Attachment 297774 Details for Bug 437116 – Patch containing pam_mkpolydir module that can be used to create instance prefix directories automatically.

[patch] Patch containing pam_mkpolydir module that can be used to create instance prefix directories automatically.

pam-0.99.10.0-mkpolydir.patch (text/plain), 76.41 KB, created by Ted X Toth on 2008-03-12 14:48:26 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ted X Toth

Created: 2008-03-12 14:48:26 UTC

Size: 76.41 KB

patch

obsolete

>This patch includes a pam module which will ensure the existence, when DAC 
>and MAC access are allowed, of polyinstantiated directories and instance 
>directories. The pam_mkpolydir module is meant for use with pam_namespace
>and helps to aviod pam session failures which occur if polyinstantiated 
>directories and instance directories do not exist.
>
>
>--- Linux-PAM-0.99.10.0/configure.in	2007-10-29 14:30:59.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/configure.in	2007-10-29 14:31:33.000000000 -0600
>@@ -497,6 +497,7 @@
> 	modules/pam_unix/Makefile modules/pam_userdb/Makefile \
> 	modules/pam_warn/Makefile modules/pam_wheel/Makefile \
> 	modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \
>+	modules/pam_mkpolydir/Makefile \
> 	doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \
> 	doc/mwg/Makefile examples/Makefile tests/Makefile \
> 	xtests/Makefile)
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/argv_parse.c Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/argv_parse.c
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/argv_parse.c	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/argv_parse.c	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,164 @@
>+/*
>+ * argv_parse.c --- utility function for parsing a string into a
>+ * 	argc, argv array.
>+ * 
>+ * This file defines a function argv_parse() which parsing a
>+ * passed-in string, handling double quotes and backslashes, and
>+ * creates an allocated argv vector which can be freed using the
>+ * argv_free() function.
>+ *
>+ * See argv_parse.h for the formal definition of the functions.
>+ *
>+ * Copyright 1999 by Theodore Ts'o.
>+ * 
>+ * Permission to use, copy, modify, and distribute this software for
>+ * any purpose with or without fee is hereby granted, provided that
>+ * the above copyright notice and this permission notice appear in all
>+ * copies.  THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE
>+ * AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
>+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
>+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
>+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
>+ * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
>+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
>+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  (Isn't
>+ * it sick that the U.S. culture of lawsuit-happy lawyers requires
>+ * this kind of disclaimer?)
>+ *
>+ * Version 1.1, modified 2/27/1999
>+ */
>+
>+#include <stdlib.h>
>+#include <ctype.h>
>+#include <string.h>
>+#include "argv_parse.h"
>+
>+#define STATE_WHITESPACE	1
>+#define STATE_TOKEN		2
>+#define STATE_QUOTED		3
>+
>+/*
>+ * Returns 0 on success, -1 on failure.
>+ */
>+int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv)
>+{
>+	int	argc = 0, max_argc = 0;
>+	char 	**argv, **new_argv, *buf, ch;
>+	char	*cp = 0, *outcp = 0;
>+	int	state = STATE_WHITESPACE;
>+
>+	buf = malloc(strlen(in_buf)+1);
>+	if (!buf)
>+		return -1;
>+
>+	max_argc = 0; argc = 0; argv = 0;
>+	outcp = buf;
>+	for (cp = in_buf; (ch = *cp); cp++) {
>+		if (state == STATE_WHITESPACE) {
>+			if (isspace((int) ch))
>+				continue;
>+			/* Not whitespace, so start a new token */
>+			state = STATE_TOKEN;
>+			if (argc >= max_argc) {
>+				max_argc += 3;
>+				new_argv = realloc(argv,
>+						  (max_argc+1)*sizeof(char *));
>+				if (!new_argv) {
>+					if (argv) free(argv);
>+					free(buf);
>+					return -1;
>+				}
>+				argv = new_argv;
>+			}
>+			argv[argc++] = outcp;
>+		}
>+		if (state == STATE_QUOTED) {
>+			if (ch == '"')
>+				state = STATE_TOKEN;
>+			else
>+				*outcp++ = ch;
>+			continue;
>+		}
>+		/* Must be processing characters in a word */
>+		if (isspace((int) ch)) {
>+			/*
>+			 * Terminate the current word and start
>+			 * looking for the beginning of the next word.
>+			 */
>+			*outcp++ = 0;
>+			state = STATE_WHITESPACE;
>+			continue;
>+		}
>+		if (ch == '"') {
>+			state = STATE_QUOTED;
>+			continue;
>+		}
>+		if (ch == '\\') {
>+			ch = *++cp;
>+			switch (ch) {
>+			case '\0':
>+				ch = '\\'; cp--; break;
>+			case 'n':
>+				ch = '\n'; break;
>+			case 't':
>+				ch = '\t'; break;
>+			case 'b':
>+				ch = '\b'; break;
>+			}
>+		}
>+		*outcp++ = ch;
>+	}
>+	if (state != STATE_WHITESPACE)
>+		*outcp++ = '\0';
>+	if (argv == 0) {
>+		argv = malloc(sizeof(char *));
>+		free(buf);
>+	}
>+	argv[argc] = 0;
>+	if (ret_argc)
>+		*ret_argc = argc;
>+	if (ret_argv)
>+		*ret_argv = argv;
>+	return 0;
>+}
>+
>+void argv_free(char **argv)
>+{
>+	if (*argv)
>+		free(*argv);
>+	free(argv);
>+}
>+
>+#ifdef DEBUG
>+/*
>+ * For debugging
>+ */
>+
>+#include <stdio.h>
>+
>+int main(int argc, char **argv)
>+{
>+	int	ac, ret;
>+	char	**av, **cpp;
>+	char	buf[256];
>+
>+	while (!feof(stdin)) {
>+		if (fgets(buf, sizeof(buf), stdin) == NULL)
>+			break;
>+		ret = argv_parse(buf, &ac, &av);
>+		if (ret != 0) {
>+			printf("Argv_parse returned %d!\n", ret);
>+			continue;
>+		}
>+		printf("Argv_parse returned %d arguments...\n", ac);
>+		for (cpp = av; *cpp; cpp++) {
>+			if (cpp != av)
>+				printf(", ");
>+			printf("'%s'", *cpp);
>+		}
>+		printf("\n");
>+		argv_free(av);
>+	}
>+	exit(0);
>+}
>+#endif
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/argv_parse.h Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/argv_parse.h
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/argv_parse.h	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/argv_parse.h	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,43 @@
>+/*
>+ * argv_parse.h --- header file for the argv parser.
>+ *
>+ * This file defines the interface for the functions argv_parse() and
>+ * argv_free().
>+ * 
>+ ***********************************************************************
>+ * int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv)
>+ *
>+ * This function takes as its first argument a string which it will
>+ * parse into an argv argument vector, with each white-space separated
>+ * word placed into its own slot in the argv.  This function handles
>+ * double quotes and backslashes so that the parsed words can contain
>+ * special characters.   The count of the number words found in the
>+ * parsed string, as well as the argument vector, are returned into
>+ * ret_argc and ret_argv, respectively.
>+ ***********************************************************************
>+ * extern void argv_free(char **argv);
>+ * 
>+ * This function frees the argument vector created by argv_parse().
>+ ***********************************************************************
>+ *
>+ * Copyright 1999 by Theodore Ts'o.
>+ * 
>+ * Permission to use, copy, modify, and distribute this software for
>+ * any purpose with or without fee is hereby granted, provided that
>+ * the above copyright notice and this permission notice appear in all
>+ * copies.  THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE
>+ * AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
>+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
>+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
>+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
>+ * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
>+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
>+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  (Isn't
>+ * it sick that the U.S. culture of lawsuit-happy lawyers requires
>+ * this kind of disclaimer?)
>+ *
>+ * Version 1.1, modified 2/27/1999
>+ */
>+
>+extern int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv);
>+extern void argv_free(char **argv);
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/Makefile.am Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/Makefile.am
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/Makefile.am	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/Makefile.am	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,33 @@
>+#
>+# Copyright (c) 2007 Ted X. Toth <tedx@gmail.com>
>+#
>+
>+CLEANFILES = *~
>+
>+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mkpolydir
>+
>+man_MANS = pam_mkpolydir.8
>+
>+XMLS = README.xml pam_mkpolydir.8.xml
>+
>+TESTS = tst-pam_mkpolydir
>+
>+securelibdir = $(SECUREDIR)
>+secureconfdir = $(SCONFIGDIR)
>+
>+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
>+AM_LDFLAGS = -no-undefined -avoid-version -module \
>+	-L$(top_builddir)/libpam -lpam -lselinux
>+if HAVE_VERSIONING
>+  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
>+endif
>+
>+securelib_LTLIBRARIES = pam_mkpolydir.la
>+pam_mkpolydir_la_SOURCES = pam_mkpolydir.c argv_parse.c argv_parse.h
>+
>+if ENABLE_REGENERATE_MAN
>+noinst_DATA = README
>+README: pam_mkpolydir.8.xml
>+-include $(top_srcdir)/Make.xml.rules
>+endif
>+
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/Makefile.in Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/Makefile.in
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/Makefile.in	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/Makefile.in	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,675 @@
>+# Makefile.in generated by automake 1.9.6 from Makefile.am.
>+# @configure_input@
>+
>+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
>+# 2003, 2004, 2005  Free Software Foundation, Inc.
>+# This Makefile.in is free software; the Free Software Foundation
>+# gives unlimited permission to copy and/or distribute it,
>+# with or without modifications, as long as this notice is preserved.
>+
>+# This program is distributed in the hope that it will be useful,
>+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
>+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
>+# PARTICULAR PURPOSE.
>+
>+@SET_MAKE@
>+
>+#
>+# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
>+#
>+
>+
>+srcdir = @srcdir@
>+top_srcdir = @top_srcdir@
>+VPATH = @srcdir@
>+pkgdatadir = $(datadir)/@PACKAGE@
>+pkglibdir = $(libdir)/@PACKAGE@
>+pkgincludedir = $(includedir)/@PACKAGE@
>+top_builddir = ../..
