aboutsummaryrefslogtreecommitdiff
path: root/lib/libpam/modules
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libpam/modules')
-rw-r--r--lib/libpam/modules/Makefile1
-rw-r--r--lib/libpam/modules/Makefile.inc1
-rw-r--r--lib/libpam/modules/modules.inc4
-rw-r--r--lib/libpam/modules/pam_chroot/Makefile1
-rw-r--r--lib/libpam/modules/pam_chroot/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_chroot/pam_chroot.84
-rw-r--r--lib/libpam/modules/pam_chroot/pam_chroot.c3
-rw-r--r--lib/libpam/modules/pam_deny/Makefile1
-rw-r--r--lib/libpam/modules/pam_deny/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_deny/pam_deny.84
-rw-r--r--lib/libpam/modules/pam_deny/pam_deny.c2
-rw-r--r--lib/libpam/modules/pam_echo/Makefile1
-rw-r--r--lib/libpam/modules/pam_echo/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_echo/pam_echo.84
-rw-r--r--lib/libpam/modules/pam_echo/pam_echo.c2
-rw-r--r--lib/libpam/modules/pam_exec/Makefile1
-rw-r--r--lib/libpam/modules/pam_exec/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_exec/pam_exec.816
-rw-r--r--lib/libpam/modules/pam_exec/pam_exec.c10
-rw-r--r--lib/libpam/modules/pam_ftpusers/Makefile1
-rw-r--r--lib/libpam/modules/pam_ftpusers/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_ftpusers/pam_ftpusers.84
-rw-r--r--lib/libpam/modules/pam_ftpusers/pam_ftpusers.c2
-rw-r--r--lib/libpam/modules/pam_group/Makefile1
-rw-r--r--lib/libpam/modules/pam_group/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_group/pam_group.84
-rw-r--r--lib/libpam/modules/pam_group/pam_group.c3
-rw-r--r--lib/libpam/modules/pam_guest/Makefile1
-rw-r--r--lib/libpam/modules/pam_guest/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_guest/pam_guest.84
-rw-r--r--lib/libpam/modules/pam_guest/pam_guest.c2
-rw-r--r--lib/libpam/modules/pam_krb5/Makefile3
-rw-r--r--lib/libpam/modules/pam_krb5/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_krb5/pam_krb5.818
-rw-r--r--lib/libpam/modules/pam_krb5/pam_krb5.c296
-rw-r--r--lib/libpam/modules/pam_ksu/Makefile3
-rw-r--r--lib/libpam/modules/pam_ksu/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_ksu/pam_ksu.84
-rw-r--r--lib/libpam/modules/pam_ksu/pam_ksu.c4
-rw-r--r--lib/libpam/modules/pam_lastlog/Makefile3
-rw-r--r--lib/libpam/modules/pam_lastlog/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_lastlog/pam_lastlog.88
-rw-r--r--lib/libpam/modules/pam_lastlog/pam_lastlog.c2
-rw-r--r--lib/libpam/modules/pam_login_access/Makefile3
-rw-r--r--lib/libpam/modules/pam_login_access/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_login_access/login.access.52
-rw-r--r--lib/libpam/modules/pam_login_access/login_access.c3
-rw-r--r--lib/libpam/modules/pam_login_access/pam_login_access.82
-rw-r--r--lib/libpam/modules/pam_login_access/pam_login_access.c2
-rw-r--r--lib/libpam/modules/pam_login_access/pam_login_access.h2
-rw-r--r--lib/libpam/modules/pam_nologin/Makefile3
-rw-r--r--lib/libpam/modules/pam_nologin/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_nologin/pam_nologin.84
-rw-r--r--lib/libpam/modules/pam_nologin/pam_nologin.c3
-rw-r--r--lib/libpam/modules/pam_opie/Makefile34
-rw-r--r--lib/libpam/modules/pam_opie/Makefile.depend19
-rw-r--r--lib/libpam/modules/pam_opie/pam_opie.8123
-rw-r--r--lib/libpam/modules/pam_opie/pam_opie.c157
-rw-r--r--lib/libpam/modules/pam_opieaccess/Makefile9
-rw-r--r--lib/libpam/modules/pam_opieaccess/Makefile.depend18
-rw-r--r--lib/libpam/modules/pam_opieaccess/pam_opieaccess.8142
-rw-r--r--lib/libpam/modules/pam_opieaccess/pam_opieaccess.c97
-rw-r--r--lib/libpam/modules/pam_passwdqc/Makefile1
-rw-r--r--lib/libpam/modules/pam_passwdqc/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_passwdqc/pam_passwdqc.84
-rw-r--r--lib/libpam/modules/pam_permit/Makefile1
-rw-r--r--lib/libpam/modules/pam_permit/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_permit/pam_permit.84
-rw-r--r--lib/libpam/modules/pam_permit/pam_permit.c4
-rw-r--r--lib/libpam/modules/pam_radius/Makefile1
-rw-r--r--lib/libpam/modules/pam_radius/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_radius/pam_radius.84
-rw-r--r--lib/libpam/modules/pam_radius/pam_radius.c3
-rw-r--r--lib/libpam/modules/pam_rhosts/Makefile1
-rw-r--r--lib/libpam/modules/pam_rhosts/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_rhosts/pam_rhosts.84
-rw-r--r--lib/libpam/modules/pam_rhosts/pam_rhosts.c2
-rw-r--r--lib/libpam/modules/pam_rootok/Makefile1
-rw-r--r--lib/libpam/modules/pam_rootok/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_rootok/pam_rootok.84
-rw-r--r--lib/libpam/modules/pam_rootok/pam_rootok.c2
-rw-r--r--lib/libpam/modules/pam_securetty/Makefile3
-rw-r--r--lib/libpam/modules/pam_securetty/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_securetty/pam_securetty.84
-rw-r--r--lib/libpam/modules/pam_securetty/pam_securetty.c3
-rw-r--r--lib/libpam/modules/pam_self/Makefile3
-rw-r--r--lib/libpam/modules/pam_self/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_self/pam_self.84
-rw-r--r--lib/libpam/modules/pam_self/pam_self.c2
-rw-r--r--lib/libpam/modules/pam_ssh/Makefile1
-rw-r--r--lib/libpam/modules/pam_ssh/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_ssh/pam_ssh.84
-rw-r--r--lib/libpam/modules/pam_ssh/pam_ssh.c5
-rw-r--r--lib/libpam/modules/pam_tacplus/Makefile1
-rw-r--r--lib/libpam/modules/pam_tacplus/Makefile.depend2
-rw-r--r--lib/libpam/modules/pam_tacplus/pam_tacplus.87
-rw-r--r--lib/libpam/modules/pam_tacplus/pam_tacplus.c3
-rw-r--r--lib/libpam/modules/pam_unix/Makefile3
-rw-r--r--lib/libpam/modules/pam_unix/Makefile.depend1
-rw-r--r--lib/libpam/modules/pam_unix/Makefile.depend.options1
-rw-r--r--lib/libpam/modules/pam_unix/pam_unix.84
-rw-r--r--lib/libpam/modules/pam_unix/pam_unix.c7
-rw-r--r--lib/libpam/modules/pam_xdg/Makefile6
-rw-r--r--lib/libpam/modules/pam_xdg/pam_xdg.856
-rw-r--r--lib/libpam/modules/pam_xdg/pam_xdg.c328
105 files changed, 640 insertions, 925 deletions
diff --git a/lib/libpam/modules/Makefile b/lib/libpam/modules/Makefile
index ee1359bd3acc..0fd25117025c 100644
--- a/lib/libpam/modules/Makefile
+++ b/lib/libpam/modules/Makefile
@@ -22,7 +22,6 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
.include "modules.inc"
diff --git a/lib/libpam/modules/Makefile.inc b/lib/libpam/modules/Makefile.inc
index 87885c36b350..955ee5224198 100644
--- a/lib/libpam/modules/Makefile.inc
+++ b/lib/libpam/modules/Makefile.inc
@@ -1,4 +1,3 @@
-# $FreeBSD$
PAMDIR= ${SRCTOP}/contrib/openpam
diff --git a/lib/libpam/modules/modules.inc b/lib/libpam/modules/modules.inc
index 02debf7a4330..f3ab65333f4f 100644
--- a/lib/libpam/modules/modules.inc
+++ b/lib/libpam/modules/modules.inc
@@ -1,4 +1,3 @@
-# $FreeBSD$
.include <src.opts.mk>
@@ -17,8 +16,6 @@ MODULES += pam_ksu
MODULES += pam_lastlog
MODULES += pam_login_access
MODULES += pam_nologin
-MODULES += pam_opie
-MODULES += pam_opieaccess
MODULES += pam_passwdqc
MODULES += pam_permit
.if ${MK_RADIUS_SUPPORT} != "no"
@@ -33,3 +30,4 @@ MODULES += pam_ssh
.endif
MODULES += pam_tacplus
MODULES += pam_unix
+MODULES += pam_xdg \ No newline at end of file
diff --git a/lib/libpam/modules/pam_chroot/Makefile b/lib/libpam/modules/pam_chroot/Makefile
index 6d0fc0ef7a56..ca4f3cc17443 100644
--- a/lib/libpam/modules/pam_chroot/Makefile
+++ b/lib/libpam/modules/pam_chroot/Makefile
@@ -1,4 +1,3 @@
-# $FreeBSD$
LIB= pam_chroot
SRCS= pam_chroot.c
diff --git a/lib/libpam/modules/pam_chroot/Makefile.depend b/lib/libpam/modules/pam_chroot/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_chroot/Makefile.depend
+++ b/lib/libpam/modules/pam_chroot/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_chroot/pam_chroot.8 b/lib/libpam/modules/pam_chroot/pam_chroot.8
index 1bb48008d781..e65c513b7b77 100644
--- a/lib/libpam/modules/pam_chroot/pam_chroot.8
+++ b/lib/libpam/modules/pam_chroot/pam_chroot.8
@@ -30,8 +30,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd February 10, 2003
.Dt PAM_CHROOT 8
.Os
@@ -81,7 +79,7 @@ the user's home directory.
.El
.Sh SEE ALSO
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_chroot/pam_chroot.c b/lib/libpam/modules/pam_chroot/pam_chroot.c
index d468c3390819..346be34683c1 100644
--- a/lib/libpam/modules/pam_chroot/pam_chroot.c
+++ b/lib/libpam/modules/pam_chroot/pam_chroot.c
@@ -34,9 +34,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/param.h>
#include <pwd.h>
diff --git a/lib/libpam/modules/pam_deny/Makefile b/lib/libpam/modules/pam_deny/Makefile
index 3bf819692747..862d1859d0d6 100644
--- a/lib/libpam/modules/pam_deny/Makefile
+++ b/lib/libpam/modules/pam_deny/Makefile
@@ -22,7 +22,6 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
LIB= pam_deny
SRCS= pam_deny.c
diff --git a/lib/libpam/modules/pam_deny/Makefile.depend b/lib/libpam/modules/pam_deny/Makefile.depend
index 5fb710255efc..a8b8ddf9d074 100644
--- a/lib/libpam/modules/pam_deny/Makefile.depend
+++ b/lib/libpam/modules/pam_deny/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
lib/${CSU_DIR} \
lib/libc \
diff --git a/lib/libpam/modules/pam_deny/pam_deny.8 b/lib/libpam/modules/pam_deny/pam_deny.8
index d9544be9b09f..530bae05c1f3 100644
--- a/lib/libpam/modules/pam_deny/pam_deny.8
+++ b/lib/libpam/modules/pam_deny/pam_deny.8
@@ -22,8 +22,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd July 7, 2001
.Dt PAM_DENY 8
.Os
@@ -77,4 +75,4 @@ authentication attempt was declined.
.Sh SEE ALSO
.Xr syslog 3 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
diff --git a/lib/libpam/modules/pam_deny/pam_deny.c b/lib/libpam/modules/pam_deny/pam_deny.c
index 372e7e364c08..a3edb213141a 100644
--- a/lib/libpam/modules/pam_deny/pam_deny.c
+++ b/lib/libpam/modules/pam_deny/pam_deny.c
@@ -27,8 +27,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <stddef.h>
#define PAM_SM_AUTH
diff --git a/lib/libpam/modules/pam_echo/Makefile b/lib/libpam/modules/pam_echo/Makefile
index 6f239460e9b0..58aae0053be9 100644
--- a/lib/libpam/modules/pam_echo/Makefile
+++ b/lib/libpam/modules/pam_echo/Makefile
@@ -1,4 +1,3 @@
-# $FreeBSD$
LIB= pam_echo
SRCS= pam_echo.c
diff --git a/lib/libpam/modules/pam_echo/Makefile.depend b/lib/libpam/modules/pam_echo/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_echo/Makefile.depend
+++ b/lib/libpam/modules/pam_echo/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_echo/pam_echo.8 b/lib/libpam/modules/pam_echo/pam_echo.8
index 3066007dca74..c38d4d8cee55 100644
--- a/lib/libpam/modules/pam_echo/pam_echo.8
+++ b/lib/libpam/modules/pam_echo/pam_echo.8
@@ -30,8 +30,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd February 6, 2003
.Dt PAM_ECHO 8
.Os
@@ -80,7 +78,7 @@ expands to the character following the
character.
