1# simple make file for the pam_cap module 2 3topdir=$(shell pwd)/.. 4include ../Make.Rules 5 6# Always build pam_cap sources this way: 7CFLAGS += -fPIC 8 9all: pam_cap.so 10 $(MAKE) testlink 11 12install: all 13 mkdir -p -m 0755 $(FAKEROOT)$(LIBDIR)/security 14 install -m 0755 pam_cap.so $(FAKEROOT)$(LIBDIR)/security 15 16../libcap/loader.txt: 17 $(MAKE) -C ../libcap loader.txt 18 19execable.o: execable.c ../libcap/execable.h ../libcap/loader.txt 20 $(CC) $(CFLAGS) $(CPPFLAGS) -DLIBCAP_VERSION=\"libcap-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" -c execable.c -o $@ 21 22LIBCAP: 23 $(MAKE) -C ../libcap all 24 touch $@ 25 26pam_cap.so: pam_cap.o execable.o pam_cap_linkopts LIBCAP 27 cat pam_cap_linkopts | xargs -e $(LD) $(LDFLAGS) -o $@ pam_cap.o execable.o $(LIBCAPLIB) 28 29# Some distributions force link everything at compile time, and don't 30# take advantage of libpam's dlopen runtime options to resolve ill 31# defined symbols from its own linkage as needed. (As the original 32# author of that part of libpam, I consider this force linking 33# premature optimization.) We debugged its consequences to pam_cap.so 34# as part of: 35# 36# https://bugzilla.kernel.org/show_bug.cgi?id=214023 37# 38# If the current build environment is one of those, or we can't 39# reliably prove it isn't, extend the link options for pam_cap.so to 40# force linkage against libpam and the gazillion other things libpam 41# is linked against... 42# 43# If you want to force this behavior one way or the other, use the 44# make FORCELINKPAM=yes or FORCELINKPAM=no override. 45ifeq ($(FORCELINKPAM),yes) 46pam_cap_linkopts: Makefile 47 echo "-Wl,-e,__so_start -lpam" > $@ 48else 49ifeq ($(FORCELINKPAM),no) 50pam_cap_linkopts: Makefile 51 echo "-Wl,-e,__so_start" > $@ 52else 53pam_cap_linkopts: lazylink.so 54 echo "-Wl,-e,__so_start" > $@ 55 ./lazylink.so || echo "-lpam" >> $@ 56 57lazylink.so: lazylink.c ../libcap/execable.h ../libcap/loader.txt 58 $(LD) -o $@ $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) lazylink.c -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" -Wl,-e,__so_start 59endif 60endif 61 62../libcap/libcap.a: 63 $(MAKE) -C ../libcap libcap.a 64 65# Avoid $(LDFLAGS) here to avoid conflicts with --static for a in-tree 66# test binary. 67test_pam_cap: test_pam_cap.c pam_cap.c ../libcap/libcap.a 68 $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ test_pam_cap.c $(LIBCAPLIB) --static 69 70testlink: test.o pam_cap.o 71 $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $+ -lpam -ldl $(LIBCAPLIB) 72 73incapable.conf: 74 echo "^cap_setuid alpha" > $@ && chmod o+w $@ 75 76test: testlink test_pam_cap pam_cap.so incapable.conf 77 ./test_pam_cap 78 LD_LIBRARY_PATH=../libcap ./pam_cap.so 79 LD_LIBRARY_PATH=../libcap ./pam_cap.so --help 80 @echo "module can be run as an executable!" 81 82sudotest: test_pam_cap incapable.conf 83 $(SUDO) ./test_pam_cap root 0x0 0x0 0x0 config=./capability.conf 84 $(SUDO) ./test_pam_cap root 0x0 0x0 0x0 config=./sudotest.conf 85 $(SUDO) ./test_pam_cap alpha 0x0 0x0 0x0 config=./capability.conf 86 $(SUDO) ./test_pam_cap alpha 0x0 0x1 0x80 config=./sudotest.conf 87 $(SUDO) ./test_pam_cap beta 0x0 0x1 0x0 config=./sudotest.conf 88 $(SUDO) ./test_pam_cap gamma 0x0 0x0 0x81 config=./sudotest.conf 89 $(SUDO) ./test_pam_cap delta 0x41 0x80 0x41 config=./sudotest.conf 90 91clean: 92 rm -f *.o *.so testlink lazylink.so test_pam_cap pam_cap_linkopts *~ 93 rm -f LIBCAP incapable.conf 94