>+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
>+INSTALL = @INSTALL@
>+install_sh_DATA = $(install_sh) -c -m 644
>+install_sh_PROGRAM = $(install_sh) -c
>+install_sh_SCRIPT = $(install_sh) -c
>+INSTALL_HEADER = $(INSTALL_DATA)
>+transform = $(program_transform_name)
>+NORMAL_INSTALL = :
>+PRE_INSTALL = :
>+POST_INSTALL = :
>+NORMAL_UNINSTALL = :
>+PRE_UNINSTALL = :
>+POST_UNINSTALL = :
>+build_triplet = @build@
>+host_triplet = @host@
>+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
>+subdir = modules/pam_mkpolydir
>+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
>+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
>+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
>+	$(top_srcdir)/m4/iconv.m4 \
>+	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
>+	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
>+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
>+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
>+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
>+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
>+	$(top_srcdir)/configure.in
>+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
>+	$(ACLOCAL_M4)
>+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
>+CONFIG_HEADER = $(top_builddir)/config.h
>+CONFIG_CLEAN_FILES =
>+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
>+am__vpath_adj = case $$p in \
>+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
>+    *) f=$$p;; \
>+  esac;
>+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
>+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
>+securelibLTLIBRARIES_INSTALL = $(INSTALL)
>+LTLIBRARIES = $(securelib_LTLIBRARIES)
>+pam_mkpolydir_la_LIBADD =
>+am_pam_mkpolydir_la_OBJECTS = pam_mkpolydir.lo argv_parse.lo
>+pam_mkpolydir_la_OBJECTS = $(am_pam_mkpolydir_la_OBJECTS)
>+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
>+depcomp = $(SHELL) $(top_srcdir)/depcomp
>+am__depfiles_maybe = depfiles
>+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
>+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
>+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
>+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
>+	$(AM_CFLAGS) $(CFLAGS)
>+CCLD = $(CC)
>+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
>+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
>+SOURCES = $(pam_mkpolydir_la_SOURCES)
>+DIST_SOURCES = $(pam_mkpolydir_la_SOURCES)
>+man8dir = $(mandir)/man8
>+NROFF = nroff
>+MANS = $(man_MANS)
>+DATA = $(noinst_DATA)
>+ETAGS = etags
>+CTAGS = ctags
>+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
>+ACLOCAL = @ACLOCAL@
>+AMDEP_FALSE = @AMDEP_FALSE@
>+AMDEP_TRUE = @AMDEP_TRUE@
>+AMTAR = @AMTAR@
>+AR = @AR@
>+AUTOCONF = @AUTOCONF@
>+AUTOHEADER = @AUTOHEADER@
>+AUTOMAKE = @AUTOMAKE@
>+AWK = @AWK@
>+BROWSER = @BROWSER@
>+CC = @CC@
>+CCDEPMODE = @CCDEPMODE@
>+CFLAGS = @CFLAGS@
>+CPP = @CPP@
>+CPPFLAGS = @CPPFLAGS@
>+CXX = @CXX@
>+CXXCPP = @CXXCPP@
>+CXXDEPMODE = @CXXDEPMODE@
>+CXXFLAGS = @CXXFLAGS@
>+CYGPATH_W = @CYGPATH_W@
>+DEFS = @DEFS@
>+DEPDIR = @DEPDIR@
>+DOCDIR = @DOCDIR@
>+ECHO = @ECHO@
>+ECHO_C = @ECHO_C@
>+ECHO_N = @ECHO_N@
>+ECHO_T = @ECHO_T@
>+EGREP = @EGREP@
>+ENABLE_GENERATE_PDF_FALSE = @ENABLE_GENERATE_PDF_FALSE@
>+ENABLE_GENERATE_PDF_TRUE = @ENABLE_GENERATE_PDF_TRUE@
>+ENABLE_REGENERATE_MAN_FALSE = @ENABLE_REGENERATE_MAN_FALSE@
>+ENABLE_REGENERATE_MAN_TRUE = @ENABLE_REGENERATE_MAN_TRUE@
>+EXEEXT = @EXEEXT@
>+F77 = @F77@
>+FFLAGS = @FFLAGS@
>+FO2PDF = @FO2PDF@
>+GMSGFMT = @GMSGFMT@
>+GMSGFMT_015 = @GMSGFMT_015@
>+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
>+HAVE_KEY_MANAGEMENT_FALSE = @HAVE_KEY_MANAGEMENT_FALSE@
>+HAVE_KEY_MANAGEMENT_TRUE = @HAVE_KEY_MANAGEMENT_TRUE@
>+HAVE_LIBCRACK_FALSE = @HAVE_LIBCRACK_FALSE@
>+HAVE_LIBCRACK_TRUE = @HAVE_LIBCRACK_TRUE@
>+HAVE_LIBDB_FALSE = @HAVE_LIBDB_FALSE@
>+HAVE_LIBDB_TRUE = @HAVE_LIBDB_TRUE@
>+HAVE_LIBSELINUX_FALSE = @HAVE_LIBSELINUX_FALSE@
>+HAVE_LIBSELINUX_TRUE = @HAVE_LIBSELINUX_TRUE@
>+HAVE_UNSHARE_FALSE = @HAVE_UNSHARE_FALSE@
>+HAVE_UNSHARE_TRUE = @HAVE_UNSHARE_TRUE@
>+HAVE_VERSIONING_FALSE = @HAVE_VERSIONING_FALSE@
>+HAVE_VERSIONING_TRUE = @HAVE_VERSIONING_TRUE@
>+INSTALL_DATA = @INSTALL_DATA@
>+INSTALL_PROGRAM = @INSTALL_PROGRAM@
>+INSTALL_SCRIPT = @INSTALL_SCRIPT@
>+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
>+INTLLIBS = @INTLLIBS@
>+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
>+LDFLAGS = @LDFLAGS@
>+LEX = @LEX@
>+LEXLIB = @LEXLIB@
>+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
>+LIBAUDIT = @LIBAUDIT@
>+LIBCRACK = @LIBCRACK@
>+LIBCRYPT = @LIBCRYPT@
>+LIBDB = @LIBDB@
>+LIBDL = @LIBDL@
>+LIBICONV = @LIBICONV@
>+LIBINTL = @LIBINTL@
>+LIBNSL = @LIBNSL@
>+LIBOBJS = @LIBOBJS@
>+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
>+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
>+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
>+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
>+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
>+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
>+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
>+LIBS = @LIBS@
>+LIBSELINUX = @LIBSELINUX@
>+LIBTOOL = @LIBTOOL@
>+LN_S = @LN_S@
>+LTLIBICONV = @LTLIBICONV@
>+LTLIBINTL = @LTLIBINTL@
>+LTLIBOBJS = @LTLIBOBJS@
>+MAKEINFO = @MAKEINFO@
>+MSGFMT = @MSGFMT@
>+MSGFMT_015 = @MSGFMT_015@
>+MSGMERGE = @MSGMERGE@
>+OBJEXT = @OBJEXT@
>+PACKAGE = @PACKAGE@
>+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
>+PACKAGE_NAME = @PACKAGE_NAME@
>+PACKAGE_STRING = @PACKAGE_STRING@
>+PACKAGE_TARNAME = @PACKAGE_TARNAME@
>+PACKAGE_VERSION = @PACKAGE_VERSION@
>+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
>+PATH_SEPARATOR = @PATH_SEPARATOR@
>+PIE_CFLAGS = @PIE_CFLAGS@
>+PIE_LDFLAGS = @PIE_LDFLAGS@
>+POSUB = @POSUB@
>+RANLIB = @RANLIB@
>+SCONFIGDIR = @SCONFIGDIR@
>+SECUREDIR = @SECUREDIR@
>+SED = @SED@
>+SET_MAKE = @SET_MAKE@
>+SHELL = @SHELL@
>+STATIC_MODULES_FALSE = @STATIC_MODULES_FALSE@
>+STATIC_MODULES_TRUE = @STATIC_MODULES_TRUE@
>+STRIP = @STRIP@
>+USE_NLS = @USE_NLS@
>+VERSION = @VERSION@
>+WITH_DEBUG = @WITH_DEBUG@
>+WITH_PAMLOCKING = @WITH_PAMLOCKING@
>+XGETTEXT = @XGETTEXT@
>+XGETTEXT_015 = @XGETTEXT_015@
>+XMLCATALOG = @XMLCATALOG@
>+XMLLINT = @XMLLINT@
>+XML_CATALOG_FILE = @XML_CATALOG_FILE@
>+XSLTPROC = @XSLTPROC@
>+YACC = @YACC@
>+ac_ct_AR = @ac_ct_AR@
>+ac_ct_CC = @ac_ct_CC@
>+ac_ct_CXX = @ac_ct_CXX@
>+ac_ct_F77 = @ac_ct_F77@
>+ac_ct_RANLIB = @ac_ct_RANLIB@
>+ac_ct_STRIP = @ac_ct_STRIP@
>+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
>+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
>+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
>+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
>+am__include = @am__include@
>+am__leading_dot = @am__leading_dot@
>+am__quote = @am__quote@
>+am__tar = @am__tar@
>+am__untar = @am__untar@
>+bindir = @bindir@
>+build = @build@
>+build_alias = @build_alias@
>+build_cpu = @build_cpu@
>+build_os = @build_os@
>+build_vendor = @build_vendor@
>+datadir = @datadir@
>+exec_prefix = @exec_prefix@
>+host = @host@
>+host_alias = @host_alias@
>+host_cpu = @host_cpu@
>+host_os = @host_os@
>+host_vendor = @host_vendor@
>+includedir = @includedir@
>+infodir = @infodir@
>+install_sh = @install_sh@
>+libc_cv_fpie = @libc_cv_fpie@
>+libdir = @libdir@
>+libexecdir = @libexecdir@
>+localedir = @localedir@
>+localstatedir = @localstatedir@
>+mandir = @mandir@
>+mkdir_p = @mkdir_p@
>+oldincludedir = @oldincludedir@
>+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
>+pam_xauth_path = @pam_xauth_path@
>+prefix = @prefix@
>+program_transform_name = @program_transform_name@
>+sbindir = @sbindir@
>+sharedstatedir = @sharedstatedir@
>+sysconfdir = @sysconfdir@
>+target_alias = @target_alias@
>+CLEANFILES = *~
>+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mkpolydir
>+man_MANS = pam_mkpolydir.8
>+XMLS = README.xml pam_mkpolydir.8.xml
>+TESTS = tst-pam_mkpolydir
>+securelibdir = $(SECUREDIR)
>+secureconfdir = $(SCONFIGDIR)
>+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
>+AM_LDFLAGS = -no-undefined -avoid-version -module \
>+	-L$(top_builddir)/libpam -lpam -lselinux $(am__append_1)
>+securelib_LTLIBRARIES = pam_mkpolydir.la
>+pam_mkpolydir_la_SOURCES = pam_mkpolydir.c argv_parse.c argv_parse.h
>+@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
>+all: all-am
>+
>+.SUFFIXES:
>+.SUFFIXES: .c .lo .o .obj
>+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
>+	@for dep in $?; do \
>+	  case '$(am__configure_deps)' in \
>+	    *$$dep*) \
>+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
>+		&& exit 0; \
>+	      exit 1;; \
>+	  esac; \
>+	done; \
>+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu  modules/pam_mkpolydir/Makefile'; \
>+	cd $(top_srcdir) && \
>+	  $(AUTOMAKE) --gnu  modules/pam_mkpolydir/Makefile
>+.PRECIOUS: Makefile
>+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
>+	@case '$?' in \
>+	  *config.status*) \
>+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
>+	  *) \
>+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
>+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
>+	esac;
>+
>+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
>+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
>+
>+$(top_srcdir)/configure:  $(am__configure_deps)
>+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
>+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
>+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
>+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
>+	@$(NORMAL_INSTALL)
>+	test -z "$(securelibdir)" || $(mkdir_p) "$(DESTDIR)$(securelibdir)"
>+	@list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
>+	  if test -f $$p; then \
>+	    f=$(am__strip_dir) \
>+	    echo " $(LIBTOOL) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(securelibdir)/$$f'"; \
>+	    $(LIBTOOL) --mode=install $(securelibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(securelibdir)/$$f"; \
>+	  else :; fi; \
>+	done
>+
>+uninstall-securelibLTLIBRARIES:
>+	@$(NORMAL_UNINSTALL)
>+	@set -x; list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
>+	  p=$(am__strip_dir) \
>+	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$p'"; \
>+	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$p"; \
>+	done
>+
>+clean-securelibLTLIBRARIES:
>+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
>+	@list='$(securelib_LTLIBRARIES)'; for p in $$list; do \
>+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
>+	  test "$$dir" != "$$p" || dir=.; \
>+	  echo "rm -f \"$${dir}/so_locations\""; \
>+	  rm -f "$${dir}/so_locations"; \
>+	done
>+pam_mkpolydir.la: $(pam_mkpolydir_la_OBJECTS) $(pam_mkpolydir_la_DEPENDENCIES) 
