Minor fixes

* configure.ac: Don't build static libraries.
* examples/ldappubkey: Optionally authenticate via PAM`

5 files changed, 23 insertions, 2 deletions

diff --git a/configure.ac b/configure.ac
index 82fbc8a..584aa4f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,6 +35,7 @@ dnl Checks for programs.
 AC_PROG_CC
 AC_PROG_INSTALL
 
+AM_DISABLE_STATIC
 LT_PREREQ(2.2.5a)
 LT_INIT
 
diff --git a/examples/ldappubkey b/examples/ldappubkey
index 5bf2828..3a47b18 100755
--- a/examples/ldappubkey
+++ b/examples/ldappubkey
@@ -128,6 +128,15 @@ Default value is:
 
     (&(objectClass=posixAccount)($uid=$arg))
 
+=item B<PublicKeyPAMService> I<NAME>
+
+If this setting is present, B<ldappubkey> will first try to authenticate
+using LDAP service I<NAME> and the user name supplied in the command line.
+It will exit immediately if the authentication fails.
+
+This can be used to enforce additional restrictions on who is allowed to
+log in remotely on the server.
+
 =back
 
 =head1 OPTIONS
@@ -279,6 +288,17 @@ my $arg = $ARGV[0];
 my $hostname = get_fqdn_hostname();
 $filter =~ s/(?<!\\)(\$(?:uid|arg|hostname))/$1/eeg;
 
+if (my $service = $config{publickeypamservice}) {
+    use Authen::PAM qw(:constants);
+    my $pamh;
+    ref($pamh = new Authen::PAM($service, $arg)) ||
+	die "Error code $pamh during PAM init!";
+    my $res = $pamh->pam_authenticate;
+    if ($res != PAM_SUCCESS) {
+	die "pam_authenticate: ". $pamh->pam_strerror($res) . "\n";
+    }
+}
+
 my $res = assert($ldap->search(base => $config{'base'},
 			       filter => $filter,
 			       attrs => \@attrs ),
diff --git a/pam_innetgr/pam_innetgr.c b/pam_innetgr/pam_innetgr.c
index 2b9dc58..a926737 100644
--- a/pam_innetgr/pam_innetgr.c
+++ b/pam_innetgr/pam_innetgr.c
diff --git a/pam_umotd/pam_umotd.c b/pam_umotd/pam_umotd.c
index b14ffab..2fea67c 100644
--- a/pam_umotd/pam_umotd.c
+++ b/pam_umotd/pam_umotd.c
@@ -105,7 +105,7 @@ static int
 read_fd(pam_handle_t *pamh, const char *file, int fd)
 {
 	char buf[1024], *p;
-	ssize_t rd;
+	ssize_t rd = 0;
 	size_t total = 0;
 	size_t level = 0;
 	
diff --git a/pamck/conv.c b/pamck/conv.c
index 692aca0..440f6cb 100644
--- a/pamck/conv.c
+++ b/pamck/conv.c
@@ -120,7 +120,7 @@ pamck_conv(int num_msg, const struct pam_message **msg,
 	if (!reply)
 		return PAM_CONV_ERR;
 	for (i = 0; i < num_msg; i++) {
-		char *str;
+		char *str = NULL;
 		
 		switch (msg[i]->msg_style) {
 		case PAM_PROMPT_ECHO_OFF: