Prepare to release Ximenia tomorrow.

My thanks to Robert Morris <rtm@lcs.mit.edu> for finding and reporting the bug.

.gitignore

@@ -0,0 +1,30 @@
+/aclocal.m4
+/autom4te.cache
+/compile
+/config.guess
+/config.h.in
+/config.h
+/config.log
+/config.status
+/config.sub
+/configure
+/cov
+/depcomp
+/install-sh
+/libtool
+/ltmain.sh
+/missing
+/stamp-h1
+/test-driver
+*~
+.deps
+.libs
+*.a
+*.la
+*.lo
+*.log
+*.o
+*.pc
+*.profraw
+Makefile
+Makefile.in

CREDITS

@@ -1,4 +1,6 @@
 
+       _Ἀπόδοτε οὖν τὰ Καίσαρος Καίσαρι καὶ τὰ τοῦ Θεοῦ τῷ Θεῷ_
+
 The OpenPAM library was developed for the FreeBSD Project by ThinkSec AS
 and Network Associates Laboratories, the Security Research Division of
 Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
@@ -13,21 +15,28 @@ directly or indirectly, with patches, criticism, suggestions, or
 ideas:
 
 	Andrew Morgan <morgan@transmeta.com>
+	Ankita Pal <pal.ankita.ankita@gmail.com>
+	Baptiste Daroussin <bapt@freebsd.org>
 	Brian Fundakowski Feldman <green@freebsd.org>
+	Brooks Davis <brooks@freebsd.org>
 	Christos Zoulas <christos@netbsd.org>
 	Daniel Richard G. <skunk@iskunk.org>
 	Darren J. Moffat <darren.moffat@sun.com>
+	Dimitry Andric <dim@freebsd.org>
 	Dmitry V. Levin <ldv@altlinux.org>
 	Don Lewis <truckman@freebsd.org>
 	Emmanuel Dreyfus <manu@netbsd.org>
 	Eric Melville <eric@freebsd.org>
+	Espen Grøndahl <espegro@usit.uio.no>
 	Gary Winiger <gary.winiger@sun.com>
+	Gavin Atkinson <gavin@freebsd.org>
 	Gleb Smirnoff <glebius@freebsd.org>
 	Hubert Feyrer <hubert@feyrer.de>
 	Jason Evans <jasone@freebsd.org>
 	Joe Marcus Clarke <marcus@freebsd.org>
-	Juli Mallett <jmallett@freebsd.org>
 	Jörg Sonnenberger <joerg@britannica.bec.de>
+	Juli Mallett <jmallett@freebsd.org>
+	Larry Baird <lab@gta.com>
 	Maëlle Lesage <lesage.maelle@gmail.com>
 	Mark Murray <markm@freebsd.org>
 	Matthias Drochner <drochner@netbsd.org>
@@ -35,12 +44,13 @@ ideas:
 	Mikhail Teterin <mi@aldan.algebra.com>
 	Mikko Työläjärvi <mbsd@pacbell.net>
 	Nick Hibma <nick@van-laarhoven.org>
+	Patrick Bihan-Faou <patrick-fbsd@mindstep.com>
+	Robert Morris <rtm@lcs.mit.edu>
 	Robert Watson <rwatson@freebsd.org>
 	Ruslan Ermilov <ru@freebsd.org>
 	Sebastian Krahmer <sebastian.krahmer@gmail.com>
 	Solar Designer <solar@openwall.com>
 	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
+	Tim Creech <tcreech@tcreech.com>
 	Wojciech A. Koszek <wkoszek@freebsd.org>
 	Yar Tikhiy <yar@freebsd.org>
-
-$Id$

HISTORY

@@ -1,3 +1,108 @@
+OpenPAM Ximenia							2023-06-27
+
+ - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
+   expect scripts.
+
+ - BUGFIX: In openpam_set_option(3), when removing an option, properly
+   decrement the option count.
+
+ - BUGFIX: In openpam_subst(3), avoid incrementing past the end of the
+   template.
+============================================================================
+OpenPAM Tabebuia						2019-02-24
+
+ - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
+   OpenPAM Radula.
+
+ - ENHANCE: Add unit tests for pam_{get,put,set}env(3).
+============================================================================
+OpenPAM Resedacea						2017-04-30
+
+ - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
+   OpenPAM Radula, as it breaks common error-handling constructs.
+
+ - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
+   dispatcher when the required service function could not be found.
+
+ - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
+   NULL in API functions that have a NULL check.
+
+ - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
+   PAM_BAD_CONSTANT error codes for situations where we previously
+   incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
+   had been passed to an API function.
+
+ - ENHANCE: Improve the RETURN VALUES section in API man pages,
+   especially for functions that cannot fail, which were incorrectly
+   documented as returning -1 on failure.
+============================================================================
+OpenPAM Radula							2017-02-19
+
+ - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
+   pam_get_user(3) from using application-provided custom prompts.
+
+ - BUGFIX: Plug a memory leak in pam_set_item(3).
+
+ - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
+
+ - BUGFIX: In openpam_readword(3), support line continuations within
+   whitespace.
+
+ - ENHANCE: Add a feature flag to control fallback to "other" policy.
+
+ - ENHANCE: Add a pam_return(8) module which returns an arbitrary
+   code specified in the module options.
+
+ - ENHANCE: More and better unit tests.
+============================================================================
+OpenPAM Ourouparia						2014-09-12
+
+ - ENHANCE: When executing a chain, require at least one service
+   function to succeed.  This mitigates fail-open scenarios caused by
+   misconfigurations or missing modules.
+
+ - ENHANCE: Make sure to overwrite buffers which may have contained an
+   authentication token when they're no longer needed.
+
+ - BUGFIX: Under certain circumstances, specifying a non-existent
+   module (or misspelling the name of a module) in a policy could
+   result in a fail-open scenario.  (CVE-2014-3879)
+
+ - FEATURE: Add a search path for modules.  This was implemented in
+   Nummularia but inadvertently left out of the release notes.
+
+ - BUGFIX: The is_upper() predicate only accepted the letter A as an
+   upper-case character instead of the entire A-Z range.  As a result,
+   service and module names containing upper-case letters other than A
+   would be rejected.
+============================================================================
+OpenPAM Nummularia						2013-09-07
+
+ - ENHANCE: Rewrite the dynamic loader to improve readability and
+   reliability.  Modules can now be listed without the ".so" suffix in
+   the policy file; OpenPAM will automatically add it, just like it
+   will automatically add the version number if required.
+
+ - ENHANCE: Allow openpam_straddch(3) to be called without a character
+   so it can be used to preallocate a string.
+
+ - ENHANCE: Improve portability by adding simple asprintf(3) and
+   vasprintf(3) implementations for platforms that don't have them.
+
+ - ENHANCE: Move the libpam sources into a separate subdirectory.
+
+ - ENHANCE: Substantial documentation improvements.
+
+ - BUGFIX: When openpam_readword(3) encountered an opening quote, it
+   would set the first byte in the buffer to '\0', discarding all
+   existing text and, unless the buffer was empty to begin with, all
+   subsequent text as well.  This went unnoticed because none of the
+   unit tests for quoted strings had any text preceding the opening
+   quote.
+
+ - BUGFIX: make --with-modules-dir work the way it was meant to work
+   (but never did).
+============================================================================
 OpenPAM Micrampelis						2012-05-26
 
  - FEATURE: Add an openpam_readword(3) function which reads the next
@@ -70,7 +175,7 @@ OpenPAM Lycopsida						2011-12-18
    module before loading it.
 
  - ENHANCE: added / improved input validation in many cases, including
-   the policy file and some function arguments.
+   the policy file and some function arguments.  (CVE-2011-4122)
 ============================================================================
 OpenPAM Hydrangea						2007-12-21
 
@@ -400,5 +505,3 @@ Fixed a number of bugs in the previous release, including:
 OpenPAM Calamite						2002-02-09
 
 First (beta) release.
-============================================================================
-$Id$

INSTALL

@@ -54,5 +54,3 @@
   directory:
 
   # make install
-
-$Id$

LICENSE

@@ -1,6 +1,6 @@
 
 Copyright (c) 2002-2003 Networks Associates Technology, Inc.
-Copyright (c) 2004-2012 Dag-Erling Smørgrav
+Copyright (c) 2004-2023 Dag-Erling Smørgrav
 All rights reserved.
 
 This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,5 +31,3 @@ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGE.
-
-$Id$

Makefile.am

@@ -1,8 +1,6 @@
-# $Id$
-
 ACLOCAL_AMFLAGS = -I m4
 
-SUBDIRS = lib bin modules include
+SUBDIRS = misc include lib bin modules
 
 if WITH_DOC
 SUBDIRS += doc
@@ -19,3 +17,32 @@ EXTRA_DIST = \
 	RELNOTES \
 	autogen.sh \
 	misc/gendoc.pl
+
+if WITH_CODE_COVERAGE
+covdir = @abs_top_builddir@/cov
+coverage: coverage-clean all coverage-prepare coverage-run coverage-report
+coverage-clean:
+	-rm -rf "${covdir}"
+coverage-prepare:
+	mkdir "${covdir}"
+if CLANG_CODE_COVERAGE
+profdata = ${covdir}/@PACKAGE@.profdata
+# hardcoding libpam.so here is horrible, need to find a better solution
+coverage-run:
+	LLVM_PROFILE_FILE="${covdir}/@PACKAGE@.%p.raw" \
+	    ${MAKE} -C "@abs_top_builddir@" check
+coverage-report:
+	llvm-profdata@clang_ver@ merge \
+	    --sparse "${covdir}/@PACKAGE@".*.raw -o "${profdata}"
+	llvm-cov@clang_ver@ show \
+	    --format=html --tab-size=8 \
+	    --output-dir="${covdir}" \
+	    --instr-profile="${profdata}" \
+	    --object "@abs_top_builddir@/lib/libpam/.libs/libpam.so"
+	@echo "coverage report: file://${covdir}/index.html"
+endif
+else
+coverage:
+	echo "code coverage is not enabled." >&2
+	false
+endif

README

@@ -7,21 +7,4 @@ implementations disagree, OpenPAM tries to remain compatible with
 Solaris, at the expense of XSSO conformance and Linux-PAM
 compatibility.
 
-These are some of OpenPAM's features:
-
-   - Implements the complete PAM API as described in the original PAM
-     paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
-     except for mappings and secondary authentication.  Also
-     implements some extensions found in Solaris 9.
-
-   - Extends the API with several useful and time-saving functions.
-
-   - Performs strict checking of return values from service modules.
-
-   - Reads configuration from /etc/pam.d/, /etc/pam.conf,
-     /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
-     this will be made configurable in a future release.
-
 Please direct bug reports and inquiries to <des@des.no>.
-
-$Id$

RELNOTES

@@ -1,27 +1,21 @@
 
-		Release notes for OpenPAM Micrampelis
-		=====================================
+		  Release notes for OpenPAM Ximenia
+		  =================================
 
-This release corresponds to the code used in FreeBSD HEAD as of the
-release date, and is also expected to work on almost any POSIX-like
-platform that has GNU autotools, GNU make and the GNU compiler suite
-installed.
+OpenPAM is developed primarily on FreeBSD, but is expected to work on
+almost any POSIX-like platform that has GNU autotools, GNU make and
+the GNU compiler suite installed.
 
-The library itself is complete.  Documentation exists in the form of
-man pages for the library functions.  These man pages are generated by
-a Perl script from specially marked-up comments in the source files
-themselves, which minimizes the chance that any of them should be out
-of date.
+The OpenPAM distribution consists of the following components:
 
-The distribution also includes three sample modules (pam_deny,
-pam_permit and pam_unix) and a sample application (su).  These are not
-intended for actual use, but rather to serve as examples for module or
-application developers.  It also includes a command-line application
-(pamtest) which can be used to test policies and modules.
+ - The PAM library itself, with complete API documentation.
 
-Unit tests for limited portions of the library can be found in the t
-subdirectory.
+ - Sample modules (pam_permit, pam_deny and pam_unix) and a sample
+   application (su) which demonstrate how to use the PAM library.
+
+ - A test application (pamtest) which can be used to test policies and
+   modules.
+
+ - Unit tests for limited portions of the library.
 
 Please direct bug reports and inquiries to <des@des.no>.
-
-$Id$

TODO

@@ -1,13 +1,9 @@
-Before the next release:
+- Fix try_first_pass / use_first_pass (pam_get_authtok() code &
+  documentation are slightly incorrect, OpenPAM's pam_unix(8) is
+  incorrect, all FreeBSD modules are broken)
 
- - Complete the transition from PAM_LOG_DEBUG to PAM_LOG_LIBDEBUG.
+- Add loop detection to openpam_load_chain().
 
-Whenever:
+- Complete unit tests for openpam_dispatch().
 
