Gentoo Attachment #81492 for bug #55279

View | Details | Raw Unified
Collapse All | Expand All

(-) pam_skey-1.1.4/INSTALL (+34 lines)

Lines 1-5	Link Here

$Id: INSTALL,v 1.1.1.1 2005/06/18 12:11:24 kreator Exp $

$Id: INSTALL,v 1.1.1.1 2005/06/18 12:11:24 kreator Exp $

Gentoo patch

------------

Most everything below still holds, though the libraries required are now

those used by Gentoo.  Other S/Key libraries may work with a bit of

tweaking.

The options listed for the module below are no longer valid.  See the

Gentoo patch section in README for details.

The intended method for configuring PAM is by using the newer module

specification, with a line like:

auth	[success=done ignore=ignore auth_err=die default=bad] /lib/security/pam_skey.so

This is a combination of the standard "sufficient" and "requisite"

specifications:

- If the module returns PAM_SUCCESS, we are authenticated and no other

  modules should be tested.

- If the module returns PAM_IGNORE, then the module didn't accept its

  input as an S/Key response, and the next module should try using

  the input (using the try_first_pass option).

- If the module returns PAM_AUTH_ERR, then the module accepted an

  S/Key input but it was invalid.  Do not try any more modules in the

  stack; the user already chose S/Key authentication.

- If the module returns any other code, it is a simple error in processing.

  Set the error flag but try other modules, just in case.

The module is intended to be placed before another authentication module,

like pam_unix.so; if not, it should be placed before pam_deny.so.

If the newer module specification is unavailable in your version of PAM,

the "sufficient" specification will work.

Required

Required

--------

--------

For building this package you will probably need original Wietse Venema's

For building this package you will probably need original Wietse Venema's

(-) pam_skey-1.1.4/Makefile.in (-23 / +7 lines)

Lines 12-53	Link Here

LIBS=@LIBS@ @SKEYLIB@ @PAMLIB@

LIBS=@LIBS@ @SKEYLIB@ @PAMLIB@

LDFLAGS=@LDFLAGS@

LDFLAGS=@LDFLAGS@

INSTALL=@INSTALL@ -m 644

INSTALL=@INSTALL@

INSTALL_LIB=${INSTALL} -m 755

RM=@RM@ -f

RM=@RM@ -f

CP=@CP@ -f

CP=@CP@ -f

LN=@LN@ -s

LN=@LN@ -s

AWK=@AWK@

AWK=@AWK@

PAM_FILES=pam_skey.so.1 pam_skey_access.so.1

PAM_FILES=pam_skey.so

all: $(PAM_FILES)

all: $(PAM_FILES)

pam_skey.so.1: pam_skey.o

pam_skey.so: pam_skey.o

	$(CC) $(CFLAGS) -o $@ $< $(LIBS) $(LDFLAGS)

pam_skey_access.so.1: pam_skey_access.o

	$(CC) $(CFLAGS) -o $@ $< $(LIBS) $(LDFLAGS)

	$(CC) $(CFLAGS) -o $@ $< $(LIBS) $(LDFLAGS)

lint-pam_skey:

lint-pam_skey:

	lclint $(CFLAGS) pam_skey.c

	lclint $(CFLAGS) pam_skey.c

lint-pam_skey_access:

install: all

	lclint $(CFLAGS) pam_skey_access.c

	$(INSTALL) -d $(INSTALLDIR)

	$(INSTALL_LIB) $(PAM_FILES) $(INSTALLDIR)

install:

	@if test ! -d $(INSTALLDIR); then \

		echo "Missing $(INSTALLDIR). Problem with PAM installation?"; \

	else \

		for file in $(PAM_FILES); do \

			if test ! -f "$(INSTALLDIR)/$$file"; then \

				echo "Installing $$file in $(INSTALLDIR)"; \

				$(INSTALL) "$$file" "$(INSTALLDIR)/$$file"; \

				(cd $(INSTALLDIR) && $(LN) "$$file" `echo $$file | cut -d. -f1,2`); \

			else \

				echo "$$file exists - will not overwrite it"; \

			fi \

		done \

fi

clean:

clean:

	$(RM) a.out core *.so.1 *.o *.bak

	$(RM) a.out core *.so.1 *.o *.bak

(-) pam_skey-1.1.4/README (+72 lines)

Lines 1-5	Link Here

$Id: README,v 1.2 2005/06/18 12:36:18 kreator Exp $

$Id: README,v 1.2 2005/06/18 12:36:18 kreator Exp $

Gentoo patch

------------

The Gentoo pam_skey patch changes the original module in a number of ways.

The behavior of the module is changed to make it more consistent with the

PAM design, and several changes were made throughout the code to make the

module interact better with the skey library used by Gentoo.  Many of

these changes will break pam_skey's compatibility with other systems and

libraries, but this is, after all, the Gentoo patch.

A (not necessarily) exhaustive list of the changes is as follows:

- pam_skey_access.so is completely removed, since the Gentoo skey library

  does not support the skey_access() call.

- The pam_skey.so authentication code is completely rewritten.  The

  original code contained many references to the standard I/O library

  (writing to stderr, etc.), as well as inconsistent communication with

  the PAM libraries.  Also, the authentication process is different, as

  described below.

- The options accepted by the pam_skey.so module are different, as

  described below.

Four options are accepted by the pam_skey.so module:

  debug                  - This option turns on debug logging.

  try_first_pass         - This option tells the module to first try using

                           the authentication token passed from the

			   previous module as an S/Key response, before

			   informing the user of the challenge.  If the

			   token is not valid, the module will proceed with

			   the standard process of challenging the user

			   and requesting a response, subject to the

			   no_default_skey option below.

  use_first_pass         - This option is identical to the try_first_pass

                           option, except that if the token is not valid,

			   it will return silently without challenging the

			   user.

  no_default_skey        - This flag changes the behavior of pam_skey.

                           Instead of immediately challenging the user with

			   an S/Key challenge, it will present the user with

			   a standard "Password: " prompt.  If the user enters

			   the password "s/key" (case insensitive), it will

			   then challenge the user.  Any other input will

			   cause the module to pass the given password to the

			   next module in the authentication stack (usually

			   pam_unix.so with the try_first_pass option).

The exact behavior of pam_skey.so is detailed below:

1. Retrieve username from PAM, possibly querying the user for it.

2. If the user does not have any S/Key information, return PAM_IGNORE to

   proceed to the next module in the stack.

3. If *_first_pass is enabled, check the given authentication token to see

   if it is a valid response to the current S/Key challenge.  If so,

   return PAM_SUCCESS.

 3a. If the token is invalid and use_first_pass is enabled, return

     PAM_IGNORE.

4. If no_default_skey is enabled, issue a "Password: " prompt.

 4a. If the response is anything besides "s/key" (case insensitive),

     store it as the authentication token and return PAM_IGNORE.

5. Display the current S/Key challenge and request a response, with

   input not echoed.  If no_default_skey is enabled, this will only be

   an S/Key response request; otherwise, it will request either an

   S/Key response or a system passsword.

 5a. If an empty response is given, request the S/Key response again,

     this time with input echoed.

 5b. If the response is a valid S/Key response, return PAM_SUCCESS.

     Otherwise, return PAM_AUTHERR.

6. If the response is a valid S/Key response, return PAM_SUCCESS.

7. Otherwise, if no_default_skey is enabled (the user specifically

   requested "s/key" authentication), return PAM_AUTHERR.

8. Otherwise, store the response as the authentication token and

   return PAM_IGNORE.

About

About

-----

-----

This is complete pam_skey modul as interface to existing S/Key

This is complete pam_skey modul as interface to existing S/Key

(-) pam_skey-1.1.4/RELEASENOTES (-1 / +4 lines)

Lines 1-5	Link Here

RELEASE 1.1.4 - Sat Jun 18 14:28:31 CEST 2005

RELEASE 1.1.4 - Sat Jun 18 14:28:31 CEST 2005

* fix for _pam_delete() if we got AUTHTOK

* misc changes in source

* FreeBSD testing

* add support for Yuri Yudin's S/Key library (port from OpenBSD)

* fixed dlopen() issue for Solaris (appearing in proftpd suite)

- Dinko Korunic <kreator@srce.hr>

- Dinko Korunic <kreator@srce.hr>

(-) pam_skey-1.1.4/autoconf/acconfig.h (-15 lines)

Lines 1-17	Link Here

/* Define if we can include both string.h and strings.h */

/* Define if we can include both string.h and strings.h */

#undef STRING_WITH_STRINGS

#undef STRING_WITH_STRINGS

/* Define if you have Linux */

#undef LINUX

/* Define if you have *BSD */

#undef BSD

/* Define if not missing skeyaccess() */

#undef HAVE_SKEYACCESS

/* Define if not missing skeyinfo() */

#undef HAVE_SKEYINFO

/* Define if you have skeylookup() instead of skeyinfo() */

#undef HAVE_SKEYLOOKUP

(-) pam_skey-1.1.4/autoconf/configure.in (-19 / +3 lines)

Lines 10-30	Link Here

AC_LANG_C

AC_LANG_C

AC_LANG_SAVE

AC_LANG_SAVE

dnl Get system type

AC_CANONICAL_HOST

MYHOST=$host_os

case "$host_os" in

*linux*)

  AC_DEFINE(LINUX)

;;

*bsd*)

  AC_DEFINE(BSD)

;;

esac

dnl Package information

dnl Package information

PACKAGE=pam_skey

PACKAGE=pam_skey

VERSION=1.1

VERSION=1.4r1

dnl Standard installation path

dnl Standard installation path

AC_PREFIX_DEFAULT(/usr)

AC_PREFIX_DEFAULT(/usr)

Lines 65-77	Link Here

AC_ARG_WITH(skey-inc, [  --with-skey-inc=DIR     Directory containing skey include files], CFLAGS="${CFLAGS} -I${withval}")

AC_ARG_WITH(skey-inc, [  --with-skey-inc=DIR     Directory containing skey include files], CFLAGS="${CFLAGS} -I${withval}")

dnl Check for skey library

dnl Check for skey library

AC_CHECK_LIB(socket, socket)

AC_CHECK_LIB(socket, socket, LIBS="${LIBS} -lsocket")

AC_CHECK_LIB(nsl, gethostbyname)

AC_CHECK_LIB(nsl, gethostbyname, LIBS="${LIBS} -lnsl")

AC_CHECK_LIB(skey, skeyverify, SKEYLIB="-lskey", AC_MSG_ERROR(skey library not found or unknown interface))

AC_CHECK_LIB(skey, skeyverify, SKEYLIB="-lskey", AC_MSG_ERROR(skey library not found or unknown interface))

AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))

AC_CHECK_LIB(skey, skeyinfo, AC_DEFINE(HAVE_SKEYINFO),

  AC_CHECK_LIB(skey, skeylookup, AC_DEFINE(HAVE_SKEYLOOKUP))

dnl Check against -G linker flag

dnl Check against -G linker flag

hold_ldflags=$LDFLAGS

hold_ldflags=$LDFLAGS

(-) pam_skey-1.1.4/configure (-337 / +47 lines)

Lines 310-316	Link Here

# include <unistd.h>

# include <unistd.h>

#endif"

#endif"

ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT SET_MAKE RM LN CP AWK INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CPP EGREP SKEYLIB PAMLIB MYHOST PACKAGE VERSION LIBOBJS LTLIBOBJS'

ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT SET_MAKE RM LN CP AWK INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CPP EGREP SKEYLIB PAMLIB MYHOST PACKAGE VERSION LIBOBJS LTLIBOBJS'

ac_subst_files=''

ac_subst_files=''

# Initialize some variables set by options.

# Initialize some variables set by options.

Lines 720-732	Link Here

  	  /^X\(\/\).*/{ s//\1/; q; }

  	  /^X\(\/\).*/{ s//\1/; q; }

  	  s/.*/./; q'`

  	  s/.*/./; q'`

  srcdir=$ac_confdir

  srcdir=$ac_confdir

  if test ! -r $srcdir/$ac_unique_file; then

  if test ! -r "$srcdir/$ac_unique_file"; then

    srcdir=..

    srcdir=..

fi

fi

else

else

  ac_srcdir_defaulted=no

  ac_srcdir_defaulted=no

fi

fi

if test ! -r $srcdir/$ac_unique_file; then

if test ! -r "$srcdir/$ac_unique_file"; then

  if test "$ac_srcdir_defaulted" = yes; then

  if test "$ac_srcdir_defaulted" = yes; then

    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2

    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2

   { (exit 1); exit 1; }; }

   { (exit 1); exit 1; }; }

Lines 735-741	Link Here

   { (exit 1); exit 1; }; }

   { (exit 1); exit 1; }; }

fi

fi

fi

fi

(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||

(cd $srcdir && test -r "./$ac_unique_file") 2>/dev/null ||

  { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2

  { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2

   { (exit 1); exit 1; }; }

   { (exit 1); exit 1; }; }

srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`

srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`

Lines 831-840	Link Here

_ACEOF

_ACEOF

  cat <<\_ACEOF

  cat <<\_ACEOF

System types:

  --build=BUILD     configure for building on BUILD [guessed]

  --host=HOST       cross-compile to build programs to run on HOST [BUILD]

_ACEOF

_ACEOF

fi

fi

Lines 948-954	Link Here

    else

    else

      echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2

      echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2

fi

fi

    cd "$ac_popdir"

    cd $ac_popdir

  done

  done

fi

fi

Lines 1333-1410	Link Here

# Make sure we can run config.sub.

$ac_config_sub sun4 >/dev/null 2>&1 ||

  { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5

echo "$as_me: error: cannot run $ac_config_sub" >&2;}

   { (exit 1); exit 1; }; }

echo "$as_me:$LINENO: checking build system type" >&5

echo $ECHO_N "checking build system type... $ECHO_C" >&6

if test "${ac_cv_build+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

else

  ac_cv_build_alias=$build_alias

test -z "$ac_cv_build_alias" &&

  ac_cv_build_alias=`$ac_config_guess`

test -z "$ac_cv_build_alias" &&

  { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5

echo "$as_me: error: cannot guess build type; you must specify one" >&2;}

   { (exit 1); exit 1; }; }

ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||

  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5

echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}

   { (exit 1); exit 1; }; }

fi

echo "$as_me:$LINENO: result: $ac_cv_build" >&5

echo "${ECHO_T}$ac_cv_build" >&6

build=$ac_cv_build

build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`

build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`

build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`

echo "$as_me:$LINENO: checking host system type" >&5

echo $ECHO_N "checking host system type... $ECHO_C" >&6

if test "${ac_cv_host+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

else

  ac_cv_host_alias=$host_alias

test -z "$ac_cv_host_alias" &&

  ac_cv_host_alias=$ac_cv_build_alias

ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||

  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5

echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}

   { (exit 1); exit 1; }; }

fi

echo "$as_me:$LINENO: result: $ac_cv_host" >&5

echo "${ECHO_T}$ac_cv_host" >&6

host=$ac_cv_host

host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`

host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`

host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`

MYHOST=$host_os

case "$host_os" in

*linux*)

  cat >>confdefs.h <<\_ACEOF

#define LINUX 1

_ACEOF

;;

