diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/gen/readpassphrase.3 | 187 | ||||
| -rw-r--r-- | lib/libc/gen/readpassphrase.c | 178 | ||||
| -rw-r--r-- | lib/libc/net/gethostbydns.c | 1 | ||||
| -rw-r--r-- | lib/libc/net/getnetbydns.c | 4 | ||||
| -rw-r--r-- | lib/libc/net/name6.c | 4 | ||||
| -rw-r--r-- | lib/libopie/config.h | 381 | ||||
| -rw-r--r-- | lib/libpam/libpam/pam_debug_log.c | 62 | ||||
| -rw-r--r-- | lib/libpam/libpam/security/pam_mod_misc.h | 74 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_opie/pam_opie.8 | 123 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_opieaccess/Makefile | 9 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 | 125 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_opieaccess/pam_opieaccess.c | 94 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_tacplus/pam_tacplus.8 | 130 |
13 files changed, 2 insertions, 1370 deletions
diff --git a/lib/libc/gen/readpassphrase.3 b/lib/libc/gen/readpassphrase.3 deleted file mode 100644 index cfa6cf0631dbc..0000000000000 --- a/lib/libc/gen/readpassphrase.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" $OpenBSD: readpassphrase.3,v 1.7 2001/12/15 15:37:51 millert Exp $ -.\" -.\" Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com> -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd December 7, 2001 -.Dt READPASSPHRASE 3 -.Os -.Sh NAME -.Nm readpassphrase -.Nd get a passphrase from the user -.Sh SYNOPSIS -.In readpassphrase.h -.Ft "char *" -.Fn readpassphrase "const char *prompt" "char *buf" "size_t bufsiz" "int flags" -.Sh DESCRIPTION -The -.Fn readpassphrase -function displays a prompt to, and reads in a passphrase from, -.Pa /dev/tty . -If this file is inaccessible -and the -.Dv RPP_REQUIRE_TTY -flag is not set, -.Fn readpassphrase -displays the prompt on the standard error output and reads from the standard -input. -In this case it is generally not possible to turn off echo. -.Pp -Up to -.Fa bufsiz -\- 1 characters (one is for the -.Dv NUL ) -are read into the provided buffer -.Fa buf . -Any additional -characters and the terminating newline (or return) character are discarded. -.Pp -.Fn readpassphrase -takes the following optional -.Fa flags : -.Pp -.Bl -tag -width ".Dv RPP_REQUIRE_TTY" -compact -.It Dv RPP_ECHO_OFF -turn off echo (default behavior) -.It Dv RPP_ECHO_ON -leave echo on -.It Dv RPP_REQUIRE_TTY -fail if there is no tty -.It Dv RPP_FORCELOWER -force input to lower case -.It Dv RPP_FORCEUPPER -force input to upper case -.It Dv RPP_SEVENBIT -strip the high bit from input -.El -.Pp -The calling process should zero the passphrase as soon as possible to -avoid leaving the cleartext passphrase visible in the process's address -space. -.Sh RETURN VALUES -Upon successful completion, -.Fn readpassphrase -returns a pointer to the null-terminated passphrase. -If an error is encountered, the terminal state is restored and -a -.Dv NULL -pointer is returned. -.Sh ERRORS -.Bl -tag -width Er -.It Bq Er EINTR -The -.Fn readpassphrase -function was interrupted by a signal. -.It Bq Er EINVAL -The -.Fa bufsiz -argument was zero. -.It Bq Er EIO -The process is a member of a background process attempting to read -from its controlling terminal, the process is ignoring or blocking -the -.Dv SIGTTIN -signal or the process group is orphaned. -.It Bq Er EMFILE -The process has already reached its limit for open file descriptors. -.It Bq Er ENFILE -The system file table is full. -.It Bq Er ENOTTY -There is no controlling terminal and the -.Dv RPP_REQUIRE_TTY -flag was specified. -.El -.Sh EXAMPLES -The following code fragment will read a passphrase from -.Pa /dev/tty -into the buffer -.Fa passbuf . -.Bd -literal -offset indent -char passbuf[1024]; - -\&... - -if (readpassphrase("Response: ", passbuf, sizeof(passbuf), - RPP_REQUIRE_TTY) == NULL) - errx(1, "unable to read passphrase"); - -if (compare(transform(passbuf), epass) != 0) - errx(1, "bad passphrase"); - -\&... - -memset(passbuf, 0, sizeof(passbuf)); -.Ed -.Sh SIGNALS -.Fn readpassphrase -will catch the following signals: -.Pp -.Bl -tag -compact -.It Dv SIGINT -.It Dv SIGHUP -.It Dv SIGQUIT -.It Dv SIGTERM -.It Dv SIGTSTP -.It Dv SIGTTIN -.It Dv SIGTTOU -.El -.Pp -When one of the above signals is intercepted, terminal echo will -be restored if it had previously been turned off. -If a signal handler was installed for the signal when -.Fn readpassphrase -was called that handler is then executed. -If no handler was previously installed for the signal then the -default action is taken as per -.Xr sigaction 2 . -.Pp -The -.Dv SIGTSTP , SIGTTIN , -and -.Dv SIGTTOU -signals (stop signal generated from keyboard or due to terminal I/O -from a background proccess) are treated specially. -When the process is resumed after it has been stopped, -.Fn readpassphrase -will reprint the prompt and the user may then enter a passphrase. -.Sh FILES -.Bl -tag -width ".Pa /dev/tty" -compact -.It Pa /dev/tty -.El -.Sh SEE ALSO -.Xr sigaction 2 , -.Xr getpass 3 -.Sh STANDARDS -The -.Fn readpassphrase -function is an -extension and should not be used if portability is desired. -.Sh HISTORY -The -.Fn readpassphrase -function first appeared in -.Ox 2.9 . diff --git a/lib/libc/gen/readpassphrase.c b/lib/libc/gen/readpassphrase.c deleted file mode 100644 index 983e01d893068..0000000000000 --- a/lib/libc/gen/readpassphrase.c +++ /dev/null @@ -1,178 +0,0 @@ -/* $OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $ */ - -/* - * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include "namespace.h" -#include <ctype.h> -#include <errno.h> -#include <fcntl.h> -#include <paths.h> -#include <pwd.h> -#include <signal.h> -#include <string.h> -#include <termios.h> -#include <unistd.h> -#include <readpassphrase.h> -#include "un-namespace.h" - -static volatile sig_atomic_t signo; - -static void handler(int); - -char * -readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) -{ - ssize_t nr; - int input, output, save_errno; - char ch, *p, *end; - struct termios term, oterm; - struct sigaction sa, saveint, savehup, savequit, saveterm; - struct sigaction savetstp, savettin, savettou; - - /* I suppose we could alloc on demand in this case (XXX). */ - if (bufsiz == 0) { - errno = EINVAL; - return(NULL); - } - -restart: - /* - * Read and write to /dev/tty if available. If not, read from - * stdin and write to stderr unless a tty is required. - */ - if ((input = output = _open(_PATH_TTY, O_RDWR)) == -1) { - if (flags & RPP_REQUIRE_TTY) { - errno = ENOTTY; - return(NULL); - } - input = STDIN_FILENO; - output = STDERR_FILENO; - } - - /* - * Catch signals that would otherwise cause the user to end - * up with echo turned off in the shell. Don't worry about - * things like SIGALRM and SIGPIPE for now. - */ - sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; /* don't restart system calls */ - sa.sa_handler = handler; - (void)_sigaction(SIGINT, &sa, &saveint); - (void)_sigaction(SIGHUP, &sa, &savehup); - (void)_sigaction(SIGQUIT, &sa, &savequit); - (void)_sigaction(SIGTERM, &sa, &saveterm); - (void)_sigaction(SIGTSTP, &sa, &savetstp); - (void)_sigaction(SIGTTIN, &sa, &savettin); - (void)_sigaction(SIGTTOU, &sa, &savettou); - - /* Turn off echo if possible. */ - if (tcgetattr(input, &oterm) == 0) { - memcpy(&term, &oterm, sizeof(term)); - if (!(flags & RPP_ECHO_ON)) - term.c_lflag &= ~(ECHO | ECHONL); - if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) - term.c_cc[VSTATUS] = _POSIX_VDISABLE; - (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); - } else { - memset(&term, 0, sizeof(term)); - memset(&oterm, 0, sizeof(oterm)); - } - - (void)_write(output, prompt, strlen(prompt)); - end = buf + bufsiz - 1; - for (p = buf; (nr = _read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) { - if (p < end) { - if ((flags & RPP_SEVENBIT)) - ch &= 0x7f; - if (isalpha(ch)) { - if ((flags & RPP_FORCELOWER)) - ch = tolower(ch); - if ((flags & RPP_FORCEUPPER)) - ch = toupper(ch); - } - *p++ = ch; - } - } - *p = '\0'; - save_errno = errno; - if (!(term.c_lflag & ECHO)) - (void)_write(output, "\n", 1); - - /* Restore old terminal settings and signals. */ - if (memcmp(&term, &oterm, sizeof(term)) != 0) - (void)tcsetattr(input, TCSANOW|TCSASOFT, &oterm); - (void)_sigaction(SIGINT, &saveint, NULL); - (void)_sigaction(SIGHUP, &savehup, NULL); - (void)_sigaction(SIGQUIT, &savequit, NULL); - (void)_sigaction(SIGTERM, &saveterm, NULL); - (void)_sigaction(SIGTSTP, &savetstp, NULL); - (void)_sigaction(SIGTTIN, &savettin, NULL); - (void)_sigaction(SIGTTOU, &savettou, NULL); - if (input != STDIN_FILENO) - (void)_close(input); - - /* - * If we were interrupted by a signal, resend it to ourselves - * now that we have restored the signal handlers. - */ - if (signo) { - kill(getpid(), signo); - switch (signo) { - case SIGTSTP: - case SIGTTIN: - case SIGTTOU: - signo = 0; - goto restart; - } - } - - errno = save_errno; - return(nr == -1 ? NULL : buf); -} - -char * -getpass(const char *prompt) -{ - static char buf[_PASSWORD_LEN + 1]; - - if (readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF) == NULL) - buf[0] = '\0'; - return(buf); -} - -static void handler(int s) -{ - - signo = s; -} diff --git a/lib/libc/net/gethostbydns.c b/lib/libc/net/gethostbydns.c index 52ac91a041be6..a5a3e7bb30fe6 100644 --- a/lib/libc/net/gethostbydns.c +++ b/lib/libc/net/gethostbydns.c @@ -389,7 +389,6 @@ gethostanswer(answer, anslen, qname, qtype) buflen -= nn; } - buflen -= sizeof(align) - ((u_long)bp % sizeof(align)); bp += sizeof(align) - ((u_long)bp % sizeof(align)); if (bp + n >= &hostbuf[sizeof hostbuf]) { diff --git a/lib/libc/net/getnetbydns.c b/lib/libc/net/getnetbydns.c index e1a11d2e5d3ac..087aa5f6b9bfc 100644 --- a/lib/libc/net/getnetbydns.c +++ b/lib/libc/net/getnetbydns.c @@ -173,9 +173,7 @@ static char *net_aliases[MAXALIASES], netbuf[PACKETSZ]; } cp += n; *ap++ = bp; - n = strlen(bp) + 1; - bp += n; - buflen -= n; + bp += strlen(bp) + 1; net_entry.n_addrtype = (class == C_IN) ? AF_INET : AF_UNSPEC; haveanswer++; diff --git a/lib/libc/net/name6.c b/lib/libc/net/name6.c index 401786811b500..8edcb1bee8586 100644 --- a/lib/libc/net/name6.c +++ b/lib/libc/net/name6.c @@ -1024,7 +1024,7 @@ getanswer(answer, anslen, qname, qtype, template, errp) register const u_char *cp; register int n; const u_char *eom, *erdata; - char *bp, **ap, **hap, *obp; + char *bp, **ap, **hap; int type, class, buflen, ancount, qdcount; int haveanswer, had_error; char tbuf[MAXDNAME]; @@ -1238,9 +1238,7 @@ getanswer(answer, anslen, qname, qtype, template, errp) bp += nn; buflen -= nn; } - obp = bp; /* ALIGN rounds up */ bp = (char *)ALIGN(bp); - buflen -= (bp - obp); DNS_FATAL(bp + n < &hostbuf[sizeof hostbuf]); DNS_ASSERT(hap < &h_addr_ptrs[MAXADDRS-1]); diff --git a/lib/libopie/config.h b/lib/libopie/config.h deleted file mode 100644 index b6ad39bbbf03a..0000000000000 --- a/lib/libopie/config.h +++ /dev/null @@ -1,381 +0,0 @@ -/* $FreeBSD$ */ -/* config.h. Generated automatically by configure. */ -/* config.h.in. Generated automatically from configure.in by autoheader. */ - -/* Define if on AIX 3. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ -#ifndef _ALL_SOURCE -/* #undef _ALL_SOURCE */ -#endif - -/* Define if using alloca.c. */ -/* #undef C_ALLOCA */ - -/* Define to empty if the keyword does not work. */ -/* #undef const */ - -/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems. - This function is required for alloca.c support on those systems. */ -/* #undef CRAY_STACKSEG_END */ - -/* Define if you have alloca, as a function or macro. */ -#define HAVE_ALLOCA 1 - -/* Define if you have <alloca.h> and it should be used (not on Ultrix). */ -/* #undef HAVE_ALLOCA_H */ - -/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */ -#define HAVE_SYS_WAIT_H 1 - -/* Define if on MINIX. */ -/* #undef _MINIX */ - -/* Define if the system does not provide POSIX.1 features except - with this defined. */ -/* #undef _POSIX_1_SOURCE */ - -/* Define if you need to in order for stat and other things to work. */ -/* #undef _POSIX_SOURCE */ - -/* Define as the return type of signal handlers (int or void). */ -#define RETSIGTYPE void - -/* If using the C implementation of alloca, define if you know the - direction of stack growth for your system; otherwise it will be - automatically deduced at run-time. - STACK_DIRECTION > 0 => grows toward higher addresses - STACK_DIRECTION < 0 => grows toward lower addresses - STACK_DIRECTION = 0 => direction of growth unknown - */ -/* #undef STACK_DIRECTION */ - -/* Define if you want the FTP daemon to support anonymous logins. */ -/* #undef DOANONYMOUS */ - -/* The default value of the PATH environment variable */ -#define DEFAULT_PATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin" - -/* Defined if the file /etc/default/login exists - (and, presumably, should be looked at by login) */ -/* #undef HAVE_ETC_DEFAULT_LOGIN */ - -/* Defined to the name of a file that contains a list of files whose - permissions and ownerships should be changed on login. */ -/* #undef HAVE_LOGIN_PERMFILE */ - -/* Defined to the name of a file that contains a list of environment - values that should be set on login. */ -/* #undef HAVE_LOGIN_ENVFILE */ - -/* Defined if the file /etc/securetty exists - (and, presumably, should be looked at by login) */ -/* #undef HAVE_SECURETTY */ - -/* Defined if the file /etc/shadow exists - (and, presumably, should be looked at for shadow passwords) */ -/* #undef HAVE_ETC_SHADOW */ - -/* The path to the access file, if we're going to use it */ -/* #undef PATH_ACCESS_FILE */ - -/* The path to the mail spool, if we know it */ -#define PATH_MAIL "/var/mail" - -/* The path to the utmp file, if we know it */ -#define PATH_UTMP_AC "/var/run/utmp" - -/* The path to the wtmp file, if we know it */ -#define PATH_WTMP_AC "/var/log/wtmp" - -/* The path to the wtmpx file, if we know it */ -/* #undef PATH_WTMPX_AC */ - -/* Defined if the system's profile (/etc/profile) displays - the motd file */ -/* #undef HAVE_MOTD_IN_PROFILE */ - -/* Defined if the system's profile (/etc/profile) informs the - user of new mail */ -/* #undef HAVE_MAILCHECK_IN_PROFILE */ - -/* Define if you have a nonstandard gettimeofday() that takes one argument - instead of two. */ -/* #undef HAVE_ONE_ARG_GETTIMEOFDAY */ - -/* Define if the system has the getenv function */ -#define HAVE_GETENV 1 - -/* Define if the system has the setenv function */ -#define HAVE_SETENV 1 - -/* Define if the system has the /var/adm/sulog file */ -/* #undef HAVE_SULOG */ - -/* Define if the system has the unsetenv function */ -#define HAVE_UNSETENV 1 - -/* Define if the compiler can handle ANSI-style argument lists */ -#define HAVE_ANSIDECL 1 - -/* Define if the compiler can handle ANSI-style prototypes */ -#define HAVE_ANSIPROTO 1 - -/* Define if the system has an ANSI-style printf (returns int instead of char *) */ -#define HAVE_ANSISPRINTF 1 - -/* Define if the compiler can handle ANSI-style variable argument lists */ -#define HAVE_ANSISTDARG 1 - -/* Define if the compiler can handle void argument lists to functions */ -#define HAVE_VOIDARG 1 - -/* Define if the compiler can handle void return "values" from functions */ -#define HAVE_VOIDRET 1 - -/* Define if the compiler can handle void pointers to our liking */ -#define HAVE_VOIDPTR 1 - -/* Define if the /bin/ls command seems to support the -g flag */ -/* #undef HAVE_LS_G_FLAG */ - -/* Define if there is a ut_pid field in struct utmp */ -/* #undef HAVE_UT_PID */ - -/* Define if there is a ut_type field in struct utmp */ -/* #undef HAVE_UT_TYPE */ - -/* Define if there is a ut_name field in struct utmp */ -#define HAVE_UT_NAME 1 - -/* Define if there is a ut_host field in struct utmp */ -#define HAVE_UT_HOST 1 - -/* Define if the system has getutline() */ -/* #undef HAVE_GETUTLINE */ - -/* Defined if the system has SunOS C2 security shadow passwords */ -/* #undef HAVE_SUNOS_C2_SHADOW */ - -/* Defined if you want to disable utmp support */ -/* #undef DISABLE_UTMP */ - -/* Defined if you want to allow users to override the insecure checks */ -/* #undef INSECURE_OVERRIDE */ - -/* Defined to the default hash value, always defined */ -#define MDX 5 - -/* Defined if new-style prompts are to be used */ -#define NEW_PROMPTS 1 - -/* Defined to the path of the OPIE lock directory */ -#define OPIE_LOCK_DIR "/var/spool/opielocks" - -/* Defined if users are to be asked to re-type secret pass phrases */ -/* #undef RETYPE */ - -/* Defined if su should not switch to disabled accounts */ -/* #undef SU_STAR_CHECK */ - -/* Don't turn it on! It allows intruder easily disable whole OPIE for user */ -/* Defined if user locking is to be used */ -/* #undef USER_LOCKING */ - -/* Define if you have the bcopy function. */ -/* #undef HAVE_BCOPY */ - -/* Define if you have the bzero function. */ -/* #undef HAVE_BZERO */ - -/* Define if you have the endspent function. */ -/* #undef HAVE_ENDSPENT */ - -/* Define if you have the fpurge function. */ -#define HAVE_FPURGE 1 - -/* Define if you have the getdtablesize function. */ -/* #undef HAVE_GETDTABLESIZE */ - -/* Define if you have the getgroups function. */ -#define HAVE_GETGROUPS 1 - -/* Define if you have the gethostname function. */ -/* #undef HAVE_GETHOSTNAME */ - -/* Define if you have the getspnam function. */ -/* #undef HAVE_GETSPNAM */ - -/* Define if you have the gettimeofday function. */ -#define HAVE_GETTIMEOFDAY 1 - -/* Define if you have the getttynam function. */ -#define HAVE_GETTTYNAM 1 - -/* Define if you have the getusershell function. */ -#define HAVE_GETUSERSHELL 1 - -/* Define if you have the getutxline function. */ -/* #undef HAVE_GETUTXLINE */ - -/* Define