>+	$(LINK) -rpath $(securelibdir) $(pam_mkpolydir_la_LDFLAGS) $(pam_mkpolydir_la_OBJECTS) $(pam_mkpolydir_la_LIBADD) $(LIBS)
>+
>+mostlyclean-compile:
>+	-rm -f *.$(OBJEXT)
>+
>+distclean-compile:
>+	-rm -f *.tab.c
>+
>+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/argv_parse.Plo@am__quote@
>+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkpolydir.Plo@am__quote@
>+
>+.c.o:
>+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
>+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
>+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
>+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
>+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
>+
>+.c.obj:
>+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
>+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
>+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
>+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
>+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
>+
>+.c.lo:
>+@am__fastdepCC_TRUE@	if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
>+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
>+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
>+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
>+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
>+
>+mostlyclean-libtool:
>+	-rm -f *.lo
>+
>+clean-libtool:
>+	-rm -rf .libs _libs
>+
>+distclean-libtool:
>+	-rm -f libtool
>+uninstall-info-am:
>+install-man8: $(man8_MANS) $(man_MANS)
>+	@$(NORMAL_INSTALL)
>+	test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
>+	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
>+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
>+	for i in $$l2; do \
>+	  case "$$i" in \
>+	    *.8*) list="$$list $$i" ;; \
>+	  esac; \
>+	done; \
>+	for i in $$list; do \
>+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
>+	  else file=$$i; fi; \
>+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
>+	  case "$$ext" in \
>+	    8*) ;; \
>+	    *) ext='8' ;; \
>+	  esac; \
>+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
>+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
>+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
>+	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
>+	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
>+	done
>+uninstall-man8:
>+	@$(NORMAL_UNINSTALL)
>+	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
>+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
>+	for i in $$l2; do \
>+	  case "$$i" in \
>+	    *.8*) list="$$list $$i" ;; \
>+	  esac; \
>+	done; \
>+	for i in $$list; do \
>+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
>+	  case "$$ext" in \
>+	    8*) ;; \
>+	    *) ext='8' ;; \
>+	  esac; \
>+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
>+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
>+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
>+	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
>+	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
>+	done
>+
>+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
>+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
>+	unique=`for i in $$list; do \
>+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
>+	  done | \
>+	  $(AWK) '    { files[$$0] = 1; } \
>+	       END { for (i in files) print i; }'`; \
>+	mkid -fID $$unique
>+tags: TAGS
>+
>+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
>+		$(TAGS_FILES) $(LISP)
>+	tags=; \
>+	here=`pwd`; \
>+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
>+	unique=`for i in $$list; do \
>+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
>+	  done | \
>+	  $(AWK) '    { files[$$0] = 1; } \
>+	       END { for (i in files) print i; }'`; \
>+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
>+	  test -n "$$unique" || unique=$$empty_fix; \
>+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
>+	    $$tags $$unique; \
>+	fi
>+ctags: CTAGS
>+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
>+		$(TAGS_FILES) $(LISP)
>+	tags=; \
>+	here=`pwd`; \
>+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
>+	unique=`for i in $$list; do \
>+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
>+	  done | \
>+	  $(AWK) '    { files[$$0] = 1; } \
>+	       END { for (i in files) print i; }'`; \
>+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
>+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
>+	     $$tags $$unique
>+
>+GTAGS:
>+	here=`$(am__cd) $(top_builddir) && pwd` \
>+	  && cd $(top_srcdir) \
>+	  && gtags -i $(GTAGS_ARGS) $$here
>+
>+distclean-tags:
>+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
>+
>+check-TESTS: $(TESTS)
>+	@failed=0; all=0; xfail=0; xpass=0; skip=0; \
>+	srcdir=$(srcdir); export srcdir; \
>+	list='$(TESTS)'; \
>+	if test -n "$$list"; then \
>+	  for tst in $$list; do \
>+	    if test -f ./$$tst; then dir=./; \
>+	    elif test -f $$tst; then dir=; \
>+	    else dir="$(srcdir)/"; fi; \
>+	    if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
>+	      all=`expr $$all + 1`; \
>+	      case " $(XFAIL_TESTS) " in \
>+	      *" $$tst "*) \
>+		xpass=`expr $$xpass + 1`; \
>+		failed=`expr $$failed + 1`; \
>+		echo "XPASS: $$tst"; \
>+	      ;; \
>+	      *) \
>+		echo "PASS: $$tst"; \
>+	      ;; \
>+	      esac; \
>+	    elif test $$? -ne 77; then \
>+	      all=`expr $$all + 1`; \
>+	      case " $(XFAIL_TESTS) " in \
>+	      *" $$tst "*) \
>+		xfail=`expr $$xfail + 1`; \
>+		echo "XFAIL: $$tst"; \
>+	      ;; \
>+	      *) \
>+		failed=`expr $$failed + 1`; \
>+		echo "FAIL: $$tst"; \
>+	      ;; \
>+	      esac; \
>+	    else \
>+	      skip=`expr $$skip + 1`; \
>+	      echo "SKIP: $$tst"; \
>+	    fi; \
>+	  done; \
>+	  if test "$$failed" -eq 0; then \
>+	    if test "$$xfail" -eq 0; then \
>+	      banner="All $$all tests passed"; \
>+	    else \
>+	      banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
>+	    fi; \
>+	  else \
>+	    if test "$$xpass" -eq 0; then \
>+	      banner="$$failed of $$all tests failed"; \
>+	    else \
>+	      banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
>+	    fi; \
>+	  fi; \
>+	  dashes="$$banner"; \
>+	  skipped=""; \
>+	  if test "$$skip" -ne 0; then \
>+	    skipped="($$skip tests were not run)"; \
>+	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
>+	      dashes="$$skipped"; \
>+	  fi; \
>+	  report=""; \
>+	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
>+	    report="Please report to $(PACKAGE_BUGREPORT)"; \
>+	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
>+	      dashes="$$report"; \
>+	  fi; \
>+	  dashes=`echo "$$dashes" | sed s/./=/g`; \
>+	  echo "$$dashes"; \
>+	  echo "$$banner"; \
>+	  test -z "$$skipped" || echo "$$skipped"; \
>+	  test -z "$$report" || echo "$$report"; \
>+	  echo "$$dashes"; \
>+	  test "$$failed" -eq 0; \
>+	else :; fi
>+
>+distdir: $(DISTFILES)
>+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
>+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
>+	list='$(DISTFILES)'; for file in $$list; do \
>+	  case $$file in \
>+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
>+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
>+	  esac; \
>+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
>+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
>+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
>+	    dir="/$$dir"; \
>+	    $(mkdir_p) "$(distdir)$$dir"; \
>+	  else \
>+	    dir=''; \
>+	  fi; \
>+	  if test -d $$d/$$file; then \
>+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
>+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
>+	    fi; \
>+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
>+	  else \
>+	    test -f $(distdir)/$$file \
>+	    || cp -p $$d/$$file $(distdir)/$$file \
>+	    || exit 1; \
>+	  fi; \
>+	done
>+check-am: all-am
>+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
>+check: check-am
>+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
>+installdirs:
>+	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
>+	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
>+	done
>+install: install-am
>+install-exec: install-exec-am
>+install-data: install-data-am
>+uninstall: uninstall-am
>+
>+install-am: all-am
>+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
>+
>+installcheck: installcheck-am
>+install-strip:
>+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
>+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
>+	  `test -z '$(STRIP)' || \
>+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
>+mostlyclean-generic:
>+
>+clean-generic:
>+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
>+
>+distclean-generic:
>+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
>+
>+maintainer-clean-generic:
>+	@echo "This command is intended for maintainers to use"
>+	@echo "it deletes files that may require special tools to rebuild."
>+clean: clean-am
>+
>+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
>+	mostlyclean-am
>+
>+distclean: distclean-am
>+	-rm -rf ./$(DEPDIR)
>+	-rm -f Makefile
>+distclean-am: clean-am distclean-compile distclean-generic \
>+	distclean-libtool distclean-tags
>+
>+dvi: dvi-am
>+
>+dvi-am:
>+
>+html: html-am
>+
>+info: info-am
>+
>+info-am:
>+
>+install-data-am: install-man install-securelibLTLIBRARIES
>+
>+install-exec-am:
>+
>+install-info: install-info-am
>+
>+install-man: install-man8
>+
>+installcheck-am:
>+
>+maintainer-clean: maintainer-clean-am
>+	-rm -rf ./$(DEPDIR)
>+	-rm -f Makefile
>+maintainer-clean-am: distclean-am maintainer-clean-generic
>+
>+mostlyclean: mostlyclean-am
>+
>+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
>+	mostlyclean-libtool
>+
>+pdf: pdf-am
>+
>+pdf-am:
>+
>+ps: ps-am
>+
>+ps-am:
>+
>+uninstall-am: uninstall-info-am uninstall-man \
>+	uninstall-securelibLTLIBRARIES
>+
>+uninstall-man: uninstall-man8
>+
>+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
>+	clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \
>+	distclean distclean-compile distclean-generic \
>+	distclean-libtool distclean-tags distdir dvi dvi-am html \
>+	html-am info info-am install install-am install-data \
>+	install-data-am install-exec install-exec-am install-info \
>+	install-info-am install-man install-man8 \
>+	install-securelibLTLIBRARIES install-strip installcheck \
>+	installcheck-am installdirs maintainer-clean \
>+	maintainer-clean-generic mostlyclean mostlyclean-compile \
>+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
>+	tags uninstall uninstall-am uninstall-info-am uninstall-man \
>+	uninstall-man8 uninstall-securelibLTLIBRARIES
>+
>+@ENABLE_REGENERATE_MAN_TRUE@README: pam_mkpolydir.8.xml
>+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
>+# Tell versions [3.59,3.63) of GNU make to not export all variables.
