18 files changed, 4340 insertions, 0 deletions
diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am
new file mode 100644
index 0000000..d290b85
--- /dev/null
+++ b/modules/pam_timestamp/Makefile.am
@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2005, 2009 Thorsten Kukuk <kukuk@suse.de>
+# Copyright (c) 2005, 2008 Red Hat, Inc.
+#
+
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+
+EXTRA_DIST = $(XMLS)
+
+if HAVE_DOC
+dist_man_MANS = pam_timestamp.8 pam_timestamp_check.8
+endif
+XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml
+dist_check_SCRIPTS = tst-pam_timestamp
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+noinst_HEADERS = hmacsha1.h sha1.h hmac_openssl_wrapper.h
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
+pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS) $(CRYPTO_LIBS)
+pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la
+if HAVE_VERSIONING
+  pam_timestamp_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_timestamp.la
+sbin_PROGRAMS = pam_timestamp_check
+
+pam_timestamp_la_SOURCES = pam_timestamp.c
+if COND_USE_OPENSSL
+pam_timestamp_la_SOURCES += hmac_openssl_wrapper.c
+else
+pam_timestamp_la_SOURCES += hmacsha1.c sha1.c
+endif
+pam_timestamp_la_CFLAGS = $(AM_CFLAGS)
+
+pam_timestamp_check_SOURCES = pam_timestamp_check.c
+pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
+pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la
+pam_timestamp_check_LDFLAGS = @EXE_LDFLAGS@
+
+if COND_USE_OPENSSL
+hmacfile_SOURCES = hmac_openssl_wrapper.c
+else
+hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
+endif
+hmacfile_LDADD = $(top_builddir)/libpam/libpam.la
+
+check_PROGRAMS = hmacfile
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_timestamp/Makefile.in b/modules/pam_timestamp/Makefile.in
new file mode 100644
index 0000000..440020b
--- /dev/null
+++ b/modules/pam_timestamp/Makefile.in
@@ -0,0 +1,1349 @@
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2009 Thorsten Kukuk <kukuk@suse.de>
+# Copyright (c) 2005, 2008 Red Hat, Inc.
+#
+
+
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+sbin_PROGRAMS = pam_timestamp_check$(EXEEXT)
+@COND_USE_OPENSSL_TRUE@am__append_2 = hmac_openssl_wrapper.c
+@COND_USE_OPENSSL_FALSE@am__append_3 = hmacsha1.c sha1.c
+check_PROGRAMS = hmacfile$(EXEEXT)
+subdir = modules/pam_timestamp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
+	$(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+	"$(DESTDIR)$(man8dir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_timestamp_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+am__pam_timestamp_la_SOURCES_DIST = pam_timestamp.c \
+	hmac_openssl_wrapper.c hmacsha1.c sha1.c
+@COND_USE_OPENSSL_TRUE@am__objects_1 = pam_timestamp_la-hmac_openssl_wrapper.lo
+@COND_USE_OPENSSL_FALSE@am__objects_2 = pam_timestamp_la-hmacsha1.lo \
+@COND_USE_OPENSSL_FALSE@	pam_timestamp_la-sha1.lo
+am_pam_timestamp_la_OBJECTS = pam_timestamp_la-pam_timestamp.lo \
+	$(am__objects_1) $(am__objects_2)
+pam_timestamp_la_OBJECTS = $(am_pam_timestamp_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+pam_timestamp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(pam_timestamp_la_CFLAGS) $(CFLAGS) \
+	$(pam_timestamp_la_LDFLAGS) $(LDFLAGS) -o $@
+am__hmacfile_SOURCES_DIST = hmacfile.c hmacsha1.c sha1.c \
+	hmac_openssl_wrapper.c
+@COND_USE_OPENSSL_FALSE@am_hmacfile_OBJECTS = hmacfile.$(OBJEXT) \
+@COND_USE_OPENSSL_FALSE@	hmacsha1.$(OBJEXT) sha1.$(OBJEXT)
+@COND_USE_OPENSSL_TRUE@am_hmacfile_OBJECTS =  \
+@COND_USE_OPENSSL_TRUE@	hmac_openssl_wrapper.$(OBJEXT)
+hmacfile_OBJECTS = $(am_hmacfile_OBJECTS)
+hmacfile_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+am_pam_timestamp_check_OBJECTS =  \
+	pam_timestamp_check-pam_timestamp_check.$(OBJEXT)
+pam_timestamp_check_OBJECTS = $(am_pam_timestamp_check_OBJECTS)
+pam_timestamp_check_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+pam_timestamp_check_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(pam_timestamp_check_CFLAGS) $(CFLAGS) \
+	$(pam_timestamp_check_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/hmac_openssl_wrapper.Po \
+	./$(DEPDIR)/hmacfile.Po ./$(DEPDIR)/hmacsha1.Po \
+	./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po \
+	./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo \
+	./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo \
+	./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo \
+	./$(DEPDIR)/pam_timestamp_la-sha1.Plo ./$(DEPDIR)/sha1.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \
+	$(pam_timestamp_check_SOURCES)
+DIST_SOURCES = $(am__pam_timestamp_la_SOURCES_DIST) \
+	$(am__hmacfile_SOURCES_DIST) $(pam_timestamp_check_SOURCES)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
+HEADERS = $(noinst_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red='[0;31m'; \
+    grn='[0;32m'; \
+    lgn='[1;32m'; \
+    blu='[1;34m'; \
+    mgn='[0;35m'; \
+    brg='[1m'; \
+    std='[m'; \
+  fi; \
+}
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+BUILD_CFLAGS = @BUILD_CFLAGS@
+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
+BUILD_LDFLAGS = @BUILD_LDFLAGS@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
+FGREP = @FGREP@
+FO2PDF = @FO2PDF@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NIS_CFLAGS = @NIS_CFLAGS@
+NIS_LIBS = @NIS_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSL_CFLAGS = @NSL_CFLAGS@
+NSL_LIBS = @NSL_LIBS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
+STRIP = @STRIP@
+TIRPC_CFLAGS = @TIRPC_CFLAGS@
+TIRPC_LIBS = @TIRPC_LIBS@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_timestamp.8 pam_timestamp_check.8
+XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml
+dist_check_SCRIPTS = tst-pam_timestamp
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+noinst_HEADERS = hmacsha1.h sha1.h hmac_openssl_wrapper.h
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
+pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module \
+	$(AM_LDFLAGS) $(CRYPTO_LIBS) $(am__append_1)
+pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la
+securelib_LTLIBRARIES = pam_timestamp.la
+pam_timestamp_la_SOURCES = pam_timestamp.c $(am__append_2) \
+	$(am__append_3)
+pam_timestamp_la_CFLAGS = $(AM_CFLAGS)
+pam_timestamp_check_SOURCES = pam_timestamp_check.c
+pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
+pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la
+pam_timestamp_check_LDFLAGS = @EXE_LDFLAGS@
+@COND_USE_OPENSSL_FALSE@hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
+@COND_USE_OPENSSL_TRUE@hmacfile_SOURCES = hmac_openssl_wrapper.c
+hmacfile_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_timestamp/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu modules/pam_timestamp/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+	fi; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p \
+	 || test -f $$p1 \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	@list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_timestamp.la: $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_DEPENDENCIES) $(EXTRA_pam_timestamp_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(pam_timestamp_la_LINK) -rpath $(securelibdir) $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_LIBADD) $(LIBS)
+
+hmacfile$(EXEEXT): $(hmacfile_OBJECTS) $(hmacfile_DEPENDENCIES) $(EXTRA_hmacfile_DEPENDENCIES) 
+	@rm -f hmacfile$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(hmacfile_OBJECTS) $(hmacfile_LDADD) $(LIBS)
+
+pam_timestamp_check$(EXEEXT): $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_DEPENDENCIES) $(EXTRA_pam_timestamp_check_DEPENDENCIES) 
+	@rm -f pam_timestamp_check$(EXEEXT)
+	$(AM_V_CCLD)$(pam_timestamp_check_LINK) $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac_openssl_wrapper.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacfile.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacsha1.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-sha1.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+pam_timestamp_la-pam_timestamp.lo: pam_timestamp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-pam_timestamp.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo $(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pam_timestamp.c' object='pam_timestamp_la-pam_timestamp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c
+
+pam_timestamp_la-hmac_openssl_wrapper.lo: hmac_openssl_wrapper.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmac_openssl_wrapper.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Tpo -c -o pam_timestamp_la-hmac_openssl_wrapper.lo `test -f 'hmac_openssl_wrapper.c' || echo '$(srcdir)/'`hmac_openssl_wrapper.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Tpo $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hmac_openssl_wrapper.c' object='pam_timestamp_la-hmac_openssl_wrapper.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-hmac_openssl_wrapper.lo `test -f 'hmac_openssl_wrapper.c' || echo '$(srcdir)/'`hmac_openssl_wrapper.c
+
+pam_timestamp_la-hmacsha1.lo: hmacsha1.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmacsha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo $(DEPDIR)/pam_timestamp_la-hmacsha1.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hmacsha1.c' object='pam_timestamp_la-hmacsha1.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c
+
+pam_timestamp_la-sha1.lo: sha1.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-sha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-sha1.Tpo -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-sha1.Tpo $(DEPDIR)/pam_timestamp_la-sha1.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sha1.c' object='pam_timestamp_la-sha1.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c
+
+pam_timestamp_check-pam_timestamp_check.o: pam_timestamp_check.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.o -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c
+
+pam_timestamp_check-pam_timestamp_check.obj: pam_timestamp_check.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.obj -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-man8: $(dist_man_MANS)
+	@$(NORMAL_INSTALL)
+	@list1=''; \
+	list2='$(dist_man_MANS)'; \
+	test -n "$(man8dir)" \
+	  && test -n "`echo $$list1$$list2`" \
+	  || exit 0; \
+	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+	$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+	{ for i in $$list1; do echo "$$i"; done;  \
+	if test -n "$$list2"; then \
+	  for i in $$list2; do echo "$$i"; done \
+	    | sed -n '/\.8[a-z]*$$/p'; \
+	fi; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+tst-pam_timestamp.log: tst-pam_timestamp
+	@p='tst-pam_timestamp'; \
+	b='tst-pam_timestamp'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+hmacfile.log: hmacfile$(EXEEXT)
+	@p='hmacfile$(EXEEXT)'; \
+	b='hmacfile'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ./$(DEPDIR)/hmac_openssl_wrapper.Po
+	-rm -f ./$(DEPDIR)/hmacfile.Po
+	-rm -f ./$(DEPDIR)/hmacsha1.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-sha1.Plo
+	-rm -f ./$(DEPDIR)/sha1.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ./$(DEPDIR)/hmac_openssl_wrapper.Po
+	-rm -f ./$(DEPDIR)/hmacfile.Po
+	-rm -f ./$(DEPDIR)/hmacsha1.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-sha1.Plo
+	-rm -f ./$(DEPDIR)/sha1.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-sbinPROGRAMS \
+	uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-sbinPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \
+	ctags ctags-am distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
+	install-securelibLTLIBRARIES install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am uninstall-man \
+	uninstall-man8 uninstall-sbinPROGRAMS \
+	uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_timestamp/README b/modules/pam_timestamp/README
new file mode 100644
index 0000000..e1ed508
--- /dev/null
+++ b/modules/pam_timestamp/README
@@ -0,0 +1,56 @@
+pam_timestamp — Authenticate using cached successful authentication attempts
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+In a nutshell, pam_timestamp caches successful authentication attempts, and
+allows you to use a recent successful attempt as the basis for authentication.