if you have the getwd function. */ -/* #undef HAVE_GETWD */ - -/* Define if you have the index function. */ -/* #undef HAVE_INDEX */ - -/* Define if you have the lstat function. */ -#define HAVE_LSTAT 1 - -/* Define if you have the on_exit function. */ -/* #undef HAVE_ON_EXIT */ - -/* Define if you have the pututxline function. */ -/* #undef HAVE_PUTUTXLINE */ - -/* Define if you have the rindex function. */ -/* #undef HAVE_RINDEX */ - -/* Define if you have the setgroups function. */ -#define HAVE_SETGROUPS 1 - -/* Define if you have the setlogin function. */ -#define HAVE_SETLOGIN 1 - -/* Define if you have the setpriority function. */ -#define HAVE_SETPRIORITY 1 - -/* Define if you have the setregid function. */ -/* #undef HAVE_SETREGID */ - -/* Define if you have the setresgid function. */ -/* #undef HAVE_SETRESGID */ - -/* Define if you have the setresuid function. */ -/* #undef HAVE_SETRESUID */ - -/* Define if you have the setreuid function. */ -/* #undef HAVE_SETREUID */ - -/* Define if you have the setvbuf function. */ -#define HAVE_SETVBUF 1 - -/* Define if you have the sigaddset function. */ -#define HAVE_SIGADDSET 1 - -/* Define if you have the sigblock function. */ -/* #undef HAVE_SIGBLOCK */ - -/* Define if you have the sigemptyset function. */ -#define HAVE_SIGEMPTYSET 1 - -/* Define if you have the sigsetmask function. */ -/* #undef HAVE_SIGSETMASK */ - -/* Define if you have the socket function. */ -#define HAVE_SOCKET 1 - -/* Define if you have the strerror function. */ -#define HAVE_STRERROR 1 - -/* Define if you have the strftime function. */ -#define HAVE_STRFTIME 1 - -/* Define if you have the strncasecmp function. */ -#define HAVE_STRNCASECMP 1 - -/* Define if you have the strstr function. */ -#define HAVE_STRSTR 1 - -/* Define if you have the ttyslot function. */ -#define HAVE_TTYSLOT 1 - -/* Define if you have the usleep function. */ -#define HAVE_USLEEP 1 - -/* Define if you have the <crypt.h> header file. */ -/* #undef HAVE_CRYPT_H */ - -/* Define if you have the <dirent.h> header file. */ -#define HAVE_DIRENT_H 1 - -/* Define if you have the <fcntl.h> header file. */ -#define HAVE_FCNTL_H 1 - -/* Define if you have the <lastlog.h> header file. */ -/* #undef HAVE_LASTLOG_H */ - -/* Define if you have the <limits.h> header file. */ -#define HAVE_LIMITS_H 1 - -/* Define if you have the <ndir.h> header file. */ -/* #undef HAVE_NDIR_H */ - -/* Define if you have the <paths.h> header file. */ -#define HAVE_PATHS_H 1 - -/* Define if you have the <pwd.h> header file. */ -#define HAVE_PWD_H 1 - -/* Define if you have the <shadow.h> header file. */ -/* #undef HAVE_SHADOW_H */ - -/* Define if you have the <signal.h> header file. */ -#define HAVE_SIGNAL_H 1 - -/* Define if you have the <stdlib.h> header file. */ -#define HAVE_STDLIB_H 1 - -/* Define if you have the <string.h> header file. */ -#define HAVE_STRING_H 1 - -/* Define if you have the <sys/dir.h> header file. */ -/* #undef HAVE_SYS_DIR_H */ - -/* Define if you have the <sys/file.h> header file. */ -#define HAVE_SYS_FILE_H 1 - -/* Define if you have the <sys/ioctl.h> header file. */ -#define HAVE_SYS_IOCTL_H 1 - -/* Define if you have the <sys/ndir.h> header file. */ -/* #undef HAVE_SYS_NDIR_H */ - -/* Define if you have the <sys/param.h> header file. */ -#define HAVE_SYS_PARAM_H 1 - -/* Define if you have the <sys/select.h> header file. */ -#define HAVE_SYS_SELECT_H 1 - -/* Define if you have the <sys/signal.h> header file. */ -#define HAVE_SYS_SIGNAL_H 1 - -/* Define if you have the <sys/time.h> header file. */ -#define HAVE_SYS_TIME_H 1 - -/* Define if you have the <sys/utsname.h> header file. */ -#define HAVE_SYS_UTSNAME_H 1 - -/* Define if you have the <syslog.h> header file. */ -#define HAVE_SYSLOG_H 1 - -/* Define if you have the <termios.h> header file. */ -#define HAVE_TERMIOS_H 1 - -/* Define if you have the <unistd.h> header file. */ -#define HAVE_UNISTD_H 1 - -/* Define if you have the <utmpx.h> header file. */ -/* #undef HAVE_UTMPX_H */ - -/* Define if you have the crypt library (-lcrypt). */ -#define HAVE_LIBCRYPT 1 - -/* Define if you have the nsl library (-lnsl). */ -/* #undef HAVE_LIBNSL */ - -/* Define if you have the posix library (-lposix). */ -/* #undef HAVE_LIBPOSIX */ - -/* Define if you have the socket library (-lsocket). */ -/* #undef HAVE_LIBSOCKET */ diff --git a/lib/libpam/libpam/pam_debug_log.c b/lib/libpam/libpam/pam_debug_log.c deleted file mode 100644 index c3fe8e3f84673..0000000000000 --- a/lib/libpam/libpam/pam_debug_log.c +++ /dev/null @@ -1,62 +0,0 @@ -/*- - * Copyright 2001 Mark R V Murray - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <libgen.h> -#include <stdarg.