.Sh SEE ALSO
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_echo/pam_echo.c b/lib/libpam/modules/pam_echo/pam_echo.c
index 4217118f3011..73f1c11eca61 100644
--- a/lib/libpam/modules/pam_echo/pam_echo.c
+++ b/lib/libpam/modules/pam_echo/pam_echo.c
@@ -35,8 +35,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/lib/libpam/modules/pam_exec/Makefile b/lib/libpam/modules/pam_exec/Makefile
index 143f1a6cd6d2..1902d10789b5 100644
--- a/lib/libpam/modules/pam_exec/Makefile
+++ b/lib/libpam/modules/pam_exec/Makefile
@@ -1,4 +1,3 @@
-# $FreeBSD$
LIB= pam_exec
SRCS= pam_exec.c
diff --git a/lib/libpam/modules/pam_exec/Makefile.depend b/lib/libpam/modules/pam_exec/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_exec/Makefile.depend
+++ b/lib/libpam/modules/pam_exec/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_exec/pam_exec.8 b/lib/libpam/modules/pam_exec/pam_exec.8
index dbd7c1e17007..c77162955730 100644
--- a/lib/libpam/modules/pam_exec/pam_exec.8
+++ b/lib/libpam/modules/pam_exec/pam_exec.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd May 24, 2019
.Dt PAM_EXEC 8
.Os
@@ -152,13 +150,13 @@ This is useful in shell scripts for instance.
.Sh SEE ALSO
.Xr pam_get_item 3 ,
.Xr pam.conf 5 ,
-.Xr pam 8 ,
-.Xr pam_sm_acct_mgmt 8 ,
-.Xr pam_sm_authenticate 8 ,
-.Xr pam_sm_chauthtok 8 ,
-.Xr pam_sm_close_session 8 ,
-.Xr pam_sm_open_session 8 ,
-.Xr pam_sm_setcred 8
+.Xr pam 3 ,
+.Xr pam_sm_acct_mgmt 3 ,
+.Xr pam_sm_authenticate 3 ,
+.Xr pam_sm_chauthtok 3 ,
+.Xr pam_sm_close_session 3 ,
+.Xr pam_sm_open_session 3 ,
+.Xr pam_sm_setcred 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c
index b8f2e1d8fdfc..800a791f04a1 100644
--- a/lib/libpam/modules/pam_exec/pam_exec.c
+++ b/lib/libpam/modules/pam_exec/pam_exec.c
@@ -36,9 +36,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/types.h>
#include <sys/poll.h>
#include <sys/procdesc.h>
@@ -261,6 +258,13 @@ _pam_exec(pam_handle_t *pamh,
/* don't prompt, only expose existing token */
rc = pam_get_item(pamh, PAM_AUTHTOK, &item);
authtok = item;
+ if (authtok == NULL && rc == PAM_SUCCESS) {
+ openpam_log(PAM_LOG_ERROR,
+ "%s: pam_get_authtok(): %s",
+ func, "authentication token not available");
+ OUT(PAM_SYSTEM_ERR);
+ }
+
} else {
rc = pam_get_authtok(pamh, PAM_AUTHTOK, &authtok, NULL);
}
diff --git a/lib/libpam/modules/pam_ftpusers/Makefile b/lib/libpam/modules/pam_ftpusers/Makefile
index 8bca1aab86dd..e92b752309b5 100644
--- a/lib/libpam/modules/pam_ftpusers/Makefile
+++ b/lib/libpam/modules/pam_ftpusers/Makefile
@@ -1,4 +1,3 @@
-# $FreeBSD$
LIB= pam_ftpusers
SRCS= pam_ftpusers.c
diff --git a/lib/libpam/modules/pam_ftpusers/Makefile.depend b/lib/libpam/modules/pam_ftpusers/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_ftpusers/Makefile.depend
+++ b/lib/libpam/modules/pam_ftpusers/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8 b/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8
index 380e3b026c70..a5c810fd2de5 100644
--- a/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8
+++ b/lib/libpam/modules/pam_ftpusers/pam_ftpusers.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd April 17, 2002
.Dt PAM_FTPUSERS 8
.Os
@@ -86,7 +84,7 @@ will succeed if and only if the user is not listed in
.Sh SEE ALSO
.Xr ftpusers 5 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c b/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c
index ea800cbb17dd..d33c0e85e0cb 100644
--- a/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c
+++ b/lib/libpam/modules/pam_ftpusers/pam_ftpusers.c
@@ -35,8 +35,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <ctype.h>
#include <grp.h>
#include <paths.h>
diff --git a/lib/libpam/modules/pam_group/Makefile b/lib/libpam/modules/pam_group/Makefile
index 73b072a47795..dca723748174 100644
--- a/lib/libpam/modules/pam_group/Makefile
+++ b/lib/libpam/modules/pam_group/Makefile
@@ -1,4 +1,3 @@
-# $FreeBSD$
LIB= pam_group
SRCS= pam_group.c
diff --git a/lib/libpam/modules/pam_group/Makefile.depend b/lib/libpam/modules/pam_group/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_group/Makefile.depend
+++ b/lib/libpam/modules/pam_group/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_group/pam_group.8 b/lib/libpam/modules/pam_group/pam_group.8
index 4f368e577c22..ed96d45db503 100644
--- a/lib/libpam/modules/pam_group/pam_group.8
+++ b/lib/libpam/modules/pam_group/pam_group.8
@@ -31,8 +31,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd July 19, 2014
.Dt PAM_GROUP 8
.Os
@@ -89,7 +87,7 @@ options are mutually exclusive, and that
will fail if both are specified.
.Sh SEE ALSO
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_group/pam_group.c b/lib/libpam/modules/pam_group/pam_group.c
index bd6912a02d1a..9707a9cd278c 100644
--- a/lib/libpam/modules/pam_group/pam_group.c
+++ b/lib/libpam/modules/pam_group/pam_group.c
@@ -35,9 +35,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/types.h>
#include <grp.h>
diff --git a/lib/libpam/modules/pam_guest/Makefile b/lib/libpam/modules/pam_guest/Makefile
index ccc192e5378a..c168513b98ee 100644
--- a/lib/libpam/modules/pam_guest/Makefile
+++ b/lib/libpam/modules/pam_guest/Makefile
@@ -1,4 +1,3 @@
-# $FreeBSD$
LIB= pam_guest
SRCS= pam_guest.c
diff --git a/lib/libpam/modules/pam_guest/Makefile.depend b/lib/libpam/modules/pam_guest/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_guest/Makefile.depend
+++ b/lib/libpam/modules/pam_guest/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_guest/pam_guest.8 b/lib/libpam/modules/pam_guest/pam_guest.8
index 0b858d673d56..541fd299ba8b 100644
--- a/lib/libpam/modules/pam_guest/pam_guest.8
+++ b/lib/libpam/modules/pam_guest/pam_guest.8
@@ -30,8 +30,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd May 26, 2003
.Dt PAM_GUEST 8
.Os
@@ -85,7 +83,7 @@ Requires the guest user to type in the guest account name as password.
.Xr pam_get_item 3 ,
.Xr pam_getenv 3 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_guest/pam_guest.c b/lib/libpam/modules/pam_guest/pam_guest.c
index 51e9181679c7..c3ef07fc189a 100644
--- a/lib/libpam/modules/pam_guest/pam_guest.c
+++ b/lib/libpam/modules/pam_guest/pam_guest.c
@@ -35,8 +35,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <string.h>
#define PAM_SM_AUTH
diff --git a/lib/libpam/modules/pam_krb5/Makefile b/lib/libpam/modules/pam_krb5/Makefile
index 97fd49092298..1c2831facd50 100644
--- a/lib/libpam/modules/pam_krb5/Makefile
+++ b/lib/libpam/modules/pam_krb5/Makefile
@@ -22,7 +22,8 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
+
+PACKAGE= kerberos
LIB= pam_krb5
SRCS= pam_krb5.c
diff --git a/lib/libpam/modules/pam_krb5/Makefile.depend b/lib/libpam/modules/pam_krb5/Makefile.depend
index f4ad591d36ba..05183339e3a9 100644
--- a/lib/libpam/modules/pam_krb5/Makefile.depend
+++ b/lib/libpam/modules/pam_krb5/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
kerberos5/lib/libasn1 \
diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.8 b/lib/libpam/modules/pam_krb5/pam_krb5.8
index bd7ac5b9ca0c..b59fdbdee9c4 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.8
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.8
@@ -1,6 +1,5 @@
.\"
.\" $Id: pam_krb5.5,v 1.5 2000/01/05 00:59:56 fcusack Exp $
-.\" $FreeBSD$
.Dd May 3, 2010
.Dt PAM_KRB5 8
.Os
@@ -108,6 +107,21 @@ and
.Ql %p ,
to designate the current process ID; can be used in
.Ar name .
+.It Cm allow_kdc_spoof
+Allow
+.Nm
+to succeed even if there is no host or service key available in a
+keytab to authenticate the Kerberos KDC's ticket.
+If there is no such key, for example on a host with no keytabs,
+.Nm
+will fail immediately without prompting the user.
+.Pp
+.Sy Warning :
+If the host has not been configured with a keytab from the KDC, setting
+this option makes it vulnerable to malicious KDCs, e.g. via DNS
+flooding, because
+.Nm
+has no way to distinguish the legitimate KDC from a spoofed KDC.
.It Cm no_user_check
Do not verify if a user exists on the local system. This option implies the
.Cm no_ccache
@@ -210,7 +224,7 @@ file containing Kerberos principals that are allowed access.
.Xr passwd 1 ,
.Xr syslog 3 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh NOTES
Applications should not call
.Fn pam_authenticate
diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c
index 810573bed47e..5f448165b20a 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.c
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.c
@@ -47,9 +47,6 @@
*
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>
@@ -76,7 +73,12 @@ __FBSDID("$FreeBSD$");
#define COMPAT_HEIMDAL
/* #define COMPAT_MIT */
-static int verify_krb_v5_tgt(krb5_context, krb5_ccache, char *, int);
+static int verify_krb_v5_tgt_begin(krb5_context, char *, int,
+ const char **, krb5_principal *, char[static BUFSIZ]);
+static int verify_krb_v5_tgt(krb5_context, krb5_ccache, char *, int,
+ const char *, krb5_principal, char[static BUFSIZ]);
+static void verify_krb_v5_tgt_cleanup(krb5_context, int,
+ const char *, krb5_principal, char[static BUFSIZ]);
static void cleanup_cache(pam_handle_t *, void *, int);
static const char *compat_princ_component(krb5_context, krb5_principal, int);
static void compat_free_data_contents(krb5_context, krb5_data *);
@@ -92,6 +94,7 @@ static void compat_free_data_contents(krb5_context, krb5_data *);
#define PAM_OPT_NO_USER_CHECK "no_user_check"
#define PAM_OPT_REUSE_CCACHE "reuse_ccache"
#define PAM_OPT_NO_USER_CHECK "no_user_check"
+#define PAM_OPT_ALLOW_KDC_SPOOF "allow_kdc_spoof"
#define PAM_LOG_KRB5_ERR(ctx, rv, fmt, ...) \
do { \
@@ -108,7 +111,11 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
krb5_error_code krbret;
- krb5_context pam_context;
+ krb5_context krbctx;
+ int debug;
+ const char *auth_service;
+ krb5_principal auth_princ;
+ char auth_phost[BUFSIZ];
krb5_creds creds;
krb5_principal princ;
krb5_ccache ccache;
@@ -139,15 +146,38 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Got service: %s", (const char *)service);
- krbret = krb5_init_context(&pam_context);
+ if ((srvdup = strdup(service)) == NULL) {
+ retval = PAM_BUF_ERR;
+ goto cleanup6;
+ }
+
+ krbret = krb5_init_context(&krbctx);
if (krbret != 0) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
- return (PAM_SERVICE_ERR);
+ retval = PAM_SERVICE_ERR;
+ goto cleanup5;
}
PAM_LOG("Context initialised");
- krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE);
+ debug = openpam_get_option(pamh, PAM_OPT_DEBUG) ? 1 : 0;
+ krbret = verify_krb_v5_tgt_begin(krbctx, srvdup, debug,
+ &auth_service, &auth_princ, auth_phost);
+ if (krbret != 0) { /* failed to find key */
+ /* Keytab or service key does not exist */
+ /*
+ * Give up now because we can't authenticate the KDC
+ * with a keytab, unless the administrator asked to
+ * have the traditional behaviour of being vulnerable
+ * to spoofed KDCs.