+This is similar mechanism which is used in sudo.
+
+When an application opens a session using pam_timestamp, a timestamp file is
+created in the timestampdir directory for the user. When an application
+attempts to authenticate the user, a pam_timestamp will treat a sufficiently
+recent timestamp file as grounds for succeeding.
+
+The default encryption hash is taken from the HMAC_CRYPTO_ALGO variable from /
+etc/login.defs.
+
+OPTIONS
+
+timestampdir=directory
+
+    Specify an alternate directory where pam_timestamp creates timestamp files.
+
+timestamp_timeout=number
+
+    How long should pam_timestamp treat timestamp as valid after their last
+    modification date (in seconds). Default is 300 seconds.
+
+verbose
+
+    Attempt to inform the user when access is granted.
+
+debug
+
+    Turns on debugging messages sent to syslog(3).
+
+NOTES
+
+Users can get confused when they are not always asked for passwords when
+running a given program. Some users reflexively begin typing information before
+noticing that it is not being asked for.
+
+EXAMPLES
+
+auth sufficient pam_timestamp.so verbose
+auth required   pam_unix.so
+
+session required pam_unix.so
+session optional pam_timestamp.so
+
+
+AUTHOR
+
+pam_timestamp was written by Nalin Dahyabhai.
+
diff --git a/modules/pam_timestamp/README.xml b/modules/pam_timestamp/README.xml
new file mode 100644
index 0000000..5b72deb
--- /dev/null
+++ b/modules/pam_timestamp/README.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_timestamp.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_timestamp.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_timestamp-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_timestamp.8.xml" xpointer='xpointer(//refsect1[@id = "pam_timestamp-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_timestamp.8.xml" xpointer='xpointer(//refsect1[@id = "pam_timestamp-options"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_timestamp.8.xml" xpointer='xpointer(//refsect1[@id = "pam_timestamp-notes"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_timestamp.8.xml" xpointer='xpointer(//refsect1[@id = "pam_timestamp-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_timestamp.8.xml" xpointer='xpointer(//refsect1[@id = "pam_timestamp-author"]/*)'/>
+  </section>
+
+</article>
diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c
new file mode 100644
index 0000000..926c2fb
--- /dev/null
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.c
@@ -0,0 +1,381 @@
+/* Wrapper for hmac openssl implementation.
+ *
+ * Copyright (c) 2021 Red Hat, Inc.
+ * Written by Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+
+#ifdef WITH_OPENSSL
+
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/evp.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+
+#include <security/pam_ext.h>
+#include <security/pam_modutil.h>
+
+#include "hmac_openssl_wrapper.h"
+
+#define LOGIN_DEFS          "/etc/login.defs"
+#define CRYPTO_KEY          "HMAC_CRYPTO_ALGO"
+#define DEFAULT_ALGORITHM   "SHA512"
+#define MAX_HMAC_LENGTH     512
+#define MAX_KEY_LENGTH      EVP_MAX_KEY_LENGTH
+
+static char *
+get_crypto_algorithm(pam_handle_t *pamh, int debug){
+    char *config_value = NULL;
+
+    config_value = pam_modutil_search_key(pamh, LOGIN_DEFS, CRYPTO_KEY);
+
+    if (config_value == NULL) {
+        config_value = strdup(DEFAULT_ALGORITHM);
+        if (debug) {
+            pam_syslog(pamh, LOG_DEBUG,
+                   "Key [%s] not found, falling back to default algorithm [%s]\n",
+                   CRYPTO_KEY, DEFAULT_ALGORITHM);
+        }
+    }
+
+    return config_value;
+}
+
+static int
+generate_key(pam_handle_t *pamh, char **key, size_t key_size)
+{
+    int fd = 0;
+    size_t bytes_read = 0;
+    char * tmp = NULL;
+
+    fd = open("/dev/urandom", O_RDONLY);
+    if (fd == -1) {
+        pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m");
+        return PAM_AUTH_ERR;
+    }
+
+    tmp = malloc(key_size);
+    if (!tmp) {
+        pam_syslog(pamh, LOG_CRIT, "Not enough memory");
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    bytes_read = pam_modutil_read(fd, tmp, key_size);
+    close(fd);
+
+    if (bytes_read < key_size) {
+        pam_syslog(pamh, LOG_ERR, "Short read on random device");
+        free(tmp);
+        return PAM_AUTH_ERR;
+    }
+
+    *key = tmp;
+
+    return PAM_SUCCESS;
+}
+
+static int
+read_file(pam_handle_t *pamh, int fd, char **text, size_t *text_length)
+{
+    struct stat st;
+    size_t bytes_read = 0;
+    char *tmp = NULL;
+
+    if (fstat(fd, &st) == -1) {
+        pam_syslog(pamh, LOG_ERR, "Unable to stat file: %m");
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    if (st.st_size == 0) {
+        pam_syslog(pamh, LOG_ERR, "Key file size cannot be 0");
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    tmp = malloc(st.st_size);
+    if (!tmp) {
+        pam_syslog(pamh, LOG_CRIT, "Not enough memory");
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    bytes_read = pam_modutil_read(fd, tmp, st.st_size);
+    close(fd);
+
+    if (bytes_read < (size_t)st.st_size) {
+        pam_syslog(pamh, LOG_ERR, "Short read on key file");
+        memset(tmp, 0, st.st_size);
+        free(tmp);
+        return PAM_AUTH_ERR;
+    }
+
+    *text = tmp;
+    *text_length = st.st_size;
+
+    return PAM_SUCCESS;
+}
+
+static int
+write_file(pam_handle_t *pamh, const char *file_name, char *text,
+           size_t text_length, uid_t owner, gid_t group)
+{
+    int fd = 0;
+    size_t bytes_written = 0;
+
+    fd = open(file_name,
+              O_WRONLY | O_CREAT | O_TRUNC,
+              S_IRUSR | S_IWUSR);
+    if (fd == -1) {
+        pam_syslog(pamh, LOG_ERR, "Unable to open [%s]: %m", file_name);
+        memset(text, 0, text_length);
+        free(text);
+        return PAM_AUTH_ERR;
+    }
+
+    if (fchown(fd, owner, group) == -1) {
+        pam_syslog(pamh, LOG_ERR, "Unable to change ownership [%s]: %m", file_name);
+        memset(text, 0, text_length);
+        free(text);
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    bytes_written = pam_modutil_write(fd, text, text_length);
+    close(fd);
+
+    if (bytes_written < text_length) {
+        pam_syslog(pamh, LOG_ERR, "Short write on %s", file_name);
+        free(text);
+        return PAM_AUTH_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
+static int
+key_management(pam_handle_t *pamh, const char *file_name, char **text,
+                size_t text_length, uid_t owner, gid_t group)
+{
+    int fd = 0;
+
+    fd = open(file_name, O_RDONLY | O_NOFOLLOW);
+    if (fd == -1) {
+        if (errno == ENOENT) {
+            if (generate_key(pamh, text, text_length)) {
+                pam_syslog(pamh, LOG_ERR, "Unable to generate key");
+                return PAM_AUTH_ERR;
+            }
+
+            if (write_file(pamh, file_name, *text, text_length, owner, group)) {
+                pam_syslog(pamh, LOG_ERR, "Unable to write key");
+                return PAM_AUTH_ERR;
+            }
+        } else {
+            pam_syslog(pamh, LOG_ERR, "Unable to open %s: %m", file_name);
+            return PAM_AUTH_ERR;
+        }
+    } else {
+        if (read_file(pamh, fd, text, &text_length)) {
+            pam_syslog(pamh, LOG_ERR, "Error reading key file %s\n", file_name);
+            return PAM_AUTH_ERR;
+        }
+    }
+
+    return PAM_SUCCESS;
+}
+
+static int
+hmac_management(pam_handle_t *pamh, int debug, void **out, size_t *out_length,
+                char *key, size_t key_length,
+                const void *text, size_t text_length)
+{
+    int ret = PAM_AUTH_ERR;
+    EVP_MAC *evp_mac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
+    unsigned char *hmac_message = NULL;
+    size_t hmac_length;
+    char *algo = NULL;
+    OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    algo = get_crypto_algorithm(pamh, debug);
+
+    subalg_param[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                                                       algo,
+                                                       0);
+
+    evp_mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    if (evp_mac == NULL) {
+        pam_syslog(pamh, LOG_ERR, "Unable to create hmac implementation");
+        goto done;
+    }
+
+    ctx = EVP_MAC_CTX_new(evp_mac);
+    if (ctx == NULL) {
+        pam_syslog(pamh, LOG_ERR, "Unable to create hmac context");
+        goto done;
+    }
+
+    ret = EVP_MAC_init(ctx, (const unsigned char *)key, key_length, subalg_param);
+    if (ret == 0) {
+        pam_syslog(pamh, LOG_ERR, "Unable to initialize hmac context");
+        goto done;
+    }
+
+    ret = EVP_MAC_update(ctx, (const unsigned char *)text, text_length);
+    if (ret == 0) {
+        pam_syslog(pamh, LOG_ERR, "Unable to update hmac context");
+        goto done;
+    }
+
+    hmac_message = (unsigned char*)malloc(sizeof(unsigned char) * MAX_HMAC_LENGTH);
+    if (!hmac_message) {
+        pam_syslog(pamh, LOG_CRIT, "Not enough memory");
+        goto done;
+    }
+
+    ret = EVP_MAC_final(ctx, hmac_message, &hmac_length, MAX_HMAC_LENGTH);
+    if (ret == 0) {
+        pam_syslog(pamh, LOG_ERR, "Unable to calculate hmac message");
+        goto done;
+    }
+
+    *out_length = hmac_length;
+    *out = malloc(*out_length);
+    if (*out == NULL) {
+        pam_syslog(pamh, LOG_CRIT, "Not enough memory");
+        goto done;
+    }
+
+    memcpy(*out, hmac_message, *out_length);
+    ret = PAM_SUCCESS;
+
+done:
+    if (hmac_message != NULL) {
+        free(hmac_message);
+    }
+    if (key != NULL) {
+        memset(key, 0, key_length);
+        free(key);
+    }
+    if (ctx != NULL) {
+        EVP_MAC_CTX_free(ctx);
+    }
+    if (evp_mac != NULL) {
+        EVP_MAC_free(evp_mac);
+    }
+    free(algo);
+
+    return ret;
+}
+
+int
+hmac_size(pam_handle_t *pamh, int debug, size_t *hmac_length)
+{
+    int ret = PAM_AUTH_ERR;
+    EVP_MAC *evp_mac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
+    const unsigned char key[] = "ThisIsJustAKey";
+    size_t key_length = MAX_KEY_LENGTH;
+    char *algo = NULL;
+    OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    algo = get_crypto_algorithm(pamh, debug);
+
+    subalg_param[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                                                       algo,
+                                                       0);
+
+    evp_mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    if (evp_mac == NULL) {
+        pam_syslog(pamh, LOG_ERR, "Unable to create hmac implementation");
+        goto done;
+    }
+
+    ctx = EVP_MAC_CTX_new(evp_mac);
+    if (ctx == NULL) {
+        pam_syslog(pamh, LOG_ERR, "Unable to create hmac context");
+        goto done;
+    }
+
+    ret = EVP_MAC_init(ctx, key, key_length, subalg_param);
+    if (ret == 0) {
+        pam_syslog(pamh, LOG_ERR, "Unable to initialize hmac context");
+        goto done;
+    }
+
+    *hmac_length = EVP_MAC_CTX_get_mac_size(ctx);
+    ret = PAM_SUCCESS;
+
+done:
+    if (ctx != NULL) {
+        EVP_MAC_CTX_free(ctx);
+    }
+    if (evp_mac != NULL) {
+        EVP_MAC_free(evp_mac);
+    }
+    free(algo);
+
+    return ret;
+}
+
+int
+hmac_generate(pam_handle_t *pamh, int debug, void **mac, size_t *mac_length,
+              const char *key_file, uid_t owner, gid_t group,
+              const void *text, size_t text_length)
+{
+    char *key = NULL;
+    size_t key_length = MAX_KEY_LENGTH;
+
+    if (key_management(pamh, key_file, &key, key_length, owner, group)) {
+        return PAM_AUTH_ERR;
+    }
+
+    if (hmac_management(pamh, debug, mac, mac_length, key, key_length,
+                        text, text_length)) {
+        return PAM_AUTH_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
+#endif /* WITH_OPENSSL */
diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.h b/modules/pam_timestamp/hmac_openssl_wrapper.h
new file mode 100644
index 0000000..cc27c81
--- /dev/null
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.h
@@ -0,0 +1,57 @@
+/* Wrapper for hmac openssl implementation.