>+# Otherwise a system limit (for SysV at least) may be exceeded.
>+.NOEXPORT:
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/pam_mkpolydir.8 Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/pam_mkpolydir.8
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/pam_mkpolydir.8	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/pam_mkpolydir.8	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,91 @@
>+.\"     Title: pam_mkpolydir
>+.\"    Author: 
>+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
>+.\"      Date: 06/02/2006
>+.\"    Manual: Linux\-PAM Manual
>+.\"    Source: Linux\-PAM Manual
>+.\"
>+.TH "PAM_MKPOLYDIR" "8" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
>+.\" disable hyphenation
>+.nh
>+.\" disable justification (adjust text to left margin only)
>+.ad l
>+.SH "NAME"
>+pam_mkpolydir \- PAM module to create users poly directory
>+.SH "SYNOPSIS"
>+.HP 17
>+\fBpam_mkpolydir.so\fR [silent] [debug]
>+.SH "DESCRIPTION"
>+.PP
>+The pam_mkpolydir PAM module will create a users polyinstantiated directories if they does not exist when the session begins. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories. The skeleton directory (usually
>+\fI/etc/skel/\fR) is used to copy default files and also set's a umask for the creation.
>+.PP
>+The new users home directory will not be removed after logout of the user.
>+.SH "OPTIONS"
>+.TP 3n
>+\fBsilent\fR
>+Don't print informative messages.
>+.TP 3n
>+\fBumask=\fR\fB\fImask\fR\fR
>+The user file\-creation mask is set to
>+\fImask\fR. The default value of mask is 0022.
>+.TP 3n
>+\fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR
>+Indicate an alternative
>+\fIskel\fR
>+directory to override the default
>+\fI/etc/skel\fR.
>+.SH "MODULE SERVICES PROVIDED"
>+.PP
>+Only the
>+\fBsession\fR
>+service is supported.
>+.SH "RETURN VALUES"
>+.TP 3n
>+PAM_BUF_ERR
>+Memory buffer error.
>+.TP 3n
>+PAM_CRED_INSUFFICIENT
>+Insufficient credentials to access authentication data.
>+.TP 3n
>+PAM_PERM_DENIED
>+Not enough permissions to create the new directory or read the skel directory.
>+.TP 3n
>+PAM_USER_UNKNOWN
>+User not known to the underlying authentication module.
>+.TP 3n
>+PAM_SUCCESS
>+Environment variables were set.
>+.SH "FILES"
>+.TP 3n
>+\fI/etc/skel\fR
>+Default skel directory
>+.SH "EXAMPLES"
>+.PP
>+A sample /etc/pam.d/login file:
>+.sp
>+.RS 3n
>+.nf
>+  auth       requisite   pam_securetty.so
>+  auth       sufficient  pam_ldap.so
>+  auth       required    pam_unix.so
>+  auth       required    pam_nologin.so
>+  account    sufficient  pam_ldap.so
>+  account    required    pam_unix.so
>+  password   required    pam_unix.so
>+  session    required    pam_mkpolydir.so 
>+  session    required    pam_unix.so
>+  session    optional    pam_lastlog.so
>+  session    optional    pam_mail.so standard
>+      
>+.fi
>+.RE
>+.sp
>+.SH "SEE ALSO"
>+.PP
>+
>+\fBpam.d\fR(8),
>+\fBpam\fR(8).
>+.SH "AUTHOR"
>+.PP
>+pam_mkpolydir was written by Ted X Toth <txtoth@gmail.com>.
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/pam_mkpolydir.8.xml Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/pam_mkpolydir.8.xml
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/pam_mkpolydir.8.xml	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/pam_mkpolydir.8.xml	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,161 @@
>+<?xml version="1.0" encoding="ISO-8859-1"?>
>+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
>+                   "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
>+
>+<refentry id='pam_mkpolydir'>
>+
>+  <refmeta>
>+    <refentrytitle>pam_mkpolydir</refentrytitle>
>+    <manvolnum>8</manvolnum>
>+    <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
>+  </refmeta>
>+
>+  <refnamediv id='pam_mkpolydir-name'>
>+    <refname>pam_mkpolydir</refname>
>+    <refpurpose>
>+      PAM module to create users polyinstantiated directories
>+    </refpurpose>
>+  </refnamediv>
>+
>+
>+
>+  <refsynopsisdiv>
>+    <cmdsynopsis id="pam_mkpolydir-cmdsynopsis">
>+      <command>pam_mkpolydir.so</command>
>+      <arg choice="opt">
>+        silent
>+      </arg>
>+      <arg choice="opt">
>+        debug
>+      </arg>
>+    </cmdsynopsis>
>+  </refsynopsisdiv>
>+
>+
>+  <refsect1 id="pam_mkpolydir-description">
>+    <title>DESCRIPTION</title>
>+    <para>
>+      The pam_mkpolydir PAM module will create a users polyinstantiated directories
>+      if they does not exist when the session begins. This allows users
>+      to be present in central database (such as NIS, kerberos or LDAP)
>+      without using a distributed file system or pre-creating a large
>+      number of directories. 
>+    </para>
>+    <para>
>+      The new users polyinstantiated directories will not be removed after logout
>+      of the user.
>+    </para>
>+  </refsect1>
>+
>+  <refsect1 id="pam_mkpolydir-options">
>+    <title>OPTIONS</title>
>+    <variablelist>
>+
>+      <varlistentry>
>+        <term>
>+          <option>silent</option>
>+        </term>
>+        <listitem>
>+          <para>
>+            Don't print informative messages.
>+          </para>
>+        </listitem>
>+      </varlistentry>
>+
>+    </variablelist>
>+  </refsect1>
>+
>+  <refsect1 id="pam_mkpolydir-services">
>+    <title>MODULE SERVICES PROVIDED</title>
>+    <para>
>+      Only the <option>session</option> service is supported.
>+    </para>
>+  </refsect1>
>+
>+  <refsect1 id="pam_mkpolydir-return_values">
>+    <title>RETURN VALUES</title>
>+    <variablelist>
>+      <varlistentry>
>+        <term>PAM_BUF_ERR</term>
>+        <listitem>
>+           <para>
>+             Memory buffer error.
>+          </para>
>+        </listitem>
>+      </varlistentry>
>+      <varlistentry>
>+        <term>PAM_CRED_INSUFFICIENT</term>
>+        <listitem>
>+           <para>
>+             Insufficient credentials to access authentication data.
>+          </para>
>+        </listitem>
>+      </varlistentry>
>+      <varlistentry>
>+        <term>PAM_PERM_DENIED</term>
>+        <listitem>
>+           <para>
>+             Not enough permissions to create the new directory
>+             or read the skel directory.
>+          </para>
>+        </listitem>
>+      </varlistentry>
>+      <varlistentry>
>+        <term>PAM_USER_UNKNOWN</term>
>+        <listitem>
>+           <para>
>+             User not known to the underlying authentication module.
>+          </para>
>+        </listitem>
>+      </varlistentry>
>+      <varlistentry>
>+        <term>PAM_SUCCESS</term>
>+        <listitem>
>+           <para>
>+             Environment variables were set.
>+          </para>
>+        </listitem>
>+      </varlistentry>
>+    </variablelist>
>+  </refsect1>
>+
>+  <refsect1 id='pam_mkpolydir-examples'>
>+    <title>EXAMPLES</title>
>+    <para>
>+      A sample /etc/pam.d/login file:
>+      <programlisting>
>+  auth       requisite   pam_securetty.so
>+  auth       sufficient  pam_ldap.so
>+  auth       required    pam_unix.so
>+  auth       required    pam_nologin.so
>+  account    sufficient  pam_ldap.so
>+  account    required    pam_unix.so
>+  password   required    pam_unix.so
>+  session    required    pam_mkpolydir.so
>+  session    required    pam_unix.so
>+  session    optional    pam_lastlog.so
>+  session    optional    pam_mail.so standard
>+      </programlisting>
>+    </para>
>+  </refsect1>
>+
>+
>+  <refsect1 id="pam_mkpolydir-see_also">
>+    <title>SEE ALSO</title>
>+    <para>
>+      <citerefentry>
>+        <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
>+      </citerefentry>,
>+      <citerefentry>
>+        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
>+      </citerefentry>.
>+    </para>
>+  </refsect1>
>+
>+  <refsect1 id="pam_mkpolydir-author">
>+    <title>AUTHOR</title>
>+    <para>
>+      pam_mkpolydir was adapted from pam_mkhomedir wriiten by Jason Gunthorpe &lt;jgg@debian.org&gt; by Ted X Toth &lt;txtoth@gmail.com&gt;.
>+    </para>
>+  </refsect1>
>+</refentry>
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/pam_mkpolydirc Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/pam_mkpolydir.c
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/pam_mkpolydir.c	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/pam_mkpolydir.c	2007-11-14 15:58:15.000000000 -0600
>@@ -0,0 +1,1105 @@
>+/* PAM Make Poly Dir module
>+
>+   This module will create a users polyinstantiated directories if they does 
>+   not exist when the session begins. This allows users to be present in 
>+   central database (such as nis, kerb or ldap) without using a distributed
>+   file system or pre-creating a large number of directories.
