diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:22:21 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:22:45 -0800 |
| commit | 795badba7f95e737f979917859cd32c9bd47bcad (patch) | |
| tree | 212a6a00baa11e9d0ca7bc27b12420d1dce6f07c /modules/pam_unix | |
| parent | c55c14c5c6762139ec6695d84ea0e2e917da5264 (diff) | |
| parent | ba315ae8effdcad591608c99452dad05c4cf20ab (diff) | |
| download | pam-795badba7f95e737f979917859cd32c9bd47bcad.tar.gz pam-795badba7f95e737f979917859cd32c9bd47bcad.tar.bz2 pam-795badba7f95e737f979917859cd32c9bd47bcad.zip | |
New upstream version 1.1.8
Diffstat (limited to 'modules/pam_unix')
| -rw-r--r-- | modules/pam_unix/CHANGELOG | 7 | ||||
| -rw-r--r-- | modules/pam_unix/Makefile.am | 8 | ||||
| -rw-r--r-- | modules/pam_unix/Makefile.in | 421 | ||||
| -rw-r--r-- | modules/pam_unix/README | 6 | ||||
| -rw-r--r-- | modules/pam_unix/bigcrypt.c | 17 | ||||
| -rw-r--r-- | modules/pam_unix/md5.c | 7 | ||||
| -rw-r--r-- | modules/pam_unix/md5_crypt.c | 2 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix.8 | 204 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix.8.xml | 9 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_acct.c | 35 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_auth.c | 27 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 39 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_sess.c | 34 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_static.c | 23 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_static.h | 6 | ||||
| -rw-r--r-- | modules/pam_unix/passverify.c | 29 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 118 | ||||
| -rw-r--r-- | modules/pam_unix/support.h | 65 | ||||
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.8 | 165 | ||||
| -rw-r--r-- | modules/pam_unix/unix_update.8 | 167 | ||||
| -rw-r--r-- | modules/pam_unix/unix_update.8.xml | 2 | ||||
| -rw-r--r-- | modules/pam_unix/unix_update.c | 2 |
22 files changed, 599 insertions, 794 deletions
diff --git a/modules/pam_unix/CHANGELOG b/modules/pam_unix/CHANGELOG index 509ce0a3..c18acc27 100644 --- a/modules/pam_unix/CHANGELOG +++ b/modules/pam_unix/CHANGELOG @@ -1,4 +1,4 @@ -$Id: CHANGELOG,v 1.1.1.1 2000/06/20 22:12:01 agmorgan Exp $ +$Id$ * Mon Aug 16 1999 Jan Rêkorajski <baggins@pld.org.pl> - fixed reentrancy problems @@ -8,7 +8,7 @@ $Id: CHANGELOG,v 1.1.1.1 2000/06/20 22:12:01 agmorgan Exp $ - temporarily removed the crypt16 stuff. I'm really paranoid about crypto stuff and exporting it, and there are a few too many 's-box' references in the code for my liking.. - + * Wed Jun 30 1999 Steve Langasek <vorlon@netexpress.net> - further NIS+ fixes @@ -50,6 +50,5 @@ $Id: CHANGELOG,v 1.1.1.1 2000/06/20 22:12:01 agmorgan Exp $ is too lame to use it in real life) * Sun Mar 21 1999 Jan Rêkorajski <baggins@mimuw.edu.pl> -- pam_unix_auth now correctly behave when user has NULL AUTHTOK +- pam_unix_auth now correctly behave when user has NULL AUTHTOK - pam_unix_auth returns PAM_PERM_DENIED when seteuid fails - diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am index ea5a7318..56ed5916 100644 --- a/modules/pam_unix/Makefile.am +++ b/modules/pam_unix/Makefile.am @@ -29,12 +29,13 @@ pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif -pam_unix_la_LIBADD = -L$(top_builddir)/libpam -lpam \ +pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) securelib_LTLIBRARIES = pam_unix.la -noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h +noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h \ + pam_unix_static.h sbin_PROGRAMS = unix_chkpwd unix_update @@ -43,6 +44,9 @@ noinst_PROGRAMS = bigcrypt pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c +if STATIC_MODULES +pam_unix_la_SOURCES += pam_unix_static.c +endif bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c bigcrypt_CFLAGS = $(AM_CFLAGS) diff --git a/modules/pam_unix/Makefile.in b/modules/pam_unix/Makefile.in index 44bc6286..e87ceead 100644 --- a/modules/pam_unix/Makefile.in +++ b/modules/pam_unix/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.1 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -15,7 +16,7 @@ @SET_MAKE@ # -# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de> +# Copyright (c) 2005, 2006, 2009, 2011 Thorsten Kukuk <kukuk@suse.de> # @@ -23,8 +24,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,12 +45,13 @@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_2 = -Wl,--version-script=$(srcdir)/../modules.map sbin_PROGRAMS = unix_chkpwd$(EXEEXT) unix_update$(EXEEXT) noinst_PROGRAMS = bigcrypt$(EXEEXT) +@STATIC_MODULES_TRUE@am__append_3 = pam_unix_static.c subdir = modules/pam_unix DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ @@ -61,28 +64,49 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(man8dir)" -securelibLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(securelib_LTLIBRARIES) -pam_unix_la_DEPENDENCIES = +am__DEPENDENCIES_1 = +pam_unix_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ + $(am__DEPENDENCIES_1) +am__pam_unix_la_SOURCES_DIST = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ + passverify.c yppasswd_xdr.c md5_good.c md5_broken.c \ + pam_unix_static.c +@STATIC_MODULES_TRUE@am__objects_1 = pam_unix_static.lo am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \ pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ - yppasswd_xdr.lo md5_good.lo md5_broken.lo + yppasswd_xdr.lo md5_good.lo md5_broken.lo $(am__objects_1) pam_unix_la_OBJECTS = $(am_pam_unix_la_OBJECTS) pam_unix_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_unix_la_LDFLAGS) $(LDFLAGS) -o $@ -sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS) am_bigcrypt_OBJECTS = bigcrypt-bigcrypt.$(OBJEXT) \ bigcrypt-bigcrypt_main.$(OBJEXT) @@ -112,8 +136,9 @@ unix_update_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(unix_update_CFLAGS) \ $(CFLAGS) $(unix_update_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -125,7 +150,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(pam_unix_la_SOURCES) $(bigcrypt_SOURCES) \ $(unix_chkpwd_SOURCES) $(unix_update_SOURCES) -DIST_SOURCES = $(pam_unix_la_SOURCES) $(bigcrypt_SOURCES) \ +DIST_SOURCES = $(am__pam_unix_la_SOURCES_DIST) $(bigcrypt_SOURCES) \ $(unix_chkpwd_SOURCES) $(unix_update_SOURCES) man8dir = $(mandir)/man8 NROFF = nroff @@ -134,6 +159,8 @@ DATA = $(noinst_DATA) HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -163,7 +190,6 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ -GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ @@ -187,7 +213,6 @@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ -LIBNSL = @LIBNSL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ @@ -209,6 +234,8 @@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ +NIS_CFLAGS = @NIS_CFLAGS@ +NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -220,10 +247,12 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ @@ -236,7 +265,6 @@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ -XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ @@ -278,6 +306,8 @@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ +libtirpc_CFLAGS = @libtirpc_CFLAGS@ +libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -313,18 +343,20 @@ secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include \ -I$(top_srcdir)/libpamc/include \ -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ - -DUPDATE_HELPER=\"$(sbindir)/unix_update\" $(am__append_1) + -DUPDATE_HELPER=\"$(sbindir)/unix_update\" $(NIS_CFLAGS) \ + $(am__append_1) pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \ $(am__append_2) -pam_unix_la_LIBADD = @LIBNSL@ -L$(top_builddir)/libpam -lpam \ - @LIBCRYPT@ @LIBSELINUX@ +pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ + @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) securelib_LTLIBRARIES = pam_unix.la -noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h -pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ - pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ - passverify.c yppasswd_xdr.c md5_good.c md5_broken.c +noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h \ + pam_unix_static.h +pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c pam_unix_auth.c \ + pam_unix_passwd.c pam_unix_sess.c support.c passverify.c \ + yppasswd_xdr.c md5_good.c md5_broken.c $(am__append_3) bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c bigcrypt_CFLAGS = $(AM_CFLAGS) bigcrypt_LDADD = @LIBCRYPT@ @@ -349,14 +381,14 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_unix/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu modules/pam_unix/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_unix/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu modules/pam_unix/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -374,23 +406,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \ + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: @@ -405,39 +442,56 @@ pam_unix.la: $(pam_unix_la_OBJECTS) $(pam_unix_la_DEPENDENCIES) $(pam_unix_la_LINK) -rpath $(securelibdir) $(pam_unix_la_OBJECTS) $(pam_unix_la_LIBADD) $(LIBS) clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ - rm -f "$(DESTDIR)$(sbindir)/$$f"; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list bigcrypt$(EXEEXT): $(bigcrypt_OBJECTS) $(bigcrypt_DEPENDENCIES) @rm -f bigcrypt$(EXEEXT) $(bigcrypt_LINK) $(bigcrypt_OBJECTS) $(bigcrypt_LDADD) $(LIBS) @@ -463,6 +517,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_auth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_passwd.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_sess.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_static.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passverify.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/support.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-bigcrypt.Po@am__quote@ @@ -479,189 +534,189 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< bigcrypt-bigcrypt.o: bigcrypt.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='bigcrypt-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c bigcrypt-bigcrypt.obj: bigcrypt.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='bigcrypt-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` bigcrypt-bigcrypt_main.o: bigcrypt_main.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c bigcrypt-bigcrypt_main.obj: bigcrypt_main.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` unix_chkpwd-unix_chkpwd.o: unix_chkpwd.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c unix_chkpwd-unix_chkpwd.obj: unix_chkpwd.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` unix_chkpwd-md5_good.o: md5_good.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_chkpwd-md5_good.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c unix_chkpwd-md5_good.obj: md5_good.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_chkpwd-md5_good.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` unix_chkpwd-md5_broken.o: md5_broken.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_chkpwd-md5_broken.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c unix_chkpwd-md5_broken.obj: md5_broken.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_chkpwd-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` unix_chkpwd-bigcrypt.o: bigcrypt.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_chkpwd-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c unix_chkpwd-bigcrypt.obj: bigcrypt.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_chkpwd-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` unix_chkpwd-passverify.o: passverify.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_chkpwd-passverify.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c unix_chkpwd-passverify.obj: passverify.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_chkpwd-passverify.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` unix_update-unix_update.o: unix_update.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.o -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_update.c' object='unix_update-unix_update.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c unix_update-unix_update.obj: unix_update.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.obj -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_update.c' object='unix_update-unix_update.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` unix_update-md5_good.o: md5_good.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.o -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_update-md5_good.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c unix_update-md5_good.obj: md5_good.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_update-md5_good.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` unix_update-md5_broken.o: md5_broken.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_update-md5_broken.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c unix_update-md5_broken.obj: md5_broken.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_update-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` unix_update-bigcrypt.o: bigcrypt.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_update-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c unix_update-bigcrypt.obj: bigcrypt.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_update-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` unix_update-passverify.o: passverify.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.o -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_update-passverify.