diff options
Diffstat (limited to 'Linux-PAM/modules/pam_succeed_if')
| -rw-r--r-- | Linux-PAM/modules/pam_succeed_if/Makefile | 16 | ||||
| -rw-r--r-- | Linux-PAM/modules/pam_succeed_if/Makefile.am | 31 | ||||
| -rw-r--r-- | Linux-PAM/modules/pam_succeed_if/Makefile.in | 665 | ||||
| -rw-r--r-- | Linux-PAM/modules/pam_succeed_if/README | 192 | ||||
| -rw-r--r-- | Linux-PAM/modules/pam_succeed_if/README.xml | 41 | ||||
| -rw-r--r-- | Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8 | 166 | ||||
| -rw-r--r-- | Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml | 297 | ||||
| -rw-r--r-- | Linux-PAM/modules/pam_succeed_if/pam_succeed_if.c | 256 | ||||
| -rwxr-xr-x | Linux-PAM/modules/pam_succeed_if/tst-pam_succeed_if | 2 |
9 files changed, 1462 insertions, 204 deletions
diff --git a/Linux-PAM/modules/pam_succeed_if/Makefile b/Linux-PAM/modules/pam_succeed_if/Makefile deleted file mode 100644 index cea9be3b..00000000 --- a/Linux-PAM/modules/pam_succeed_if/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# -# $Id: Makefile,v 1.1 2004/09/24 11:42:39 kukuk Exp $ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan <morgan@linux.kernel.org> 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_succeed_if -MAN8=$(TITLE).8 - -include ../Simple.Rules diff --git a/Linux-PAM/modules/pam_succeed_if/Makefile.am b/Linux-PAM/modules/pam_succeed_if/Makefile.am new file mode 100644 index 00000000..d97f4c1d --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/Makefile.am @@ -0,0 +1,31 @@ +# +# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de> +# + +CLEANFILES = *~ + +EXTRA_DIST = README ${MANS} ${XMLS} tst-pam_succeed_if + +TESTS = tst-pam_succeed_if + +man_MANS = pam_succeed_if.8 + +XMLS = README.xml pam_succeed_if.8.xml + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include +AM_LDFLAGS = -no-undefined -avoid-version -module \ + -L$(top_builddir)/libpam -lpam +if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +endif + +securelib_LTLIBRARIES = pam_succeed_if.la + +if ENABLE_REGENERATE_MAN +noinst_DATA = README +README: pam_succeed_if.8.xml +-include $(top_srcdir)/Make.xml.rules +endif diff --git a/Linux-PAM/modules/pam_succeed_if/Makefile.in b/Linux-PAM/modules/pam_succeed_if/Makefile.in new file mode 100644 index 00000000..a5090537 --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/Makefile.in @@ -0,0 +1,665 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# +# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de> +# + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map +subdir = modules/pam_succeed_if +DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ + $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" +securelibLTLIBRARIES_INSTALL = $(INSTALL) +LTLIBRARIES = $(securelib_LTLIBRARIES) +pam_succeed_if_la_LIBADD = +pam_succeed_if_la_SOURCES = pam_succeed_if.c +pam_succeed_if_la_OBJECTS = pam_succeed_if.lo +DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = pam_succeed_if.c +DIST_SOURCES = pam_succeed_if.c +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man_MANS) +DATA = $(noinst_DATA) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BROWSER = @BROWSER@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +FO2PDF = @FO2PDF@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GREP = @GREP@ +HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBAUDIT = @LIBAUDIT@ +LIBCRACK = @LIBCRACK@ +LIBCRYPT = @LIBCRYPT@ +LIBDB = @LIBDB@ +LIBDL = @LIBDL@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBNSL = @LIBNSL@ +LIBOBJS = @LIBOBJS@ +LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ +LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ +LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ +LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ +LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ +LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ +LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ +LIBS = @LIBS@ +LIBSELINUX = @LIBSELINUX@ +LIBTOOL = @LIBTOOL@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ +POSUB = @POSUB@ +RANLIB = @RANLIB@ +SCONFIGDIR = @SCONFIGDIR@ +SECUREDIR = @SECUREDIR@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +WITH_DEBUG = @WITH_DEBUG@ +WITH_PAMLOCKING = @WITH_PAMLOCKING@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XMLCATALOG = @XMLCATALOG@ +XMLLINT = @XMLLINT@ +XML_CATALOG_FILE = @XML_CATALOG_FILE@ +XSLTPROC = @XSLTPROC@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libc_cv_fpie = @libc_cv_fpie@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ +pam_xauth_path = @pam_xauth_path@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +CLEANFILES = *~ +EXTRA_DIST = README ${MANS} ${XMLS} tst-pam_succeed_if +TESTS = tst-pam_succeed_if +man_MANS = pam_succeed_if.8 +XMLS = README.xml pam_succeed_if.8.xml +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include +AM_LDFLAGS = -no-undefined -avoid-version -module \ + -L$(top_builddir)/libpam -lpam $(am__append_1) +securelib_LTLIBRARIES = pam_succeed_if.la +@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_succeed_if/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu modules/pam_succeed_if/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + f=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \ + $(LIBTOOL) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \ + else :; fi; \ + done + +uninstall-securelibLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ + p=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \ + $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \ + done + +clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) + @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +pam_succeed_if.la: $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_DEPENDENCIES) + $(LINK) -rpath $(securelibdir) $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_succeed_if.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man8: $(man8_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 8*) ;; \ + *) ext='8' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ + done +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + case "$$ext" in \ + 8*) ;; \ + *) ext='8' ;; \ + esac; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ + rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *$$ws$$tst$$ws*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + echo "XPASS: $$tst"; \ + ;; \ + *) \ + echo "PASS: $$tst"; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *$$ws$$tst$$ws*) \ + xfail=`expr $$xfail + 1`; \ + echo "XFAIL: $$tst"; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + echo "FAIL: $$tst"; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + echo "SKIP: $$tst"; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all tests failed"; \ + else \ + banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + skipped="($$skip tests were not run)"; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + test -z "$$skipped" || echo "$$skipped"; \ + test -z "$$report" || echo "$$report"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: install-man install-securelibLTLIBRARIES + +install-dvi: install-dvi-am + +install-exec-am: + +install-html: install-html-am + +install-info: install-info-am + +install-man: install-man8 + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES + +uninstall-man: uninstall-man8 + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ + clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-man8 install-pdf \ + install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-man uninstall-man8 \ + uninstall-securelibLTLIBRARIES + +@ENABLE_REGENERATE_MAN_TRUE@README: pam_succeed_if.8.xml +@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/Linux-PAM/modules/pam_succeed_if/README b/Linux-PAM/modules/pam_succeed_if/README index fdb278ef..4516a9d1 100644 --- a/Linux-PAM/modules/pam_succeed_if/README +++ b/Linux-PAM/modules/pam_succeed_if/README @@ -1,68 +1,124 @@ -pam_succeed_if: - Succeed or fail based on account characteristics. - - pam_succeed_if.so is designed to succeed or fail authentication based - on characteristics of the account belonging to the user being - authenticated. - - The module can be given one or more conditions as module arguments, and - authentication will succeed only if all of the conditions are met. - - Conditions are expressed in the form - - ATTRIBUTE OPERATOR VALUE - - Recognized attributes: - - LOGIN - The user's login name. - UID - The user's UID. - GID - The user's primary GID. - SHELL - The user's shell. - HOME - The user's home directory. - - Recognized operators: - - < - Arithmetic less-than. - <= - Arithmetic less-than-or-equal-to. - > - Arithmetic greater-than. - >= - Arithmetic greater-than-or-equal-to. - eq - Arithmetic equality. - = - String equality. - ne - Arithmetic inequality. - != - String inequality. - =~ - Wildcard match. - !~ - Wildcard mismatch. - ingroup - Group membership check. [*] - notingroup - Group non-membership check. [*] - - * The "ingroup" and "notingroup" operators should only be - used with the USER attribute. - - Examples: - - Deny authentication to all users except those in the wheel - group, before even asking for a password: - auth requisite pam_succeed_if.so user ingroup wheel - - Assume all users with UID less than 500 ("system users") have - valid accounts. - account sufficient pam_succeed_if.so uid < 500 - - Deny login to all nologin users. - auth requisite pam_succeed_if.so shell !