[linux-pam] pam_selinux.8.xml: update
by Dmitry V. Levin
commit aea290af6d2de6a493e952b9ef8c771ab9014fef
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Tue Oct 19 23:34:52 2010 +0000
pam_selinux.8.xml: update
* modules/pam_selinux/pam_selinux.8.xml (pam_selinux-cmdsynopsis):
Reorder options, add new "restore" option.
pam_selinux-description): Rewrite.
(pam_selinux-options): Reorder options, describe new "restore" option.
(pam_selinux-return_values): Remove PAM_AUTH_ERR, PAM_SESSION_ERR
and PAM_BUF_ERR.
(pam_selinux-see_also): Remove pam.conf(5). Add execve(2), tty(4)
and selinux(8).
modules/pam_selinux/pam_selinux.8.xml | 113 +++++++++++++++++++++-----------
1 files changed, 74 insertions(+), 39 deletions(-)
---
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml
index 2c1cdb2..28d465f 100644
--- a/modules/pam_selinux/pam_selinux.8.xml
+++ b/modules/pam_selinux/pam_selinux.8.xml
@@ -19,18 +19,21 @@
<cmdsynopsis id="pam_selinux-cmdsynopsis">
<command>pam_selinux.so</command>
<arg choice="opt">
- close
+ open
</arg>
<arg choice="opt">
- debug
+ close
</arg>
<arg choice="opt">
- open
+ restore
</arg>
<arg choice="opt">
nottys
</arg>
<arg choice="opt">
+ debug
+ </arg>
+ <arg choice="opt">
verbose
</arg>
<arg choice="opt">
@@ -48,26 +51,31 @@
<refsect1 id="pam_selinux-description">
<title>DESCRIPTION</title>
<para>
- In a nutshell, pam_selinux sets up the default security context for the
- next execed shell.
+ pam_selinux is a PAM module that sets up the default SELinux security
+ context for the next executed process.
+ </para>
+ <para>
+ When a new session is started, the open_session part of the module
+ computes and sets up the execution security context used for the next
+ <citerefentry>
+ <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
+ </citerefentry>
+ call, the file security context for the controlling terminal, and
+ the security context used for creating a new kernel keyring.
</para>
<para>
- When an application opens a session using pam_selinux, the shell that
- gets executed will be run in the default security context, or if the
- user chooses and the pam file allows the selected security context.
- Also the controlling tty will have it's security context modified to
- match the users.
+ When the session is ended, the close_session part of the module restores
+ old security contexts that were in effect before the change made
+ by the open_session part of the module.
</para>
<para>
- Adding pam_selinux into a pam file could cause other pam modules to
- change their behavior if the exec another application. The close and
- open option help mitigate this problem. close option will only cause
- the close portion of the pam_selinux to execute, and open will only
- cause the open portion to run. You can add pam_selinux to the config
- file twice. Add the pam_selinux close as the executes the open pass
- through the modules, pam_selinux open_session will happen last.
- When PAM executes the close pass through the modules pam_selinux
- close_session will happen first.
+ Adding pam_selinux into the PAM stack might disrupt behavior of other
+ PAM modules which execute applications. To avoid that,
+ <emphasis>pam_selinux.so open</emphasis> should be placed after such
+ modules in the PAM stack, and <emphasis>pam_selinux.so close</emphasis>
+ should be placed before them. When such a placement is not feasible,
+ <emphasis>pam_selinux.so restore</emphasis> could be used to temporary
+ restore original security contexts.
</para>
</refsect1>
@@ -76,34 +84,34 @@
<variablelist>
<varlistentry>
<term>
- <option>close</option>
+ <option>open</option>
</term>
<listitem>
<para>
- Only execute the close_session portion of the module.
+ Only execute the open_session part of the module.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>debug</option>
+ <option>close</option>
</term>
<listitem>
<para>
- Turns on debugging via
- <citerefentry>
- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry>.
+ Only execute the close_session part of the module.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>open</option>
+ <option>restore</option>
</term>
<listitem>
<para>
- Only execute the open_session portion of the module.
+ In open_session part of the module, temporarily restore the
+ security contexts as they were before the previous call of
+ the module. Another call of this module without the restore
+ option will set up the new security contexts again.
</para>
</listitem>
</varlistentry>
@@ -113,7 +121,20 @@
</term>
<listitem>
<para>
- Do not try to setup the ttys security context.
+ Do not setup security context of the controlling terminal.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Turn on debug messages via
+ <citerefentry>
+ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
</para>
</listitem>
</varlistentry>
@@ -123,7 +144,7 @@
</term>
<listitem>
<para>
- attempt to inform the user when security context is set.
+ Attempt to inform the user when security context is set.
</para>
</listitem>
</varlistentry>
@@ -134,7 +155,7 @@
<listitem>
<para>
Attempt to ask the user for a custom security context role.
- If MLS is on ask also for sensitivity level.
+ If MLS is on, ask also for sensitivity level.
</para>
</listitem>
</varlistentry>
@@ -145,11 +166,11 @@
<listitem>
<para>
Attempt to obtain a custom security context role from PAM environment.
- If MLS is on obtain also sensitivity level. This option and the
- select_context option are mutually exclusive. The respective PAM
+ If MLS is on, obtain also sensitivity level. This option and the
+ select_context option are mutually exclusive. The respective PAM
environment variables are <emphasis>SELINUX_ROLE_REQUESTED</emphasis>,
<emphasis>SELINUX_LEVEL_REQUESTED</emphasis>, and
- <emphasis>SELINUX_USE_CURRENT_RANGE</emphasis>. The first two variables
+ <emphasis>SELINUX_USE_CURRENT_RANGE</emphasis>. The first two variables
are self describing and the last one if set to 1 makes the PAM module behave as
if the use_current_range was specified on the command line of the module.
</para>
@@ -181,18 +202,18 @@
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
- <term>PAM_AUTH_ERR</term>
+ <term>PAM_SUCCESS</term>
<listitem>
<para>
- Unable to get or set a valid context.
+ The security context was set successfully.
</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>PAM_SUCCESS</term>
+ <term>PAM_SESSION_ERR</term>
<listitem>
<para>
- The security context was set successfully.
+ Unable to get or set a valid context.
</para>
</listitem>
</varlistentry>
@@ -204,6 +225,14 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory allocation error.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
@@ -220,13 +249,19 @@ session optional pam_selinux.so
<title>SEE ALSO</title>
<para>
<citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ <refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>tty</refentrytitle><manvolnum>4</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>selinux</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
12 years, 5 months
[linux-pam] pam_selinux.c: add "restore" option
by Dmitry V. Levin
commit cffedb98666140013497524064d3098c11461ff1
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Tue Oct 19 23:34:52 2010 +0000
pam_selinux.c: add "restore" option
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new
"restore" option.
modules/pam_selinux/pam_selinux.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index a8f540d..d66ccb4 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -849,7 +849,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
const module_data_t *data;
- int i, debug = 0, verbose = 0, close_session = 0;
+ int i, debug = 0, verbose = 0, close_session = 0, restore = 0;
/* Parse arguments. */
for (i = 0; i < argc; i++) {
@@ -862,6 +862,9 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
if (strcmp(argv[i], "close") == 0) {
close_session = 1;
}
+ if (strcmp(argv[i], "restore") == 0) {
+ restore = 1;
+ }
}
if (debug)
@@ -873,6 +876,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
data = get_module_data(pamh);
+ /* Is this module supposed only to restore original context? */
+ if (restore)
+ return restore_context(pamh, data, debug);
+
/* If there is a saved context, this module is supposed to set it again. */
return data ? set_context(pamh, data, debug, verbose) :
create_context(pamh, argc, argv, debug, verbose);
12 years, 5 months
[linux-pam] pam_selinux.c: rewrite using pam_get_data/pam_set_data
by Dmitry V. Levin
commit d39e8e553683fa9816bf54679ee5b963493f46f2
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Tue Oct 19 23:34:51 2010 +0000
pam_selinux.c: rewrite using pam_get_data/pam_set_data
* modules/pam_selinux/pam_selinux.c (security_restorelabel_tty,
security_label_tty): Remove old functions.
(module_data_t): New structure.
(free_module_data, cleanup, get_module_data, get_item,
set_exec_context, set_file_context, compute_exec_context,
compute_tty_context, restore_context, set_context,
create_context): New functions.
(pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session,
pam_sm_close_session): Use them.