*bsd*)

  cat >>confdefs.h <<\_ACEOF

#define BSD 1

_ACEOF

;;

esac

PACKAGE=pam_skey

PACKAGE=pam_skey

VERSION=1.1

VERSION=1.4r1

Lines 1976-1982	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 2034-2040	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 2150-2156	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 2204-2210	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 2249-2255	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 2293-2299	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 2881-2887	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3051-3057	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3124-3130	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3278-3284	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3431-3437	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3533-3539	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3583-3589	Link Here

  CFLAGS="${CFLAGS} -I${withval}"

  CFLAGS="${CFLAGS} -I${withval}"

fi;

fi;

echo "$as_me:$LINENO: checking for socket in -lsocket" >&5

echo "$as_me:$LINENO: checking for socket in -lsocket" >&5

echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6

echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6

if test "${ac_cv_lib_socket_socket+set}" = set; then

if test "${ac_cv_lib_socket_socket+set}" = set; then

Lines 3622-3628	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3648-3662	Link Here

echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5

echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5

echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6

echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6

if test $ac_cv_lib_socket_socket = yes; then

if test $ac_cv_lib_socket_socket = yes; then

  cat >>confdefs.h <<_ACEOF

  LIBS="${LIBS} -lsocket"

#define HAVE_LIBSOCKET 1

_ACEOF

  LIBS="-lsocket $LIBS"

fi

fi

echo "$as_me:$LINENO: checking for gethostbyname in -lnsl" >&5

echo "$as_me:$LINENO: checking for gethostbyname in -lnsl" >&5

echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6

echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6

if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then

if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then

Lines 3695-3701	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3721-3732	Link Here

echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_gethostbyname" >&5

echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_gethostbyname" >&5

echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6

echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6

if test $ac_cv_lib_nsl_gethostbyname = yes; then

if test $ac_cv_lib_nsl_gethostbyname = yes; then

  cat >>confdefs.h <<_ACEOF

  LIBS="${LIBS} -lnsl"

#define HAVE_LIBNSL 1

_ACEOF

  LIBS="-lnsl $LIBS"

fi

fi

echo "$as_me:$LINENO: checking for skeyverify in -lskey" >&5

echo "$as_me:$LINENO: checking for skeyverify in -lskey" >&5

Lines 3767-3773	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 3800-4017	Link Here

   { (exit 1); exit 1; }; }

   { (exit 1); exit 1; }; }

fi

fi

echo "$as_me:$LINENO: checking for skeyaccess in -lskey" >&5

echo $ECHO_N "checking for skeyaccess in -lskey... $ECHO_C" >&6

if test "${ac_cv_lib_skey_skeyaccess+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

else

  ac_check_lib_save_LIBS=$LIBS

LIBS="-lskey  $LIBS"

cat >conftest.$ac_ext <<_ACEOF

/* confdefs.h.  */

_ACEOF

cat confdefs.h >>conftest.$ac_ext

cat >>conftest.$ac_ext <<_ACEOF

/* end confdefs.h.  */

/* Override any gcc2 internal prototype to avoid an error.  */

#ifdef __cplusplus

extern "C"

#endif

/* We use char because int might match the return type of a gcc2

   builtin and then its argument prototype would still apply.  */

char skeyaccess ();

int

main ()

skeyaccess ();

  return 0;

_ACEOF

rm -f conftest.$ac_objext conftest$ac_exeext

if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5

  (eval $ac_link) 2>conftest.er1

  ac_status=$?

  grep -v '^ *+' conftest.er1 >conftest.err

  rm -f conftest.er1

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; } &&

	 { ac_try='test -s conftest$ac_exeext'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; }; then

  ac_cv_lib_skey_skeyaccess=yes

else

  echo "$as_me: failed program was:" >&5

sed 's/^/| /' conftest.$ac_ext >&5

ac_cv_lib_skey_skeyaccess=no

fi

rm -f conftest.err conftest.$ac_objext \

      conftest$ac_exeext conftest.$ac_ext

LIBS=$ac_check_lib_save_LIBS

fi

echo "$as_me:$LINENO: result: $ac_cv_lib_skey_skeyaccess" >&5

echo "${ECHO_T}$ac_cv_lib_skey_skeyaccess" >&6

if test $ac_cv_lib_skey_skeyaccess = yes; then

  cat >>confdefs.h <<\_ACEOF

#define HAVE_SKEYACCESS 1

_ACEOF

fi

echo "$as_me:$LINENO: checking for skeyinfo in -lskey" >&5

echo $ECHO_N "checking for skeyinfo in -lskey... $ECHO_C" >&6

if test "${ac_cv_lib_skey_skeyinfo+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

else

  ac_check_lib_save_LIBS=$LIBS

LIBS="-lskey  $LIBS"

cat >conftest.$ac_ext <<_ACEOF

/* confdefs.h.  */

_ACEOF

cat confdefs.h >>conftest.$ac_ext

cat >>conftest.$ac_ext <<_ACEOF

/* end confdefs.h.  */

/* Override any gcc2 internal prototype to avoid an error.  */

#ifdef __cplusplus

extern "C"

#endif

/* We use char because int might match the return type of a gcc2

   builtin and then its argument prototype would still apply.  */

char skeyinfo ();

int

main ()

skeyinfo ();

  return 0;

_ACEOF

rm -f conftest.$ac_objext conftest$ac_exeext

if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5

  (eval $ac_link) 2>conftest.er1

  ac_status=$?

  grep -v '^ *+' conftest.er1 >conftest.err

  rm -f conftest.er1

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; } &&

	 { ac_try='test -s conftest$ac_exeext'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; }; then

  ac_cv_lib_skey_skeyinfo=yes

else

  echo "$as_me: failed program was:" >&5

sed 's/^/| /' conftest.$ac_ext >&5

ac_cv_lib_skey_skeyinfo=no

fi

rm -f conftest.err conftest.$ac_objext \

      conftest$ac_exeext conftest.$ac_ext

LIBS=$ac_check_lib_save_LIBS

fi

echo "$as_me:$LINENO: result: $ac_cv_lib_skey_skeyinfo" >&5

echo "${ECHO_T}$ac_cv_lib_skey_skeyinfo" >&6

if test $ac_cv_lib_skey_skeyinfo = yes; then

  cat >>confdefs.h <<\_ACEOF

#define HAVE_SKEYINFO 1

_ACEOF

else

  echo "$as_me:$LINENO: checking for skeylookup in -lskey" >&5

echo $ECHO_N "checking for skeylookup in -lskey... $ECHO_C" >&6

if test "${ac_cv_lib_skey_skeylookup+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

else

  ac_check_lib_save_LIBS=$LIBS

LIBS="-lskey  $LIBS"

cat >conftest.$ac_ext <<_ACEOF

/* confdefs.h.  */

_ACEOF

cat confdefs.h >>conftest.$ac_ext

cat >>conftest.$ac_ext <<_ACEOF

/* end confdefs.h.  */

/* Override any gcc2 internal prototype to avoid an error.  */

#ifdef __cplusplus

extern "C"

#endif

/* We use char because int might match the return type of a gcc2

   builtin and then its argument prototype would still apply.  */

char skeylookup ();

int

main ()

skeylookup ();

  return 0;