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include <security/pam_appl.h> -#include <security/openpam.h> -#include <security/pam_mod_misc.h> - -/* Print a verbose error, including the function name and a - * cleaned up filename. - */ -void -_pam_verbose_error(pam_handle_t *pamh, int flags, - const char *file, const char *function, const char *format, ...) -{ - va_list ap; - char *fmtbuf, *modname, *period; - - if (!(flags & PAM_SILENT) && !openpam_get_option(pamh, "no_warn")) { - modname = basename(file); - period = strchr(modname, '.'); - if (period == NULL) - period = strchr(modname, '\0'); - va_start(ap, format); - asprintf(&fmtbuf, "%.*s: %s: %s\n", (int)(period - modname), - modname, function, format); - pam_verror(pamh, fmtbuf, ap); - free(fmtbuf); - va_end(ap); - } -} diff --git a/lib/libpam/libpam/security/pam_mod_misc.h b/lib/libpam/libpam/security/pam_mod_misc.h deleted file mode 100644 index 8e50ff6212288..0000000000000 --- a/lib/libpam/libpam/security/pam_mod_misc.h +++ /dev/null @@ -1,74 +0,0 @@ -/*- - * Copyright 1998 Juniper Networks, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#ifndef PAM_MOD_MISC_H -#define PAM_MOD_MISC_H - -#include <sys/cdefs.h> - -/* Standard options - */ -enum opt { PAM_OPT_DEBUG, PAM_OPT_NO_WARN, PAM_OPT_ECHO_PASS, - PAM_OPT_USE_FIRST_PASS, PAM_OPT_TRY_FIRST_PASS, PAM_OPT_USE_MAPPED_PASS, - PAM_OPT_TRY_MAPPED_PASS, PAM_OPT_EXPOSE_ACCOUNT, - PAM_OPT_STD_MAX /* XXX */ }; - -#define PAM_MAX_OPTIONS 32 - -struct opttab { - const char *name; - int value; -}; - -struct options { - struct { - const char *name; - int bool; - char *arg; - } opt[PAM_MAX_OPTIONS]; -}; - -__BEGIN_DECLS -void pam_std_option(struct options *, struct opttab *, int, const char **); -int pam_test_option(struct options *, enum opt, char **); -void pam_set_option(struct options *, enum opt); -void pam_clear_option(struct options *, enum opt); -void _pam_verbose_error(pam_handle_t *, int, const char *, - const char *, const char *, ...); -__END_DECLS - -#define PAM_LOG(args...) \ - openpam_log(PAM_LOG_DEBUG, ##args) - -#define PAM_RETURN(arg) \ - return (arg) - -#define PAM_VERBOSE_ERROR(args...) \ - _pam_verbose_error(pamh, flags, __FILE__, __FUNCTION__, ##args) - -#endif diff --git a/lib/libpam/modules/pam_opie/pam_opie.8 b/lib/libpam/modules/pam_opie/pam_opie.8 deleted file mode 100644 index bae696d1b16e8..0000000000000 --- a/lib/libpam/modules/pam_opie/pam_opie.8 +++ /dev/null @@ -1,123 +0,0 @@ -.\" Copyright (c) 2001 Mark R V Murray -.\" All rights reserved. -.\" Copyright (c) 2002 Networks Associates Technology, Inc. -.\" All rights reserved. -.\" -.\" Portions of this software were developed for the FreeBSD Project by -.\" ThinkSec AS and NAI Labs, the Security Research Division of Network -.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 -.\" ("CBOSS"), as part of the DARPA CHATS research program. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote -.\" products derived from this software without specific prior written -.\" permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd July 7, 2001 -.Dt PAM_OPIE 8 -.Os -.Sh NAME -.Nm pam_opie -.Nd OPIE PAM module -.Sh SYNOPSIS -.Op Ar service-name -.Ar module-type -.Ar control-flag -.Pa pam_opie -.Op Ar options -.Sh DESCRIPTION -The OPIE authentication service module for PAM, -.Nm -provides functionality for only one PAM category: -that of authentication. -In terms of the -.Ar module-type -parameter, this is the -.Dq Li auth -feature. -It also provides a null function for session management. -.Pp -Note that this module does not enforce -.Xr opieaccess 5 -checks. -There is a separate module, -.Xr pam_opieaccess 8 , -for this purpose. -.Ss OPIE Authentication Module -The OPIE authentication component -provides functions to verify the identity of a user -.Pq Fn pam_sm_authenticate , -which obtains the relevant -.Xr opie 4 -credentials. -It provides the user with an OPIE challenge, -and verifies that this is correct with -.Xr opiechallenge 3 . -.Pp -The following options may be passed to the authentication module: -.Bl -tag -width ".Cm auth_as_self" -.It Cm debug -.Xr syslog 3 -debugging information