)
+
+man_MANS = unix_chkpwd.8
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	-I$(top_srcdir)/modules/pammodutil/include/ \
+	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\"
+
+AM_LDFLAGS = -L$(top_builddir)/libpam -lpam @LIBCRYPT@ @LIBSELINUX@
+
+if HAVE_LIBSELINUX
+  AM_CFLAGS += -D"WITH_SELINUX"
+endif
+if HAVE_LIBCRACK
+  AM_CFLAGS += -D"USE_CRACKLIB"
+endif
+
+pam_unix_la_LDFLAGS = -avoid-version -module \
+	-L$(top_builddir)/modules/pammodutil -lpammodutil \
+	@LIBCRACK@ @LIBNSL@
+
+securelib_LTLIBRARIES = pam_unix.la
+
+noinst_HEADERS = md5.h support.h yppasswd.h
+
+sbin_PROGRAMS = unix_chkpwd
+
+noinst_PROGRAMS = bigcrypt
+
+pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
+	pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
+	yppasswd_xdr.c md5_good.c md5_broken.c
+
+bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
+
+unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c
diff --git a/modules/pam_unix/md5_broken.c b/modules/pam_unix/md5_broken.c
new file mode 100644
index 00000000..193daebb
--- /dev/null
+++ b/modules/pam_unix/md5_broken.c
@@ -0,0 +1,4 @@
+#define MD5Name(x) Broken##x
+
+#include "md5.c"
+#include "md5_crypt.c"
diff --git a/modules/pam_unix/md5_good.c b/modules/pam_unix/md5_good.c
new file mode 100644
index 00000000..131e4516
--- /dev/null
+++ b/modules/pam_unix/md5_good.c
@@ -0,0 +1,5 @@
+#define HIGHFIRST
+#define MD5Name(x) Good##x
+
+#include "md5.c"
+#include "md5_crypt.c"
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 9264fd47..d01a1fc0 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -100,7 +100,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons
   /* fork */
   child = fork();
   if (child == 0) {
-    int i=0;
+    size_t i=0;
     struct rlimit rlim;
     static char *envp[] = { NULL };
     char *args[] = { NULL, NULL, NULL, NULL };
@@ -114,7 +114,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons
 
     if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
       for (i=2; i < rlim.rlim_max; i++) {
-	if (fds[1] != i) {
+	if ((unsigned int)fds[1] != i) {
 	  close(i);
 	}
       }
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index 38e78152..1a89a4b2 100644
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -95,7 +95,8 @@ do {								\
 } while (0)
 
 
-static void setcred_free (pam_handle_t * pamh, void *ptr, int err)
+static void
+setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED)
 {
 	if (ptr)
 		free (ptr);
@@ -194,8 +195,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
  * warned you. -- AOY
  */
 
-PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags
-			      ,int argc, const char **argv)
+PAM_EXTERN int
+pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED,
+		int argc UNUSED, const char **argv UNUSED)
 {
 	int retval;
 	const void *pretval = NULL;
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 480dc337..838eb0a7 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -99,7 +99,7 @@ extern int getrpcport(const char *host, unsigned long prognum,
  * password changing module.
  */
 
-#ifdef NEED_LCKPWDF
+#if defined(USE_LCKPWDF) && !defined(HAVE_LCKPWDF)
 # include "./lckpwdf.-c"
 #endif
 
@@ -127,7 +127,7 @@ extern char *bigcrypt(const char *key, const char *salt);
 #define PW_TMPFILE		"/etc/npasswd"
 #define SH_TMPFILE		"/etc/nshadow"
 #ifndef CRACKLIB_DICTS
-#define CRACKLIB_DICTS		"/usr/share/dict/cracklib_dict"
+#define CRACKLIB_DICTS		NULL
 #endif
 #define OPW_TMPFILE		"/etc/security/nopasswd"
 #define OLD_PASSWORDS_FILE	"/etc/security/opasswd"
@@ -249,7 +249,7 @@ static int _unix_run_shadow_binary(pam_handle_t *pamh, unsigned int ctrl, const
     /* fork */
     child = fork();
     if (child == 0) {
-        int i=0;
+        size_t i=0;
         struct rlimit rlim;
 	static char *envp[] = { NULL };
 	char *args[] = { NULL, NULL, NULL, NULL };
@@ -263,7 +263,7 @@ static int _unix_run_shadow_binary(pam_handle_t *pamh, unsigned int ctrl, const
 
 	if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
 	  for (i=2; i < rlim.rlim_max; i++) {
-		if (fds[0] != i)
+	    if ((unsigned int)fds[0] != i)
 	  	   close(i);
 	  }
 	}
@@ -976,7 +976,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 	}
 	if (off(UNIX__IAMROOT, ctrl)) {
 #ifdef USE_CRACKLIB
-		remark = FascistCheck(pass_new, CRACKLIB_DICTS);
+		remark = FascistCheck (pass_new, CRACKLIB_DICTS);
 		D(("called cracklib [%s]", remark));
 #else
 		if (strlen(pass_new) < 6)
diff --git a/modules/pam_unix/unix_chkpwd.8 b/modules/pam_unix/unix_chkpwd.8
new file mode 100644
index 00000000..02ccfe4a
--- /dev/null
+++ b/modules/pam_unix/unix_chkpwd.8
@@ -0,0 +1,80 @@
+.\" Copyright (C) 2003 International Business Machines Corporation
+.\" This file is distributed according to the GNU General Public License.
+.\" See the file COPYING in the top level source directory for details.
+.\"
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "UNIX_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual"
+.SH NAME
+unix_chkpwd \- helper binary that verifies the password of the current user
+.SH "SYNOPSIS"
+.ad l
+.hy 0
+
+/sbin/unix_chkpwd [\fIusername\fR]
+.sp
+.ad
+.hy
+.SH "DESCRIPTION"
+.PP
+\fBunix_chkpwd\fR is a helper program for the pam_unix module that verifies 
+the password of the current user.  It is not intended to be run directly from 
+the command line and logs a security violation if done so. 
+
+It is typically installed setuid root or setgid shadow.
+
+.SH "OPTIONS"
+.PP
+unix_pwdchk optionally takes the following argument:
+.TP
+\fIusername\fR
+The username of the user whose password you want to check: this must match the current user id.	
+
+.SH "INPUTS"
+.PP
+unix_pwdchk expects the following inputs via stdin:
+.TP
+\fIoption\fR
+Either nullok or nonull, depending on whether the user can have an empty password.
+.TP
+\fIpassword\fR
+The password to verify.
+
+.SH "RETURN CODES"
+.PP
+\fBunix_chkpwd\fR has the following return codes:
+.TP
+1
+unix_chkpwd was inappropriately called from the command line or the password is incorrect.
+
+.TP
+0
+The password is correct.
+
+.SH "HISTORY"
+Written by Andrew Morgan
+
+.SH "SEE ALSO"
+
+.PP
+\fBpam\fR(8)
+
+.SH AUTHOR
+Emily Ratliff.
+
author	Thorsten Kukuk <kukuk@thkukuk.de>	2005-08-16 12:27:38 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2005-08-16 12:27:38 +0000
commit	23624ea6f78ec8acc167a2491c00998907fc76b1 (patch)
tree	a57b3caee23a167d442d7d4e0419c4689dfba565 /modules/pam_unix
parent	2b5457bbf7352200f7bc77795adbbcfd47550855 (diff)
download	pam-23624ea6f78ec8acc167a2491c00998907fc76b1.tar.gz pam-23624ea6f78ec8acc167a2491c00998907fc76b1.tar.bz2 pam-23624ea6f78ec8acc167a2491c00998907fc76b1.zip