_ACEOF

rm -f conftest.$ac_objext conftest$ac_exeext

if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5

  (eval $ac_link) 2>conftest.er1

  ac_status=$?

  grep -v '^ *+' conftest.er1 >conftest.err

  rm -f conftest.er1

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; } &&

	 { ac_try='test -s conftest$ac_exeext'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; }; then

  ac_cv_lib_skey_skeylookup=yes

else

  echo "$as_me: failed program was:" >&5

sed 's/^/| /' conftest.$ac_ext >&5

ac_cv_lib_skey_skeylookup=no

fi

rm -f conftest.err conftest.$ac_objext \

      conftest$ac_exeext conftest.$ac_ext

LIBS=$ac_check_lib_save_LIBS

fi

echo "$as_me:$LINENO: result: $ac_cv_lib_skey_skeylookup" >&5

echo "${ECHO_T}$ac_cv_lib_skey_skeylookup" >&6

if test $ac_cv_lib_skey_skeylookup = yes; then

  cat >>confdefs.h <<\_ACEOF

#define HAVE_SKEYLOOKUP 1

_ACEOF

fi

fi

hold_ldflags=$LDFLAGS

hold_ldflags=$LDFLAGS

echo "$as_me:$LINENO: checking for the ld -shared flag" >&5

echo "$as_me:$LINENO: checking for the ld -shared flag" >&5

Lines 4041-4047	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 4099-4105	Link Here

  cat conftest.err >&5

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"			 || test ! -s conftest.err'

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  (eval $ac_try) 2>&5

  ac_status=$?

  ac_status=$?

Lines 4747-4760	Link Here

s,@ECHO_N@,$ECHO_N,;t t

s,@ECHO_N@,$ECHO_N,;t t

s,@ECHO_T@,$ECHO_T,;t t

s,@ECHO_T@,$ECHO_T,;t t

s,@LIBS@,$LIBS,;t t

s,@LIBS@,$LIBS,;t t

s,@build@,$build,;t t

s,@build_cpu@,$build_cpu,;t t

s,@build_vendor@,$build_vendor,;t t

s,@build_os@,$build_os,;t t

s,@host@,$host,;t t

s,@host_cpu@,$host_cpu,;t t

s,@host_vendor@,$host_vendor,;t t

s,@host_os@,$host_os,;t t

s,@CC@,$CC,;t t

s,@CC@,$CC,;t t

s,@CFLAGS@,$CFLAGS,;t t

s,@CFLAGS@,$CFLAGS,;t t

s,@LDFLAGS@,$LDFLAGS,;t t

s,@LDFLAGS@,$LDFLAGS,;t t

Lines 4945-4950	Link Here

  *) ac_INSTALL=$ac_top_builddir$INSTALL ;;

  *) ac_INSTALL=$ac_top_builddir$INSTALL ;;

  esac

  esac

  if test x"$ac_file" != x-; then

    { echo "$as_me:$LINENO: creating $ac_file" >&5

echo "$as_me: creating $ac_file" >&6;}

    rm -f "$ac_file"

fi

  # Let's still pretend it is `configure' which instantiates (i.e., don't

  # Let's still pretend it is `configure' which instantiates (i.e., don't

  # use $as_me), people would be surprised to read:

  # use $as_me), people would be surprised to read:

  #    /* config.h.  Generated by config.status.  */

  #    /* config.h.  Generated by config.status.  */

Lines 4983-4994	Link Here

	 fi;;

	 fi;;

      esac

      esac

    done` || { (exit 1); exit 1; }

    done` || { (exit 1); exit 1; }

  if test x"$ac_file" != x-; then

    { echo "$as_me:$LINENO: creating $ac_file" >&5

echo "$as_me: creating $ac_file" >&6;}

    rm -f "$ac_file"

fi

_ACEOF

_ACEOF

cat >>$CONFIG_STATUS <<_ACEOF

cat >>$CONFIG_STATUS <<_ACEOF

  sed "$ac_vpsub

  sed "$ac_vpsub

(-) pam_skey-1.1.4/defs.h.in (-72 / +25 lines)