modules/pam_selinux/pam_selinux.c | 602 +++++++++++++++++++++----------------
1 files changed, 336 insertions(+), 266 deletions(-)
---
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index b777b01..a8f540d 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -480,139 +480,301 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par
return newcon;
}
+#define DATANAME "pam_selinux_context"
+typedef struct {
+ security_context_t exec_context;
+ security_context_t prev_exec_context;
+ security_context_t default_user_context;
+ security_context_t tty_context;
+ security_context_t prev_tty_context;
+ char *tty_path;
+} module_data_t;
+
static void
-security_restorelabel_tty(const pam_handle_t *pamh,
- const char *tty, security_context_t context)
+free_module_data(module_data_t *data)
+{
+ free(data->tty_path);
+ freecon(data->prev_tty_context);
+ freecon(data->tty_context);
+ freecon(data->default_user_context);
+ freecon(data->prev_exec_context);
+ if (data->exec_context != data->default_user_context)
+ freecon(data->exec_context);
+ memset(data, 0, sizeof(*data));
+ free(data);
+}
+
+static void
+cleanup(pam_handle_t *pamh UNUSED, void *data, int err UNUSED)
+{
+ free_module_data(data);
+}
+
+static const module_data_t *
+get_module_data(const pam_handle_t *pamh)
+{
+ const void *data;
+
+ return (pam_get_data(pamh, DATANAME, &data) == PAM_SUCCESS) ? data : NULL;
+}
+
+static const char *
+get_item(const pam_handle_t *pamh, int item_type)
+{
+ const void *item;
+
+ return (pam_get_item(pamh, item_type, &item) == PAM_SUCCESS) ? item : NULL;
+}
+
+static int
+set_exec_context(const pam_handle_t *pamh, security_context_t context)
+{
+ if (setexeccon(context) == 0)
+ return 0;
+ pam_syslog(pamh, LOG_ERR, "Setting executable context \"%s\" failed: %m",
+ context ? context : "");
+ return -1;
+}
+
+static int
+set_file_context(const pam_handle_t *pamh, security_context_t context,
+ const char *file)
+{
+ if (!file)
+ return 0;
+ if (setfilecon(file, context) == 0 || errno == ENOENT)
+ return 0;
+ pam_syslog(pamh, LOG_ERR, "Setting file context \"%s\" failed for %s: %m",
+ context ? context : "", file);
+ return -1;
+}
+
+static int
+compute_exec_context(pam_handle_t *pamh, module_data_t *data,
+ int select_context, int use_current_range,
+ int env_params, int debug)
{
- char ttybuf[PATH_MAX];
- const char *ptr;
+ const char *username;
- if (context==NULL)
- return;
+#ifdef HAVE_GETSEUSER
+ const char *service;
+#endif
+ char *seuser = NULL;
+ char *level = NULL;
+ security_context_t *contextlist = NULL;
+ int num_contexts = 0;
- if(strncmp("/dev/", tty, 5)) {
- snprintf(ttybuf,sizeof(ttybuf),"/dev/%s",tty);
- ptr = ttybuf;
+ if (!(username = get_item(pamh, PAM_USER))) {
+ pam_syslog(pamh, LOG_ERR, "Cannot obtain the user name");
+ return PAM_USER_UNKNOWN;
}
- else
- ptr = tty;
- if (setfilecon(ptr, context) && errno != ENOENT)
- {
- pam_syslog(pamh, LOG_NOTICE,
- "Warning! Could not relabel %s with %s, not relabeling: %m",
- ptr, context);
+ /* compute execute context */
+#ifdef HAVE_GETSEUSER
+ if (!(service = get_item(pamh, PAM_SERVICE))) {
+ pam_syslog(pamh, LOG_ERR, "Cannot obtain the service name");
+ return PAM_SESSION_ERR;
+ }
+ if (getseuser(username, service, &seuser, &level) == 0) {
+#else
+ if (getseuserbyname(username, &seuser, &level) == 0) {
+#endif
+ num_contexts = get_ordered_context_list_with_level(seuser, level, NULL,
+ &contextlist);
+ if (debug)
+ pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User= %s Level= %s",
+ username, seuser, level);
+ free(level);
+ }
+ if (num_contexts > 0) {
+ free(seuser);
+ data->default_user_context = strdup(contextlist[0]);
+ freeconary(contextlist);
+ if (!data->default_user_context) {
+ pam_syslog(pamh, LOG_ERR, "Out of memory");
+ return PAM_BUF_ERR;
+ }
+
+ data->exec_context = data->default_user_context;
+ if (select_context)
+ data->exec_context = config_context(pamh, data->default_user_context,
+ use_current_range, debug);
+ else if (env_params || use_current_range)
+ data->exec_context = context_from_env(pamh, data->default_user_context,
+ env_params, use_current_range,
+ debug);
+ } else {
+ if (seuser) {
+ data->exec_context = manual_context(pamh, seuser, debug);
+ free(seuser);
+ }
}
+
+ if (!data->exec_context) {
+ pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", username);
+ pam_prompt(pamh, PAM_ERROR_MSG, NULL,
+ _("Unable to get valid context for %s"), username);
+ }
+
+ if (getexeccon(&data->prev_exec_context) < 0)
+ data->prev_exec_context = NULL;
+
+ return PAM_SUCCESS;
}
-static security_context_t
-security_label_tty(pam_handle_t *pamh, char *tty,
- security_context_t usercon)
+static int
+compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
{
- char ttybuf[PATH_MAX];
- int status=0;
- security_context_t newdev_context=NULL; /* The new context of a device */
- security_context_t prev_context=NULL; /* The new context of a device */
- const char *ptr;
-
- if(strncmp("/dev/", tty, 5))
- {
- snprintf(ttybuf,sizeof(ttybuf),"/dev/%s",tty);
- ptr = ttybuf;
+ const char *tty = get_item(pamh, PAM_TTY);
+
+ if (!tty || !*tty || !strcmp(tty, "ssh") || !strncmp(tty, "NODEV", 5)) {
+ tty = ttyname(STDIN_FILENO);
+ if (!tty || !*tty)
+ tty = ttyname(STDOUT_FILENO);
+ if (!tty || !*tty)
+ tty = ttyname(STDERR_FILENO);
+ if (!tty || !*tty)
+ return PAM_SUCCESS;
}
- else
- ptr = tty;
-
- if (getfilecon(ptr, &prev_context) < 0)
- {
- if(errno != ENOENT)
- pam_syslog(pamh, LOG_NOTICE,
- "Warning! Could not get current context for %s, not relabeling: %m",
- ptr);
- return NULL;
+
+ if (strncmp("/dev/", tty, 5)) {
+ if (asprintf(&data->tty_path, "%s%s", "/dev/", tty) < 0)
+ data->tty_path = NULL;
+ } else {
+ data->tty_path = strdup(tty);
}
- if( security_compute_relabel(usercon,prev_context,SECCLASS_CHR_FILE,
- &newdev_context)!=0)
- {
- pam_syslog(pamh, LOG_NOTICE,
- "Warning! Could not get new context for %s, not relabeling: %m",
- ptr);
- pam_syslog(pamh, LOG_NOTICE,
- "usercon=%s, prev_context=%s", usercon, prev_context);
- freecon(prev_context);
- return NULL;
+
+ if (!data->tty_path) {
+ pam_syslog(pamh, LOG_ERR, "Out of memory");
+ return PAM_BUF_ERR;
}
- status=setfilecon(ptr,newdev_context);
- if (status)
- {
- pam_syslog(pamh, LOG_NOTICE,
- "Warning! Could not relabel %s with %s, not relabeling: %m",
- ptr,newdev_context);
- freecon(prev_context);
- prev_context=NULL;
+
+ if (getfilecon(data->tty_path, &data->prev_tty_context) < 0) {
+ data->prev_tty_context = NULL;
+ if (errno == ENOENT) {
+ free(data->tty_path);
+ data->tty_path = NULL;
+ return PAM_SUCCESS;
+ }
+ pam_syslog(pamh, LOG_ERR, "Failed to get current context for %s: %m",
+ data->tty_path);
+ return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
}
- freecon(newdev_context);
- return prev_context;
-}
-static security_context_t user_context=NULL;
-static security_context_t prev_user_context=NULL;
-static security_context_t ttyn_context=NULL; /* The current context of ttyn device */
-static int selinux_enabled=0;
-static char *ttyn=NULL;
+ if (security_compute_relabel(data->exec_context, data->prev_tty_context,
+ SECCLASS_CHR_FILE, &data->tty_context)) {
+ data->tty_context = NULL;
+ pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m",
+ data->tty_path);
+ freecon(data->prev_tty_context);
+ data->prev_tty_context = NULL;
+ free(data->tty_path);
+ data->tty_path = NULL;
+ return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
+ }
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED,
- int argc UNUSED, const char **argv UNUSED)
+ return PAM_SUCCESS;
+}
+
+static int
+restore_context(const pam_handle_t *pamh, const module_data_t *data, int debug)
{
- /* Fail by default. */
- return PAM_AUTH_ERR;
+ int err;
+
+ if (!data) {
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "No context to restore");
+ return PAM_SUCCESS;
+ }
+
+ if (debug && data->tty_path)
+ pam_syslog(pamh, LOG_NOTICE,
+ "Restore file context of tty %s: [%s] -> [%s]",
+ data->tty_path,
+ data->tty_context ? data->tty_context : "",
+ data->prev_tty_context ? data->prev_tty_context : "");
+ err = set_file_context(pamh, data->prev_tty_context, data->tty_path);
+
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "Restore executable context: [%s] -> [%s]",
+ data->exec_context,
+ data->prev_exec_context ? data->prev_exec_context : "");
+ err |= set_exec_context(pamh, data->prev_exec_context);
+
+ if (err && security_getenforce() == 1)
+ return PAM_SESSION_ERR;
+
+ return PAM_SUCCESS;
}
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
- int argc UNUSED, const char **argv UNUSED)
+static int
+set_context(pam_handle_t *pamh, const module_data_t *data,
+ int debug, int verbose)
{
- return PAM_SUCCESS;
+ int rc, err;
+
+ if (debug && data->tty_path)
+ pam_syslog(pamh, LOG_NOTICE, "Set file context of tty %s: [%s] -> [%s]",
+ data->tty_path,
+ data->prev_tty_context ? data->prev_tty_context : "",
+ data->tty_context ? data->tty_context : "");
+ err = set_file_context(pamh, data->tty_context, data->tty_path);
+
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "Set executable context: [%s] -> [%s]",
+ data->prev_exec_context ? data->prev_exec_context : "",
+ data->exec_context);
+ rc = set_exec_context(pamh, data->exec_context);
+ err |= rc;
+
+ send_audit_message(pamh, !rc, data->default_user_context, data->exec_context);
+ if (verbose && !rc) {
+ char msg[PATH_MAX];
+
+ snprintf(msg, sizeof(msg),
+ _("Security Context %s Assigned"), data->exec_context);
+ send_text(pamh, msg, debug);
+ }
+#ifdef HAVE_SETKEYCREATECON
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "Set key creation context to %s",
+ data->exec_context ? data->exec_context : "");
+ rc = setkeycreatecon(data->exec_context);
+ err |= rc;
+ if (rc)
+ pam_syslog(pamh, LOG_ERR, "Setting key creation context %s failed: %m",
+ data->exec_context ? data->exec_context : "");
+ if (verbose && !rc) {
+ char msg[PATH_MAX];
+
+ snprintf(msg, sizeof(msg),
+ _("Key Creation Context %s Assigned"), data->exec_context);
+ send_text(pamh, msg, debug);
+ }
+#endif
+
+ if (err && security_getenforce() == 1)
+ return PAM_SESSION_ERR;
+
+ return PAM_SUCCESS;
}
-PAM_EXTERN int
-pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
+static int
+create_context(pam_handle_t *pamh, int argc, const char **argv,
+ int debug, int verbose)
{
- int i, debug = 0, ttys=1;
- int verbose=0, close_session=0;
+ int i;
+ int ttys = 1;
int select_context = 0;
int use_current_range = 0;
- int ret = 0;
- security_context_t* contextlist = NULL;
- int num_contexts = 0;
int env_params = 0;
- const char *username;
- const void *void_username;
- const void *tty = NULL;
- char *seuser=NULL;
- char *level=NULL;
- security_context_t default_user_context=NULL;
-#ifdef HAVE_GETSEUSER
- const void *void_service;
- const char *service;
-#endif
+ module_data_t *data;
/* Parse arguments. */
for (i = 0; i < argc; i++) {
- if (strcmp(argv[i], "debug") == 0) {
- debug = 1;
- }
if (strcmp(argv[i], "nottys") == 0) {
ttys = 0;
}
- if (strcmp(argv[i], "verbose") == 0) {
- verbose = 1;
- }
- if (strcmp(argv[i], "close") == 0) {
- close_session = 1;
- }
if (strcmp(argv[i], "select_context") == 0) {
select_context = 1;
}
@@ -624,171 +786,103 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
}
}
