Revive the pam_deny and pam_permit modules from Linux-PAM. They are

simple enough to be trusted.

Add account management functionality to the pam_unix module.

These changes should make it possible to use PAM in some ports.

Submitted by:	Max Khon <fjoe@iclub.nsu.ru>

6 files changed, 450 insertions, 0 deletions

diff --git a/contrib/libpam/modules/pam_deny/Makefile b/contrib/libpam/modules/pam_deny/Makefile
new file mode 100644
index 000000000000..02506cb38122
--- /dev/null
+++ b/contrib/libpam/modules/pam_deny/Makefile
@@ -0,0 +1,125 @@
+#
+# $Id: Makefile,v 1.7 1997/04/05 06:43:41 morgan Exp morgan $
+#
+# This Makefile controls a build process of $(TITLE) module for
+# Linux-PAM. You should not modify this Makefile (unless you know
+# what you are doing!).
+#
+# $Log: Makefile,v $
+# Revision 1.7  1997/04/05 06:43:41  morgan
+# full-source-tree and fakeroot
+#
+# Revision 1.6  1997/02/15 19:04:27  morgan
+# fixed email
+#
+# Revision 1.5  1996/11/10 20:11:48  morgan
+# crossplatform support
+#
+# Revision 1.4  1996/09/05 06:50:12  morgan
+# ld --> gcc
+#
+# Revision 1.3  1996/05/26 15:48:38  morgan
+# make dynamic and static dirs
+#
+# Revision 1.2  1996/05/26 04:00:16  morgan
+# changes for automated static/dynamic modules
+#
+# Revision 1.1  1996/03/16 17:47:36  morgan
+# Initial revision
+#
+#
+# Created by Andrew Morgan <morgan@parc.power.net> 1996/3/11
+#
+
+# Convenient defaults for compiling independently of the full source
+# tree.
+ifndef FULL_LINUX_PAM_SOURCE_TREE
+export DYNAMIC=-DPAM_DYNAMIC
+export CC=gcc
+export CFLAGS=-O2 -Dlinux -DLINUX_PAM \
+       -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \
+       -Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional \
+       -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline \
+       -Wshadow -pedantic -fPIC
+export MKDIR=mkdir -p
+export LD_D=gcc -shared -Xlinker -x
+endif
+
+#
+
+TITLE=pam_deny
+
+#
+
+LIBSRC = $(TITLE).c
+LIBOBJ = $(TITLE).o
+LIBOBJD = $(addprefix dynamic/,$(LIBOBJ))
+LIBOBJS = $(addprefix static/,$(LIBOBJ))
+
+dynamic/%.o : %.c
+	$(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
+
+static/%.o : %.c
+	$(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
+
+
+ifdef DYNAMIC
+LIBSHARED = $(TITLE).so
+endif
+ifdef STATIC
+LIBSTATIC = lib$(TITLE).o
+endif
+
+####################### don't edit below #######################
+
+dummy:
+	@echo "**** This is not a top-level Makefile "
+	exit
+
+all: dirs $(LIBSHARED) $(LIBSTATIC) register
+
+dirs:
+ifdef DYNAMIC
+	$(MKDIR) ./dynamic
+endif
+ifdef STATIC
+	$(MKDIR) ./static
+endif
+
+register:
+ifdef STATIC
+	( cd .. ; ./register_static $(TITLE) $(TITLE)/$(LIBSTATIC) )
+endif
+
+ifdef DYNAMIC
+$(LIBOBJD): $(LIBSRC)
+
+$(LIBSHARED):	$(LIBOBJD)
+		$(LD_D) -o $@ $(LIBOBJD)
+endif
+
+ifdef STATIC
+$(LIBOBJS): $(LIBSRC)
+
+$(LIBSTATIC): $(LIBOBJS)
+	$(LD) -r -o $@ $(LIBOBJS)
+endif
+
+install: all
+	$(MKDIR) $(FAKEROOT)$(SECUREDIR)
+ifdef DYNAMIC
+	$(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)
+endif
+
+remove:
+	rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so
+
+clean:
+	rm -f $(LIBOBJD) $(LIBOBJS) core *~
+
+extraclean: clean
+	rm -f *.a *.o *.so *.bak
+
+.c.o:	
+	$(CC) $(CFLAGS) -c $<
+
diff --git a/contrib/libpam/modules/pam_deny/README b/contrib/libpam/modules/pam_deny/README
new file mode 100644
index 000000000000..4f7f6de664fe
--- /dev/null
+++ b/contrib/libpam/modules/pam_deny/README
@@ -0,0 +1,4 @@
+# $Id: README,v 1.1 1996/03/16 18:11:12 morgan Exp $
+#
+
+this module always fails, it ignores all options.
diff --git a/contrib/libpam/modules/pam_deny/pam_deny.c b/contrib/libpam/modules/pam_deny/pam_deny.c
new file mode 100644
index 000000000000..01b2def08960
--- /dev/null
+++ b/contrib/libpam/modules/pam_deny/pam_deny.c
