support for OpenPAM.
+2008-07-21 Seraphim Mellos <mellos@ceid.upatras.gr>
+
+ * README, NEWS, configure.in, lib/pam_defs.h, src/login.c: Add
+ support for OpenPAM.
+
2008-07-12 Nicolas François <nicolas.francois@centraliens.net>
* src/chage.c: Ignore the return value of pam_end() before exiting.
shadow-4.1.2.1 -> shadow-4.1.3 UNRELEASED
*** general:
+- packaging
+ * Added support for OpenPAM.
- newusers
* Implement the -r, --system option.
- usermod
Rafał Maszkowski <rzm@icm.edu.pl>
Rani Chouha <ranibey@smartec.com>
Sami Kerola <kerolasa@rocketmail.com>
+Seraphim Mellos <mellos@ceid.upatras.gr>
Shane Watts <shane@nexus.mlckew.edu.au>
Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
Thorsten Kukuk <kukuk@suse.de>
AC_MSG_ERROR(libpam not found)
fi
- AC_CHECK_LIB(pam_misc, main,
- [pam_misc_lib="yes"], [pam_misc_lib="no"])
- if test "$pam_misc_lib$with_libpam" = "noyes" ; then
- AC_MSG_ERROR(libpam_misc not found)
+ LIBPAM="-lpam"
+ pam_conv_function="no"
+
+ AC_CHECK_LIB(pam, openpam_ttyconv,
+ [pam_conv_function="openpam_ttyconv"],
+ AC_CHECK_LIB(pam_misc, misc_conv,
+ [pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
+ )
+
+ if test "$pam_conv_function$with_libpam" = "noyes" ; then
+ AC_MSG_ERROR(PAM conversation function not found)
fi
- if test "$pam_lib$pam_misc_lib" = "yesyes" ; then
+ pam_headers_found=no
+ AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
+ [ pam_headers_found=yes ; break ], [],
+ [ #include <security/pam_appl.h> ] )
+ if test "$pam_headers_found$with_libpam" = "noyes" ; then
+ AC_MSG_ERROR(PAM headers not found)
+ fi
+
+
+ if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
with_libpam="yes"
else
with_libpam="no"
fi
dnl Now with_libpam is either yes or no
if test "$with_libpam" = "yes"; then
+ AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
+ PAM_DELETE_CRED,
+ PAM_NEW_AUTHTOK_REQD,
+ PAM_DATA_SILENT],
+ [], [], [#include <security/pam_appl.h>])
+
+
+ save_libs=$LIBS
+ LIBS="$LIBS $LIBPAM"
+ AC_CHECK_FUNCS([pam_fail_delay])
+ LIBS=$save_libs
+
AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
+ AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM converstation to use])
AM_CONDITIONAL(USE_PAM, [true])
- LIBPAM="-lpam -lpam_misc"
+
AC_MSG_CHECKING(use login and su access checking if PAM not used)
AC_MSG_RESULT(no)
else
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+#include <config.h>
#include <security/pam_appl.h>
-#include <security/pam_misc.h>
+#ifdef HAVE_SECURITY_PAM_MISC_H
+# include <security/pam_misc.h>
+#endif
+#ifdef HAVE_SECURITY_OPENPAM_H
+# include <security/openpam.h>
+#endif
+
static struct pam_conv conv = {
- misc_conv,
+ SHADOW_PAM_CONVERSATION,
NULL
};
/* compatibility with different versions of Linux-PAM */
-#ifndef PAM_ESTABLISH_CRED
+#if !HAVE_DECL_PAM_ESTABLISH_CRED
#define PAM_ESTABLISH_CRED PAM_CRED_ESTABLISH
#endif
-#ifndef PAM_DELETE_CRED
+#if !HAVE_DECL_PAM_DELETE_CRED
#define PAM_DELETE_CRED PAM_CRED_DELETE
#endif
-#ifndef PAM_NEW_AUTHTOK_REQD
+#if !HAVE_DECL_PAM_NEW_AUTHTOK_REQD
#define PAM_NEW_AUTHTOK_REQD PAM_AUTHTOKEN_REQD
#endif
-#ifndef PAM_DATA_SILENT
+#if !HAVE_DECL_PAM_DATA_SILENT
#define PAM_DATA_SILENT 0
#endif
failed = false;
failcount++;
+#ifdef HAVE_PAM_FAIL_DELAY
if (delay > 0) {
retcode = pam_fail_delay(pamh, 1000000*delay);
}
+#endif
retcode = pam_authenticate (pamh, 0);
projects / shadow / commitdiff