>+
>+   Here is a sample /etc/pam.d/login file for Debian GNU/Linux
>+   2.1:
>+
>+   auth       requisite  pam_securetty.so
>+   auth       sufficient pam_ldap.so
>+   auth       required   pam_unix.so
>+   auth       optional   pam_group.so
>+   auth       optional   pam_mail.so
>+   account    requisite  pam_time.so
>+   account    sufficient pam_ldap.so
>+   account    required   pam_unix.so
>+   session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
>+   session    required   pam_mkpolydir.so
>+   session    required   pam_unix.so
>+   session    optional   pam_lastlog.so
>+   password   required   pam_unix.so
>+
>+   Released under the GNU LGPL version 2 or later
>+   Written by Ted X Toth <txtoth@gmail.com>
>+   Structure taken from pam_mkhomedir by Jason Gunthorpe <jgg@debian.org> Feb 1999
>+*/
>+
>+#include "config.h"
>+
>+#include <stdarg.h>
>+#include <sys/types.h>
>+#include <sys/stat.h>
>+#include <fcntl.h>
>+#include <unistd.h>
>+#include <pwd.h>
>+#include <grp.h>
>+#include <errno.h>
>+#include <stdlib.h>
>+#include <stdio.h>
>+#include <string.h>
>+#include <dirent.h>
>+#include <syslog.h>
>+#include <ctype.h>
>+#include "argv_parse.h"
>+#include <stdio_ext.h>
>+#include <limits.h>
>+#include <glob.h>
>+
>+#include <selinux/selinux.h>
>+#include <selinux/av_permissions.h>
>+/*
>+ * here, we make a definition for the externally accessible function
>+ * in this file (this definition is required for static a module
>+ * but strongly encouraged generally) it is used to instruct the
>+ * modules include file to define the function prototypes.
>+ */
>+
>+#define PAM_SM_SESSION
>+
>+#include <security/pam_modules.h>
>+#include <security/_pam_macros.h>
>+#include <security/pam_modutil.h>
>+#include <security/pam_ext.h>
>+
>+
>+/* polydir flags */
>+#define POLYDIR_EXCLUSIVE     0x00000001 /* polyinstatiate exclusively for override uids */
>+#define POLYDIR_CREATE        0x00000002 /* create the polydir */
>+#define POLYDIR_NOINIT        0x00000004 /* no init script */
>+#define POLYDIR_SHARED        0x00000008 /* share context/level instances among users */
>+#define POLYDIR_ISCRIPT       0x00000010 /* non default init script */
>+
>+#ifndef SECURECONF_DIR
>+#define SECURECONF_DIR "/etc/security/"
>+#endif
>+
>+#define NAMESPACE_D_DIR (SECURECONF_DIR "namespace.d/")
>+#define NAMESPACE_D_GLOB (SECURECONF_DIR "namespace.d/*.conf")
>+
>+/* argument parsing */
>+#define MKPOLYDIR_DEBUG      020	/* keep quiet about things */
>+#define MKPOLYDIR_QUIET      040	/* keep quiet about things */
>+#define PAMNS_NO_PAM_USER 1
>+#define PAMNS_UNKNOWN_USER 2
>+#define PAMNS_PARSE_CONFIG_ERROR 3
>+#define PAMNS_IGN_CONFIG_ERR  0x00004000 /* Ignore format error in conf file */
>+#define PAM_NAMESPACE_CONFIG "/etc/security/namespace.conf"
>+#define POLYDIR_EXCLUSIVE    0x00000001
>+
>+static unsigned int module_umask = 0022;
>+static int ctrl = 0;
>+
>+/*
>+ * Polyinstantiation method options, based on user, security context
>+ * or both
>+ */
>+enum polymethod {
>+    NONE,
>+    USER,
>+    CONTEXT,
>+    LEVEL,
>+    TMPDIR,
>+    TMPFS
>+};
>+
>+/*
>+ * Depending on the application using this namespace module, we
>+ * may need to unmount priviously bind mounted instance directory.
>+ * Applications such as login and sshd, that establish a new 
>+ * session unmount of instance directory is not needed. For applications
>+ * such as su and newrole, that switch the identity, this module 
>+ * has to unmount previous instance directory first and re-mount
>+ * based on the new indentity. For other trusted applications that
>+ * just want to undo polyinstantiation, only unmount of previous
>+ * instance directory is needed.
>+ */
>+enum unmnt_op {
>+    NO_UNMNT,
>+    UNMNT_REMNT,
>+    UNMNT_ONLY
>+};
>+
>+/*
>+ * Structure that holds information about a directory to polyinstantiate
>+ */
>+struct polydir_s {
>+    char dir[PATH_MAX];    	       	/* directory to polyinstantiate */
>+    char rdir[PATH_MAX];    	       	/* directory to unmount (based on RUSER) */
>+    char instance_prefix[PATH_MAX];	/* prefix for instance dir path name */
>+    enum polymethod method;		/* method used to polyinstantiate */
>+    unsigned int num_uids;		/* number of override uids */
>+    uid_t *uid;				/* list of override uids */
>+    unsigned int flags;			/* polydir flags */
>+    char *init_script;			/* path to init script */
>+    uid_t owner;			/* user which should own the polydir */
>+    gid_t group;			/* group which should own the polydir */
>+    mode_t mode;			/* mode of the polydir */
>+    struct polydir_s *next;		/* pointer to the next polydir entry */
>+};
>+
>+struct instance_data {
>+    pam_handle_t *pamh;		/* The pam handle for this instance */
>+    struct polydir_s *polydirs_ptr; /* The linked list pointer */
>+    char user[LOGIN_NAME_MAX];	/* User name */
>+    char ruser[LOGIN_NAME_MAX];	/* Requesting user name */
>+    uid_t uid;			/* The uid of the user */
>+    gid_t gid;			/* The gid of the user's primary group */
>+    uid_t ruid;			/* The uid of the requesting user */
>+    unsigned long flags;	/* Flags for debug, selinux etc */
>+};
>+
>+/*
>+ * Adds an entry for a polyinstantiated directory to the linked list of
>+ * polyinstantiated directories. It is called from process_line() while
>+ * parsing the namespace configuration file.
>+ */
>+static void add_polydir_entry(struct instance_data *idata,
>+	struct polydir_s *ent)
>+{
>+    /* Now attach to linked list */
>+    ent->next = NULL;
>+    if (idata->polydirs_ptr == NULL)
>+        idata->polydirs_ptr = ent;
>+    else {
>+        struct polydir_s *tail;
>+
>+        tail = idata->polydirs_ptr;
>+        while (tail->next)
>+            tail = tail->next;
>+        tail->next = ent;
>+    }
>+}
>+
>+static void del_polydir(struct polydir_s *poly)
>+{
>+	free(poly->uid);
>+	free(poly->init_script);
>+	free(poly);
>+}
>+
>+/*
>+ * Deletes all the entries in the linked list.
>+ */
>+static void del_polydir_list(struct polydir_s *polydirs_ptr)
>+{
>+        struct polydir_s *dptr = polydirs_ptr;
>+
>+	while (dptr) {
>+        	struct polydir_s *tptr = dptr;
>+		dptr = dptr->next;
>+		del_polydir(tptr);
>+	}
>+}
>+
>+static char *expand_variables(const char *orig, const char *var_names[], const char *var_values[])
>+{
>+	const char *src = orig;
>+	char *dst;
>+	char *expanded;
>+	char c;
>+	size_t dstlen = 0;
>+	while (*src) {
>+		if (*src == '$') {
>+			int i;
>+			for (i = 0; var_names[i]; i++) {
>+				int namelen = strlen(var_names[i]);
>+				if (strncmp(var_names[i], src+1, namelen) == 0) {
>+					dstlen += strlen(var_values[i]) - 1; /* $ */
>+					src += namelen;
>+					break;
>+				}
>+			}
>+		}
>+		++dstlen;
>+		++src;
>+	}
>+	if ((dst=expanded=malloc(dstlen + 1)) == NULL)
>+		return NULL;
>+	src = orig;
>+	while ((c=*src) != '\0') {
>+		if (c == '$') {
>+			int i;
>+			for (i = 0; var_names[i]; i++) {
>+				int namelen = strlen(var_names[i]);
>+				if (strncmp(var_names[i], src+1, namelen) == 0) {
>+					dst = stpcpy(dst, var_values[i]);
>+					--dst;
>+					c = *dst; /* replace $ */
>+					src += namelen;
>+					break;
>+				}
>+			}
>+		}
>+		*dst = c;
>+		++dst;
>+		++src;
>+	}
>+	*dst = '\0';
>+	return expanded;
>+}
>+
>+static int parse_create_params(char *params, struct polydir_s *poly,
>+	struct instance_data *idata)
>+{
>+    char *next;
>+    struct passwd *pwd = NULL;
>+    struct group *grp;
>+
>+    poly->mode = (mode_t)ULONG_MAX;
>+    poly->owner = (uid_t)ULONG_MAX;
>+    poly->group = (gid_t)ULONG_MAX;
>+
>+    if (*params != '=')
>+    	return 0;
>+    params++;
>+    
>+    next = strchr(params, ',');
>+    if (next != NULL) {
>+	*next = '\0';
>+	next++;
>+    }
>+
>+    if (*params != '\0') {
>+	errno = 0;
>+	poly->mode = (mode_t)strtoul(params, NULL, 0);
>+	if (errno != 0) {
>+	    poly->mode = (mode_t)ULONG_MAX;
>+	}
>+    }
>+
>+    params = next;
>+    if (params == NULL)
>+    	return 0;
>+    next = strchr(params, ',');
>+    if (next != NULL) {
>+	*next = '\0';
>+	next++;
>+    }
>+
>+    if (*params != '\0') {
>+	pwd = getpwnam(params); /* session modules are not reentrant */
>+	if (pwd == NULL) {
>+           if (idata->flags & MKPOLYDIR_DEBUG) {
>+	        pam_syslog(idata->pamh, LOG_DEBUG, "Create parameters unknown user: '%s'", params);
>+           }
>+	    return -1;
>+       }
>+	poly->owner = pwd->pw_uid;
>+    }
>+
>+    params = next;
>+    if (params == NULL || *params == '\0') {
>+	if (pwd != NULL)
>+	    poly->group = pwd->pw_gid;
>+    	return 0;
>+    }
>+    grp = getgrnam(params);
>+    if (grp == NULL) {
>+           if (idata->flags & MKPOLYDIR_DEBUG) {
>+	        pam_syslog(idata->pamh, LOG_DEBUG, "Create parameters unknown group: '%s'", params);
>+           }
>+           return -1;
>+    }
>+    poly->group = grp->gr_gid;
>+    
>+    return 0;
>+}
>+
>+static int parse_iscript_params(char *params, struct polydir_s *poly,
>+		struct instance_data *idata)
>+{
>+    if (*params != '=')
>+    	return 0;
>+    params++;
>+    
>+    if (*params != '\0') {
>+	if (*params != '/') { /* path is relative to NAMESPACE_D_DIR */
>+		if (asprintf(&poly->init_script, "%s%s", NAMESPACE_D_DIR, params) == -1)
>+			return -1;
>+	} else {
>+		poly->init_script = strdup(params);
>+	}
>+	if (poly->init_script == NULL)
>+		return -1;
>+    }
>+    if (idata->flags & MKPOLYDIR_DEBUG) {
>+	    pam_syslog(idata->pamh, LOG_DEBUG, "iscript: '%s'", poly->init_script);
>+    }
>+    return 0;
>+}
>+
>+static int parse_method(char *method, struct polydir_s *poly,
>+		struct instance_data *idata)
>+{
>+    enum polymethod pm;
>+    char *sptr = NULL;
>+    static const char *method_names[] = { "user", "context", "level", "tmpdir",
>+    	"tmpfs", NULL };
>+    static const char *flag_names[] = { "create", "noinit", "iscript",
>+    	"shared", NULL };
>+    static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT,
>+    	POLYDIR_ISCRIPT, POLYDIR_SHARED };
>+    int i;
>+    char *flag;
>+
>+    method = strtok_r(method, ":", &sptr);
>+    pm = NONE;
>+
>+    for (i = 0; method_names[i]; i++) {
>+    	if (strcmp(method, method_names[i]) == 0) {
>+    		pm = i + 1; /* 0 = NONE */
>+    	}
>+    }
>+
>+    if (pm == NONE) {
>+        pam_syslog(idata->pamh, LOG_NOTICE, "Unknown method");
>+        return -1;
>+    }
>+    
>+    poly->method = pm;
>+    
>+    while ((flag=strtok_r(NULL, ":", &sptr)) != NULL) {
>+    	for (i = 0; flag_names[i]; i++) {
>+    		int namelen = strlen(flag_names[i]);
>+
>+    		if (strncmp(flag, flag_names[i], namelen) == 0) {
>+    			poly->flags |= flag_values[i];
>+    			switch (flag_values[i]) {
>+    			    case POLYDIR_CREATE:
>+    			    	if (parse_create_params(flag+namelen, poly, idata) != 0) {
>+				        pam_syslog(idata->pamh, LOG_CRIT, "Invalid create parameters");
>+    			    		return -1;
>+    			    	}
>+    			    	break;
>+
>+    			    case POLYDIR_ISCRIPT:
>+    			    	if (parse_iscript_params(flag+namelen, poly, idata) != 0) {
>+				        pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
>+    			    		return -1;
>+    			    	};
>+    			    	break;
>+    			}
>+    		}
>+    	}
>+    }
>+
>+    return 0;
>+}
>+
>+/*
>+ * Called from parse_config_file, this function processes a single line
>+ * of the namespace configuration file. It skips over comments and incomplete
>+ * or malformed lines. It processes a valid line with information on
>+ * polyinstantiating a directory by populating appropriate fields of a
>+ * polyinstatiated directory structure and then calling add_polydir_entry to
>+ * add that entry to the linked list of polyinstantiated directories.