- - Implement mechanism to enable / disable optional features.  Use it
-   to disable strict error checking so pamtest and unit tests can do
-   things that we don't allow in production.
-
- - Rewrite the module-loading code.
-
-$Id$
+- Stop using PAM_SYMBOL_ERR incorrectly.

autogen.des

@@ -1,7 +1,4 @@
 #!/bin/sh
-#
-# $Id$
-#
 
 set -ex
 
@@ -15,7 +12,8 @@ export CONFIG_SHELL=/bin/sh
 	--with-pam-unix \
 	--with-pamtest \
 	--with-su \
-	--with-modules-dir=/usr/lib \
+	--enable-debug \
 	--enable-developer-warnings \
 	--enable-werror \
+	--enable-code-coverage \
 	"$@"

autogen.sh

@@ -1,10 +1,7 @@
 #!/bin/sh
-#
-# $Id$
-#
 
-aclocal
 libtoolize --copy --force
+aclocal -I m4
 autoheader
-automake -a -c --foreign
+automake --add-missing --copy --foreign
 autoconf

bin/Makefile.am

@@ -1,5 +1,3 @@
-# $Id$
-
 SUBDIRS = openpam_dump_policy
 
 if WITH_PAMTEST

bin/openpam_dump_policy/.gitignore

@@ -0,0 +1 @@
+/openpam_dump_policy

bin/openpam_dump_policy/Makefile.am

@@ -1,7 +1,9 @@
-# $Id$
-
-INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib
+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/lib/libpam
 
 noinst_PROGRAMS = openpam_dump_policy
 openpam_dump_policy_SOURCES = openpam_dump_policy.c
-openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam.la
+if WITH_SYSTEM_LIBPAM
+openpam_dump_policy_LDADD = $(SYSTEM_LIBPAM)
+else
+openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif

bin/openpam_dump_policy/openpam_dump_policy.c

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2011 Dag-Erling Smørgrav
+ * Copyright (c) 2011-2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -43,6 +40,7 @@
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
+#include "openpam_asprintf.h"
 
 static char *
 openpam_chain_name(const char *service, pam_facility_t fclt)
@@ -64,7 +62,7 @@ openpam_facility_index_name(pam_facility_t fclt)
 	if (asprintf(&name, "PAM_%s", facility) == -1)
 		return (NULL);
 	for (p = name + 4; *p; ++p)
-		*p = toupper(*p);
+		*p = toupper((unsigned char)*p);
 	return (name);
 }
 

bin/pamtest/.gitignore

@@ -0,0 +1 @@
+/pamtest

bin/pamtest/Makefile.am

@@ -1,9 +1,11 @@
-# $Id$
-
-INCLUDES = -I$(top_srcdir)/include
+AM_CPPFLAGS = -I$(top_srcdir)/include
 
 bin_PROGRAMS = pamtest
 pamtest_SOURCES = pamtest.c
-pamtest_LDADD = $(top_builddir)/lib/libpam.la
+if WITH_SYSTEM_LIBPAM
+pamtest_LDADD = $(SYSTEM_LIBPAM)
+else
+pamtest_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif
 
 dist_man1_MANS = pamtest.1

bin/pamtest/pamtest.1

@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2011 Dag-Erling Smørgrav
+.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,19 +26,18 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id$
-.\"
-.Dd April 14, 2012
+.Dd July 11, 2013
 .Dt PAMTEST 1
 .Os
 .Sh NAME
 .Nm pamtest
 .Nd PAM policy tester
-.Sh SYNOPSYS
+.Sh SYNOPSIS
 .Nm
 .Op Fl dkMPsv
 .Op Fl H Ar rhost
 .Op Fl h Ar host
+.Op Fl T Ar timeout
 .Op Fl t Ar tty
 .Op Fl U Ar ruser
 .Op Fl u Ar user
@@ -136,6 +135,9 @@ flag when calling the
 and
 .Xr pam_close_session 3
 primitives.
+.It Fl T Ar timeout
+Set the conversation timeout (in seconds) for
+.Xr openpam_ttyconv 3 .
 .It Fl t Ar tty
 Specify the name of the tty.
 The default is to use the result of calling
@@ -164,7 +166,7 @@ pamtest -v system auth account change setcred open close unsetcred
 The
 .Nm
 utility and this manual page were written by
-.An Dag-Erling Sm\(/orgrav Aq des@des.no .
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
 .Sh BUGS
 The
 .Nm

bin/pamtest/pamtest.c

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -35,6 +32,7 @@
 #endif
 
 #include <err.h>
+#include <limits.h>
 #include <pwd.h>
 #include <stdarg.h>
 #include <stdio.h>
@@ -116,6 +114,7 @@ pt_authenticate(int flags)
 	int pame;
 
 	flags |= silent;
+	pt_verbose("pam_authenticate()");
 	if ((pame = pam_authenticate(pamh, flags)) != PAM_SUCCESS)
 		pt_error(pame, "pam_authenticate()");
 	return (pame);
@@ -130,6 +129,7 @@ pt_acct_mgmt(int flags)
 	int pame;
 
 	flags |= silent;
+	pt_verbose("pam_acct_mgmt()");
 	if ((pame = pam_acct_mgmt(pamh, flags)) != PAM_SUCCESS)
 		pt_error(pame, "pam_acct_mgmt()");
 	return (pame);
@@ -144,6 +144,7 @@ pt_chauthtok(int flags)
 	int pame;
 
 	flags |= silent;
+	pt_verbose("pam_chauthtok()");
 	if ((pame = pam_chauthtok(pamh, flags)) != PAM_SUCCESS)
 		pt_error(pame, "pam_chauthtok()");
 	return (pame);
@@ -158,6 +159,7 @@ pt_setcred(int flags)
 	int pame;
 
 	flags |= silent;
+	pt_verbose("pam_setcred()");
 	if ((pame = pam_setcred(pamh, flags)) != PAM_SUCCESS)
 		pt_error(pame, "pam_setcred()");
 	return (pame);
@@ -172,6 +174,7 @@ pt_open_session(int flags)
 	int pame;
 
 	flags |= silent;
+	pt_verbose("pam_open_session()");
 	if ((pame = pam_open_session(pamh, flags)) != PAM_SUCCESS)
 		pt_error(pame, "pam_open_session()");
 	return (pame);
@@ -186,6 +189,7 @@ pt_close_session(int flags)
 	int pame;
 
 	flags |= silent;
+	pt_verbose("pam_close_session()");
 	if ((pame = pam_close_session(pamh, flags)) != PAM_SUCCESS)
 		pt_error(pame, "pam_close_session()");
 	return (pame);
@@ -269,6 +273,24 @@ usage(void)
 	exit(1);
 }
 
+/*
+ * Handle an option that takes an int argument and can be used only once
+ */
+static void
+opt_num_once(int opt, long *num, const char *arg)
+{
+	char *end;
+	long l;
+
+	l = strtol(arg, &end, 0);
+	if (end == optarg || *end != '\0') {
+		fprintf(stderr,
+		    "The -%c option expects a numeric argument\n", opt);
+		usage();
+	}
+	*num = l;
+}
+
 /*
  * Handle an option that takes a string argument and can be used only once
  */
@@ -296,11 +318,12 @@ main(int argc, char *argv[])
 	const char *user = NULL;
 	const char *service = NULL;
 	const char *tty = NULL;
+	long timeout = 0;
 	int keepatit = 0;
 	int pame;
 	int opt;
 
-	while ((opt = getopt(argc, argv, "dH:h:kMPst:U:u:v")) != -1)
+	while ((opt = getopt(argc, argv, "dH:h:kMPsT:t:U:u:v")) != -1)
 		switch (opt) {
 		case 'd':
 			openpam_debug++;
@@ -325,6 +348,15 @@ main(int argc, char *argv[])
 		case 's':
 			silent = PAM_SILENT;
 			break;
+		case 'T':
+			opt_num_once(opt, &timeout, optarg);
+			if (timeout < 0 || timeout > INT_MAX) {
+				fprintf(stderr,
+				    "Invalid conversation timeout\n");
+				usage();
+			}
+			openpam_ttyconv_timeout = (int)timeout;
+			break;
 		case 't':
 			opt_str_once(opt, &tty, optarg);
 			break;
@@ -352,6 +384,8 @@ main(int argc, char *argv[])
 	++argv;
 
 	/* defaults */
+	if (service == NULL)
+		service = "pamtest";
 	if (rhost == NULL) {
 		if (gethostname(hostname, sizeof(hostname)) == -1)
 			err(1, "gethostname()");

bin/su/.gitignore

@@ -0,0 +1 @@
+/su

bin/su/Makefile.am

@@ -1,9 +1,11 @@
-# $Id$
-
-INCLUDES = -I$(top_srcdir)/include
+AM_CPPFLAGS = -I$(top_srcdir)/include
 
 bin_PROGRAMS = su
 su_SOURCES = su.c
-su_LDADD = $(top_builddir)/lib/libpam.la
+if WITH_SYSTEM_LIBPAM
+su_LDADD = $(SYSTEM_LIBPAM)
+else
+su_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif
 
 dist_man1_MANS = su.1

bin/su/su.1

@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2011 Dag-Erling Smørgrav
+.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,15 +26,13 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id$
-.\"
 .Dd November 2, 2011
 .Dt SU 1
 .Os
 .Sh NAME
 .Nm su
 .Nd switch user identity
-.Sh SYNOPSYS
+.Sh SYNOPSIS
 .Nm
 .Op Ar login Op Ar ...
 .Sh DESCRIPTION
@@ -62,4 +60,4 @@ and should not be used in production systems.
 The
 .Nm
 utility and this manual page were written by
-.An Dag-Erling Sm\(/orgrav Aq des@des.no .
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

bin/su/su.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

configure.ac

@@ -1,27 +1,29 @@
-dnl $Id$
-
-AC_PREREQ([2.62])
-AC_REVISION([$Id$])
-AC_INIT([OpenPAM], [trunk], [des@des.no])
-AC_CONFIG_SRCDIR([lib/pam_start.c])
+AC_PREREQ([2.69])
+AC_INIT([OpenPAM], [trunk], [des@des.no], [openpam], [https://openpam.org/])
+AC_CONFIG_SRCDIR([lib/libpam/pam_start.c])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE([foreign])
 AM_CONFIG_HEADER([config.h])
 
 # C compiler and features
 AC_LANG(C)
-AC_PROG_CC
+AC_PROG_CC([clang gcc cc])
 AC_PROG_CC_STDC
 AC_PROG_CPP
+AC_PROG_CXX([clang++ g++ c++])
 AC_GNU_SOURCE
 AC_C_CONST
 AC_C_RESTRICT
 AC_C_VOLATILE
+AX_COMPILER_VENDOR
 
 # libtool
 LT_PREREQ([2.2.6])
 LT_INIT([disable-static dlopen])
 
+# pkg-config
+AX_PROG_PKG_CONFIG
+
 # other programs
 AC_PROG_INSTALL
 
@@ -31,31 +33,29 @@ AC_DEFINE_UNQUOTED(LIB_MAJ, $LIB_MAJ, [OpenPAM library major number])
 
 AC_ARG_ENABLE([debug],
     AC_HELP_STRING([--enable-debug],
-	[turn debugging on by default]),
-    AC_DEFINE(OPENPAM_DEBUG, 1, [Turn debugging on by default]))
+        [turn debugging macros on]),
+    AC_DEFINE(OPENPAM_DEBUG, 1, [Turn debugging macros on]))
 
 AC_ARG_ENABLE([unversioned-modules],
     AC_HELP_STRING([--disable-unversioned-modules],
-	[support loading of unversioned modules]),
+        [support loading of unversioned modules]),
     [AS_IF([test x"$enableval" = x"no"], [
-	AC_DEFINE(DISABLE_UNVERSIONED_MODULES,
-	    1,
-	    [Whether loading unversioned modules support is disabled])
+        AC_DEFINE(DISABLE_UNVERSIONED_MODULES,
+            1,
+            [Whether loading unversioned modules support is disabled])
     ])])
 
 AC_ARG_WITH([modules-dir],
     AC_HELP_STRING([--with-modules-dir=DIR],
-	[OpenPAM modules directory]),
+        [OpenPAM modules directory]),
     [AS_IF([test x"$withval" != x"no"], [
-	OPENPAM_MODULES_DIR="$withval"
-    ], [
-	OPENPAM_MODULES_DIR="$libdir"
-    ])],
-    [OPENPAM_MODULES_DIR="$libdir"])
-AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR,
-    "${OPENPAM_MODULES_DIR%/}/",
-    [OpenPAM modules directory])
+        OPENPAM_MODULES_DIR="$withval"
+        AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR,
+            "${OPENPAM_MODULES_DIR%/}",
+            [OpenPAM modules directory])
+    ])])
 AC_SUBST(OPENPAM_MODULES_DIR)
+AM_CONDITIONAL([CUSTOM_MODULES_DIR], [test x"$OPENPAM_MODULES_DIR" != x""])
 
 AC_ARG_WITH([doc],
     AC_HELP_STRING([--without-doc], [do not build documentation]),
@@ -64,26 +64,36 @@ AC_ARG_WITH([doc],
 AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" = x"yes"])
 
 AC_ARG_WITH([pam-unix],
-    AC_HELP_STRING([--with-pam-unix], [compile sample pam_unix(8) implementation]),
+    AC_HELP_STRING([--with-pam-unix], [build sample pam_unix(8) module]),
     [],
     [with_pam_unix=no])
 AM_CONDITIONAL([WITH_PAM_UNIX], [test x"$with_pam_unix" = x"yes"])
 
 AC_ARG_WITH(pamtest,
-    AC_HELP_STRING([--with-pamtest], [compile test application]),
+    AC_HELP_STRING([--with-pamtest], [build test application]),
     [],
     [with_pamtest=no])
 AM_CONDITIONAL([WITH_PAMTEST], [test x"$with_pamtest" = x"yes"])
 
 AC_ARG_WITH(su,
-    AC_HELP_STRING([--with-su], [compile sample su(1) implementation]),
+    AC_HELP_STRING([--with-su], [build sample su(1) implementation]),
     [],
     [with_su=no])
 AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"])
 