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "Open Session");
+ if (is_selinux_enabled() <= 0) {
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "SELinux is not enabled");
+ return PAM_SUCCESS;
+ }
if (select_context && env_params) {
- pam_syslog(pamh, LOG_ERR, "select_context cannot be used with env_params");
+ pam_syslog(pamh, LOG_ERR,
+ "select_context cannot be used with env_params");
select_context = 0;
}
- /* this module is only supposed to execute close_session */
- if (close_session)
- return PAM_SUCCESS;
+ if (!(data = calloc(1, sizeof(*data)))) {
+ pam_syslog(pamh, LOG_ERR, "Out of memory");
+ return PAM_BUF_ERR;
+ }
- if (!(selinux_enabled = is_selinux_enabled()>0) )
- return PAM_SUCCESS;
+ i = compute_exec_context(pamh, data, select_context, use_current_range,
+ env_params, debug);
+ if (i != PAM_SUCCESS) {
+ free_module_data(data);
+ return i;
+ }
- if (pam_get_item(pamh, PAM_USER, &void_username) != PAM_SUCCESS ||
- void_username == NULL) {
- return PAM_USER_UNKNOWN;
+ if (!data->exec_context) {
+ free_module_data(data);
+ return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
}
- username = void_username;
-#ifdef HAVE_GETSEUSER
- if (pam_get_item(pamh, PAM_SERVICE, (void *) &void_service) != PAM_SUCCESS ||
- void_service == NULL) {
- return PAM_SESSION_ERR;
+ if (ttys && (i = compute_tty_context(pamh, data)) != PAM_SUCCESS) {
+ free_module_data(data);
+ return i;
}
- service = void_service;
- if (getseuser(username, service, &seuser, &level) == 0) {
-#else
- if (getseuserbyname(username, &seuser, &level) == 0) {
-#endif
- num_contexts = get_ordered_context_list_with_level(seuser,
- level,
- NULL,
- &contextlist);
- if (debug)
- pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
- username, seuser, level);
- free(level);
+ if ((i = pam_set_data(pamh, DATANAME, data, cleanup)) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_ERR, "Error saving context: %m");
+ free_module_data(data);
+ return i;
}
- if (num_contexts > 0) {
- free(seuser);
- default_user_context=strdup(contextlist[0]);
- freeconary(contextlist);
- if (default_user_context == NULL) {
- pam_syslog(pamh, LOG_ERR, "Out of memory");
- return PAM_BUF_ERR;
- }
- user_context = default_user_context;
- if (select_context) {
- user_context = config_context(pamh, default_user_context, use_current_range, debug);
- } else if (env_params || use_current_range) {
- user_context = context_from_env(pamh, default_user_context, env_params, use_current_range, debug);
- }
+ return set_context(pamh, data, debug, verbose);
+}
- if (user_context == NULL) {
- freecon(default_user_context);
- pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s",
- username);
- pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("Unable to get valid context for %s"), username);
- if (security_getenforce() == 1)
- return PAM_AUTH_ERR;
- else
- return PAM_SUCCESS;
- }
- }
- else {
- if (seuser != NULL) {
- user_context = manual_context(pamh,seuser,debug);
- free(seuser);
- }
- if (user_context == NULL) {
- pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
- username);
- if (security_getenforce() == 1)
- return PAM_AUTH_ERR;
- else
- return PAM_SUCCESS;
- }
- }
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ /* Fail by default. */
+ return PAM_AUTH_ERR;
+}
- if (getexeccon(&prev_user_context)<0) {
- prev_user_context=NULL;
- }
- if (ttys) {
- /* Get the name of the terminal. */
- if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS) {
- tty = NULL;
- }
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_SUCCESS;
+}
- if ((tty == NULL) || (strlen(tty) == 0) ||
- strcmp(tty, "ssh") == 0 || strncmp(tty, "NODEV", 5) == 0) {
- tty = ttyname(STDIN_FILENO);
- if ((tty == NULL) || (strlen(tty) == 0)) {
- tty = ttyname(STDOUT_FILENO);
- }
- if ((tty == NULL) || (strlen(tty) == 0)) {
- tty = ttyname(STDERR_FILENO);
- }
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ const module_data_t *data;
+ int i, debug = 0, verbose = 0, close_session = 0;
+
+ /* Parse arguments. */
+ for (i = 0; i < argc; i++) {
+ if (strcmp(argv[i], "debug") == 0) {
+ debug = 1;
}
- }
- if (ttys && tty) {
- ttyn=strdup(tty);
- ttyn_context=security_label_tty(pamh,ttyn,user_context);
- }
- send_audit_message(pamh, 1, default_user_context, user_context);
- if (default_user_context != user_context) {
- freecon(default_user_context);
- }
- ret = setexeccon(user_context);
- if (ret==0 && verbose) {
- char msg[PATH_MAX];
- snprintf(msg, sizeof(msg),
- _("Security Context %s Assigned"), user_context);
- send_text(pamh, msg, debug);
- }
- if (ret) {
- pam_syslog(pamh, LOG_ERR,
- "Error! Unable to set %s executable context %s.",
- username, user_context);
- if (security_getenforce() == 1) {
- freecon(user_context);
- return PAM_AUTH_ERR;
+ if (strcmp(argv[i], "verbose") == 0) {
+ verbose = 1;
}
- } else {
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
- username, user_context);
- }
-#ifdef HAVE_SETKEYCREATECON
- ret = setkeycreatecon(user_context);
- if (ret==0 && verbose) {
- char msg[PATH_MAX];
- snprintf(msg, sizeof(msg),
- _("Key Creation Context %s Assigned"), user_context);
- send_text(pamh, msg, debug);
- }
- if (ret) {
- pam_syslog(pamh, LOG_ERR,
- "Error! Unable to set %s key creation context %s.",
- username, user_context);
- if (security_getenforce() == 1) {
- freecon(user_context);
- return PAM_AUTH_ERR;
+ if (strcmp(argv[i], "close") == 0) {
+ close_session = 1;
}
- } else {
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
- username, user_context);
}
-#endif
- freecon(user_context);
- return PAM_SUCCESS;
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "Open Session");
+
+ /* Is this module supposed to execute close_session only? */
+ if (close_session)
+ return PAM_SUCCESS;
+
+ data = get_module_data(pamh);
+
+ /* If there is a saved context, this module is supposed to set it again. */
+ return data ? set_context(pamh, data, debug, verbose) :
+ create_context(pamh, argc, argv, debug, verbose);
}
PAM_EXTERN int
pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
- int i, debug = 0, status = PAM_SUCCESS, open_session = 0;
- if (! (selinux_enabled ))
- return PAM_SUCCESS;
+ int i, debug = 0, open_session = 0;
/* Parse arguments. */
for (i = 0; i < argc; i++) {
@@ -803,34 +897,10 @@ pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
if (debug)
pam_syslog(pamh, LOG_NOTICE, "Close Session");
+ /* Is this module supposed to execute open_session only? */
if (open_session)
return PAM_SUCCESS;
- if (ttyn) {
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "Restore tty %s -> %s",
- ttyn,ttyn_context);
-
- security_restorelabel_tty(pamh,ttyn,ttyn_context);
- freecon(ttyn_context);
- free(ttyn);
- ttyn=NULL;
- }
-
- if (setexeccon(prev_user_context)) {
- pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.",
- prev_user_context ? prev_user_context : "");
- if (security_getenforce() == 1)
- status = PAM_AUTH_ERR;
- else
- status = PAM_SUCCESS;
- } else if (debug)
- pam_syslog(pamh, LOG_NOTICE, "Executable context back to original");
-
- if (prev_user_context) {
- freecon(prev_user_context);
- prev_user_context = NULL;
- }
-
- return status;
+ /* Restore original context. */
+ return restore_context(pamh, get_module_data(pamh), debug);
}
12 years, 5 months
[linux-pam] Use libpam.la/libpam_misc.la to link with -lpam/-lpam_misc
by Dmitry V. Levin
commit dc8b23cf9228ed432e9b7b2ee2209a06283241c0
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Fri Oct 28 02:28:38 2011 +0000
Use libpam.la/libpam_misc.la to link with -lpam/-lpam_misc
GNU automake documentation recommends to avoid using -l options in
LDADD or LIBADD when referring to libraries built by the package.
Instead, it recommends to write the file name of the library explicitly,
and use -l option only to list third-party libraries. As result, the
default value of *_DEPENDENCIES will list all local libraries and omit
the other ones.
* modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace
"-L$(top_builddir)/libpam -lpam" with
"$(top_builddir)/libpam/libpam.la", to follow GNU automake
recommendations.
* modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise.
* modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise.
* modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise.
* modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise.
* modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise.
* modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise.
* modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise.
* modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise.
* modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise.
* modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise.
* modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise.
* modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise.
* modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise.
* modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise.
* modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise.
* modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise.
* modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise.
* modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise.
* modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise.
* modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD,
mkhomedir_helper_LDADD): Likewise.
* modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise.
* modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise.
* modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise.
* modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise.
* modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise.
* modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise.
* modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise.
* modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise.
* modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise.
* modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise.
* modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise.
* modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD):
Likewise.
* modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise.
* modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD,
pam_tally2_LDADD): Likewise.
* modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise.
* modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD,
pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise.
* modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise.
* modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise.
* modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise.
* modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise.
* modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise.
* modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise.
* modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise.
* tests/Makefile.am (LDADD): Likewise.
* examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam"
with "$(top_builddir)/libpam/libpam.la", and
"-L$(top_builddir)/libpam_misc -lpam_misc" with
"$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake
recommendations.
* xtests/Makefile.am (LDADD): Likewise.
* modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise.