+ *
+ * Copyright (c) 2021 Red Hat, Inc.
+ * Written by Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#ifndef PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H
+#define PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H
+
+#include "config.h"
+
+#ifdef WITH_OPENSSL
+
+#include <openssl/hmac.h>
+#include <security/pam_modules.h>
+
+int
+hmac_size(pam_handle_t *pamh, int debug, size_t *hmac_length);
+
+int
+hmac_generate(pam_handle_t *pamh, int debug, void **mac, size_t *mac_length,
+              const char *key_file, uid_t owner, gid_t group,
+              const void *text, size_t text_length);
+
+#endif /* WITH_OPENSSL */
+#endif /* PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H */
diff --git a/modules/pam_timestamp/hmacfile.c b/modules/pam_timestamp/hmacfile.c
new file mode 100644
index 0000000..371f814
--- /dev/null
+++ b/modules/pam_timestamp/hmacfile.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2003,2004 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "pam_inline.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include "hmacsha1.h"
+
+static void
+testvectors(void)
+{
+	void *hmac;
+	size_t hmac_len;
+	size_t i, j;
+	char hex[3];
+	struct vector {
+		const char *key;
+		int key_len;
+		const char *data;
+		int data_len;
+		const char *hmac;
+	} vectors[] = {
+		{
+		"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", 20,
+		"Hi There", 8,
+		"b617318655057264e28bc0b6fb378c8ef146be00",
+		},
+
+#ifdef HMAC_ALLOW_SHORT_KEYS
+		{
+		"Jefe", 4,
+		"what do ya want for nothing?", 28,
+		"effcdf6ae5eb2fa2d27416d5f184df9c259a7c79",
+		},
+#endif
+
+		{
+		"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", 20,
+		"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", 50,
+		"125d7342b9ac11cd91a39af48aa17b4f63f175d3",
+		},
+
+		{
+		"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 25,
+		"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
+		50,
+		"4c9007f4026250c6bc8414f9bf50c86c2d7235da",
+		},
+
+		{
+		"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c", 20,
+		"Test With Truncation", 20,
+		"4c1a03424b55e07fe7f27be1d58bb9324a9a5a04",
+		},
+
+		{
+		"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+		80,
+		"Test Using Larger Than Block-Size Key - Hash Key First", 54,
+		"aa4ae5e15272d00e95705637ce8a3b55ed402112",
+		},
+
+		{
+		"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+		80,
+		"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 73,
+		"e8e99d0f45237d786d6bbaa7965c7808bbff1a91",
+		},
+	};
+	for (i = 0; i < PAM_ARRAY_SIZE(vectors); i++) {
+		hmac = NULL;
+		hmac_len = 0;
+		hmac_sha1_generate(&hmac, &hmac_len,
+				   vectors[i].key, vectors[i].key_len,
+				   vectors[i].data, vectors[i].data_len);
+		if (hmac != NULL) {
+			unsigned char *hmacc = hmac;
+			for (j = 0; j < hmac_len; j++) {
+				snprintf(hex, sizeof(hex), "%02x",
+					 hmacc[j] & 0xff);
+				if (strncasecmp(hex,
+						vectors[i].hmac + 2 * j,
+						2) != 0) {
+					printf("Incorrect result for vector %lu\n",
+					       (unsigned long) i + 1);
+					exit(1);
+
+				}
+			}
+			free(hmac);
+		} else {
+			printf("Error in vector %lu.\n",
+			       (unsigned long) i + 1);
+			exit(1);
+		}
+	}
+}
+
+int
+main(int argc, char **argv)
+{
+	void *hmac;
+	size_t maclen;
+	const char *keyfile;
+	int i;
+	size_t j;
+
+	testvectors();
+
+	keyfile = argv[1];
+	for (i = 2; i < argc; i++) {
+		hmac_sha1_generate_file(NULL, &hmac, &maclen, keyfile, -1, -1,
+					argv[i], strlen(argv[i]));
+		if (hmac != NULL) {
+			unsigned char *hmacc = hmac;
+			for (j = 0; j < maclen; j++) {
+				printf("%02x", hmacc[j] & 0xff);
+			}
+			printf("  %s\n", argv[i]);
+			free(hmac);
+		}
+	}
+	return 0;
+}
diff --git a/modules/pam_timestamp/hmacsha1.c b/modules/pam_timestamp/hmacsha1.c
new file mode 100644
index 0000000..45a3cac
--- /dev/null
+++ b/modules/pam_timestamp/hmacsha1.c
@@ -0,0 +1,295 @@
+/* An implementation of HMAC using SHA-1.
+ *
+ * Copyright (c) 2003 Red Hat, Inc.
+ * Written by Nalin Dahyabhai <nalin@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/* See RFC 2104 for descriptions. */
+#include "config.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <security/pam_ext.h>
+#include "hmacsha1.h"
+#include "sha1.h"
+
+#define MINIMUM_KEY_SIZE SHA1_OUTPUT_SIZE
+#define MAXIMUM_KEY_SIZE SHA1_BLOCK_SIZE
+
+static void
+hmac_key_create(pam_handle_t *pamh, const char *filename, size_t key_size,
+		uid_t owner, gid_t group)
+{
+	int randfd, keyfd, i;
+	size_t count;
+	char *key;
+
+	/* Open the destination file. */
+	keyfd = open(filename,
+		     O_WRONLY | O_CREAT | O_EXCL | O_TRUNC,
+		     S_IRUSR | S_IWUSR);
+	if (keyfd == -1) {
+		pam_syslog(pamh, LOG_ERR, "Cannot create %s: %m", filename);
+		return;
+	}
+
+
+	 if (fchown(keyfd, owner, group) == -1) {
+		pam_syslog(pamh, LOG_ERR, "Cannot chown %s: %m", filename);
+		close(keyfd);
+		return;
+	}
+
+	/* Open the random device to get key data. */
+	randfd = open("/dev/urandom", O_RDONLY);
+	if (randfd == -1) {
+		pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m");
+		close(keyfd);
+		return;
+	}
+
+	/* Read random data for use as the key. */
+	key = malloc(key_size);
+	count = 0;
+	if (!key) {
+		close(keyfd);
+		close(randfd);
+		return;
+	}
+	while (count < key_size) {
+		i = read(randfd, key + count, key_size - count);
+		if ((i == 0) || (i == -1)) {
+			break;
+		}
+		count += i;
+	}
+
+	close(randfd);
+
+	/* If we didn't get enough, stop here. */
+	if (count < key_size) {
+		pam_syslog(pamh, LOG_ERR, "Short read on random device");
+		memset(key, 0, key_size);
+		free(key);
+		close(keyfd);
+		return;
+	}
+
+	/* Now write the key. */
+	count = 0;
+	while (count < key_size) {
+		i = write(keyfd, key + count, key_size - count);
+		if ((i == 0) || (i == -1)) {
+			break;
+		}
+		count += i;
+	}
+	memset(key, 0, key_size);
+	free(key);
+	close(keyfd);
+}
+
+static void
+hmac_key_read(pam_handle_t *pamh, const char *filename, size_t default_key_size,
+	      uid_t owner, gid_t group,
+	      void **key, size_t *key_size)
+{
+	char *tmp;
+	int keyfd, i, count;
+	struct stat st;
+
+	tmp = NULL;
+	*key = NULL;
+	*key_size = 0;
+
+	/* Try to open the key file. */
+	keyfd = open(filename, O_RDONLY);
+	if (keyfd == -1) {
+		/* No such thing? Create it. */
+		if (errno == ENOENT) {
+			hmac_key_create(pamh, filename, default_key_size,
+					owner, group);
+			keyfd = open(filename, O_RDONLY);
+		} else {
+			pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", filename);
+		}
+		if (keyfd == -1)
+			return;
+	}
+
+	/* If we failed to open the file, we're done. */
+	if (fstat(keyfd, &st) == -1) {
+		close(keyfd);
+		return;
+	}
+
+	/* Read the contents of the file. */
+	tmp = malloc(st.st_size);
+	if (!tmp) {
+		close(keyfd);
+		return;
+	}
+
+	count = 0;
+	while (count < st.st_size) {
+		i = read(keyfd, tmp + count, st.st_size - count);
+		if ((i == 0) || (i == -1)) {
+			break;
+		}
+		count += i;
+	}
+	close(keyfd);
+
+	/* Require that we got the expected amount of data. */
+	if (count < st.st_size) {
+		memset(tmp, 0, st.st_size);
+		free(tmp);
+		return;
+	}
+
+	/* Pass the key back. */
+	*key = tmp;
+	*key_size = st.st_size;
+}
+
+static void
+xor_block(unsigned char *p, unsigned char byte, size_t length)
+{
+	size_t i;
+	for (i = 0; i < length; i++) {
+		p[i] = p[i] ^ byte;
+	}
+}
+
+void
+hmac_sha1_generate(void **mac, size_t *mac_length,
+		   const void *raw_key, size_t raw_key_size,
+		   const void *text, size_t text_length)
+{
+	unsigned char key[MAXIMUM_KEY_SIZE], tmp_key[MAXIMUM_KEY_SIZE];
+	size_t maximum_key_size = SHA1_BLOCK_SIZE,
+	       minimum_key_size = SHA1_OUTPUT_SIZE;
+	const unsigned char ipad = 0x36, opad = 0x5c;
+	struct sha1_context sha1;
+	unsigned char inner[SHA1_OUTPUT_SIZE], outer[SHA1_OUTPUT_SIZE];
+
+	*mac = NULL;
+	*mac_length = 0;
+
+#ifndef HMAC_ALLOW_SHORT_KEYS
+	/* If the key is too short, don't bother. */
+	if (raw_key_size < minimum_key_size) {
+		return;
+	}
+#endif
+
+	/* If the key is too long, "compress" it, else copy it and pad it
+	 * out with zero bytes. */
+	memset(key, 0, sizeof(key));
+	if (raw_key_size > maximum_key_size) {
+		sha1_init(&sha1);
+		sha1_update(&sha1, raw_key, raw_key_size);
+		sha1_output(&sha1, key);
+	} else {
+		memmove(key, raw_key, raw_key_size);
+	}
+
+	/* Generate the inner sum. */
+	memcpy(tmp_key, key, sizeof(tmp_key));
+	xor_block(tmp_key, ipad, sizeof(tmp_key));
+
+	sha1_init(&sha1);
+	sha1_update(&sha1, tmp_key, sizeof(tmp_key));
+	sha1_update(&sha1, text, text_length);
+	sha1_output(&sha1, inner);
+
+	/* Generate the outer sum. */
+	memcpy(tmp_key, key, sizeof(tmp_key));
+	xor_block(tmp_key, opad, sizeof(tmp_key));
+
+	sha1_init(&sha1);
+	sha1_update(&sha1, tmp_key, sizeof(tmp_key));
+	sha1_update(&sha1, inner, sizeof(inner));
+	sha1_output(&sha1, outer);
+
+	/* We don't need any of the keys any more. */
+	memset(key, 0, sizeof(key));
+	memset(tmp_key, 0, sizeof(tmp_key));
+
+	/* Allocate space to store the output. */
+	*mac_length = sizeof(outer);
+	*mac = malloc(*mac_length);
+	if (*mac == NULL) {
+		*mac_length = 0;
+		return;
+	}
+
+	memcpy(*mac, outer, *mac_length);
+}
+
+void
+hmac_sha1_generate_file(pam_handle_t *pamh, void **mac, size_t *mac_length,
+			const char *keyfile, uid_t owner, gid_t group,
+			const void *text, size_t text_length)
+{