+AC_ARG_WITH(system-libpam,
+    AC_HELP_STRING([--with-system-libpam], [use system libpam]),
+    [],
+    [with_system_libpam=no])
+AM_CONDITIONAL([WITH_SYSTEM_LIBPAM], [test x"$with_system_libpam" = x"yes"])
+
 AC_CHECK_HEADERS([crypt.h])
 
-AC_CHECK_FUNCS([fdlopen fpurge strlcat strlcmp strlcpy])
+AC_CHECK_FUNCS([asprintf vasprintf])
+AC_CHECK_FUNCS([dlfunc fdlopen])
+AC_CHECK_FUNCS([fpurge])
+AC_CHECK_FUNCS([setlogmask])
+AC_CHECK_FUNCS([strlcat strlcmp strlcpy strlset])
 
 saved_LIBS="${LIBS}"
 LIBS=""
@@ -94,14 +104,19 @@ AC_SUBST(DL_LIBS)
 
 saved_LIBS="${LIBS}"
 LIBS=""
-AC_CHECK_LIB([crypt], [crypt])
-CRYPT_LIBS="${LIBS}"
+AC_CHECK_LIB([pam], [pam_start])
+SYSTEM_LIBPAM="${LIBS}"
 LIBS="${saved_LIBS}"
-AC_SUBST(CRYPT_LIBS)
+AC_SUBST(SYSTEM_LIBPAM)
+
+AX_PKG_CONFIG_CHECK([cryb-test],
+  [AC_MSG_NOTICE([Cryb test framework found, unit tests enabled.])],
+  [AC_MSG_WARN([Cryb test framework not found, unit tests disabled.])])
+AM_CONDITIONAL([WITH_TEST], [test x"$CRYB_TEST_LIBS" != x""])
 
 AC_ARG_ENABLE([developer-warnings],
     AS_HELP_STRING([--enable-developer-warnings], [enable strict warnings (default is NO)]),
-    [CFLAGS="${CFLAGS} -Wall -Wextra"])
+    [CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual"])
 AC_ARG_ENABLE([debugging-symbols],
     AS_HELP_STRING([--enable-debugging-symbols], [enable debugging symbols (default is NO)]),
     [CFLAGS="${CFLAGS} -O0 -g -fno-inline"])
@@ -109,6 +124,27 @@ AC_ARG_ENABLE([werror],
     AS_HELP_STRING([--enable-werror], [use -Werror (default is NO)]),
     [CFLAGS="${CFLAGS} -Werror"])
 
+AC_ARG_ENABLE([code-coverage],
+    AS_HELP_STRING([--enable-code-coverage],
+        [enable code coverage]))
+AS_IF([test x"$enable_code_coverage" = x"yes"], [
+    AM_COND_IF([WITH_TEST], [
+        AS_IF([test x"$ax_cv_c_compiler_vendor" = x"clang"], [
+            CFLAGS="${CFLAGS} -fprofile-instr-generate -fcoverage-mapping"
+            clang_code_coverage="yes"
+	    AC_SUBST([clang_ver], [${CC#clang}])
+        ], [
+            AC_MSG_ERROR([code coverage is only supported with clang])
+        ])
+        AC_DEFINE([WITH_CODE_COVERAGE], [1], [Define to 1 if code coverage is enabled])
+        AC_MSG_NOTICE([code coverage enabled])
+    ], [
+        AC_MSG_ERROR([code coverage requires unit tests])
+    ])
+])
+AM_CONDITIONAL([WITH_CODE_COVERAGE], [test x"$enable_code_coverage" = x"yes"])
+AM_CONDITIONAL([CLANG_CODE_COVERAGE], [test x"$clang_code_coverage" = x"yes"])
+
 AC_CONFIG_FILES([
     Makefile
     bin/Makefile
@@ -117,14 +153,18 @@ AC_CONFIG_FILES([
     bin/su/Makefile
     doc/Makefile
     doc/man/Makefile
+    freebsd/Makefile
     include/Makefile
     include/security/Makefile
     lib/Makefile
+    lib/libpam/Makefile
+    misc/Makefile
     modules/Makefile
     modules/pam_deny/Makefile
     modules/pam_permit/Makefile
+    modules/pam_return/Makefile
     modules/pam_unix/Makefile
     t/Makefile
 ])
-AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb])
+AC_CONFIG_FILES([misc/coverity.sh],[chmod +x misc/coverity.sh])
 AC_OUTPUT

doc/Makefile.am

@@ -1,3 +1 @@
-# $Id$
-
 SUBDIRS = man

doc/man/.gitignore

@@ -0,0 +1,2 @@
+/*.3
+!/pam_conv.3

doc/man/Makefile.am

@@ -1,9 +1,7 @@
-# $Id$
-
 NULL =
 
 # Standard PAM API
-PMAN = \
+PAM_MAN = \
 	pam_acct_mgmt.3 \
 	pam_authenticate.3 \
 	pam_chauthtok.3 \
@@ -24,7 +22,7 @@ PMAN = \
 	$(NULL)
 
 # Standard module API
-MMAN = \
+MOD_MAN = \
 	pam_sm_acct_mgmt.3 \
 	pam_sm_authenticate.3 \
 	pam_sm_chauthtok.3 \
@@ -34,7 +32,7 @@ MMAN = \
 	$(NULL)
 
 # OpenPAM extensions
-OMAN = \
+OPENPAM_MAN = \
 	openpam_borrow_cred.3 \
 	openpam_free_data.3 \
 	openpam_free_envlist.3 \
@@ -63,27 +61,35 @@ OMAN = \
 
 EXTRA_DIST = openpam.man pam.man
 
-ALLCMAN = $(PMAN) $(MMAN) $(OMAN)
+if !WITH_SYSTEM_LIBPAM
+PAMCMAN = $(PAM_MAN) $(MOD_MAN) $(OPENPAM_MAN)
+PAMXMAN = openpam.3 pam.3
+endif
 
-dist_man3_MANS = $(ALLCMAN) openpam.3 pam.3 pam_conv.3
+ALLCMAN = $(PAMCMAN)
+GENMAN = $(ALLCMAN) $(PAMXMAN)
+
+dist_man3_MANS = $(GENMAN) pam_conv.3
 
 dist_man5_MANS = pam.conf.5
 
-CLEANFILES = $(ALLCMAN) openpam.3 pam.3
+CLEANFILES = $(GENMAN)
 
 GENDOC = $(top_srcdir)/misc/gendoc.pl
 
-LIBSRCDIR = $(top_srcdir)/lib
+LIBPAMSRCDIR = $(top_srcdir)/lib/libpam
 
-VPATH = $(LIBSRCDIR) $(srcdir)
+VPATH = $(LIBPAMSRCDIR) $(srcdir)
 
 SUFFIXES = .3
 
 .c.3: $(GENDOC)
-	perl -w $(GENDOC) $<
+	perl -w $(GENDOC) $< || rm $@
 
-openpam.3: $(OMAN) $(GENDOC) $(srcdir)/openpam.man
-	perl -w $(GENDOC) -o $(abs_srcdir)/$(OMAN) <$(srcdir)/openpam.man
+openpam.3: $(OPENPAM_MAN) $(GENDOC) $(srcdir)/openpam.man
+	perl -w $(GENDOC) -o $(OPENPAM_MAN) <$(srcdir)/openpam.man || rm $@
 
-pam.3: $(PMAN) $(GENDOC) $(srcdir)/pam.man
-	perl -w $(GENDOC) -p $(abs_srcdir)/$(PMAN) <$(srcdir)/pam.man
+pam.3: $(PAM_MAN) $(GENDOC) $(srcdir)/pam.man
+	perl -w $(GENDOC) -p $(PAM_MAN) <$(srcdir)/pam.man || rm $@
+
+$(GENMAN): $(GENDOC)

doc/man/openpam.man

@@ -1,6 +1,3 @@
-.\"
-.\" $Id$
-.\"
 .Sh DESCRIPTION
 These functions are OpenPAM extensions to the PAM API.
 Those named

doc/man/pam.conf.5

@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2005-2011 Dag-Erling Smørgrav
+.\" Copyright (c) 2005-2017 Dag-Erling Smørgrav
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,9 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id$
-.\"
-.Dd November 3, 2011
+.Dd March 17, 2013
 .Dt PAM.CONF 5
 .Os
 .Sh NAME
@@ -65,15 +63,16 @@ Entries in
 policy files are of the same form, but are prefixed by an additional
 field specifying the name of the service they apply to.
 .Pp
-In both types of policy files, blank lines are ignored, as is anything
-to the right of a
+In both cases, blank lines and comments introduced by a
 .Ql #
-sign.
+sign are ignored, and the normal shell quoting rules apply.
+The precise details of how the file is tokenized are described in
+.Xr openpam_readword 3 .
 .Pp
 The
 .Ar facility
 field specifies the facility the entry applies to, and is one of:
-.Bl -tag -width ".Cm password"
+.Bl -tag -width 12n
 .It Cm auth
 Authentication functions
 .Po
@@ -99,7 +98,7 @@ The
 field determines how the result returned by the module affects the
 flow of control through (and the final result of) the rest of the
 chain, and is one of:
-.Bl -tag -width ".Cm sufficient"
+.Bl -tag -width 12n
 .It Cm required
 If this module succeeds, the result of the chain will be success
 unless a later module fails.
@@ -141,16 +140,18 @@ phase of
 .Pp
 The
 .Ar module-path
-field specifies the name, or optionally the full path, of the module
-to call.
+field specifies the name or full path of the module to call.
+If only the name is specified, the PAM library will search for it in
+the following locations:
+.Bl -enum
+.It
+.Pa /usr/lib
+.It
+.Pa /usr/local/lib
+.El
 .Pp
-The remaining fields are passed as arguments to the module if and when
-it is invoked.
-As a special case, if an argument is of the form ``name=value'' and
-the right-hand side is surrounded by single or double quotes, any
-whitespace between the quote characters will be considered part of the
-same argument rather than a separator between this argument and the
-next.
+The remaining fields, if any, are passed unmodified to the module if
+and when it is invoked.
 .Pp
 The
 .Cm include
@@ -161,6 +162,37 @@ This allows one to define system-wide policies which are then included
 into service-specific policies.
 The system-wide policy can then be modified without having to also
 modify each and every service-specific policy.
+.Pp
+.Bf -symbolic
+Take care not to introduce loops when using
+.Cm include
+rules, as there is currently no loop detection in place.
+.Ef
+.Sh MODULE OPTIONS
+Some PAM library functions may alter their behavior when called by a
+service module if certain module options were specified, regardless of
+whether the module itself accords them any importance.
+One such option is
+.Cm debug ,
+which causes the dispatcher to enable debugging messages before
+calling each service function, and disable them afterwards (unless
+they were already enabled).
+Other special options include:
+.Bl -tag -width 12n
+.It Cm authtok_prompt Ns = Ns Ar prompt , Cm oldauthtok_prompt Ns = Ns Ar prompt , Cm user_prompt Ns = Ns Ar prompt
+These options can be used to override the prompts used by
+.Xr pam_get_authtok 3
+and
+.Xr pam_get_user 3 .
+.It Cm echo_pass
+This option controls whether
+.Xr pam_get_authtok 3
+will allow the user to see what they are typing.
+.It Cm try_first_pass , Cm use_first_pass
+These options control
+.Xr pam_get_authtok 3 Ns 's
+use of cached authentication tokens.
+.El
 .Sh SEE ALSO
 .Xr pam 3
 .Sh STANDARDS
@@ -178,4 +210,4 @@ DARPA/SPAWAR contract N66001-01-C-8035
 as part of the DARPA CHATS research program.
 .Pp
 The OpenPAM library is maintained by
-.An Dag-Erling Sm\(/orgrav Aq des@des.no .
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

doc/man/pam.man

@@ -1,6 +1,3 @@
-.\"
-.\" $Id$
-.\"
 .Sh DESCRIPTION
 The Pluggable Authentication Modules (PAM) library abstracts a number
 of common authentication-related operations and provides a framework

doc/man/pam_conv.3

@@ -1,6 +1,6 @@
 .\"-
 .\" Copyright (c) 2002-2003 Networks Associates Technology, Inc.
-.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
+.\" Copyright (c) 2004-2017 Dag-Erling Smørgrav
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,8 +32,6 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id$
-.\"
 .Dd June 16, 2005
 .Dt PAM_CONV 3
 .Os
@@ -76,7 +74,7 @@ item.
 .Pp
 The conversation function's first argument specifies the number of
 messages (up to
-.Dv PAM_NUM_MSG )
+.Dv PAM_MAX_NUM_MSG )
 to process.
 The second argument is a pointer to an array of pointers to
 .Vt pam_message
@@ -183,4 +181,4 @@ DARPA/SPAWAR contract N66001-01-C-8035
 as part of the DARPA CHATS research program.
 .Pp
 The OpenPAM library is maintained by
-.An Dag-Erling Sm\(/orgrav Aq des@des.no .
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

doc/xsso_errata.txt

@@ -1,5 +1,3 @@
-$Id$
-
 Errata in XSSO, chapter 5:
 