Lines 1-96	Link Here

/* defs.h.in.  Generated from configure.in by autoheader.  */

/* defs.h.in.  Generated automatically from configure.in by autoheader.  */

/* Define if we can include both string.h and strings.h */

#undef STRING_WITH_STRINGS

/* Define if you have Linux */

#undef LINUX

/* Define if you have *BSD */

#undef BSD

/* Define if not missing skeyaccess() */

/* Define if you have the ANSI C header files.  */

#undef HAVE_SKEYACCESS

#undef STDC_HEADERS

/* Define if not missing skeyinfo() */

#undef HAVE_SKEYINFO

/* Define if you have skeylookup() instead of skeyinfo() */

/* Define if we can include both string.h and strings.h */

#undef HAVE_SKEYLOOKUP

#undef STRING_WITH_STRINGS

/* Define to 1 if you have the `fprintf' function. */

/* Define if you have the fprintf function.  */

#undef HAVE_FPRINTF

#undef HAVE_FPRINTF

/* Define to 1 if you have the <inttypes.h> header file. */

/* Define if you have the gethostbyname function.  */

#undef HAVE_INTTYPES_H

#undef HAVE_GETHOSTBYNAME

/* Define to 1 if you have the `nsl' library (-lnsl). */

/* Define if you have the snprintf function.  */

#undef HAVE_LIBNSL

#undef HAVE_SNPRINTF

/* Define to 1 if you have the `socket' library (-lsocket). */

/* Define if you have the strncmp function.  */

#undef HAVE_LIBSOCKET

#undef HAVE_STRNCMP

/* Define to 1 if you have the <memory.h> header file. */

/* Define if you have the syslog function.  */

#undef HAVE_MEMORY_H

#undef HAVE_SYSLOG

/* Define to 1 if you have the <pwd.h> header file. */

/* Define if you have the <pwd.h> header file.  */

#undef HAVE_PWD_H

#undef HAVE_PWD_H

/* Define to 1 if you have the <security/pam_appl.h> header file. */

/* Define if you have the <security/pam_appl.h> header file.  */

#undef HAVE_SECURITY_PAM_APPL_H

#undef HAVE_SECURITY_PAM_APPL_H

/* Define to 1 if you have the <security/pam_modules.h> header file. */

/* Define if you have the <security/pam_modules.h> header file.  */

#undef HAVE_SECURITY_PAM_MODULES_H

#undef HAVE_SECURITY_PAM_MODULES_H

/* Define to 1 if you have the `snprintf' function. */

/* Define if you have the <stdlib.h> header file.  */

#undef HAVE_SNPRINTF

/* Define to 1 if you have the <stdint.h> header file. */

#undef HAVE_STDINT_H

/* Define to 1 if you have the <stdlib.h> header file. */

#undef HAVE_STDLIB_H

#undef HAVE_STDLIB_H

/* Define to 1 if you have the <strings.h> header file. */

/* Define if you have the <string.h> header file.  */

#undef HAVE_STRINGS_H

/* Define to 1 if you have the <string.h> header file. */

#undef HAVE_STRING_H

#undef HAVE_STRING_H

/* Define to 1 if you have the `strncmp' function. */

/* Define if you have the <strings.h> header file.  */

#undef HAVE_STRNCMP

#undef HAVE_STRINGS_H

/* Define to 1 if you have the `syslog' function. */

#undef HAVE_SYSLOG

/* Define to 1 if you have the <syslog.h> header file. */

#undef HAVE_SYSLOG_H

/* Define to 1 if you have the <sys/stat.h> header file. */

#undef HAVE_SYS_STAT_H

/* Define to 1 if you have the <sys/syslog.h> header file. */

/* Define if you have the <sys/syslog.h> header file.  */

#undef HAVE_SYS_SYSLOG_H

#undef HAVE_SYS_SYSLOG_H

/* Define to 1 if you have the <sys/types.h> header file. */

/* Define if you have the <sys/types.h> header file.  */

#undef HAVE_SYS_TYPES_H

#undef HAVE_SYS_TYPES_H

/* Define to 1 if you have the <unistd.h> header file. */

/* Define if you have the <syslog.h> header file.  */

#undef HAVE_UNISTD_H

#undef HAVE_SYSLOG_H

/* Define to the address where bug reports for this package should be sent. */

#undef PACKAGE_BUGREPORT

/* Define to the full name of this package. */

#undef PACKAGE_NAME

/* Define to the full name and version of this package. */

#undef PACKAGE_STRING

/* Define to the one symbol short name of this package. */

#undef PACKAGE_TARNAME

/* Define to the version of this package. */

#undef PACKAGE_VERSION

/* Define to 1 if you have the ANSI C header files. */

#undef STDC_HEADERS

(-) pam_skey-1.1.4/pam_skey.c (-257 / +125 lines)

Lines 1-5	Link Here

/*

/*

 * (c) 2001 Dinko Korunic, kreator@srce.hr

 * Rewrite (c) 2005 Dani Church, dani.church@gmail.com

 * Original (c) 2001 Dinko Korunic, kreator@srce.hr

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

Lines 33-304	Link Here

#include <pwd.h>

#include <pwd.h>

#include <sys/types.h>

#include <sys/types.h>

#include <syslog.h>

#include <syslog.h>

#include <ctype.h>

#define PAM_EXTERN extern

#define PAM_EXTERN extern

#undef PAM_STATIC

#undef PAM_STATIC

#include <security/pam_appl.h>

#include <security/pam_appl.h>

#include <security/pam_modules.h>

#include <security/pam_modules.h>

#include <security/_pam_macros.h>

#include "skey.h"

#include "skey.h"

#include "pam_skey.h"

#include "pam_skey.h"

#include "misc.h"

#include "misc.h"

#define LOGDEBUG(x) if (mod_opt & _MOD_DEBUG) { syslog x ;}

#define QUERY_USERNAME NULL /* Use default username prompt */

#define QUERY_PASSWORD "Password: "

#define QUERY_RESPONSE_OR_PASSWORD "S/Key response or system password: "

#define QUERY_RESPONSE "S/Key response: "

PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh, int flags,

PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh, int flags,

  int argc, const char **argv)

  int argc, const char **argv)

  return PAM_SUCCESS;

  return PAM_SUCCESS;

/*

 * The authentication module will return the following status codes:

 * PAM_SUCCESS: Successful authentication via S/Key.

 * PAM_IGNORE: The user doesn't have S/Key or doesn't want to use it.

 *             Continue with the next module, using try_first_pass.

 * PAM_AUTH_ERR: The user asked to use S/Key, but failed the authentication.

 *               Don't try any more PAM modules.

 * others: random errors, try next authentication method

*/

PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,

PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,

  int argc, const char **argv)

  int argc, const char **argv)

  char challenge[CHALLENGE_MAXSIZE]; /* challenge to print in conv */

  const char *challenge; /* challenge to print in conv */

  char msg_text[PAM_MAX_MSG_SIZE]; /* text for pam conv */

  const char *username = NULL; /* username spacer */

  char *username = NULL; /* username spacer */

  char *response = NULL; /* response spacer */

  char *response = NULL; /* response spacer */

  struct skey skey; /* structure that contains skey information */

  int status; /* return status spacer */

  int status; /* return status spacer */

  unsigned mod_opt = _MOD_NONE_ON; /* module options */

  unsigned mod_opt=_MOD_NONE_ON; /* module options */

  /* Get module options */

  /* Get module options */

  mod_getopt(&mod_opt, argc, argv);

  mod_getopt(&mod_opt, argc, argv);

  /* Get username */

  /* Get username (taken mainly from pam_unix) */

#if defined LINUX || defined BSD

  status = pam_get_user(pamh, &username, QUERY_USERNAME);

  if (pam_get_user(pamh, (const char **)&username, "login:")

  if (status == PAM_SUCCESS) {

#else

    if (username == NULL || !isalnum(*username)) {

  if (pam_get_user(pamh, (char **)&username, "login:")

      syslog(LOG_ERR, "bad username [%s]", username);

#endif

      return PAM_USER_UNKNOWN;

      != PAM_SUCCESS)

    fprintf(stderr, "cannot determine username\n");

    if (mod_opt & _MOD_DEBUG)

      syslog(LOG_DEBUG, "cannot determine username");

    return PAM_USER_UNKNOWN;

  if (mod_opt & _MOD_DEBUG)

    syslog(LOG_DEBUG, "got username %s", username);

#ifdef HAVE_SKEYACCESS

  /* Check S/Key access permissions - user, host and port. Also include

   * sanity checks */

  if (mod_opt & _MOD_ACCESS_CHECK)

    char *host; /* points to host */

    char *port; /* points to port */

    struct passwd *pwuser; /* structure for getpw() */

    /* Get host.. */

#if defined LINUX || defined BSD

    if (pam_get_item(pamh, PAM_RHOST, (const void **)&host)

#else

    if (pam_get_item(pamh, PAM_RHOST, (void **)&host)

#endif

        != PAM_SUCCESS)

      host = NULL; /* couldn't get host */

    /* ..and port */

#if defined LINUX || defined BSD

    if (pam_get_item(pamh, PAM_TTY, (const void **)&port)

#else

    if (pam_get_item(pamh, PAM_TTY, (void **)&port)

#endif

        != PAM_SUCCESS)

      port = NULL; /* couldn't get port */

    if (mod_opt & _MOD_DEBUG)

      syslog(LOG_DEBUG, "checking s/key access for user %s,"

        " host %s, port %s", username,

        (host != NULL) ? host : "*unknown*",

        (port != NULL) ? port : "*unknown*");

    /* Get information from passwd file */

    if ((pwuser = getpwnam(username)) == NULL)

      fprintf(stderr, "no such user\n");

      syslog(LOG_NOTICE, "cannot find user %s", username);

      return PAM_USER_UNKNOWN; /* perhaps even return PAM_ABORT here? */

    LOGDEBUG((LOG_DEBUG, "username [%s] obtained", username));

  } else {

    LOGDEBUG((LOG_DEBUG, "trouble reading username"));

    if (status == PAM_CONV_AGAIN)

      return PAM_INCOMPLETE;

    return status;

    /* Do actual checking - we assume skeyaccess() returns PERMIT which is

  /* Check whether or not this user has an S/Key */

     * by default 1. Notice 4th argument is NULL - we will not perform

  if (skey_haskey(username) != 0) {

     * address checks on host itself */

    LOGDEBUG((LOG_DEBUG, "user [%s] has no S/Key entry", username));

    if (skeyaccess(pwuser, port, host, NULL) != 1)

    return PAM_IGNORE;

      fprintf(stderr, "no s/key access permissions\n");

      syslog(LOG_NOTICE, "no s/key access permissions for %s",

          username);

      return PAM_AUTH_ERR;

  else

#endif /* HAVE_SKEYACCESS */

  if ((mod_opt & _MOD_TRY_FIRST_PASS) || (mod_opt & _MOD_USE_FIRST_PASS)) {

    status = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &response);