+	void *key;
+	size_t key_length;
+
+	hmac_key_read(pamh, keyfile,
+		      MAXIMUM_KEY_SIZE, owner, group,
+		      &key, &key_length);
+	if (key == NULL) {
+		*mac = NULL;
+		*mac_length = 0;
+		return;
+	}
+	hmac_sha1_generate(mac, mac_length,
+			   key, key_length,
+			   text, text_length);
+	memset(key, 0, key_length);
+	free(key);
+}
+
+size_t
+hmac_sha1_size(void)
+{
+	return SHA1_OUTPUT_SIZE;
+}
diff --git a/modules/pam_timestamp/hmacsha1.h b/modules/pam_timestamp/hmacsha1.h
new file mode 100644
index 0000000..200d1d0
--- /dev/null
+++ b/modules/pam_timestamp/hmacsha1.h
@@ -0,0 +1,15 @@
+#ifndef pam_timestamp_hmacfile_h
+#define pam_timestamp_hmacfile_h
+
+#include <sys/types.h>
+#include <security/pam_modules.h>
+
+size_t hmac_sha1_size(void);
+void hmac_sha1_generate(void **mac, size_t *mac_length,
+			const void *key, size_t key_length,
+			const void *text, size_t text_length);
+void hmac_sha1_generate_file(pam_handle_t *pamh, void **mac, size_t *mac_length,
+			     const char *keyfile, uid_t owner, gid_t group,
+			     const void *text, size_t text_length);
+
+#endif
diff --git a/modules/pam_timestamp/pam_timestamp.8 b/modules/pam_timestamp/pam_timestamp.8
new file mode 100644
index 0000000..cd8195d
--- /dev/null
+++ b/modules/pam_timestamp/pam_timestamp.8
@@ -0,0 +1,135 @@
+'\" t
+.\"     Title: pam_timestamp
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 09/03/2021
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PAM_TIMESTAMP" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_timestamp \- Authenticate using cached successful authentication attempts
+.SH "SYNOPSIS"
+.HP \w'\fBpam_timestamp\&.so\fR\ 'u
+\fBpam_timestamp\&.so\fR [timestampdir=\fIdirectory\fR] [timestamp_timeout=\fInumber\fR] [verbose] [debug]
+.SH "DESCRIPTION"
+.PP
+In a nutshell,
+\fIpam_timestamp\fR
+caches successful authentication attempts, and allows you to use a recent successful attempt as the basis for authentication\&. This is similar mechanism which is used in
+\fBsudo\fR\&.
+.PP
+When an application opens a session using
+\fIpam_timestamp\fR, a timestamp file is created in the
+\fItimestampdir\fR
+directory for the user\&. When an application attempts to authenticate the user, a
+\fIpam_timestamp\fR
+will treat a sufficiently recent timestamp file as grounds for succeeding\&.
+.PP
+The default encryption hash is taken from the
+\fBHMAC_CRYPTO_ALGO\fR
+variable from
+\fI/etc/login\&.defs\fR\&.
+.SH "OPTIONS"
+.PP
+\fBtimestampdir=\fR\fB\fIdirectory\fR\fR
+.RS 4
+Specify an alternate directory where
+\fIpam_timestamp\fR
+creates timestamp files\&.
+.RE
+.PP
+\fBtimestamp_timeout=\fR\fB\fInumber\fR\fR
+.RS 4
+How long should
+\fIpam_timestamp\fR
+treat timestamp as valid after their last modification date (in seconds)\&. Default is 300 seconds\&.
+.RE
+.PP
+\fBverbose\fR
+.RS 4
+Attempt to inform the user when access is granted\&.
+.RE
+.PP
+\fBdebug\fR
+.RS 4
+Turns on debugging messages sent to
+\fBsyslog\fR(3)\&.
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+The
+\fBauth\fR
+and
+\fBsession\fR
+module types are provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+The module was not able to retrieve the user name or no valid timestamp file was found\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Everything was successful\&.
+.RE
+.PP
+PAM_SESSION_ERR
+.RS 4
+Timestamp file could not be created or updated\&.
+.RE
+.SH "NOTES"
+.PP
+Users can get confused when they are not always asked for passwords when running a given program\&. Some users reflexively begin typing information before noticing that it is not being asked for\&.
+.SH "EXAMPLES"
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth sufficient pam_timestamp\&.so verbose
+auth required   pam_unix\&.so
+
+session required pam_unix\&.so
+session optional pam_timestamp\&.so
+    
+.fi
+.if n \{\
+.RE
+.\}
+.SH "FILES"
+.PP
+/var/run/pam_timestamp/\&.\&.\&.
+.RS 4
+timestamp files and directories
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpam_timestamp_check\fR(8),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_timestamp was written by Nalin Dahyabhai\&.
diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml
new file mode 100644
index 0000000..83e5aea
--- /dev/null
+++ b/modules/pam_timestamp/pam_timestamp.8.xml
@@ -0,0 +1,208 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_timestamp">
+
+  <refmeta>
+    <refentrytitle>pam_timestamp</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_timestamp-name">
+    <refname>pam_timestamp</refname>
+    <refpurpose>Authenticate using cached successful authentication attempts</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_timestamp-cmdsynopsis">
+      <command>pam_timestamp.so</command>
+      <arg choice="opt">
+        timestampdir=<replaceable>directory</replaceable>
+      </arg>
+      <arg choice="opt">
+        timestamp_timeout=<replaceable>number</replaceable>
+      </arg>
+      <arg choice="opt">
+        verbose
+      </arg>
+      <arg choice="opt">
+        debug
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_timestamp-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      In a nutshell, <emphasis>pam_timestamp</emphasis> caches successful
+authentication attempts, and allows you to use a recent successful attempt as
+the basis for authentication. This is similar mechanism which is used in
+<command>sudo</command>.
+    </para>
+    <para>
+      When an application opens a session using <emphasis>pam_timestamp</emphasis>,
+a timestamp file is created in the <emphasis>timestampdir</emphasis> directory
+for the user.  When an application attempts to authenticate the user, a
+<emphasis>pam_timestamp</emphasis> will treat a sufficiently recent timestamp
+file as grounds for succeeding.
+    </para>
+    <para condition="openssl_hmac">
+      The default encryption hash is taken from the
+      <emphasis remap='B'>HMAC_CRYPTO_ALGO</emphasis> variable from
+      <emphasis>/etc/login.defs</emphasis>.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_timestamp-options">
+
+    <title>OPTIONS</title>
+    <variablelist>
+      <varlistentry>
+         <term>
+            <option>timestampdir=<replaceable>directory</replaceable></option>
+         </term>
+         <listitem>
+            <para>
+               Specify an alternate directory where
+	       <emphasis>pam_timestamp</emphasis> creates timestamp files.
+            </para>
+         </listitem>
+      </varlistentry>
+      <varlistentry>
+         <term>
+            <option>timestamp_timeout=<replaceable>number</replaceable></option>
+         </term>
+         <listitem>
+            <para>
+               How long should <emphasis>pam_timestamp</emphasis>
+	       treat timestamp as valid after their
+               last modification date (in seconds). Default is 300 seconds.
+            </para>
+         </listitem>
+      </varlistentry>
+      <varlistentry>
+         <term>
+            <option>verbose</option>
+         </term>
+         <listitem>
+            <para>
+               Attempt to inform the user when access is granted.
+            </para>
+         </listitem>
+      </varlistentry>
+      <varlistentry>
+         <term>
+            <option>debug</option>
+         </term>
+         <listitem>
+            <para>
+               Turns on debugging messages sent to <citerefentry>
+	       <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+	       </citerefentry>.
+            </para>
+         </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_timestamp-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+      The <option>auth</option> and <option>session</option>
+      module types are provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-return_values'>
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+        <term>PAM_AUTH_ERR</term>
+        <listitem>
+          <para>
+            The module was not able to retrieve the user name or
+            no valid timestamp file was found.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SUCCESS</term>
+        <listitem>
+          <para>
+            Everything was successful.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SESSION_ERR</term>
+        <listitem>
+          <para>
+	    Timestamp file could not be created or updated.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-notes'>
+    <title>NOTES</title>
+    <para>
+      Users can get confused when they are not always asked for passwords when
+running a given program. Some users reflexively begin typing information before
+noticing that it is not being asked for.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-examples'>
+    <title>EXAMPLES</title>
+    <programlisting>
+auth sufficient pam_timestamp.so verbose
+auth required   pam_unix.so
+
+session required pam_unix.so
+session optional pam_timestamp.so
+    </programlisting>
+  </refsect1>
+
+  <refsect1 id="pam_timestamp-files">
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+        <term><filename>/var/run/pam_timestamp/...</filename></term>
+        <listitem>
+          <para>timestamp files and directories</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam_timestamp_check</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_timestamp was written by Nalin Dahyabhai.
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
new file mode 100644
index 0000000..01dd138
--- /dev/null
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -0,0 +1,873 @@
+/******************************************************************************
+ * A module for Linux-PAM that will cache authentication results, inspired by
+ * (and implemented with an eye toward being mixable with) sudo.
+ *
+ * Copyright (c) 2002 Red Hat, Inc.
+ * Written by Nalin Dahyabhai <nalin@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <pwd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <utmp.h>
+#include <syslog.h>
+#include <paths.h>
+#ifdef WITH_OPENSSL
+#include "hmac_openssl_wrapper.h"
+#else
+#include "hmacsha1.h"
+#endif /* WITH_OPENSSL */
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+#include <security/pam_modutil.h>
+#include "pam_inline.h"
+
+/* The default timeout we use is 5 minutes, which matches the sudo default
+ * for the timestamp_timeout parameter. */
+#define DEFAULT_TIMESTAMP_TIMEOUT (5 * 60)
+#define MODULE "pam_timestamp"
+#define TIMESTAMPDIR _PATH_VARRUN MODULE
+#define TIMESTAMPKEY TIMESTAMPDIR "/_pam_timestamp_key"
+
+/* Various buffers we use need to be at least as large as either PATH_MAX or
+ * LINE_MAX, so choose the larger of the two. */
+#if (LINE_MAX > PATH_MAX)
+#define BUFLEN LINE_MAX
+#else
+#define BUFLEN PATH_MAX
+#endif
+
+#define ROOT_USER 	0
+#define ROOT_GROUP 	0
+
+/* Return PAM_SUCCESS if the given directory looks "safe". */
+static int
+check_dir_perms(pam_handle_t *pamh, const char *tdir)
+{
+	char scratch[BUFLEN];
+	struct stat st;
+	int i;
+	/* Check that the directory is "safe". */
+	if ((tdir == NULL) || (strlen(tdir) == 0)) {
+		return PAM_AUTH_ERR;
+	}
+	/* Iterate over the path, checking intermediate directories. */
+	memset(scratch, 0, sizeof(scratch));
+	for (i = 0; (tdir[i] != '\0') && (i < (int)sizeof(scratch)); i++) {
+		scratch[i] = tdir[i];
+		if ((scratch[i] == '/') || (tdir[i + 1] == '\0')) {
+			/* We now have the name of a directory in the path, so
+			 * we need to check it. */
+			if ((lstat(scratch, &st) == -1) && (errno != ENOENT)) {
+				pam_syslog(pamh, LOG_ERR,
+				       "unable to read `%s': %m",
+				       scratch);
+				return PAM_AUTH_ERR;
+			}
+			if (!S_ISDIR(st.st_mode)) {
+				pam_syslog(pamh, LOG_ERR,
+				       "`%s' is not a directory",
+				       scratch);
+				return PAM_AUTH_ERR;
+			}
+			if (S_ISLNK(st.st_mode)) {
+				pam_syslog(pamh, LOG_ERR,
+				       "`%s' is a symbolic link",
+				       scratch);
+				return PAM_AUTH_ERR;
+			}
+			if (st.st_uid != 0) {
+				pam_syslog(pamh, LOG_ERR,
+				       "`%s' owner UID != 0",
+				       scratch);
+				return PAM_AUTH_ERR;
+			}
+			if (st.st_gid != 0) {
+				pam_syslog(pamh, LOG_ERR,
+				       "`%s' owner GID != 0",
+				       scratch);
+				return PAM_AUTH_ERR;
+			}
+			if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
+				pam_syslog(pamh, LOG_ERR,
+				       "`%s' permissions are lax",
+				       scratch);
+				return PAM_AUTH_ERR;
+			}
+		}
+	}
+	return PAM_SUCCESS;
+}
+
+/* Validate a tty pathname as actually belonging to a tty, and return its base
+ * name if it's valid. */
+static const char *
+check_tty(const char *tty)
+{
+	/* Check that we're not being set up to take a fall. */
+	if ((tty == NULL) || (strlen(tty) == 0)) {
+		return NULL;
+	}
+	/* Pull out the meaningful part of the tty's name. */
+	if (strchr(tty, '/') != NULL) {
+		if (pam_str_skip_prefix(tty, "/dev/") == NULL) {
+			/* Make sure the device node is actually in /dev/,
+			 * noted by Michal Zalewski. */
+			return NULL;
+		}
+		tty = strrchr(tty, '/') + 1;
+	}
+	/* Make sure the tty wasn't actually a directory (no basename). */
+	if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
+		return NULL;
+	}
+	return tty;
+}
+
+/* Determine the right path name for a given user's timestamp. */
+static int
+format_timestamp_name(char *path, size_t len,
+		      const char *timestamp_dir,
+		      const char *tty,
+		      const char *ruser,
+		      const char *user)
+{
+	if (strcmp(ruser, user) == 0) {
+		return snprintf(path, len, "%s/%s/%s", timestamp_dir,
+				ruser, tty);
+	} else {
+		return snprintf(path, len, "%s/%s/%s:%s", timestamp_dir,
+				ruser, tty, user);
+	}
+}
+
+/* Check if a given timestamp date, when compared to a current time, fits
+ * within the given interval. */
+static int
+timestamp_good(time_t then, time_t now, time_t interval)
+{
+	if (((now >= then) && ((now - then) < interval)) ||
+	    ((now < then) && ((then - now) < (2 * interval)))) {
+		return PAM_SUCCESS;
+	}
+	return PAM_AUTH_ERR;
+}
+
+static int
+check_login_time(const char *ruser, time_t timestamp)
+{
+	struct utmp utbuf, *ut;
+	time_t oldest_login = 0;
+
+	setutent();
+	while(
+#ifdef HAVE_GETUTENT_R
+	      !getutent_r(&utbuf, &ut)
+#else
+	      (ut = getutent()) != NULL
+#endif
+	      ) {
+		if (ut->ut_type != USER_PROCESS) {
+			continue;
+		}
+		if (strncmp(ruser, ut->ut_user, sizeof(ut->ut_user)) != 0) {
+			continue;
+		}
+		if (oldest_login == 0 || oldest_login > ut->ut_tv.tv_sec) {
+			oldest_login = ut->ut_tv.tv_sec;
+		}
+	}
+	endutent();
+	if(oldest_login == 0 || timestamp < oldest_login) {
+		return PAM_AUTH_ERR;
+	}
+	return PAM_SUCCESS;
+}
+
+#ifndef PAM_TIMESTAMP_MAIN
+static int
+get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
+{
+	const void *ruser;
+	struct passwd *pwd;
+
+	if (ruserbuf == NULL || ruserbuflen < 1)
+		return -2;
+	/* Get the name of the source user. */
+	if (pam_get_item(pamh, PAM_RUSER, &ruser) != PAM_SUCCESS) {
+		ruser = NULL;
+	}
+	if ((ruser == NULL) || (strlen(ruser) == 0)) {
+		/* Barring that, use the current RUID. */
+		pwd = pam_modutil_getpwuid(pamh, getuid());
+		if (pwd != NULL) {
+			ruser = pwd->pw_name;
+		}
+	} else {
+		/*
+		 * This ruser is used by format_timestamp_name as a component
+		 * of constructed timestamp pathname, so ".", "..", and '/'
+		 * are disallowed to avoid potential path traversal issues.
+		 */
+		if (!strcmp(ruser, ".") ||
+		    !strcmp(ruser, "..") ||
+		    strchr(ruser, '/')) {
+			ruser = NULL;
+		}
+	}
+	if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
+		*ruserbuf = '\0';
+		return -1;
+	}
+	strcpy(ruserbuf, ruser);
+	return 0;
+}
+
+/* Get the path to the timestamp to use. */
+static int
+get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv,
+		   char *path, size_t len)
+{
+	const char *user, *tty;
+	const void *void_tty;
+	const char *tdir = TIMESTAMPDIR;
+	char ruser[BUFLEN];
+	int i, debug = 0;
+
+	/* Parse arguments. */
+	for (i = 0; i < argc; i++) {
+		if (strcmp(argv[i], "debug") == 0) {
+			debug = 1;
+		}
+	}
+	for (i = 0; i < argc; i++) {
+		const char *str;
+
+		if ((str = pam_str_skip_prefix(argv[i], "timestampdir=")) != NULL) {
+			tdir = str;
+			if (debug) {
+				pam_syslog(pamh, LOG_DEBUG,
+				       "storing timestamps in `%s'",
+				       tdir);
+			}
+		}
+	}
+	i = check_dir_perms(pamh, tdir);
+	if (i != PAM_SUCCESS) {
+		return i;
+	}
+	/* Get the name of the target user. */
+	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user[0] == '\0') {
+		return PAM_AUTH_ERR;
+	}
+	if (debug) {
+		pam_syslog(pamh, LOG_DEBUG, "becoming user `%s'", user);
+	}
+	/* Get the name of the source user. */
+	if (get_ruser(pamh, ruser, sizeof(ruser)) || strlen(ruser) == 0) {
+		return PAM_AUTH_ERR;
+	}
+	if (debug) {
+		pam_syslog(pamh, LOG_DEBUG, "currently user `%s'", ruser);
+	}
+	/* Get the name of the terminal. */
+	if (pam_get_item(pamh, PAM_TTY, &void_tty) != PAM_SUCCESS) {
+		tty = NULL;
+	} else {
+		tty = void_tty;
+	}
+	if ((tty == NULL) || (strlen(tty) == 0)) {
+		tty = ttyname(STDIN_FILENO);
+		if ((tty == NULL) || (strlen(tty) == 0)) {
+			tty = ttyname(STDOUT_FILENO);
+		}
+		if ((tty == NULL) || (strlen(tty) == 0)) {
+			tty = ttyname(STDERR_FILENO);
+		}
+		if ((tty == NULL) || (strlen(tty) == 0)) {
+			/* Match sudo's behavior for this case. */
+			tty = "unknown";
+		}
+	}
+	if (debug) {
+		pam_syslog(pamh, LOG_DEBUG, "tty is `%s'", tty);
+	}
+	/* Snip off all but the last part of the tty name. */
+	tty = check_tty(tty);
+	if (tty == NULL) {
+		return PAM_AUTH_ERR;
+	}
+	/* Generate the name of the file used to cache auth results.  These
+	 * paths should jive with sudo's per-tty naming scheme. */
+	if (format_timestamp_name(path, len, tdir, tty, ruser, user) >= (int)len) {
+		return PAM_AUTH_ERR;
+	}
+	if (debug) {
+		pam_syslog(pamh, LOG_DEBUG, "using timestamp file `%s'", path);
+	}
+	return PAM_SUCCESS;
+}
+
+/* Tell the user that access has been granted. */
+static void
+verbose_success(pam_handle_t *pamh, long diff)
+{
+	pam_info(pamh, _("Access has been granted"
+			 " (last access was %ld seconds ago)."), diff);
+}
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	struct stat st;
+	time_t interval = DEFAULT_TIMESTAMP_TIMEOUT;
+	int i, fd, debug = 0, verbose = 0;
+	char path[BUFLEN], *p, *message, *message_end;
+	long tmp;
+	const void *void_service;
+	const char *service;
+	time_t now, then;
+
+	/* Parse arguments. */
+	for (i = 0; i < argc; i++) {
+		if (strcmp(argv[i], "debug") == 0) {
+			debug = 1;
+		}
+	}
+	for (i = 0; i < argc; i++) {
+		const char *str;
+
+		if ((str = pam_str_skip_prefix(argv[i], "timestamp_timeout=")) != NULL) {
+			tmp = strtol(str, &p, 0);
+			if ((p != NULL) && (*p == '\0')) {
+				interval = tmp;
+				if (debug) {
+					pam_syslog(pamh, LOG_DEBUG,
+					       "setting timeout to %ld"
+					       " seconds", (long)interval);
+				}
+			}
+		} else
+		if (strcmp(argv[i], "verbose") == 0) {
+			verbose = 1;
+			if (debug) {
+				pam_syslog(pamh, LOG_DEBUG,
+				       "becoming more verbose");
+			}
+		}
+	}
+
+	if (flags & PAM_SILENT) {
+		verbose = 0;
+	}
+
+	/* Get the name of the timestamp file. */
+	if (get_timestamp_name(pamh, argc, argv,
+			       path, sizeof(path)) != PAM_SUCCESS) {
+		return PAM_AUTH_ERR;
+	}
+
+	/* Get the name of the service. */
+	if (pam_get_item(pamh, PAM_SERVICE, &void_service) != PAM_SUCCESS) {
+		service = NULL;
+	} else {
+		service = void_service;
+	}
+	if ((service == NULL) || (strlen(service) == 0)) {
+		service = "(unknown)";
+	}
+
+	/* Open the timestamp file. */
+	fd = open(path, O_RDONLY | O_NOFOLLOW);
+	if (fd == -1) {
+		if (debug) {
+			pam_syslog(pamh, LOG_DEBUG,
+			       "cannot open timestamp `%s': %m",
+			       path);
+		}
+		return PAM_AUTH_ERR;
+	}
+
+	if (fstat(fd, &st) == 0) {
+		int count;
+		void *mac;
+		size_t maclen;
+		char ruser[BUFLEN];
+
+		/* Check that the file is owned by the superuser. */
+		if ((st.st_uid != 0) || (st.st_gid != 0)) {
+			pam_syslog(pamh, LOG_ERR, "timestamp file `%s' is "
+			       "not owned by root", path);
+			close(fd);
+			return PAM_AUTH_ERR;
+		}
+
+		/* Check that the file is a normal file. */
+		if (!(S_ISREG(st.st_mode))) {
+			pam_syslog(pamh, LOG_ERR, "timestamp file `%s' is "
+			       "not a regular file", path);
+			close(fd);
+			return PAM_AUTH_ERR;
+		}
+
+#ifdef WITH_OPENSSL
+		if (hmac_size(pamh, debug, &maclen)) {
+			return PAM_AUTH_ERR;
+		}
+#else
+		maclen = hmac_sha1_size();
+#endif /* WITH_OPENSSL */
+		/* Check that the file is the expected size. */
+		if (st.st_size == 0) {
+			/* Invalid, but may have been created by sudo. */
+			close(fd);
+			return PAM_AUTH_ERR;
+		}
+		if (st.st_size !=
+		    (off_t)(strlen(path) + 1 + sizeof(then) + maclen)) {
+			pam_syslog(pamh, LOG_NOTICE, "timestamp file `%s' "
+			       "appears to be corrupted", path);
+			close(fd);
+			return PAM_AUTH_ERR;
+		}
+
+		/* Read the file contents. */
+		message = malloc(st.st_size);
+		count = 0;
+                if (!message) {
+			close(fd);
+			return PAM_BUF_ERR;
+		}
+		while (count < st.st_size) {
+			i = read(fd, message + count, st.st_size - count);
+			if ((i == 0) || (i == -1)) {
+				break;
+			}
+			count += i;
+		}
+		if (count < st.st_size) {
+			pam_syslog(pamh, LOG_NOTICE, "error reading timestamp "
+				"file `%s': %m", path);
+			close(fd);
+			free(message);
+			return PAM_AUTH_ERR;
+		}
+		message_end = message + strlen(path) + 1 + sizeof(then);
+
+		/* Regenerate the MAC. */
+#ifdef WITH_OPENSSL
+		if (hmac_generate(pamh, debug, &mac, &maclen, TIMESTAMPKEY,
+				  ROOT_USER, ROOT_GROUP, message, message_end - message)) {
+			close(fd);
+			free(message);
+			return PAM_AUTH_ERR;
+		}
+#else
+		hmac_sha1_generate_file(pamh, &mac, &maclen, TIMESTAMPKEY,
+					ROOT_USER, ROOT_GROUP, message, message_end - message);
+#endif /* WITH_OPENSSL */
+		if ((mac == NULL) ||
+		    (memcmp(path, message, strlen(path)) != 0) ||
+		    (memcmp(mac, message_end, maclen) != 0)) {
+			pam_syslog(pamh, LOG_NOTICE, "timestamp file `%s' is "
+				"corrupted", path);
+			close(fd);
+			free(mac);
+			free(message);
+			return PAM_AUTH_ERR;
+		}
+		free(mac);
+		memmove(&then, message + strlen(path) + 1, sizeof(then));
+		free(message);
+
+		/* Check oldest login against timestamp */
+		if (get_ruser(pamh, ruser, sizeof(ruser)))
+		{
+			close(fd);
+			return PAM_AUTH_ERR;
+		}
+		if (check_login_time(ruser, then) != PAM_SUCCESS)
+		{
+			pam_syslog(pamh, LOG_NOTICE, "timestamp file `%s' is "
+			       "older than oldest login, disallowing "
+			       "access to %s for user %s",
+			       path, service, ruser);
+			close(fd);
+			return PAM_AUTH_ERR;
+		}
+
+		/* Compare the dates. */
+		now = time(NULL);
+		if (timestamp_good(then, now, interval) == PAM_SUCCESS) {
+			close(fd);
+			pam_syslog(pamh, LOG_NOTICE, "timestamp file `%s' is "
+			       "only %ld seconds old, allowing access to %s "
+			       "for user %s", path, (long) (now - st.st_mtime),
+			       service, ruser);
+			if (verbose) {
+				verbose_success(pamh, now - st.st_mtime);
+			}
+			return PAM_SUCCESS;
+		} else {
+			close(fd);
+			pam_syslog(pamh, LOG_NOTICE, "timestamp file `%s' has "
+			       "unacceptable age (%ld seconds), disallowing "
+			       "access to %s for user %s",
+			       path, (long) (now - st.st_mtime),
+			       service, ruser);
+			return PAM_AUTH_ERR;
+		}
+	}
+	close(fd);
+
+	/* Fail by default. */
+	return PAM_AUTH_ERR;
+}
+
+int
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED)
+{
+	return PAM_SUCCESS;
+}
+
+int
+pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv)
+{
+	char path[BUFLEN], subdir[BUFLEN], *text, *p;
+	void *mac;
+	size_t maclen;
+	time_t now;
+	int fd, i, debug = 0;
+
+	/* Parse arguments. */
+	for (i = 0; i < argc; i++) {
+		if (strcmp(argv[i], "debug") == 0) {
+			debug = 1;
+		}
+	}
+
+	/* Get the name of the timestamp file. */
+	if (get_timestamp_name(pamh, argc, argv,
+			       path, sizeof(path)) != PAM_SUCCESS) {
+		return PAM_SESSION_ERR;
+	}
+
+	/* Create the directory for the timestamp file if it doesn't already
+	 * exist. */
+	for (i = 1; i < (int) sizeof(path) && path[i] != '\0'; i++) {
+		if (path[i] == '/') {
+			/* Attempt to create the directory. */
+			memcpy(subdir, path, i);
+			subdir[i] = '\0';
+			if (mkdir(subdir, 0700) == 0) {
+				/* Attempt to set the owner to the superuser. */
+			        if (lchown(subdir, 0, 0) != 0) {
+					if (debug) {
+						pam_syslog(pamh, LOG_DEBUG,
+						    "error setting permissions on `%s': %m",
+						    subdir);
+					}
+					return PAM_SESSION_ERR;
+				}
+			} else {
+				if (errno != EEXIST) {
+					if (debug) {
+						pam_syslog(pamh, LOG_DEBUG,
+						    "error creating directory `%s': %m",
+						    subdir);
+					}
+					return PAM_SESSION_ERR;
+				}
+			}
+		}
+	}
+
+#ifdef WITH_OPENSSL
+	if (hmac_size(pamh, debug, &maclen)) {
+		return PAM_SESSION_ERR;
+	}
+#else
+	maclen = hmac_sha1_size();
+#endif /* WITH_OPENSSL */
+
+	/* Generate the message. */
+	text = malloc(strlen(path) + 1 + sizeof(now) + maclen);
+	if (text == NULL) {
+		pam_syslog(pamh, LOG_CRIT, "unable to allocate memory: %m");
+		return PAM_SESSION_ERR;
+	}
+	p = text;
+
+	strcpy(text, path);
+	p += strlen(path) + 1;
+
+	now = time(NULL);
+	memmove(p, &now, sizeof(now));
+	p += sizeof(now);
+
+	/* Generate the MAC and append it to the plaintext. */
+#ifdef WITH_OPENSSL
+	if (hmac_generate(pamh, debug, &mac, &maclen, TIMESTAMPKEY,
+			  ROOT_USER, ROOT_GROUP, text, p - text)) {
+		free(text);
+		return PAM_SESSION_ERR;
+	}
+#else
+	hmac_sha1_generate_file(pamh, &mac, &maclen, TIMESTAMPKEY,
+				ROOT_USER, ROOT_GROUP, text, p - text);
+	if (mac == NULL) {
+		pam_syslog(pamh, LOG_ERR, "failure generating MAC: %m");
+		free(text);
+		return PAM_SESSION_ERR;
+	}
+#endif /* WITH_OPENSSL */
+	memmove(p, mac, maclen);
+	p += maclen;
+	free(mac);
+
+	/* Open the file. */
+	fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+	if (fd == -1) {
+		pam_syslog(pamh, LOG_ERR, "unable to open `%s': %m", path);
+		free(text);
+		return PAM_SESSION_ERR;
+	}
+
+	/* Attempt to set the owner to the superuser. */
+	if (fchown(fd, 0, 0) != 0) {
+	  if (debug) {
+	    pam_syslog(pamh, LOG_DEBUG,
+		       "error setting ownership of `%s': %m",
+		       path);
+	  }
+	  close(fd);
+	  free(text);
+	  return PAM_SESSION_ERR;
+	}
+
+
+	/* Write the timestamp to the file. */
+	if (write(fd, text, p - text) != p - text) {
+		pam_syslog(pamh, LOG_ERR, "unable to write to `%s': %m", path);
+		close(fd);
+		free(text);
+		return PAM_SESSION_ERR;
+	}
+
+	/* Close the file and return successfully. */
+	close(fd);
+	free(text);
+	pam_syslog(pamh, LOG_DEBUG, "updated timestamp file `%s'", path);
+	return PAM_SUCCESS;
+}
+
+int
+pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED)
+{
+	return PAM_SUCCESS;
+}
+
+#else /* PAM_TIMESTAMP_MAIN */
+
+#define USAGE "Usage: %s [[-k] | [-d]] [target user]\n"
