aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_access
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_access')
-rw-r--r--modules/pam_access/Makefile.am39
-rw-r--r--modules/pam_access/Makefile.in1232
-rw-r--r--modules/pam_access/README145
-rw-r--r--modules/pam_access/access.conf3
-rw-r--r--modules/pam_access/access.conf.5222
-rw-r--r--modules/pam_access/access.conf.5.xml39
l---------modules/pam_access/meson.build1
-rw-r--r--modules/pam_access/pam_access.8139
-rw-r--r--modules/pam_access/pam_access.8.xml17
-rw-r--r--modules/pam_access/pam_access.c195
10 files changed, 191 insertions, 1841 deletions
diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am
deleted file mode 100644
index 8af2852a..00000000
--- a/modules/pam_access/Makefile.am
+++ /dev/null
@@ -1,39 +0,0 @@
-#
-# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
-#
-
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-
-EXTRA_DIST = $(XMLS)
-
-if HAVE_DOC
-dist_man_MANS = access.conf.5 pam_access.8
-endif
-XMLS = README.xml access.conf.5.xml pam_access.8.xml
-dist_check_SCRIPTS = tst-pam_access
-TESTS = $(dist_check_SCRIPTS)
-
-securelibdir = $(SECUREDIR)
-if HAVE_VENDORDIR
-secureconfdir = $(VENDOR_SCONFIGDIR)
-else
-secureconfdir = $(SCONFIGDIR)
-endif
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- $(WARN_CFLAGS)
-AM_LDFLAGS = -no-undefined -avoid-version -module
-if HAVE_VERSIONING
- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-
-securelib_LTLIBRARIES = pam_access.la
-pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la
-
-dist_secureconf_DATA = access.conf
-
-if ENABLE_REGENERATE_MAN
-dist_noinst_DATA = README
--include $(top_srcdir)/Make.xml.rules
-endif
diff --git a/modules/pam_access/Makefile.in b/modules/pam_access/Makefile.in
deleted file mode 100644
index 9dadd2d3..00000000
--- a/modules/pam_access/Makefile.in
+++ /dev/null
@@ -1,1232 +0,0 @@
-# Makefile.in generated by automake 1.16.3 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2020 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-#
-# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
-#
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
-subdir = modules/pam_access
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
- $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
- $(top_srcdir)/m4/intlmacosx.m4 \
- $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
- $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
- $(top_srcdir)/m4/ld-no-undefined.m4 \
- $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
- $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
- $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
- $(top_srcdir)/m4/progtest.m4 \
- $(top_srcdir)/m4/warn_lang_flags.m4 \
- $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
- $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
- $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \
- "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"
-LTLIBRARIES = $(securelib_LTLIBRARIES)
-pam_access_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
-pam_access_la_SOURCES = pam_access.c
-pam_access_la_OBJECTS = pam_access.lo
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/pam_access.Plo
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = pam_access.c
-DIST_SOURCES = pam_access.c
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-man5dir = $(mandir)/man5
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(dist_man_MANS)
-am__dist_noinst_DATA_DIST = README
-DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__tty_colors_dummy = \
- mgn= red= grn= lgn= blu= brg= std=; \
- am__color_tests=no
-am__tty_colors = { \
- $(am__tty_colors_dummy); \
- if test "X$(AM_COLOR_TESTS)" = Xno; then \
- am__color_tests=no; \
- elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
- am__color_tests=yes; \
- elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
- am__color_tests=yes; \
- fi; \
- if test $$am__color_tests = yes; then \
- red=''; \
- grn=''; \
- lgn=''; \
- blu=''; \
- mgn=''; \
- brg=''; \
- std=''; \
- fi; \
-}
-am__recheck_rx = ^[ ]*:recheck:[ ]*
-am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
-am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
- recheck = 1; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- { \
- if ((getline line2 < ($$0 ".log")) < 0) \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
- { \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
- { \
- break; \
- } \
- }; \
- if (recheck) \
- print $$0; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
- print "fatal: making $@: " msg | "cat >&2"; \
- exit 1; \
-} \
-function rst_section(header) \
-{ \
- print header; \
- len = length(header); \
- for (i = 1; i <= len; i = i + 1) \
- printf "="; \
- printf "\n\n"; \
-} \
-{ \
- copy_in_global_log = 1; \
- global_test_result = "RUN"; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".trs"); \
- if (line ~ /$(am__global_test_result_rx)/) \
- { \
- sub("$(am__global_test_result_rx)", "", line); \
- sub("[ ]*$$", "", line); \
- global_test_result = line; \
- } \
- else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
- copy_in_global_log = 0; \
- }; \
- if (copy_in_global_log) \
- { \
- rst_section(global_test_result ": " $$0); \
- while ((rc = (getline line < ($$0 ".log"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".log"); \
- print line; \
- }; \
- printf "\n"; \
- }; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
- --color-tests "$$am__color_tests" \
- --enable-hard-errors "$$am__enable_hard_errors" \
- --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test. Creates the
-# directory for the log if needed. Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log. Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup); \
-$(am__vpath_adj_setup) $(am__vpath_adj) \
-$(am__tty_colors); \
-srcdir=$(srcdir); export srcdir; \
-case "$@" in \
- */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
- *) am__odir=.;; \
-esac; \
-test "x$$am__odir" = x"." || test -d "$$am__odir" \
- || $(MKDIR_P) "$$am__odir" || exit $$?; \
-if test -f "./$$f"; then dir=./; \
-elif test -f "$$f"; then dir=; \
-else dir="$(srcdir)/"; fi; \
-tst=$$dir$$f; log='$@'; \
-if test -n '$(DISABLE_HARD_ERRORS)'; then \
- am__enable_hard_errors=no; \
-else \
- am__enable_hard_errors=yes; \
-fi; \
-case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
- am__expect_failure=yes;; \
- *) \
- am__expect_failure=no;; \
-esac; \
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed). The result is saved in the shell variable
-# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
- bases='$(TEST_LOGS)'; \
- bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
- bases=`echo $$bases`
-AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
- case '$@' in \
- */*) \
- case '$*' in \
- */*) b='$*';; \
- *) b=`echo '$@' | sed 's/\.log$$//'`; \
- esac;; \
- *) \
- b='$*';; \
- esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
- $(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BROWSER = @BROWSER@
-BUILD_CFLAGS = @BUILD_CFLAGS@
-BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
-BUILD_LDFLAGS = @BUILD_LDFLAGS@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CC_FOR_BUILD = @CC_FOR_BUILD@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CRYPTO_LIBS = @CRYPTO_LIBS@
-CRYPT_CFLAGS = @CRYPT_CFLAGS@
-CRYPT_LIBS = @CRYPT_LIBS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DOCBOOK_RNG = @DOCBOOK_RNG@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-ECONF_CFLAGS = @ECONF_CFLAGS@
-ECONF_LIBS = @ECONF_LIBS@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-EXE_CFLAGS = @EXE_CFLAGS@
-EXE_LDFLAGS = @EXE_LDFLAGS@
-FGREP = @FGREP@
-FILECMD = @FILECMD@
-FO2PDF = @FO2PDF@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-HTML_STYLESHEET = @HTML_STYLESHEET@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBAUDIT = @LIBAUDIT@
-LIBCRYPT = @LIBCRYPT@
-LIBDB = @LIBDB@
-LIBDL = @LIBDL@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
-LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
-LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
-LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
-LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
-LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
-LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
-LIBS = @LIBS@
-LIBSELINUX = @LIBSELINUX@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LOGIND_CFLAGS = @LOGIND_CFLAGS@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MAN_STYLESHEET = @MAN_STYLESHEET@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NIS_CFLAGS = @NIS_CFLAGS@
-NIS_LIBS = @NIS_LIBS@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NSL_CFLAGS = @NSL_CFLAGS@
-NSL_LIBS = @NSL_LIBS@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PDF_STYLESHEET = @PDF_STYLESHEET@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SCONFIGDIR = @SCONFIGDIR@
-SECUREDIR = @SECUREDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRINGPARAM_PROFILECONDITIONS = @STRINGPARAM_PROFILECONDITIONS@
-STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
-STRIP = @STRIP@
-SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@
-SYSTEMD_LIBS = @SYSTEMD_LIBS@
-TIRPC_CFLAGS = @TIRPC_CFLAGS@
-TIRPC_LIBS = @TIRPC_LIBS@
-TXT_STYLESHEET = @TXT_STYLESHEET@
-USE_NLS = @USE_NLS@
-VENDOR_SCONFIGDIR = @VENDOR_SCONFIGDIR@
-VERSION = @VERSION@
-WARN_CFLAGS = @WARN_CFLAGS@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-XMLCATALOG = @XMLCATALOG@
-XMLLINT = @XMLLINT@
-XML_CATALOG_FILE = @XML_CATALOG_FILE@
-XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pam_xauth_path = @pam_xauth_path@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-systemdunitdir = @systemdunitdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = $(XMLS)
-@HAVE_DOC_TRUE@dist_man_MANS = access.conf.5 pam_access.8
-XMLS = README.xml access.conf.5.xml pam_access.8.xml
-dist_check_SCRIPTS = tst-pam_access
-TESTS = $(dist_check_SCRIPTS)
-securelibdir = $(SECUREDIR)
-@HAVE_VENDORDIR_FALSE@secureconfdir = $(SCONFIGDIR)
-@HAVE_VENDORDIR_TRUE@secureconfdir = $(VENDOR_SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- $(WARN_CFLAGS)
-
-AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
-securelib_LTLIBRARIES = pam_access.la
-pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la
-dist_secureconf_DATA = access.conf
-@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_access/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu modules/pam_access/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
- }
-
-uninstall-securelibLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
- done
-
-clean-securelibLTLIBRARIES:
- -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
- @list='$(securelib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-pam_access.la: $(pam_access_la_OBJECTS) $(pam_access_la_DEPENDENCIES) $(EXTRA_pam_access_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_access_la_OBJECTS) $(pam_access_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
- @$(MKDIR_P) $(@D)
- @echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-man5: $(dist_man_MANS)
- @$(NORMAL_INSTALL)
- @list1=''; \
- list2='$(dist_man_MANS)'; \
- test -n "$(man5dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
- echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
- | sed -n '/\.5[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
- done; }
-
-uninstall-man5:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man5dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.5[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(dist_man_MANS)
- @$(NORMAL_INSTALL)
- @list1=''; \
- list2='$(dist_man_MANS)'; \
- test -n "$(man8dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
- echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
- | sed -n '/\.8[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
- done; }
-
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man8dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-dist_secureconfDATA: $(dist_secureconf_DATA)
- @$(NORMAL_INSTALL)
- @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
- done
-
-uninstall-dist_secureconfDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
- rm -f $< $@
- $(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
- @:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
- @$(am__set_TESTS_bases); \
- am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
- redo_bases=`for i in $$bases; do \
- am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
- done`; \
- if test -n "$$redo_bases"; then \
- redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
- redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
- if $(am__make_dryrun); then :; else \
- rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
- fi; \
- fi; \
- if test -n "$$am__remaking_logs"; then \
- echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
- "recursion detected" >&2; \
- elif test -n "$$redo_logs"; then \
- am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
- fi; \
- if $(am__make_dryrun); then :; else \
- st=0; \
- errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
- for i in $$redo_bases; do \
- test -f $$i.trs && test -r $$i.trs \
- || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
- test -f $$i.log && test -r $$i.log \
- || { echo "$$errmsg $$i.log" >&2; st=1; }; \
- done; \
- test $$st -eq 0 || exit 1; \
- fi
- @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
- ws='[ ]'; \
- results=`for b in $$bases; do echo $$b.trs; done`; \
- test -n "$$results" || results=/dev/null; \
- all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
- pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
- fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
- skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
- xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
- xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
- error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
- if test `expr $$fail + $$xpass + $$error` -eq 0; then \
- success=true; \
- else \
- success=false; \
- fi; \
- br='==================='; br=$$br$$br$$br$$br; \
- result_count () \
- { \
- if test x"$$1" = x"--maybe-color"; then \
- maybe_colorize=yes; \
- elif test x"$$1" = x"--no-color"; then \
- maybe_colorize=no; \
- else \
- echo "$@: invalid 'result_count' usage" >&2; exit 4; \
- fi; \
- shift; \
- desc=$$1 count=$$2; \
- if test $$maybe_colorize = yes && test $$count -gt 0; then \
- color_start=$$3 color_end=$$std; \
- else \
- color_start= color_end=; \
- fi; \
- echo "$${color_start}# $$desc $$count$${color_end}"; \
- }; \
- create_testsuite_report () \
- { \
- result_count $$1 "TOTAL:" $$all "$$brg"; \
- result_count $$1 "PASS: " $$pass "$$grn"; \
- result_count $$1 "SKIP: " $$skip "$$blu"; \
- result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
- result_count $$1 "FAIL: " $$fail "$$red"; \
- result_count $$1 "XPASS:" $$xpass "$$red"; \
- result_count $$1 "ERROR:" $$error "$$mgn"; \
- }; \
- { \
- echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
- $(am__rst_title); \
- create_testsuite_report --no-color; \
- echo; \
- echo ".. contents:: :depth: 2"; \
- echo; \
- for b in $$bases; do echo $$b; done \
- | $(am__create_global_log); \
- } >$(TEST_SUITE_LOG).tmp || exit 1; \
- mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
- if $$success; then \
- col="$$grn"; \
- else \
- col="$$red"; \
- test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
- fi; \
- echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
- echo "$${col}$$br$${std}"; \
- create_testsuite_report --maybe-color; \
- echo "$$col$$br$$std"; \
- if $$success; then :; else \
- echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
- if test -n "$(PACKAGE_BUGREPORT)"; then \
- echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
- fi; \
- echo "$$col$$br$$std"; \
- fi; \
- $$success || exit 1
-
-check-TESTS: $(dist_check_SCRIPTS)
- @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
- @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- trs_list=`for i in $$bases; do echo $$i.trs; done`; \
- log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
- exit $$?;
-recheck: all $(dist_check_SCRIPTS)
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- bases=`for i in $$bases; do echo $$i; done \
- | $(am__list_recheck_tests)` || exit 1; \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- log_list=`echo $$log_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
- am__force_recheck=am--force-recheck \
- TEST_LOGS="$$log_list"; \
- exit $$?