examples/Makefile.am | 4 ++--
modules/pam_access/Makefile.am | 2 +-
modules/pam_cracklib/Makefile.am | 2 +-
modules/pam_debug/Makefile.am | 2 +-
modules/pam_deny/Makefile.am | 2 +-
modules/pam_echo/Makefile.am | 2 +-
modules/pam_env/Makefile.am | 2 +-
modules/pam_exec/Makefile.am | 2 +-
modules/pam_faildelay/Makefile.am | 2 +-
modules/pam_filter/Makefile.am | 2 +-
modules/pam_filter/upperLOWER/Makefile.am | 2 +-
modules/pam_ftp/Makefile.am | 2 +-
modules/pam_group/Makefile.am | 2 +-
modules/pam_issue/Makefile.am | 2 +-
modules/pam_keyinit/Makefile.am | 2 +-
modules/pam_lastlog/Makefile.am | 2 +-
modules/pam_limits/Makefile.am | 2 +-
modules/pam_listfile/Makefile.am | 2 +-
modules/pam_localuser/Makefile.am | 2 +-
modules/pam_loginuid/Makefile.am | 2 +-
modules/pam_mail/Makefile.am | 2 +-
modules/pam_mkhomedir/Makefile.am | 4 ++--
modules/pam_motd/Makefile.am | 2 +-
modules/pam_namespace/Makefile.am | 2 +-
modules/pam_nologin/Makefile.am | 2 +-
modules/pam_permit/Makefile.am | 2 +-
modules/pam_pwhistory/Makefile.am | 2 +-
modules/pam_rhosts/Makefile.am | 2 +-
modules/pam_rootok/Makefile.am | 2 +-
modules/pam_securetty/Makefile.am | 2 +-
modules/pam_selinux/Makefile.am | 6 +++---
modules/pam_sepermit/Makefile.am | 2 +-
modules/pam_shells/Makefile.am | 2 +-
modules/pam_stress/Makefile.am | 2 +-
modules/pam_succeed_if/Makefile.am | 2 +-
modules/pam_tally/Makefile.am | 2 +-
modules/pam_tally2/Makefile.am | 4 ++--
modules/pam_time/Makefile.am | 2 +-
modules/pam_timestamp/Makefile.am | 6 +++---
modules/pam_tty_audit/Makefile.am | 2 +-
modules/pam_umask/Makefile.am | 2 +-
modules/pam_unix/Makefile.am | 2 +-
modules/pam_userdb/Makefile.am | 2 +-
modules/pam_warn/Makefile.am | 2 +-
modules/pam_wheel/Makefile.am | 2 +-
modules/pam_xauth/Makefile.am | 2 +-
tests/Makefile.am | 2 +-
xtests/Makefile.am | 4 ++--
48 files changed, 56 insertions(+), 56 deletions(-)
---
diff --git a/examples/Makefile.am b/examples/Makefile.am
index ac3f407..ebec86d 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -8,7 +8,7 @@ EXTRA_DIST = README
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-I$(top_srcdir)/libpam_misc/include
-LDADD = -L$(top_builddir)/libpam -lpam \
- -L$(top_builddir)/libpam_misc -lpam_misc
+LDADD = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
noinst_PROGRAMS = xsh vpass blank check_user
diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am
index 89222b5..0527674 100644
--- a/modules/pam_access/Makefile.am
+++ b/modules/pam_access/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_access.la
-pam_access_la_LIBADD = -L$(top_builddir)/libpam -lpam $(NIS_LIBS)
+pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la $(NIS_LIBS)
secureconf_DATA = access.conf
diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am
index 57ddd67..77b89d1 100644
--- a/modules/pam_cracklib/Makefile.am
+++ b/modules/pam_cracklib/Makefile.am
@@ -22,7 +22,7 @@ AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
-pam_cracklib_la_LIBADD = -L$(top_builddir)/libpam -lpam \
+pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
@LIBCRACK@ @LIBCRYPT@
if HAVE_LIBCRACK
securelib_LTLIBRARIES = pam_cracklib.la
diff --git a/modules/pam_debug/Makefile.am b/modules/pam_debug/Makefile.am
index d87af88..9e27ec5 100644
--- a/modules/pam_debug/Makefile.am
+++ b/modules/pam_debug/Makefile.am
@@ -20,7 +20,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_debug.la
-pam_debug_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_debug_la_LIBADD = $(top_builddir)/libpam/libpam.la
TESTS = tst-pam_debug
diff --git a/modules/pam_deny/Makefile.am b/modules/pam_deny/Makefile.am
index 118928a..e2d2ea4 100644
--- a/modules/pam_deny/Makefile.am
+++ b/modules/pam_deny/Makefile.am
@@ -21,7 +21,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_deny.la
-pam_deny_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_deny_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
diff --git a/modules/pam_echo/Makefile.am b/modules/pam_echo/Makefile.am
index 265e3a0..dc14b05 100644
--- a/modules/pam_echo/Makefile.am
+++ b/modules/pam_echo/Makefile.am
@@ -21,7 +21,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_echo.la
-pam_echo_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_echo_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am
index d39aad8..7b8d9af 100644
--- a/modules/pam_env/Makefile.am
+++ b/modules/pam_env/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_env.la
-pam_env_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la
secureconf_DATA = pam_env.conf
sysconf_DATA = environment
diff --git a/modules/pam_exec/Makefile.am b/modules/pam_exec/Makefile.am
index 2838d1d..293c00a 100644
--- a/modules/pam_exec/Makefile.am
+++ b/modules/pam_exec/Makefile.am
@@ -21,7 +21,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_exec.la
-pam_exec_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_exec_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
diff --git a/modules/pam_faildelay/Makefile.am b/modules/pam_faildelay/Makefile.am
index 2a4a2b0..9166d58 100644
--- a/modules/pam_faildelay/Makefile.am
+++ b/modules/pam_faildelay/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_faildelay.la
-pam_faildelay_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_faildelay_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_filter/Makefile.am b/modules/pam_filter/Makefile.am
index eddb08a..47e9b49 100644
--- a/modules/pam_filter/Makefile.am
+++ b/modules/pam_filter/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
include_HEADERS=pam_filter.h
-pam_filter_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_filter_la_LIBADD = $(top_builddir)/libpam/libpam.la
securelib_LTLIBRARIES = pam_filter.la
TESTS = tst-pam_filter
diff --git a/modules/pam_filter/upperLOWER/Makefile.am b/modules/pam_filter/upperLOWER/Makefile.am
index 93d24ff..41f0a34 100644
--- a/modules/pam_filter/upperLOWER/Makefile.am
+++ b/modules/pam_filter/upperLOWER/Makefile.am
@@ -10,6 +10,6 @@ securelibfilterdir = $(SECUREDIR)/pam_filter
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-I$(srcdir)/.. @PIE_CFLAGS@
AM_LDFLAGS = @PIE_LDFLAGS@
-LDADD = -L$(top_builddir)/libpam -lpam
+LDADD = $(top_builddir)/libpam/libpam.la
securelibfilter_PROGRAMS = upperLOWER
diff --git a/modules/pam_ftp/Makefile.am b/modules/pam_ftp/Makefile.am
index 4401399..bbc0a73 100644
--- a/modules/pam_ftp/Makefile.am
+++ b/modules/pam_ftp/Makefile.am
@@ -20,7 +20,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_ftp.la
-pam_ftp_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_ftp_la_LIBADD = $(top_builddir)/libpam/libpam.la
TESTS = tst-pam_ftp
diff --git a/modules/pam_group/Makefile.am b/modules/pam_group/Makefile.am
index 0fd2a5d..6c1c521 100644
--- a/modules/pam_group/Makefile.am
+++ b/modules/pam_group/Makefile.am
@@ -21,7 +21,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_group.la
-pam_group_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_group_la_LIBADD = $(top_builddir)/libpam/libpam.la
secureconf_DATA = group.conf
diff --git a/modules/pam_issue/Makefile.am b/modules/pam_issue/Makefile.am
index 40d5c1a..9291739 100644
--- a/modules/pam_issue/Makefile.am
+++ b/modules/pam_issue/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_issue.la
-pam_issue_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_issue_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_keyinit/Makefile.am b/modules/pam_keyinit/Makefile.am
index 4416c1c..5e8657c 100644
--- a/modules/pam_keyinit/Makefile.am
+++ b/modules/pam_keyinit/Makefile.am
@@ -31,4 +31,4 @@ endif
if HAVE_KEY_MANAGEMENT
securelib_LTLIBRARIES = pam_keyinit.la
endif
-pam_keyinit_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_keyinit_la_LIBADD = $(top_builddir)/libpam/libpam.la
diff --git a/modules/pam_lastlog/Makefile.am b/modules/pam_lastlog/Makefile.am
index 88bab27..1c63932 100644
--- a/modules/pam_lastlog/Makefile.am
+++ b/modules/pam_lastlog/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_lastlog.la
-pam_lastlog_la_LIBADD = -L$(top_builddir)/libpam -lpam -lutil
+pam_lastlog_la_LIBADD = $(top_builddir)/libpam/libpam.la -lutil
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am
index 7894373..75a4908 100644
--- a/modules/pam_limits/Makefile.am
+++ b/modules/pam_limits/Makefile.am
@@ -25,7 +25,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_limits.la
-pam_limits_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_limits_la_LIBADD = $(top_builddir)/libpam/libpam.la
secureconf_DATA = limits.conf
diff --git a/modules/pam_listfile/Makefile.am b/modules/pam_listfile/Makefile.am
index 1546625..7b10af9 100644
--- a/modules/pam_listfile/Makefile.am
+++ b/modules/pam_listfile/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_listfile.la
-pam_listfile_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_listfile_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_localuser/Makefile.am b/modules/pam_localuser/Makefile.am
index c7deac3..64f2ef3 100644
--- a/modules/pam_localuser/Makefile.am
+++ b/modules/pam_localuser/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_localuser.la
-pam_localuser_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_localuser_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_loginuid/Makefile.am b/modules/pam_loginuid/Makefile.am
index 4a715f1..1b9e87b 100644
--- a/modules/pam_loginuid/Makefile.am
+++ b/modules/pam_loginuid/Makefile.am
@@ -21,7 +21,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_loginuid.la
-pam_loginuid_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBAUDIT@
+pam_loginuid_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBAUDIT@
if ENABLE_REGENERATE_MAN
diff --git a/modules/pam_mail/Makefile.am b/modules/pam_mail/Makefile.am
index c63a2bc..84f3d9e 100644
--- a/modules/pam_mail/Makefile.am
+++ b/modules/pam_mail/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_mail.la
-pam_mail_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_mail_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_mkhomedir/Makefile.am b/modules/pam_mkhomedir/Makefile.am
index 6e93ba9..eb04721 100644
--- a/modules/pam_mkhomedir/Makefile.am
+++ b/modules/pam_mkhomedir/Makefile.am
@@ -22,7 +22,7 @@ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
securelib_LTLIBRARIES = pam_mkhomedir.la
pam_mkhomedir_la_SOURCES = pam_mkhomedir.c
-pam_mkhomedir_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_mkhomedir_la_LIBADD = $(top_builddir)/libpam/libpam.la
pam_mkhomedir_la_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
pam_mkhomedir_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -30,7 +30,7 @@ endif
sbin_PROGRAMS = mkhomedir_helper
mkhomedir_helper_SOURCES = mkhomedir_helper.c
-mkhomedir_helper_LDADD = -L$(top_builddir)/libpam -lpam
+mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am
index ec6cd57..bd499c5 100644
--- a/modules/pam_motd/Makefile.am
+++ b/modules/pam_motd/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_motd.la
-pam_motd_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_motd_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
index 44513de..586a543 100644
--- a/modules/pam_namespace/Makefile.am
+++ b/modules/pam_namespace/Makefile.am
@@ -34,7 +34,7 @@ noinst_HEADERS = md5.h pam_namespace.h argv_parse.h
if HAVE_UNSHARE
securelib_LTLIBRARIES = pam_namespace.la
pam_namespace_la_SOURCES = pam_namespace.c md5.c argv_parse.c