~ nologin - -RECOGNIZED ARGUMENTS: - debug write debugging messages to syslog - use_uid perform checks on the account of the user under whose - UID the application is running instead of the user - being authenticated - quiet don't log failure or success to syslog - quiet_fail don't log failure to syslog - quiet_success don't log success to syslog - - -MODULE SERVICES PROVIDED: - authentication, account management - -AUTHOR: - Nalin Dahyabhai <nalin@redhat.com> +pam_succeed_if — test account characteristics + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +pam_succeed_if.so is designed to succeed or fail authentication based on +characteristics of the account belonging to the user being authenticated. One +use is to select whether to load other modules based on this test. + +The module should be given one or more conditions as module arguments, and +authentication will succeed only if all of the conditions are met. + +OPTIONS + +The following flags are supported: + +debug + + Turns on debugging messages sent to syslog. + +use_uid + + Evaluate conditions using the account of the user whose UID the application + is running under instead of the user being authenticated. + +quiet + + Don't log failure or success to the system log. + +quiet_fail + + Don't log failure to the system log. + +quiet_success + + Don't log success to the system log. + +Conditions are three words: a field, a test, and a value to test for. + +Available fields are user, uid, gid, shell, home and service: + +field < number + + Field has a value numerically less than number. + +field <= number + + Field has a value numerically less than or equal to number. + +field eq number + + Field has a value numerically less equal to number. + +field >= number + + Field has a value numerically greater than or equal to number. + +field > number + + Field has a value numerically greater than number. + +field ne number + + Field has a value numerically different from number. + +field = string + + Field exactly matches the given string. + +field != string + + Field does not match the given string. + +field =~ glob + + Field matches the given glob. + +field !~ glob + + Field does not match the given glob. + +field in item:item:... + + Field is contained in the list of items separated by colons. + +field notin item:item:... + + Field is not contained in the list of items separated by colons. + +user ingroup group + + User is in given group. + +user notingroup group + + User is not in given group. + +user innetgr netgroup + + (user,host) is in given netgroup. + +user notinnetgr group + + (user,host) is not in given netgroup. + +EXAMPLES + +To emulate the behaviour of pam_wheel, except there is no fallback to group 0: + +auth required pam_succeed_if.so quiet user ingroup wheel + + +Given that the type matches, only loads the othermodule rule if the UID is over +500. Adjust the number after default to skip several rules. + +type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500 +type required othermodule.so arguments... + + +AUTHOR + +Nalin Dahyabhai <nalin@redhat.com> + diff --git a/Linux-PAM/modules/pam_succeed_if/README.xml b/Linux-PAM/modules/pam_succeed_if/README.xml new file mode 100644 index 00000000..c52f00a0 --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/README.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" +"http://www.docbook.org/xml/4.3/docbookx.dtd" +[ +<!-- +<!ENTITY pamaccess SYSTEM "pam_succeed_if.8.xml"> +--> +]> + +<article> + + <articleinfo> + + <title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_succeed_if.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_succeed_if-name"]/*)'/> + </title> + + </articleinfo> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-description"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-options"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-examples"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-author"]/*)'/> + </section> + +</article> diff --git a/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8 b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8 index da95a033..30af456c 100644 --- a/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8 +++ b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8 @@ -1,37 +1,143 @@ -.\" Copyright 2003, 2004 Red Hat, Inc. -.\" Written by Nalin Dahyabhai <nalin@redhat.com> -.TH pam_succeed_if 8 2004/12/27 "Linux-PAM" "System Administrator's Manual" - -.SH NAME -pam_succeed_if \- succeed or fail based on account characteristics - -.SH SYNOPSIS -.B account sufficient pam_succeed_if.so uid < 500 - -.SH DESCRIPTION -pam_succeed_if.so is designed to succeed or fail authentication based on -characteristics of the account belonging to the user being authenticated. - -The module can be given one or more conditions as module arguments, and -authentication will succeed only if all of the conditions are met. - -.SH ARGUMENTS -.IP debug +.