+ */
+ if (!openpam_get_option(pamh, PAM_OPT_ALLOW_KDC_SPOOF)) {
+ retval = PAM_SERVICE_ERR;
+ goto cleanup4;
+ }
+ }
+
+ krbret = krb5_cc_register(krbctx, &krb5_mcc_ops, FALSE);
if (krbret != 0 && krbret != KRB5_CC_TYPE_EXISTS) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
retval = PAM_SERVICE_ERR;
@@ -164,10 +194,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Created principal: %s", principal);
- krbret = krb5_parse_name(pam_context, principal, &princ);
+ krbret = krb5_parse_name(krbctx, principal, &princ);
free(principal);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret, "Error krb5_parse_name()");
+ PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_parse_name()");
PAM_VERBOSE_ERROR("Kerberos 5 error");
retval = PAM_SERVICE_ERR;
goto cleanup3;
@@ -177,9 +207,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
/* Now convert the principal name into something human readable */
princ_name = NULL;
- krbret = krb5_unparse_name(pam_context, princ, &princ_name);
+ krbret = krb5_unparse_name(krbctx, princ, &princ_name);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_unparse_name()");
PAM_VERBOSE_ERROR("Kerberos 5 error");
retval = PAM_SERVICE_ERR;
@@ -202,11 +232,11 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
/* Verify the local user exists (AFTER getting the password) */
if (strchr(user, '@')) {
/* get a local account name for this principal */
- krbret = krb5_aname_to_localname(pam_context, princ,
+ krbret = krb5_aname_to_localname(krbctx, princ,
sizeof(luser), luser);
if (krbret != 0) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_aname_to_localname()");
retval = PAM_USER_UNKNOWN;
goto cleanup2;
@@ -231,15 +261,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
}
/* Initialize credentials request options. */
- krbret = krb5_get_init_creds_opt_alloc(pam_context, &opts);
+ krbret = krb5_get_init_creds_opt_alloc(krbctx, &opts);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_get_init_creds_opt_alloc()");
PAM_VERBOSE_ERROR("Kerberos 5 error");
retval = PAM_SERVICE_ERR;
goto cleanup2;
}
- krb5_get_init_creds_opt_set_default_flags(pam_context,
+ krb5_get_init_creds_opt_set_default_flags(krbctx,
service, NULL, opts);
if (openpam_get_option(pamh, PAM_OPT_FORWARDABLE))
@@ -249,12 +279,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
/* Get a TGT */
memset(&creds, 0, sizeof(krb5_creds));
- krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
+ krbret = krb5_get_init_creds_password(krbctx, &creds, princ,
pass, NULL, pamh, 0, NULL, opts);
- krb5_get_init_creds_opt_free(pam_context, opts);
+ krb5_get_init_creds_opt_free(krbctx, opts);
if (krbret != 0) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_get_init_creds_password()");
retval = PAM_AUTH_ERR;
goto cleanup2;
@@ -263,28 +293,28 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Got TGT");
/* Generate a temporary cache */
- krbret = krb5_cc_new_unique(pam_context, krb5_cc_type_memory, NULL, &ccache);
+ krbret = krb5_cc_new_unique(krbctx, krb5_cc_type_memory, NULL, &ccache);
if (krbret != 0) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_new_unique()");
retval = PAM_SERVICE_ERR;
goto cleanup;
}
- krbret = krb5_cc_initialize(pam_context, ccache, princ);
+ krbret = krb5_cc_initialize(krbctx, ccache, princ);
if (krbret != 0) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_initialize()");
retval = PAM_SERVICE_ERR;
goto cleanup;
}
- krbret = krb5_cc_store_cred(pam_context, ccache, &creds);
+ krbret = krb5_cc_store_cred(krbctx, ccache, &creds);
if (krbret != 0) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_store_cred()");
- krb5_cc_destroy(pam_context, ccache);
+ krb5_cc_destroy(krbctx, ccache);
retval = PAM_SERVICE_ERR;
goto cleanup;
}
@@ -292,16 +322,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Credentials stashed");
/* Verify them */
- if ((srvdup = strdup(service)) == NULL) {
- retval = PAM_BUF_ERR;
- goto cleanup;
- }
- krbret = verify_krb_v5_tgt(pam_context, ccache, srvdup,
- openpam_get_option(pamh, PAM_OPT_DEBUG) ? 1 : 0);
+ krbret = verify_krb_v5_tgt(krbctx, ccache, srvdup,
+ debug,
+ auth_service, auth_princ, auth_phost);
free(srvdup);
+ srvdup = NULL;
if (krbret == -1) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
- krb5_cc_destroy(pam_context, ccache);
+ krb5_cc_destroy(krbctx, ccache);
retval = PAM_AUTH_ERR;
goto cleanup;
}
@@ -310,7 +338,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
retval = pam_get_data(pamh, "ccache", &ccache_data);
if (retval == PAM_SUCCESS) {
- krb5_cc_destroy(pam_context, ccache);
+ krb5_cc_destroy(krbctx, ccache);
PAM_VERBOSE_ERROR("Kerberos 5 error");
retval = PAM_AUTH_ERR;
goto cleanup;
@@ -318,8 +346,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Credentials stash not pre-existing");
- asprintf(&ccache_name, "%s:%s", krb5_cc_get_type(pam_context,
- ccache), krb5_cc_get_name(pam_context, ccache));
+ asprintf(&ccache_name, "%s:%s", krb5_cc_get_type(krbctx,
+ ccache), krb5_cc_get_name(krbctx, ccache));
if (ccache_name == NULL) {
PAM_VERBOSE_ERROR("Kerberos 5 error");
retval = PAM_BUF_ERR;
@@ -327,7 +355,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
}
retval = pam_set_data(pamh, "ccache", ccache_name, cleanup_cache);
if (retval != 0) {
- krb5_cc_destroy(pam_context, ccache);
+ krb5_cc_destroy(krbctx, ccache);
PAM_VERBOSE_ERROR("Kerberos 5 error");
retval = PAM_SERVICE_ERR;
goto cleanup;
@@ -336,21 +364,33 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Credentials stash saved");
cleanup:
- krb5_free_cred_contents(pam_context, &creds);
+ krb5_free_cred_contents(krbctx, &creds);
PAM_LOG("Done cleanup");
cleanup2:
- krb5_free_principal(pam_context, princ);
+ krb5_free_principal(krbctx, princ);
if (princ_name)
free(princ_name);
PAM_LOG("Done cleanup2");
cleanup3:
- krb5_free_context(pam_context);
+ krb5_free_context(krbctx);
PAM_LOG("Done cleanup3");
+cleanup4:
+ verify_krb_v5_tgt_cleanup(krbctx, debug,
+ auth_service, auth_princ, auth_phost);
+ PAM_LOG("Done cleanup4");
+
+cleanup5:
+ if (srvdup != NULL)
+ free(srvdup);
+ PAM_LOG("Done cleanup5");
+
+cleanup6:
if (retval != PAM_SUCCESS)
PAM_VERBOSE_ERROR("Kerberos 5 refuses you");
+ PAM_LOG("Done cleanup6");
return (retval);
}
@@ -364,7 +404,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
#else
krb5_error_code krbret;
- krb5_context pam_context;
+ krb5_context krbctx;
krb5_principal princ;
krb5_creds creds;
krb5_ccache ccache_temp, ccache_perm;
@@ -405,7 +445,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
PAM_LOG("Got user: %s", (const char *)user);
- krbret = krb5_init_context(&pam_context);
+ krbret = krb5_init_context(&krbctx);
if (krbret != 0) {
PAM_LOG("Error krb5_init_context() failed");
return (PAM_SERVICE_ERR);
@@ -424,9 +464,9 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
retval = PAM_CRED_UNAVAIL;
goto cleanup3;
}
- krbret = krb5_cc_resolve(pam_context, cache_data, &ccache_temp);
+ krbret = krb5_cc_resolve(krbctx, cache_data, &ccache_temp);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_resolve(\"%s\")", (const char *)cache_data);
retval = PAM_SERVICE_ERR;
goto cleanup3;
@@ -497,22 +537,22 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
PAM_LOG("Got cache_name: %s", cache_name);
/* Initialize the new ccache */
- krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ);
+ krbret = krb5_cc_get_principal(krbctx, ccache_temp, &princ);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_get_principal()");
retval = PAM_SERVICE_ERR;
goto cleanup3;
}
- krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm);
+ krbret = krb5_cc_resolve(krbctx, cache_name, &ccache_perm);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret, "Error krb5_cc_resolve()");
+ PAM_LOG_KRB5_ERR(krbctx, krbret, "Error krb5_cc_resolve()");
retval = PAM_SERVICE_ERR;
goto cleanup2;
}
- krbret = krb5_cc_initialize(pam_context, ccache_perm, princ);
+ krbret = krb5_cc_initialize(krbctx, ccache_perm, princ);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_initialize()");
retval = PAM_SERVICE_ERR;
goto cleanup2;
@@ -521,11 +561,11 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
PAM_LOG("Cache initialised");
/* Prepare for iteration over creds */
- krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor);
+ krbret = krb5_cc_start_seq_get(krbctx, ccache_temp, &cursor);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_start_seq_get()");
- krb5_cc_destroy(pam_context, ccache_perm);
+ krb5_cc_destroy(krbctx, ccache_perm);
retval = PAM_SERVICE_ERR;
goto cleanup2;
}
@@ -533,28 +573,27 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
PAM_LOG("Prepared for iteration");
/* Copy the creds (should be two of them) */
- while ((krbret = krb5_cc_next_cred(pam_context, ccache_temp,
- &cursor, &creds) == 0)) {
- krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds);
+ while (krb5_cc_next_cred(krbctx, ccache_temp, &cursor, &creds) == 0) {
+ krbret = krb5_cc_store_cred(krbctx, ccache_perm, &creds);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_store_cred()");
- krb5_cc_destroy(pam_context, ccache_perm);
- krb5_free_cred_contents(pam_context, &creds);
+ krb5_cc_destroy(krbctx, ccache_perm);
+ krb5_free_cred_contents(krbctx, &creds);
retval = PAM_SERVICE_ERR;
goto cleanup2;
}
- krb5_free_cred_contents(pam_context, &creds);
+ krb5_free_cred_contents(krbctx, &creds);
PAM_LOG("Iteration");
}
- krb5_cc_end_seq_get(pam_context, ccache_temp, &cursor);
+ krb5_cc_end_seq_get(krbctx, ccache_temp, &cursor);
PAM_LOG("Done iterating");
if (strstr(cache_name, "FILE:") == cache_name) {
if (chown(&cache_name[5], pwd->pw_uid, pwd->pw_gid) == -1) {
PAM_LOG("Error chown(): %s", strerror(errno));
- krb5_cc_destroy(pam_context, ccache_perm);
+ krb5_cc_destroy(krbctx, ccache_perm);
retval = PAM_SERVICE_ERR;
goto cleanup2;
}
@@ -562,21 +601,21 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
if (chmod(&cache_name[5], (S_IRUSR | S_IWUSR)) == -1) {
PAM_LOG("Error chmod(): %s", strerror(errno));
- krb5_cc_destroy(pam_context, ccache_perm);
+ krb5_cc_destroy(krbctx, ccache_perm);
retval = PAM_SERVICE_ERR;
goto cleanup2;
}
PAM_LOG("Done chmod()");
}
- krb5_cc_close(pam_context, ccache_perm);
+ krb5_cc_close(krbctx, ccache_perm);
PAM_LOG("Cache closed");
retval = pam_setenv(pamh, "KRB5CCNAME", cache_name, 1);
if (retval != PAM_SUCCESS) {
PAM_LOG("Error pam_setenv(): %s", pam_strerror(pamh, retval));
- krb5_cc_destroy(pam_context, ccache_perm);
+ krb5_cc_destroy(krbctx, ccache_perm);
retval = PAM_SERVICE_ERR;
goto cleanup2;
}
@@ -584,10 +623,10 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
PAM_LOG("Environment done: KRB5CCNAME=%s", cache_name);
cleanup2:
- krb5_free_principal(pam_context, princ);