- pam_namespace_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@
+ pam_namespace_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
secureconf_DATA = namespace.conf
secureconf_SCRIPTS = namespace.init
diff --git a/modules/pam_nologin/Makefile.am b/modules/pam_nologin/Makefile.am
index f2bcfab..a4ed9ff 100644
--- a/modules/pam_nologin/Makefile.am
+++ b/modules/pam_nologin/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_nologin.la
-pam_nologin_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_nologin_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_permit/Makefile.am b/modules/pam_permit/Makefile.am
index 5d25132..dcc75eb 100644
--- a/modules/pam_permit/Makefile.am
+++ b/modules/pam_permit/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_permit.la
-pam_permit_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_permit_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am
index 4c24c27..4bb4d6d 100644
--- a/modules/pam_pwhistory/Makefile.am
+++ b/modules/pam_pwhistory/Makefile.am
@@ -25,7 +25,7 @@ endif
noinst_HEADERS = opasswd.h
securelib_LTLIBRARIES = pam_pwhistory.la
-pam_pwhistory_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBCRYPT@
+pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c
if ENABLE_REGENERATE_MAN
diff --git a/modules/pam_rhosts/Makefile.am b/modules/pam_rhosts/Makefile.am
index 7ffd4b7..7e04383 100644
--- a/modules/pam_rhosts/Makefile.am
+++ b/modules/pam_rhosts/Makefile.am
@@ -23,7 +23,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_rhosts.la
-pam_rhosts_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_rhosts_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_rootok/Makefile.am b/modules/pam_rootok/Makefile.am
index 81969fc..d132367 100644
--- a/modules/pam_rootok/Makefile.am
+++ b/modules/pam_rootok/Makefile.am
@@ -25,7 +25,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_rootok.la
-pam_rootok_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@
+pam_rootok_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am
index 092b677..30cc879 100644
--- a/modules/pam_securetty/Makefile.am
+++ b/modules/pam_securetty/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_securetty.la
-pam_securetty_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am
index 48709ef..28c60d8 100644
--- a/modules/pam_selinux/Makefile.am
+++ b/modules/pam_selinux/Makefile.am
@@ -22,7 +22,7 @@ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-I$(top_srcdir)/libpam_misc/include
pam_selinux_la_LDFLAGS = -no-undefined -avoid-version -module
-pam_selinux_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@ @LIBAUDIT@
+pam_selinux_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@
if HAVE_VERSIONING
pam_selinux_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
@@ -30,8 +30,8 @@ endif
if HAVE_LIBSELINUX
securelib_LTLIBRARIES = pam_selinux.la
noinst_PROGRAMS = pam_selinux_check
- pam_selinux_check_LDADD = -L$(top_builddir)/libpam -lpam \
- -L$(top_builddir)/libpam_misc -lpam_misc
+ pam_selinux_check_LDADD = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
endif
if ENABLE_REGENERATE_MAN
noinst_DATA = README pam_selinux.8
diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am
index 9211a93..d1a557f 100644
--- a/modules/pam_sepermit/Makefile.am
+++ b/modules/pam_sepermit/Makefile.am
@@ -24,7 +24,7 @@ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-D SEPERMIT_CONF_FILE=\"$(SCONFIGDIR)/sepermit.conf\" \
-D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\"
-pam_sepermit_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@
+pam_sepermit_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
pam_sepermit_la_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
pam_sepermit_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
diff --git a/modules/pam_shells/Makefile.am b/modules/pam_shells/Makefile.am
index f4abbb4..c9e01cc 100644
--- a/modules/pam_shells/Makefile.am
+++ b/modules/pam_shells/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_shells.la
-pam_shells_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_stress/Makefile.am b/modules/pam_stress/Makefile.am
index ff33817..a8d50eb 100644
--- a/modules/pam_stress/Makefile.am
+++ b/modules/pam_stress/Makefile.am
@@ -17,4 +17,4 @@ if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
securelib_LTLIBRARIES = pam_stress.la
-pam_stress_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_stress_la_LIBADD = $(top_builddir)/libpam/libpam.la
diff --git a/modules/pam_succeed_if/Makefile.am b/modules/pam_succeed_if/Makefile.am
index 49b5d46..ce1eb50 100644
--- a/modules/pam_succeed_if/Makefile.am
+++ b/modules/pam_succeed_if/Makefile.am
@@ -23,7 +23,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_succeed_if.la
-pam_succeed_if_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_succeed_if_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_tally/Makefile.am b/modules/pam_tally/Makefile.am
index e5b9559..53d0c0a 100644
--- a/modules/pam_tally/Makefile.am
+++ b/modules/pam_tally/Makefile.am
@@ -20,7 +20,7 @@ noinst_HEADERS = faillog.h
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
pam_tally_la_LDFLAGS = -no-undefined -avoid-version -module
-pam_tally_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_tally_la_LIBADD = $(top_builddir)/libpam/libpam.la
if HAVE_VERSIONING
pam_tally_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am
index 507c294..ec89864 100644
--- a/modules/pam_tally2/Makefile.am
+++ b/modules/pam_tally2/Makefile.am
@@ -21,12 +21,12 @@ noinst_HEADERS = tallylog.h
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module
-pam_tally2_la_LIBADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
+pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
if HAVE_VERSIONING
pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
-pam_tally2_LDADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT)
+pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
securelib_LTLIBRARIES = pam_tally2.la
sbin_PROGRAMS = pam_tally2
diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am
index d2ef636..a1640c1 100644
--- a/modules/pam_time/Makefile.am
+++ b/modules/pam_time/Makefile.am
@@ -21,7 +21,7 @@ AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
-pam_time_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_time_la_LIBADD = $(top_builddir)/libpam/libpam.la
securelib_LTLIBRARIES = pam_time.la
secureconf_DATA = time.conf
diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am
index 9b84cd1..5588225 100644
--- a/modules/pam_timestamp/Makefile.am
+++ b/modules/pam_timestamp/Makefile.am
@@ -22,7 +22,7 @@ noinst_HEADERS = hmacsha1.h sha1.h
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS)
-pam_timestamp_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la
if HAVE_VERSIONING
pam_timestamp_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
@@ -35,11 +35,11 @@ pam_timestamp_la_CFLAGS = $(AM_CFLAGS)
pam_timestamp_check_SOURCES = pam_timestamp_check.c
pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
-pam_timestamp_check_LDADD = -L$(top_builddir)/libpam -lpam
+pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la
pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@
hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
-hmacfile_LDADD = -L$(top_builddir)/libpam -lpam
+hmacfile_LDADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_tty_audit/Makefile.am b/modules/pam_tty_audit/Makefile.am
index 38c13c0..6378483 100644
--- a/modules/pam_tty_audit/Makefile.am
+++ b/modules/pam_tty_audit/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
if HAVE_AUDIT_TTY_STATUS
- pam_tty_audit_la_LIBADD = -L$(top_builddir)/libpam -lpam
+ pam_tty_audit_la_LIBADD = $(top_builddir)/libpam/libpam.la
securelib_LTLIBRARIES = pam_tty_audit.la
endif
diff --git a/modules/pam_umask/Makefile.am b/modules/pam_umask/Makefile.am
index 397c539..205e771 100644
--- a/modules/pam_umask/Makefile.am
+++ b/modules/pam_umask/Makefile.am
@@ -23,7 +23,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_umask.la
-pam_umask_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_umask_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am
index ea5a731..ab0d55a 100644
--- a/modules/pam_unix/Makefile.am
+++ b/modules/pam_unix/Makefile.am
@@ -29,7 +29,7 @@ pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
-pam_unix_la_LIBADD = -L$(top_builddir)/libpam -lpam \
+pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \
@LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS)
securelib_LTLIBRARIES = pam_unix.la
diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am
index 4fbe319..047b100 100644
--- a/modules/pam_userdb/Makefile.am
+++ b/modules/pam_userdb/Makefile.am
@@ -25,7 +25,7 @@ endif
if HAVE_LIBDB
securelib_LTLIBRARIES = pam_userdb.la
- pam_userdb_la_LIBADD = -L$(top_builddir)/libpam -lpam
+ pam_userdb_la_LIBADD = $(top_builddir)/libpam/libpam.la
endif
noinst_HEADERS = pam_userdb.h
diff --git a/modules/pam_warn/Makefile.am b/modules/pam_warn/Makefile.am
index 7fd570e..40c5bb6 100644
--- a/modules/pam_warn/Makefile.am
+++ b/modules/pam_warn/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_warn.la
-pam_warn_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_warn_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_wheel/Makefile.am b/modules/pam_wheel/Makefile.am
index f9d1b3d..0042ca8 100644
--- a/modules/pam_wheel/Makefile.am
+++ b/modules/pam_wheel/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_wheel.la
-pam_wheel_la_LIBADD = -L$(top_builddir)/libpam -lpam
+pam_wheel_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_xauth/Makefile.am b/modules/pam_xauth/Makefile.am
index 4504d7b..0735d13 100644
--- a/modules/pam_xauth/Makefile.am
+++ b/modules/pam_xauth/Makefile.am
@@ -22,7 +22,7 @@ if HAVE_VERSIONING
endif
securelib_LTLIBRARIES = pam_xauth.la
-pam_xauth_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@
+pam_xauth_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/tests/Makefile.am b/tests/Makefile.am
index dfe745d..7fb62de 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -4,7 +4,7 @@
AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \
-I$(top_srcdir)/libpam
-LDADD = -L$(top_builddir)/libpam -lpam
+LDADD = $(top_builddir)/libpam/libpam.la
CLEANFILES = *~
diff --git a/xtests/Makefile.am b/xtests/Makefile.am
index 904b536..a6d6f8d 100644
--- a/xtests/Makefile.am
+++ b/xtests/Makefile.am
@@ -4,8 +4,8 @@
AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \
-I$(top_srcdir)/libpamc/include -I$(top_srcdir)/libpam_misc/include
-LDADD = -L$(top_builddir)/libpam -lpam \
- -L$(top_builddir)/libpam_misc -lpam_misc
+LDADD = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
CLEANFILES = *~ $(XTESTS)
12 years, 5 months
[linux-pam] Fix usage of LIBADD, LDADD and LDFLAGS
by Dmitry V. Levin
commit 61a6b8c8e850ec1589e01accf15f3bce2c80d494
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Fri Oct 28 02:20:17 2011 +0000
Fix usage of LIBADD, LDADD and LDFLAGS
* modules/pam_selinux/Makefile.am: Rename pam_selinux_check_LDFLAGS to
pam_selinux_check_LDADD.
* modules/pam_userdb/Makefile.am: Split out pam_userdb_la_LIBADD from
AM_LDFLAGS.
* modules/pam_warn/Makefile.am: Split out pam_warn_la_LIBADD from
AM_LDFLAGS.
* modules/pam_wheel/Makefile.am: Split out pam_wheel_la_LIBADD from
AM_LDFLAGS.
* modules/pam_xauth/Makefile.am: split out pam_xauth_la_LIBADD from
AM_LDFLAGS.