-tst-pam_access.log: tst-pam_access
- @p='tst-pam_access'; \
- b='tst-pam_access'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
- @p='$<'; \
- $(am__set_b); \
- $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@ @p='$<'; \
-@am__EXEEXT_TRUE@ $(am__set_b); \
-@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
- $(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
-installdirs:
- for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
- -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
- -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
- -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
- -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -f ./$(DEPDIR)/pam_access.Plo
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_secureconfDATA install-man \
- install-securelibLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man5 install-man8
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f ./$(DEPDIR)/pam_access.Plo
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
- uninstall-securelibLTLIBRARIES
-
-uninstall-man: uninstall-man5 uninstall-man8
-
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
- check-am clean clean-generic clean-libtool \
- clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
- distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dist_secureconfDATA install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-man5 install-man8 install-pdf install-pdf-am \
- install-ps install-ps-am install-securelibLTLIBRARIES \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am recheck tags tags-am uninstall \
- uninstall-am uninstall-dist_secureconfDATA uninstall-man \
- uninstall-man5 uninstall-man8 uninstall-securelibLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/modules/pam_access/README b/modules/pam_access/README
deleted file mode 100644
index 891e7688..00000000
--- a/modules/pam_access/README
+++ /dev/null
@@ -1,145 +0,0 @@
-pam_access — PAM module for logdaemon style login access control
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-The pam_access PAM module is mainly for access management. It provides
-logdaemon style login access control based on login names, host or domain
-names, internet addresses or network numbers, or on terminal line names, X
-$DISPLAY values, or PAM service names in case of non-networked logins.
-
-By default rules for access management are taken from config file /etc/security
-/access.conf if you don't specify another file. Then individual *.conf files
-from the /etc/security/access.d/ directory are read. The files are parsed one
-after another in the order of the system locale. The effect of the individual
-files is the same as if all the files were concatenated together in the order
-of parsing. This means that once a pattern is matched in some file no further
-files are parsed. If a config file is explicitly specified with the accessfile
-option the files in the above directory are not parsed.
-
-By default rules for access management are taken from config file /etc/security
-/access.conf or, if that one is not present, the file %vendordir%/security/
-access.conf. These settings can be overruled by setting in a config file
-explicitly specified with the accessfile option. Then individual *.conf files
-from the /etc/security/access.d/ and %vendordir%/security/access.d directories
-are read. If /etc/security/access.d/@filename@.conf exists, then %vendordir%/
-security/access.d/@filename@.conf will not be used. All access.d/*.conf files
-are sorted by their @filename@.conf in lexicographic order regardless of which
-of the directories they reside in. The effect of the individual files is the
-same as if all the files were concatenated together in the order of parsing.
-This means that once a pattern is matched in some file no further files are
-parsed. If a config file is explicitly specified with the accessfile option the
-files in the above directories are not parsed.
-
-If Linux PAM is compiled with audit support the module will report when it
-denies access based on origin (host, tty, etc.).
-
-OPTIONS
-
-accessfile=/path/to/access.conf
-
- Indicate an alternative access.conf style configuration file to override
- the default. This can be useful when different services need different
- access lists.
-
-debug
-
- A lot of debug information is printed with syslog(3).
-
-noaudit
-
- Do not report logins from disallowed hosts and ttys to the audit subsystem.
-
-fieldsep=separators
-
- This option modifies the field separator character that pam_access will
- recognize when parsing the access configuration file. For example: fieldsep
- =| will cause the default `:' character to be treated as part of a field
- value and `|' becomes the field separator. Doing this may be useful in
- conjunction with a system that wants to use pam_access with X based
- applications, since the PAM_TTY item is likely to be of the form
- "hostname:0" which includes a `:' character in its value. But you should
- not need this.
-
-listsep=separators
-
- This option modifies the list separator character that pam_access will
- recognize when parsing the access configuration file. For example: listsep
- =, will cause the default ` ' (space) and `\t' (tab) characters to be
- treated as part of a list element value and `,' becomes the only list
- element separator. Doing this may be useful on a system with group
- information obtained from a Windows domain, where the default built-in
- groups "Domain Users", "Domain Admins" contain a space.
-
-nodefgroup
-
- User tokens which are not enclosed in parentheses will not be matched
- against the group database. The backwards compatible default is to try the
- group database match even for tokens not enclosed in parentheses.
-
-EXAMPLES
-
-These are some example lines which might be specified in /etc/security/
-access.conf.
-
-User root should be allowed to get access via cron, X11 terminal :0, tty1, ...,
-tty5, tty6.
-
-+:root:crond :0 tty1 tty2 tty3 tty4 tty5 tty6
-
-User root should be allowed to get access from hosts which own the IPv4
-addresses. This does not mean that the connection have to be a IPv4 one, a IPv6
-connection from a host with one of this IPv4 addresses does work, too.