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c unix_update-passverify.obj: passverify.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.obj -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_update-passverify.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` @@ -671,65 +726,58 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -737,37 +785,43 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -776,49 +830,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -829,15 +897,32 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -853,13 +938,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -892,6 +981,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -914,6 +1004,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -922,18 +1014,28 @@ install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-sbinPROGRAMS install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -959,7 +1061,7 @@ uninstall-am: uninstall-man uninstall-sbinPROGRAMS \ uninstall-man: uninstall-man8 -.MAKE: install-am install-strip +.MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-noinstPROGRAMS \ @@ -980,6 +1082,7 @@ uninstall-man: uninstall-man8 @ENABLE_REGENERATE_MAN_TRUE@README: pam_unix.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/modules/pam_unix/README b/modules/pam_unix/README index 2c4caf31..26c06e23 100644 --- a/modules/pam_unix/README +++ b/modules/pam_unix/README @@ -35,7 +35,8 @@ suppress this temporary shielding and may be needed for use with certain applications. The password component of this module performs the task of updating the user's -password. +password. The default encryption hash is taken from the ENCRYPT_METHOD variable +from /etc/login.defs The session component of this module logs when a user logins or leave the system. @@ -99,7 +100,8 @@ remember=n The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating - between the same password too frequently. + between the same password too frequently. Instead of this option the + pam_pwhistory module should be used. shadow diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c index 9922d177..e1d57a07 100644 --- a/modules/pam_unix/bigcrypt.c +++ b/modules/pam_unix/bigcrypt.c @@ -1,20 +1,20 @@ /* * This function implements the "bigcrypt" algorithm specifically for * Linux-PAM. - * + * * This algorithm is algorithm 0 (default) shipped with the C2 secure * implementation of Digital UNIX. - * + * * Disclaimer: This work is not based on the source code to Digital * UNIX, nor am I connected to Digital Equipment Corp, in any way * other than as a customer. This code is based on published * interfaces and reasonable guesswork. - * + * * Description: The cleartext is divided into blocks of SEGMENT_SIZE=8 * characters or less. Each block is encrypted using the standard UNIX * libc crypt function. The result of the encryption for one block * provides the salt for the suceeding block. - * + * * Restrictions: The buffer used to hold the encrypted result is * statically allocated. (see MAX_PASS_LEN below). This is necessary, * as the returned pointer points to "static data that are overwritten @@ -109,6 +109,10 @@ char *bigcrypt(const char *key, const char *salt) #else tmp_ptr = crypt(plaintext_ptr, salt); /* libc crypt() */ #endif + if (tmp_ptr == NULL) { + free(dec_c2_cryptbuf); + return NULL; + } /* and place in the static area */ strncpy(cipher_ptr, tmp_ptr, 13); cipher_ptr += ESEGMENT_SIZE + SALT_SIZE; @@ -130,6 +134,11 @@ char *bigcrypt(const char *key, const char *salt) #else tmp_ptr = crypt(plaintext_ptr, salt_ptr); #endif + if (tmp_ptr == NULL) { + _pam_overwrite(dec_c2_cryptbuf); + free(dec_c2_cryptbuf); + return NULL; + } /* skip the salt for seg!=0 */ strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE); diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c index 1c622ecd..94f0485b 100644 --- a/modules/pam_unix/md5.c +++ b/modules/pam_unix/md5.c @@ -1,5 +1,5 @@ /* - * $Id: md5.c,v 1.1.1.1 2000/06/20 22:12:03 agmorgan Exp $ + * $Id$ * * This code implements the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was @@ -107,7 +107,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign } /* - * Final wrapup - pad to 64-byte boundary with the bit pattern + * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) @@ -142,8 +142,7 @@ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) byteReverse(ctx->in, 14); /* Append length in bits and transform */ - ((uint32 *) ctx->in)[14] = ctx->bits[0]; - ((uint32 *) ctx->in)[15] = ctx->bits[1]; + memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32)); MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); byteReverse((unsigned char *) ctx->buf, 4); diff --git a/modules/pam_unix/md5_crypt.c b/modules/pam_unix/md5_crypt.c index 8b7bc66b..53972fcc 100644 --- a/modules/pam_unix/md5_crypt.c +++ b/modules/pam_unix/md5_crypt.c @@ -1,5 +1,5 @@ /* - * $Id: md5_crypt.c,v 1.2 2001/07/10 20:24:16 vorlon Exp $ + * $Id$ * * ---------------------------------------------------------------------------- * "THE BEER-WARE LICENSE" (Revision 42): diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8 index 164843a6..59d5f173 100644 --- a/modules/pam_unix/pam_unix.8 +++ b/modules/pam_unix/pam_unix.8 @@ -1,161 +1,22 @@ +'\" t .\" Title: pam_unix .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/> -.\" Date: 10/27/2010 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_UNIX" "8" "10/27/2010" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_UNIX" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- -.\" * (re)Define some macros +.\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" toupper - uppercase a string (locale-aware) +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de toupper -.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -\\$* -.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SH-xref - format a cross-reference to an SH section -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de SH-xref -.ie n \{\ -.\} -.toupper \\$* -.el \{\ -\\$* -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SH - level-one heading that works better for non-TTY output -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de1 SH -.\" put an extra blank line of space above the head in non-TTY output -.if t \{\ -.sp 1 -.\} -.sp \\n[PD]u -.nr an-level 1 -.set-an-margin -.nr an-prevailing-indent \\n[IN] -.fi -.in \\n[an-margin]u -.ti 0 -.HTML-TAG ".NH \\n[an-level]" -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -\." make the size of the head bigger -.ps +3 -.ft B -.ne (2v + 1u) -.ie n \{\ -.\" if n (TTY output), use uppercase -.toupper \\$* -.\} -.el \{\ -.nr an-break-flag 0 -.