 p. 25:	the first member of struct pam_response is named "resp", not

freebsd/.gitignore

@@ -0,0 +1,2 @@
+!/Makefile.in
+/work

freebsd/Makefile.in

@@ -0,0 +1,33 @@
+# $FreeBSD: portlint$
+
+PORTNAME=	@PACKAGE_TARNAME@
+PORTVERSION=	@PACKAGE_VERSION@
+CATEGORIES=	security devel
+MASTER_SITES=	#
+DISTFILES=	#
+
+MAINTAINER=	@PACKAGE_BUGREPORT@
+COMMENT=	BSD-licensed implementation of Pluggable Authentication Modules
+
+LICENSE=	BSD3CLAUSE
+
+USES=		gmake libtool pkgconfig
+USE_LDCONFIG=	yes
+GNU_CONFIGURE=	yes
+INSTALL_TARGET=	install-strip
+TEST_TARGET=	check
+
+DESCR=		${WRKDIR}/pkg-descr
+
+do-extract:
+	(cd @abs_top_srcdir@ && \
+	    ${GMAKE} distdir && ${MV} ${PKGNAME} ${WRKDIR})
+	(${CAT} ${WRKSRC}/README && ${ECHO} && \
+	    ${ECHO} "WWW: @PACKAGE_URL@") >${DESCR}
+
+post-stage:
+	(cd ${STAGEDIR} && \
+	    ${FIND} -s . -type f -or -type l | cut -c 2- | \
+	    ${SED} -E '/\/man\//s/([0-9])$$/\1.gz/') >>${TMPPLIST}
+
+.include <bsd.port.mk>

include/Makefile.am

@@ -1,3 +1 @@
-# $Id$
-
 SUBDIRS = security

include/security/Makefile.am

@@ -1,8 +1,6 @@
-# $Id$
+securitydir = $(includedir)/security
 
-openpamdir = $(includedir)/security
-
-openpam_HEADERS = \
+security_HEADERS = \
 	openpam.h \
 	openpam_attr.h \
 	openpam_version.h \

include/security/openpam.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_OPENPAM_H_INCLUDED
@@ -186,6 +184,7 @@ enum {
 	OPENPAM_VERIFY_POLICY_FILE,
 	OPENPAM_RESTRICT_MODULE_NAME,
 	OPENPAM_VERIFY_MODULE_FILE,
+	OPENPAM_FALLBACK_TO_OTHER,
 	OPENPAM_NUM_FEATURES
 };
 

include/security/openpam_attr.h

@@ -1,9 +1,5 @@
-/*
- * $Id$
- */
-
-#ifndef SECURITY_PAM_ATTRIBUTES_H_INCLUDED
-#define SECURITY_PAM_ATTRIBUTES_H_INCLUDED
+#ifndef SECURITY_OPENPAM_ATTR_H_INCLUDED
+#define SECURITY_OPENPAM_ATTR_H_INCLUDED
 
 /* GCC attributes */
 #if defined(__GNUC__) && defined(__GNUC_MINOR__) && !defined(__STRICT_ANSI__)
@@ -25,4 +21,10 @@
 # define OPENPAM_NONNULL(params)
 #endif
 
-#endif /* !SECURITY_PAM_ATTRIBUTES_H_INCLUDED */
+#if OPENPAM_GNUC_PREREQ(2,7)
+# define OPENPAM_UNUSED(var) var __attribute__((__unused__))
+#else
+# define OPENPAM_UNUSED(var) var
+#endif
+
+#endif /* !SECURITY_OPENPAM_ATTR_H_INCLUDED */

include/security/openpam_version.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2023 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,15 +31,13 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_OPENPAM_VERSION_H_INCLUDED
 #define SECURITY_OPENPAM_VERSION_H_INCLUDED
 
 #define OPENPAM
-#define OPENPAM_VERSION	20120526
-#define OPENPAM_RELEASE	"Micrampelis"
+#define OPENPAM_VERSION	20230627
+#define OPENPAM_RELEASE	"Ximenia"
 
 #endif /* !SECURITY_OPENPAM_VERSION_H_INCLUDED */

include/security/pam_appl.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_PAM_APPL_H_INCLUDED

include/security/pam_constants.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_PAM_CONSTANTS_H_INCLUDED
@@ -78,6 +76,10 @@ enum {
 	PAM_TRY_AGAIN			=  27,
 	PAM_MODULE_UNKNOWN		=  28,
 	PAM_DOMAIN_UNKNOWN		=  29,
+	PAM_BAD_HANDLE			=  30,		/* OpenPAM extension */
+	PAM_BAD_ITEM			=  31,		/* OpenPAM extension */
+	PAM_BAD_FEATURE			=  32,		/* OpenPAM extension */
+	PAM_BAD_CONSTANT		=  33,		/* OpenPAM extension */
 	PAM_NUM_ERRORS					/* OpenPAM extension */
 };
 

include/security/pam_modules.h

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_PAM_MODULES_H_INCLUDED

include/security/pam_types.h

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_PAM_TYPES_H_INCLUDED

lib/Makefile.am

@@ -1,92 +1,5 @@
-# $Id$
+SUBDIRS =
 
-NULL =
-
-INCLUDES = -I$(top_srcdir)/include
-
-lib_LTLIBRARIES = libpam.la
-
-noinst_HEADERS = \
-	openpam_constants.h \
-	openpam_ctype.h \
-	openpam_debug.h \
-	openpam_features.h \
-	openpam_impl.h \
-	openpam_strlcat.h \
-	openpam_strlcmp.h \
-	openpam_strlcpy.h
-
-libpam_la_SOURCES = \
-	openpam_borrow_cred.c \
-	openpam_check_owner_perms.c \
-	openpam_configure.c \
-	openpam_constants.c \
-	openpam_dispatch.c \
-	openpam_dynamic.c \
-	openpam_features.c \
-	openpam_findenv.c \
-	openpam_free_data.c \
-	openpam_free_envlist.c \
-	openpam_get_feature.c \
-	openpam_get_option.c \
-	openpam_load.c \
-	openpam_log.c \
-	openpam_nullconv.c \
-	openpam_readline.c \
-	openpam_readlinev.c \
-	openpam_readword.c \
-	openpam_restore_cred.c \
-	openpam_set_option.c \
-	openpam_set_feature.c \
-	openpam_static.c \
-	openpam_straddch.c \
-	openpam_subst.c \
-	openpam_ttyconv.c \
-	pam_acct_mgmt.c \
-	pam_authenticate.c \
-	pam_chauthtok.c \
-	pam_close_session.c \
-	pam_end.c \
-	pam_error.c \
-	pam_get_authtok.c \
-	pam_get_data.c \
-	pam_get_item.c \
-	pam_get_user.c \
-	pam_getenv.c \
-	pam_getenvlist.c \
-	pam_info.c \
-	pam_open_session.c \
-	pam_prompt.c \
-	pam_putenv.c \
-	pam_set_data.c \
-	pam_set_item.c \
-	pam_setcred.c \
-	pam_setenv.c \
-	pam_start.c \
-	pam_strerror.c \
-	pam_verror.c \
-	pam_vinfo.c \
-	pam_vprompt.c \
-	$(NULL)
-
-libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
-libpam_la_LIBADD = @DL_LIBS@
-
-EXTRA_DIST = \
-	pam_authenticate_secondary.c \
-	pam_get_mapped_authtok.c \
-	pam_get_mapped_username.c \
-	pam_set_mapped_authtok.c \
-	pam_set_mapped_username.c \
-	\
-	pam_sm_acct_mgmt.c \
-	pam_sm_authenticate.c \
-	pam_sm_authenticate_secondary.c \
-	pam_sm_chauthtok.c \
-	pam_sm_close_session.c \
-	pam_sm_get_mapped_authtok.c \
-	pam_sm_get_mapped_username.c \
-	pam_sm_open_session.c \
-	pam_sm_set_mapped_authtok.c \
-	pam_sm_set_mapped_username.c \
-	pam_sm_setcred.c
+if !WITH_SYSTEM_LIBPAM
+SUBDIRS += libpam
+endif

lib/libpam/Makefile.am

@@ -0,0 +1,100 @@
+NULL =
+
+AM_CPPFLAGS = -I$(top_srcdir)/include
+
+lib_LTLIBRARIES = libpam.la
+
+noinst_HEADERS = \
+	openpam_asprintf.h \
+	openpam_constants.h \
+	openpam_cred.h \
+	openpam_ctype.h \
+	openpam_debug.h \
+	openpam_dlfunc.h \
+	openpam_features.h \
+	openpam_impl.h \
+	openpam_strlcat.h \
+	openpam_strlcmp.h \
+	openpam_strlcpy.h \
+	openpam_strlset.h \
+	openpam_vasprintf.h
+
+libpam_la_SOURCES = \
+	openpam_asprintf.c \
+	openpam_borrow_cred.c \
+	openpam_check_owner_perms.c \
+	openpam_configure.c \
+	openpam_constants.c \
+	openpam_dispatch.c \
+	openpam_dynamic.c \
+	openpam_features.c \
+	openpam_findenv.c \
+	openpam_free_data.c \
+	openpam_free_envlist.c \
+	openpam_get_feature.c \
+	openpam_get_option.c \
+	openpam_load.c \
+	openpam_log.c \
+	openpam_nullconv.c \
+	openpam_readline.c \
+	openpam_readlinev.c \
+	openpam_readword.c \
+	openpam_restore_cred.c \
+	openpam_set_option.c \
+	openpam_set_feature.c \
+	openpam_static.c \
+	openpam_straddch.c \
+	openpam_strlcat.c \
+	openpam_strlcpy.c \
+	openpam_strlset.c \
+	openpam_subst.c \
+	openpam_vasprintf.c \
+	openpam_ttyconv.c \
+	pam_acct_mgmt.c \
+	pam_authenticate.c \
+	pam_chauthtok.c \
+	pam_close_session.c \
+	pam_end.c \
+	pam_error.c \
+	pam_get_authtok.c \
+	pam_get_data.c \
+	pam_get_item.c \
+	pam_get_user.c \
+	pam_getenv.c \
+	pam_getenvlist.c \
+	pam_info.c \
+	pam_open_session.c \
+	pam_prompt.c \
+	pam_putenv.c \
+	pam_set_data.c \
+	pam_set_item.c \
+	pam_setcred.c \
+	pam_setenv.c \
+	pam_start.c \
+	pam_strerror.c \
+	pam_verror.c \
+	pam_vinfo.c \
+	pam_vprompt.c \
+	$(NULL)
+
+libpam_la_LDFLAGS = -no-undefined -version-info $(LIB_MAJ)
+libpam_la_LIBADD = $(DL_LIBS)
+
+EXTRA_DIST = \
+	pam_authenticate_secondary.c \
+	pam_get_mapped_authtok.c \
+	pam_get_mapped_username.c \
+	pam_set_mapped_authtok.c \
+	pam_set_mapped_username.c \
+	\
+	pam_sm_acct_mgmt.c \
+	pam_sm_authenticate.c \
+	pam_sm_authenticate_secondary.c \
+	pam_sm_chauthtok.c \
+	pam_sm_close_session.c \
+	pam_sm_get_mapped_authtok.c \
+	pam_sm_get_mapped_username.c \
+	pam_sm_open_session.c \
+	pam_sm_set_mapped_authtok.c \
+	pam_sm_set_mapped_username.c \
+	pam_sm_setcred.c

lib/libpam/openpam_asprintf.c

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,35 +25,31 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
-#ifndef T_H_INCLUDED
-#define T_H_INCLUDED
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
 
-#include <security/openpam_attr.h>
+#ifndef HAVE_ASPRINTF
 
-struct t_test {
-	int (*func)(void);
-	const char *desc;
-};
+#include <stdarg.h>
+#include <stdio.h>
 
-#define T_FUNC(n, d)				\
-	static int t_ ## n ## _func(void);	\
-	static const struct t_test t_ ## n =	\
-	    { t_ ## n ## _func, d };		\
-	static int t_ ## n ## _func(void)
+#include "openpam_asprintf.h"
+#include "openpam_vasprintf.h"
 
-#define T(n)					\
-	&t_ ## n
+/* like sprintf(3), but allocates memory for the result. */
+int
+openpam_asprintf(char **str, const char *fmt, ...)
+{
+        va_list ap;
+        int ret;
 
-extern const char *t_progname;
-
-const struct t_test **t_prepare(int, char **);
-void t_cleanup(void);
-
-void t_verbose(const char *, ...)
-	OPENPAM_FORMAT((__printf__, 1, 2));
+        va_start(ap, fmt);
+        ret = vasprintf(str, fmt, ap);
+        va_end(ap);
+        return (ret);
+}
 
 #endif

lib/libpam/openpam_asprintf.h

@@ -0,0 +1,39 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef OPENPAM_ASPRINTF_H_INCLUDED
+#define OPENPAM_ASPRINTF_H_INCLUDED
+
+#ifndef HAVE_ASPRINTF
+int openpam_asprintf(char **, const char *, ...);
+#undef asprintf
+#define asprintf(arg, ...) openpam_asprintf(arg, __VA_ARGS__)
+#endif
+
+#endif

lib/libpam/openpam_borrow_cred.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -50,6 +48,7 @@
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
+#include "openpam_cred.h"
 