-
-+:root:192.168.200.1 192.168.200.4 192.168.200.9
-
-+:root:127.0.0.1
-
-User root should get access from network 192.168.201. where the term will be
-evaluated by string matching. But it might be better to use network/netmask
-instead. The same meaning of 192.168.201. is 192.168.201.0/24 or 192.168.201.0/
-255.255.255.0.
-
-+:root:192.168.201.
-
-User root should be able to have access from hosts foo1.bar.org and
-foo2.bar.org (uses string matching also).
-
-+:root:foo1.bar.org foo2.bar.org
-
-User root should be able to have access from domain foo.bar.org (uses string
-matching also).
-
-+:root:.foo.bar.org
-
-User root should be denied to get access from all other sources.
-
--:root:ALL
-
-User foo and members of netgroup admins should be allowed to get access from
-all sources. This will only work if netgroup service is available.
-
-+:@admins foo:ALL
-
-User john and foo should get access from IPv6 host address.
-
-+:john foo:2001:db8:0:101::1
-
-User john should get access from IPv6 net/mask.
-
-+:john:2001:db8:0:101::/64
-
-Members of group wheel should be allowed to get access from all sources.
-
-+:(wheel):ALL
-
-Disallow console logins to all but the shutdown, sync and all other accounts,
-which are a member of the wheel group.
-
--:ALL EXCEPT (wheel) shutdown sync:LOCAL
-
-All other users should be denied to get access from all sources.
-
--:ALL:ALL
-
diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf
index 47b6b84c..9c8e2171 100644
--- a/modules/pam_access/access.conf
+++ b/modules/pam_access/access.conf
@@ -115,6 +115,9 @@
# User "john" should get access from ipv6 host address (same as above)
#+:john:2001:4ca0:0:101:0:0:0:1
#
+# User "john" should get access from ipv6 local link host address
+#+:john:fe80::de95:818c:1b55:7e42%eth0
+#
# User "john" should get access from ipv6 net/mask
#+:john:2001:4ca0:0:101::/64
#
diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5
deleted file mode 100644
index b45e914e..00000000
--- a/modules/pam_access/access.conf.5
+++ /dev/null
@@ -1,222 +0,0 @@
-'\" t
-.\" Title: access.conf
-.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
-.\" Date: 05/07/2023
-.\" Manual: Linux-PAM Manual
-.\" Source: [FIXME: source]
-.\" Language: English
-.\"
-.TH "ACCESS\&.CONF" "5" "05/07/2023" "[FIXME: source]" "Linux\-PAM Manual"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-access.conf \- the login access control table file
-.SH "DESCRIPTION"
-.PP
-The
-/etc/security/access\&.conf
-file specifies (\fIuser/group\fR,
-\fIhost\fR), (\fIuser/group\fR,
-\fInetwork/netmask\fR), (\fIuser/group\fR,
-\fItty\fR), (\fIuser/group\fR,
-\fIX\-$DISPLAY\-value\fR), or (\fIuser/group\fR,
-\fIpam\-service\-name\fR) combinations for which a login will be either accepted or refused\&.
-.PP
-When someone logs in, the file
-access\&.conf
-is scanned for the first entry that matches the (\fIuser/group\fR,
-\fIhost\fR) or (\fIuser/group\fR,
-\fInetwork/netmask\fR) combination, or, in case of non\-networked logins, the first entry that matches the (\fIuser/group\fR,
-\fItty\fR) combination, or in the case of non\-networked logins without a tty, the first entry that matches the (\fIuser/group\fR,
-\fIX\-$DISPLAY\-value\fR) or (\fIuser/group\fR,
-\fIpam\-service\-name/\fR) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&.
-.PP
-Each line of the login access control table has three fields separated by a ":" character (colon):
-.PP
-\fIpermission\fR:\fIusers/groups\fR:\fIorigins\fR
-.PP
-The first field, the
-\fIpermission\fR
-field, can be either a "\fI+\fR" character (plus) for access granted or a "\fI\-\fR" character (minus) for access denied\&.
-.PP
-The second field, the
-\fIusers\fR/\fIgroup\fR
-field, should be a list of one or more login names, group names, or
-\fIALL\fR
-(which always matches)\&. To differentiate user entries from group entries, group entries should be written with brackets, e\&.g\&.
-\fI(group)\fR\&.
-.PP
-The third field, the
-\fIorigins\fR
-field, should be a list of one or more tty names (for non\-networked logins), X
-\fI$DISPLAY\fR
-values or PAM service names (for non\-networked logins without a tty), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also),
-\fIALL\fR
-(which always matches) or
-\fILOCAL\fR\&. The
-\fILOCAL\fR
-keyword matches if and only if
-\fBpam_get_item\fR(3), when called with an
-\fIitem_type\fR
-of
-\fIPAM_RHOST\fR, returns
-NULL
-or an empty string (and therefore the
-\fIorigins\fR
-field is compared against the return value of
-\fBpam_get_item\fR(3)
-called with an
-\fIitem_type\fR
-of
-\fIPAM_TTY\fR
-or, absent that,
-\fIPAM_SERVICE\fR)\&.
-.PP
-If supported by the system you can use
-\fI@netgroupname\fR
-in host or user patterns\&. The
-\fI@@netgroupname\fR
-syntax is supported in the user pattern only and it makes the local system hostname to be passed to the netgroup match call in addition to the user name\&. This might not work correctly on some libc implementations causing the match to always fail\&.
-.PP
-The
-\fIEXCEPT\fR
-operator makes it possible to write very compact rules\&.
-.PP
-If the
-\fBnodefgroup\fR
-is not set, the group file is searched when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed\&. However the PAM module does not look at the primary group id of a user\&.
-.PP
-The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\&.
-.SH "EXAMPLES"
-.PP
-These are some example lines which might be specified in
-/etc/security/access\&.conf\&.
-.PP
-User
-\fIroot\fR
-should be allowed to get access via
-\fIcron\fR, X11 terminal
-\fI:0\fR,
-\fItty1\fR, \&.\&.\&.,
-\fItty5\fR,
-\fItty6\fR\&.
-.PP
-+:root:crond :0 tty1 tty2 tty3 tty4 tty5 tty6
-.PP
-User
-\fIroot\fR
-should be allowed to get access from hosts which own the IPv4 addresses\&. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too\&.