* xtests/Makefile.am: Rename AM_LDFLAGS to LDADD.
modules/pam_selinux/Makefile.am | 8 +++-----
modules/pam_userdb/Makefile.am | 4 ++--
modules/pam_warn/Makefile.am | 4 ++--
modules/pam_wheel/Makefile.am | 4 ++--
modules/pam_xauth/Makefile.am | 4 ++--
xtests/Makefile.am | 2 +-
6 files changed, 12 insertions(+), 14 deletions(-)
---
diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am
index ef142f4..48709ef 100644
--- a/modules/pam_selinux/Makefile.am
+++ b/modules/pam_selinux/Makefile.am
@@ -21,12 +21,8 @@ secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-I$(top_srcdir)/libpam_misc/include
-pam_selinux_check_LDFLAGS = $(AM_LDFLAGS) \
- -L$(top_builddir)/libpam -lpam \
- -L$(top_builddir)/libpam_misc -lpam_misc
-
-pam_selinux_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@ @LIBAUDIT@
pam_selinux_la_LDFLAGS = -no-undefined -avoid-version -module
+pam_selinux_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@ @LIBAUDIT@
if HAVE_VERSIONING
pam_selinux_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
@@ -34,6 +30,8 @@ endif
if HAVE_LIBSELINUX
securelib_LTLIBRARIES = pam_selinux.la
noinst_PROGRAMS = pam_selinux_check
+ pam_selinux_check_LDADD = -L$(top_builddir)/libpam -lpam \
+ -L$(top_builddir)/libpam_misc -lpam_misc
endif
if ENABLE_REGENERATE_MAN
noinst_DATA = README pam_selinux.8
diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am
index 77cc960..4fbe319 100644
--- a/modules/pam_userdb/Makefile.am
+++ b/modules/pam_userdb/Makefile.am
@@ -18,14 +18,14 @@ securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-AM_LDFLAGS = -no-undefined -avoid-version -module \
- -L$(top_builddir)/libpam -lpam @LIBDB@ @LIBCRYPT@
+AM_LDFLAGS = -no-undefined -avoid-version -module @LIBDB@ @LIBCRYPT@
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
if HAVE_LIBDB
securelib_LTLIBRARIES = pam_userdb.la
+ pam_userdb_la_LIBADD = -L$(top_builddir)/libpam -lpam
endif
noinst_HEADERS = pam_userdb.h
diff --git a/modules/pam_warn/Makefile.am b/modules/pam_warn/Makefile.am
index 75cf38a..7fd570e 100644
--- a/modules/pam_warn/Makefile.am
+++ b/modules/pam_warn/Makefile.am
@@ -16,13 +16,13 @@ securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-AM_LDFLAGS = -no-undefined -avoid-version -module \
- -L$(top_builddir)/libpam -lpam
+AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
securelib_LTLIBRARIES = pam_warn.la
+pam_warn_la_LIBADD = -L$(top_builddir)/libpam -lpam
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_wheel/Makefile.am b/modules/pam_wheel/Makefile.am
index bccb8aa..f9d1b3d 100644
--- a/modules/pam_wheel/Makefile.am
+++ b/modules/pam_wheel/Makefile.am
@@ -16,13 +16,13 @@ securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-AM_LDFLAGS = -no-undefined -avoid-version -module \
- -L$(top_builddir)/libpam -lpam
+AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
securelib_LTLIBRARIES = pam_wheel.la
+pam_wheel_la_LIBADD = -L$(top_builddir)/libpam -lpam
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/modules/pam_xauth/Makefile.am b/modules/pam_xauth/Makefile.am
index db089ad..4504d7b 100644
--- a/modules/pam_xauth/Makefile.am
+++ b/modules/pam_xauth/Makefile.am
@@ -16,13 +16,13 @@ securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-AM_LDFLAGS = -no-undefined -avoid-version -module \
- -L$(top_builddir)/libpam -lpam @LIBSELINUX@
+AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
securelib_LTLIBRARIES = pam_xauth.la
+pam_xauth_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@
if ENABLE_REGENERATE_MAN
noinst_DATA = README
diff --git a/xtests/Makefile.am b/xtests/Makefile.am
index 498a9fc..904b536 100644
--- a/xtests/Makefile.am
+++ b/xtests/Makefile.am
@@ -4,7 +4,7 @@
AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \
-I$(top_srcdir)/libpamc/include -I$(top_srcdir)/libpam_misc/include
-AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \
+LDADD = -L$(top_builddir)/libpam -lpam \
-L$(top_builddir)/libpam_misc -lpam_misc
CLEANFILES = *~ $(XTESTS)
12 years, 5 months
[linux-pam] Update .gitignore files
by Dmitry V. Levin
commit 3e7fb3233efe776d867be9d34b4b6e83ec59df86
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Thu Oct 27 14:55:55 2011 +0000
Update .gitignore files
* .gitignore: Add common ignore patterns.
* m4/.gitignore: Unignore local m4 files.
* dynamic/.gitignore: Unignore Makefile.
* libpamc/test/modules/.gitignore: Likewise.
* libpamc/test/regress/.gitignore: Likewise.
* po/.gitignore: Add Makevars.template.
* conf/.gitignore: Remove common ignore patterns.
* conf/pam_conv1/.gitignore: Likewise.
* doc/.gitignore: Likewise.
* doc/specs/.gitignore: Likewise.
* doc/specs/formatter/.gitignore: Likewise.
* examples/.gitignore: Likewise.
* modules/pam_filter/upperLOWER/.gitignore: Likewise.
* modules/pam_mkhomedir/.gitignore: Likewise.
* modules/pam_selinux/.gitignore: Likewise.
* modules/pam_stress/.gitignore: Likewise.
* modules/pam_tally/.gitignore: Likewise.
* modules/pam_tally2/.gitignore: Likewise.
* modules/pam_timestamp/.gitignore: Likewise.
* modules/pam_unix/.gitignore: Likewise.
* tests/.gitignore: Likewise.
* xtests/.gitignore: Likewise.
* doc/adg/.gitignore: Remove.
* doc/man/.gitignore: Remove.
* doc/mwg/.gitignore: Remove.
* doc/sag/.gitignore: Remove.
* libpamc/.gitignore: Remove.
* libpamc/test/.gitignore: Remove.
* libpam/.gitignore: Remove.
* libpam_misc/.gitignore: Remove.
* modules/.gitignore: Remove.
* modules/pam_access/.gitignore: Remove.
* modules/pam_cracklib/.gitignore: Remove.
* modules/pam_debug/.gitignore: Remove.
* modules/pam_deny/.gitignore: Remove.
* modules/pam_echo/.gitignore: Remove.
* modules/pam_env/.gitignore: Remove.
* modules/pam_exec/.gitignore: Remove.
* modules/pam_faildelay/.gitignore: Remove.
* modules/pam_filter/.gitignore: Remove.
* modules/pam_ftp/.gitignore: Remove.
* modules/pam_group/.gitignore: Remove.
* modules/pam_issue/.gitignore: Remove.
* modules/pam_keyinit/.gitignore: Remove.
* modules/pam_lastlog/.gitignore: Remove.
* modules/pam_limits/.gitignore: Remove.
* modules/pam_listfile/.gitignore: Remove.
* modules/pam_localuser/.gitignore: Remove.
* modules/pam_loginuid/.gitignore: Remove.
* modules/pam_mail/.gitignore: Remove.
* modules/pam_motd/.gitignore: Remove.
* modules/pam_namespace/.gitignore: Remove.
* modules/pam_nologin/.gitignore: Remove.
* modules/pam_permit/.gitignore: Remove.
* modules/pam_pwhistory/.gitignore: Remove.
* modules/pam_rhosts/.gitignore: Remove.
* modules/pam_rootok/.gitignore: Remove.
* modules/pam_securetty/.gitignore: Remove.
* modules/pam_sepermit/.gitignore: Remove.
* modules/pam_shells/.gitignore: Remove.
* modules/pam_succeed_if/.gitignore: Remove.
* modules/pam_time/.gitignore: Remove.
* modules/pam_tty_audit/.gitignore: Remove.
* modules/pam_umask/.gitignore: Remove.
* modules/pam_userdb/.gitignore: Remove.
* modules/pam_warn/.gitignore: Remove.
* modules/pam_wheel/.gitignore: Remove.
* modules/pam_xauth/.gitignore: Remove.
.gitignore | 57 ++++++++++++++++-------------
conf/.gitignore | 2 -
conf/pam_conv1/.gitignore | 5 ---
doc/.gitignore | 2 -
doc/adg/.gitignore | 7 ----
doc/man/.gitignore | 49 -------------------------
doc/mwg/.gitignore | 7 ----
doc/sag/.gitignore | 7 ----
doc/specs/.gitignore | 5 ---
doc/specs/formatter/.gitignore | 3 --
dynamic/.gitignore | 1 +
examples/.gitignore | 4 --
libpam/.gitignore | 8 ----
libpam_misc/.gitignore | 15 --------
libpamc/.gitignore | 9 -----
libpamc/test/.gitignore | 2 -
libpamc/test/modules/.gitignore | 1 +
libpamc/test/regress/.gitignore | 1 +
m4/.gitignore | 21 ++++-------
modules/.gitignore | 3 --
modules/pam_access/.gitignore | 9 -----
modules/pam_cracklib/.gitignore | 8 ----
modules/pam_debug/.gitignore | 8 ----
modules/pam_deny/.gitignore | 8 ----
modules/pam_echo/.gitignore | 8 ----
modules/pam_env/.gitignore | 9 -----
modules/pam_exec/.gitignore | 8 ----
modules/pam_faildelay/.gitignore | 8 ----
modules/pam_filter/.gitignore | 9 -----
modules/pam_filter/upperLOWER/.gitignore | 4 --
modules/pam_ftp/.gitignore | 8 ----
modules/pam_group/.gitignore | 9 -----
modules/pam_issue/.gitignore | 8 ----
modules/pam_keyinit/.gitignore | 8 ----
modules/pam_lastlog/.gitignore | 8 ----
modules/pam_limits/.gitignore | 9 -----
modules/pam_listfile/.gitignore | 8 ----
modules/pam_localuser/.gitignore | 10 -----
modules/pam_loginuid/.gitignore | 9 -----
modules/pam_mail/.gitignore | 8 ----
modules/pam_mkhomedir/.gitignore | 9 -----
modules/pam_motd/.gitignore | 8 ----
modules/pam_namespace/.gitignore | 9 -----
modules/pam_nologin/.gitignore | 8 ----
modules/pam_permit/.gitignore | 8 ----
modules/pam_pwhistory/.gitignore | 8 ----
modules/pam_rhosts/.gitignore | 8 ----
modules/pam_rootok/.gitignore | 8 ----
modules/pam_securetty/.gitignore | 8 ----
modules/pam_selinux/.gitignore | 11 +-----
modules/pam_sepermit/.gitignore | 11 ------
modules/pam_shells/.gitignore | 8 ----
modules/pam_stress/.gitignore | 7 +---
modules/pam_succeed_if/.gitignore | 10 -----
modules/pam_tally/.gitignore | 8 ----
modules/pam_tally2/.gitignore | 8 ----
modules/pam_time/.gitignore | 9 -----