\" if not n (not TTY), use normal case (not uppercase) -\\$1 -.in \\n[an-margin]u -.ti 0 -.\" if not n (not TTY), put a border/line under subheading -.sp -.6 -\l'\n(.lu' -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SS - level-two heading that works better for non-TTY output -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de1 SS -.sp \\n[PD]u -.nr an-level 1 -.set-an-margin -.nr an-prevailing-indent \\n[IN] -.fi -.in \\n[IN]u -.ti \\n[SN]u -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -.ps \\n[PS-SS]u -\." make the size of the head bigger -.ps +2 -.ft B -.ne (2v + 1u) -.if \\n[.$] \&\\$* -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" BB/BE - put background/screen (filled box) around block of text -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de BB -.if t \{\ -.sp -.5 -.br -.in +2n -.ll -2n -.gcolor red -.di BX -.\} -.. -.de EB -.if t \{\ -.if "\\$2"adjust-for-leading-newline" \{\ -.sp -1 -.\} -.br -.di -.in -.ll -.gcolor -.nr BW \\n(.lu-\\n(.i -.nr BH \\n(dn+.5v -.ne \\n(BHu+.5v -.ie "\\$2"adjust-for-leading-newline" \{\ -\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -.\} -.el \{\ -\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -.\} -.in 0 -.sp -.5v -.nf -.BX -.in -.sp .5v -.fi -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" BM/EM - put colored marker in margin next to block of text -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de BM -.if t \{\ -.br -.ll -2n -.gcolor red -.di BX -.\} -.. -.de EM -.if t \{\ -.br -.di -.ll -.gcolor -.nr BH \\n(dn -.ne \\n(BHu -\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -.in 0 -.nf -.BX -.in -.fi -.\} -.. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -166,38 +27,39 @@ .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- -.SH "Name" +.SH "NAME" pam_unix \- Module for traditional password authentication -.SH "Synopsis" -.fam C +.SH "SYNOPSIS" .HP \w'\fBpam_unix\&.so\fR\ 'u \fBpam_unix\&.so\fR [\&.\&.\&.] -.fam .SH "DESCRIPTION" .PP -This is the standard Unix authentication module\&. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&. +This is the standard Unix authentication module\&. It uses standard calls from the system\*(Aqs libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&. .PP -The account component performs the task of establishing the status of the user\'s account and password based on the following +The account component performs the task of establishing the status of the user\*(Aqs account and password based on the following \fIshadow\fR elements: expire, last_change, max_change, min_change, warn_change\&. In the case of the latter, it may offer advice to the user on changing their password or, through the \fBPAM_AUTHTOKEN_REQD\fR return, delay giving service to the user until they have established a new password\&. The entries listed above are documented in the \fBshadow\fR(5) -manual page\&. Should the user\'s record not contain one or more of these entries, the corresponding +manual page\&. Should the user\*(Aqs record not contain one or more of these entries, the corresponding \fIshadow\fR check is not performed\&. .PP The authentication component performs the task of checking the users credentials (password)\&. The default action of this module is to not permit the user access to a service if their official password is blank\&. .PP A helper binary, -\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like +\fBunix_chkpwd\fR(8), is provided to check the user\*(Aqs password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like \fBxlock\fR(1) -to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was +to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\*(Aqt know was \fBfork()\fRd\&. The \fBnoreap\fR module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&. .PP -The password component of this module performs the task of updating the user\'s password\&. +The password component of this module performs the task of updating the user\*(Aqs password\&. The default encryption hash is taken from the +\fBENCRYPT_METHOD\fR +variable from +\fI/etc/login\&.defs\fR .PP The session component of this module logs when a user logins or leave the system\&. .PP @@ -225,7 +87,7 @@ argument overrides this default\&. .PP \fBtry_first_pass\fR .RS 4 -Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\&. +Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&. .RE .PP \fBuse_first_pass\fR @@ -264,8 +126,10 @@ NIS RPC is used for setting new passwords\&. The last \fIn\fR passwords for each user are saved in -\FC/etc/security/opasswd\F[] -in order to force password change history and keep the user from alternating between the same password too frequently\&. +/etc/security/opasswd +in order to force password change history and keep the user from alternating between the same password too frequently\&. Instead of this option the +\fBpam_pwhistory\fR +module should be used\&. .RE .PP \fBshadow\fR @@ -340,21 +204,13 @@ Ignore this module\&. .SH "EXAMPLES" .PP An example usage for -\FC/etc/pam\&.d/login\F[] +/etc/pam\&.d/login would be: .sp .if n \{\ .RS 4 .\} -.fam C -.ps -1 .nf -.if t \{\ -.sp -1 -.\} -.BB lightgray adjust-for-leading-newline -.sp -1 - # Authenticate the user auth required pam_unix\&.so # Ensure users account and password are still active @@ -365,20 +221,14 @@ password required pam_cracklib\&.so retry=3 minlen=6 difok=3 password required pam_unix\&.so use_authtok nullok md5 session required pam_unix\&.so -.EB lightgray adjust-for-leading-newline -.if t \{\ -.sp 1 -.\} .fi -.fam -.ps +1 .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP - +\fBlogin.defs\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index c272e3ce..9ce084e3 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -81,7 +81,9 @@ <para> The password component of this module performs the task of updating - the user's password. + the user's password. The default encryption hash is taken from the + <emphasis remap='B'>ENCRYPT_METHOD</emphasis> variable from + <emphasis>/etc/login.defs</emphasis> </para> <para> @@ -223,6 +225,8 @@ user are saved in <filename>/etc/security/opasswd</filename> in order to force password change history and keep the user from alternating between the same password too frequently. + Instead of this option the <command>pam_pwhistory</command> + module should be used. </para> </listitem> </varlistentry> @@ -391,6 +395,9 @@ session required pam_unix.so <title>SEE ALSO</title> <para> <citerefentry> + <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 2731b8bc..8ec44492 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -41,6 +41,7 @@ #include <string.h> #include <unistd.h> #include <sys/types.h> +#include <sys/resource.h> #include <syslog.h> #include <pwd.h> #include <shadow.h> @@ -52,7 +53,11 @@ /* indicate that the following groups are defined */ -#define PAM_SM_ACCOUNT +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_ACCOUNT +#endif #include <security/pam_modules.h> #include <security/pam_ext.h> @@ -116,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, if (geteuid() == 0) { /* must set the real uid to 0 so the helper will not error out if pam is called from setuid binary (su, sudo...) */ - setuid(0); + if (setuid(0) == -1) { + pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); + printf("-1\n"); + fflush(stdout); + _exit(PAM_AUTHINFO_UNAVAIL); + } } /* exec binary helper */ @@ -137,7 +147,8 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, if (child > 0) { char buf[32]; int rc=0; - rc=waitpid(child, &retval, 0); /* wait for helper to complete */ + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc); retval = PAM_AUTH_ERR; @@ -178,8 +189,8 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, * account management module. */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, - int argc, const char **argv) +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl; const void *void_uname; @@ -291,17 +302,3 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, return retval; } - - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_unix_acct_modstruct = { - "pam_unix_acct", - NULL, - NULL, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL, -}; -#endif diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index d9c4ea55..44573e6c 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -50,7 +50,11 @@ /* indicate the following groups are defined */ -#define PAM_SM_AUTH +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_AUTH +#endif #define _PAM_EXTERN_FUNCTIONS #include <security/_pam_macros.h> @@ -98,9 +102,8 @@ setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED) free (ptr); } - -PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags - ,int argc, const char **argv) +int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl; int retval, *ret_data = NULL; @@ -190,7 +193,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags * warned you. -- AOY */ -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -206,22 +209,10 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, don't worry about an explicit check of argv. */ if (pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS && pretval) { - retval = *(const int *)pretval; + retval = *(const int *)pretval; pam_set_data(pamh, "unix_setcred_return", NULL, NULL); D(("recovered data indicates that old retval was %d", retval)); } return retval; } - -#ifdef PAM_STATIC -struct pam_module _pam_unix_auth_modstruct = { - "pam_unix_auth", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, -}; -#endif diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 631df318..9aae3b03 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -58,12 +58,17 @@ #include <signal.h> #include <errno.h> #include <sys/wait.h> +#include <sys/resource.h> #include <security/_pam_macros.h> /* indicate the following groups are defined */ -#define PAM_SM_PASSWORD +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_PASSWORD +#endif #include <security/pam_modules.h> #include <security/pam_ext.h> @@ -212,7 +217,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { if (i != STDIN_FILENO) - close(i); + close(i); } } @@ -249,7 +254,8 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); - rc=waitpid(child, &retval, 0); /* wait for helper to complete */ + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); retval = PAM_AUTHTOK_ERR; @@ -262,7 +268,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const } else { D(("fork failed")); close(fds[0]); - close(fds[1]); + close(fds[1]); retval = PAM_AUTH_ERR; } @@ -280,13 +286,15 @@ static int check_old_password(const char *forwho, const char *newpass) char *s_luser, *s_uid, *s_npas, *s_pas; int retval = PAM_SUCCESS; FILE *opwfile; + size_t len = strlen(forwho); opwfile = fopen(OLD_PASSWORDS_FILE, "r"); if (opwfile == NULL) return PAM_ABORT; while (fgets(buf, 16380, opwfile)) { - if (!strncmp(buf, forwho, strlen(forwho))) { + if (!strncmp(buf, forwho, len) && (buf[len] == ':' || + buf[len] == ',')) { char *sptr; buf[strlen(buf) - 1] = '\0'; s_luser = strtok_r(buf, ":,", &sptr); @@ -521,9 +529,8 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh return retval; } - -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, - int argc, const char **argv) +int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl, lctrl; int retval; @@ -795,7 +802,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, tpass = create_password_hash(pamh, pass_new, ctrl, rounds); if (tpass == NULL) { pam_syslog(pamh, LOG_CRIT, - "out of memory for password"); + "crypt() failure or out of memory for password"); pass_new = pass_old = NULL; /* tidy up */ unlock_pwdf(); return PAM_BUF_ERR; @@ -821,17 +828,3 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, return retval; } - - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_unix_passwd_modstruct = { - "pam_unix_passwd", - NULL, - NULL, - NULL, - NULL, - NULL, - pam_sm_chauthtok, -}; -#endif diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 2f080805..d1376732 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -1,5 +1,5 @@ /* - * $Id: pam_unix_sess.c,v 1.11 2010/08/17 11:15:33 kukuk Exp $ + * $Id$ * * Copyright Alexander O. Yuriev, 1996. All rights reserved. * Copyright Jan Rêkorajski, 1999. All rights reserved. @@ -16,13 +16,13 @@ * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE @@ -49,7 +49,11 @@ /* indicate the following groups are defined */ -#define PAM_SM_SESSION +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_SESSION +#endif #include <security/_pam_macros.h> #include <security/pam_modules.h> @@ -63,8 +67,8 @@ * session module. */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, - int argc, const char **argv) +int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *user_name, *service; unsigned int ctrl; @@ -98,8 +102,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, return PAM_SUCCESS; } -PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, - int argc, const char **argv) +int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *user_name, *service; unsigned int ctrl; @@ -127,17 +131,3 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, return PAM_SUCCESS; } - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_unix_session_modstruct = { - "pam_unix_session", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL, -}; -#endif - diff --git a/modules/pam_unix/pam_unix_static.c b/modules/pam_unix/pam_unix_static.c new file mode 100644 index 00000000..160268c9 --- /dev/null +++ b/modules/pam_unix/pam_unix_static.c @@ -0,0 +1,23 @@ +#include "config.h" + +#ifdef PAM_STATIC + +#define static extern +#define PAM_SM_ACCOUNT +#define PAM_SM_AUTH +#define PAM_SM_PASSWORD +#define PAM_SM_SESSION +#include "pam_unix_static.h" +#include <security/pam_modules.h> + +struct pam_module _pam_unix_modstruct = { + "pam_unix", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + pam_sm_open_session, + pam_sm_close_session, + pam_sm_chauthtok, +}; + +#endif diff --git a/modules/pam_unix/pam_unix_static.h b/modules/pam_unix/pam_unix_static.h new file mode 100644 index 00000000..39b05efe --- /dev/null +++ b/modules/pam_unix/pam_unix_static.h @@ -0,0 +1,6 @@ +#define pam_sm_acct_mgmt _pam_unix_sm_acct_mgmt +#define pam_sm_authenticate _pam_unix_sm_authenticate +#define pam_sm_setcred _pam_unix_sm_setcred +#define pam_sm_chauthtok _pam_unix_sm_chauthtok +#define pam_sm_open_session _pam_unix_sm_open_session +#define pam_sm_close_session _pam_unix_sm_close_session diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 5199a690..4840bb2d 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -89,17 +89,17 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) } else { if (!strncmp(hash, "$1$", 3)) { pp = Goodcrypt_md5(p, hash); - if (pp && strcmp(pp, hash) != 0) { + if (pp && strcmp(pp, hash) != 0) { _pam_delete(pp); pp = Brokencrypt_md5(p, hash); - } + } } else if (*hash != '$' && hash_len >= 13) { - pp = bigcrypt(p, hash); - if (pp && hash_len == 13 && strlen(pp) > hash_len) { + pp = bigcrypt(p, hash); + if (pp && hash_len == 13 && strlen(pp) > hash_len) { _pam_overwrite(pp + hash_len); - } + } } else { - /* + /* * Ok, we don't know the crypt algorithm, but maybe * libcrypt knows about it? We should try it. */ @@ -424,7 +424,7 @@ PAMH_ARG_DECL(char * create_password_hash, } #endif sp = crypt(password, salt); - if (strncmp(algoid, sp, strlen(algoid)) != 0) { + if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { /* libxcrypt/libc doesn't know the algorithm, use MD5 */ pam_syslog(pamh, LOG_ERR, "Algo %s not supported by the crypto backend, " @@ -432,7 +432,9 @@ PAMH_ARG_DECL(char * create_password_hash, on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : on(UNIX_SHA256_PASS, ctrl) ? "sha256" : on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); - memset(sp, '\0', strlen(sp)); + if(sp) { + memset(sp, '\0', strlen(sp)); + } return crypt_md5_wrapper(password); } @@ -448,12 +450,12 @@ unix_selinux_confined(void) char tempfile[]="/etc/.pwdXXXXXX"; if (confined != -1) - return confined; + return confined; /* cannot be confined without SELinux enabled */ if (!SELINUX_ENABLED){ - confined = 0; - return confined; + confined = 0; + return confined; } /* let's try opening shadow read only */ @@ -562,6 +564,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, int found = 0; struct passwd *pwd = NULL; struct stat st; + size_t len = strlen(forwho); #ifdef WITH_SELINUX security_context_t prev_context=NULL; #endif @@ -629,11 +632,11 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, } while (fgets(buf, 16380, opwfile)) { - if (!strncmp(buf, forwho, strlen(forwho))) { + if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) { char *sptr = NULL; found = 1; if (howmany == 0) - continue; + continue; buf[strlen(buf) - 1] = '\0'; s_luser = strtok_r(buf, ":", &sptr); s_uid = strtok_r(NULL, ":", &sptr); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index cc350e58..19d72e66 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -37,6 +37,80 @@ #define SELINUX_ENABLED 0 #endif +static char * +search_key (const char *key, const char *filename) +{ + FILE *fp; + char *buf = NULL; + size_t buflen = 0; + char *retval = NULL; + + fp = fopen (filename, "r"); + if (NULL == fp) + return NULL; + + while (!feof (fp)) + { + char *tmp, *cp; +#if defined(HAVE_GETLINE) + ssize_t n = getline (&buf, &buflen, fp); +#elif defined (HAVE_GETDELIM) + ssize_t n = getdelim (&buf, &buflen, '\n', fp); +#else + ssize_t n; + + if (buf == NULL) + { + buflen = BUF_SIZE; + buf = malloc (buflen); + if (buf == NULL) { + fclose (fp); + return NULL; + } + } + buf[0] = '\0'; + if (fgets (buf, buflen - 1, fp) == NULL) + break; + else if (buf != NULL) + n = strlen (buf); + else + n = 0; +#endif /* HAVE_GETLINE / HAVE_GETDELIM */ + cp = buf; + + if (n < 1) + break; + + tmp = strchr (cp, '#'); /* remove comments */ + if (tmp) + *tmp = '\0'; + while (isspace ((int)*cp)) /* remove spaces and tabs */ + ++cp; + if (*cp == '\0') /* ignore empty lines */ + continue; + + if (cp[strlen (cp) - 1] == '\n') + cp[strlen (cp) - 1] = '\0'; + + tmp = strsep (&cp, " \t="); + if (cp != NULL) + while (isspace ((int)*cp) || *cp == '=') + ++cp; + + if (strcasecmp (tmp, key) == 0) + { + retval = strdup (cp); + break; + } + } + fclose (fp); + + free (buf); + + return retval; +} + + /* this is a front-end for module-application conversations */ int _make_remark(pam_handle_t * pamh, unsigned int ctrl, @@ -58,6 +132,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, int *pass_min_len, int argc, const char **argv) { unsigned int ctrl; + char *val; + int j; D(("called.")); @@ -81,10 +157,38 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, D(("SILENT")); set(UNIX__QUIET, ctrl); } + + /* preset encryption method with value from /etc/login.defs */ + val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token && unix_args[j].is_hash_algo + && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { + break; + } + } + if (j >= UNIX_CTRLS_) { + pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD value [%s]", val); + } else { + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + } + free (val); + + /* read number of rounds for crypt algo */ + if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { + val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + + if (val) { + *rounds = strtol(val, NULL, 10); + free (val); + } + } + } + /* now parse the arguments to this module */ for (; argc-- > 0; ++argv) { - int j; D(("pam_unix arg: %s", *argv)); @@ -475,14 +579,17 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { if (i != STDIN_FILENO) - close(i); + close(i); } } if (geteuid() == 0) { /* must set the real uid to 0 so the helper will not error out if pam is called from setuid binary (su, sudo...) */ - setuid(0); + if (setuid(0) == -1) { + D(("setuid failed")); + _exit(PAM_AUTHINFO_UNAVAIL); + } } /* exec binary helper */ @@ -517,7 +624,8 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, } close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); - rc=waitpid(child, &retval, 0); /* wait for helper to complete */ + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc); retval = PAM_AUTH_ERR; @@ -530,7 +638,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, } else { D(("fork failed")); close(fds[0]); - close(fds[1]); + close(fds[1]); retval = PAM_AUTH_ERR; } diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index d02c8aee..65759384 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -1,5 +1,5 @@ /* - * $Id: support.h,v 1.18 2010/08/17 11:15:33 kukuk Exp $ + * $Id$ */ #ifndef _PAM_UNIX_SUPPORT_H @@ -8,6 +8,12 @@ #include <pwd.h> /* + * File to read value of ENCRYPT_METHOD from. + */ +#define LOGIN_DEFS "/etc/login.defs" + + +/* * here is the string to inform the user that the new passwords they * typed were not the same. */ @@ -20,6 +26,7 @@ typedef struct { const char *token; unsigned int mask; /* shall assume 32 bits of flags */ unsigned int flag; + unsigned int is_hash_algo; } UNIX_Ctrls; /* @@ -100,34 +107,34 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* symbol token name ctrl mask ctrl * * ----------------------- ------------------- --------------------- -------- */ -/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01}, -/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02}, -/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04}, -/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010}, -/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020}, -/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040}, -/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100}, -/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200}, -/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400}, -/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000}, -/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000}, -/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000}, -/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000}, -/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000}, -/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0}, -/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000}, -/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000}, -/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000}, -/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000}, -/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000}, -/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000}, -/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000}, -/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000}, -/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000}, -/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000}, -/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000}, -/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000}, -/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000}, +/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, +/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, +/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, +/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, +/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, +/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, +/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0}, +/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, +/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, +/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, +/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, +/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, +/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, +/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1}, +/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0}, +/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, +/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, +/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, +/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1}, +/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, +/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, +/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, +/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, +/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1}, +/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1}, +/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, +/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) diff --git a/modules/pam_unix/unix_chkpwd.8 b/modules/pam_unix/unix_chkpwd.8 index 72c72b46..b16e0c94 100644 --- a/modules/pam_unix/unix_chkpwd.8 +++ b/modules/pam_unix/unix_chkpwd.8 @@ -1,161 +1,22 @@ +'\" t .\" Title: unix_chkpwd .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/> -.\" Date: 10/27/2010 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "UNIX_CHKPWD" "8" "10/27/2010" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "UNIX_CHKPWD" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- -.\" * (re)Define some macros +.\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" toupper - uppercase a string (locale-aware) +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de toupper -.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -\\$* -.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SH-xref - format a cross-reference to an SH section -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de SH-xref -.ie n \{\ -.\} -.toupper \\$* -.el \{\ -\\$* -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SH - level-one heading that works better for non-TTY output -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de1 SH -.\" put an extra blank line of space above the head in non-TTY output -.if t \{\ -.sp 1 -.\} -.sp \\n[PD]u -.nr an-level 1 -.set-an-margin -.nr an-prevailing-indent \\n[IN] -.fi -.in \\n[an-margin]u -.ti 0 -.HTML-TAG ".NH \\n[an-level]" -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -\." make the size of the head bigger -.ps +3 -.ft B -.ne (2v + 1u) -.ie n \{\ -.\" if n (TTY output), use uppercase -.toupper \\$* -.\} -.el \{\ -.nr an-break-flag 0 -.\" if not n (not TTY), use normal case (not uppercase) -\\$1 -.in \\n[an-margin]u -.ti 0 -.\" if not n (not TTY), put a border/line under subheading -.sp -.6 -\l'\n(.lu' -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SS - level-two heading that works better for non-TTY output -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de1 SS -.sp \\n[PD]u -.nr an-level 1 -.set-an-margin -.nr an-prevailing-indent \\n[IN] -.fi -.in \\n[IN]u -.ti \\n[SN]u -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -.ps \\n[PS-SS]u -\." make the size of the head bigger -.ps +2 -.ft B -.ne (2v + 1u) -.if \\n[.$] \&\\$* -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" BB/BE - put background/screen (filled box) around block of text -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de BB -.if t \{\ -.sp -.5 -.br -.in +2n -.ll -2n -.gcolor red -.di BX -.