>+ */
>+static int process_line(char *line, const char *home, const char *rhome,
>+			struct instance_data *idata)
>+{
>+    char *dir = NULL, *instance_prefix = NULL, *rdir = NULL;
>+    char *method, *uids;
>+    char *tptr;
>+    struct polydir_s *poly;
>+    int retval = 0;
>+    char **config_options = NULL;
>+    static const char *var_names[] = {"HOME", "USER", NULL};
>+    const char *var_values[] = {home, idata->user};
>+    const char *rvar_values[] = {rhome, idata->ruser};
>+    int len;
>+
>+    poly = calloc(1, sizeof(*poly));
>+    if (poly == NULL)
>+    	goto erralloc;
>+
>+    /*
>+     * skip the leading white space
>+     */
>+    while (*line && isspace(*line))
>+        line++;
>+
>+    /*
>+     * Rip off the comments
>+     */
>+    tptr = strchr(line,'#');
>+    if (tptr)
>+        *tptr = '\0';
>+
>+    /*
>+     * Rip off the newline char
>+     */
>+    tptr = strchr(line,'\n');
>+    if (tptr)
>+        *tptr = '\0';
>+
>+    /*
>+     * Anything left ?
>+     */
>+    if (line[0] == 0)
>+        return 0;
>+
>+    /*
>+     * Initialize and scan the five strings from the line from the
>+     * namespace configuration file.
>+     */
>+    retval = argv_parse(line, NULL, &config_options);
>+    if (retval != 0) {
>+        goto erralloc;
>+    }
>+
>+    dir = config_options[0];
>+    if (dir == NULL) {
>+        pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing polydir");
>+        goto skipping;
>+    }
>+    instance_prefix = config_options[1];
>+    if (instance_prefix == NULL) {
>+        pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing instance_prefix");
>+        instance_prefix = NULL;
>+        goto skipping;
>+    }
>+    method = config_options[2];
>+    if (method == NULL) {
>+        pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing method");
>+        instance_prefix = NULL;
>+        dir = NULL;
>+        goto skipping;
>+    }
>+
>+    /*
>+     * Only the uids field is allowed to be blank, to indicate no
>+     * override users for polyinstantiation of that directory. If
>+     * any of the other fields are blank, the line is incomplete so
>+     * skip it.
>+     */
>+    uids = config_options[3];
>+
>+    /*
>+     * Expand $HOME and $USER in poly dir and instance dir prefix
>+     */
>+    if ((rdir=expand_variables(dir, var_names, rvar_values)) == NULL) {
>+	    instance_prefix = NULL;
>+	    dir = NULL;
>+	    goto erralloc;
>+    }
>+    
>+    if ((dir=expand_variables(dir, var_names, var_values)) == NULL) {
>+	    instance_prefix = NULL;
>+	    goto erralloc;
>+    }
>+    
>+    if ((instance_prefix=expand_variables(instance_prefix, var_names, var_values))
>+	    == NULL) {
>+	    goto erralloc;
>+    }
>+
>+    if (idata->flags & MKPOLYDIR_DEBUG) {
>+	    pam_syslog(idata->pamh, LOG_DEBUG, "Expanded polydir: '%s'", dir);
>+	    pam_syslog(idata->pamh, LOG_DEBUG, "Expanded ruser polydir: '%s'", rdir);
>+	    pam_syslog(idata->pamh, LOG_DEBUG, "Expanded instance prefix: '%s'", instance_prefix);
>+    }
>+
>+    len = strlen(dir);
>+    if (len > 0 && dir[len-1] == '/') {
>+	    dir[len-1] = '\0';
>+    }
>+
>+    len = strlen(rdir);
>+    if (len > 0 && rdir[len-1] == '/') {
>+	    rdir[len-1] = '\0';
>+    }
>+    
>+    if (dir[0] == '\0' || rdir[0] == '\0') {
>+    	    pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir");
>+    	    goto skipping;
>+    }
>+    
>+    /*
>+     * Populate polyinstantiated directory structure with appropriate
>+     * pathnames and the method with which to polyinstantiate.
>+     */
>+    if (strlen(dir) >= sizeof(poly->dir)
>+        || strlen(rdir) >= sizeof(poly->rdir)
>+	|| strlen(instance_prefix) >= sizeof(poly->instance_prefix)) {
>+	pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long");
>+	goto skipping;
>+    }
>+    strcpy(poly->dir, dir);
>+    strcpy(poly->rdir, rdir);
>+    strcpy(poly->instance_prefix, instance_prefix);
>+
>+    if (parse_method(method, poly, idata) != 0) {
>+    	    goto skipping;
>+    }
>+
>+    if (poly->method == TMPDIR) {
>+    	if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) {
>+    		pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long");
>+    		goto skipping;
>+    	}
>+	strcat(poly->instance_prefix, "XXXXXX");
>+    }
>+
>+    /*
>+     * Ensure that all pathnames are absolute path names.
>+     */
>+    if ((poly->dir[0] != '/') || (poly->method != TMPFS && poly->instance_prefix[0] != '/')) {
>+        pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames must start with '/'");
>+        goto skipping;
>+    }
>+    if (strstr(dir, "..") || strstr(poly->instance_prefix, "..")) {
>+        pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames must not contain '..'");
>+        goto skipping;
>+    }
>+
>+    /*
>+     * If the line in namespace.conf for a directory to polyinstantiate
>+     * contains a list of override users (users for whom polyinstantiation
>+     * is not performed), read the user ids, convert names into uids, and
>+     * add to polyinstantiated directory structure.
>+     */
>+    if (uids) {
>+        uid_t *uidptr;
>+        const char *ustr, *sstr;
>+        int count, i;
>+	
>+	if (*uids == '~') {
>+		poly->flags |= POLYDIR_EXCLUSIVE;
>+		uids++;
>+	}
>+        for (count = 0, ustr = sstr = uids; sstr; ustr = sstr + 1, count++)
>+           sstr = strchr(ustr, ',');
>+
>+        poly->num_uids = count;
>+        poly->uid = (uid_t *) malloc(count * sizeof (uid_t));
>+        uidptr = poly->uid;
>+        if (uidptr == NULL) {
>+            goto erralloc;
>+        }
>+
>+        ustr = uids;
>+        for (i = 0; i < count; i++) {
>+            struct passwd *pwd;
>+
>+            tptr = strchr(ustr, ',');
>+            if (tptr)
>+                *tptr = '\0';
>+
>+            pwd = pam_modutil_getpwnam(idata->pamh, ustr);
>+            if (pwd == NULL) {
>+        	pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr);
>+        	poly->num_uids--;
>+            } else {
>+                *uidptr = pwd->pw_uid;
>+                uidptr++;
>+            }
>+            ustr = tptr + 1;
>+        }
>+    }
>+
>+    /*
>+     * Add polyinstantiated directory structure to the linked list
>+     * of all polyinstantiated directory structures.
>+     */
>+    add_polydir_entry(idata, poly);
>+
>+    goto out;
>+
>+erralloc:
>+    pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
>+    
>+skipping:
>+    if (idata->flags & PAMNS_IGN_CONFIG_ERR)
>+        retval = 0;
>+    else
>+        retval = PAM_SERVICE_ERR;
>+    del_polydir(poly);
>+out:
>+    free(rdir);
>+    free(dir);
>+    free(instance_prefix);
>+    argv_free(config_options);
>+    return retval;
>+}
>+
>+
>+/*
>+ * Parses /etc/security/namespace.conf file to build a linked list of
>+ * polyinstantiated directory structures of type polydir_s. Each entry
>+ * in the linked list contains information needed to polyinstantiate
>+ * one directory.
>+ */
>+static int parse_config_file(struct instance_data *idata)
>+{
>+    FILE *fil;
>+    char *home, *rhome;
>+    const char *confname;
>+    struct passwd *cpwd;
>+    char *line;
>+    int retval;
>+    size_t len = 0;
>+    glob_t globbuf;
>+    const char *oldlocale;
>+    size_t n;
>+
>+    /*
>+     * Extract the user's home directory to resolve $HOME entries
>+     * in the namespace configuration file.
