9 files changed, 0 insertions, 613 deletions

diff --git a/lib/libpam/modules/modules.inc b/lib/libpam/modules/modules.inc
index 02debf7a4330..c7040211a590 100644
--- a/lib/libpam/modules/modules.inc
+++ b/lib/libpam/modules/modules.inc
@@ -17,8 +17,6 @@ MODULES		+= pam_ksu
 MODULES		+= pam_lastlog
 MODULES		+= pam_login_access
 MODULES		+= pam_nologin
-MODULES		+= pam_opie
-MODULES		+= pam_opieaccess
 MODULES		+= pam_passwdqc
 MODULES		+= pam_permit
 .if ${MK_RADIUS_SUPPORT} != "no"
diff --git a/lib/libpam/modules/pam_opie/Makefile b/lib/libpam/modules/pam_opie/Makefile
deleted file mode 100644
index 5df10af706ec..000000000000
--- a/lib/libpam/modules/pam_opie/Makefile
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 2000 James Bloom
-# All rights reserved.
-# Based upon code Copyright 1998 Juniper Networks, Inc.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-
-PACKAGE=	runtime
-
-LIB=	pam_opie
-SRCS=	pam_opie.c
-MAN=	pam_opie.8
-
-LIBADD+=	opie
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_opie/Makefile.depend b/lib/libpam/modules/pam_opie/Makefile.depend
deleted file mode 100644
index da2957f739ba..000000000000
--- a/lib/libpam/modules/pam_opie/Makefile.depend
+++ /dev/null
@@ -1,19 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
-	gnu/lib/csu \
-	include \
-	include/xlocale \
-	lib/${CSU_DIR} \
-	lib/libc \
-	lib/libcompiler_rt \
-	lib/libopie \
-	lib/libpam/libpam \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/lib/libpam/modules/pam_opie/pam_opie.8 b/lib/libpam/modules/pam_opie/pam_opie.8
deleted file mode 100644
index bcb9f6244bdf..000000000000
--- a/lib/libpam/modules/pam_opie/pam_opie.8
+++ /dev/null
@@ -1,127 +0,0 @@
-.\" Copyright (c) 2001 Mark R V Murray
-.\" All rights reserved.
-.\" Copyright (c) 2002 Networks Associates Technology, Inc.
-.\" All rights reserved.
-.\"
-.\" Portions of this software were developed for the FreeBSD Project by
-.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
-.\" Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
-.\" ("CBOSS"), as part of the DARPA CHATS research program.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote
-.\"    products derived from this software without specific prior written
-.\"    permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd September 15, 2022
-.Dt PAM_OPIE 8
-.Os
-.Sh NAME
-.Nm pam_opie
-.Nd OPIE PAM module
-.Sh SYNOPSIS
-.Op Ar service-name
-.Ar module-type
-.Ar control-flag
-.Pa pam_opie
-.Op Ar options
-.Sh DEPRECATION NOTICE
-OPIE is deprecated, and may not be available in
-.Fx 14.0
-and later.
-.Sh DESCRIPTION
-The OPIE authentication service module for PAM,
-.Nm
-provides functionality for only one PAM category:
-that of authentication.
-In terms of the
-.Ar module-type
-parameter, this is the
-.Dq Li auth
-feature.
-It also provides a null function for session management.
-.Pp
-Note that this module does not enforce
-.Xr opieaccess 5
-checks.
-There is a separate module,
-.Xr pam_opieaccess 8 ,
-for this purpose.
-.Ss OPIE Authentication Module
-The OPIE authentication component
-provides functions to verify the identity of a user
-.Pq Fn pam_sm_authenticate ,
-which obtains the relevant
-.Xr opie 4
-credentials.
-It provides the user with an OPIE challenge,
-and verifies that this is correct with
-.Xr opiechallenge 3 .
-.Pp
-The following options may be passed to the authentication module:
-.Bl -tag -width ".Cm auth_as_self"
-.It Cm debug
-.Xr syslog 3
-debugging information at
-.Dv LOG_DEBUG
-level.
-.It Cm auth_as_self
-This option will require the user
-to authenticate himself as the user
-given by
-.Xr getlogin 2 ,
-not as the account they are attempting to access.
-This is primarily for services like
-.Xr su 1 ,
-where the user's ability to retype
-their own password
-might be deemed sufficient.
-.It Cm no_fake_prompts
-Do not generate fake challenges for users who do not have an OPIE key.
-Note that this can leak information to a hypothetical attacker about
-who uses OPIE and who does not, but it can be useful on systems where
-some users want to use OPIE but most do not.
-.El
-.Pp
-Note that
-.Nm
-ignores the standard options
-.Cm try_first_pass
-and
-.Cm use_first_pass ,
-since a challenge must be generated before the user can submit a valid
-response.
-.Sh FILES
-.Bl -tag -width ".Pa /etc/opiekeys" -compact
-.It Pa /etc/opiekeys
-default OPIE password database.