\" Title: pam_succeed_if +.\" Author: +.\" Generator: DocBook XSL Stylesheets vsnapshot_2006\-08\-24_0226 <http://docbook.sf.net/> +.\" Date: 08/31/2006 +.\" Manual: Linux\-PAM +.\" Source: Linux\-PAM +.\" +.TH "PAM_SUCCEED_IF" "8" "08/31/2006" "Linux\-PAM" "Linux\-PAM" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_succeed_if \- test account characteristics +.SH "SYNOPSIS" +.HP 18 +\fBpam_succeed_if.so\fR [\fIflag\fR...] [\fIcondition\fR...] +.SH "DESCRIPTION" +.PP +pam_succeed_if.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated. One use is to select whether to load other modules based on this test. +.PP +The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met. +.SH "OPTIONS" +.PP +The following +\fIflag\fRs are supported: +.TP 3n +\fBdebug\fR Turns on debugging messages sent to syslog. -.IP use_uid -Evaluate conditions using the account of the user whose UID the application -is running under instead of the user being authenticated. -.IP quiet +.TP 3n +\fBuse_uid\fR +Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated. +.TP 3n +\fBquiet\fR Don't log failure or success to the system log. -.IP quiet_fail +.TP 3n +\fBquiet_fail\fR Don't log failure to the system log. -.IP quiet_success +.TP 3n +\fBquiet_success\fR Don't log success to the system log. +.PP +\fICondition\fRs are three words: a field, a test, and a value to test for. +.PP +Available fields are +\fIuser\fR, +\fIuid\fR, +\fIgid\fR, +\fIshell\fR, +\fIhome\fR +and +\fIservice\fR: +.TP 3n +\fBfield < number\fR +Field has a value numerically less than number. +.TP 3n +\fBfield <= number\fR +Field has a value numerically less than or equal to number. +.TP 3n +\fBfield eq number\fR +Field has a value numerically less equal to number. +.TP 3n +\fBfield >= number\fR +Field has a value numerically greater than or equal to number. +.TP 3n +\fBfield > number\fR +Field has a value numerically greater than number. +.TP 3n +\fBfield ne number\fR +Field has a value numerically different from number. +.TP 3n +\fBfield = string\fR +Field exactly matches the given string. +.TP 3n +\fBfield != string\fR +Field does not match the given string. +.TP 3n +\fBfield =~ glob\fR +Field matches the given glob. +.TP 3n +\fBfield !~ glob\fR +Field does not match the given glob. +.TP 3n +\fBfield in item:item:...\fR +Field is contained in the list of items separated by colons. +.TP 3n +\fBfield notin item:item:...\fR +Field is not contained in the list of items separated by colons. +.TP 3n +\fBuser ingroup group\fR +User is in given group. +.TP 3n +\fBuser notingroup group\fR +User is not in given group. +.TP 3n +\fBuser innetgr netgroup\fR +(user,host) is in given netgroup. +.TP 3n +\fBuser notinnetgr group\fR +(user,host) is not in given netgroup. +.SH "MODULE SERVICES PROVIDED" +.PP +All services are supported. +.SH "RETURN VALUES" +.TP 3n +PAM_SUCCESS +The condition was true. +.TP 3n +PAM_AUTH_ERR +The condition was false. +.TP 3n +PAM_SERVICE_ERR +A service error occured or the arguments can't be parsed as numbers. +.SH "EXAMPLES" +.PP +To emulate the behaviour of +\fIpam_wheel\fR, except there is no fallback to group 0: +.sp +.RS 3n +.nf +auth required pam_succeed_if.so quiet user ingroup wheel + +.fi +.RE +.PP +Given that the type matches, only loads the othermodule rule if the UID is over 500. Adjust the number after default to skip several rules. +.sp +.RS 3n +.nf +type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500 +type required othermodule.so arguments... + +.fi +.RE +.SH "SEE ALSO" +.PP -.SH BUGS -Let's hope not, but if you find any, please report them via the "Bug Track" -link at http://bugzilla.redhat.com/bugzilla/ - -.SH AUTHOR +\fBglob\fR(7), +\fBpam\fR(8) +.SH "AUTHOR" +.PP Nalin Dahyabhai <nalin@redhat.com> diff --git a/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml new file mode 100644 index 00000000..b7ad29e6 --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -0,0 +1,297 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> + + +<refentry id='pam_succeed_if'> +<!-- Copyright 2003, 2004 Red Hat, Inc. --> +<!