>+     */
>+    cpwd = pam_modutil_getpwnam(idata->pamh, idata->user);
>+    if (!cpwd) {
>+        pam_syslog(idata->pamh, LOG_ERR,
>+               "Error getting home dir for '%s'", idata->user);
>+        return PAM_SESSION_ERR;
>+    }
>+    if ((home=strdup(cpwd->pw_dir)) == NULL) {
>+    	pam_syslog(idata->pamh, LOG_CRIT,
>+    		"Memory allocation error");
>+    	return PAM_SESSION_ERR;
>+    }
>+
>+    cpwd = pam_modutil_getpwnam(idata->pamh, idata->ruser);
>+    if (!cpwd) {
>+	pam_syslog(idata->pamh, LOG_ERR,
>+	        "Error getting home dir for '%s'", idata->ruser);
>+	free(home);
>+	return PAM_SESSION_ERR;
>+    }
>+
>+    if ((rhome=strdup(cpwd->pw_dir)) == NULL) {
>+    	pam_syslog(idata->pamh, LOG_CRIT,
>+    		"Memory allocation error");
>+    	free(home);
>+    	return PAM_SESSION_ERR;
>+    }
>+
>+    /*
>+     * Open configuration file, read one line at a time and call
>+     * process_line to process each line.
>+     */
>+
>+    memset(&globbuf, '\0', sizeof(globbuf));
>+    oldlocale = setlocale(LC_COLLATE, "C");
>+    glob(NAMESPACE_D_GLOB, 0, NULL, &globbuf);
>+    if (oldlocale != NULL)
>+	setlocale(LC_COLLATE, oldlocale);
>+
>+    confname = PAM_NAMESPACE_CONFIG;
>+    n = 0;
>+    for (;;) {
>+	if (idata->flags & MKPOLYDIR_DEBUG)
>+		pam_syslog(idata->pamh, LOG_DEBUG, "Parsing config file %s",
>+			confname);
>+	fil = fopen(confname, "r");
>+	if (fil == NULL) {
>+	    pam_syslog(idata->pamh, LOG_ERR, "Error opening config file %s",
>+		confname);	    
>+            globfree(&globbuf);
>+	    free(rhome);
>+	    free(home);
>+	    return PAM_SERVICE_ERR;
>+	}
>+
>+	/* Use unlocked IO */
>+	__fsetlocking(fil, FSETLOCKING_BYCALLER);
>+
>+	line = NULL;
>+	/* loop reading the file */
>+	while (getline(&line, &len, fil) > 0) {
>+	    retval = process_line(line, home, rhome, idata);
>+	    if (retval) {
>+		pam_syslog(idata->pamh, LOG_ERR,
>+		"Error processing conf file %s line %s", confname, line);
>+	        fclose(fil);
>+	        free(line);
>+	        globfree(&globbuf);
>+	        free(rhome);
>+	        free(home);
>+	        return PAM_SERVICE_ERR;
>+	    }
>+	}
>+	fclose(fil);
>+	free(line);
>+
>+	if (n >= globbuf.gl_pathc)
>+	    break;
>+
>+	confname = globbuf.gl_pathv[n];	
>+	n++;
>+    }
>+    
>+    globfree(&globbuf);
>+    free(rhome);
>+    free(home);
>+    
>+    /* All done...just some debug stuff */
>+    if (idata->flags & MKPOLYDIR_DEBUG) {
>+        struct polydir_s *dptr = idata->polydirs_ptr;
>+        uid_t *iptr;
>+        uid_t i;
>+
>+        pam_syslog(idata->pamh, LOG_DEBUG,
>+    	    dptr?"Configured poly dirs:":"No configured poly dirs");
>+        while (dptr) {
>+            pam_syslog(idata->pamh, LOG_DEBUG, "dir='%s' iprefix='%s' meth=%d",
>+		   dptr->dir, dptr->instance_prefix, dptr->method);
>+            for (i = 0, iptr = dptr->uid; i < dptr->num_uids; i++, iptr++)
>+                pam_syslog(idata->pamh, LOG_DEBUG, "override user %d ", *iptr);
>+            dptr = dptr->next;
>+        }
>+    }
>+
>+    return PAM_SUCCESS;
>+}
>+
>+static int
>+_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv)
>+{
>+
>+        /* does the appliction require quiet? */
>+        if ((flags & PAM_SILENT) == PAM_SILENT)
>+                ctrl |= MKPOLYDIR_QUIET;
>+
>+        /* step through arguments */
>+        for (; argc-- > 0; ++argv) {
>+                if (!strcmp(*argv, "silent"))
>+                        ctrl |= MKPOLYDIR_QUIET;
>+                else if (!strcmp(*argv,"debug"))
>+                        ctrl |= MKPOLYDIR_DEBUG;
>+		else if (!strncmp(*argv,"umask=",6))
>+		        module_umask = strtol(*argv+6,0,0);
>+                else
>+                        pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
>+        }
>+
>+        D(("ctrl = %o", ctrl));
>+        return ctrl;
>+}
>+
>+static int
>+create_polydir(char *dir, struct polydir_s *pptr, pam_handle_t * pamh, int debug, uid_t uid, gid_t gid)
>+{
>+        mode_t my_mode;
>+        int rc;
>+        security_context_t dircon;
>+        char *my_dir;
>+
>+        if (pptr->mode != (mode_t)ULONG_MAX)
>+                my_mode = pptr->mode;
>+        else
>+                my_mode = 0777 & (~module_umask);
>+
>+        rc = mkdir(dir, my_mode);
>+        if (rc == EACCES) {
>+                pam_syslog(pamh, LOG_ERR,
>+                           "Error creating directory %s: %m, but continuing.", dir);
>+                return PAM_SUCCESS;
>+        } else if (rc != 0) {
>+                pam_syslog(pamh, LOG_ERR,
>+                           "Error creating directory %s: %m.", dir);
>+                return PAM_SESSION_ERR;
>+        }
>+
>+        if (debug)
>+                pam_syslog(pamh, LOG_DEBUG,
>+                           "Created directory %s.", dir);
>+
>+        if (chmod(dir, my_mode) != 0) {
>+                pam_syslog(pamh, LOG_ERR,
>+                           "Error changing mode of directory %s: %m.", dir);
>+                return PAM_SESSION_ERR;
>+        }
>+
>+        if (pptr->owner != (uid_t)ULONG_MAX || pptr->group != (gid_t)ULONG_MAX) {
>+                if (chown(dir, pptr->owner, pptr->group) != 0) {
>+                        pam_syslog(pamh, LOG_ERR,
>+                                   "Unable to change owner on directory %s: %m", dir);
>+                        return PAM_PERM_DENIED;
>+                }
>+                if (debug)
>+                        pam_syslog(pamh, LOG_DEBUG,
>+                                   "Set owner %d group %d from configuration.", pptr->owner, pptr->group);
>+                                        
>+        } else {
>+                if (chown(dir, uid, gid) != 0) {
>+                        pam_syslog(pamh, LOG_ERR,
>+                                   "Unable to change owner on directory %s: %m", dir);
>+                        return PAM_PERM_DENIED;
>+                }
>+                if (debug)
>+                        pam_syslog(pamh, LOG_DEBUG,
>+                                   "Set %s owner %d group %d.", dir, uid, gid);
>+                                        
>+        }
>+
>+                                        
>+        if (asprintf(&my_dir, "%s", dir) < 0) {
>+                pam_syslog(pamh, LOG_ERR,
>+                           "Error creating directory %m.");
>+                return PAM_SESSION_ERR;
>+        }
>+        if (my_dir[strlen(my_dir)-1] == '/')
>+                my_dir[strlen(my_dir)-1] = '\0';
>+
>+        rc = matchpathcon(my_dir, my_mode, &dircon);
>+        if (rc) {
>+                matchpathcon_fini();
>+                pam_syslog(pamh, LOG_WARNING,
>+                           "Unable to get default context for directory %s, check your policy: %m.", my_dir);
>+                free(my_dir);
>+                return 0;
>+        }
>+
>+        matchpathcon_fini();
>+
>+        if (debug)
>+                pam_syslog(pamh, LOG_DEBUG,
>+                           "setfilecon for %s to %s.", my_dir, (char*)dircon);
>+
>+        rc = setfilecon(my_dir, dircon);
>+        if (rc) {
>+                pam_syslog(pamh, LOG_ERR,
>+                           "Error setting default context for directory %s: %m.", my_dir);
>+                free(my_dir);
>+                freecon(dircon);
>+                return PAM_SESSION_ERR;
>+        }
>+
>+        if (debug)
>+                pam_syslog(pamh, LOG_DEBUG,
>+                           "Set %s context %s.", my_dir, dircon);
>+        free(my_dir);
>+        freecon(dircon);
>+        return 0;
>+}
>+
>+/*
>+ * This funtion returns true if a given uid is present in the polyinstantiated
>+ * directory's list of override uids. If the uid is one of the override
>+ * uids for the polyinstantiated directory, polyinstantiation is not
>+ * performed for that user for that directory.
>+ * If exclusive is set the returned values are opposite.