 /*
  * OpenPAM extension
@@ -68,12 +67,12 @@ openpam_borrow_cred(pam_handle_t *pamh,
 	ENTERI(pwd->pw_uid);
 	r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp);
 	if (r == PAM_SUCCESS && scredp != NULL) {
-		openpam_log(PAM_LOG_DEBUG,
+		openpam_log(PAM_LOG_LIBDEBUG,
 		    "already operating under borrowed credentials");
 		RETURNC(PAM_SYSTEM_ERR);
 	}
 	if (geteuid() != 0 && geteuid() != pwd->pw_uid) {
-		openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d",
+		openpam_log(PAM_LOG_LIBDEBUG, "called with non-zero euid: %d",
 		    (int)geteuid());
 		RETURNC(PAM_PERM_DENIED);
 	}

lib/libpam/openpam_check_owner_perms.c

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_configure.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2012 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -41,7 +39,6 @@
 
 #include <sys/param.h>
 
-#include <ctype.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -194,6 +191,7 @@ openpam_parse_chain(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_ERROR,
 			    "%s(%d): missing or invalid facility",
 			    filename, lineno);
+			errno = EINVAL;
 			goto fail;
 		}
 		if (facility != fclt && facility != PAM_FACILITY_ANY) {
@@ -209,18 +207,28 @@ openpam_parse_chain(pam_handle_t *pamh,
 				openpam_log(PAM_LOG_ERROR,
 				    "%s(%d): missing or invalid service name",
 				    filename, lineno);
+				errno = EINVAL;
 				goto fail;
 			}
 			if (wordv[i] != NULL) {
 				openpam_log(PAM_LOG_ERROR,
 				    "%s(%d): garbage at end of line",
 				    filename, lineno);
+				errno = EINVAL;
 				goto fail;
 			}
 			ret = openpam_load_chain(pamh, servicename, fclt);
 			FREEV(wordc, wordv);
-			if (ret < 0)
+			if (ret < 0) {
+				/*
+				 * Bogus errno, but this ensures that the
+				 * outer loop does not just ignore the
+				 * error and keep searching.
+				 */
+				if (errno == ENOENT)
+					errno = EINVAL;
 				goto fail;
+			}
 			continue;
 		}
 
@@ -230,6 +238,7 @@ openpam_parse_chain(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_ERROR,
 			    "%s(%d): missing or invalid control flag",
 			    filename, lineno);
+			errno = EINVAL;
 			goto fail;
 		}
 
@@ -239,6 +248,7 @@ openpam_parse_chain(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_ERROR,
 			    "%s(%d): missing or invalid module name",
 			    filename, lineno);
+			errno = EINVAL;
 			goto fail;
 		}
 
@@ -248,8 +258,11 @@ openpam_parse_chain(pam_handle_t *pamh,
 		this->flag = ctlf;
 
 		/* load module */
-		if ((this->module = openpam_load_module(modulename)) == NULL)
+		if ((this->module = openpam_load_module(modulename)) == NULL) {
+			if (errno == ENOENT)
+				errno = ENOEXEC;
 			goto fail;
+		}
 
 		/*
 		 * The remaining items in wordv are the module's
@@ -282,7 +295,11 @@ openpam_parse_chain(pam_handle_t *pamh,
 	 * The loop ended because openpam_readword() returned NULL, which
 	 * can happen for four different reasons: an I/O error (ferror(f)
 	 * is true), a memory allocation failure (ferror(f) is false,
-	 * errno is non-zero)
+	 * feof(f) is false, errno is non-zero), the file ended with an
+	 * unterminated quote or backslash escape (ferror(f) is false,
+	 * feof(f) is true, errno is non-zero), or the end of the file was
+	 * reached without error (ferror(f) is false, feof(f) is true,
+	 * errno is zero).
 	 */
 	if (ferror(f) || errno != 0)
 		goto syserr;
@@ -308,14 +325,6 @@ fail:
 	return (-1);
 }
 
-static const char *openpam_policy_path[] = {
-	"/etc/pam.d/",
-	"/etc/pam.conf",
-	"/usr/local/etc/pam.d/",
-	"/usr/local/etc/pam.conf",
-	NULL
-};
-
 /*
  * Read the specified chains from the specified file.
  *
@@ -399,6 +408,10 @@ openpam_load_chain(pam_handle_t *pamh,
 	for (path = openpam_policy_path; *path != NULL; ++path) {
 		/* construct filename */
 		len = strlcpy(filename, *path, sizeof filename);
+		if (len >= sizeof filename) {
+			errno = ENAMETOOLONG;
+			RETURNN(-1);
+		}
 		if (filename[len - 1] == '/') {
 			len = strlcat(filename, service, sizeof filename);
 			if (len >= sizeof filename) {
@@ -411,6 +424,9 @@ openpam_load_chain(pam_handle_t *pamh,
 		}
 		ret = openpam_load_file(pamh, service, facility,
 		    filename, style);
+		/* success */
+		if (ret > 0)
+			RETURNN(ret);
 		/* the file exists, but an error occurred */
 		if (ret == -1 && errno != ENOENT)
 			RETURNN(ret);
@@ -420,7 +436,8 @@ openpam_load_chain(pam_handle_t *pamh,
 	}
 
 	/* no hit */
-	RETURNN(0);
+	errno = ENOENT;
+	RETURNN(-1);
 }
 
 /*
@@ -441,13 +458,17 @@ openpam_configure(pam_handle_t *pamh,
 		openpam_log(PAM_LOG_ERROR, "invalid service name");
 		RETURNC(PAM_SYSTEM_ERR);
 	}
-	if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
-		goto load_err;
+	if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) {
+		if (errno != ENOENT)
+			goto load_err;
+	}
 	for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
 		if (pamh->chains[fclt] != NULL)
 			continue;
-		if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
-			goto load_err;
+		if (OPENPAM_FEATURE(FALLBACK_TO_OTHER)) {
+			if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
+				goto load_err;
+		}
 	}
 	RETURNC(PAM_SUCCESS);
 load_err:

lib/libpam/openpam_constants.c

@@ -0,0 +1,183 @@
+/*-
+ * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+const char *pam_err_name[PAM_NUM_ERRORS] = {
+	[PAM_SUCCESS]			 = "PAM_SUCCESS",
+	[PAM_OPEN_ERR]			 = "PAM_OPEN_ERR",
+	[PAM_SYMBOL_ERR]		 = "PAM_SYMBOL_ERR",
+	[PAM_SERVICE_ERR]		 = "PAM_SERVICE_ERR",
+	[PAM_SYSTEM_ERR]		 = "PAM_SYSTEM_ERR",
+	[PAM_BUF_ERR]			 = "PAM_BUF_ERR",
+	[PAM_CONV_ERR]			 = "PAM_CONV_ERR",
+	[PAM_PERM_DENIED]		 = "PAM_PERM_DENIED",
+	[PAM_MAXTRIES]			 = "PAM_MAXTRIES",
+	[PAM_AUTH_ERR]			 = "PAM_AUTH_ERR",
+	[PAM_NEW_AUTHTOK_REQD]		 = "PAM_NEW_AUTHTOK_REQD",
+	[PAM_CRED_INSUFFICIENT]		 = "PAM_CRED_INSUFFICIENT",
+	[PAM_AUTHINFO_UNAVAIL]		 = "PAM_AUTHINFO_UNAVAIL",
+	[PAM_USER_UNKNOWN]		 = "PAM_USER_UNKNOWN",
+	[PAM_CRED_UNAVAIL]		 = "PAM_CRED_UNAVAIL",
+	[PAM_CRED_EXPIRED]		 = "PAM_CRED_EXPIRED",
+	[PAM_CRED_ERR]			 = "PAM_CRED_ERR",
+	[PAM_ACCT_EXPIRED]		 = "PAM_ACCT_EXPIRED",
+	[PAM_AUTHTOK_EXPIRED]		 = "PAM_AUTHTOK_EXPIRED",
+	[PAM_SESSION_ERR]		 = "PAM_SESSION_ERR",
+	[PAM_AUTHTOK_ERR]		 = "PAM_AUTHTOK_ERR",
+	[PAM_AUTHTOK_RECOVERY_ERR]	 = "PAM_AUTHTOK_RECOVERY_ERR",
+	[PAM_AUTHTOK_LOCK_BUSY]		 = "PAM_AUTHTOK_LOCK_BUSY",
+	[PAM_AUTHTOK_DISABLE_AGING]	 = "PAM_AUTHTOK_DISABLE_AGING",
+	[PAM_NO_MODULE_DATA]		 = "PAM_NO_MODULE_DATA",
+	[PAM_IGNORE]			 = "PAM_IGNORE",
+	[PAM_ABORT]			 = "PAM_ABORT",
+	[PAM_TRY_AGAIN]			 = "PAM_TRY_AGAIN",
+	[PAM_MODULE_UNKNOWN]		 = "PAM_MODULE_UNKNOWN",
+	[PAM_DOMAIN_UNKNOWN]		 = "PAM_DOMAIN_UNKNOWN",
+	[PAM_BAD_HANDLE]		 = "PAM_BAD_HANDLE",
+	[PAM_BAD_ITEM]			 = "PAM_BAD_ITEM",
+	[PAM_BAD_FEATURE]		 = "PAM_BAD_FEATURE",
+	[PAM_BAD_CONSTANT]		 = "PAM_BAD_CONSTANT",
+};
+
+const char *pam_err_text[PAM_NUM_ERRORS] = {
+	[PAM_SUCCESS]			 = "Success",
+	[PAM_OPEN_ERR]			 = "Failed to load module",
+	[PAM_SYMBOL_ERR]		 = "Invalid symbol",
+	[PAM_SERVICE_ERR]		 = "Error in service module",
+	[PAM_SYSTEM_ERR]		 = "System error",
+	[PAM_BUF_ERR]			 = "Memory buffer error",
+	[PAM_CONV_ERR]			 = "Conversation failure",
+	[PAM_PERM_DENIED]		 = "Permission denied",
+	[PAM_MAXTRIES]			 = "Maximum number of tries exceeded",
+	[PAM_AUTH_ERR]			 = "Authentication error",
+	[PAM_NEW_AUTHTOK_REQD]		 = "New authentication token required",
+	[PAM_CRED_INSUFFICIENT]		 = "Insufficient credentials",
+	[PAM_AUTHINFO_UNAVAIL]		 = "Authentication information is unavailable",
+	[PAM_USER_UNKNOWN]		 = "Unknown user",
+	[PAM_CRED_UNAVAIL]		 = "Failed to retrieve user credentials",
+	[PAM_CRED_EXPIRED]		 = "User credentials have expired",
+	[PAM_CRED_ERR]			 = "Failed to set user credentials",
+	[PAM_ACCT_EXPIRED]		 = "User account has expired",
+	[PAM_AUTHTOK_EXPIRED]		 = "Password has expired",
+	[PAM_SESSION_ERR]		 = "Session failure",
+	[PAM_AUTHTOK_ERR]		 = "Authentication token failure",
+	[PAM_AUTHTOK_RECOVERY_ERR]	 = "Failed to recover old authentication token",
+	[PAM_AUTHTOK_LOCK_BUSY]		 = "Authentication token lock busy",
+	[PAM_AUTHTOK_DISABLE_AGING]	 = "Authentication token aging disabled",
+	[PAM_NO_MODULE_DATA]		 = "Module data not found",
+	[PAM_IGNORE]			 = "Ignore this module",
+	[PAM_ABORT]			 = "General failure",
+	[PAM_TRY_AGAIN]			 = "Try again",
+	[PAM_MODULE_UNKNOWN]		 = "Unknown module type",
+	[PAM_DOMAIN_UNKNOWN]		 = "Unknown authentication domain",
+	[PAM_BAD_HANDLE]		 = "Invalid PAM handle",
+	[PAM_BAD_ITEM]			 = "Unrecognized or restricted item",
+	[PAM_BAD_FEATURE]		 = "Unrecognized or restricted feature",
+	[PAM_BAD_CONSTANT]		 = "Invalid constant",
+};
+
+const char *pam_item_name[PAM_NUM_ITEMS] = {
+	[PAM_SERVICE]		 = "PAM_SERVICE",
+	[PAM_USER]		 = "PAM_USER",
+	[PAM_TTY]		 = "PAM_TTY",
+	[PAM_RHOST]		 = "PAM_RHOST",
+	[PAM_CONV]		 = "PAM_CONV",
+	[PAM_AUTHTOK]		 = "PAM_AUTHTOK",
+	[PAM_OLDAUTHTOK]	 = "PAM_OLDAUTHTOK",
+	[PAM_RUSER]		 = "PAM_RUSER",
+	[PAM_USER_PROMPT]	 = "PAM_USER_PROMPT",
+	[PAM_REPOSITORY]	 = "PAM_REPOSITORY",
+	[PAM_AUTHTOK_PROMPT]	 = "PAM_AUTHTOK_PROMPT",
+	[PAM_OLDAUTHTOK_PROMPT]	 = "PAM_OLDAUTHTOK_PROMPT",
+	[PAM_HOST]		 = "PAM_HOST",
+};
+
+const char *pam_facility_name[PAM_NUM_FACILITIES] = {
+	[PAM_ACCOUNT]		 = "account",
+	[PAM_AUTH]		 = "auth",
+	[PAM_PASSWORD]		 = "password",
+	[PAM_SESSION]		 = "session",
+};
+
+const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
+	[PAM_BINDING]		 = "binding",
+	[PAM_OPTIONAL]		 = "optional",
+	[PAM_REQUIRED]		 = "required",
+	[PAM_REQUISITE]		 = "requisite",
+	[PAM_SUFFICIENT]	 = "sufficient",
+};
+
+const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
+	[PAM_SM_AUTHENTICATE]	 = "pam_authenticate",
+	[PAM_SM_SETCRED]	 = "pam_setcred",
+	[PAM_SM_ACCT_MGMT]	 = "pam_acct_mgmt",
+	[PAM_SM_OPEN_SESSION]	 = "pam_open_session",
+	[PAM_SM_CLOSE_SESSION]	 = "pam_close_session",
+	[PAM_SM_CHAUTHTOK]	 = "pam_chauthtok"
+};
+
+const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
+	[PAM_SM_AUTHENTICATE]	 = "pam_sm_authenticate",
+	[PAM_SM_SETCRED]	 = "pam_sm_setcred",
+	[PAM_SM_ACCT_MGMT]	 = "pam_sm_acct_mgmt",
+	[PAM_SM_OPEN_SESSION]	 = "pam_sm_open_session",
+	[PAM_SM_CLOSE_SESSION]	 = "pam_sm_close_session",
+	[PAM_SM_CHAUTHTOK]	 = "pam_sm_chauthtok"
+};
+
+const char *openpam_policy_path[] = {
+	"/etc/pam.d/",
+	"/etc/pam.conf",
+	"/usr/local/etc/pam.d/",
+	"/usr/local/etc/pam.conf",
+	NULL
+};
+
+const char *openpam_module_path[] = {
+#ifdef OPENPAM_MODULES_DIRECTORY
+	OPENPAM_MODULES_DIRECTORY,
+#else
+	"/usr/lib",
+	"/usr/local/lib",
+#endif
+	NULL
+};