-- Written by Nalin Dahyabhai <nalin@redhat.com> --> + + <refmeta> + <refentrytitle>pam_succeed_if</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class='sectdesc'>Linux-PAM</refmiscinfo> + </refmeta> + + <refnamediv id='pam_succeed_if-name'> + <refname>pam_succeed_if</refname> + <refpurpose>test account characteristics</refpurpose> + </refnamediv> + + + <refsynopsisdiv> + <cmdsynopsis id='pam_succeed_if-cmdsynopsis'> + <command>pam_succeed_if.so</command> + <arg choice='opt' rep='repeat'><replaceable>flag</replaceable></arg> + <arg choice='opt' rep='repeat'><replaceable>condition</replaceable></arg> + </cmdsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_succeed_if-description'> + <title>DESCRIPTION</title> + <para> + pam_succeed_if.so is designed to succeed or fail authentication + based on characteristics of the account belonging to the user being + authenticated. One use is to select whether to load other modules based + on this test. + </para> + + <para> + The module should be given one or more conditions as module arguments, + and authentication will succeed only if all of the conditions are met. + </para> + </refsect1> + + <refsect1 id="pam_succeed_if-options"> + <title>OPTIONS</title> + <para> + The following <emphasis>flag</emphasis>s are supported: + </para> + + <variablelist> + <varlistentry> + <term><option>debug</option></term> + <listitem> + <para>Turns on debugging messages sent to syslog.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>use_uid</option></term> + <listitem> + <para> + Evaluate conditions using the account of the user whose UID + the application is running under instead of the user being + authenticated. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>quiet</option></term> + <listitem> + <para>Don't log failure or success to the system log.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>quiet_fail</option></term> + <listitem> + <para> + Don't log failure to the system log. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>quiet_success</option></term> + <listitem> + <para> + Don't log success to the system log. + </para> + </listitem> + </varlistentry> + </variablelist> + + <para> + <emphasis>Condition</emphasis>s are three words: a field, a test, + and a value to test for. + </para> + <para> + Available fields are <emphasis>user</emphasis>, + <emphasis>uid</emphasis>, <emphasis>gid</emphasis>, + <emphasis>shell</emphasis>, <emphasis>home</emphasis> + and <emphasis>service</emphasis>: + </para> + + <variablelist> + <varlistentry> + <term><option>field < number</option></term> + <listitem> + <para>Field has a value numerically less than number.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field <= number</option></term> + <listitem> + <para> + Field has a value numerically less than or equal to number. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field eq number</option></term> + <listitem> + <para> + Field has a value numerically less equal to number. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field >= number</option></term> + <listitem> + <para> + Field has a value numerically greater than or equal to number. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field > number</option></term> + <listitem> + <para> + Field has a value numerically greater than number. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field ne number</option></term> + <listitem> + <para> + Field has a value numerically different from number. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field = string</option></term> + <listitem> + <para> + Field exactly matches the given string. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field != string</option></term> + <listitem> + <para> + Field does not match the given string. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field =~ glob</option></term> + <listitem> + <para>Field matches the given glob.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field !~ glob</option></term> + <listitem> + <para>Field does not match the given glob.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field in item:item:...</option></term> + <listitem> + <para>Field is contained in the list of items separated by colons.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>field notin item:item:...</option></term> + <listitem> + <para>Field is not contained in the list of items separated by colons.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>user ingroup group</option></term> + <listitem> + <para>User is in given group.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>user notingroup group</option></term> + <listitem> + <para>User is not in given group.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>user innetgr netgroup</option></term> + <listitem> + <para>(user,host) is in given netgroup.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>user notinnetgr group</option></term> + <listitem> + <para>(user,host) is not in given netgroup.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_succeed_if-services"> + <title>MODULE SERVICES PROVIDED</title> + <para> + All services are supported. + </para> + </refsect1> + + <refsect1 id='pam_succeed_if-return_values'> + <title>RETURN VALUES</title> + <variablelist> + + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The condition was true. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_AUTH_ERR</term> + <listitem> + <para> + The condition was false. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_SERVICE_ERR</term> + <listitem> + <para> + A service error occured or the arguments can't be + parsed as numbers. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + + <refsect1 id='pam_succeed_if-examples'> + <title>EXAMPLES</title> + <para> + To emulate the behaviour of <emphasis>pam_wheel</emphasis>, except + there is no fallback to group 0: + </para> + <programlisting> +auth required pam_succeed_if.so quiet user ingroup wheel + </programlisting> + + <para> + Given that the type matches, only loads the othermodule rule if + the UID is over 500. Adjust the number after default to skip + several rules. + </para> + <programlisting> +type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500 +type required othermodule.so arguments... + </programlisting> + </refsect1> + + <refsect1 id='pam_succeed_if-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>glob</refentrytitle><manvolnum>7</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> + + <refsect1 id='pam_succeed_if-author'> + <title>AUTHOR</title> + <para>Nalin Dahyabhai <nalin@redhat.com></para> + </refsect1> +</refentry> diff --git a/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.c b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.c index 23974afa..4f33ba2e 100644 --- a/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.c +++ b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.c @@ -37,7 +37,7 @@ * */ -#define _GNU_SOURCE +#include "config.h" #include <sys/types.h> #include <errno.h> @@ -52,34 +52,23 @@ #include <unistd.h> #include <pwd.h> #include <grp.h> -#include <security/pam_modules.h> -#include <security/_pam_modutil.h> +#include <netdb.h> -#define MODULE "pam_succeed_if" +#define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD -static void -log_error(int priority, const char *fmt, ...) -{ - va_list va; - char *fmt2; - fmt2 = malloc(strlen(fmt) + strlen(MODULE) + 3); - va_start(va, fmt); - if (fmt2 == NULL) { - vsyslog(LOG_AUTHPRIV | priority, fmt, va); - } else { - snprintf(fmt2, strlen(fmt) + strlen(MODULE) + 3, - "%s: %s", MODULE, fmt); - vsyslog(LOG_AUTHPRIV | priority, fmt2, va); - free(fmt2); - } - va_end(va); -} +#include <security/pam_modules.h> +#include <security/pam_modutil.h> +#include <security/pam_ext.h> /* Basically, run cmp(atol(left), atol(right)), returning PAM_SUCCESS if * the function returns non-zero, PAM_AUTH_ERR if it returns zero, and - * PAM_SYSTEM_ERR if the arguments can't be parsed as numbers. */ + * PAM_SERVICE_ERR if the arguments can't be parsed as numbers. */ static int -evaluate_num(const char *left, const char *right, int (*cmp)(int, int)) +evaluate_num(const pam_handle_t *pamh, const char *left, + const char *right, int (*cmp)(int, int)) { long l, r; char *p; @@ -88,20 +77,20 @@ evaluate_num(const char *left, const char *right, int (*cmp)(int, int)) errno = 0; l = strtol(left, &p, 0); if ((p == NULL) || (*p != '\0') || errno) { - log_error(LOG_INFO, "\"%s\" is not a number", left); + pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", left); ret = PAM_SERVICE_ERR; } r = strtol(right, &p, 0); if ((p == NULL) || (*p != '\0') || errno) { - log_error(LOG_INFO, "\"%s\" is not a number", right); + pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", right); ret = PAM_SERVICE_ERR; } if (ret != PAM_SUCCESS) { return ret; } - + return cmp(l, r) ? PAM_SUCCESS : PAM_AUTH_ERR; } @@ -139,9 +128,9 @@ ge(int i, int j) /* Test for numeric equality. */ static int -evaluate_eqn(const char *left, const char *right) +evaluate_eqn(const pam_handle_t *pamh, const char *left, const char *right) { - return evaluate_num(left, right, eq); + return evaluate_num(pamh, left, right, eq); } /* Test for string equality. */ static int @@ -151,9 +140,9 @@ evaluate_eqs(const char *left, const char *right) } /* Test for numeric inequality. */ static int -evaluate_nen(const char *left, const char *right) +evaluate_nen(const pam_handle_t *pamh, const char *left, const char *right) { - return evaluate_num(left, right, ne); + return evaluate_num(pamh, left, right, ne); } /* Test for string inequality. */ static int @@ -163,27 +152,27 @@ evaluate_nes(const char *left, const char *right) } /* Test for numeric less-than-ness(?) */ static int -evaluate_lt(const char *left, const char *right) +evaluate_lt(const pam_handle_t *pamh, const char *left, const char *right) { - return evaluate_num(left, right, lt); + return