@@ -0,0 +1,83 @@
+/* pam_deny module */
+
+/*
+ * $Id: pam_deny.c,v 1.4 1997/02/15 19:05:15 morgan Exp $
+ *
+ * Written by Andrew Morgan <morgan@parc.power.net> 1996/3/11
+ *
+ * $Log: pam_deny.c,v $
+ * Revision 1.4  1997/02/15 19:05:15  morgan
+ * fixed email
+ *
+ * Revision 1.3  1996/06/02 08:06:19  morgan
+ * changes for new static protocol
+ *
+ * Revision 1.2  1996/05/26 04:01:12  morgan
+ * added static support
+ *
+ * Revision 1.1  1996/03/16 17:47:36  morgan
+ * Initial revision
+ *
+ */
+
+/*
+ * here, we make definitions for the externally accessible functions
+ * in this file (these definitions are required for static modules
+ * but strongly encouraged generally) they are used to instruct the
+ * modules include file to define their prototypes.
+ */
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+
+/* --- authentication management functions --- */
+
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
+			,const char **argv)
+{
+     return PAM_AUTH_ERR;
+}
+
+PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
+		   ,const char **argv)
+{
+     return PAM_CRED_UNAVAIL;
+}
+
+/* --- account management functions --- */
+
+PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
+		     ,const char **argv)
+{
+     return PAM_ACCT_EXPIRED;
+}
+
+/* --- password management --- */
+
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh,int flags,int argc
+		     ,const char **argv)
+{
+     return PAM_AUTHTOK_ERR;
+}
+
+/* --- session management --- */
+
+PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc
+			,const char **argv)
+{
+    return PAM_SYSTEM_ERR;
+}
+
+PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
+			 ,const char **argv)
+{
+     return PAM_SYSTEM_ERR;
+}
+
+/* end of module definition */
+
+PAM_MODULE_ENTRY("pam_deny");
diff --git a/contrib/libpam/modules/pam_permit/Makefile b/contrib/libpam/modules/pam_permit/Makefile
new file mode 100644
index 000000000000..823b62472e35
--- /dev/null
+++ b/contrib/libpam/modules/pam_permit/Makefile
@@ -0,0 +1,126 @@
+#
+# $Id: Makefile,v 1.8 1997/04/05 06:33:25 morgan Exp morgan $
+#
+# This Makefile controls a build process of $(TITLE) module for
+# Linux-PAM. You should not modify this Makefile (unless you know
+# what you are doing!).
+#
+# $Log: Makefile,v $
+# Revision 1.8  1997/04/05 06:33:25  morgan
+# fakeroot
+#
+# Revision 1.7  1997/02/15 19:02:27  morgan
+# updated email address
+#
+# Revision 1.6  1996/11/10 20:14:34  morgan
+# cross platform support
+#
+# Revision 1.5  1996/09/05 06:32:45  morgan
+# ld --> gcc
+#
+# Revision 1.4  1996/05/26 15:49:25  morgan
+# make dynamic and static dirs
+#
+# Revision 1.3  1996/05/26 04:04:26  morgan
+# automated static support
+#
+# Revision 1.2  1996/03/16 17:56:38  morgan
+# tidied up
+#
+#
+# Created by Andrew Morgan <morgan@parc.power.net> 1996/3/11
+#
+
+# Convenient defaults for compiling independently of the full source
+# tree.
+ifndef FULL_LINUX_PAM_SOURCE_TREE
+export DYNAMIC=-DPAM_DYNAMIC
+export CC=gcc
+export CFLAGS=-O2 -Dlinux -DLINUX_PAM \
+       -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \
+       -Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional \
+       -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline \
+       -Wshadow -pedantic -fPIC
+export MKDIR=mkdir -p
+export LD_D=gcc -shared -Xlinker -x
+endif
+
+#
+#
+
+TITLE=pam_permit
+
+#
+
+LIBSRC = $(TITLE).c
+LIBOBJ = $(TITLE).o
+LIBOBJD = $(addprefix dynamic/,$(LIBOBJ))
+LIBOBJS = $(addprefix static/,$(LIBOBJ))
+
+ifdef DYNAMIC
+LIBSHARED = $(TITLE).so
+endif
+
+ifdef STATIC
+LIBSTATIC = lib$(TITLE).o
+endif
+
+####################### don't edit below #######################
+
+all: dirs $(LIBSHARED) $(LIBSTATIC) register
+
+dynamic/%.o : %.c
