While building any documentation requires xsltproc, only the PDF
documentation requires fop, which is dependency-heavy, and not always
available (e.g. it is not included in RHEL). This allows the HTML
documentation to be built while skipping the PDFs.
This also prevents a potential NULL pointer dereference in
pam_get_authtok_internal and pam_get_authtok_verify when
the pamh argument they access is set to NULL.
On my non-representative hardware, the full build using autotools
(./autogen.sh && CFLAGS=-O2 ./configure && make -j`nproc` && make -j`nproc` install)
takes about 45 seconds.
On the same hardware, the full build using meson
(meson setup -Doptimization=2 dir && meson compile -C dir && meson install -C dir)
takes just about 7.5 seconds.
Given that in most places config.h is included unconditionally,
there is no point in keeping remaining HAVE_CONFIG_H checks.
Public header files do not use config.h and therefore
are not affected by this change anyway.
pam_get_data manual page used to claim that PAM_NO_MODULE_DATA is
returned not only when no module specific data is present but also
when there is a corresponding data entry with NULL value.
As this claim is in contradiction with the implementation and with the
pam manual page, fix pam_get_data manual page.
* doc/man/pam_get_data.3.xml (PAM_NO_MODULE_DATA): Sync with
the implementation and with the pam manual page.
Resolves: https://github.com/linux-pam/linux-pam/pull/780
The two files custom-html.xsl and custom-man.xsl are created at
configure time. Only delete them on `make distclean` instead of
`make clean` to be able to re-generate manual pages afterwards.
Fixes: b285afe0ea ("doc: remove generated files during cleanup")
Building outside of source directory fails if --disable-doc is not
explicitly chosen.
This happens because generated files are sometimes expected in the
source directory, where they won't exist.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This module uses the name of the user obtained via pam_get_user(3)
as a key to query the password database, and replaces PAM_USER
with the pw_name value that has been returned.
The main usage scenario is systems where a user name is used in several
distinct authentication systems, some of them being case sensitive while
others are not.
* configure.ac (AC_CONFIG_FILES): Add
modules/pam_canonicalize_user/Makefile.
* doc/sag/pam_canonicalize_user.xml: New file.
* doc/sag/Linux-PAM_SAG.xml: Add a reference to
pam_canonicalize_user.xml.
* modules/Makefile.am (SUBDIRS): Add pam_canonicalize_user.
* modules/pam_canonicalize_user/Makefile.am: New file.
* modules/pam_canonicalize_user/README.xml: New file.
* modules/pam_canonicalize_user/pam_canonicalize_user.8.xml: New file.
* modules/pam_canonicalize_user/pam_canonicalize_user.c: New file.
* modules/pam_canonicalize_user/tst-pam_canonicalize_user: New file.
pam_end.3 has additional and important information about PAM_DATA_SILENT,
copy it to pam_set_data.3 since that describes the cleanup callback where
it will be set.
man/pam_item_types_std.inc.xml: In the past, PAM_TTY was used for tty
devices and $DISPLAY variables for X-based applications. With the
introduction of PAM_DISPLAY PAM_TTY should only be used for devices.
Make /usr/lib/pam.d and <vendordir>/pam.d more visible in the standard
manual pages, so that people don't assume there is only /etc/pam.d
* doc/man/pam.8.xml: Don't always speak about /etc/pam.d only
* doc/man/pam.conf-desc.xml: Don't always speak about /etc/pam.d only
* doc/man/pam.conf-dir.xml: Explain search path for pam config files
* doc/man/pam.conf.5.xml: Add filelist with all pam.d directories
Changed files
--------------
Make.xml.rules.in:
- Using RNG file instead of DTD file for checking XML files.
- Taking the correct stylesheet for README files.
doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am:
- Using RNG file instead of DTD file for checking XML files.
configure.ac:
- Adding a new option for selecting RNG check file (-enable-docbook-rng)
- Switching stylesheets to docbook 5
- Checking DocBook 5 environment instead of DocBook 4 environment
*.xml:
Update from DockBook 4 to DocBook 5
Before this change, all stylesheets were hardcoded.
With this change, stylesheets can be defined at configure stage.
* configure.ac: Add new options to configure stylesheets:
--enable-html-stylesheet=FILE
--enable-txt-stylesheet=FILE
--enable-pdf-stylesheet=FILE
--enable-man-stylesheet=FILE
* doc/custom-html.xsl: Rename to doc/custom-html.xsl.in, parametrize html
stylesheet.