at -.Dv LOG_DEBUG -level. -.It Cm auth_as_self -This option will require the user -to authenticate themself as the user -given by -.Xr getlogin 2 , -not as the account they are attempting to access. -This is primarily for services like -.Xr su 1 , -where the user's ability to retype -their own password -might be deemed sufficient. -.It Cm no_fake_prompts -Do not generate fake challenges for users who do not have an OPIE key. -Note that this can leak information to a hypothetical attacker about -who uses OPIE and who does not, but it can be useful on systems where -some users want to use OPIE but most do not. -.El -.Pp -Note that -.Nm -ignores the standard options -.Cm try_first_pass -and -.Cm use_first_pass , -since a challenge must be generated before the user can submit a valid -response. -.Sh FILES -.Bl -tag -width ".Pa /etc/opiekeys" -compact -.It Pa /etc/opiekeys -default OPIE password database. -.El -.Sh SEE ALSO -.Xr passwd 1 , -.Xr getlogin 2 , -.Xr opiechallenge 3 , -.Xr syslog 3 , -.Xr opie 4 , -.Xr pam.conf 5 , -.Xr pam 8 diff --git a/lib/libpam/modules/pam_opieaccess/Makefile b/lib/libpam/modules/pam_opieaccess/Makefile deleted file mode 100644 index 654684509785c..0000000000000 --- a/lib/libpam/modules/pam_opieaccess/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# $FreeBSD$ - -LIB= pam_opieaccess -SRCS= ${LIB}.c -DPADD= ${LIBOPIE} -LDADD= -lopie -MAN= pam_opieaccess.8 - -.include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 deleted file mode 100644 index b5392029c2ed2..0000000000000 --- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 +++ /dev/null @@ -1,125 +0,0 @@ -.\" Copyright (c) 2001 Mark R V Murray -.\" All rights reserved. -.\" Copyright (c) 2002 Networks Associates Technology, Inc. -.\" All rights reserved. -.\" -.\" Portions of this software were developed for the FreeBSD Project by -.\" ThinkSec AS and NAI Labs, the Security Research Division of Network -.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 -.\" ("CBOSS"), as part of the DARPA CHATS research program. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote -.\" products derived from this software without specific prior written -.\" permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd January 21, 2002 -.Dt PAM_OPIEACCESS 8 -.Os -.Sh NAME -.Nm pam_opieaccess -.Nd OPIEAccess PAM module -.Sh SYNOPSIS -.Op Ar service-name -.Ar module-type -.Ar control-flag -.Pa pam_opieaccess -.Op Ar options -.Sh DESCRIPTION -The -.Nm -module is used in conjunction with the -.Xr pam_opie 8 -PAM module to ascertain that authentication can proceed by other means -(such as the -.Xr pam_unix 8 -module) even if OPIE authentication failed. -To properly use this module, -.Xr pam_opie 8 -should be marked -.Dq Li sufficient , -and -.Nm -should be listed right below it and marked -.Dq Li requisite . -.Pp -The -.Nm -module provides functionality for only one PAM category: -authentication. -In terms of the -.Ar module-type -parameter, this is the -.Dq Li auth -feature. -It also provides null functions for the remaining module types. -.Ss OPIEAccess Authentication Module -The authentication component -.Pq Fn pam_sm_authenticate , -returns -.Dv PAM_SUCCESS -in two cases: -.Bl -enum -.It -The user does not have OPIE enabled. -.It -The user has OPIE enabled, and the remote host is listed as a trusted -host in -.Pa /etc/opieaccess , -and the user does not have a file named -.Pa opiealways -in his home directory. -.El -.Pp -Otherwise, it returns -.Dv PAM_AUTH_ERR . -.Pp -The following options may be passed to the authentication module: -.Bl -tag -width ".Cm no_warn" -.It Cm debug -.Xr syslog 3 -debugging information at -.Dv LOG_DEBUG -level. -.It Cm no_warn -suppress warning messages to the user. -These messages include reasons why the user's authentication attempt -was declined. -.El -.Sh SEE ALSO -.Xr opie 4 , -.Xr opieaccess 5 , -.Xr pam.conf 5 , -.Xr pam 8 , -.Xr pam_opie 8 -.Sh AUTHORS -The -.Nm -module and this manual page were developed for the -.Fx -Project by -ThinkSec AS and NAI Labs, the Security Research Division of Network -Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 -.Pq Dq CBOSS , -as part of the DARPA CHATS research program. diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c deleted file mode 100644 index 67cbfc0203e44..0000000000000 --- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c +++ /dev/null @@ -1,94 +0,0 @@ -/*- - * Copyright (c) 2002 Networks Associates Technology, Inc. - * All rights reserved. - * - * This software was developed for the FreeBSD Project by ThinkSec AS and - * NAI Labs, the Security Research Division of Network Associates, Inc. - * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the - * DARPA CHATS research program. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#define _BSD_SOURCE - -#include <sys/types.h> -#include <opie.h> -#include <pwd.h> -#include <unistd.h> -#include <syslog.h> - -#define PAM_SM_AUTH - -#include <security/pam_appl.h> -#include <security/pam_modules.h> -#include <security/pam_mod_misc.h> - -PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char *argv[] __unused) -{ - struct opie opie; - struct passwd *pwent; - char *luser, *rhost; - int r; - - r = pam_get_item(pamh, PAM_USER, (const void **)&luser); - if (r != PAM_SUCCESS) - return (r); - if (luser == NULL) - return (PAM_SERVICE_ERR); - - pwent = getpwnam(luser); - if (pwent == NULL || opielookup(&opie, luser) != 0) - return (PAM_SUCCESS); - - r = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost); - if (r != PAM_SUCCESS) - return (r); - - if ((rhost == NULL || opieaccessfile(rhost)) && - opiealways(pwent->pw_dir) != 0) - return (PAM_SUCCESS); - - PAM_VERBOSE_ERROR("Refused; remote host is not in opieaccess"); - - return (PAM_AUTH_ERR); -} - -PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, - int argc __unused, const char *argv[] __unused) -{ - - return (PAM_SUCCESS); -} - -PAM_MODULE_ENTRY("pam_opieaccess"); diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.8 b/lib/libpam/modules/pam_tacplus/pam_tacplus.8 deleted file mode 100644 index 5ad7f07851a5c..0000000000000 --- a/lib/libpam/modules/pam_tacplus/pam_tacplus.8 +++ /dev/null @@ -1,130 +0,0 @@ -.\" Copyright (c) 1999 -.\" Andrzej Bialecki <abial@FreeBSD.org>. All rights reserved. -.\" -.\" Copyright (c) 1992, 1993, 1994 -.\" The Regents of the University of California. All rights reserved. -.\" All rights reserved. -.\" -.\" This code is derived from software donated to Berkeley by -.\" Jan-Simon Pendry. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd August 2, 1999 -.Dt PAM_TACPLUS 8 -.Os -.Sh NAME -.Nm pam_tacplus -.Nd TACACS+ authentication PAM module -.Sh SYNOPSIS -.Op Ar service-name -.Ar module-type -.Ar control-flag -.Pa pam_tacplus -.Op Ar options -.Sh DESCRIPTION -The -.Nm -module provides authentication services based -upon the TACACS+ protocol -for the PAM (Pluggable Authentication Module) framework. -.Pp -The -.Nm -module accepts these optional parameters: -.Bl -tag -width ".Cm use_first_pass" -.It Cm use_first_pass -causes -.Nm -to use a previously entered password instead of prompting for a new one. -If no password has been entered then authentication fails. -.It Cm try_first_pass -causes -.Nm -to use a previously entered password, if one is available. -If no -password has been entered, -.Nm -prompts for one as usual. -.It Cm echo_pass -causes echoing to be left on if -.Nm -prompts for a password. -.It Cm conf Ns = Ns Ar pathname -specifies a non-standard location for the TACACS+ client configuration file -(normally located in -.Pa /etc/tacplus.conf ) . -.It Cm template_user Ns = Ns Ar username -specifies a user whose -.Xr passwd 5 -entry will be used as a template to create the session environment -if the supplied username does not exist in local password database. -The user -will be authenticated with the supplied username and password, but his -credentials to the system will be presented as the ones for -.Ar username , -i.e., his login class, home directory, resource limits, etc. will be set to ones -defined for -.Ar username . -.Pp -If this option is omitted, and there is no username -in the system databases equal to the supplied one (as determined by call to -.Xr getpwnam 3 ) , -the authentication will fail. -.El -.Sh FILES -.Bl -tag -width /etc/tacplus.conf -compact -.It Pa /etc/tacplus.conf -The standard TACACS+ client configuration file for -.Nm -.El -.Sh SEE ALSO -.Xr passwd 5 , -.Xr tacplus.conf 5 , -.Xr pam 8 -.Sh HISTORY -The -.Nm -module first appeared in -.Fx 3.1 . -.Sh AUTHORS -.An -nosplit -The -.Nm -manual page was written by -.An Andrzej Bialecki Aq abial@FreeBSD.org -and adapted to TACACS+ from RADIUS by -.An Mark R V Murray Aq markm@FreeBSD.org . -.Pp -The -.Nm -module was written by -.An John D. Polstra Aq jdp@FreeBSD.org . |