+	$(CC) $(CFLAGS) $(DYNAMIC) $(TARGET_ARCH) -c $< -o $@
+
+static/%.o : %.c
+	$(CC) $(CFLAGS) $(STATIC) $(TARGET_ARCH) -c $< -o $@
+
+dirs:
+ifdef DYNAMIC
+	$(MKDIR) ./dynamic
+endif
+ifdef STATIC
+	$(MKDIR) ./static
+endif
+
+register:
+ifdef STATIC
+	( cd .. ; ./register_static $(TITLE) $(TITLE)/$(LIBSTATIC) )
+endif
+
+ifdef DYNAMIC
+$(LIBOBJD): $(LIBSRC)
+endif
+
+ifdef DYNAMIC
+$(LIBSHARED):	$(LIBOBJD)
+		$(LD_D) -o $@ $(LIBOBJD)
+endif
+
+ifdef STATIC
+$(LIBOBJS): $(LIBSRC)
+endif
+
+ifdef STATIC
+$(LIBSTATIC): $(LIBOBJS)
+	$(LD) -r -o $@ $(LIBOBJS)
+endif
+
+install: all
+	$(MKDIR) $(FAKEROOT)$(SECUREDIR)
+ifdef DYNAMIC
+	$(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)
+endif
+
+remove:
+	rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so
+
+clean:
+	rm -f $(LIBOBJD) $(LIBOBJS) core *~
+
+extraclean: clean
+	rm -f *.a *.o *.so *.bak
+
+.c.o:	
+	$(CC) $(CFLAGS) -c $<
+
diff --git a/contrib/libpam/modules/pam_permit/README b/contrib/libpam/modules/pam_permit/README
new file mode 100644
index 000000000000..da179a34829c
--- /dev/null
+++ b/contrib/libpam/modules/pam_permit/README
@@ -0,0 +1,4 @@
+# $Id: README,v 1.1 1996/03/16 18:12:51 morgan Exp $
+#
+
+this module always returns PAM_SUCCESS, it ignores all options.
diff --git a/contrib/libpam/modules/pam_permit/pam_permit.c b/contrib/libpam/modules/pam_permit/pam_permit.c
new file mode 100644
index 000000000000..a01f9c29a21b
--- /dev/null
+++ b/contrib/libpam/modules/pam_permit/pam_permit.c
@@ -0,0 +1,108 @@
+/* pam_permit module */
+
+/*
+ * $Id: pam_permit.c,v 1.5 1997/02/15 19:03:15 morgan Exp $
+ *
+ * Written by Andrew Morgan <morgan@parc.power.net> 1996/3/11
+ *
+ * $Log: pam_permit.c,v $
+ * Revision 1.5  1997/02/15 19:03:15  morgan
+ * fixed email address
+ *
+ * Revision 1.4  1997/02/15 16:03:10  morgan
+ * force a name for user
+ *
+ * Revision 1.3  1996/06/02 08:10:14  morgan
+ * updated for new static protocol
+ *
+ */
+
+#define DEFAULT_USER "nobody"
+
+#include <stdio.h>
+
+/*
+ * here, we make definitions for the externally accessible functions
+ * in this file (these definitions are required for static modules
+ * but strongly encouraged generally) they are used to instruct the
+ * modules include file to define their prototypes.
+ */
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+
+/* --- authentication management functions --- */
+
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
+			,const char **argv)
+{
+    int retval;
+    const char *user=NULL;
+
+    /*
+     * authentication requires we know who the user wants to be
+     */
+    retval = pam_get_user(pamh, &user, NULL);
+    if (retval != PAM_SUCCESS) {
+	D(("get user returned error: %s", pam_strerror(pamh,retval)));
+	return retval;
+    }
+    if (user == NULL || *user == '\0') {
+	D(("username not known"));
+	pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
+    }
+    user = NULL;                                            /* clean up */
+
+    return PAM_SUCCESS;
+}
+
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
+		   ,const char **argv)
+{
+     return PAM_SUCCESS;
+}
+
+/* --- account management functions --- */
+
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
+		     ,const char **argv)
+{
+     return PAM_SUCCESS;
+}
+
+/* --- password management --- */
+
+PAM_EXTERN
+int pam_sm_chauthtok(pam_handle_t *pamh,int flags,int argc
+		     ,const char **argv)
+{
+     return PAM_SUCCESS;
+}
+
+/* --- session management --- */
+
+PAM_EXTERN
+int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc
+			,const char **argv)
+{
+    return PAM_SUCCESS;
+}
+
+PAM_EXTERN
+int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
+			 ,const char **argv)
+{
+     return PAM_SUCCESS;
+}
+
+/* end of module definition */
+
+PAM_MODULE_ENTRY("pam_permit");