>+ */
>+static int ns_override(struct polydir_s *polyptr, struct instance_data *idata,
>+		uid_t uid)
>+{
>+    unsigned int i;
>+
>+    if (idata->flags & MKPOLYDIR_DEBUG)
>+    	pam_syslog(idata->pamh, LOG_DEBUG,
>+		"Checking for ns override in dir %s for uid %d",
>+		polyptr->dir, uid);
>+
>+    for (i = 0; i < polyptr->num_uids; i++) {
>+        if (uid == polyptr->uid[i]) {
>+            return !(polyptr->flags & POLYDIR_EXCLUSIVE);
>+        }
>+    }
>+
>+    return !!(polyptr->flags & POLYDIR_EXCLUSIVE);
>+}
>+
>+static int
>+create_polydirs(const struct passwd *pwd,
>+                struct instance_data *idata)
>+{
>+        struct polydir_s *pptr;
>+        struct stat st, parent_st;
>+        char *parent = NULL;
>+        char *cp;
>+        int rc;
>+
>+        set_matchpathcon_flags(MATCHPATHCON_VALIDATE | MATCHPATHCON_NOTRANS);
>+        /* Load the file contexts configuration and check it. */
>+        for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
>+                
>+                if (ns_override(pptr, idata, pwd->pw_uid)) {
>+                        return PAM_SUCCESS;
>+                }
>+                /* Does the directory to be polyinstantiated exist? */
>+                if (stat(pptr->dir, &st) < 0) {
>+                        /* No so make it in the image of its' parent */
>+                        parent = strdup (pptr->dir);
>+                        
>+                        if (parent == NULL)
>+                                return PAM_BUF_ERR;
>+                        
>+                        pam_syslog(idata->pamh, LOG_DEBUG,
>+                                   "Process %s.", pptr->dir);
>+                        cp = strrchr (parent, '/');
>+
>+                        if (cp != NULL) {
>+                                *cp++ = '\0';
>+                                if (stat(parent, &parent_st) == -1 && errno == ENOENT) {
>+                                        pam_syslog(idata->pamh, LOG_ERR,
>+                                                   "Error stating directory %s: %m.", parent);
>+                                        free (parent);
>+                                        return PAM_SESSION_ERR;
>+                                } else {
>+                                        if ((rc = create_polydir(pptr->dir, pptr, idata->pamh, idata->flags & MKPOLYDIR_DEBUG, parent_st.st_uid, parent_st.st_gid)) != 0) {
>+                                                free(parent);
>+                                                return rc;
>+                                        }
>+                                }
>+                        } else {
>+                                pam_syslog(idata->pamh, LOG_ERR,
>+                                           "Error getting parent of directory %s.", parent);
>+                                free (parent);
>+                                return PAM_SESSION_ERR;
>+                                                
>+                        }
>+                        free (parent);
>+                }
>+
>+                /* Does the polyinstantiated instance directory exist? */
>+                if (stat(pptr->instance_prefix, &st) != 0)
>+                        if ((rc = create_polydir(pptr->instance_prefix, pptr, idata->pamh, idata->flags & MKPOLYDIR_DEBUG, pwd->pw_uid, pwd->pw_gid)) != 0)
>+                                return rc;
>+
>+                        
>+        }
>+        return PAM_SUCCESS;
>+}
>+
>+static int get_user_data(struct instance_data *idata)
>+{
>+    int retval;
>+    char *user_name;
>+    struct passwd *pwd;
>+    /* 
>+     * Lookup user and fill struct items
>+     */
>+    retval = pam_get_item(idata->pamh, PAM_USER, (void*) &user_name );
>+    if ( user_name == NULL || retval != PAM_SUCCESS ) {
>+        pam_syslog(idata->pamh, LOG_ERR, "Error recovering pam user name");
>+        return PAM_SESSION_ERR;
>+    }
>+
>+    pwd = pam_modutil_getpwnam(idata->pamh, user_name);
>+    if (!pwd) {
>+        pam_syslog(idata->pamh, LOG_ERR, "user unknown '%s'", user_name);
>+        return PAM_USER_UNKNOWN;
>+    }
>+
>+    /*
>+     * Add the user info to the instance data so we can refer to them later.
>+     */
>+    idata->user[0] = 0;
>+    strncat(idata->user, user_name, sizeof(idata->user) - 1);
>+    idata->uid = pwd->pw_uid;
>+    idata->gid = pwd->pw_gid;
>+
>+    /* Fill in RUSER too */
>+    retval = pam_get_item(idata->pamh, PAM_RUSER, (void*) &user_name );
>+    if ( user_name != NULL && retval == PAM_SUCCESS && user_name[0] != '\0' ) {
>+    	strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1);
>+    	pwd = pam_modutil_getpwnam(idata->pamh, user_name);
>+    } else {
>+    	pwd = pam_modutil_getpwuid(idata->pamh, getuid());
>+    }
>+    if (!pwd) {
>+	pam_syslog(idata->pamh, LOG_ERR, "user unknown '%s'", user_name);
>+	return PAM_USER_UNKNOWN;
>+    }
>+    user_name = pwd->pw_name;
>+
>+    idata->ruser[0] = 0;
>+    strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1);
>+    idata->ruid = pwd->pw_uid;
>+
>+    return PAM_SUCCESS;
>+}
>+
>+static int setup_instance_data(struct instance_data *idata)
>+{
>+        int retval;
>+
>+        retval = get_user_data(idata);
>+        if (retval != PAM_SUCCESS)
>+    	         return retval;
>+
>+        /*
>+         * Parse namespace configuration file which lists directories to
>+         * polyinstantiate, directory where instance directories are to
>+         * be created for polyinstantiation.
>+         */
>+        retval = parse_config_file(idata);
>+        if (retval != PAM_SUCCESS) {
>+                del_polydir_list(idata->polydirs_ptr);
>+                return PAMNS_PARSE_CONFIG_ERROR;
>+        }
>+        if (idata->flags & MKPOLYDIR_DEBUG)
>+                pam_syslog(idata->pamh, LOG_DEBUG, "setup_instance_data for %s returning %d", 
>+                           idata->user, retval);
>+        return retval;
>+}
>+
>+
>+/* --- authentication management functions (only) --- */
>+
>+PAM_EXTERN int
>+pam_sm_open_session (pam_handle_t *pamh, int flags, int argc,
>+		     const char **argv)
>+{
>+        int retval;
>+        const struct passwd *pwd;
>+        struct instance_data idata;
>+
>+        /* Parse the flag values */
>+        ctrl = _pam_parse(pamh, flags, argc, argv);
>+   
>+        /* init instance data */
>+        idata.flags = ctrl;
>+        idata.polydirs_ptr = NULL;
>+        idata.pamh = pamh;
>+        retval = setup_instance_data(&idata);
>+        if (retval)
>+                return PAM_SESSION_ERR;
>+
>+        /* Get the password entry */
>+        pwd = pam_modutil_getpwnam (pamh, idata.user);
>+        if (pwd == NULL) {
>+                D(("couldn't identify user %s", idata.user));
>+                return PAM_CRED_INSUFFICIENT;
>+        }
>+
>+        retval =  create_polydirs(pwd, &idata);
>+
>+        if (ctrl & MKPOLYDIR_DEBUG) {
>+                if (retval == PAM_SUCCESS) {
>+                        pam_syslog(pamh, LOG_DEBUG,
>+                                   "Returned PAM_SUCCESS.");
>+                } else {
>+                        pam_syslog(pamh, LOG_DEBUG,
>+                                   "Returned %d.", retval);
>+                }
>+        }
>+        return retval;
>+}
>+
>+/* Ignore */
>+PAM_EXTERN
>+int pam_sm_close_session (pam_handle_t * pamh UNUSED, int flags UNUSED,
>+			  int argc UNUSED, const char **argv UNUSED)
>+{
>+        return PAM_SUCCESS;
>+}
>+
>+#ifdef PAM_STATIC
>+
>+/* static module data */
>+struct pam_module _pam_mkpolydir_modstruct =
>+{
>+        "pam_mkpolydir",
>+        NULL,
>+        NULL,
>+        NULL,
>+        pam_sm_open_session,
>+        pam_sm_close_session,
>+        NULL,
>+};
>+
>+#endif
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/README Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/README
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/README	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/README	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,36 @@
>+pam_mkpolydir â PAM module to create users polyinstantiated directory
>+
>+âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
>+
>+DESCRIPTION
>+
>+The pam_mkpolydir PAM module will create a users polyinstantiated directories 
>+if they does not exist when the session begins. This allows users to be 
>+present in central database (such as NIS, kerberos or LDAP) without using a 
>+distributed file system or pre-creating a large number of directories.
>+
>+The new users polyinstantiated directories will not be removed after logout of 
>+the user.
>+
>+EXAMPLES
>+
>+A sample /etc/pam.d/login file:
>+
>+  auth       requisite   pam_securetty.so
>+  auth       sufficient  pam_ldap.so
>+  auth       required    pam_unix.so
>+  auth       required    pam_nologin.so
>+  account    sufficient  pam_ldap.so
>+  account    required    pam_unix.so
>+  password   required    pam_unix.so
>+  session    required    pam_mkpolydir.so
>+  session    required    pam_unix.so
>+  session    optional    pam_lastlog.so
>+  session    optional    pam_mail.so standard
>+
>+
>+AUTHOR
>+
>+pam_mkpolydir was adapted from pam_mkhomedir wriiten by Jason Gunthorpe 
>+<jgg@debian.org> by Ted X Toth <txtoth@gmail.com>.
>+
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/README.xml Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/README.xml
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/README.xml	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/README.xml	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,36 @@
>+<?xml version="1.0" encoding='UTF-8'?>
>+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
>+"http://www.docbook.org/xml/4.3/docbookx.dtd"
>+[
>+
>+]>
>+
>+<article>
>+
>+  <articleinfo>
>+
>+    <title>
>+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
>+      href="pam_mkpolydir.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mkpolydir-name"]/*)'/>
>+    </title>
>+
>+  </articleinfo>
>+
>+  <section>
>+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
>+      href="pam_mkpolydir.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mkpolydir-description"]/*)'/>
>+  </section>
>+
>+  <section>
>+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
>+      href="pam_mkpolydir.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mkpolydir-examples"]/*)'/>
>+  </section>
>+
>+  <section>
>+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
>+      href="pam_mkpolydir.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mkpolydir-author"]/*)'/>
>+  </section>
>+
>+</article>
>diff -ruN Linux-PAM-0.99.10.0/modules/pam_mkpolydir/tst-pam_mkpolydir Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/tst-pam_mkpolydir
>--- Linux-PAM-0.99.10.0/modules/pam_mkpolydir/tst-pam_mkpolydir	1969-12-31 18:00:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/pam_mkpolydir/tst-pam_mkpolydir	2007-10-29 14:54:14.000000000 -0600
>@@ -0,0 +1,2 @@
>+#!/bin/sh
>+../../tests/tst-dlopen .libs/pam_mkpolydir.so
>--- Linux-PAM-0.99.10.0/modules/Makefile.am	2007-11-08 12:44:00.000000000 -0600
>+++ Linux-PAM-0.99.10.0.new/modules/Makefile.am	2007-11-08 12:44:58.000000000 -0600
>@@ -11,7 +11,7 @@
>	pam_securetty pam_selinux pam_sepermit pam_shells pam_stress \
>	pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \
>	pam_unix pam_userdb pam_warn pam_wheel pam_xauth pam_exec \
>-	pam_namespace pam_loginuid pam_faildelay
>+	pam_namespace pam_loginuid pam_faildelay pam_mkpolydir
> 
> CLEANFILES = *~
> 
>--- Linux-PAM-0.99.10.0/modules/Makefile.in	2007-07-10 04:40:52.000000000 -0500
>+++ Linux-PAM-0.99.10.0.new/modules/Makefile.in	2007-11-08 12:45:23.000000000 -0600
>@@ -230,7 +230,7 @@
>	pam_securetty pam_selinux pam_sepermit pam_shells pam_stress \
>	pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \
>	pam_unix pam_userdb pam_warn pam_wheel pam_xauth pam_exec \
>-	pam_namespace pam_loginuid pam_faildelay
>+	pam_namespace pam_loginuid pam_faildelay pam_mkpolydir
> 
> CLEANFILES = *~
> EXTRA_DIST = modules.map

Actions: View | Diff

Attachments on bug 437116: 297774