evaluate_num(pamh, left, right, lt); } /* Test for numeric less-than-or-equal-ness(?) */ static int -evaluate_le(const char *left, const char *right) +evaluate_le(const pam_handle_t *pamh, const char *left, const char *right) { - return evaluate_num(left, right, le); + return evaluate_num(pamh, left, right, le); } /* Test for numeric greater-than-ness(?) */ static int -evaluate_gt(const char *left, const char *right) +evaluate_gt(const pam_handle_t *pamh, const char *left, const char *right) { - return evaluate_num(left, right, gt); + return evaluate_num(pamh, left, right, gt); } /* Test for numeric greater-than-or-equal-ness(?) */ static int -evaluate_ge(const char *left, const char *right) +evaluate_ge(const pam_handle_t *pamh, const char *left, const char *right) { - return evaluate_num(left, right, ge); + return evaluate_num(pamh, left, right, ge); } /* Check for file glob match. */ static int @@ -197,34 +186,57 @@ evaluate_noglob(const char *left, const char *right) { return (fnmatch(right, left, 0) != 0) ? PAM_SUCCESS : PAM_AUTH_ERR; } +/* Check for list match. */ +static int +evaluate_inlist(const char *left, const char *right) +{ + char *p; + if ((p=strstr(right, left)) == NULL) + return PAM_AUTH_ERR; + if (p == right || *(p-1) == ':') { /* ':' is a list separator */ + p += strlen(left); + if (*p == '\0' || *p == ':') { + return PAM_SUCCESS; + } + } + return PAM_AUTH_ERR; +} +/* Check for list mismatch. */ +static int +evaluate_notinlist(const char *left, const char *right) +{ + return evaluate_inlist(left, right) != PAM_SUCCESS ? PAM_SUCCESS : PAM_AUTH_ERR; +} /* Return PAM_SUCCESS if the user is in the group. */ static int evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *group) { - int ret; - ret = _pammodutil_user_in_group_nam_nam(pamh, user, group); - switch (ret) { - case 1: + if (pam_modutil_user_in_group_nam_nam(pamh, user, group) == 1) return PAM_SUCCESS; - break; - default: - break; - } return PAM_AUTH_ERR; } /* Return PAM_SUCCESS if the user is NOT in the group. */ static int evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group) { - int ret; - ret = _pammodutil_user_in_group_nam_nam(pamh, user, group); - switch (ret) { - case 0: + if (pam_modutil_user_in_group_nam_nam(pamh, user, group) == 0) + return PAM_SUCCESS; + return PAM_AUTH_ERR; +} +/* Return PAM_SUCCESS if the (host,user) is in the netgroup. */ +static int +evaluate_innetgr(const char *host, const char *user, const char *group) +{ + if (innetgr(group, host, user, NULL) == 1) + return PAM_SUCCESS; + return PAM_AUTH_ERR; +} +/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */ +static int +evaluate_notinnetgr(const char *host, const char *user, const char *group) +{ + if (innetgr(group, host, user, NULL) == 0) return PAM_SUCCESS; - break; - default: - break; - } return PAM_AUTH_ERR; } @@ -261,38 +273,46 @@ evaluate(pam_handle_t *pamh, int debug, snprintf(buf, sizeof(buf), "%s", pwd->pw_dir); left = buf; } + if (strcasecmp(left, "service") == 0) { + const void *svc; + if (pam_get_item(pamh, PAM_SERVICE, &svc) != PAM_SUCCESS) + svc = ""; + snprintf(buf, sizeof(buf), "%s", (const char *)svc); + left = buf; + } /* If we have no idea what's going on, return an error. */ if (left != buf) { - log_error(LOG_CRIT, "unknown attribute \"%s\"", left); + pam_syslog(pamh, LOG_CRIT, "unknown attribute \"%s\"", left); return PAM_SERVICE_ERR; } if (debug) { - log_error(LOG_DEBUG, "'%s' resolves to '%s'", attribute, left); + pam_syslog(pamh, LOG_DEBUG, "'%s' resolves to '%s'", + attribute, left); } /* Attribute value < some threshold. */ if ((strcasecmp(qual, "<") == 0) || (strcasecmp(qual, "lt") == 0)) { - return evaluate_lt(left, right); + return evaluate_lt(pamh, left, right); } /* Attribute value <= some threshold. */ if ((strcasecmp(qual, "<=") == 0) || (strcasecmp(qual, "le") == 0)) { - return evaluate_le(left, right); + return evaluate_le(pamh, left, right); } /* Attribute value > some threshold. */ if ((strcasecmp(qual, ">") == 0) || (strcasecmp(qual, "gt") == 0)) { - return evaluate_gt(left, right); + return evaluate_gt(pamh, left, right); } /* Attribute value >= some threshold. */ if ((strcasecmp(qual, ">=") == 0) || (strcasecmp(qual, "ge") == 0)) { - return evaluate_ge(left, right); + return evaluate_ge(pamh, left, right); } /* Attribute value == some threshold. */ if (strcasecmp(qual, "eq") == 0) { - return evaluate_eqn(left, right); + return evaluate_eqn(pamh, left, right); } /* Attribute value = some string. */ if (strcasecmp(qual, "=") == 0) { @@ -300,7 +320,7 @@ evaluate(pam_handle_t *pamh, int debug, } /* Attribute value != some threshold. */ if (strcasecmp(qual, "ne") == 0) { - return evaluate_nen(left, right); + return evaluate_nen(pamh, left, right); } /* Attribute value != some string. */ if (strcasecmp(qual, "!