-.El
-.Sh SEE ALSO
-.Xr passwd 1 ,
-.Xr getlogin 2 ,
-.Xr opiechallenge 3 ,
-.Xr syslog 3 ,
-.Xr opie 4 ,
-.Xr pam.conf 5 ,
-.Xr pam 3
diff --git a/lib/libpam/modules/pam_opie/pam_opie.c b/lib/libpam/modules/pam_opie/pam_opie.c
deleted file mode 100644
index 41ad84b751bc..000000000000
--- a/lib/libpam/modules/pam_opie/pam_opie.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-3-Clause
- *
- * Copyright 2000 James Bloom
- * All rights reserved.
- * Based upon code Copyright 1998 Juniper Networks, Inc.
- * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * Portions of this software were developed for the FreeBSD Project by
- * ThinkSec AS and NAI Labs, the Security Research Division of Network
- * Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
- * ("CBOSS"), as part of the DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <opie.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define PAM_SM_AUTH
-
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-#include <security/pam_mod_misc.h>
-
-#define PAM_OPT_NO_FAKE_PROMPTS	"no_fake_prompts"
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
-{
-	struct opie opie;
-	struct passwd *pwd;
-	int retval, i;
-	const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "};
-	char challenge[OPIE_CHALLENGE_MAX + 1];
-	char principal[OPIE_PRINCIPAL_MAX];
-	const char *user;
-	char *response;
-	int style;
-
-	user = NULL;
-	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
-		if ((pwd = getpwnam(getlogin())) == NULL)
-			return (PAM_AUTH_ERR);
-		user = pwd->pw_name;
-	}
-	else {
-		retval = pam_get_user(pamh, &user, NULL);
-		if (retval != PAM_SUCCESS)
-			return (retval);
-	}
-
-	PAM_LOG("Got user: %s", user);
-
-	/*
-	 * Watch out: libopie feels entitled to truncate the user name
-	 * passed to it if it's longer than OPIE_PRINCIPAL_MAX, which is
-	 * not uncommon in Windows environments.
-	 */
-	if (strlen(user) >= sizeof(principal))
-		return (PAM_AUTH_ERR);
-	strlcpy(principal, user, sizeof(principal));
-
-	/*
-	 * Don't call the OPIE atexit() handler when our program exits,
-	 * since the module has been unloaded and we will SEGV.
-	 */
-	opiedisableaeh();
-
-	/*
-	 * If the no_fake_prompts option was given, and the user
-	 * doesn't have an OPIE key, just fail rather than present the
-	 * user with a bogus OPIE challenge.
-	 */
-	if (opiechallenge(&opie, principal, challenge) != 0 &&
-	    openpam_get_option(pamh, PAM_OPT_NO_FAKE_PROMPTS))
-		return (PAM_AUTH_ERR);
-
-	/*
-	 * It doesn't make sense to use a password that has already been
-	 * typed in, since we haven't presented the challenge to the user
-	 * yet, so clear the stored password.
-	 */
-	pam_set_item(pamh, PAM_AUTHTOK, NULL);
-
-	style = PAM_PROMPT_ECHO_OFF;
-	for (i = 0; i < 2; i++) {
-		retval = pam_prompt(pamh, style, &response,
-		    promptstr[i], challenge);
-		if (retval != PAM_SUCCESS) {
-			opieunlock();
-			return (retval);
-		}
-
-		PAM_LOG("Completed challenge %d: %s", i, response);
-
-		if (response[0] != '\0')
-			break;
-
-		/* Second time round, echo the password */
-		style = PAM_PROMPT_ECHO_ON;
-	}
-
-	pam_set_item(pamh, PAM_AUTHTOK, response);
-
-	/*
-	 * Opieverify is supposed to return -1 only if an error occurs.
-	 * But it returns -1 even if the response string isn't in the form
-	 * it expects.  Thus we can't log an error and can only check for
-	 * success or lack thereof.
-	 */
-	retval = opieverify(&opie, response);
-	free(response);
-	return (retval == 0 ? PAM_SUCCESS : PAM_AUTH_ERR);
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
-{
-
-	return (PAM_SUCCESS);
-}
-
-PAM_MODULE_ENTRY("pam_opie");
diff --git a/lib/libpam/modules/pam_opieaccess/Makefile b/lib/libpam/modules/pam_opieaccess/Makefile
deleted file mode 100644
index 426bd8216ce4..000000000000
--- a/lib/libpam/modules/pam_opieaccess/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
-# $FreeBSD$
-
-PACKAGE=	runtime
-
-LIB=	pam_opieaccess
-SRCS=	${LIB}.c
-MAN=	pam_opieaccess.8
-
-LIBADD+=	opie
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_opieaccess/Makefile.depend b/lib/libpam/modules/pam_opieaccess/Makefile.depend
deleted file mode 100644
index 81514fa091b5..000000000000
--- a/lib/libpam/modules/pam_opieaccess/Makefile.depend
+++ /dev/null
@@ -1,18 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
-	gnu/lib/csu \
-	include \
-	lib/${CSU_DIR} \
-	lib/libc \
-	lib/libcompiler_rt \
-	lib/libopie \
-	lib/libpam/libpam \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8
deleted file mode 100644
index d9d6a62dbee8..000000000000
--- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8
+++ /dev/null
@@ -1,146 +0,0 @@
-.\" Copyright (c) 2001 Mark R V Murray
-.\" All rights reserved.