  /* Only do check whether user has passwd entry */

    if (status != PAM_SUCCESS) {

    if (getpwnam(username) == NULL)

      syslog(LOG_ALERT, "pam_get_item returned error to pam_skey");

      return status;

      fprintf(stderr, "no such user\n");

    } else if (response != NULL) {

      if (mod_opt & _MOD_DEBUG)

      if (skey_passcheck(username, response) != -1) {

        syslog(LOG_DEBUG, "cannot find user %s",

	return PAM_SUCCESS;

            username);

      } else if (mod_opt & _MOD_USE_FIRST_PASS) {

      return PAM_USER_UNKNOWN;

	return PAM_IGNORE;

    } else if (mod_opt & _MOD_USE_FIRST_PASS) {

      return PAM_AUTHTOK_RECOVER_ERR;

  /* Get S/Key information on user with skeyinfo() */

#ifdef HAVE_SKEYINFO

  switch (skeyinfo(&skey, username, NULL))

#else

#ifdef HAVE_SKEYLOOKUP

  switch (skeylookup(&skey, username))

#endif /* HAVE_SKEYLOOKUP */

#endif /* HAVE_SKEYINFO */

  /* 0: OK */

  case 0:

    break;

  /* -1: File error */

  case -1:

#if 0

  /* XXX- This seems broken in (at least) logdaemon-5.8. It returns -1

   * when user not found in keyfile. -kre */

    fprintf(stderr, "s/key database error\n");

    syslog(LOG_NOTICE, "s/key database error");

    return PAM_AUTH_ERR;

#endif

  /* 1: No such user in database */

  case 1:

    /* We won't confuse the ordinary user telling him about missing skeys

     * -kre */

#if 0

    fprintf(stderr, "no s/key for %s\n", username);

#endif

    if (mod_opt & _MOD_DEBUG)

      syslog(LOG_DEBUG, "no s/key for %s\n", username);

    return PAM_AUTH_ERR;

  /* Make challenge string */

  if (mod_opt & _MOD_NO_DEFAULT_SKEY) {

#if defined(SKEY_MAX_HASHNAME_LEN) && defined(SKEY_MAX_SEED_LEN)

    status = mod_talk_touser(pamh, mod_opt, NULL, QUERY_PASSWORD, 0, &response);

  snprintf(challenge, CHALLENGE_MAXSIZE, "otp-%.*s %d %.*s",

    if (status != PAM_SUCCESS) {

      SKEY_MAX_HASHNAME_LEN, skey_get_algorithm(), skey.n - 1, SKEY_MAX_SEED_LEN, skey.seed);

      _pam_delete(response)

#else

      return status;

  snprintf(challenge, CHALLENGE_MAXSIZE, "s/key %d %s",

      skey.n - 1, skey.seed);

#endif

  if (mod_opt & _MOD_DEBUG)

    syslog(LOG_DEBUG, "got challenge %s for %s", challenge,

        username);

  /* Read response from last module's PAM_AUTHTOK */

  if (mod_opt & _MOD_USE_FIRST_PASS)

    /* Try to extract authtoken */

#if defined LINUX || defined BSD

    if (pam_get_item(pamh, PAM_AUTHTOK, (const void **)&response)

#else

    if (pam_get_item(pamh, PAM_AUTHTOK, (void **)&response)

#endif

        != PAM_SUCCESS)

      if (mod_opt & _MOD_DEBUG)

        syslog(LOG_DEBUG, "could not get PAM_AUTHTOK");

      mod_opt &= ~_MOD_USE_FIRST_PASS;

    else

    if (strcasecmp(response,"s/key")!=0) {

      status = pam_set_item(pamh, PAM_AUTHTOK, response);

      /* Got AUTHTOK, but it was empty */

      if (status != PAM_SUCCESS)

      if (empty_authtok(response))

	return status;

      return PAM_IGNORE;

        if (mod_opt & _MOD_DEBUG)

          syslog(LOG_DEBUG, "empty PAM_AUTHTOK");

        mod_opt &= ~_MOD_USE_FIRST_PASS;

      else

        /* All OK, print challenge information */

        fprintf(stderr, "challenge %s\n", challenge);

    _pam_delete(response);

  /* There was no PAM_AUTHTOK, or there was no such option in pam-conf

  challenge = skey_keyinfo(username);

   * file */

  if (challenge == NULL) {

  if (!(mod_opt & _MOD_USE_FIRST_PASS))

    syslog(LOG_ALERT, "Could not retrieve S/Key challenge for [%s]", username);

    return PAM_AUTHINFO_UNAVAIL;

    /* Prepare a complete message for conversation */

    snprintf(msg_text, PAM_MAX_MSG_SIZE,

        "challenge %s\npassword: ", challenge);

    /* Talk with user */

    if (mod_talk_touser(pamh, &mod_opt, msg_text, &response)

        != PAM_SUCCESS)

      return PAM_SERVICE_ERR;

    /* Simulate standard S/Key login procedure - if empty token, turn on

     * ECHO and prompt again */

    if (empty_authtok(response) && !(mod_opt & _MOD_ONLY_ONE_TRY))

      /* Was there echo off? */

      if (mod_opt & _MOD_ECHO_OFF)

        _pam_delete(response);

        fprintf(stderr, "(turning echo on)\n");

        mod_opt &= ~_MOD_ECHO_OFF;

        /* Prepare a complete message for conversation */

        snprintf(msg_text, PAM_MAX_MSG_SIZE, "password: ");

        /* Talk with user */

        if (mod_talk_touser(pamh, &mod_opt, msg_text, &response)

          != PAM_SUCCESS)

          return PAM_SERVICE_ERR;

        /* Got again empty response. Bailout and don't save auth token */

        if (empty_authtok(response))

          return PAM_AUTH_ERR;

      else

      /* There was echo on already - just get out and don't save auth token

       * for other modules */

        return PAM_AUTH_ERR;

    /* XXX - ECHO ON puts '\n' at the end in Solaris 2.7! This is

  if (mod_opt & _MOD_NO_DEFAULT_SKEY)

     * cludge to get rid of this nasty `feature' -kre */

    status = mod_talk_touser(pamh, mod_opt, challenge, QUERY_RESPONSE, 0, &response);

    _pam_degarbage(response);

  else

    status = mod_talk_touser(pamh, mod_opt, challenge, QUERY_RESPONSE_OR_PASSWORD, 0, &response);

    /* Store auth token - that next module can use with `use_first_pass' */

    if (pam_set_item(pamh, PAM_AUTHTOK, response) != PAM_SUCCESS)

      syslog(LOG_NOTICE, "unable to save auth token");

      return PAM_SERVICE_ERR;

    /* cleanup conversation */

  if (status != PAM_SUCCESS)

    return status;

  if (*response == '\0') {

    _pam_delete(response);

    _pam_delete(response);

    status = mod_talk_touser(pamh, mod_opt, NULL, QUERY_RESPONSE, 1, &response);

    if (status != PAM_SUCCESS)

  /* Verify S/Key */

      return status;

  status = skeyverify(&skey, response);

    status = pam_set_item(pamh, PAM_AUTHTOK, response);

    status = skey_passcheck(username, response);

    _pam_delete(response);

    if (status != -1)

      return PAM_SUCCESS;

    return PAM_AUTH_ERR;

  switch (status)

  status = pam_set_item(pamh, PAM_AUTHTOK, response);

  status = skey_passcheck(username, response);