lib/libpam/openpam_constants.h

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2011 Dag-Erling Smørgrav
+ * Copyright (c) 2011-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,18 +25,20 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_CONSTANTS_H_INCLUDED
 #define OPENPAM_CONSTANTS_H_INCLUDED
 
 extern const char *pam_err_name[PAM_NUM_ERRORS];
+extern const char *pam_err_text[PAM_NUM_ERRORS];
 extern const char *pam_item_name[PAM_NUM_ITEMS];
 extern const char *pam_facility_name[PAM_NUM_FACILITIES];
 extern const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS];
 extern const char *pam_func_name[PAM_NUM_PRIMITIVES];
 extern const char *pam_sm_func_name[PAM_NUM_PRIMITIVES];
 
+extern const char *openpam_policy_path[];
+extern const char *openpam_module_path[];
+
 #endif

lib/libpam/openpam_cred.h

@@ -31,97 +31,20 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
-#ifdef HAVE_CONFIG_H
-# include "config.h"
+#ifndef OPENPAM_CRED_H_INCLUDED
+#define OPENPAM_CRED_H_INCLUDED
+
+/*
+ * Saved credentials
+ */
+#define PAM_SAVED_CRED "pam_saved_cred"
+struct pam_saved_cred {
+	uid_t	 euid;
+	gid_t	 egid;
+	gid_t	 groups[NGROUPS_MAX];
+	int	 ngroups;
+};
+
 #endif
-
-#include <security/pam_appl.h>
-
-#include "openpam_impl.h"
-
-const char *pam_err_name[PAM_NUM_ERRORS] = {
-	"PAM_SUCCESS",
-	"PAM_OPEN_ERR",
-	"PAM_SYMBOL_ERR",
-	"PAM_SERVICE_ERR",
-	"PAM_SYSTEM_ERR",
-	"PAM_BUF_ERR",
-	"PAM_CONV_ERR",
-	"PAM_PERM_DENIED",
-	"PAM_MAXTRIES",
-	"PAM_AUTH_ERR",
-	"PAM_NEW_AUTHTOK_REQD",
-	"PAM_CRED_INSUFFICIENT",
-	"PAM_AUTHINFO_UNAVAIL",
-	"PAM_USER_UNKNOWN",
-	"PAM_CRED_UNAVAIL",
-	"PAM_CRED_EXPIRED",
-	"PAM_CRED_ERR",
-	"PAM_ACCT_EXPIRED",
-	"PAM_AUTHTOK_EXPIRED",
-	"PAM_SESSION_ERR",
-	"PAM_AUTHTOK_ERR",
-	"PAM_AUTHTOK_RECOVERY_ERR",
-	"PAM_AUTHTOK_LOCK_BUSY",
-	"PAM_AUTHTOK_DISABLE_AGING",
-	"PAM_NO_MODULE_DATA",
-	"PAM_IGNORE",
-	"PAM_ABORT",
-	"PAM_TRY_AGAIN",
-	"PAM_MODULE_UNKNOWN",
-	"PAM_DOMAIN_UNKNOWN"
-};
-
-const char *pam_item_name[PAM_NUM_ITEMS] = {
-	"(NO ITEM)",
-	"PAM_SERVICE",
-	"PAM_USER",
-	"PAM_TTY",
-	"PAM_RHOST",
-	"PAM_CONV",
-	"PAM_AUTHTOK",
-	"PAM_OLDAUTHTOK",
-	"PAM_RUSER",
-	"PAM_USER_PROMPT",
-	"PAM_REPOSITORY",
-	"PAM_AUTHTOK_PROMPT",
-	"PAM_OLDAUTHTOK_PROMPT",
-	"PAM_HOST",
-};
-
-const char *pam_facility_name[PAM_NUM_FACILITIES] = {
-	[PAM_ACCOUNT]		= "account",
-	[PAM_AUTH]		= "auth",
-	[PAM_PASSWORD]		= "password",
-	[PAM_SESSION]		= "session",
-};
-
-const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
-	[PAM_BINDING]		= "binding",
-	[PAM_OPTIONAL]		= "optional",
-	[PAM_REQUIRED]		= "required",
-	[PAM_REQUISITE]		= "requisite",
-	[PAM_SUFFICIENT]	= "sufficient",
-};
-
-const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
-	"pam_authenticate",
-	"pam_setcred",
-	"pam_acct_mgmt",
-	"pam_open_session",
-	"pam_close_session",
-	"pam_chauthtok"
-};
-
-const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
-	"pam_sm_authenticate",
-	"pam_sm_setcred",
-	"pam_sm_acct_mgmt",
-	"pam_sm_open_session",
-	"pam_sm_close_session",
-	"pam_sm_chauthtok"
-};

lib/libpam/openpam_ctype.h

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,13 +25,43 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_CTYPE_H_INCLUDED
 #define OPENPAM_CTYPE_H_INCLUDED
 
+/*
+ * Evaluates to non-zero if the argument is a digit.
+ */
+#define is_digit(ch)				\
+	(ch >= '0' && ch <= '9')
+
+/*
+ * Evaluates to non-zero if the argument is a hex digit.
+ */
+#define is_xdigit(ch)				\
+	((ch >= '0' && ch <= '9') ||		\
+	 (ch >= 'a' && ch <= 'f') ||		\
+	 (ch >= 'A' && ch <= 'F'))
+
+/*
+ * Evaluates to non-zero if the argument is an uppercase letter.
+ */
+#define is_upper(ch)				\
+	(ch >= 'A' && ch <= 'Z')
+
+/*
+ * Evaluates to non-zero if the argument is a lowercase letter.
+ */
+#define is_lower(ch)				\
+	(ch >= 'a' && ch <= 'z')
+
+/*
+ * Evaluates to non-zero if the argument is a letter.
+ */
+#define is_letter(ch)				\
+	(is_upper(ch) || is_lower(ch))
+
 /*
  * Evaluates to non-zero if the argument is a linear whitespace character.
  * For the purposes of this macro, the definition of linear whitespace is
@@ -60,9 +89,7 @@
  * of ASCII.
  */
 #define is_pfcs(ch)				\
-	((ch >= '0' && ch <= '9') ||		\
-	 (ch >= 'A' && ch <= 'Z') ||		\
-	 (ch >= 'a' && ch <= 'z') ||		\
+	(is_digit(ch) || is_letter(ch)  ||	\
 	 ch == '.' || ch == '_' || ch == '-')
 
 #endif

lib/libpam/openpam_debug.h

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_DEBUG_H_INCLUDED

lib/libpam/openpam_dispatch.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -41,6 +39,8 @@
 
 #include <sys/param.h>
 
+#include <stdint.h>
+
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
@@ -63,12 +63,10 @@ openpam_dispatch(pam_handle_t *pamh,
 	int flags)
 {
 	pam_chain_t *chain;
-	int err, fail, r;
+	int err, fail, nsuccess, r;
 	int debug;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 
 	/* prevent recursion */
 	if (pamh->current != NULL) {
@@ -101,23 +99,25 @@ openpam_dispatch(pam_handle_t *pamh,
 	}
 
 	/* execute */
-	for (err = fail = 0; chain != NULL; chain = chain->next) {
+	err = PAM_SUCCESS;
+	fail = nsuccess = 0;
+	for (; chain != NULL; chain = chain->next) {
 		if (chain->module->func[primitive] == NULL) {
 			openpam_log(PAM_LOG_ERROR, "%s: no %s()",
 			    chain->module->path, pam_sm_func_name[primitive]);
-			r = PAM_SYSTEM_ERR;
+			r = PAM_SYMBOL_ERR;
 		} else {
 			pamh->primitive = primitive;
 			pamh->current = chain;
 			debug = (openpam_get_option(pamh, "debug") != NULL);
 			if (debug)
 				++openpam_debug;
-			openpam_log(PAM_LOG_DEBUG, "calling %s() in %s",
+			openpam_log(PAM_LOG_LIBDEBUG, "calling %s() in %s",
 			    pam_sm_func_name[primitive], chain->module->path);
 			r = (chain->module->func[primitive])(pamh, flags,
-			    chain->optc, (const char **)chain->optv);
+			    chain->optc, (const char **)(intptr_t)chain->optv);
 			pamh->current = NULL;
-			openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
+			openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s",
 			    chain->module->path, pam_sm_func_name[primitive],
 			    pam_strerror(pamh, r));
 			if (debug)
@@ -127,6 +127,7 @@ openpam_dispatch(pam_handle_t *pamh,
 		if (r == PAM_IGNORE)
 			continue;
 		if (r == PAM_SUCCESS) {
+			++nsuccess;
 			/*
 			 * For pam_setcred() and pam_chauthtok() with the
 			 * PAM_PRELIM_CHECK flag, treat "sufficient" as
@@ -148,11 +149,11 @@ openpam_dispatch(pam_handle_t *pamh,
 		 * fail.  If a required module fails, record the
 		 * return code from the first required module to fail.
 		 */
-		if (err == 0)
+		if (err == PAM_SUCCESS)
 			err = r;
 		if ((chain->flag == PAM_REQUIRED ||
 		    chain->flag == PAM_BINDING) && !fail) {
-			openpam_log(PAM_LOG_DEBUG, "required module failed");
+			openpam_log(PAM_LOG_LIBDEBUG, "required module failed");
 			fail = 1;
 			err = r;
 		}
@@ -162,7 +163,7 @@ openpam_dispatch(pam_handle_t *pamh,
 		 * immediately.
 		 */
 		if (chain->flag == PAM_REQUISITE) {
-			openpam_log(PAM_LOG_DEBUG, "requisite module failed");
+			openpam_log(PAM_LOG_LIBDEBUG, "requisite module failed");
 			fail = 1;
 			break;
 		}
@@ -170,6 +171,18 @@ openpam_dispatch(pam_handle_t *pamh,
 
 	if (!fail && err != PAM_NEW_AUTHTOK_REQD)
 		err = PAM_SUCCESS;
+
+	/*
+	 * Require the chain to be non-empty, and at least one module
+	 * in the chain to be successful, so that we don't fail open.
+	 */
+	if (err == PAM_SUCCESS && nsuccess < 1) {
+		openpam_log(PAM_LOG_ERROR,
+		    "all modules were unsuccessful for %s()",
+		    pam_sm_func_name[primitive]);
+		err = PAM_SYSTEM_ERR;
+	}
+
 	RETURNC(err);
 }
 
@@ -179,6 +192,7 @@ openpam_check_error_code(int primitive, int r)
 {
 	/* common error codes */
 	if (r == PAM_SUCCESS ||
+	    r == PAM_SYSTEM_ERR ||
 	    r == PAM_SERVICE_ERR ||
 	    r == PAM_BUF_ERR ||
 	    r == PAM_CONV_ERR ||

lib/libpam/openpam_dlfunc.h

@@ -0,0 +1,44 @@
+/*-
+ * Copyright (c) 2013 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef OPENPAM_DLFCN_H_INCLUDED
+#define OPENPAM_DLFCN_H_INCLUDED
+
+#ifndef HAVE_DLFUNC
+typedef void (*dlfunc_t)();
+
+static inline dlfunc_t
+dlfunc(void *handle, const char *symbol)
+{
+
+	return ((dlfunc_t)dlsym(handle, symbol));
+}
+#endif
+
+#endif

lib/libpam/openpam_dynamic.c

@@ -31,17 +31,17 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 
+#include <sys/param.h>
+
 #include <dlfcn.h>
-#include <fcntl.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -50,6 +50,9 @@
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
+#include "openpam_asprintf.h"
+#include "openpam_ctype.h"
+#include "openpam_dlfunc.h"
 
 #ifndef RTLD_NOW
 #define RTLD_NOW RTLD_LAZY
@@ -68,8 +71,12 @@ try_dlopen(const char *modfn)
 	void *dlh;
 	int fd;
 