-.PP
-+:root:192\&.168\&.200\&.1 192\&.168\&.200\&.4 192\&.168\&.200\&.9
-.PP
-+:root:127\&.0\&.0\&.1
-.PP
-User
-\fIroot\fR
-should get access from network
-192\&.168\&.201\&.
-where the term will be evaluated by string matching\&. But it might be better to use network/netmask instead\&. The same meaning of
-192\&.168\&.201\&.
-is
-\fI192\&.168\&.201\&.0/24\fR
-or
-\fI192\&.168\&.201\&.0/255\&.255\&.255\&.0\fR\&.
-.PP
-+:root:192\&.168\&.201\&.
-.PP
-User
-\fIroot\fR
-should be able to have access from hosts
-\fIfoo1\&.bar\&.org\fR
-and
-\fIfoo2\&.bar\&.org\fR
-(uses string matching also)\&.
-.PP
-+:root:foo1\&.bar\&.org foo2\&.bar\&.org
-.PP
-User
-\fIroot\fR
-should be able to have access from domain
-\fIfoo\&.bar\&.org\fR
-(uses string matching also)\&.
-.PP
-+:root:\&.foo\&.bar\&.org
-.PP
-User
-\fIroot\fR
-should be denied to get access from all other sources\&.
-.PP
-\-:root:ALL
-.PP
-User
-\fIfoo\fR
-and members of netgroup
-\fIadmins\fR
-should be allowed to get access from all sources\&. This will only work if netgroup service is available\&.
-.PP
-+:@admins foo:ALL
-.PP
-User
-\fIjohn\fR
-and
-\fIfoo\fR
-should get access from IPv6 host address\&.
-.PP
-+:john foo:2001:db8:0:101::1
-.PP
-User
-\fIjohn\fR
-should get access from IPv6 net/mask\&.
-.PP
-+:john:2001:db8:0:101::/64
-.PP
-Members of group
-\fIwheel\fR
-should be allowed to get access from all sources\&.
-.PP
-+:(wheel):ALL
-.PP
-Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\&.
-.PP
-\-:ALL EXCEPT (wheel) shutdown sync:LOCAL
-.PP
-All other users should be denied to get access from all sources\&.
-.PP
-\-:ALL:ALL
-.SH "NOTES"
-.PP
-The default separators of list items in a field are space, \*(Aq,\*(Aq, and tabulator characters\&. Thus conveniently if spaces are put at the beginning and the end of the fields they are ignored\&. However if the list separator is changed with the
-\fIlistsep\fR
-option, the spaces will become part of the actual item and the line will be most probably ignored\&. For this reason, it is not recommended to put spaces around the \*(Aq:\*(Aq characters\&.
-.SH "SEE ALSO"
-.PP
-\fBpam_access\fR(8),
-\fBpam.d\fR(5),
-\fBpam\fR(8)
-.SH "AUTHORS"
-.PP
-Original
-\fBlogin.access\fR(5)
-manual was provided by Guido van Rooij which was renamed to
-\fBaccess.conf\fR(5)
-to reflect relation to default config file\&.
-.PP
-Network address / netmask description and example text was introduced by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&.
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
index ff1cb223..0b93db00 100644
--- a/modules/pam_access/access.conf.5.xml
+++ b/modules/pam_access/access.conf.5.xml
@@ -63,10 +63,10 @@
<para>
The second field, the
<replaceable>users</replaceable>/<replaceable>group</replaceable>
- field, should be a list of one or more login names, group names, or
+ field, should be a list of one or more login names, group names, uid, gid, or
<emphasis>ALL</emphasis> (which always matches). To differentiate
user entries from group entries, group entries should be written
- with brackets, e.g. <emphasis>(group)</emphasis>.
+ with brackets, e.g. <emphasis>(group)</emphasis> or <emphasis>(gid)</emphasis>.
</para>
<para>
@@ -79,17 +79,12 @@
with network mask (where network mask can be a decimal number or an
internet address also), <emphasis>ALL</emphasis> (which always matches)
or <emphasis>LOCAL</emphasis>. The <emphasis>LOCAL</emphasis>
- keyword matches if and only if
- <citerefentry><refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- when called with an <parameter>item_type</parameter> of
- <emphasis>PAM_RHOST</emphasis>, returns <code>NULL</code> or an
- empty string (and therefore the
- <replaceable>origins</replaceable> field is compared against the
- return value of
- <citerefentry><refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum></citerefentry>
- called with an <parameter>item_type</parameter> of
- <emphasis>PAM_TTY</emphasis> or, absent that,
- <emphasis>PAM_SERVICE</emphasis>).
+ keyword matches when the user connects without a network
+ connection (e.g., <emphasis>su</emphasis>,
+ <emphasis>login</emphasis>). A connection through the loopback
+ device (e.g., <command>ssh user@localhost</command>) is
+ considered a network connection, and thus, the
+ <emphasis>LOCAL</emphasis> keyword does not match.
</para>
<para>
@@ -176,6 +171,12 @@
<para>-:root:ALL</para>
<para>
+ A user with uid <emphasis>1003</emphasis> and a group with gid
+ <emphasis>1000</emphasis> should be allowed to get access
+ from all other sources.
+ </para>
+ <para>+:(1000) 1003:ALL</para>
+ <para>
User <emphasis>foo</emphasis> and members of netgroup
<emphasis>admins</emphasis> should be allowed to get access
from all sources. This will only work if netgroup service is available.
@@ -189,6 +190,12 @@
<para>+:john foo:2001:db8:0:101::1</para>
<para>
+ User <emphasis>john</emphasis> and <emphasis>foo</emphasis>
+ should get access from IPv6 link local host address.
+ </para>
+ <para>+:john foo:fe80::de95:818c:1b55:7e42%eth1</para>
+
+ <para>
User <emphasis>john</emphasis> should get access from IPv6 net/mask.
</para>
<para>+:john:2001:db8:0:101::/64</para>
@@ -222,6 +229,10 @@
item and the line will be most probably ignored. For this reason, it is not
recommended to put spaces around the ':' characters.
</para>
+ <para>
+ An IPv6 link local host address must contain the interface
+ identifier. IPv6 link local network/netmask is not supported.
+ </para>
</refsect1>
<refsect1 xml:id="access.conf-see_also">
@@ -246,4 +257,4 @@
introduced by Mike Becher &lt;mike.becher@lrz-muenchen.de&gt;.