=") == 0) { @@ -315,6 +335,13 @@ evaluate(pam_handle_t *pamh, int debug, (strcasecmp(qual, "noglob") == 0)) { return evaluate_noglob(left, right); } + /* Attribute value matches item in list. */ + if (strcasecmp(qual, "in") == 0) { + return evaluate_inlist(left, right); + } + if (strcasecmp(qual, "notin") == 0) { + return evaluate_notinlist(left, right); + } /* User is in this group. */ if (strcasecmp(qual, "ingroup") == 0) { return evaluate_ingroup(pamh, pwd->pw_name, right); @@ -323,14 +350,29 @@ evaluate(pam_handle_t *pamh, int debug, if (strcasecmp(qual, "notingroup") == 0) { return evaluate_notingroup(pamh, pwd->pw_name, right); } + /* (Rhost, user) is in this netgroup. */ + if (strcasecmp(qual, "innetgr") == 0) { + const void *rhost; + if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS) + rhost = NULL; + return evaluate_innetgr(rhost, pwd->pw_name, right); + } + /* (Rhost, user) is not in this group. */ + if (strcasecmp(qual, "notinnetgr") == 0) { + const void *rhost; + if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS) + rhost = NULL; + return evaluate_notinnetgr(rhost, pwd->pw_name, right); + } /* Fail closed. */ return PAM_SERVICE_ERR; } -int -pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { - const char *prompt; + const void *prompt; const char *user; struct passwd *pwd; int ret, i, count, use_uid, debug; @@ -338,7 +380,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) int quiet_fail, quiet_succ; /* Get the user prompt. */ - ret = pam_get_item(pamh, PAM_USER_PROMPT, (const void**) &prompt); + ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt); if ((ret != PAM_SUCCESS) || (prompt == NULL) || (strlen(prompt) == 0)) { prompt = "login: "; } @@ -366,29 +408,31 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) if (use_uid) { /* Get information about the user. */ - pwd = _pammodutil_getpwuid(pamh, getuid()); + pwd = pam_modutil_getpwuid(pamh, getuid()); if (pwd == NULL) { - log_error(LOG_CRIT, - "error retrieving information about user %ld", - (long)getuid()); - return PAM_SERVICE_ERR; + pam_syslog(pamh, LOG_CRIT, + "error retrieving information about user %lu", + (unsigned long)getuid()); + return PAM_USER_UNKNOWN; } + user = pwd->pw_name; } else { /* Get the user's name. */ ret = pam_get_user(pamh, &user, prompt); if ((ret != PAM_SUCCESS) || (user == NULL)) { - log_error(LOG_CRIT, "error retrieving user name: %s", - pam_strerror(pamh, ret)); + pam_syslog(pamh, LOG_CRIT, + "error retrieving user name: %s", + pam_strerror(pamh, ret)); return ret; } /* Get information about the user. */ - pwd = _pammodutil_getpwnam(pamh, user); + pwd = pam_modutil_getpwnam(pamh, user); if (pwd == NULL) { - log_error(LOG_CRIT, - "error retrieving information about user %s", - user); - return PAM_SERVICE_ERR; + pam_syslog(pamh, LOG_CRIT, + "error retrieving information about user %s", + user); + return PAM_USER_UNKNOWN; } } @@ -402,18 +446,18 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) pwd); if (ret != PAM_SUCCESS) { if(!quiet_fail) - log_error(LOG_INFO, - "requirement \"%s %s %s\" " - "not met by user \"%s\"", - left, qual, right, user); + pam_syslog(pamh, LOG_INFO, + "requirement \"%s %s %s\" " + "not met by user \"%s\"", + left, qual, right, user); break; } else if(!quiet_succ) - log_error(LOG_INFO, - "requirement \"%s %s %s\" " - "was met by user \"%s\"", - left, qual, right, user); + pam_syslog(pamh, LOG_INFO, + "requirement \"%s %s %s\" " + "was met by user \"%s\"", + left, qual, right, user); left = qual = right = NULL; } if ((i < argc) && (strcmp(argv[i], "debug") == 0)) { @@ -457,14 +501,46 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) return ret; } -int -pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { - return PAM_SUCCESS; + return PAM_IGNORE; } -int +PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return pam_sm_authenticate(pamh, flags, argc, argv); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return pam_sm_authenticate(pamh, flags, argc, argv); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return pam_sm_authenticate(pamh, flags, argc, argv); +} + +/* static module data */ +#ifdef PAM_STATIC +struct pam_module _pam_succeed_if_modstruct = { + "pam_succeed_if", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + pam_sm_open_session, + pam_sm_close_session, + pam_sm_chauthtok +}; +#endif diff --git a/Linux-PAM/modules/pam_succeed_if/tst-pam_succeed_if b/Linux-PAM/modules/pam_succeed_if/tst-pam_succeed_if new file mode 100755 index 00000000..f2b6dd3f --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/tst-pam_succeed_if @@ -0,0 +1,2 @@ +#!/bin/sh +../../tests/tst-dlopen .libs/pam_succeed_if.so |