-	if ((fd = open(modfn, O_RDONLY)) < 0)
+	openpam_log(PAM_LOG_LIBDEBUG, "dlopen(%s)", modfn);
+	if ((fd = open(modfn, O_RDONLY)) < 0) {
+		if (errno != ENOENT)
+			openpam_log(PAM_LOG_ERROR, "%s: %m", modfn);
 		return (NULL);
+	}
 	if (OPENPAM_FEATURE(VERIFY_MODULE_FILE) &&
 	    openpam_check_desc_owner_perms(modfn, fd) != 0) {
 		close(fd);
@@ -91,6 +98,7 @@ try_dlopen(const char *modfn)
 	int check_module_file;
 	void *dlh;
 
+	openpam_log(PAM_LOG_LIBDEBUG, "dlopen(%s)", modfn);
 	openpam_get_feature(OPENPAM_VERIFY_MODULE_FILE,
 	    &check_module_file);
 	if (check_module_file &&
@@ -106,80 +114,144 @@ try_dlopen(const char *modfn)
 #endif
 
 /*
- * OpenPAM internal
- *
- * Locate a dynamically linked module
+ * Try to load a module from the suggested location.
  */
-
-pam_module_t *
-openpam_dynamic(const char *path)
+static pam_module_t *
+try_module(const char *modpath)
 {
 	const pam_module_t *dlmodule;
 	pam_module_t *module;
-	const char *prefix;
-	char *vpath;
-	void *dlh;
 	int i, serrno;
 
-	dlh = NULL;
-
-	/* Prepend the standard prefix if not an absolute pathname. */
-	if (path[0] != '/')
-		prefix = OPENPAM_MODULES_DIR;
-	else
-		prefix = "";
-
-	/* try versioned module first, then unversioned module */
-	if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0)
+	if ((module = calloc(1, sizeof *module)) == NULL ||
+	    (module->path = strdup(modpath)) == NULL ||
+	    (module->dlh = try_dlopen(modpath)) == NULL)
 		goto err;
-	if ((dlh = try_dlopen(vpath)) == NULL && errno == ENOENT) {
-		*strrchr(vpath, '.') = '\0';
-		dlh = try_dlopen(vpath);
-	}
-	if (dlh == NULL)
-		goto err;
-	if ((module = calloc(1, sizeof *module)) == NULL)
-		goto buf_err;
-	if ((module->path = strdup(path)) == NULL)
-		goto buf_err;
-	module->dlh = dlh;
-	dlmodule = dlsym(dlh, "_pam_module");
+	dlmodule = dlsym(module->dlh, "_pam_module");
 	for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) {
 		if (dlmodule) {
 			module->func[i] = dlmodule->func[i];
 		} else {
-			module->func[i] =
-			    (pam_func_t)dlsym(dlh, pam_sm_func_name[i]);
+			module->func[i] = (pam_func_t)dlfunc(module->dlh,
+			    pam_sm_func_name[i]);
 			/*
 			 * This openpam_log() call is a major source of
 			 * log spam, and the cases that matter are caught
 			 * and logged in openpam_dispatch().  This would
 			 * be less problematic if dlerror() returned an
 			 * error code so we could log an error only when
-			 * dlsym() failed for a reason other than "no such
-			 * symbol".
+			 * dlfunc() failed for a reason other than "no
+			 * such symbol".
 			 */
 #if 0
 			if (module->func[i] == NULL)
-				openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
-				    path, pam_sm_func_name[i], dlerror());
+				openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s",
+				    modpath, pam_sm_func_name[i], dlerror());
 #endif
 		}
 	}
-	FREE(vpath);
 	return (module);
-buf_err:
-	serrno = errno;
-	if (dlh != NULL)
-		dlclose(dlh);
-	FREE(module);
-	errno = serrno;
 err:
 	serrno = errno;
-	if (errno != 0)
-		openpam_log(PAM_LOG_ERROR, "%s: %m", vpath);
-	FREE(vpath);
+	if (module != NULL) {
+		if (module->dlh != NULL)
+			dlclose(module->dlh);
+		if (module->path != NULL)
+			FREE(module->path);
+		FREE(module);
+	}
 	errno = serrno;
+	if (serrno != 0 && serrno != ENOENT)
+		openpam_log(PAM_LOG_ERROR, "%s: %m", modpath);
+	errno = serrno;
+	return (NULL);
+}
+
+/*
+ * OpenPAM internal
+ *
+ * Locate a dynamically linked module
+ */
+
+pam_module_t *
+openpam_dynamic(const char *modname)
+{
+	pam_module_t *module;
+	char modpath[PATH_MAX];
+	const char **path, *p;
+	int has_so, has_ver;
+	int dot, len;
+
+	/*
+	 * Simple case: module name contains path separator(s)
+	 */
+	if (strchr(modname, '/') != NULL) {
+		/*
+		 * Absolute paths are not allowed if RESTRICT_MODULE_NAME
+		 * is in effect (default off).  Relative paths are never
+		 * allowed.
+		 */
+		if (OPENPAM_FEATURE(RESTRICT_MODULE_NAME) ||
+		    modname[0] != '/') {
+			openpam_log(PAM_LOG_ERROR,
+			    "invalid module name: %s", modname);
+			return (NULL);
+		}
+		return (try_module(modname));
+	}
+
+	/*
+	 * Check for .so and version sufixes
+	 */
+	p = strchr(modname, '\0');
+	has_ver = has_so = 0;
+	while (is_digit(*p))
+		--p;
+	if (*p == '.' && *++p != '\0') {
+		/* found a numeric suffix */
+		has_ver = 1;
+		/* assume that .so is either present or unneeded */
+		has_so = 1;
+	} else if (*p == '\0' && p >= modname + sizeof PAM_SOEXT &&
+	    strcmp(p - sizeof PAM_SOEXT + 1, PAM_SOEXT) == 0) {
+		/* found .so suffix */
+		has_so = 1;
+	}
+
+	/*
+	 * Complicated case: search for the module in the usual places.
+	 */
+	for (path = openpam_module_path; *path != NULL; ++path) {
+		/*
+		 * Assemble the full path, including the version suffix.  Take
+		 * note of where the suffix begins so we can cut it off later.
+		 */
+		if (has_ver)
+			len = snprintf(modpath, sizeof modpath, "%s/%s%n",
+			    *path, modname, &dot);
+		else if (has_so)
+			len = snprintf(modpath, sizeof modpath, "%s/%s%n.%d",
+			    *path, modname, &dot, LIB_MAJ);
+		else
+			len = snprintf(modpath, sizeof modpath, "%s/%s%s%n.%d",
+			    *path, modname, PAM_SOEXT, &dot, LIB_MAJ);
+		/* check for overflow */
+		if (len < 0 || (unsigned int)len >= sizeof modpath) {
+			errno = ENOENT;
+			continue;
+		}
+		/* try the versioned path */
+		if ((module = try_module(modpath)) != NULL)
+			return (module);
+		if (errno == ENOENT && modpath[dot] != '\0') {
+			/* no luck, try the unversioned path */
+			modpath[dot] = '\0';
+			if ((module = try_module(modpath)) != NULL)
+				return (module);
+		}
+	}
+
+	/* :( */
 	return (NULL);
 }
 

lib/libpam/openpam_features.c

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -66,4 +63,9 @@ struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
 	    "Verify ownership and permissions of module files",
 	    1
 	),
+	STRUCT_OPENPAM_FEATURE(
+	    FALLBACK_TO_OTHER,
+	    "Fall back to \"other\" policy for empty chains",
+	    1
+	),
 };

lib/libpam/openpam_features.h

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_FEATURES_H_INCLUDED

lib/libpam/openpam_findenv.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,14 +31,13 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 
+#include <errno.h>
 #include <string.h>
 
 #include <security/pam_appl.h>
@@ -59,12 +58,11 @@ openpam_findenv(pam_handle_t *pamh,
 	int i;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNN(-1);
 	for (i = 0; i < pamh->env_count; ++i)
 		if (strncmp(pamh->env[i], name, len) == 0 &&
 		    pamh->env[i][len] == '=')
 			RETURNN(i);
+	errno = ENOENT;
 	RETURNN(-1);
 }
 

lib/libpam/openpam_free_data.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_free_envlist.c

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -24,8 +23,6 @@
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_get_feature.c

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -51,7 +48,7 @@ openpam_get_feature(int feature, int *onoff)
 
 	ENTERF(feature);
 	if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_FEATURE);
 	*onoff = openpam_features[feature].onoff;
 	RETURNC(PAM_SUCCESS);
 }
@@ -59,7 +56,7 @@ openpam_get_feature(int feature, int *onoff)
 /*
  * Error codes:
  *
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_FEATURE
  */
 
 /**

lib/libpam/openpam_get_option.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_impl.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_IMPL_H_INCLUDED
@@ -122,19 +120,6 @@ struct pam_handle {
 	int		 env_size;
 };
 
-#ifdef NGROUPS_MAX
-/*
- * Saved credentials
- */
-#define PAM_SAVED_CRED "pam_saved_cred"
-struct pam_saved_cred {
-	uid_t	 euid;
-	gid_t	 egid;
-	gid_t	 groups[NGROUPS_MAX];
-	int	 ngroups;
-};
-#endif
-
 /*
  * Default policy
  */
@@ -143,19 +128,28 @@ struct pam_saved_cred {
 /*
  * Internal functions
  */
-int		 openpam_configure(pam_handle_t *, const char *);
-int		 openpam_dispatch(pam_handle_t *, int, int);
-int		 openpam_findenv(pam_handle_t *, const char *, size_t);
-pam_module_t	*openpam_load_module(const char *);
-void		 openpam_clear_chains(pam_chain_t **);
+int		 openpam_configure(pam_handle_t *, const char *)
+	OPENPAM_NONNULL((1));
+int		 openpam_dispatch(pam_handle_t *, int, int)
+	OPENPAM_NONNULL((1));
+int		 openpam_findenv(pam_handle_t *, const char *, size_t)
+	OPENPAM_NONNULL((1,2));
+pam_module_t	*openpam_load_module(const char *)
+	OPENPAM_NONNULL((1));
+void		 openpam_clear_chains(pam_chain_t **)
+	OPENPAM_NONNULL((1));
 
-int		 openpam_check_desc_owner_perms(const char *, int);
-int		 openpam_check_path_owner_perms(const char *);
+int		 openpam_check_desc_owner_perms(const char *, int)
+	OPENPAM_NONNULL((1));
+int		 openpam_check_path_owner_perms(const char *)
+	OPENPAM_NONNULL((1));
 
 #ifdef OPENPAM_STATIC_MODULES
-pam_module_t	*openpam_static(const char *);
+pam_module_t	*openpam_static(const char *)
+	OPENPAM_NONNULL((1));
 #endif
-pam_module_t	*openpam_dynamic(const char *);
+pam_module_t	*openpam_dynamic(const char *)
+	OPENPAM_NONNULL((1));
 
 #define	FREE(p)					\
 	do {					\
@@ -165,11 +159,11 @@ pam_module_t	*openpam_dynamic(const char *);
 
 #define FREEV(c, v)				\
 	do {					\
-		while (c) {			\
-			--(c);			\
-			FREE((v)[(c)]);		\
+		if ((v) != NULL) {		\
+			while ((c)-- > 0)	\
+				FREE((v)[(c)]);	\
+			FREE(v);		\
 		}				\
-		FREE(v);			\
 	} while (0)
 
 #include "openpam_constants.h"

lib/libpam/openpam_load.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2013 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -52,24 +50,24 @@
  */
 
 pam_module_t *
-openpam_load_module(const char *path)
+openpam_load_module(const char *modulename)
 {
 	pam_module_t *module;
 
-	module = openpam_dynamic(path);
+	module = openpam_dynamic(modulename);
 	openpam_log(PAM_LOG_DEBUG, "%s dynamic %s",
-	    (module == NULL) ? "no" : "using", path);
+	    (module == NULL) ? "no" : "using", modulename);
 
 #ifdef OPENPAM_STATIC_MODULES
 	/* look for a static module */
-	if (module == NULL && strchr(path, '/') == NULL) {
-		module = openpam_static(path);
+	if (module == NULL && strchr(modulename, '/') == NULL) {
+		module = openpam_static(modulename);
 		openpam_log(PAM_LOG_DEBUG, "%s static %s",
-		    (module == NULL) ? "no" : "using", path);
+		    (module == NULL) ? "no" : "using", modulename);
 	}
 #endif
 	if (module == NULL) {
-		openpam_log(PAM_LOG_ERROR, "no %s found", path);
+		openpam_log(PAM_LOG_ERROR, "no %s found", modulename);
 		return (NULL);
 	}
 	return (module);
@@ -84,6 +82,7 @@ openpam_load_module(const char *path)
 static void
 openpam_release_module(pam_module_t *module)
 {
+
 	if (module == NULL)
 		return;
 	if (module->dlh == NULL)
@@ -104,6 +103,7 @@ openpam_release_module(pam_module_t *module)
 static void
 openpam_destroy_chain(pam_chain_t *chain)
 {
+
 	if (chain == NULL)
 		return;
 	openpam_destroy_chain(chain->next);

lib/libpam/openpam_log.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -48,12 +46,9 @@
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
+#include "openpam_asprintf.h"
 
-#ifdef OPENPAM_DEBUG
-int openpam_debug = 1;
-#else
 int openpam_debug = 0;
-#endif
 
 #if !defined(openpam_log)
 