+ krb5_free_principal(krbctx, princ);
PAM_LOG("Done cleanup2");
cleanup3:
- krb5_free_context(pam_context);
+ krb5_free_context(krbctx);
PAM_LOG("Done cleanup3");
seteuid(euid);
@@ -610,7 +649,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
int argc __unused, const char *argv[] __unused)
{
krb5_error_code krbret;
- krb5_context pam_context;
+ krb5_context krbctx;
krb5_ccache ccache;
krb5_principal princ;
int retval;
@@ -629,7 +668,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Got credentials");
- krbret = krb5_init_context(&pam_context);
+ krbret = krb5_init_context(&krbctx);
if (krbret != 0) {
PAM_LOG("Error krb5_init_context() failed");
return (PAM_PERM_DENIED);
@@ -637,20 +676,20 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Context initialised");
- krbret = krb5_cc_resolve(pam_context, (const char *)ccache_name, &ccache);
+ krbret = krb5_cc_resolve(krbctx, (const char *)ccache_name, &ccache);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_resolve(\"%s\")", (const char *)ccache_name);
- krb5_free_context(pam_context);
+ krb5_free_context(krbctx);
return (PAM_PERM_DENIED);
}
PAM_LOG("Got ccache %s", (const char *)ccache_name);
- krbret = krb5_cc_get_principal(pam_context, ccache, &princ);
+ krbret = krb5_cc_get_principal(krbctx, ccache, &princ);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_cc_get_principal()");
retval = PAM_PERM_DENIED;
goto cleanup;
@@ -658,16 +697,16 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused,
PAM_LOG("Got principal");
- if (krb5_kuserok(pam_context, princ, (const char *)user))
+ if (krb5_kuserok(krbctx, princ, (const char *)user))
retval = PAM_SUCCESS;
else
retval = PAM_PERM_DENIED;
- krb5_free_principal(pam_context, princ);
+ krb5_free_principal(krbctx, princ);
PAM_LOG("Done kuserok()");
cleanup:
- krb5_free_context(pam_context);
+ krb5_free_context(krbctx);
PAM_LOG("Done cleanup");
return (retval);
@@ -682,7 +721,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
int argc __unused, const char *argv[] __unused)
{
krb5_error_code krbret;
- krb5_context pam_context;
+ krb5_context krbctx;
krb5_creds creds;
krb5_principal princ;
krb5_get_init_creds_opt *opts;
@@ -701,7 +740,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
PAM_LOG("Got user: %s", (const char *)user);
- krbret = krb5_init_context(&pam_context);
+ krbret = krb5_init_context(&krbctx);
if (krbret != 0) {
PAM_LOG("Error krb5_init_context() failed");
return (PAM_SERVICE_ERR);
@@ -710,9 +749,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
PAM_LOG("Context initialised");
/* Get principal name */
- krbret = krb5_parse_name(pam_context, (const char *)user, &princ);
+ krbret = krb5_parse_name(krbctx, (const char *)user, &princ);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_parse_name()");
retval = PAM_USER_UNKNOWN;
goto cleanup3;
@@ -720,9 +759,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
/* Now convert the principal name into something human readable */
princ_name = NULL;
- krbret = krb5_unparse_name(pam_context, princ, &princ_name);
+ krbret = krb5_unparse_name(krbctx, princ, &princ_name);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_unparse_name()");
retval = PAM_SERVICE_ERR;
goto cleanup2;
@@ -738,9 +777,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
PAM_LOG("Got password");
/* Initialize credentials request options. */
- krbret = krb5_get_init_creds_opt_alloc(pam_context, &opts);
+ krbret = krb5_get_init_creds_opt_alloc(krbctx, &opts);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_get_init_creds_opt_alloc()");
PAM_VERBOSE_ERROR("Kerberos 5 error");
retval = PAM_SERVICE_ERR;
@@ -750,11 +789,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
PAM_LOG("Credentials options initialised");
memset(&creds, 0, sizeof(krb5_creds));
- krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
+ krbret = krb5_get_init_creds_password(krbctx, &creds, princ,
pass, NULL, pamh, 0, "kadmin/changepw", opts);
- krb5_get_init_creds_opt_free(pam_context, opts);
+ krb5_get_init_creds_opt_free(krbctx, opts);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_get_init_creds_password()");
retval = PAM_AUTH_ERR;
goto cleanup2;
@@ -780,11 +819,11 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
retval = PAM_BUF_ERR;
goto cleanup;
}
- krbret = krb5_set_password(pam_context, &creds, passdup, NULL,
+ krbret = krb5_set_password(krbctx, &creds, passdup, NULL,
&result_code, &result_code_string, &result_string);
free(passdup);
if (krbret != 0) {
- PAM_LOG_KRB5_ERR(pam_context, krbret,
+ PAM_LOG_KRB5_ERR(krbctx, krbret,
"Error krb5_change_password()");
retval = PAM_AUTHTOK_ERR;
goto cleanup;
@@ -803,16 +842,16 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
free(result_code_string.data);
cleanup:
- krb5_free_cred_contents(pam_context, &creds);
+ krb5_free_cred_contents(krbctx, &creds);
PAM_LOG("Done cleanup");
cleanup2:
- krb5_free_principal(pam_context, princ);
+ krb5_free_principal(krbctx, princ);
if (princ_name)
free(princ_name);
PAM_LOG("Done cleanup2");
cleanup3:
- krb5_free_context(pam_context);
+ krb5_free_context(krbctx);
PAM_LOG("Done cleanup3");
@@ -837,18 +876,18 @@ PAM_MODULE_ENTRY("pam_krb5");
*/
/* ARGSUSED */
static int
-verify_krb_v5_tgt(krb5_context context, krb5_ccache ccache,
- char *pam_service, int debug)
+verify_krb_v5_tgt_begin(krb5_context context, char *pam_service, int debug,
+ const char **servicep, krb5_principal *princp __unused, char phost[static BUFSIZ])
{
krb5_error_code retval;
krb5_principal princ;
krb5_keyblock *keyblock;
- krb5_data packet;
- krb5_auth_context auth_context;
- char phost[BUFSIZ];
const char *services[3], **service;
- packet.data = 0;
+ *servicep = NULL;
+
+ if (debug)
+ openlog("pam_krb5", LOG_PID, LOG_AUTHPRIV);
/* If possible we want to try and verify the ticket we have
* received against a keytab. We will try multiple service
@@ -895,25 +934,29 @@ verify_krb_v5_tgt(krb5_context context, krb5_ccache ccache,
continue;
break;
}
- if (retval != 0) { /* failed to find key */
- /* Keytab or service key does not exist */
- if (debug) {
- const char *msg = krb5_get_error_message(context,
- retval);
- syslog(LOG_DEBUG,
- "pam_krb5: verify_krb_v5_tgt(): %s: %s",
- "krb5_kt_read_service_key()", msg);
- krb5_free_error_message(context, msg);
- }
- retval = 0;
- goto cleanup;
- }
if (keyblock)
krb5_free_keyblock(context, keyblock);
+ return (retval);
+}
+
+static int
+verify_krb_v5_tgt(krb5_context context, krb5_ccache ccache,
+ char *pam_service __unused, int debug,
+ const char *service, krb5_principal princ, char phost[static BUFSIZ])
+{
+ krb5_error_code retval;
+ krb5_auth_context auth_context = NULL;
+ krb5_data packet;
+
+ if (service == NULL)
+ return (0); /* uncertain, can't authenticate KDC */
+
+ packet.data = 0;
+
/* Talk to the kdc and construct the ticket. */
auth_context = NULL;
- retval = krb5_mk_req(context, &auth_context, 0, *service, phost,
+ retval = krb5_mk_req(context, &auth_context, 0, service, phost,
NULL, ccache, &packet);
if (auth_context) {
krb5_auth_con_free(context, auth_context);
@@ -952,8 +995,19 @@ verify_krb_v5_tgt(krb5_context context, krb5_ccache ccache,
cleanup:
if (packet.data)
compat_free_data_contents(context, &packet);
- krb5_free_principal(context, princ);
- return retval;
+ return (retval);
+}
+
+static void
+verify_krb_v5_tgt_cleanup(krb5_context context, int debug,
+ const char *service, krb5_principal princ, char phost[static BUFSIZ] __unused)
+{
+
+ if (service)
+ krb5_free_principal(context, princ);
+ if (debug)
+ closelog();
+
}
/* Free the memory for cache_name. Called by pam_end() */
@@ -961,17 +1015,17 @@ cleanup:
static void
cleanup_cache(pam_handle_t *pamh __unused, void *data, int pam_end_status __unused)
{
- krb5_context pam_context;
+ krb5_context krbctx;
krb5_ccache ccache;
krb5_error_code krbret;
- if (krb5_init_context(&pam_context))
+ if (krb5_init_context(&krbctx))
return;
- krbret = krb5_cc_resolve(pam_context, data, &ccache);
+ krbret = krb5_cc_resolve(krbctx, data, &ccache);
if (krbret == 0)
- krb5_cc_destroy(pam_context, ccache);
- krb5_free_context(pam_context);
+ krb5_cc_destroy(krbctx, ccache);
+ krb5_free_context(krbctx);
free(data);
}
diff --git a/lib/libpam/modules/pam_ksu/Makefile b/lib/libpam/modules/pam_ksu/Makefile
index 26f3f850daaa..c5fd72d9db7d 100644
--- a/lib/libpam/modules/pam_ksu/Makefile
+++ b/lib/libpam/modules/pam_ksu/Makefile
@@ -22,7 +22,8 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
+
+PACKAGE= kerberos
LIB= pam_ksu
SRCS= pam_ksu.c
diff --git a/lib/libpam/modules/pam_ksu/Makefile.depend b/lib/libpam/modules/pam_ksu/Makefile.depend
index ad4fcd166520..37648d1e6ef7 100644
--- a/lib/libpam/modules/pam_ksu/Makefile.depend
+++ b/lib/libpam/modules/pam_ksu/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
kerberos5/lib/libasn1 \
diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.8 b/lib/libpam/modules/pam_ksu/pam_ksu.8
index 614dc9ef78f8..36d6936423b1 100644
--- a/lib/libpam/modules/pam_ksu/pam_ksu.8
+++ b/lib/libpam/modules/pam_ksu/pam_ksu.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd May 15, 2002
.Dt PAM_KSU 8
.Os
@@ -119,4 +117,4 @@ the user is prompted for another password.
.Xr su 1 ,
.Xr syslog 3 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pam_ksu/pam_ksu.c
index 1a4ebc39f65a..47362c835c12 100644
--- a/lib/libpam/modules/pam_ksu/pam_ksu.c
+++ b/lib/libpam/modules/pam_ksu/pam_ksu.c
@@ -1,5 +1,5 @@
/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ * SPDX-License-Identifier: BSD-2-Clause
*
* Copyright (c) 2002 Jacques A. Vidrine <nectar@FreeBSD.org>
* All rights reserved.
@@ -25,8 +25,6 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <errno.h>
diff --git a/lib/libpam/modules/pam_lastlog/Makefile b/lib/libpam/modules/pam_lastlog/Makefile
index 9f0e07f767ea..1abf6f2b6304 100644
--- a/lib/libpam/modules/pam_lastlog/Makefile
+++ b/lib/libpam/modules/pam_lastlog/Makefile
@@ -22,7 +22,8 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
+
+PACKAGE= runtime
LIB= pam_lastlog
SRCS= pam_lastlog.c
diff --git a/lib/libpam/modules/pam_lastlog/Makefile.depend b/lib/libpam/modules/pam_lastlog/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_lastlog/Makefile.depend
+++ b/lib/libpam/modules/pam_lastlog/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_lastlog/pam_lastlog.8 b/lib/libpam/modules/pam_lastlog/pam_lastlog.8
index cd75fff05df7..6e5ba8770ada 100644
--- a/lib/libpam/modules/pam_lastlog/pam_lastlog.8
+++ b/lib/libpam/modules/pam_lastlog/pam_lastlog.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd January 21, 2010
.Dt PAM_LASTLOG 8
.Os
@@ -86,11 +84,11 @@ Ignore I/O failures.