</para>
</refsect1>
-</refentry> \ No newline at end of file
+</refentry>
diff --git a/modules/pam_access/meson.build b/modules/pam_access/meson.build
new file mode 120000
index 00000000..ba2e9b52
--- /dev/null
+++ b/modules/pam_access/meson.build
@@ -0,0 +1 @@
+../module-meson.build \ No newline at end of file
diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8
deleted file mode 100644
index c9f9d402..00000000
--- a/modules/pam_access/pam_access.8
+++ /dev/null
@@ -1,139 +0,0 @@
-'\" t
-.\" Title: pam_access
-.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
-.\" Date: 05/07/2023
-.\" Manual: Linux-PAM Manual
-.\" Source: Linux-PAM
-.\" Language: English
-.\"
-.TH "PAM_ACCESS" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-pam_access \- PAM module for logdaemon style login access control
-.SH "SYNOPSIS"
-.HP \w'\fBpam_access\&.so\fR\ 'u
-\fBpam_access\&.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR]
-.SH "DESCRIPTION"
-.PP
-The pam_access PAM module is mainly for access management\&. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names, X
-\fI$DISPLAY\fR
-values, or PAM service names in case of non\-networked logins\&.
-.PP
-By default rules for access management are taken from config file
-/etc/security/access\&.conf
-if you don\*(Aqt specify another file\&. Then individual
-*\&.conf
-files from the
-/etc/security/access\&.d/
-directory are read\&. The files are parsed one after another in the order of the system locale\&. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\&. This means that once a pattern is matched in some file no further files are parsed\&. If a config file is explicitly specified with the
-\fBaccessfile\fR
-option the files in the above directory are not parsed\&.
-.PP
-If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host, tty, etc\&.)\&.
-.SH "OPTIONS"
-.PP
-accessfile=/path/to/access\&.conf
-.RS 4
-Indicate an alternative
-access\&.conf
-style configuration file to override the default\&. This can be useful when different services need different access lists\&.
-.RE
-.PP
-debug
-.RS 4
-A lot of debug information is printed with
-\fBsyslog\fR(3)\&.
-.RE
-.PP
-noaudit
-.RS 4
-Do not report logins from disallowed hosts and ttys to the audit subsystem\&.
-.RE
-.PP
-fieldsep=separators
-.RS 4
-This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\&. For example:
-\fBfieldsep=|\fR
-will cause the default `:\*(Aq character to be treated as part of a field value and `|\*(Aq becomes the field separator\&. Doing this may be useful in conjunction with a system that wants to use pam_access with X based applications, since the
-\fBPAM_TTY\fR
-item is likely to be of the form "hostname:0" which includes a `:\*(Aq character in its value\&. But you should not need this\&.
-.RE
-.PP
-listsep=separators
-.RS 4
-This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\&. For example:
-\fBlistsep=,\fR
-will cause the default ` \*(Aq (space) and `\et\*(Aq (tab) characters to be treated as part of a list element value and `,\*(Aq becomes the only list element separator\&. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\&.
-.RE
-.PP
-nodefgroup
-.RS 4
-User tokens which are not enclosed in parentheses will not be matched against the group database\&. The backwards compatible default is to try the group database match even for tokens not enclosed in parentheses\&.
-.RE
-.SH "MODULE TYPES PROVIDED"
-.PP
-All module types (\fBauth\fR,
-\fBaccount\fR,
-\fBpassword\fR
-and
-\fBsession\fR) are provided\&.
-.SH "RETURN VALUES"
-.PP
-PAM_SUCCESS
-.RS 4
-Access was granted\&.
-.RE
-.PP
-PAM_PERM_DENIED
-.RS 4
-Access was not granted\&.
-.RE
-.PP
-PAM_IGNORE
-.RS 4
-\fBpam_setcred\fR
-was called which does nothing\&.
-.RE
-.PP
-PAM_ABORT
-.RS 4
-Not all relevant data or options could be gotten\&.
-.RE
-.PP
-PAM_USER_UNKNOWN
-.RS 4
-The user is not known to the system\&.
-.RE
-.SH "FILES"
-.PP
-/etc/security/access\&.conf
-.RS 4
-Default configuration file
-.RE
-.SH "SEE ALSO"
-.PP
-\fBaccess.conf\fR(5),
-\fBpam.d\fR(5),
-\fBpam\fR(8)\&.
-.SH "AUTHORS"
-.PP
-The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin\&.dnttm\&.ru>\&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike\&.becher@lrz\-muenchen\&.de>\&.
diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml
index 010e749e..c991d7a0 100644
--- a/modules/pam_access/pam_access.8.xml
+++ b/modules/pam_access/pam_access.8.xml
@@ -29,6 +29,9 @@
noaudit
</arg>
<arg choice="opt" rep="norepeat">
+ quiet_log
+ </arg>
+ <arg choice="opt" rep="norepeat">
accessfile=<replaceable>file</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
@@ -131,6 +134,18 @@
<varlistentry>
<term>
+ quiet_log
+ </term>
+ <listitem>
+ <para>
+ Do not log denials with
+ <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
fieldsep=separators
</term>
<listitem>
@@ -286,4 +301,4 @@
was developed and provided by Mike Becher &lt;mike.becher@lrz-muenchen.de&gt;.