    /* 0: Verify successful, database updated */

  if (status != -1) {

    case 0:

    _pam_delete(response);

      break;

    return PAM_SUCCESS;

    /* -1: Error of some sort; database unchanged */

    /*  1: Verify failed, database unchanged */

    case -1:

  if (mod_opt & _MOD_NO_DEFAULT_SKEY) {

    case 1:

    _pam_delete(response);

      if (mod_opt & _MOD_DEBUG)

    return PAM_AUTH_ERR;

        syslog(LOG_DEBUG, "verify for %s failed, database"

            " unchanged", username);

      return PAM_AUTH_ERR;

  /* Success by default */

  status = pam_set_item(pamh, PAM_AUTHTOK, response);

  return PAM_SUCCESS;

  return PAM_IGNORE;

/* Get module optional parameters */

/* Get module optional parameters */

Lines 332-381	Link Here

/* This will talk to user through PAM_CONV */

/* This will talk to user through PAM_CONV */

static int mod_talk_touser(pam_handle_t *pamh, unsigned *mod_opt,

static int mod_talk_touser(pam_handle_t *pamh, unsigned mod_opt,

    char *msg_text, char **response)

    const char *info_text, const char *prompt_text, int echo_on, char **response)

  struct pam_message message;

  struct pam_message message[2], *pmessage[2];

  const struct pam_message *pmessage = &message;

  struct pam_conv *conv = NULL;

  struct pam_conv *conv = NULL;

  struct pam_response *presponse = NULL;

  struct pam_response *presponse = NULL;

  int i=0;

  /* Better safe than sorry */

  /* Better safe than sorry */

  *response = NULL;

  *response = NULL;

  /* Be paranoid */

  /* Be paranoid */

  memset(&message, 0, sizeof(message));

  memset(&message, 0, sizeof(message));

  /* Turn on/off PAM echo */

  pmessage[0] = &message[0];

  if (*mod_opt & _MOD_ECHO_OFF)

  pmessage[1] = &message[1];

    message.msg_style = PAM_PROMPT_ECHO_OFF;

  else

  /* Set info text, if any */

    message.msg_style = PAM_PROMPT_ECHO_ON;

  if (info_text) {

    message[i].msg = info_text;

    message[i].msg_style = PAM_TEXT_INFO;

    i++;

  /* Point to conversation text */

  /* Set prompt text */

  message.msg = msg_text;

  message[i].msg = prompt_text;

  message[i].msg_style = echo_on ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;

  i++;

  /* Do conversation and see if all is OK */

  /* Do conversation and see if all is OK */

#if defined LINUX || defined BSD

  if (pam_get_item(pamh, PAM_CONV, (const void **)&conv) != PAM_SUCCESS) {

  if (pam_get_item(pamh, PAM_CONV, (const void **)&conv)

    LOGDEBUG((LOG_DEBUG, "error in conversation"));

#else

  if (pam_get_item(pamh, PAM_CONV, (void **)&conv)

#endif

      != PAM_SUCCESS)

    if (*mod_opt & _MOD_DEBUG)

      syslog(LOG_DEBUG, "error in conversation");

    return PAM_SERVICE_ERR;

    return PAM_SERVICE_ERR;

  /* Convert into pam_response */

  /* Convert into pam_response - only 1 reply expected */

  if (conv->conv(i, (const struct pam_message **)pmessage, &presponse,

#if defined LINUX || defined BSD

  if (conv->conv(1, &pmessage, &presponse,

        conv->appdata_ptr)

        conv->appdata_ptr)

#else

  if (conv->conv(1, (struct pam_message **)&pmessage, &presponse,

        conv->appdata_ptr)

#endif

    != PAM_SUCCESS)

    != PAM_SUCCESS)

    _pam_delete(presponse->resp);

    _pam_delete(presponse->resp);

Lines 385-394	Link Here

  if (presponse != NULL)

  if (presponse != NULL)

    /* Save address */

    /* Save address */

    *response = presponse->resp;

    *response = presponse[i-1].resp;

    /* To ensure that response address will not be erased */

    /* To ensure that response address will not be erased */

    presponse->resp = NULL;

    presponse[i-1].resp = NULL;

    _pam_drop(presponse);

    _pam_drop_reply(presponse,i);

  else

  else

    return PAM_SERVICE_ERR;

    return PAM_SERVICE_ERR;

(-) pam_skey-1.1.4/pam_skey.h (-30 / +17 lines)

Lines 22-50	Link Here

*/

*/

/* Prototypes */

/* Prototypes */

#ifndef BSD

extern int skeyinfo(struct skey *, char *, char *); /* ORGH! Not in skey.h */

#endif

static void mod_getopt(unsigned *, int, const char **);

static void mod_getopt(unsigned *, int, const char **);

static int mod_talk_touser(pam_handle_t *, unsigned *, char *, char **);

static int mod_talk_touser(pam_handle_t *, unsigned, const char *, const char *, int, char **);

/* free() macro */

/* free() macro */

#define _pam_drop(X)  \

/*#define _pam_drop(X)  \

if (X != NULL)        \

if (X != NULL)        \

{                     \

{                     \

  free(X);            \

  free(X);            \

  X = NULL;           \

  X = NULL;           \

}*/

/* Secure overwrite */

/* Secure overwrite */

#define _pam_overwrite(x)   \

/*#define _pam_overwrite(x)   \

{                           \

{                           \

  register char *__xx__;    \

  register char *__xx__;    \

  if ((__xx__ = (x)))       \

  if ((__xx__ = (x)))       \

    while (*__xx__)         \

    while (*__xx__)         \

    *__xx__++ = '\0';       \

    *__xx__++ = '\0';       \

}*/

/* Drop-in secure replacement - we do not want cleartext passwords lying

/* Drop-in secure replacement - we do not want cleartext passwords lying

 * scattered around */

 * scattered around */

Lines 56-62	Link Here

/* This will get us rid of first '\n' in response string and cut-off the

/* This will get us rid of first '\n' in response string and cut-off the

 * rest of the string. It should be ASCIIZ, of course */

 * rest of the string. It should be ASCIIZ, of course */

#define _pam_degarbage(x)      \

/*#define _pam_degarbage(x)      \

{                              \

{                              \

  register char *__xx__;       \

  register char *__xx__;       \

    if ((__xx__ = (x)))        \

    if ((__xx__ = (x)))        \

Lines 70-99	Link Here

        else                   \

        else                   \

          __xx__++;            \

          __xx__++;            \

      }                        \

      }                        \

}*/

/* Handy empty AUTHTOK macro */

/* Handy empty AUTHTOK macro */

#define empty_authtok(a) (a == NULL || !*a || *a == '\n')

#define empty_authtok(a) (a == NULL || !*a || *a == '\n')