.Xr last 1 ,
.Xr w 1 ,
.Xr getutxent 3 ,
-.Xr login 3 ,
-.Xr logout 3 ,
+.Xr ulog_login 3 ,
+.Xr ulog_logout 3 ,
.Xr pam.conf 5 ,
.Xr lastlogin 8 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_lastlog/pam_lastlog.c b/lib/libpam/modules/pam_lastlog/pam_lastlog.c
index 00b07bc19142..e631723f6e76 100644
--- a/lib/libpam/modules/pam_lastlog/pam_lastlog.c
+++ b/lib/libpam/modules/pam_lastlog/pam_lastlog.c
@@ -44,8 +44,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#define _BSD_SOURCE
#include <sys/time.h>
diff --git a/lib/libpam/modules/pam_login_access/Makefile b/lib/libpam/modules/pam_login_access/Makefile
index 5679a62f7fba..43c025336354 100644
--- a/lib/libpam/modules/pam_login_access/Makefile
+++ b/lib/libpam/modules/pam_login_access/Makefile
@@ -22,7 +22,8 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
+
+PACKAGE= runtime
LIB= pam_login_access
SRCS= pam_login_access.c login_access.c
diff --git a/lib/libpam/modules/pam_login_access/Makefile.depend b/lib/libpam/modules/pam_login_access/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_login_access/Makefile.depend
+++ b/lib/libpam/modules/pam_login_access/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_login_access/login.access.5 b/lib/libpam/modules/pam_login_access/login.access.5
index 72d4740adbf6..c63b136fb1d8 100644
--- a/lib/libpam/modules/pam_login_access/login.access.5
+++ b/lib/libpam/modules/pam_login_access/login.access.5
@@ -1,6 +1,4 @@
.\"
-.\" $FreeBSD$
-.\"
.Dd January 30, 2020
.Dt LOGIN.ACCESS 5
.Os
diff --git a/lib/libpam/modules/pam_login_access/login_access.c b/lib/libpam/modules/pam_login_access/login_access.c
index 719808858dac..1fbb644e2055 100644
--- a/lib/libpam/modules/pam_login_access/login_access.c
+++ b/lib/libpam/modules/pam_login_access/login_access.c
@@ -13,9 +13,6 @@ static char sccsid[] = "%Z% %M% %I% %E% %U%";
#endif
#endif
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/types.h>
#include <sys/param.h>
#include <ctype.h>
diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.8 b/lib/libpam/modules/pam_login_access/pam_login_access.8
index b5406329512e..f4009de3af72 100644
--- a/lib/libpam/modules/pam_login_access/pam_login_access.8
+++ b/lib/libpam/modules/pam_login_access/pam_login_access.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd January 30, 2020
.Dt PAM_LOGIN_ACCESS 8
.Os
diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.c b/lib/libpam/modules/pam_login_access/pam_login_access.c
index e0c385a48b8d..8b4e7d8f0880 100644
--- a/lib/libpam/modules/pam_login_access/pam_login_access.c
+++ b/lib/libpam/modules/pam_login_access/pam_login_access.c
@@ -37,8 +37,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#define _BSD_SOURCE
#include <sys/param.h>
diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.h b/lib/libpam/modules/pam_login_access/pam_login_access.h
index b1fd45784d60..c482f1811695 100644
--- a/lib/libpam/modules/pam_login_access/pam_login_access.h
+++ b/lib/libpam/modules/pam_login_access/pam_login_access.h
@@ -34,8 +34,6 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
- * $FreeBSD$
*/
#include <stdbool.h>
diff --git a/lib/libpam/modules/pam_nologin/Makefile b/lib/libpam/modules/pam_nologin/Makefile
index 746e9e8882ee..e4c3c5a35c1e 100644
--- a/lib/libpam/modules/pam_nologin/Makefile
+++ b/lib/libpam/modules/pam_nologin/Makefile
@@ -22,7 +22,8 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
+
+PACKAGE= runtime
LIB= pam_nologin
SRCS= pam_nologin.c
diff --git a/lib/libpam/modules/pam_nologin/Makefile.depend b/lib/libpam/modules/pam_nologin/Makefile.depend
index 0f5cf60ca00c..dcba122adac8 100644
--- a/lib/libpam/modules/pam_nologin/Makefile.depend
+++ b/lib/libpam/modules/pam_nologin/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.8 b/lib/libpam/modules/pam_nologin/pam_nologin.8
index cc94be555d68..30f87a65b63e 100644
--- a/lib/libpam/modules/pam_nologin/pam_nologin.8
+++ b/lib/libpam/modules/pam_nologin/pam_nologin.8
@@ -22,8 +22,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd June 10, 2007
.Dt PAM_NOLOGIN 8
.Os
@@ -87,4 +85,4 @@ login attempt was declined.
.Xr login.conf 5 ,
.Xr nologin 5 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
diff --git a/lib/libpam/modules/pam_nologin/pam_nologin.c b/lib/libpam/modules/pam_nologin/pam_nologin.c
index 1ba2dcd92fad..16f7ebdc2e7c 100644
--- a/lib/libpam/modules/pam_nologin/pam_nologin.c
+++ b/lib/libpam/modules/pam_nologin/pam_nologin.c
@@ -36,9 +36,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
diff --git a/lib/libpam/modules/pam_opie/Makefile b/lib/libpam/modules/pam_opie/Makefile
deleted file mode 100644
index c2074bf3cbf3..000000000000
--- a/lib/libpam/modules/pam_opie/Makefile
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 2000 James Bloom
-# All rights reserved.
-# Based upon code Copyright 1998 Juniper Networks, Inc.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-
-LIB= pam_opie
-SRCS= pam_opie.c
-MAN= pam_opie.8
-
-LIBADD+= opie
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_opie/Makefile.depend b/lib/libpam/modules/pam_opie/Makefile.depend
deleted file mode 100644
index da2957f739ba..000000000000
--- a/lib/libpam/modules/pam_opie/Makefile.depend
+++ /dev/null
@@ -1,19 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- gnu/lib/csu \
- include \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- lib/libopie \
- lib/libpam/libpam \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/lib/libpam/modules/pam_opie/pam_opie.8 b/lib/libpam/modules/pam_opie/pam_opie.8
deleted file mode 100644
index 968985a6c9f6..000000000000
--- a/lib/libpam/modules/pam_opie/pam_opie.8
+++ /dev/null
@@ -1,123 +0,0 @@
-.\" Copyright (c) 2001 Mark R V Murray
-.\" All rights reserved.
-.\" Copyright (c) 2002 Networks Associates Technology, Inc.
-.\" All rights reserved.
-.\"
-.\" Portions of this software were developed for the FreeBSD Project by
-.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
-.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
-.\" ("CBOSS"), as part of the DARPA CHATS research program.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote
-.\" products derived from this software without specific prior written
-.\" permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd July 7, 2001
-.Dt PAM_OPIE 8
-.Os
-.Sh NAME
-.Nm pam_opie
-.Nd OPIE PAM module
-.Sh SYNOPSIS
-.Op Ar service-name
-.Ar module-type
-.Ar control-flag
-.Pa pam_opie
-.Op Ar options
-.Sh DESCRIPTION
-The OPIE authentication service module for PAM,
-.Nm
-provides functionality for only one PAM category:
-that of authentication.
-In terms of the
-.Ar module-type
-parameter, this is the
-.Dq Li auth
-feature.
-It also provides a null function for session management.
-.Pp
-Note that this module does not enforce
-.Xr opieaccess 5
-checks.
-There is a separate module,
-.Xr pam_opieaccess 8 ,
-for this purpose.
-.Ss OPIE Authentication Module
-The OPIE authentication component
-provides functions to verify the identity of a user
-.Pq Fn pam_sm_authenticate ,
-which obtains the relevant
-.Xr opie 4
-credentials.
-It provides the user with an OPIE challenge,
-and verifies that this is correct with
-.Xr opiechallenge 3 .
-.Pp
-The following options may be passed to the authentication module:
-.Bl -tag -width ".Cm auth_as_self"
-.It Cm debug
-.Xr syslog 3
-debugging information at
-.Dv LOG_DEBUG
-level.
-.It Cm auth_as_self
-This option will require the user
-to authenticate himself as the user
-given by
-.Xr getlogin 2 ,
-not as the account they are attempting to access.
-This is primarily for services like
-.Xr su 1 ,
-where the user's ability to retype
-their own password
-might be deemed sufficient.
-.It Cm no_fake_prompts
-Do not generate fake challenges for users who do not have an OPIE key.
-Note that this can leak information to a hypothetical attacker about
-who uses OPIE and who does not, but it can be useful on systems where
-some users want to use OPIE but most do not.
-.El
-.Pp
-Note that
-.Nm
-ignores the standard options
-.Cm try_first_pass
-and
-.Cm use_first_pass ,
-since a challenge must be generated before the user can submit a valid
-response.
-.Sh FILES
-.Bl -tag -width ".Pa /etc/opiekeys" -compact
-.It Pa /etc/opiekeys
-default OPIE password database.
-.El
-.Sh SEE ALSO
-.Xr passwd 1 ,
-.Xr getlogin 2 ,
-.Xr opiechallenge 3 ,
-.Xr syslog 3 ,
-.Xr opie 4 ,
-.Xr pam.conf 5 ,
-.Xr pam 8
diff --git a/lib/libpam/modules/pam_opie/pam_opie.c b/lib/libpam/modules/pam_opie/pam_opie.c
deleted file mode 100644
index 41ad84b751bc..000000000000
--- a/lib/libpam/modules/pam_opie/pam_opie.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-3-Clause
- *
- * Copyright 2000 James Bloom
- * All rights reserved.
- * Based upon code Copyright 1998 Juniper Networks, Inc.
- * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * Portions of this software were developed for the FreeBSD Project by
- * ThinkSec AS and NAI Labs, the Security Research Division of Network
- * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
- * ("CBOSS"), as part of the DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- * products derived from this software without specific prior written
- * permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <opie.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define PAM_SM_AUTH
-
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-#include <security/pam_mod_misc.h>
-
-#define PAM_OPT_NO_FAKE_PROMPTS "no_fake_prompts"
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
- int argc __unused, const char *argv[] __unused)
-{
- struct opie opie;
- struct passwd *pwd;
- int retval, i;
- const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "};
- char challenge[OPIE_CHALLENGE_MAX + 1];
- char principal[OPIE_PRINCIPAL_MAX];
- const char *user;
- char *response;
- int style;
-
- user = NULL;
- if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
- if ((pwd = getpwnam(getlogin())) == NULL)
- return (PAM_AUTH_ERR);
- user = pwd->pw_name;
- }
- else {
- retval = pam_get_user(pamh, &user, NULL);
- if (retval != PAM_SUCCESS)
- return (retval);
- }
-
- PAM_LOG("Got user: %s", user);
-
- /*
- * Watch out: libopie feels entitled to truncate the user name
- * passed to it if it's longer than OPIE_PRINCIPAL_MAX, which is
- * not uncommon in Windows environments.
- */
- if (strlen(user) >= sizeof(principal))
- return (PAM_AUTH_ERR);
- strlcpy(principal, user, sizeof(principal));
-
- /*
- * Don't call the OPIE atexit() handler when our program exits,
- * since the module has been unloaded and we will SEGV.
- */
- opiedisableaeh();
-
- /*
- * If the no_fake_prompts option was given, and the user
- * doesn't have an OPIE key, just fail rather than present the
- * user with a bogus OPIE challenge.
- */
- if (opiechallenge(&opie, principal, challenge) != 0 &&
- openpam_get_option(pamh, PAM_OPT_NO_FAKE_PROMPTS))
- return (PAM_AUTH_ERR);
-
- /*
- * It doesn't make sense to use a password that has already been
- * typed in, since we haven't presented the challenge to the user
- * yet, so clear the stored password.
- */
- pam_set_item(pamh, PAM_AUTHTOK, NULL);
-
- style = PAM_PROMPT_ECHO_OFF;
- for (i = 0; i < 2; i++) {
- retval = pam_prompt(pamh, style, &response,
- promptstr[i], challenge);
- if (retval != PAM_SUCCESS) {
- opieunlock();
- return (retval);
- }
-
- PAM_LOG("Completed challenge %d: %s", i, response);
-
- if (response[0] != '\0')
- break;
-
- /* Second time round, echo the password */
- style = PAM_PROMPT_ECHO_ON;
- }
-
- pam_set_item(pamh, PAM_AUTHTOK, response);
-
- /*
- * Opieverify is supposed to return -1 only if an error occurs.
- * But it returns -1 even if the response string isn't in the form
- * it expects. Thus we can't log an error and can only check for
- * success or lack thereof.