</para>
</refsect1>
-</refentry> \ No newline at end of file
+</refentry>
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index f70b7e49..48e7c7e9 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -56,11 +56,11 @@
#include "pam_cc_compat.h"
#include "pam_inline.h"
-#define PAM_ACCESS_CONFIG (SCONFIGDIR "/access.conf")
-#define ACCESS_CONF_GLOB (SCONFIGDIR "/access.d/*.conf")
-#ifdef VENDOR_SCONFIGDIR
-#define VENDOR_PAM_ACCESS_CONFIG (VENDOR_SCONFIGDIR "/access.conf")
-#define VENDOR_ACCESS_CONF_GLOB (VENDOR_SCONFIGDIR "/access.d/*.conf")
+#define PAM_ACCESS_CONFIG (SCONFIG_DIR "/access.conf")
+#define ACCESS_CONF_GLOB (SCONFIG_DIR "/access.d/*.conf")
+#ifdef VENDOR_SCONFIG_DIR
+#define VENDOR_PAM_ACCESS_CONFIG (VENDOR_SCONFIG_DIR "/access.conf")
+#define VENDOR_ACCESS_CONF_GLOB (VENDOR_SCONFIG_DIR "/access.d/*.conf")
#endif
/* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */
@@ -85,7 +85,7 @@
#define ALL 2
#define YES 1
#define NO 0
-#define NOMATCH -1
+#define NOMATCH (-1)
/*
* A structure to bundle up all login-related information to keep the
@@ -99,6 +99,7 @@ struct login_info {
int debug; /* Print debugging messages. */
int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */
int noaudit; /* Do not audit denials */
+ int quiet_log; /* Do not log denials */
const char *fs; /* field separator */
const char *sep; /* list-element separator */
int from_remote_host; /* If PAM_RHOST was used for from */
@@ -115,6 +116,7 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo,
int i;
loginfo->noaudit = NO;
+ loginfo->quiet_log = NO;
loginfo->debug = NO;
loginfo->only_new_group_syntax = NO;
loginfo->fs = ":";
@@ -150,6 +152,8 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo,
loginfo->only_new_group_syntax = YES;
} else if (strcmp (argv[i], "noaudit") == 0) {
loginfo->noaudit = YES;
+ } else if (strcmp (argv[i], "quiet_log") == 0) {
+ loginfo->quiet_log = YES;
} else {
pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]);
}
@@ -158,7 +162,7 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo,
return 1; /* OK */
}
-/* --- evaluting all files in VENDORDIR/security/access.d and /etc/security/access.d --- */
+/* --- evaluating all files in VENDORDIR/security/access.d and /etc/security/access.d --- */
static const char *base_name(const char *path)
{
const char *base = strrchr(path, '/');
@@ -254,7 +258,7 @@ typedef int match_func (pam_handle_t *, char *, struct login_info *);
static int list_match (pam_handle_t *, char *, char *, struct login_info *,
match_func *);
static int user_match (pam_handle_t *, char *, struct login_info *);
-static int group_match (pam_handle_t *, const char *, const char *, int);
+static int group_match (pam_handle_t *, char *, const char *, int);
static int from_match (pam_handle_t *, char *, struct login_info *);
static int remote_match (pam_handle_t *, char *, struct login_info *);
static int string_match (pam_handle_t *, const char *, const char *, int);
@@ -302,6 +306,23 @@ isipaddr (const char *string, int *addr_type,
return is_ip;
}
+/* is_local_addr - checks if the IP address is local */
+static int
+is_local_addr (const char *string, int addr_type)
+{
+ if (addr_type == AF_INET) {
+ if (strcmp(string, "127.0.0.1") == 0) {
+ return YES;
+ }
+ } else if (addr_type == AF_INET6) {
+ if (strcmp(string, "::1") == 0) {
+ return YES;
+ }
+ }
+
+ return NO;
+}
+
/* are_addresses_equal - translate IP address strings to real IP
* addresses and compare them to find out if they are equal.
@@ -323,9 +344,18 @@ are_addresses_equal (const char *ipaddr0, const char *ipaddr1,
if (isipaddr (ipaddr1, &addr_type1, &addr1) == NO)
return NO;
- if (addr_type0 != addr_type1)
- /* different address types */
+ if (addr_type0 != addr_type1) {
+ /* different address types, but there is still a possibility that they are
+ * both local addresses
+ */
+ int local1 = is_local_addr(ipaddr0, addr_type0);
+ int local2 = is_local_addr(ipaddr1, addr_type1);
+
+ if (local1 == YES && local2 == YES)
+ return YES;
+
return NO;
+ }
if (netmask != NULL) {
/* Got a netmask, so normalize addresses? */
@@ -419,7 +449,7 @@ static int
login_access (pam_handle_t *pamh, struct login_info *item)
{
FILE *fp;
- char line[BUFSIZ];
+ char *line = NULL;
char *perm; /* becomes permission field */
char *users; /* becomes list of login names */
char *froms; /* becomes list of terminals or hosts */
@@ -427,8 +457,10 @@ login_access (pam_handle_t *pamh, struct login_info *item)
#ifdef HAVE_LIBAUDIT
int nonall_match = NO;
#endif
- int end;
- int lineno = 0; /* for diagnostics */
+ int result;
+ size_t end;
+ size_t lineno = 0; /* for diagnostics */
+ size_t n = 0;
char *sptr;
if (item->debug)
@@ -446,17 +478,19 @@ login_access (pam_handle_t *pamh, struct login_info *item)
*/
if ((fp = fopen(item->config_file, "r"))!=NULL) {
- while (!match && fgets(line, sizeof(line), fp)) {
+ while (!match && getline(&line, &n, fp) != -1) {
lineno++;
+ if (line[0] == 0)
+ continue;
if (line[end = strlen(line) - 1] != '\n') {
pam_syslog(pamh, LOG_ERR,
- "%s: line %d: missing newline or line too long",
+ "%s: line %zu: missing newline or line too long",
item->config_file, lineno);
continue;
}
if (line[0] == '#')
continue; /* comment line */
- while (end > 0 && isspace(line[end - 1]))
+ while (end > 0 && isspace((unsigned char)line[end - 1]))
end--;
line[end] = 0; /* strip trailing whitespace */
if (line[0] == 0) /* skip blank lines */
@@ -466,18 +500,18 @@ login_access (pam_handle_t *pamh, struct login_info *item)
if (!(perm = strtok_r(line, item->fs, &sptr))
|| !(users = strtok_r(NULL, item->fs, &sptr))
|| !(froms = strtok_r(NULL, "\n", &sptr))) {
- pam_syslog(pamh, LOG_ERR, "%s: line %d: bad field count",
+ pam_syslog(pamh, LOG_ERR, "%s: line %zu: bad field count",
item->config_file, lineno);
continue;
}
if (perm[0] != '+' && perm[0] != '-') {
- pam_syslog(pamh, LOG_ERR, "%s: line %d: bad first field",
+ pam_syslog(pamh, LOG_ERR, "%s: line %zu: bad first field",
item->config_file, lineno);
continue;
}
if (item->debug)
pam_syslog (pamh, LOG_DEBUG,