modules/pam_timestamp/.gitignore | 11 ------
modules/pam_tty_audit/.gitignore | 8 ----
modules/pam_umask/.gitignore | 10 -----
modules/pam_unix/.gitignore | 11 ------
modules/pam_userdb/.gitignore | 8 ----
modules/pam_warn/.gitignore | 8 ----
modules/pam_wheel/.gitignore | 8 ----
modules/pam_xauth/.gitignore | 10 -----
po/.gitignore | 3 +-
tests/.gitignore | 5 ---
xtests/.gitignore | 4 --
68 files changed, 44 insertions(+), 561 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 73baab4..f881729 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,29 +1,34 @@
-default.defs
-.freezemake
-.filelist
-autom4te.cache
-libtool
-include
-config.h
-config.h.in
-config.status
-config.log
-config.cache
-config.sub
-config.guess
-_pam_aconf.h
-Make.Rules
-Makefile
-Makefile.in
-stamp-h1
-configure
-aclocal.m4
-ltmain.sh
-compile
-missing
-depcomp
-ylwrap
-Linux-PAM-*.tar.*
+*.3
+*.5
+*.8
+*.a
+*.bak
+*.fo
+*.la
+*.lo
+*.o
+*.pdf
+*.so
+*~
+.deps/
+.libs/
/ABOUT-NLS
/ChangeLog
/INSTALL
+/Linux-PAM-*.tar.*
+/aclocal.m4
+/autom4te.cache
+/build-aux/
+/config.h
+/config.h.in
+/config.log
+/config.status
+/configure
+/doc/*/*.txt
+/doc/*/html/
+/libtool
+/modules/pam_*/README
+/stamp-h1
+Makefile
+Makefile.in
+lex.yy.c
diff --git a/conf/.gitignore b/conf/.gitignore
index aff7027..9372475 100644
--- a/conf/.gitignore
+++ b/conf/.gitignore
@@ -1,4 +1,2 @@
.ignore_age
.md5sum
-Makefile
-Makefile.in
diff --git a/conf/pam_conv1/.gitignore b/conf/pam_conv1/.gitignore
index ca46665..b467f98 100644
--- a/conf/pam_conv1/.gitignore
+++ b/conf/pam_conv1/.gitignore
@@ -1,11 +1,6 @@
-lex.yy.c
pam_conv.tab.c
pam_conv1
-Makefile
-Makefile.in
pam_conv.c
pam_conv_l.c
pam_conv_y.c
pam_conv_y.h
-.deps
-.libs
diff --git a/doc/.gitignore b/doc/.gitignore
index 407e0ce..7ac74f9 100644
--- a/doc/.gitignore
+++ b/doc/.gitignore
@@ -1,4 +1,2 @@
pam.sgml
MODULES-SGML
-Makefile
-Makefile.in
diff --git a/doc/specs/.gitignore b/doc/specs/.gitignore
index efaf18a..52a7fb4 100644
--- a/doc/specs/.gitignore
+++ b/doc/specs/.gitignore
@@ -1,10 +1,5 @@
draft-morgan-pam-*.txt
-Makefile
-Makefile.in
parse.c
-lex.yy.c
-.deps
-.libs
padout
parse_l.c
parse_y.c
diff --git a/doc/specs/formatter/.gitignore b/doc/specs/formatter/.gitignore
index ea34fc5..fdb5793 100644
--- a/doc/specs/formatter/.gitignore
+++ b/doc/specs/formatter/.gitignore
@@ -1,5 +1,2 @@
-lex.yy.c
parse.tab.c
padout
-Makefile
-Makefile.in
diff --git a/dynamic/.gitignore b/dynamic/.gitignore
new file mode 100644
index 0000000..2460008
--- /dev/null
+++ b/dynamic/.gitignore
@@ -0,0 +1 @@
+!Makefile
diff --git a/examples/.gitignore b/examples/.gitignore
index 12e16f1..2a0623d 100644
--- a/examples/.gitignore
+++ b/examples/.gitignore
@@ -2,7 +2,3 @@ blank
xsh
check_user
vpass
-Makefile
-Makefile.in
-.deps
-.libs
diff --git a/libpamc/test/modules/.gitignore b/libpamc/test/modules/.gitignore
new file mode 100644
index 0000000..2460008
--- /dev/null
+++ b/libpamc/test/modules/.gitignore
@@ -0,0 +1 @@
+!Makefile
diff --git a/libpamc/test/regress/.gitignore b/libpamc/test/regress/.gitignore
new file mode 100644
index 0000000..2460008
--- /dev/null
+++ b/libpamc/test/regress/.gitignore
@@ -0,0 +1 @@
+!Makefile
diff --git a/m4/.gitignore b/m4/.gitignore
index 0f592ba..24d81e4 100644
--- a/m4/.gitignore
+++ b/m4/.gitignore
@@ -1,14 +1,7 @@
-gettext.m4
-iconv.m4
-intlmacosx.m4
-lib-ld.m4
-lib-link.m4
-lib-prefix.m4
-libtool.m4
-nls.m4
-po.m4
-progtest.m4
-ltoptions.m4
-ltsugar.m4
-ltversion.m4
-lt~obsolete.m4
+*.m4
+!japhar_grep_cflags.m4
+!jh_path_xml_catalog.m4
+!ld-as-needed.m4
+!ld-no-undefined.m4
+!ld-O1.m4
+!libprelude.m4
diff --git a/modules/pam_filter/upperLOWER/.gitignore b/modules/pam_filter/upperLOWER/.gitignore
index ceceb1b..bcd6365 100644
--- a/modules/pam_filter/upperLOWER/.gitignore
+++ b/modules/pam_filter/upperLOWER/.gitignore
@@ -1,5 +1 @@
-.deps
-.libs
upperLOWER
-Makefile
-Makefile.in
diff --git a/modules/pam_mkhomedir/.gitignore b/modules/pam_mkhomedir/.gitignore
index a0ad1aa..7352e56 100644
--- a/modules/pam_mkhomedir/.gitignore
+++ b/modules/pam_mkhomedir/.gitignore
@@ -1,10 +1 @@
-*.la
-*.lo
-.deps
-.libs
-Makefile
-Makefile.in
-README
-pam_mkhomedir.8
mkhomedir_helper
-mkhomedir_helper.8
diff --git a/modules/pam_selinux/.gitignore b/modules/pam_selinux/.gitignore
index 08754fd..6683beb 100644
--- a/modules/pam_selinux/.gitignore
+++ b/modules/pam_selinux/.gitignore
@@ -1,11 +1,2 @@
-*.la
-*.lo
-*.so
-*~
-.deps
-.libs
-Makefile
-Makefile.in
pam_selinux_check
-README
-pam_selinux.8
+!pam_selinux_check.8
diff --git a/modules/pam_stress/.gitignore b/modules/pam_stress/.gitignore
index 9fb9857..a164aea 100644
--- a/modules/pam_stress/.gitignore
+++ b/modules/pam_stress/.gitignore
@@ -1,6 +1 @@
-*.la
-*.lo
-.deps
-.libs
-Makefile
-Makefile.in
+!README
diff --git a/modules/pam_tally/.gitignore b/modules/pam_tally/.gitignore
index 0286d63..b4d6899 100644
--- a/modules/pam_tally/.gitignore
+++ b/modules/pam_tally/.gitignore
@@ -1,9 +1 @@
-*.la
-*.lo
-.deps
-.libs
-Makefile
-Makefile.in
pam_tally
-README
-pam_tally.8
diff --git a/modules/pam_tally2/.gitignore b/modules/pam_tally2/.gitignore
index c20ebb9..8ff1858 100644
--- a/modules/pam_tally2/.gitignore
+++ b/modules/pam_tally2/.gitignore
@@ -1,9 +1 @@
-*.la
-*.lo
-.deps
-.libs
-Makefile
-Makefile.in
pam_tally2
-README
-pam_tally2.8
diff --git a/modules/pam_timestamp/.gitignore b/modules/pam_timestamp/.gitignore
index c084c91..9eb311b 100644
--- a/modules/pam_timestamp/.gitignore
+++ b/modules/pam_timestamp/.gitignore
@@ -1,13 +1,2 @@
-*.la
-*.lo
-*.so
-*~
-.deps
-.libs
-Makefile
-Makefile.in
-README
-pam_timestamp.8
-pam_timestamp_check.8
hmacfile
pam_timestamp_check
diff --git a/modules/pam_unix/.gitignore b/modules/pam_unix/.gitignore
index 01819c2..3beb544 100644
--- a/modules/pam_unix/.gitignore
+++ b/modules/pam_unix/.gitignore
@@ -1,14 +1,3 @@
-*.la
-*.lo
-*.so
-.deps
-.libs
-Makefile
-Makefile.in
bigcrypt
unix_chkpwd
unix_update
-README
-pam_unix.8
-unix_chkpwd.8
-unix_update.8
diff --git a/po/.gitignore b/po/.gitignore
index 32677b4..15407cd 100644
--- a/po/.gitignore
+++ b/po/.gitignore
@@ -1,6 +1,5 @@
+Makevars.template
POTFILES
-Makefile
-Makefile.in
*.gmo
remove-potcdate.sed
stamp-po
diff --git a/tests/.gitignore b/tests/.gitignore
index d8828fe..462f93c 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -1,8 +1,3 @@
-Makefile
-Makefile.in
-.deps
-.libs
-*.o
tst-dlopen
tst-pam_acct_mgmt
tst-pam_authenticate
diff --git a/xtests/.gitignore b/xtests/.gitignore
index 52af6dd..0ef1289 100644
--- a/xtests/.gitignore
+++ b/xtests/.gitignore
@@ -1,7 +1,3 @@
-Makefile
-Makefile.in
-.deps
-.libs
tst-pam_access1
tst-pam_access2
tst-pam_access3
12 years, 5 months
[linux-pam] Move generated auxiliary files to build-aux directory
by Dmitry V. Levin
commit f1ac3dedfca57b431e17ce3ba1004e5dd9a1b561
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Thu Oct 27 14:55:55 2011 +0000
Move generated auxiliary files to build-aux directory
* configure.in: Add AC_CONFIG_AUX_DIR([build-aux]).
configure.in | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/configure.in b/configure.in
index 5058155..727d49a 100644
--- a/configure.in
+++ b/configure.in
@@ -1,6 +1,7 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT
AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y])
+AC_CONFIG_AUX_DIR([build-aux])
AM_INIT_AUTOMAKE("Linux-PAM", 1.1.5)
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([config.h])
12 years, 5 months
[linux-pam] Remove generated files
by Dmitry V. Levin
commit 542ec8b9d73391fb3119ab6d4d5c38f28051be5b
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Thu Oct 27 14:55:55 2011 +0000
Remove generated files
* ABOUT-NLS: Remove.
* INSTALL: Remove.
* config.rpath: Remove.
* install-sh: Remove.
* mkinstalldirs: Remove.
* Makefile.am (EXTRA_DIST): Remove config.rpath and mkinstalldirs.
* .gitignore: Add ABOUT-NLS and INSTALL.
.gitignore | 2 +
ABOUT-NLS | 1110 ---------------------------------------------------------
INSTALL | 235 ------------
Makefile.am | 3 +-
config.rpath | 614 -------------------------------
install-sh | 323 -----------------
mkinstalldirs | 158 --------
7 files changed, 3 insertions(+), 2442 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 92a8849..73baab4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,4 +24,6 @@ missing
depcomp
ylwrap
Linux-PAM-*.tar.*
+/ABOUT-NLS
/ChangeLog
+/INSTALL
diff --git a/Makefile.am b/Makefile.am
index d2fa70d..ca5f7f6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -12,8 +12,7 @@ endif
CLEANFILES = *~
-EXTRA_DIST = config.rpath mkinstalldirs pgp.keys.asc CHANGELOG \
- ChangeLog-CVS Copyright Make.xml.rules
+EXTRA_DIST = pgp.keys.asc CHANGELOG ChangeLog-CVS Copyright Make.xml.rules
ACLOCAL_AMFLAGS = -I m4
12 years, 5 months
[linux-pam] Create release tarballs using safe ownership and permissions
by Dmitry V. Levin
commit e53ba506899c68afa3d0abfb0cc5c3482f70f718
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Thu Oct 27 14:55:55 2011 +0000
Create release tarballs using safe ownership and permissions
* Makefile.am: Define and export TAR_OPTIONS.