- */
- retval = opieverify(&opie, response);
- free(response);
- return (retval == 0 ? PAM_SUCCESS : PAM_AUTH_ERR);
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
- int argc __unused, const char *argv[] __unused)
-{
-
- return (PAM_SUCCESS);
-}
-
-PAM_MODULE_ENTRY("pam_opie");
diff --git a/lib/libpam/modules/pam_opieaccess/Makefile b/lib/libpam/modules/pam_opieaccess/Makefile
deleted file mode 100644
index 2e764cd43a5b..000000000000
--- a/lib/libpam/modules/pam_opieaccess/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# $FreeBSD$
-
-LIB= pam_opieaccess
-SRCS= ${LIB}.c
-MAN= pam_opieaccess.8
-
-LIBADD+= opie
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_opieaccess/Makefile.depend b/lib/libpam/modules/pam_opieaccess/Makefile.depend
deleted file mode 100644
index 81514fa091b5..000000000000
--- a/lib/libpam/modules/pam_opieaccess/Makefile.depend
+++ /dev/null
@@ -1,18 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- gnu/lib/csu \
- include \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- lib/libopie \
- lib/libpam/libpam \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8
deleted file mode 100644
index 5521a85d1d44..000000000000
--- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8
+++ /dev/null
@@ -1,142 +0,0 @@
-.\" Copyright (c) 2001 Mark R V Murray
-.\" All rights reserved.
-.\" Copyright (c) 2002 Networks Associates Technology, Inc.
-.\" All rights reserved.
-.\"
-.\" Portions of this software were developed for the FreeBSD Project by
-.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
-.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
-.\" ("CBOSS"), as part of the DARPA CHATS research program.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote
-.\" products derived from this software without specific prior written
-.\" permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd October 26, 2007
-.Dt PAM_OPIEACCESS 8
-.Os
-.Sh NAME
-.Nm pam_opieaccess
-.Nd OPIEAccess PAM module
-.Sh SYNOPSIS
-.Op Ar service-name
-.Ar module-type
-.Ar control-flag
-.Pa pam_opieaccess
-.Op Ar options
-.Sh DESCRIPTION
-The
-.Nm
-module is used in conjunction with the
-.Xr pam_opie 8
-PAM module to ascertain that authentication can proceed by other means
-(such as the
-.Xr pam_unix 8
-module) even if OPIE authentication failed.
-To properly use this module,
-.Xr pam_opie 8
-should be marked
-.Dq Li sufficient ,
-and
-.Nm
-should be listed right below it and marked
-.Dq Li requisite .
-.Pp
-The
-.Nm
-module provides functionality for only one PAM category:
-authentication.
-In terms of the
-.Ar module-type
-parameter, this is the
-.Dq Li auth
-feature.
-It also provides null functions for the remaining module types.
-.Ss OPIEAccess Authentication Module
-The authentication component
-.Pq Fn pam_sm_authenticate ,
-returns
-.Dv PAM_SUCCESS
-in two cases:
-.Bl -enum
-.It
-The user does not have OPIE enabled.
-.It
-The user has OPIE enabled, and the remote host is listed as a trusted
-host in
-.Pa /etc/opieaccess ,
-and the user does not have a file named
-.Pa \&.opiealways
-in his home directory.
-.El
-.Pp
-Otherwise, it returns
-.Dv PAM_AUTH_ERR .
-.Pp
-The following options may be passed to the authentication module:
-.Bl -tag -width ".Cm allow_local"
-.It Cm allow_local
-Normally, local logins are subjected to the same restrictions as
-remote logins from
-.Dq localhost .
-This option causes
-.Nm
-to always allow local logins.
-.It Cm debug
-.Xr syslog 3
-debugging information at
-.Dv LOG_DEBUG
-level.
-.It Cm no_warn
-suppress warning messages to the user.
-These messages include reasons why the user's authentication attempt
-was declined.
-.El
-.Sh FILES
-.Bl -tag -width ".Pa $HOME/.opiealways"
-.It Pa /etc/opieaccess
-List of trusted hosts or networks.
-See
-.Xr opieaccess 5
-for a description of its syntax.
-.It Pa $HOME/.opiealways
-The presence of this file makes OPIE mandatory for the user.
-.El
-.Sh SEE ALSO
-.Xr opie 4 ,
-.Xr opieaccess 5 ,
-.Xr pam.conf 5 ,
-.Xr pam 8 ,
-.Xr pam_opie 8
-.Sh AUTHORS
-The
-.Nm
-module and this manual page were developed for the
-.Fx
-Project by
-ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
-.Pq Dq CBOSS ,
-as part of the DARPA CHATS research program.
diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
deleted file mode 100644
index 090d98e5f2a6..000000000000
--- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-3-Clause
- *
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- * products derived from this software without specific prior written
- * permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#define _BSD_SOURCE
-
-#include <sys/types.h>
-#include <opie.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <syslog.h>
-
-#define PAM_SM_AUTH
-
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-#include <security/pam_mod_misc.h>
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
- int argc __unused, const char *argv[] __unused)
-{
- struct opie opie;
- struct passwd *pwent;
- const void *luser, *rhost;
- int r;
-
- r = pam_get_item(pamh, PAM_USER, &luser);
- if (r != PAM_SUCCESS)
- return (r);
- if (luser == NULL)
- return (PAM_SERVICE_ERR);
-
- pwent = getpwnam(luser);
- if (pwent == NULL || opielookup(&opie, __DECONST(char *, luser)) != 0)
- return (PAM_SUCCESS);
-
- r = pam_get_item(pamh, PAM_RHOST, &rhost);
- if (r != PAM_SUCCESS)
- return (r);
- if (rhost == NULL || *(const char *)rhost == '\0')
- rhost = openpam_get_option(pamh, "allow_local") ?
- "" : "localhost";
-
- if (opieaccessfile(__DECONST(char *, rhost)) != 0 &&
- opiealways(pwent->pw_dir) != 0)
- return (PAM_SUCCESS);
-
- PAM_VERBOSE_ERROR("Refused; remote host is not in opieaccess");
-
- return (PAM_AUTH_ERR);
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
- int argc __unused, const char *argv[] __unused)
-{
-
- return (PAM_SUCCESS);
-}
-
-PAM_MODULE_ENTRY("pam_opieaccess");
diff --git a/lib/libpam/modules/pam_passwdqc/Makefile b/lib/libpam/modules/pam_passwdqc/Makefile
index 2b10fdcae4a9..60d27529dd19 100644
--- a/lib/libpam/modules/pam_passwdqc/Makefile
+++ b/lib/libpam/modules/pam_passwdqc/Makefile
@@ -1,4 +1,3 @@
-# $FreeBSD$
SRCDIR= ${SRCTOP}/contrib/pam_modules/pam_passwdqc
.PATH: ${SRCDIR}
diff --git a/lib/libpam/modules/pam_passwdqc/Makefile.depend b/lib/libpam/modules/pam_passwdqc/Makefile.depend
index 3e2c57639cd5..c056162bff30 100644
--- a/lib/libpam/modules/pam_passwdqc/Makefile.depend
+++ b/lib/libpam/modules/pam_passwdqc/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8 b/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8
index abdd3907e972..f2ec1747d1f8 100644
--- a/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8
+++ b/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd April 15, 2002
.Dt PAM_PASSWDQC 8
.Os
@@ -251,7 +249,7 @@ is that the former is incompatible with
.Sh SEE ALSO
.Xr getpwnam 3 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_permit/Makefile b/lib/libpam/modules/pam_permit/Makefile
index dbbd5b5d5813..5606fe1cf75a 100644
--- a/lib/libpam/modules/pam_permit/Makefile
+++ b/lib/libpam/modules/pam_permit/Makefile
@@ -22,7 +22,6 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
LIB= pam_permit
SRCS= pam_permit.c
diff --git a/lib/libpam/modules/pam_permit/Makefile.depend b/lib/libpam/modules/pam_permit/Makefile.depend
index 5fb710255efc..a8b8ddf9d074 100644
--- a/lib/libpam/modules/pam_permit/Makefile.depend
+++ b/lib/libpam/modules/pam_permit/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
lib/${CSU_DIR} \
lib/libc \
diff --git a/lib/libpam/modules/pam_permit/pam_permit.8 b/lib/libpam/modules/pam_permit/pam_permit.8
index c7d98ab48e16..f0b2f5527066 100644
--- a/lib/libpam/modules/pam_permit/pam_permit.8
+++ b/lib/libpam/modules/pam_permit/pam_permit.8
@@ -22,8 +22,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd July 7, 2001
.Dt PAM_PERMIT 8
.Os
@@ -72,4 +70,4 @@ level.
.Sh SEE ALSO
.Xr syslog 3 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
diff --git a/lib/libpam/modules/pam_permit/pam_permit.c b/lib/libpam/modules/pam_permit/pam_permit.c
index 38f44b222609..9dfc76ce5cf2 100644
--- a/lib/libpam/modules/pam_permit/pam_permit.c
+++ b/lib/libpam/modules/pam_permit/pam_permit.c
@@ -1,5 +1,5 @@
/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ * SPDX-License-Identifier: BSD-2-Clause
*
* Copyright 2001 Mark R V Murray
* All rights reserved.
@@ -27,8 +27,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <stddef.h>
#define PAM_SM_AUTH
diff --git a/lib/libpam/modules/pam_radius/Makefile b/lib/libpam/modules/pam_radius/Makefile
index a9a93e2ab2b5..ab39fedcee04 100644
--- a/lib/libpam/modules/pam_radius/Makefile
+++ b/lib/libpam/modules/pam_radius/Makefile
@@ -22,7 +22,6 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
LIB= pam_radius
SRCS= pam_radius.c
diff --git a/lib/libpam/modules/pam_radius/Makefile.depend b/lib/libpam/modules/pam_radius/Makefile.depend
index 88b5297a79c5..1e4d327901e8 100644
--- a/lib/libpam/modules/pam_radius/Makefile.depend
+++ b/lib/libpam/modules/pam_radius/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_radius/pam_radius.8 b/lib/libpam/modules/pam_radius/pam_radius.8
index 9d12c0b0b6ce..6b2d1ef1fa55 100644
--- a/lib/libpam/modules/pam_radius/pam_radius.8
+++ b/lib/libpam/modules/pam_radius/pam_radius.8
@@ -33,8 +33,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd May 16, 2018
.Dt PAM_RADIUS 8
.Os
@@ -127,7 +125,7 @@ The standard RADIUS client configuration file for
.Sh SEE ALSO
.Xr passwd 5 ,
.Xr radius.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh HISTORY
The
.Nm
diff --git a/lib/libpam/modules/pam_radius/pam_radius.c b/lib/libpam/modules/pam_radius/pam_radius.c
index 377652382dc4..027916b38138 100644
--- a/lib/libpam/modules/pam_radius/pam_radius.c
+++ b/lib/libpam/modules/pam_radius/pam_radius.c
@@ -38,9 +38,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/param.h>
#include <sys/socket.h>
#include <netdb.h>
diff --git a/lib/libpam/modules/pam_rhosts/Makefile b/lib/libpam/modules/pam_rhosts/Makefile
index 866267e63e11..af94a24599ab 100644
--- a/lib/libpam/modules/pam_rhosts/Makefile
+++ b/lib/libpam/modules/pam_rhosts/Makefile
@@ -1,4 +1,3 @@
-# $FreeBSD$
LIB= pam_rhosts
SRCS= pam_rhosts.c
diff --git a/lib/libpam/modules/pam_rhosts/Makefile.depend b/lib/libpam/modules/pam_rhosts/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_rhosts/Makefile.depend
+++ b/lib/libpam/modules/pam_rhosts/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_rhosts/pam_rhosts.8 b/lib/libpam/modules/pam_rhosts/pam_rhosts.8
index 8adfcc6ed5ae..ea005738840c 100644
--- a/lib/libpam/modules/pam_rhosts/pam_rhosts.8
+++ b/lib/libpam/modules/pam_rhosts/pam_rhosts.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd December 5, 2001
.Dt PAM_RHOSTS 8
.Os
@@ -82,7 +80,7 @@ do not automatically fail if the target user's UID is 0.