-.\" Copyright (c) 2002 Networks Associates Technology, Inc.
-.\" All rights reserved.
-.\"
-.\" Portions of this software were developed for the FreeBSD Project by
-.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
-.\" Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
-.\" ("CBOSS"), as part of the DARPA CHATS research program.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote
-.\"    products derived from this software without specific prior written
-.\"    permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd September 15, 2022
-.Dt PAM_OPIEACCESS 8
-.Os
-.Sh NAME
-.Nm pam_opieaccess
-.Nd OPIEAccess PAM module
-.Sh SYNOPSIS
-.Op Ar service-name
-.Ar module-type
-.Ar control-flag
-.Pa pam_opieaccess
-.Op Ar options
-.Sh DEPRECATION NOTICE
-OPIE is deprecated, and may not be available in
-.Fx 14.0
-and later.
-.Sh DESCRIPTION
-The
-.Nm
-module is used in conjunction with the
-.Xr pam_opie 8
-PAM module to ascertain that authentication can proceed by other means
-(such as the
-.Xr pam_unix 8
-module) even if OPIE authentication failed.
-To properly use this module,
-.Xr pam_opie 8
-should be marked
-.Dq Li sufficient ,
-and
-.Nm
-should be listed right below it and marked
-.Dq Li requisite .
-.Pp
-The
-.Nm
-module provides functionality for only one PAM category:
-authentication.
-In terms of the
-.Ar module-type
-parameter, this is the
-.Dq Li auth
-feature.
-It also provides null functions for the remaining module types.
-.Ss OPIEAccess Authentication Module
-The authentication component
-.Pq Fn pam_sm_authenticate ,
-returns
-.Dv PAM_SUCCESS
-in two cases:
-.Bl -enum
-.It
-The user does not have OPIE enabled.
-.It
-The user has OPIE enabled, and the remote host is listed as a trusted
-host in
-.Pa /etc/opieaccess ,
-and the user does not have a file named
-.Pa \&.opiealways
-in his home directory.
-.El
-.Pp
-Otherwise, it returns
-.Dv PAM_AUTH_ERR .
-.Pp
-The following options may be passed to the authentication module:
-.Bl -tag -width ".Cm allow_local"
-.It Cm allow_local
-Normally, local logins are subjected to the same restrictions as
-remote logins from
-.Dq localhost .
-This option causes
-.Nm
-to always allow local logins.
-.It Cm debug
-.Xr syslog 3
-debugging information at
-.Dv LOG_DEBUG
-level.
-.It Cm no_warn
-suppress warning messages to the user.
-These messages include reasons why the user's authentication attempt
-was declined.
-.El
-.Sh FILES
-.Bl -tag -width ".Pa $HOME/.opiealways"
-.It Pa /etc/opieaccess
-List of trusted hosts or networks.
-See
-.Xr opieaccess 5
-for a description of its syntax.
-.It Pa $HOME/.opiealways
-The presence of this file makes OPIE mandatory for the user.
-.El
-.Sh SEE ALSO
-.Xr opie 4 ,
-.Xr opieaccess 5 ,
-.Xr pam.conf 5 ,
-.Xr pam 3 ,
-.Xr pam_opie 8
-.Sh AUTHORS
-The
-.Nm
-module and this manual page were developed for the
-.Fx
-Project by
-ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
-.Pq Dq CBOSS ,
-as part of the DARPA CHATS research program.
diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
deleted file mode 100644
index 090d98e5f2a6..000000000000
--- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-3-Clause
- *
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#define _BSD_SOURCE
-
-#include <sys/types.h>
-#include <opie.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <syslog.h>
-
-#define PAM_SM_AUTH
-
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-#include <security/pam_mod_misc.h>
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
-{
-	struct opie opie;
-	struct passwd *pwent;
-	const void *luser, *rhost;
-	int r;
-
-	r = pam_get_item(pamh, PAM_USER, &luser);
-	if (r != PAM_SUCCESS)
-		return (r);
-	if (luser == NULL)
-		return (PAM_SERVICE_ERR);
-
-	pwent = getpwnam(luser);
-	if (pwent == NULL || opielookup(&opie, __DECONST(char *, luser)) != 0)
-		return (PAM_SUCCESS);
-
-	r = pam_get_item(pamh, PAM_RHOST, &rhost);
-	if (r != PAM_SUCCESS)
-		return (r);
-	if (rhost == NULL || *(const char *)rhost == '\0')
-		rhost = openpam_get_option(pamh, "allow_local") ?
-		    "" : "localhost";
-
-	if (opieaccessfile(__DECONST(char *, rhost)) != 0 &&
-	    opiealways(pwent->pw_dir) != 0)
-		return (PAM_SUCCESS);
-
-	PAM_VERBOSE_ERROR("Refused; remote host is not in opieaccess");
-
-	return (PAM_AUTH_ERR);
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
-{
-
-	return (PAM_SUCCESS);
-}
-
-PAM_MODULE_ENTRY("pam_opieaccess");