* doc/custom-man.xsl: Rename to doc/custom-man.xsl.in, parametrize man
stylesheet.
* doc/.gitignore: Add custom-man.xsl and custom-html.xsl.
* doc/adg/Makefile.am: Use stylesheet variables.
* doc/mwg/Makefile.am: Likewise.
* doc/sag/Makefile.am: Likewise.
Resolves: https://github.com/linux-pam/linux-pam/pull/499
sha1 is no longer recommended as a cryptographic algorithm for
authentication. Thus, the idea of this change is to replace the
implementation provided by hmacsha1 included in pam_timestamp module by
the one in the openssl library. This way, there's no need to maintain
the cryptographic algorithm implementation and it can be easily changed
with a single configuration change.
modules/pam_timestamp/hmac_openssl_wrapper.c: implement wrapper
functions around openssl's hmac implementation. Moreover, manage the key
generation and its read and write in a file. Include an option to
configure the cryptographic algorithm in login.defs file.
modules/pam_timestamp/hmac_openssl_wrapper.h: likewise.
modules/pam_timestamp/pam_timestamp.c: replace calls to functions
provided by hmacsha1 by functions provided by openssl's wrapper.
configure.ac: include openssl dependecy if it is enabled.
modules/pam_timestamp/Makefile.am: include new files and openssl library
to compilation.
ci/install-dependencies.sh: include openssl library to dependencies.
NEWS: add new item to next release.
Make.xml.rules.in: add stringparam profiling for hmac
doc/custom-man.xsl: change import docbook to one with profiling
modules/pam_timestamp/pam_timestamp.8.xml: add conditional paragraph to
indicate the value in /etc/login.defs that holds the value for the
encryption algorithm
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947294
Add short blurbs explaining that if a return code is not specified in
the "[value1=action1 value2=action2 ...]" form and "default=action" is
not specified, that return code's action defaults to "bad".
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
The done action does not terminate the stack processing in case
there is a failing module with bad action up in the stack.
Fixes#307
* doc/man/pam.conf-syntax.xml: Clarify the effect of 'done'.
Every stack jump, besides the jump itself, has a side effect which is
one of 'ignore', 'ok', or 'bad'. Unfortunately, the side effect is far
from obvious because it depends on the PAM function call, and the
documentation that contradicts the implementation does not help either.
* doc/man/pam.conf-syntax.xml (actionN): Rewrite the description
of stack jump effects to match the implementation.
Fixes: 871a6e14d6
Starting with commit a684595c0b aka
Linux-PAM-1.3.0~14 (Remove "--enable-static-modules" option and support
from Linux-PAM), PAM_SM_* macros have no effect.
Since Make.xml.rules is the only place where XSLTPROC_CUSTOM was used,
remove stereotypic definitions from other Makefiles, this way we no
longer have to worry about vendordir being used somewhere else in
documentation files.
Likewise, define VENDORDIR in config.h and remove stereotypic
-DVENDORDIR= additions from other Makefiles, this way we no longer
have to worry about VENDORDIR being used somewhere else in the code.
* configure.ac (AM_CONDITIONAL): Remove HAVE_VENDORDIR.
(AC_DEFINE_UNQUOTED): Add VENDORDIR.
(AC_SUBST): Remove VENDORDIR, add STRINGPARAM_VENDORDIR.
* Make.xml.rules.in: Replace $(XSLTPROC_CUSTOM) with
@STRINGPARAM_VENDORDIR@.
* doc/man/Makefile.am (XSLTPROC_CUSTOM): Remove.
* libpam/Makefile.am [HAVE_VENDORDIR]: Remove.
* modules/pam_securetty/Makefile.am [HAVE_VENDORDIR]: Remove.
(XSLTPROC_CUSTOM): Remove.
* modules/pam_securetty/pam_securetty.c: Move definitions of local
macros after config.h to benefit from macros defined there.
Remove trailing whitespace introduced by commit
f9c9c72121.
Remove blank lines at EOF introduced by commit
65d6735c59.
This makes the project free of warnings reported by
git diff --check 4b825dc642 HEAD
* doc/custom-html.xsl: Remove blank line at EOF.
* doc/custom-man.xsl: Likewise.
* modules/pam_motd/pam_motd.c: Remove trailing whitespace.
To be able to set CFLAGS from make command-line but not to lose the
warning flags.
* configure.ac: Put warning flags to WARN_CFLAGS instead of CFLAGS.
* */Makefile.am: Apply WARN_CFLAGS to AM_CFLAGS.
