--- /dev/null
+libpam-itkacl (0.4) unstable; urgency=low
+
+ * Move to shared libitkacl (and add a Build-Dependency).
+ * Move to a native package for now.
+ * Move the install target to the "upstream" Makefile.
+ * Fix missing #include <syslog.h>.
+
+ -- Steinar H. Gunderson <sesse@samfundet.no> Tue, 14 May 2013 23:09:01 +0200
+
+libpam-itkacl (0.3-1) unstable; urgency=low
+
+ * Move to new ITKACL client library.
+ * Remove build-dependency on libpq-dev.
+
+ -- Steinar H. Gunderson <sesse@debian.org> Wed, 25 Feb 2009 23:14:01 +0100
+
+libpam-itkacl (0.2-1.1) unstable; urgency=low
+
+ * Build against libpq-dev and depend on libpq5 for Lenny
+
+ -- Berge Schwebs Bjorlo <berge@samfundet.no> Wed, 18 Jun 2008 22:56:31 +0200
+
+libpam-itkacl (0.2-1) unstable; urgency=low
+
+ * Allow root to log in no matter what.
+
+ -- Martin Sandsmark <sandsmark@samfundet.no> Thu, 17 Apr 2008 20:38:42 +0200
+
+libpam-itkacl (0.1-2) unstable; urgency=low
+
+ * Actually link to -lpq.
+
+ -- Steinar H. Gunderson <itk@samfundet.no> Sat, 22 Oct 2005 18:20:36 +0200
+
+libpam-itkacl (0.1-1) unstable; urgency=low
+
+ * Initial release.
+
+ -- Steinar H. Gunderson <itk@samfundet.no> Thu, 20 Oct 2005 19:37:21 +0200
+
--- /dev/null
+
+#define PAM_SM_ACCOUNT
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <string.h>
+#include <syslog.h>
+#include <security/pam_modules.h>
+
+#include "itkacl.h"
+
+/* --- authentication management functions --- */
+
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags,
+ int argc, const char **argv)
+{
+ return PAM_AUTH_ERR;
+}
+
+PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags, int argc,
+ const char **argv)
+{
+
+ return PAM_CRED_UNAVAIL;
+}
+
+/* --- account management functions --- */
+
+PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc,
+ const char **argv)
+{
+ char realm[256], errmsg[256];
+ const char *username;
+ int ret;
+
+ openlog("pam_itkacl", 0, LOG_AUTHPRIV);
+
+ /* We want and need exactly one argument: realm='whatever' */
+ if (argc != 1) {
+ syslog(LOG_CRIT, "wrong number of arguments: expected 1, got %d", argc);
+ return PAM_SERVICE_ERR;
+ }
+ if (sscanf(argv[0], "realm='%[^']'", realm) != 1) {
+ syslog(LOG_CRIT, "realm in bad format: got %s, expected realm='/foo/bar'", argv[0]);
+ return PAM_SERVICE_ERR;
+ }
+
+ /* Get the user name from PAM */
+ ret = pam_get_item(pamh, PAM_USER, (const void **)&username);
+ if (ret != PAM_SUCCESS || username == NULL) {
+ syslog(LOG_CRIT, "Couldn't get username from PAM");
+ return PAM_USER_UNKNOWN;
+ }
+
+ /* Root should always be able to log in */
+ if (strcmp(username, "root") == 0)
+ return PAM_SUCCESS;
+
+ ret = itkacl_check(realm, username, errmsg, 256);
+ if (ret == -1) {
+ syslog(LOG_ERR, "itkacl_check() returned an error: %s", errmsg);
+ return PAM_SERVICE_ERR;
+ }
+
+ if (ret == 0) {
+ return PAM_SUCCESS;
+ } else {
+ return PAM_ACCT_EXPIRED;
+ }
+}
+
+/* --- password management --- */
+
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc,
+ const char **argv)
+{
+ return PAM_AUTHTOK_ERR;
+}
+
+/* --- session management --- */
+
+PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags,
+ int argc, const char **argv)
+{
+ return PAM_SYSTEM_ERR;
+}
+
+PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags,
+ int argc, const char **argv)
+{
+ return PAM_SYSTEM_ERR;
+}
+
+/* end of module definition */
+
+/* static module data */
+#ifdef PAM_STATIC
+struct pam_module _pam_itkacl_modstruct = {
+ "pam_itkacl",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ pam_sm_acct_mgmt,
+ pam_sm_open_session,
+ pam_sm_close_session,
+ pam_sm_chauthtok
+};
+#endif