+#define CHECK_INTERVAL 7
+
+int
+main(int argc, char **argv)
+{
+	int i, retval = 0, dflag = 0, kflag = 0;
+	const char *target_user = NULL, *user = NULL, *tty = NULL;
+	struct passwd *pwd;
+	struct timeval tv;
+	fd_set write_fds;
+	char path[BUFLEN];
+	struct stat st;
+
+	/* Check that there's nothing funny going on with stdio. */
+	if ((fstat(STDIN_FILENO, &st) == -1) ||
+	    (fstat(STDOUT_FILENO, &st) == -1) ||
+	    (fstat(STDERR_FILENO, &st) == -1)) {
+		/* Appropriate the "no controlling tty" error code. */
+		return 3;
+	}
+
+	/* Parse arguments. */
+	while ((i = getopt(argc, argv, "dk")) != -1) {
+		switch (i) {
+			case 'd':
+				dflag++;
+				break;
+			case 'k':
+				kflag++;
+				break;
+			default:
+				fprintf(stderr, USAGE, argv[0]);
+				return 1;
+				break;
+		}
+	}
+
+	/* Bail if both -k and -d are given together. */
+	if ((kflag + dflag) > 1) {
+		fprintf(stderr, USAGE, argv[0]);
+		return 1;
+	}
+
+	/* Check that we're setuid. */
+	if (geteuid() != 0) {
+		fprintf(stderr, "%s must be setuid root\n",
+			argv[0]);
+		retval = 2;
+	}
+
+	/* Check that we have a controlling tty. */
+	tty = ttyname(STDIN_FILENO);
+	if ((tty == NULL) || (strlen(tty) == 0)) {
+		tty = ttyname(STDOUT_FILENO);
+	}
+	if ((tty == NULL) || (strlen(tty) == 0)) {
+		tty = ttyname(STDERR_FILENO);
+	}
+	if ((tty == NULL) || (strlen(tty) == 0)) {
+		tty = "unknown";
+	}
+
+	/* Get the name of the invoking (requesting) user. */
+	pwd = getpwuid(getuid());
+	if (pwd == NULL) {
+		retval = 4;
+	}
+
+	/* Get the name of the target user. */
+	user = strdup(pwd->pw_name);
+	if (user == NULL) {
+		retval = 4;
+	} else {
+		target_user = (optind < argc) ? argv[optind] : user;
+		if ((strchr(target_user, '.') != NULL) ||
+		    (strchr(target_user, '/') != NULL) ||
+		    (strchr(target_user, '%') != NULL)) {
+			fprintf(stderr, "unknown user: %s\n",
+				target_user);
+			retval = 4;
+		}
+	}
+
+	/* Sanity check the tty to make sure we should be checking
+	 * for timestamps which pertain to it. */
+	if (retval == 0) {
+		tty = check_tty(tty);
+		if (tty == NULL) {
+			fprintf(stderr, "invalid tty\n");
+			retval = 6;
+		}
+	}
+
+	do {
+		/* Sanity check the timestamp directory itself. */
+		if (retval == 0) {
+			if (check_dir_perms(NULL, TIMESTAMPDIR) != PAM_SUCCESS) {
+				retval = 5;
+			}
+		}
+
+		if (retval == 0) {
+			/* Generate the name of the timestamp file. */
+			format_timestamp_name(path, sizeof(path), TIMESTAMPDIR,
+					      tty, user, target_user);
+		}
+
+		if (retval == 0) {
+			if (kflag) {
+				/* Remove the timestamp. */
+				if (lstat(path, &st) != -1) {
+					retval = unlink(path);
+				}
+			} else {
+				/* Check the timestamp. */
+				if (lstat(path, &st) != -1) {
+					/* Check oldest login against timestamp */
+					if (check_login_time(user, st.st_mtime) != PAM_SUCCESS) {
+						retval = 7;
+					} else if (timestamp_good(st.st_mtime, time(NULL),
+							DEFAULT_TIMESTAMP_TIMEOUT) != PAM_SUCCESS) {
+						retval = 7;
+					}
+				} else {
+					retval = 7;
+				}
+			}
+		}
+
+		if (dflag > 0) {
+			struct timeval now;
+			/* Send the would-be-returned value to our parent. */
+			signal(SIGPIPE, SIG_DFL);
+			fprintf(stdout, "%d\n", retval);
+			fflush(stdout);
+			/* Wait. */
+			gettimeofday(&now, NULL);
+			tv.tv_sec = CHECK_INTERVAL;
+			/* round the sleep time to get woken up on a whole second */
+			tv.tv_usec = 1000000 - now.tv_usec;
+			if (now.tv_usec < 500000)
+				tv.tv_sec--;
+			FD_ZERO(&write_fds);
+			FD_SET(STDOUT_FILENO, &write_fds);
+			select(STDOUT_FILENO + 1,
+			       NULL, NULL, &write_fds,
+			       &tv);
+			retval = 0;
+		}
+	} while (dflag > 0);
+
+	return retval;
+}
+
+#endif
diff --git a/modules/pam_timestamp/pam_timestamp_check.8 b/modules/pam_timestamp/pam_timestamp_check.8
new file mode 100644
index 0000000..a037375
--- /dev/null
+++ b/modules/pam_timestamp/pam_timestamp_check.8
@@ -0,0 +1,133 @@
+'\" t
+.\"     Title: pam_timestamp_check
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 09/03/2021
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PAM_TIMESTAMP_CHECK" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_timestamp_check \- Check to see if the default timestamp is valid
+.SH "SYNOPSIS"
+.HP \w'\fBpam_timestamp_check\fR\ 'u
+\fBpam_timestamp_check\fR [\-k] [\-d] [\fItarget_user\fR]
+.SH "DESCRIPTION"
+.PP
+With no arguments
+\fBpam_timestamp_check\fR
+will check to see if the default timestamp is valid, or optionally remove it\&.
+.SH "OPTIONS"
+.PP
+\fB\-k\fR
+.RS 4
+Instead of checking the validity of a timestamp, remove it\&. This is analogous to sudo\*(Aqs
+\fI\-k\fR
+option\&.
+.RE
+.PP
+\fB\-d\fR
+.RS 4
+Instead of returning validity using an exit status, loop indefinitely, polling regularly and printing the status on standard output\&.
+.RE
+.PP
+\fB\fItarget_user\fR\fR
+.RS 4
+By default
+\fBpam_timestamp_check\fR
+checks or removes timestamps generated by
+\fIpam_timestamp\fR
+when the user authenticates as herself\&. When the user authenticates as a different user, the name of the timestamp file changes to accommodate this\&.
+\fItarget_user\fR
+allows one to specify this user name\&.
+.RE
+.SH "RETURN VALUES"
+.PP
+0
+.RS 4
+The timestamp is valid\&.
+.RE
+.PP
+2
+.RS 4
+The binary is not setuid root\&.
+.RE
+.PP
+3
+.RS 4
+Invalid invocation\&.
+.RE
+.PP
+4
+.RS 4
+User is unknown\&.
+.RE
+.PP
+5
+.RS 4
+Permissions error\&.
+.RE
+.PP
+6
+.RS 4
+Invalid controlling tty\&.
+.RE
+.PP
+7
+.RS 4
+Timestamp is not valid\&.
+.RE
+.SH "NOTES"
+.PP
+Users can get confused when they are not always asked for passwords when running a given program\&. Some users reflexively begin typing information before noticing that it is not being asked for\&.
+.SH "EXAMPLES"
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth sufficient pam_timestamp\&.so verbose
+auth required   pam_unix\&.so
+
+session required pam_unix\&.so
+session optional pam_timestamp\&.so
+    
+.fi
+.if n \{\
+.RE
+.\}
+.SH "FILES"
+.PP
+/var/run/sudo/\&.\&.\&.
+.RS 4
+timestamp files and directories
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpam_timestamp_check\fR(8),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_timestamp was written by Nalin Dahyabhai\&.
diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml
new file mode 100644
index 0000000..3a65d7e
--- /dev/null
+++ b/modules/pam_timestamp/pam_timestamp_check.8.xml
@@ -0,0 +1,207 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_timestamp_check">
+
+  <refmeta>
+    <refentrytitle>pam_timestamp_check</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_timestamp_check-name">
+    <refname>pam_timestamp_check</refname>
+    <refpurpose>Check to see if the default timestamp is valid</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_timestamp_check-cmdsynopsis">
+      <command>pam_timestamp_check</command>
+      <arg choice="opt">
+	-k
+      </arg>
+      <arg choice="opt">
+        -d
+      </arg>
+      <arg choice="opt">
+        <replaceable>target_user</replaceable>
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_timestamp_check-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      With no arguments <command>pam_timestamp_check</command> will check to
+see if the default timestamp is valid, or optionally remove it.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_timestamp_check-options">
+
+    <title>OPTIONS</title>
+    <variablelist>
+      <varlistentry>
+         <term>
+            <option>-k</option>
+         </term>
+         <listitem>
+            <para>
+               Instead of checking the validity of a timestamp, remove it.
+               This is analogous to sudo's <emphasis>-k</emphasis> option.
+            </para>
+         </listitem>
+      </varlistentry>
+      <varlistentry>
+         <term>
+            <option>-d</option>
+         </term>
+         <listitem>
+            <para>
+               Instead of returning validity using an exit status,
+               loop indefinitely, polling regularly and printing the status on
+               standard output.
+            </para>
+         </listitem>
+      </varlistentry>
+      <varlistentry>
+         <term>
+            <option><replaceable>target_user</replaceable></option>
+         </term>
+         <listitem>
+            <para>
+               By default <command>pam_timestamp_check</command> checks or removes
+               timestamps generated by <emphasis>pam_timestamp</emphasis> when
+               the user authenticates as herself. When the user authenticates as a
+               different user, the name of the timestamp file changes to
+               accommodate this. <replaceable>target_user</replaceable> allows
+               one to specify this user name.