.Sh SEE ALSO
.Xr hosts.equiv 5 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_rhosts/pam_rhosts.c b/lib/libpam/modules/pam_rhosts/pam_rhosts.c
index e8b6ba461b2c..597fb47e95c8 100644
--- a/lib/libpam/modules/pam_rhosts/pam_rhosts.c
+++ b/lib/libpam/modules/pam_rhosts/pam_rhosts.c
@@ -37,8 +37,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <pwd.h>
#include <stddef.h>
#include <string.h>
diff --git a/lib/libpam/modules/pam_rootok/Makefile b/lib/libpam/modules/pam_rootok/Makefile
index 8582daae97c5..668eeef7f7d9 100644
--- a/lib/libpam/modules/pam_rootok/Makefile
+++ b/lib/libpam/modules/pam_rootok/Makefile
@@ -22,7 +22,6 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
LIB= pam_rootok
SRCS= pam_rootok.c
diff --git a/lib/libpam/modules/pam_rootok/Makefile.depend b/lib/libpam/modules/pam_rootok/Makefile.depend
index 5fb710255efc..a8b8ddf9d074 100644
--- a/lib/libpam/modules/pam_rootok/Makefile.depend
+++ b/lib/libpam/modules/pam_rootok/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
lib/${CSU_DIR} \
lib/libc \
diff --git a/lib/libpam/modules/pam_rootok/pam_rootok.8 b/lib/libpam/modules/pam_rootok/pam_rootok.8
index 4203fbd246b7..d1ab8226e2ca 100644
--- a/lib/libpam/modules/pam_rootok/pam_rootok.8
+++ b/lib/libpam/modules/pam_rootok/pam_rootok.8
@@ -22,8 +22,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd July 8, 2001
.Dt PAM_ROOTOK 8
.Os
@@ -72,4 +70,4 @@ authentication attempt was declined.
.Sh SEE ALSO
.Xr getuid 2 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
diff --git a/lib/libpam/modules/pam_rootok/pam_rootok.c b/lib/libpam/modules/pam_rootok/pam_rootok.c
index c5540a2683e3..d267d267ef27 100644
--- a/lib/libpam/modules/pam_rootok/pam_rootok.c
+++ b/lib/libpam/modules/pam_rootok/pam_rootok.c
@@ -37,8 +37,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#define _BSD_SOURCE
#include <unistd.h>
diff --git a/lib/libpam/modules/pam_securetty/Makefile b/lib/libpam/modules/pam_securetty/Makefile
index 8eb3e6e7a6d1..3a36a37b543c 100644
--- a/lib/libpam/modules/pam_securetty/Makefile
+++ b/lib/libpam/modules/pam_securetty/Makefile
@@ -22,7 +22,8 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
+
+PACKAGE= runtime
LIB= pam_securetty
SRCS= pam_securetty.c
diff --git a/lib/libpam/modules/pam_securetty/Makefile.depend b/lib/libpam/modules/pam_securetty/Makefile.depend
index a3a7ac4e5850..0665960a2cd2 100644
--- a/lib/libpam/modules/pam_securetty/Makefile.depend
+++ b/lib/libpam/modules/pam_securetty/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.8 b/lib/libpam/modules/pam_securetty/pam_securetty.8
index 5825fb452a7a..b19979000978 100644
--- a/lib/libpam/modules/pam_securetty/pam_securetty.8
+++ b/lib/libpam/modules/pam_securetty/pam_securetty.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd July 8, 2001
.Dt PAM_SECURETTY 8
.Os
@@ -89,4 +87,4 @@ authentication attempt was declined.
.Xr syslog 3 ,
.Xr pam.conf 5 ,
.Xr ttys 5 ,
-.Xr pam 8
+.Xr pam 3
diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.c b/lib/libpam/modules/pam_securetty/pam_securetty.c
index 50574d315608..4f05961e2737 100644
--- a/lib/libpam/modules/pam_securetty/pam_securetty.c
+++ b/lib/libpam/modules/pam_securetty/pam_securetty.c
@@ -36,9 +36,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
diff --git a/lib/libpam/modules/pam_self/Makefile b/lib/libpam/modules/pam_self/Makefile
index 50718e179846..0a58728fea52 100644
--- a/lib/libpam/modules/pam_self/Makefile
+++ b/lib/libpam/modules/pam_self/Makefile
@@ -22,7 +22,8 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
+
+PACKAGE= runtime
LIB= pam_self
SRCS= pam_self.c
diff --git a/lib/libpam/modules/pam_self/Makefile.depend b/lib/libpam/modules/pam_self/Makefile.depend
index 5fb710255efc..a8b8ddf9d074 100644
--- a/lib/libpam/modules/pam_self/Makefile.depend
+++ b/lib/libpam/modules/pam_self/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
lib/${CSU_DIR} \
lib/libc \
diff --git a/lib/libpam/modules/pam_self/pam_self.8 b/lib/libpam/modules/pam_self/pam_self.8
index d021434770c6..c3623998f0be 100644
--- a/lib/libpam/modules/pam_self/pam_self.8
+++ b/lib/libpam/modules/pam_self/pam_self.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd December 5, 2001
.Dt PAM_SELF 8
.Os
@@ -83,7 +81,7 @@ do not automatically fail if the current real user ID is 0.
.Sh SEE ALSO
.Xr getuid 2 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_self/pam_self.c b/lib/libpam/modules/pam_self/pam_self.c
index de69f408d3f9..fceb6466d8fb 100644
--- a/lib/libpam/modules/pam_self/pam_self.c
+++ b/lib/libpam/modules/pam_self/pam_self.c
@@ -37,8 +37,6 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#define _BSD_SOURCE
#include <pwd.h>
diff --git a/lib/libpam/modules/pam_ssh/Makefile b/lib/libpam/modules/pam_ssh/Makefile
index d2168b395d88..6652244a84af 100644
--- a/lib/libpam/modules/pam_ssh/Makefile
+++ b/lib/libpam/modules/pam_ssh/Makefile
@@ -1,5 +1,4 @@
# PAM module for SSH
-# $FreeBSD$
SSHDIR= ${SRCTOP}/crypto/openssh
diff --git a/lib/libpam/modules/pam_ssh/Makefile.depend b/lib/libpam/modules/pam_ssh/Makefile.depend
index bee3c0e355ef..7cba2082bc24 100644
--- a/lib/libpam/modules/pam_ssh/Makefile.depend
+++ b/lib/libpam/modules/pam_ssh/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.8 b/lib/libpam/modules/pam_ssh/pam_ssh.8
index 1afcfc77e6c1..e63930eb5340 100644
--- a/lib/libpam/modules/pam_ssh/pam_ssh.8
+++ b/lib/libpam/modules/pam_ssh/pam_ssh.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd October 7, 2011
.Dt PAM_SSH 8
.Os
@@ -141,7 +139,7 @@ SSH2 Ed25519 key
.Sh SEE ALSO
.Xr ssh-agent 1 ,
.Xr pam.conf 5 ,
-.Xr pam 8
+.Xr pam 3
.Sh AUTHORS
The
.Nm
diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.c b/lib/libpam/modules/pam_ssh/pam_ssh.c
index 9b30ba935a7b..157908b6b910 100644
--- a/lib/libpam/modules/pam_ssh/pam_ssh.c
+++ b/lib/libpam/modules/pam_ssh/pam_ssh.c
@@ -35,9 +35,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/param.h>
#include <sys/wait.h>
@@ -65,7 +62,7 @@ __FBSDID("$FreeBSD$");
#include "sshkey.h"
#define ssh_add_identity(auth, key, comment) \
- ssh_add_identity_constrained(auth, key, comment, 0, 0, 0)
+ ssh_add_identity_constrained(auth, key, comment, 0, 0, 0, NULL, NULL, 0)
extern char **environ;
diff --git a/lib/libpam/modules/pam_tacplus/Makefile b/lib/libpam/modules/pam_tacplus/Makefile
index 5d2a3f34a4d0..2b558d9f72b3 100644
--- a/lib/libpam/modules/pam_tacplus/Makefile
+++ b/lib/libpam/modules/pam_tacplus/Makefile
@@ -22,7 +22,6 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
LIB= pam_tacplus
SRCS= pam_tacplus.c
diff --git a/lib/libpam/modules/pam_tacplus/Makefile.depend b/lib/libpam/modules/pam_tacplus/Makefile.depend
index bab66eeb796c..d17468f1a7ac 100644
--- a/lib/libpam/modules/pam_tacplus/Makefile.depend
+++ b/lib/libpam/modules/pam_tacplus/Makefile.depend
@@ -1,8 +1,6 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
- gnu/lib/csu \
include \
include/xlocale \
lib/${CSU_DIR} \
diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.8 b/lib/libpam/modules/pam_tacplus/pam_tacplus.8
index ee8cc78e0d9f..ad37b3bba95a 100644
--- a/lib/libpam/modules/pam_tacplus/pam_tacplus.8
+++ b/lib/libpam/modules/pam_tacplus/pam_tacplus.8
@@ -32,9 +32,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
-.Dd August 2, 1999
+.Dd May 17, 2023
.Dt PAM_TACPLUS 8
.Os
.Sh NAME
@@ -103,9 +101,10 @@ The standard TACACS+ client configuration file for
.Nm
.El
.Sh SEE ALSO
+.Xr pam 3 ,
.Xr passwd 5 ,
.Xr tacplus.conf 5 ,
-.Xr pam 8
+.Xr nss_tacplus 8
.Sh HISTORY
The
.Nm
diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.c b/lib/libpam/modules/pam_tacplus/pam_tacplus.c
index 8f8e9d553ee7..dd19d7da0557 100644
--- a/lib/libpam/modules/pam_tacplus/pam_tacplus.c
+++ b/lib/libpam/modules/pam_tacplus/pam_tacplus.c
@@ -36,9 +36,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/param.h>
#include <pwd.h>
diff --git a/lib/libpam/modules/pam_unix/Makefile b/lib/libpam/modules/pam_unix/Makefile
index 5330ae4a5f98..2e76f054c502 100644
--- a/lib/libpam/modules/pam_unix/Makefile
+++ b/lib/libpam/modules/pam_unix/Makefile
@@ -32,11 +32,12 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
.include <src.opts.mk>
.include <bsd.init.mk>
+PACKAGE= runtime
+
LIB= pam_unix
SRCS= pam_unix.c
MAN= pam_unix.8
diff --git a/lib/libpam/modules/pam_unix/Makefile.depend b/lib/libpam/modules/pam_unix/Makefile.depend
index 1327176e9c55..e852c4988ea6 100644
--- a/lib/libpam/modules/pam_unix/Makefile.depend
+++ b/lib/libpam/modules/pam_unix/Makefile.depend
@@ -1,4 +1,3 @@
-# $FreeBSD$
# Autogenerated - do NOT edit!
DIRDEPS = \
diff --git a/lib/libpam/modules/pam_unix/Makefile.depend.options b/lib/libpam/modules/pam_unix/Makefile.depend.options
index e7289cb56ce3..a43cdcfaffb4 100644
--- a/lib/libpam/modules/pam_unix/Makefile.depend.options
+++ b/lib/libpam/modules/pam_unix/Makefile.depend.options
@@ -1,4 +1,3 @@
-# $FreeBSD$
# This file is not autogenerated - take care!
DIRDEPS_OPTIONS= NIS
diff --git a/lib/libpam/modules/pam_unix/pam_unix.8 b/lib/libpam/modules/pam_unix/pam_unix.8
index 03f8feaf4ba9..170cf65f34db 100644
--- a/lib/libpam/modules/pam_unix/pam_unix.8
+++ b/lib/libpam/modules/pam_unix/pam_unix.8
@@ -32,8 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD$
-.\"
.Dd April 3, 2020
.Dt PAM_UNIX 8
.Os
@@ -206,7 +204,7 @@ password database.
.Xr syslog 3 ,
.Xr nsswitch.conf 5 ,
.Xr passwd 5 ,
-.Xr pam 8 ,
+.Xr pam 3 ,
.Xr pw 8 ,
.Xr yp 8
.Sh BUGS
diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
index 29588f0af1ea..88313f6ebae8 100644
--- a/lib/libpam/modules/pam_unix/pam_unix.c
+++ b/lib/libpam/modules/pam_unix/pam_unix.c
@@ -36,9 +36,6 @@
* SUCH DAMAGE.