/* Maximum challenge size. It should be 64, but be sure */

#define CHALLENGE_MAXSIZE 128

/* Define module flags */

/* Define module flags */

#define _MOD_NONE_ON        0x0000      /* Generic flag */

#define _MOD_NONE_ON         0x0000	/* Generic flag */

#define _MOD_ALL_ON    (~_MOD_NONE_ON)  /* Generic mask */

#define _MOD_ALL_ON    (~_MOD_NONE_ON)	/* Generic mask */

#define _MOD_DEBUG          0x0001      /* Debugging options on */

#define _MOD_DEBUG           0x0001	/* Debugging options on */

#define _MOD_ECHO_OFF       0x0002      /* PAM_ECHO_OFF */

#define _MOD_TRY_FIRST_PASS  0x0002	/* Attempt using PAM_AUTHTOK */

#define _MOD_ACCESS_CHECK   0x0004      /* Check S/Key access permissions */

#define _MOD_USE_FIRST_PASS  0x0004	/* Only use PAM_AUTHTOK */

#define _MOD_USE_FIRST_PASS 0x0008      /* Use PAM_AUTHTOK */

#define _MOD_NO_DEFAULT_SKEY 0x0008	/* Don't use S/Key by default */

#define _MOD_ONLY_ONE_TRY   0x0010      /* Only one try, no matter of echo */

#define _MOD_SPACER         0x0020      /* Currently unused */

/* Setup defaults - use echo off only */

/* Setup defaults - use echo off only */

#define _MOD_DEFAULT_FLAG   _MOD_ECHO_OFF

#define _MOD_DEFAULT_FLAG   _MOD_NONE_ON

#define _MOD_DEFAULT_MASK   _MOD_ALL_ON

#define _MOD_DEFAULT_MASK   _MOD_ALL_ON

/* Number of parameters currently known */

/* Number of parameters currently known */

#define _MOD_ARGS           8

#define _MOD_ARGS           4

/* Structure for flexible argument parsing */

/* Structure for flexible argument parsing */

typedef struct

typedef struct

Lines 108-118	Link Here

  /* String            Mask                           Flag */

  /* String            Mask                           Flag */

  {"debug",            _MOD_ALL_ON,                   _MOD_DEBUG},

  {"debug",            _MOD_ALL_ON,                   _MOD_DEBUG},

  {"echo=off",         _MOD_ALL_ON,                   _MOD_ECHO_OFF},

  {"try_first_pass",   _MOD_ALL_ON,                   _MOD_TRY_FIRST_PASS},

  {"echo=on",          _MOD_ALL_ON^_MOD_ECHO_OFF,     _MOD_NONE_ON},

  {"access_check=on",  _MOD_ALL_ON,                   _MOD_ACCESS_CHECK},

  {"access_check=off", _MOD_ALL_ON^_MOD_ACCESS_CHECK, _MOD_NONE_ON},

  {"use_first_pass",   _MOD_ALL_ON,                   _MOD_USE_FIRST_PASS},

  {"use_first_pass",   _MOD_ALL_ON,                   _MOD_USE_FIRST_PASS},

  {"try_first_pass",   _MOD_ALL_ON,                   _MOD_USE_FIRST_PASS},

  {"no_default_skey",  _MOD_ALL_ON,                   _MOD_NO_DEFAULT_SKEY}

  {"only_one_try",     _MOD_ALL_ON,                   _MOD_ONLY_ONE_TRY}

};

};

(-) pam_skey-1.1.4/pam_skey_access.c (-161 lines)

Lines 1-161	Link Here

/*

 * (c) 2001 Dinko Korunic, kreator@srce.hr

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

 * S/KEY is a trademark of Bellcore.

 * Mink is the former name of the S/KEY authentication system.

 * Programs that had some influence in development of this source:

 *  Wietse Venema's logdaemon package

 *  Olaf Kirch's Linux S/Key package

 *  Linux-PAM modules and templates

 *  Wyman Miles' pam_securid module

 * Should you choose to use and/or modify this source code, please do so

 * under the terms of the GNU General Public License under which this

 * program is distributed.

*/

static char rcsid[] = "$Id: pam_skey_access.c,v 1.2 2005/06/18 12:36:18 kreator Exp $";

#include "defs.h"

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#ifdef STRING_WITH_STRINGS

# include <strings.h>

#endif

#include <unistd.h>

#include <pwd.h>

#include <sys/types.h>

#include <syslog.h>

#define PAM_EXTERN extern

#undef PAM_STATIC

#include <security/pam_appl.h>

#include <security/pam_modules.h>

#include "skey.h"

#include "pam_skey.h"

#include "misc.h"

PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh, int flags,

  int argc, const char **argv)

  return PAM_SUCCESS;

PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,

  int argc, const char **argv)

  char *username = NULL; /* will point to username */

  unsigned mod_opt = _MOD_NONE_ON; /* module options */

  char *host; /* will point to host */

  char *port; /* will point to port */

  struct passwd *pwuser;

  /* Get module options */

  mod_getopt(&mod_opt, argc, argv);

  /* Get username */

#if defined LINUX || defined BSD

  if (pam_get_user(pamh, (const char **)&username, "login:")!=PAM_SUCCESS)

#else

  if (pam_get_user(pamh, (char **)&username, "login:")!=PAM_SUCCESS)

#endif

    fprintf(stderr, "cannot determine username\n");

    if (mod_opt & _MOD_DEBUG)

      syslog(LOG_DEBUG, "cannot determine username");

    return PAM_AUTHINFO_UNAVAIL;

  if (mod_opt & _MOD_DEBUG)

    syslog(LOG_DEBUG, "got username %s", username);

  /* Check S/Key access permissions - user, host and port. Also include

   * sanity checks */

  /* Get host.. */

#if defined LINUX || defined BSD

  if (pam_get_item(pamh, PAM_RHOST, (const void **)&host)

#else

  if (pam_get_item(pamh, PAM_RHOST, (void **)&host)

#endif

    != PAM_SUCCESS)

      host = NULL;

  /* ..and port */

#ifdef LINUX

  if (pam_get_item(pamh, PAM_TTY, (const void **)&port)

#else

  if (pam_get_item(pamh, PAM_TTY, (void **)&port)

#endif

    != PAM_SUCCESS)

      port = NULL;

  if (mod_opt & _MOD_DEBUG)

    syslog(LOG_DEBUG, "checking s/key access for user %s,"

      " host %s, port %s", username,

      (host != NULL) ? host : "*unknown*",

      (port != NULL) ? port : "*unknown*");

  /* Get information from passwd file */

  if ((pwuser = getpwnam(username)) == NULL)

    fprintf(stderr, "no such user\n");

    syslog(LOG_NOTICE, "cannot find user %s",

      username);

    return PAM_AUTHINFO_UNAVAIL;

#ifdef HAVE_SKEYACCESS

  /* Do actual checking - we assume skeyaccess() returns PERMIT which is

   * by default 1. Notice 4th argument is NULL - we will not perform

   * address checks on host itself */

  if (skeyaccess(pwuser, port, host, NULL) != 1)

    fprintf(stderr, "no s/key access permissions\n");

    syslog(LOG_NOTICE, "no s/key access permissions for %s",

        username);

    return PAM_AUTH_ERR;

#endif /* HAVE_SKEYACCESS */

  return PAM_SUCCESS;

/* Get module optional parameters */

static void mod_getopt(unsigned *mod_opt, int mod_argc, const char **mod_argv)

  int i;

  /* Setup runtime defaults */

  *mod_opt |= _MOD_DEFAULT_FLAG;

  *mod_opt &= _MOD_DEFAULT_MASK;

  /* Setup runtime options */

  while (mod_argc--)

    for (i = 0; i < _MOD_ARGS; ++i)

      if (mod_args[i].token != NULL &&

          !strncmp(*mod_argv, mod_args[i].token,

            strlen(mod_args[i].token)))

        break;

    if (i >= _MOD_ARGS)

      syslog(LOG_ERR, "unknown option %s", *mod_argv);

    else

      *mod_opt &= mod_args[i].mask; /* Turn off */

      *mod_opt |= mod_args[i].flag; /* Turn on */

    ++mod_argv;

Attachment #81492: pam_skey-1.1.4-gentoo.patch for bug #55279