\} -.. -.de EB -.if t \{\ -.if "\\$2"adjust-for-leading-newline" \{\ -.sp -1 -.\} -.br -.di -.in -.ll -.gcolor -.nr BW \\n(.lu-\\n(.i -.nr BH \\n(dn+.5v -.ne \\n(BHu+.5v -.ie "\\$2"adjust-for-leading-newline" \{\ -\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -.\} -.el \{\ -\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -.\} -.in 0 -.sp -.5v -.nf -.BX -.in -.sp .5v -.fi -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" BM/EM - put colored marker in margin next to block of text -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de BM -.if t \{\ -.br -.ll -2n -.gcolor red -.di BX -.\} -.. -.de EM -.if t \{\ -.br -.di -.ll -.gcolor -.nr BH \\n(dn -.ne \\n(BHu -\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -.in 0 -.nf -.BX -.in -.fi -.\} -.. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -166,16 +27,13 @@ .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- -.SH "Name" +.SH "NAME" unix_chkpwd \- Helper binary that verifies the password of the current user -.SH "Synopsis" -.fam C +.SH "SYNOPSIS" .HP \w'\fBunix_chkpwd\fR\ 'u \fBunix_chkpwd\fR [\&.\&.\&.] -.fam .SH "DESCRIPTION" .PP - \fIunix_chkpwd\fR is a helper program for the \fIpam_unix\fR @@ -189,7 +47,6 @@ The interface of the helper \- command line options, and input/output data forma module and it should not be called directly from applications\&. .SH "SEE ALSO" .PP - \fBpam_unix\fR(8) .SH "AUTHOR" .PP diff --git a/modules/pam_unix/unix_update.8 b/modules/pam_unix/unix_update.8 index 6bb38b1c..1ee82c85 100644 --- a/modules/pam_unix/unix_update.8 +++ b/modules/pam_unix/unix_update.8 @@ -1,161 +1,22 @@ +'\" t .\" Title: unix_update .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/> -.\" Date: 10/27/2010 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "UNIX_UPDATE" "8" "10/27/2010" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "UNIX_UPDATE" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- -.\" * (re)Define some macros +.\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" toupper - uppercase a string (locale-aware) +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de toupper -.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -\\$* -.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SH-xref - format a cross-reference to an SH section -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de SH-xref -.ie n \{\ -.\} -.toupper \\$* -.el \{\ -\\$* -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SH - level-one heading that works better for non-TTY output -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de1 SH -.\" put an extra blank line of space above the head in non-TTY output -.if t \{\ -.sp 1 -.\} -.sp \\n[PD]u -.nr an-level 1 -.set-an-margin -.nr an-prevailing-indent \\n[IN] -.fi -.in \\n[an-margin]u -.ti 0 -.HTML-TAG ".NH \\n[an-level]" -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -\." make the size of the head bigger -.ps +3 -.ft B -.ne (2v + 1u) -.ie n \{\ -.\" if n (TTY output), use uppercase -.toupper \\$* -.\} -.el \{\ -.nr an-break-flag 0 -.\" if not n (not TTY), use normal case (not uppercase) -\\$1 -.in \\n[an-margin]u -.ti 0 -.\" if not n (not TTY), put a border/line under subheading -.sp -.6 -\l'\n(.lu' -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" SS - level-two heading that works better for non-TTY output -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de1 SS -.sp \\n[PD]u -.nr an-level 1 -.set-an-margin -.nr an-prevailing-indent \\n[IN] -.fi -.in \\n[IN]u -.ti \\n[SN]u -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -.ps \\n[PS-SS]u -\." make the size of the head bigger -.ps +2 -.ft B -.ne (2v + 1u) -.if \\n[.$] \&\\$* -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" BB/BE - put background/screen (filled box) around block of text -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de BB -.if t \{\ -.sp -.5 -.br -.in +2n -.ll -2n -.gcolor red -.di BX -.\} -.. -.de EB -.if t \{\ -.if "\\$2"adjust-for-leading-newline" \{\ -.sp -1 -.\} -.br -.di -.in -.ll -.gcolor -.nr BW \\n(.lu-\\n(.i -.nr BH \\n(dn+.5v -.ne \\n(BHu+.5v -.ie "\\$2"adjust-for-leading-newline" \{\ -\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -.\} -.el \{\ -\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -.\} -.in 0 -.sp -.5v -.nf -.BX -.in -.sp .5v -.fi -.\} -.. -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" BM/EM - put colored marker in margin next to block of text -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.de BM -.if t \{\ -.br -.ll -2n -.gcolor red -.di BX -.\} -.. -.de EM -.if t \{\ -.br -.di -.ll -.gcolor -.nr BH \\n(dn -.ne \\n(BHu -\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -.in 0 -.nf -.BX -.in -.fi -.\} -.. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -166,29 +27,25 @@ .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- -.SH "Name" +.SH "NAME" unix_update \- Helper binary that updates the password of a given user -.SH "Synopsis" -.fam C +.SH "SYNOPSIS" .HP \w'\fBunix_update\fR\ 'u \fBunix_update\fR [\&.\&.\&.] -.fam .SH "DESCRIPTION" .PP - \fIunix_update\fR is a helper program for the \fIpam_unix\fR module that updates the password of a given user\&. It is not intended to be run directly from the command line and logs a security violation if done so\&. .PP -The purpose of the helper is to enable tighter confinement of login and password changing services\&. The helper is thus called only when SELinux is enabled and in the enforcing mode on the system\&. +The purpose of the helper is to enable tighter confinement of login and password changing services\&. The helper is thus called only when SELinux is enabled on the system\&. .PP The interface of the helper \- command line options, and input/output data format are internal to the \fIpam_unix\fR module and it should not be called directly from applications\&. .SH "SEE ALSO" .PP - \fBpam_unix\fR(8) .SH "AUTHOR" .PP diff --git a/modules/pam_unix/unix_update.8.xml b/modules/pam_unix/unix_update.8.xml index 07695951..6c7467b9 100644 --- a/modules/pam_unix/unix_update.8.xml +++ b/modules/pam_unix/unix_update.8.xml @@ -38,7 +38,7 @@ <para> The purpose of the helper is to enable tighter confinement of login and password changing services. The helper is thus called only - when SELinux is enabled and in the enforcing mode on the system. + when SELinux is enabled on the system. </para> <para> diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c index 702912d0..6ea7ea51 100644 --- a/modules/pam_unix/unix_update.c +++ b/modules/pam_unix/unix_update.c @@ -62,7 +62,7 @@ set_password(const char *forwho, const char *shadow, const char *remember) } if (lock_pwdf() != PAM_SUCCESS) - return PAM_AUTHTOK_LOCK_BUSY; + return PAM_AUTHTOK_LOCK_BUSY; pwd = getpwnam(forwho); |