Minor fixes

* configure.ac: Don't build static libraries.
* examples/ldappubkey: Optionally authenticate via PAM`

5 files changed, 25 insertions, 4 deletions

diff --git a/configure.ac b/configure.ac
index 82fbc8a..584aa4f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,12 +32,13 @@ AC_SUBST(VI_REVISION,0)
 AC_SUBST(VI_AGE,0)
 
 dnl Checks for programs.
 AC_PROG_CC
 AC_PROG_INSTALL
 
+AM_DISABLE_STATIC
 LT_PREREQ(2.2.5a)
 LT_INIT
 
 dnl Checks for libraries.
 AC_CHECK_LIB(pam, pam_get_item,:,
 		  [AC_MSG_ERROR([Required library libpam is not found])])
diff --git a/examples/ldappubkey b/examples/ldappubkey
index 5bf2828..3a47b18 100755
--- a/examples/ldappubkey
+++ b/examples/ldappubkey
@@ -124,13 +124,22 @@ Full hostname of the machine.
     
 =back
 
 Default value is:
 
     (&(objectClass=posixAccount)($uid=$arg))
-    
+
+=item B<PublicKeyPAMService> I<NAME>
+
+If this setting is present, B<ldappubkey> will first try to authenticate
+using LDAP service I<NAME> and the user name supplied in the command line.
+It will exit immediately if the authentication fails.
+
+This can be used to enforce additional restrictions on who is allowed to
+log in remotely on the server.
+
 =back
 
 =head1 OPTIONS
 
 =over 4
 
@@ -276,12 +285,23 @@ my @attrs = split /\s+/, $config{'publickeyattribute'};
 my $filter = $config{'publickeyfilter'};
 my $uid = "$config{'uid'}";
 my $arg = $ARGV[0];
 my $hostname = get_fqdn_hostname();
 $filter =~ s/(?<!\\)(\$(?:uid|arg|hostname))/$1/eeg;
 
+if (my $service = $config{publickeypamservice}) {
+    use Authen::PAM qw(:constants);
+    my $pamh;
+    ref($pamh = new Authen::PAM($service, $arg)) ||
+	die "Error code $pamh during PAM init!";
+    my $res = $pamh->pam_authenticate;
+    if ($res != PAM_SUCCESS) {
+	die "pam_authenticate: ". $pamh->pam_strerror($res) . "\n";
+    }
+}
+
 my $res = assert($ldap->search(base => $config{'base'},
 			       filter => $filter,
 			       attrs => \@attrs ),
 		 "searching for $filter in $config{'base'}");
 
 foreach my $entry ($res->entries()) {
diff --git a/pam_innetgr/pam_innetgr.c b/pam_innetgr/pam_innetgr.c
index 2b9dc58..a926737 100644
--- a/pam_innetgr/pam_innetgr.c
+++ b/pam_innetgr/pam_innetgr.c
@@ -59,13 +59,13 @@ struct pam_opt pam_opt[] = {
 #endif
 #ifndef SIZE_T_MAX
 # define SIZE_T_MAX ((size_t)-1)
 #endif
 
 int
-xgetname (int (*getfn)(char *, size_t), char **storage)
+xgetname(int (*getfn)(char *, size_t), char **storage)
 {
 	char *buffer = NULL;
 	size_t size = 0;
 	char *p;
 
 	while (1) {
diff --git a/pam_umotd/pam_umotd.c b/pam_umotd/pam_umotd.c
index b14ffab..2fea67c 100644
--- a/pam_umotd/pam_umotd.c
+++ b/pam_umotd/pam_umotd.c
@@ -102,13 +102,13 @@ get_la(double *ret)
 	
 
 static int
 read_fd(pam_handle_t *pamh, const char *file, int fd)
 {
 	char buf[1024], *p;
-	ssize_t rd;
+	ssize_t rd = 0;
 	size_t total = 0;
 	size_t level = 0;
 	
 	while (total < max_output_size) {
 		size_t rdsize = sizeof(buf) - level - 1;
 
diff --git a/pamck/conv.c b/pamck/conv.c
index 692aca0..440f6cb 100644
--- a/pamck/conv.c
+++ b/pamck/conv.c
@@ -117,13 +117,13 @@ pamck_conv(int num_msg, const struct pam_message **msg,
 		return PAM_CONV_ERR;
 
 	reply = calloc(num_msg, sizeof(struct pam_response));
 	if (!reply)
 		return PAM_CONV_ERR;
 	for (i = 0; i < num_msg; i++) {
-		char *str;
+		char *str = NULL;
 		
 		switch (msg[i]->msg_style) {
 		case PAM_PROMPT_ECHO_OFF:
 			if (pass)
 				str = strdup(pass);
 			else