pam-krb5: Import/add pam-krb5 from eyeire.orgvendor/pam-krb5/4.11vendor/pam-krb5

From https://www.eyrie.org/~eagle/software/pam-krb5/:

pam-krb5 provides a Kerberos PAM module that supports authentication,
user ticket cache handling, simple authorization (via .k5login or
checking Kerberos principals against local usernames), and password
changing. It can be configured through either options in the PAM
configuration itself or through entries in the system krb5.conf file,
and it tries to work around PAM implementation flaws in commonly-used
PAM-enabled applications such as OpenSSH and xdm. It supports both
PKINIT and FAST to the extent that the underlying Kerberos libraries
support these features.

The reason for this import is to provide an MIT KRB5 compatible
pam_krb5 PAM module. The existing pam_krb5 in FreeBS only works
with Heimdal.

Sponsored by:	The FreeBSD Foundation

1 files changed, 67 insertions, 0 deletions

diff --git a/tests/module/basic-t.c b/tests/module/basic-t.c
new file mode 100644
index 000000000000..cacad5906ffb
--- /dev/null
+++ b/tests/module/basic-t.c
@@ -0,0 +1,67 @@
+/*
+ * Basic tests for the pam-krb5 module.
+ *
+ * This test case includes all tests that can be done without having Kerberos
+ * configured and a username and password available, and without any special
+ * configuration.
+ *
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2020 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2011
+ *     The Board of Trustees of the Leland Stanford Junior University
+ *
+ * SPDX-License-Identifier: BSD-3-clause or GPL-1+
+ */
+
+#include <config.h>
+#include <portable/system.h>
+
+#include <pwd.h>
+
+#include <tests/fakepam/pam.h>
+#include <tests/fakepam/script.h>
+#include <tests/tap/basic.h>
+#include <tests/tap/kerberos.h>
+#include <tests/tap/string.h>
+
+
+int
+main(void)
+{
+    struct script_config config;
+    struct passwd pwd;
+    char *uid;
+    char *uidplus;
+
+    plan_lazy();
+
+    /*
+     * Generate a testing krb5.conf file with a nonexistent default realm so
+     * that this test will run on any system.
+     */
+    kerberos_generate_conf("bogus.example.com");
+
+    /* Create a fake passwd struct for our user. */
+    memset(&pwd, 0, sizeof(pwd));
+    pwd.pw_name = (char *) "root";
+    pwd.pw_uid = getuid();
+    pwd.pw_gid = getgid();
+    pam_set_pwd(&pwd);
+
+    /*
+     * Attempt login as the root user to test ignore_root.  Set our current
+     * UID and a UID one larger for testing minimum_uid.
+     */
+    basprintf(&uid, "%lu", (unsigned long) pwd.pw_uid);
+    basprintf(&uidplus, "%lu", (unsigned long) pwd.pw_uid + 1);
+    memset(&config, 0, sizeof(config));
+    config.user = "root";
+    config.extra[0] = uid;
+    config.extra[1] = uidplus;
+
+    run_script_dir("data/scripts/basic", &config);
+
+    free(uid);
+    free(uidplus);
+    return 0;
+}