*/
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/time.h>
@@ -76,7 +73,7 @@ __FBSDID("$FreeBSD$");
#define LOCKED_PREFIX "*LOCKED*"
#define LOCKED_PREFIX_LEN (sizeof(LOCKED_PREFIX) - 1)
-static void makesalt(char []);
+static void makesalt(char [SALTSIZE + 1]);
static char password_hash[] = PASSWORD_HASH;
@@ -87,7 +84,7 @@ static char password_hash[] = PASSWORD_HASH;
* authentication management
*/
PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
int argc __unused, const char *argv[] __unused)
{
login_cap_t *lc;
diff --git a/lib/libpam/modules/pam_xdg/Makefile b/lib/libpam/modules/pam_xdg/Makefile
new file mode 100644
index 000000000000..2a470e0850bf
--- /dev/null
+++ b/lib/libpam/modules/pam_xdg/Makefile
@@ -0,0 +1,6 @@
+
+LIB= pam_xdg
+SRCS= pam_xdg.c
+MAN= pam_xdg.8
+
+.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_xdg/pam_xdg.8 b/lib/libpam/modules/pam_xdg/pam_xdg.8
new file mode 100644
index 000000000000..1a8b53def051
--- /dev/null
+++ b/lib/libpam/modules/pam_xdg/pam_xdg.8
@@ -0,0 +1,56 @@
+.\" * SPDX-License-Identifier: BSD-2-Clause
+.\"
+.\" Copyright (c) 2024 Beckhoff Automation GmbH & Co. KG
+.\"
+.\" * Redistribution and use in source and binary forms, with or without
+.\" * modification, are permitted provided that the following conditions
+.\" * are met:
+.\" * 1. Redistributions of source code must retain the above copyright
+.\" * notice, this list of conditions and the following disclaimer.
+.\" * 2. Redistributions in binary form must reproduce the above copyright
+.\" * notice, this list of conditions and the following disclaimer in the
+.\" * documentation and/or other materials provided with the distribution.
+.\" *
+.\" * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" * SUCH DAMAGE.
+.Dd February 21, 2024
+.Dt PAM_XDG 8
+.Os
+.Sh NAME
+.Nm pam_xdg
+.Nd XDG PAM module
+.Sh SYNOPSIS
+.Op Ar service-name
+.Ar module-type
+.Ar control-flag
+.Pa pam_xdg
+.Op Ar arguments
+.Sh DESCRIPTION
+The xdg service module for PAM sets up the runtime directory according
+to the XDG specifications.
+.Pp
+By default the directory is created under
+.Pa /var/run/xdg/<username> .
+.Pp
+The following option may be passed to the authentication module:
+.Bl -tag -width ".Cm runtime_dir"
+.It Cm runtime_dir Ns = Ns Ar directory
+Use an alternate base directory
+.El
+.Sh SEE ALSO
+.Xr pam 3 ,
+.Xr pam.conf 5
+.Sh AUTHORS
+The
+.Nm
+module and this manual page were written by
+.An Emmanuel Vadot Aq Mt manu@FreeBSD.org .
diff --git a/lib/libpam/modules/pam_xdg/pam_xdg.c b/lib/libpam/modules/pam_xdg/pam_xdg.c
new file mode 100644
index 000000000000..4d586a21566a
--- /dev/null
+++ b/lib/libpam/modules/pam_xdg/pam_xdg.c
@@ -0,0 +1,328 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2024 Beckhoff Automation GmbH & Co. KG
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/stat.h>
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+
+#define PAM_SM_SESSION
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+#include <security/pam_mod_misc.h>
+
+#define BASE_RUNTIME_DIR_PREFIX "/var/run/xdg"
+#define RUNTIME_DIR_PREFIX runtime_dir_prefix != NULL ? runtime_dir_prefix : BASE_RUNTIME_DIR_PREFIX
+
+#define RUNTIME_DIR_PREFIX_MODE 0711
+#define RUNTIME_DIR_MODE 0700 /* XDG spec */
+
+#define XDG_MAX_SESSION 100 /* Arbitrary limit because we need one */
+
+static int
+_pam_xdg_open(pam_handle_t *pamh, int flags __unused,
+ int argc __unused, const char *argv[] __unused)
+{
+ struct passwd *passwd;
+ const char *user;
+ const char *runtime_dir_prefix;
+ struct stat sb;
+ char *runtime_dir = NULL;
+ char *xdg_session_file;
+ int rv, rt_dir_prefix, rt_dir, session_file, i;
+
+ session_file = -1;
+ rt_dir_prefix = -1;
+ runtime_dir_prefix = openpam_get_option(pamh, "runtime_dir_prefix");
+
+ /* Get user info */
+ rv = pam_get_item(pamh, PAM_USER, (const void **)&user);
+ if (rv != PAM_SUCCESS) {
+ PAM_VERBOSE_ERROR("Can't get user information");
+ goto out;
+ }
+ if ((passwd = getpwnam(user)) == NULL) {
+ PAM_VERBOSE_ERROR("Can't get user information");
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+
+ /* Open or create the base xdg directory */
+ rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW);
+ if (rt_dir_prefix < 0) {
+ rt_dir_prefix = mkdir(RUNTIME_DIR_PREFIX, RUNTIME_DIR_PREFIX_MODE);
+ if (rt_dir_prefix != 0) {
+ PAM_VERBOSE_ERROR("Can't mkdir %s", RUNTIME_DIR_PREFIX);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW);
+ }
+
+ /* Open or create the user xdg directory */
+ rt_dir = openat(rt_dir_prefix, user, O_DIRECTORY | O_NOFOLLOW);
+ if (rt_dir < 0) {
+ rt_dir = mkdirat(rt_dir_prefix, user, RUNTIME_DIR_MODE);
+ if (rt_dir != 0) {
+ PAM_VERBOSE_ERROR("mkdir: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, rt_dir);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ rv = fchownat(rt_dir_prefix, user, passwd->pw_uid, passwd->pw_gid, 0);
+ if (rv != 0) {
+ PAM_VERBOSE_ERROR("fchownat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, rv);
+ rv = unlinkat(rt_dir_prefix, user, AT_REMOVEDIR);
+ if (rv == -1)
+ PAM_VERBOSE_ERROR("unlinkat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, errno);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ } else {
+ /* Check that the already create dir is correctly owned */
+ rv = fstatat(rt_dir_prefix, user, &sb, 0);
+ if (rv == -1) {
+ PAM_VERBOSE_ERROR("fstatat %s/%s failed (%d)", RUNTIME_DIR_PREFIX, user, errno);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ if (sb.st_uid != passwd->pw_uid ||
+ sb.st_gid != passwd->pw_gid) {
+ PAM_VERBOSE_ERROR("%s/%s isn't owned by %d:%d\n", RUNTIME_DIR_PREFIX, user, passwd->pw_uid, passwd->pw_gid);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ /* Test directory mode */
+ if ((sb.st_mode & 0x1FF) != RUNTIME_DIR_MODE) {
+ PAM_VERBOSE_ERROR("%s/%s have wrong mode\n", RUNTIME_DIR_PREFIX, user);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ }
+
+ /* Setup the environment variable */
+ rv = asprintf(&runtime_dir, "XDG_RUNTIME_DIR=%s/%s", RUNTIME_DIR_PREFIX, user);
+ if (rv < 0) {
+ PAM_VERBOSE_ERROR("asprintf failed %d\n", rv);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ rv = pam_putenv(pamh, runtime_dir);
+ if (rv != PAM_SUCCESS) {
+ PAM_VERBOSE_ERROR("pam_putenv: failed (%d)", rv);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+
+ /* Setup the session count file */
+ for (i = 0; i < XDG_MAX_SESSION; i++) {
+ rv = asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i);
+ if (rv < 0) {
+ PAM_VERBOSE_ERROR("asprintf failed %d\n", rv);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ rv = 0;
+ session_file = openat(rt_dir_prefix, xdg_session_file, O_CREAT | O_EXCL, RUNTIME_DIR_MODE);
+ free(xdg_session_file);
+ if (session_file >= 0)
+ break;
+ }
+ if (session_file < 0) {
+ PAM_VERBOSE_ERROR("Too many sessions");
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+
+out:
+ if (session_file >= 0)
+ close(session_file);
+ if (rt_dir_prefix >= 0)
+ close(rt_dir_prefix);
+
+ if (runtime_dir)
+ free(runtime_dir);
+ return (rv);
+}
+
+static int
+remove_dir(int fd)
+{
+ DIR *dirp;
+ struct dirent *dp;
+
+ dirp = fdopendir(fd);
+ if (dirp == NULL)
+ return (-1);
+
+ while ((dp = readdir(dirp)) != NULL) {
+ if (dp->d_type == DT_DIR) {
+ int dirfd;
+
+ if (strcmp(dp->d_name, ".") == 0 ||
+ strcmp(dp->d_name, "..") == 0)
+ continue;
+ dirfd = openat(fd, dp->d_name, 0);
+ remove_dir(dirfd);
+ close(dirfd);
+ unlinkat(fd, dp->d_name, AT_REMOVEDIR);
+ continue;
+ }
+ unlinkat(fd, dp->d_name, 0);
+ }
+ closedir(dirp);
+
+ return (0);
+}
+
+static int
+_pam_xdg_close(pam_handle_t *pamh __unused, int flags __unused,
+ int argc __unused, const char *argv[] __unused)
+{
+ struct passwd *passwd;
+ const char *user;
+ const char *runtime_dir_prefix;
+ struct stat sb;
+ char *xdg_session_file;
+ int rv, rt_dir_prefix, rt_dir, session_file, i;
+
+ rt_dir = -1;
+ rt_dir_prefix = -1;
+ runtime_dir_prefix = openpam_get_option(pamh, "runtime_dir_prefix");
+
+ /* Get user info */
+ rv = pam_get_item(pamh, PAM_USER, (const void **)&user);
+ if (rv != PAM_SUCCESS) {
+ PAM_VERBOSE_ERROR("Can't get user information");
+ goto out;
+ }
+ if ((passwd = getpwnam(user)) == NULL) {
+ PAM_VERBOSE_ERROR("Can't get user information");
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+
+ /* Open the xdg base directory */
+ rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW);
+ if (rt_dir_prefix < 0) {
+ PAM_VERBOSE_ERROR("open: %s failed (%d)\n", runtime_dir_prefix, rt_dir_prefix);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ /* Check that the already created dir is correctly owned */
+ rv = fstatat(rt_dir_prefix, user, &sb, 0);
+ if (rv == -1) {
+ PAM_VERBOSE_ERROR("fstatat %s/%s failed (%d)", RUNTIME_DIR_PREFIX, user, errno);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ if (sb.st_uid != passwd->pw_uid ||
+ sb.st_gid != passwd->pw_gid) {
+ PAM_VERBOSE_ERROR("%s/%s isn't owned by %d:%d\n", RUNTIME_DIR_PREFIX, user, passwd->pw_uid, passwd->pw_gid);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ /* Test directory mode */
+ if ((sb.st_mode & 0x1FF) != RUNTIME_DIR_MODE) {
+ PAM_VERBOSE_ERROR("%s/%s have wrong mode\n", RUNTIME_DIR_PREFIX, user);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+
+ /* Open the user xdg directory */
+ rt_dir = openat(rt_dir_prefix, user, O_DIRECTORY | O_NOFOLLOW);
+ if (rt_dir < 0) {
+ PAM_VERBOSE_ERROR("openat: %s/%s failed (%d)\n", RUNTIME_DIR_PREFIX, user, rt_dir_prefix);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+
+ /* Get the last session file created */
+ for (i = XDG_MAX_SESSION; i >= 0; i--) {
+ rv = asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i);
+ if (rv < 0) {
+ PAM_VERBOSE_ERROR("asprintf failed %d\n", rv);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ rv = 0;
+ session_file = openat(rt_dir_prefix, xdg_session_file, 0);
+ if (session_file >= 0) {
+ unlinkat(rt_dir_prefix, xdg_session_file, 0);
+ free(xdg_session_file);
+ break;
+ }
+ free(xdg_session_file);
+ }
+ if (session_file < 0) {
+ PAM_VERBOSE_ERROR("Can't find session number\n");
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ close(session_file);
+
+ /* Final cleanup if last user session */
+ if (i == 0) {
+ remove_dir(rt_dir);
+ if (unlinkat(rt_dir_prefix, user, AT_REMOVEDIR) != 0) {
+ PAM_VERBOSE_ERROR("Can't cleanup %s/%s\n", runtime_dir_prefix, user);
+ rv = PAM_SESSION_ERR;
+ goto out;
+ }
+ }
+
+ rv = PAM_SUCCESS;
+out:
+ if (rt_dir >= 0)
+ close(rt_dir);
+ if (rt_dir_prefix >= 0)
+ close(rt_dir_prefix);
+ return (rv);
+}
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (_pam_xdg_open(pamh, flags, argc, argv));
+}
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (_pam_xdg_close(pamh, flags, argc, argv));
+}
+
+PAM_MODULE_ENTRY("pam_xdg");
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 14:43:56 +0000