- "line %d: %s : %s : %s", lineno, perm, users, froms);
+ "line %zu: %s : %s : %s", lineno, perm, users, froms);
match = list_match(pamh, users, NULL, item, user_match);
if (item->debug)
pam_syslog (pamh, LOG_DEBUG, "user_match=%d, \"%s\"",
@@ -505,16 +539,19 @@ login_access (pam_handle_t *pamh, struct login_info *item)
}
#ifdef HAVE_LIBAUDIT
if (!item->noaudit && (match == YES || (match == ALL &&
- nonall_match == YES)) && line[0] == '-') {
+ nonall_match == YES)) && line != NULL && line[0] == '-') {
pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_LOCATION,
"pam_access", 0);
}
#endif
if (match == NO)
- return NOMATCH;
- if (line[0] == '+')
- return YES;
- return NO;
+ result = NOMATCH;
+ else if (line != NULL && line[0] == '+')
+ result = YES;
+ else
+ result = NO;
+ free(line);
+ return result;
}
@@ -594,7 +631,30 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
return retval;
}
-/* user_match - match a username against one token */
+/* user_name_or_uid_match - match a username or user uid against one token */
+static int
+user_name_or_uid_match(pam_handle_t *pamh, const char *tok,
+ const struct login_info *item)
+{
+ /* ALL or exact match of username */
+ int rv = string_match(pamh, tok, item->user->pw_name, item->debug);
+ if (rv != NO)
+ return rv;
+
+ if (tok[strspn(tok, "0123456789")] != '\0')
+ return NO;
+
+ char buf[sizeof(long long) * 3 + 1];
+ snprintf(buf, sizeof(buf), "%llu",
+ zero_extend_signed_to_ull(item->user->pw_uid));
+ if (item->debug)
+ pam_syslog(pamh, LOG_DEBUG, "user_match: tok=%s, uid=%s", tok, buf);
+
+ /* check for exact match of uid */
+ return string_match (pamh, tok, buf, item->debug);
+}
+
+/* user_match - match a user against one token */
static int
user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
@@ -645,7 +705,7 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
hostname = item->hostname;
}
return (netgroup_match (pamh, tok + 1, hostname, string, item->debug));
- } else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */
+ } else if ((rv=user_name_or_uid_match(pamh, tok, item)) != NO) /* ALL or exact match */
return rv;
else if (item->only_new_group_syntax == NO &&
pam_modutil_user_in_group_nam_nam (pamh,
@@ -657,14 +717,41 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
}
+/* group_name_or_gid_match - match a group name or group gid against one token */
+static int
+group_name_or_gid_match(pam_handle_t *pamh, const char *tok,
+ const char *usr, int debug)
+{
+ /* check for exact match of group name */
+ if (pam_modutil_user_in_group_nam_nam(pamh, usr, tok) != NO)
+ return YES;
+
+ if (tok[strspn(tok, "0123456789")] != '\0')
+ return NO;
+
+ char *endptr = NULL;
+ errno = 0;
+ unsigned long int ul = strtoul(tok, &endptr, 10);
+ gid_t gid = (gid_t) ul;
+ if (errno != 0
+ || tok == endptr
+ || *endptr != '\0'
+ || (unsigned long) zero_extend_signed_to_ull(gid) != ul) {
+ return NO;
+ }
+
+ if (debug)
+ pam_syslog(pamh, LOG_DEBUG, "group_match: user=%s, gid=%s", usr, tok);
+
+ /* check for exact match of gid */
+ return pam_modutil_user_in_group_nam_gid(pamh, usr, gid);
+}
+
/* group_match - match a username against token named group */
static int
-group_match (pam_handle_t *pamh, const char *tok, const char* usr,
- int debug)
+group_match (pam_handle_t *pamh, char *tok, const char* usr, int debug)
{
- char grptok[BUFSIZ] = {};
-
if (debug)
pam_syslog (pamh, LOG_DEBUG,
"group_match: grp=%s, user=%s", tok, usr);
@@ -673,12 +760,13 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr,
return NO;
/* token is received under the format '(...)' */
- strncpy(grptok, tok + 1, strlen(tok) - 2);
+ tok++;
+ tok[strlen(tok) - 1] = '\0';
- if (pam_modutil_user_in_group_nam_nam(pamh, usr, grptok))
+ if (group_name_or_gid_match (pamh, usr, tok, debug))
return YES;
- return NO;
+ return NO;
}
@@ -757,7 +845,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
DIAG_PUSH_IGNORE_CAST_ALIGN;
inet_ntop (runp->ai_family,
&((struct sockaddr_in *) runp->ai_addr)->sin_addr,
- buf, sizeof (buf));
+ buf, sizeof (buf) - 1);
DIAG_POP_IGNORE_CAST_ALIGN;
strcat (buf, ".");
@@ -876,7 +964,8 @@ network_netmask_match (pam_handle_t *pamh,
*/
if (getaddrinfo (tok, NULL, NULL, &ai) != 0)
{
- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
+ if (item->debug)
+ pam_syslog(pamh, LOG_DEBUG, "cannot resolve hostname \"%s\"", tok);
return NO;
}
@@ -967,9 +1056,8 @@ network_netmask_match (pam_handle_t *pamh,
/* --- public PAM management functions --- */
-int
-pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
+static int
+pam_access(pam_handle_t *pamh, int argc, const char **argv)
{
struct login_info loginfo;
const char *user=NULL;
@@ -1099,8 +1187,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
if (rv) {
return (PAM_SUCCESS);
} else {
- pam_syslog(pamh, LOG_ERR,
- "access denied for user `%s' from `%s'",user,from);
+ if (!loginfo.quiet_log) {
+ pam_syslog(pamh, LOG_ERR,
+ "access denied for user `%s' from `%s'",user,from);
+ }
return (PAM_PERM_DENIED);
}
}
@@ -1113,31 +1203,38 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
}
int
-pam_sm_acct_mgmt (pam_handle_t *pamh, int flags,
- int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ return pam_access(pamh, argc, argv);
+}
+
+int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
{
- return pam_sm_authenticate (pamh, flags, argc, argv);
+ return pam_access(pamh, argc, argv);
}
int
-pam_sm_open_session(pam_handle_t *pamh, int flags,
+pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
- return pam_sm_authenticate(pamh, flags, argc, argv);
+ return pam_access(pamh, argc, argv);
}
int
-pam_sm_close_session(pam_handle_t *pamh, int flags,
+pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
- return pam_sm_authenticate(pamh, flags, argc, argv);
+ return pam_access(pamh, argc, argv);
}
int
-pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
- return pam_sm_authenticate(pamh, flags, argc, argv);
+ return pam_access(pamh, argc, argv);
}
/* end of module definition */
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-01 08:02:30 +0000