+            </para>
+         </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp_check-return_values'>
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+        <term>0</term>
+        <listitem>
+          <para>
+            The timestamp is valid.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>2</term>
+        <listitem>
+          <para>
+            The binary is not setuid root.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>3</term>
+        <listitem>
+          <para>
+            Invalid invocation.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>4</term>
+        <listitem>
+          <para>
+            User is unknown.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>5</term>
+        <listitem>
+          <para>
+            Permissions error.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>6</term>
+        <listitem>
+          <para>
+            Invalid controlling tty.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>7</term>
+        <listitem>
+          <para>
+            Timestamp is not valid.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-notes'>
+    <title>NOTES</title>
+    <para>
+      Users can get confused when they are not always asked for passwords when
+running a given program. Some users reflexively begin typing information before
+noticing that it is not being asked for.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-examples'>
+    <title>EXAMPLES</title>
+    <programlisting>
+auth sufficient pam_timestamp.so verbose
+auth required   pam_unix.so
+
+session required pam_unix.so
+session optional pam_timestamp.so
+    </programlisting>
+  </refsect1>
+
+  <refsect1 id="pam_timestamp-files">
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+        <term><filename>/var/run/sudo/...</filename></term>
+        <listitem>
+          <para>timestamp files and directories</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam_timestamp_check</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_timestamp-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_timestamp was written by Nalin Dahyabhai.
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_timestamp/pam_timestamp_check.c b/modules/pam_timestamp/pam_timestamp_check.c
new file mode 100644
index 0000000..52b5a95
--- /dev/null
+++ b/modules/pam_timestamp/pam_timestamp_check.c
@@ -0,0 +1,42 @@
+/******************************************************************************
+ * A module for Linux-PAM that will cache authentication results, inspired by
+ * (and implemented with an eye toward being mixable with) sudo.
+ *
+ * Copyright (c) 2002 Red Hat, Inc.
+ * Written by Nalin Dahyabhai <nalin@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#define PAM_TIMESTAMP_MAIN 1
+#include "pam_timestamp.c"
diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c
new file mode 100644
index 0000000..d713aed
--- /dev/null
+++ b/modules/pam_timestamp/sha1.c
@@ -0,0 +1,253 @@
+/* Yet another SHA-1 implementation.
+ *
+ * Copyright (c) 2003 Red Hat, Inc.
+ * Written by Nalin Dahyabhai <nalin@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/* See http://www.itl.nist.gov/fipspubs/fip180-1.htm for descriptions. */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <netinet/in.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <endian.h>
+#include <unistd.h>
+#include "sha1.h"
+
+static unsigned char
+padding[SHA1_BLOCK_SIZE] = {
+	0x80, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+	   0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+	   0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+	   0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+static uint32_t
+F(uint32_t b, uint32_t c, uint32_t d)
+{
+	return (b & c) | ((~b) & d);
+}
+
+static uint32_t
+G(uint32_t b, uint32_t c, uint32_t d)
+{
+	return b ^ c ^ d;
+}
+
+static uint32_t
+H(uint32_t b, uint32_t c, uint32_t d)
+{
+	return (b & c) | (b & d) | (c & d);
+}
+
+static uint32_t
+RL(uint32_t n, uint32_t s)
+{
+	return (n << s) | (n >> (32 - s));
+}
+
+static uint32_t
+sha1_round(uint32_t (*FUNC)(uint32_t, uint32_t, uint32_t),
+      uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e,
+      uint32_t i, uint32_t n)
+{
+	return RL(a, 5) + FUNC(b, c, d) + e + i + n;
+}
+
+void
+sha1_init(struct sha1_context *ctx)
+{
+	memset(ctx, 0, sizeof(*ctx));
+	ctx->a = 0x67452301;
+	ctx->b = 0xefcdab89;
+	ctx->c = 0x98badcfe;
+	ctx->d = 0x10325476;
+	ctx->e = 0xc3d2e1f0;
+}
+
+static void
+sha1_process(struct sha1_context *ctx, uint32_t buffer[SHA1_BLOCK_SIZE / 4])
+{
+	uint32_t a, b, c, d, e, temp;
+	uint32_t data[80];
+	int i;
+
+	for (i = 0; i < 16; i++) {
+		data[i] = htonl(buffer[i]);
+	}
+	for (i = 16; i < 80; i++) {
+		data[i] = RL(data[i - 3] ^ data[i - 8] ^ data[i - 14] ^ data[i - 16], 1);
+	}
+
+	a = ctx->a;
+	b = ctx->b;
+	c = ctx->c;
+	d = ctx->d;
+	e = ctx->e;
+
+	for (i =  0; i < 20; i++) {
+		temp = sha1_round(F, a, b, c, d, e, data[i], 0x5a827999);
+		e = d; d = c; c = RL(b, 30); b = a; a = temp;
+	}
+	for (i = 20; i < 40; i++) {
+		temp = sha1_round(G, a, b, c, d, e, data[i], 0x6ed9eba1);
+		e = d; d = c; c = RL(b, 30); b = a; a = temp;
+	}
+	for (i = 40; i < 60; i++) {
+		temp = sha1_round(H, a, b, c, d, e, data[i], 0x8f1bbcdc);
+		e = d; d = c; c = RL(b, 30); b = a; a = temp;
+	}
+	for (i = 60; i < 80; i++) {
+		temp = sha1_round(G, a, b, c, d, e, data[i], 0xca62c1d6);
+		e = d; d = c; c = RL(b, 30); b = a; a = temp;
+	}
+
+	ctx->a += a;
+	ctx->b += b;
+	ctx->c += c;
+	ctx->d += d;
+	ctx->e += e;
+
+	memset(buffer, 0, sizeof(buffer[0]) * SHA1_BLOCK_SIZE / 4);
+	memset(data, 0, sizeof(data));
+}
+
+void
+sha1_update(struct sha1_context *ctx, const unsigned char *data, size_t length)
+{
+	size_t i = 0, l = length, c, t;
+	uint32_t count = 0;
+
+	/* Process any pending + data blocks. */
+	while (l + ctx->pending_count >= SHA1_BLOCK_SIZE) {
+		c = ctx->pending_count;
+		t = SHA1_BLOCK_SIZE - c;
+		memcpy(ctx->pending.c + c, &data[i], t);
+		sha1_process(ctx, ctx->pending.i);
+		i += t;
+		l -= t;
+		ctx->pending_count = 0;
+	}
+
+	/* Save what's left of the data block as a pending data block. */
+	c = ctx->pending_count;
+	memcpy(ctx->pending.c + c, &data[i], l);
+	ctx->pending_count += l;
+
+	/* Update the message length. */
+	ctx->count += length;
+
+	/* Update our internal counts. */
+	if (length != 0) {
+		count = ctx->counts[0];
+		ctx->counts[0] += length;
+		if (count >= ctx->counts[0]) {
+			ctx->counts[1]++;
+		}
+	}
+}
+
+size_t
+sha1_output(struct sha1_context *ctx, unsigned char *out)
+{
+	struct sha1_context ctx2;
+
+	/* Output the sum. */
+	if (out != NULL) {
+		uint32_t c;
+		memcpy(&ctx2, ctx, sizeof(ctx2));
+
+		/* Pad this block. */
+		c = ctx2.pending_count;
+		memcpy(ctx2.pending.c + c,
+		       padding, SHA1_BLOCK_SIZE - c);
+
+		/* Do we need to process two blocks now? */
+		if (c >= (SHA1_BLOCK_SIZE - (sizeof(uint32_t) * 2))) {
+			/* Process this block. */
+			sha1_process(&ctx2, ctx2.pending.i);
+			/* Set up another block. */
+			ctx2.pending_count = 0;
+			memset(ctx2.pending.c, 0, SHA1_BLOCK_SIZE);
+                        ctx2.pending.c[0] =
+				(c == SHA1_BLOCK_SIZE) ? 0x80 : 0;
+		}
+
+		/* Process the final block. */
+		ctx2.counts[1] <<= 3;
+		if (ctx2.counts[0] >> 29) {
+			ctx2.counts[1] |=
+			(ctx2.counts[0] >> 29);
+		}
+		ctx2.counts[0] <<= 3;
+		ctx2.counts[0] = htonl(ctx2.counts[0]);
+		ctx2.counts[1] = htonl(ctx2.counts[1]);
+		memcpy(ctx2.pending.c + 56,
+		       &ctx2.counts[1], sizeof(uint32_t));
+		memcpy(ctx2.pending.c + 60,
+		       &ctx2.counts[0], sizeof(uint32_t));
+		sha1_process(&ctx2, ctx2.pending.i);
+
+		/* Output the data. */
+		out[ 3] = (ctx2.a >>  0) & 0xff;
+		out[ 2] = (ctx2.a >>  8) & 0xff;
+		out[ 1] = (ctx2.a >> 16) & 0xff;
+		out[ 0] = (ctx2.a >> 24) & 0xff;
+
+		out[ 7] = (ctx2.b >>  0) & 0xff;
+		out[ 6] = (ctx2.b >>  8) & 0xff;
+		out[ 5] = (ctx2.b >> 16) & 0xff;
+		out[ 4] = (ctx2.b >> 24) & 0xff;
+
+		out[11] = (ctx2.c >>  0) & 0xff;
+		out[10] = (ctx2.c >>  8) & 0xff;
+		out[ 9] = (ctx2.c >> 16) & 0xff;
+		out[ 8] = (ctx2.c >> 24) & 0xff;
+
+		out[15] = (ctx2.d >>  0) & 0xff;
+		out[14] = (ctx2.d >>  8) & 0xff;
+		out[13] = (ctx2.d >> 16) & 0xff;
+		out[12] = (ctx2.d >> 24) & 0xff;
+
+		out[19] = (ctx2.e >>  0) & 0xff;
+		out[18] = (ctx2.e >>  8) & 0xff;
+		out[17] = (ctx2.e >> 16) & 0xff;
+		out[16] = (ctx2.e >> 24) & 0xff;
+	}
+
+	return SHA1_OUTPUT_SIZE;
+}
diff --git a/modules/pam_timestamp/sha1.h b/modules/pam_timestamp/sha1.h
new file mode 100644
index 0000000..69f432e
--- /dev/null
+++ b/modules/pam_timestamp/sha1.h
@@ -0,0 +1,65 @@
+/* Yet another SHA-1 implementation.
+ *
+ * Copyright (c) 2003 Red Hat, Inc.
+ * Written by Nalin Dahyabhai <nalin@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#ifndef pam_timestamp_sha1_h
+#define pam_timestamp_sha1_h
+
+#include <stdint.h>
+#include <sys/types.h>
+#include "pam_cc_compat.h"
+
+#define SHA1_BLOCK_SIZE 64
+
+struct sha1_context {
+	size_t count;
+	union {
+		unsigned char c[SHA1_BLOCK_SIZE];
+		uint32_t i[SHA1_BLOCK_SIZE / sizeof(uint32_t)];
+	} pending;
+	uint32_t counts[2];
+	size_t pending_count;
+	uint32_t a, b, c, d, e;
+};
+
+#define SHA1_OUTPUT_SIZE 20
+
+void sha1_init(struct sha1_context *ctx);
+void sha1_update(struct sha1_context *ctx,
+		 const unsigned char *data, size_t length);
+size_t sha1_output(struct sha1_context *ctx, unsigned char *out);
+
+#endif
diff --git a/modules/pam_timestamp/tst-pam_timestamp b/modules/pam_timestamp/tst-pam_timestamp
new file mode 100755
index 0000000..1d425b8
--- /dev/null
+++ b/modules/pam_timestamp/tst-pam_timestamp
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_timestamp.so