Makefile.am | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index 4384758..d2fa70d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -50,3 +50,5 @@ gen-ChangeLog:
dist-hook: gen-ChangeLog
.PHONY: gen-ChangeLog
+
+export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner --mode=go-w,go+rX
12 years, 5 months
[linux-pam] Generate ChangeLog from git log
by Dmitry V. Levin
commit 790ffe6e011bc7721d687ab4ac6419eb18c72624
Author: Dmitry V. Levin <ldv(a)altlinux.org>
Date: Thu Oct 27 14:55:55 2011 +0000
Generate ChangeLog from git log
* .gitignore: Add ChangeLog
* ChangeLog: Rename to ChangeLog-CVS.
* Makefile.am (gen-changelog): New rule.
(dist-hook, .PHONY): Depend on it.
(EXTRA_DIST): Add ChangeLog-CVS.
* README-hacking: New file.
* gitlog-to-changelog: Import from gnulib.
* autogen.sh: Create empty ChangeLog file to make automake strictness
check happy. Use automated "autoreconf -fiv" instead of manual
invocations of various autotools.
.gitignore | 1 +
ChangeLog => ChangeLog-CVS | 5 +
Makefile.am | 17 ++++-
README-hacking | 17 ++++
autogen.sh | 9 +--
gitlog-to-changelog | 213 ++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 255 insertions(+), 7 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b9ddd1b..92a8849 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,4 @@ missing
depcomp
ylwrap
Linux-PAM-*.tar.*
+/ChangeLog
diff --git a/ChangeLog b/ChangeLog-CVS
similarity index 99%
rename from ChangeLog
rename to ChangeLog-CVS
index d7d808b..47b54ce 100644
--- a/ChangeLog
+++ b/ChangeLog-CVS
@@ -1,3 +1,8 @@
+2011-10-26 Dmitry V. Levin <ldv(a)altlinux.org>
+
+ NB: ChangeLog file is no longer manually maintained.
+ See README-hacking for details.
+
2011-10-25 Thorsten Kukuk <kukuk(a)thkukuk.de>
* release version 1.1.5
diff --git a/Makefile.am b/Makefile.am
index 2d41b87..4384758 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -13,7 +13,7 @@ endif
CLEANFILES = *~
EXTRA_DIST = config.rpath mkinstalldirs pgp.keys.asc CHANGELOG \
- Copyright Make.xml.rules
+ ChangeLog-CVS Copyright Make.xml.rules
ACLOCAL_AMFLAGS = -I m4
@@ -35,3 +35,18 @@ xtests:
make -C xtests xtests
.PHONY: xtests
+
+gen_changelog_start_date = 2011-10-26
+gen-ChangeLog:
+ if test -d .git; then \
+ ( $(top_srcdir)/gitlog-to-changelog --append-dot \
+ --since=$(gen_changelog_start_date) && \
+ echo && echo && \
+ echo 'See ChangeLog-CVS for earlier changes.' \
+ ) > $(distdir)/ChangeLog.new && \
+ rm -f $(distdir)/ChangeLog && \
+ mv $(distdir)/ChangeLog.new $(distdir)/ChangeLog; \
+ fi
+
+dist-hook: gen-ChangeLog
+.PHONY: gen-ChangeLog
diff --git a/README-hacking b/README-hacking
new file mode 100644
index 0000000..d370094
--- /dev/null
+++ b/README-hacking
@@ -0,0 +1,17 @@
+No more ChangeLog file
+======================
+Do not create or modify the ChangeLog files. Starting at 2011-10-26, the
+policy changed. Before, we would insert the exact same text (or worse,
+sometimes slightly differing) into both the ChangeLog file and the commit
+log. Now we put that information only in the commit log, and generate
+the ChangeLog file from logs at "make dist" time. As such, there are
+strict requirements on the form of the commit log messages.
+
+
+Commit log requirements
+=======================
+Each commit log should always start with a one-line summary, the second
+line should be blank, and the remaining lines are usually ChangeLog-style
+entries for all affected files, except the leading TABs which should
+be omitted. It's OK to write a few lines of prose describing the change,
+when the summary and ChangeLog entries don't give enough of the big picture.
diff --git a/autogen.sh b/autogen.sh
index 050c861..f3a2801 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -1,8 +1,5 @@
#!/bin/sh -x
-aclocal -I m4 --install --force
-autoheader
-libtoolize --force --automake --copy
-automake --add-missing --copy
-autoreconf
-chmod 755 configure
+umask 022
+touch ChangeLog
+autoreconf -fiv
diff --git a/gitlog-to-changelog b/gitlog-to-changelog
new file mode 100755
index 0000000..4612d38
--- /dev/null
+++ b/gitlog-to-changelog
@@ -0,0 +1,213 @@
+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
+ & eval 'exec perl -wS "$0" $argv:q'
+ if 0;
+# Convert git log output to ChangeLog format.
+
+my $VERSION = '2011-10-31 16:06'; # UTC
+# The definition above must lie within the first 8 lines in order
+# for the Emacs time-stamp write hook (at end) to update it.
+# If you change this file with Emacs, please let the write hook
+# do its job. Otherwise, update this string manually.
+
+# Copyright (C) 2008-2011 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Written by Jim Meyering
+
+use strict;
+use warnings;
+use Getopt::Long;
+use POSIX qw(strftime);
+
+(my $ME = $0) =~ s|.*/||;
+
+# use File::Coda; # http://meyering.net/code/Coda/
+END {
+ defined fileno STDOUT or return;
+ close STDOUT and return;
+ warn "$ME: failed to close standard output: $!\n";
+ $? ||= 1;
+}
+
+sub usage ($)
+{
+ my ($exit_code) = @_;
+ my $STREAM = ($exit_code == 0 ? *STDOUT : *STDERR);
+ if ($exit_code != 0)
+ {
+ print $STREAM "Try `$ME --help' for more information.\n";
+ }
+ else
+ {
+ print $STREAM <<EOF;
+Usage: $ME [OPTIONS] [ARGS]
+
+Convert git log output to ChangeLog format. If present, any ARGS
+are passed to "git log". To avoid ARGS being parsed as options to
+$ME, they may be preceded by '--'.
+
+OPTIONS:
+
+ --since=DATE convert only the logs since DATE;
+ the default is to convert all log entries.
+ --format=FMT set format string for commit subject and body;
+ see 'man git-log' for the list of format metacharacters;
+ the default is '%s%n%b%n'
+ --append-dot append a dot to the first line of each commit message if
+ there is no other punctuation or blank at the end.
+
+ --help display this help and exit
+ --version output version information and exit
+
+EXAMPLE:
+
+ $ME --since=2008-01-01 > ChangeLog
+ $ME -- -n 5 foo > last-5-commits-to-branch-foo
+
+EOF
+ }
+ exit $exit_code;
+}
+
+# If the string $S is a well-behaved file name, simply return it.
+# If it contains white space, quotes, etc., quote it, and return the new string.
+sub shell_quote($)
+{
+ my ($s) = @_;
+ if ($s =~ m![^\w+/.,-]!)
+ {
+ # Convert each single quote to '\''
+ $s =~ s/\'/\'\\\'\'/g;
+ # Then single quote the string.
+ $s = "'$s'";
+ }
+ return $s;
+}
+
+sub quoted_cmd(@)
+{
+ return join (' ', map {shell_quote $_} @_);
+}
+
+{
+ my $since_date;
+ my $format_string = '%s%n%b%n';
+ my $append_dot = 0;
+ GetOptions
+ (
+ help => sub { usage 0 },
+ version => sub { print "$ME version $VERSION\n"; exit },
+ 'since=s' => \$since_date,
+ 'format=s' => \$format_string,
+ 'append-dot' => \$append_dot,
+ ) or usage 1;
+
+ defined $since_date
+ and unshift @ARGV, "--since=$since_date";
+
+ my @cmd = (qw (git log --log-size),
+ '--pretty=format:%ct %an <%ae>%n%n'.$format_string, @ARGV);
+ open PIPE, '-|', @cmd
+ or die ("$ME: failed to run `". quoted_cmd (@cmd) ."': $!\n"
+ . "(Is your Git too old? Version 1.5.1 or later is required.)\n");
+
+ my $prev_date_line = '';
+ while (1)
+ {
+ defined (my $in = <PIPE>)
+ or last;
+ $in =~ /^log size (\d+)$/
+ or die "$ME:$.: Invalid line (expected log size):\n$in";
+ my $log_nbytes = $1;
+
+ my $log;
+ my $n_read = read PIPE, $log, $log_nbytes;
+ $n_read == $log_nbytes
+ or die "$ME:$.: unexpected EOF\n";
+
+ my @line = split "\n", $log;
+ my $author_line = shift @line;
+ defined $author_line
+ or die "$ME:$.: unexpected EOF\n";
+ $author_line =~ /^(\d+) (.*>)$/
+ or die "$ME:$.: Invalid line "
+ . "(expected date/author/email):\n$author_line\n";
+
+ my $date_line = sprintf "%s $2\n", strftime ("%F", localtime ($1));
+ # If this line would be the same as the previous date/name/email
+ # line, then arrange not to print it.
+ if ($date_line ne $prev_date_line)
+ {
+ $prev_date_line eq ''
+ or print "\n";
+ print $date_line;
+ }
+ $prev_date_line = $date_line;
+
+ # Omit "Signed-off-by..." lines.
+ @line = grep !/^Signed-off-by: .*>$/, @line;
+
+ # Remove leading and trailing blank lines.
+ if (@line)
+ {
+ while ($line[0] =~ /^\s*$/) { shift @line; }
+ while ($line[$#line] =~ /^\s*$/) { pop @line; }
+ }
+
+ # If there were any lines
+ if (@line == 0)
+ {
+ warn "$ME: warning: empty commit message:\n $date_line\n";
+ }
+ else
+ {
+ if ($append_dot)
+ {
+ # If the first line of the message has enough room, then
+ if (length $line[0] < 72)
+ {
+ # append a dot if there is no other punctuation or blank
+ # at the end.
+ $line[0] =~ /[[:punct:]\s]$/
+ or $line[0] .= '.';
+ }
+ }
+
+ # Prefix each non-empty line with a TAB.
+ @line = map { length $_ ? "\t$_" : '' } @line;
+
+ print "\n", join ("\n", @line), "\n";
+ }
+
+ defined ($in = <PIPE>)
+ or last;
+ $in ne "\n"
+ and die "$ME:$.: unexpected line:\n$in";
+ }
+
+ close PIPE
+ or die "$ME: error closing pipe from " . quoted_cmd (@cmd) . "\n";
+ # FIXME-someday: include $PROCESS_STATUS in the diagnostic
+}
+
+# Local Variables:
+# mode: perl
+# indent-tabs-mode: nil
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "my $VERSION = '"
+# time-stamp-format: "%:y-%02m-%02d %02H:%02M"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "'; # UTC"
+# End:
12 years, 5 months