@@ -68,6 +63,7 @@ openpam_log(int level, const char *fmt, ...)
 {
 	va_list ap;
 	int priority;
+	int serrno;
 
 	switch (level) {
 	case PAM_LOG_LIBDEBUG:
@@ -87,9 +83,11 @@ openpam_log(int level, const char *fmt, ...)
 		priority = LOG_ERR;
 		break;
 	}
+	serrno = errno;
 	va_start(ap, fmt);
 	vsyslog(priority, fmt, ap);
 	va_end(ap);
+	errno = serrno;
 }
 
 #else
@@ -120,8 +118,8 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
 		priority = LOG_ERR;
 		break;
 	}
-	va_start(ap, fmt);
 	serrno = errno;
+	va_start(ap, fmt);
 	if (asprintf(&format, "in %s(): %s", func, fmt) > 0) {
 		errno = serrno;
 		vsyslog(priority, format, ap);
@@ -131,6 +129,7 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
 		vsyslog(priority, fmt, ap);
 	}
 	va_end(ap);
+	errno = serrno;
 }
 
 #endif
@@ -167,4 +166,6 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
  *
  * The remaining arguments are a =printf format string and the
  * corresponding arguments.
+ *
+ * The =openpam_log function does not modify the value of :errno.
  */

lib/libpam/openpam_nullconv.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_readline.c

@@ -31,15 +31,12 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 
-#include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
 
@@ -62,11 +59,9 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
 	size_t len, size;
 	int ch;
 
-	if ((line = malloc(size = MIN_LINE_LENGTH)) == NULL) {
-		openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+	line = NULL;
+	if (openpam_straddch(&line, &size, &len, 0) != 0)
 		return (NULL);
-	}
-	len = 0;
 	for (;;) {
 		ch = fgetc(f);
 		/* strip comment */
@@ -103,7 +98,6 @@ openpam_readline(FILE *f, int *lineno, size_t *lenp)
 		goto fail;
 	if (lenp != NULL)
 		*lenp = len;
-	openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", line);
 	return (line);
 fail:
 	FREE(line);

lib/libpam/openpam_readlinev.c

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2016 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,7 +57,6 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 	wordvsize = MIN_WORDV_SIZE;
 	wordvlen = 0;
 	if ((wordv = malloc(wordvsize * sizeof *wordv)) == NULL) {
-		openpam_log(PAM_LOG_ERROR, "malloc(): %m");
 		errno = ENOMEM;
 		return (NULL);
 	}
@@ -71,7 +67,6 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 			wordvsize *= 2;
 			tmp = realloc(wordv, wordvsize * sizeof *wordv);
 			if (tmp == NULL) {
-				openpam_log(PAM_LOG_ERROR, "malloc(): %m");
 				errno = ENOMEM;
 				break;
 			}
@@ -80,6 +75,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 		/* insert our word */
 		wordv[wordvlen++] = word;
 		wordv[wordvlen] = NULL;
+		word = NULL;
 	}
 	if (errno != 0) {
 		/* I/O error or out of memory */
@@ -87,6 +83,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 		while (wordvlen--)
 			free(wordv[wordvlen]);
 		free(wordv);
+		free(word);
 		errno = serrno;
 		return (NULL);
 	}

lib/libpam/openpam_readword.c

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -56,18 +53,35 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 {
 	char *word;
 	size_t size, len;
-	int ch, comment, escape, quote;
+	int ch, escape, quote;
 	int serrno;
 
 	errno = 0;
 
 	/* skip initial whitespace */
-	comment = 0;
-	while ((ch = getc(f)) != EOF && ch != '\n') {
-		if (ch == '#')
-			comment = 1;
-		if (!is_lws(ch) && !comment)
+	escape = quote = 0;
+	while ((ch = getc(f)) != EOF) {
+		if (ch == '\n') {
+			/* either EOL or line continuation */
+			if (!escape)
+				break;
+			if (lineno != NULL)
+				++*lineno;
+			escape = 0;
+		} else if (escape) {
+			/* escaped something else */
 			break;
+		} else if (ch == '#') {
+			/* comment: until EOL, no continuation */
+			while ((ch = getc(f)) != EOF)
+				if (ch == '\n')
+					break;
+			break;
+		} else if (ch == '\\') {
+			escape = 1;
+		} else if (!is_ws(ch)) {
+			break;
+		}
 	}
 	if (ch == EOF)
 		return (NULL);
@@ -77,7 +91,6 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 
 	word = NULL;
 	size = len = 0;
-	escape = quote = 0;
 	while ((ch = fgetc(f)) != EOF && (!is_ws(ch) || quote || escape)) {
 		if (ch == '\\' && !escape && quote != '\'') {
 			/* escape next character */
@@ -86,17 +99,12 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 			/* begin quote */
 			quote = ch;
 			/* edge case: empty quoted string */
-			if (word == NULL && (word = malloc(1)) == NULL) {
-				openpam_log(PAM_LOG_ERROR, "malloc(): %m");
-				errno = ENOMEM;
+			if (openpam_straddch(&word, &size, &len, 0) != 0)
 				return (NULL);
-			}
-			*word = '\0';
-			size = 1;
 		} else if (ch == quote && !escape) {
 			/* end quote */
 			quote = 0;
-		} else if (ch == '\n' && escape && quote != '\'') {
+		} else if (ch == '\n' && escape) {
 			/* line continuation */
 			escape = 0;
 		} else {
@@ -124,7 +132,6 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 	}
 	if (ch == EOF && (escape || quote)) {
 		/* Missing escaped character or closing quote. */
-		openpam_log(PAM_LOG_ERROR, "unexpected end of file");
 		free(word);
 		errno = EINVAL;
 		return (NULL);

lib/libpam/openpam_restore_cred.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -50,6 +48,7 @@
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
+#include "openpam_cred.h"
 
 /*
  * OpenPAM extension

lib/libpam/openpam_set_feature.c

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -51,7 +48,7 @@ openpam_set_feature(int feature, int onoff)
 
 	ENTERF(feature);
 	if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_FEATURE);
 	openpam_features[feature].onoff = onoff;
 	RETURNC(PAM_SUCCESS);
 }
@@ -59,7 +56,7 @@ openpam_set_feature(int feature, int onoff)
 /*
  * Error codes:
  *
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_FEATURE
  */
 
 /**

lib/libpam/openpam_set_option.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2023 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -48,6 +46,7 @@
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
+#include "openpam_asprintf.h"
 
 /*
  * OpenPAM extension
@@ -84,6 +83,7 @@ openpam_set_option(pam_handle_t *pamh,
 		for (free(cur->optv[i]); i < cur->optc; ++i)
 			cur->optv[i] = cur->optv[i + 1];
 		cur->optv[i] = NULL;
+		--cur->optc;
 		RETURNC(PAM_SUCCESS);
 	}
 	if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0)

lib/libpam/openpam_static.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_straddch.c

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -59,26 +56,26 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
 		/* initial allocation */
 		tmpsize = MIN_STR_SIZE;
 		if ((tmpstr = malloc(tmpsize)) == NULL) {
-			openpam_log(PAM_LOG_ERROR, "malloc(): %m");
 			errno = ENOMEM;
 			return (-1);
 		}
 		*str = tmpstr;
 		*size = tmpsize;
 		*len = 0;
-	} else if (*len + 1 >= *size) {
+	} else if (ch != 0 && *len + 1 >= *size) {
 		/* additional space required */
 		tmpsize = *size * 2;
 		if ((tmpstr = realloc(*str, tmpsize)) == NULL) {
-			openpam_log(PAM_LOG_ERROR, "realloc(): %m");
 			errno = ENOMEM;
 			return (-1);
 		}
 		*size = tmpsize;
 		*str = tmpstr;
 	}
-	(*str)[*len] = ch;
-	++*len;
+	if (ch != 0) {
+		(*str)[*len] = ch;
+		++*len;
+	}
 	(*str)[*len] = '\0';
 	return (0);
 }
@@ -95,6 +92,11 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
  * The =size and =len argument point to variables used to hold the size
  * of the buffer and the length of the string it contains, respectively.
  *
+ * The final argument, =ch, is the character that should be appended to
+ * the string.  If =ch is 0, nothing is appended, but a new buffer is
+ * still allocated if =str is NULL.  This can be used to "bootstrap" the
+ * string.
+ *
  * If a new buffer is allocated or an existing buffer is reallocated to
  * make room for the additional character, =str and =size are updated
  * accordingly.
@@ -103,7 +105,7 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
  * NUL-terminated.
  *
  * If the =openpam_straddch function is successful, it increments the
- * integer variable pointed to by =len and returns 0.
+ * integer variable pointed to by =len (unless =ch was 0) and returns 0.
  * Otherwise, it leaves the variables pointed to by =str, =size and =len
  * unmodified, sets :errno to =ENOMEM and returns -1.
  *

lib/libpam/openpam_strlcat.c

@@ -0,0 +1,56 @@
+/*-
+ * Copyright (c) 2011-2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#ifndef HAVE_STRLCAT
+
+#include <stddef.h>
+
+#include "openpam_strlcat.h"
+
+/* like strcat(3), but always NUL-terminates; returns strlen(src) */
+size_t
+openpam_strlcat(char *dst, const char *src, size_t size)
+{
+	size_t len;
+
+	for (len = 0; *dst && size > 1; ++len, --size)
+		dst++;
+	for (; *src && size > 1; ++len, --size)
+		*dst++ = *src++;
+	*dst = '\0';
+	while (*src)
+		++len, ++src;
+	return (len);
+}
+
+#endif

lib/libpam/openpam_strlcat.h

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,29 +25,15 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_STRLCAT_H_INCLUDED
 #define OPENPAM_STRLCAT_H_INCLUDED
 
 #ifndef HAVE_STRLCAT
-/* like strcat(3), but always NUL-terminates; returns strlen(src) */
-static size_t
-strlcat(char *dst, const char *src, size_t size)
-{
-	size_t len;
-
-	for (len = 0; *dst && size > 1; ++len, --size)
-		dst++;
-	for (; *src && size > 1; ++len, --size)
-		*dst++ = *src++;
-	*dst = '\0';
-	while (*src)
-		++len, ++src;
-	return (len);
-}
+size_t openpam_strlcat(char *, const char *, size_t);
+#undef strlcat
+#define strlcat(arg, ...) openpam_strlcat(arg, __VA_ARGS__)
 #endif
 
 #endif

lib/libpam/openpam_strlcmp.h

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_STRLCMP_H_INCLUDED

lib/libpam/openpam_strlcpy.c

@@ -0,0 +1,54 @@
+/*-
+ * Copyright (c) 2011-2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#ifndef HAVE_STRLCPY
+
+#include <stddef.h>
+
+#include "openpam_strlcpy.h"
+
+/* like strcpy(3), but always NUL-terminates; returns strlen(src) */
+size_t
+openpam_strlcpy(char *dst, const char *src, size_t size)
+{
+	size_t len;
+
+	for (len = 0; *src && size > 1; ++len, --size)
+		*dst++ = *src++;
+	*dst = '\0';
+	while (*src)
+		++len, ++src;
+	return (len);
+}
+
+#endif

lib/libpam/openpam_strlcpy.h

@@ -6,8 +6,7 @@
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,27 +25,15 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_STRLCPY_H_INCLUDED
 #define OPENPAM_STRLCPY_H_INCLUDED
 
 #ifndef HAVE_STRLCPY
-/* like strcpy(3), but always NUL-terminates; returns strlen(src) */
-static size_t
-strlcpy(char *dst, const char *src, size_t size)
-{
-	size_t len;
-
-	for (len = 0; *src && size > 1; ++len, --size)
-		*dst++ = *src++;
-	*dst = '\0';
-	while (*src)
-		++len, ++src;
-	return (len);
-}
+size_t openpam_strlcpy(char *, const char *, size_t);
+#undef strlcpy
+#define strlcpy(arg, ...) openpam_strlcpy(arg, __VA_ARGS__)
 #endif
 
 #endif

lib/libpam/openpam_strlset.c

@@ -0,0 +1,56 @@
+/*-
+ * Copyright (c) 2014 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#ifndef HAVE_STRLSET
+
+#include <stddef.h>
+
+#include "openpam_strlset.h"
+
+/*
+ * like memset(3), but stops at the first NUL byte and NUL-terminates the
+ * result.  Returns the number of bytes that were written, not including
+ * the terminating NUL.
+ */
+size_t
+openpam_strlset(char *str, int ch, size_t size)
+{
+	size_t len;
+
+	for (len = 0; *str && size > 1; ++len, --size)
+		*str++ = ch;
+	*str = '\0';
+	return (++len);
+}
+
+#endif

lib/libpam/openpam_strlset.h

@@ -0,0 +1,39 @@
+/*-
+ * Copyright (c) 2014 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef OPENPAM_STRLSET_H_INCLUDED
+#define OPENPAM_STRLSET_H_INCLUDED
+
+#ifndef HAVE_STRLSET
+size_t openpam_strlset(char *, int, size_t);
+#undef strlset
+#define strlset(arg, ...) openpam_strlset(arg, __VA_ARGS__)
+#endif
+
+#endif

lib/libpam/openpam_subst.c

@@ -1,13 +1,12 @@
 /*-
- * Copyright (c) 2011 Dag-Erling Smørgrav
+ * Copyright (c) 2011-2023 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
+ *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
@@ -26,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -107,7 +104,8 @@ openpam_subst(const pam_handle_t *pamh,
 				subst_char('%');
 				subst_char(*template);
 			}
-			++template;
+			if (*template)
+				++template;
 		} else {
 			subst_char(*template++);
 		}

lib/libpam/openpam_ttyconv.c

@@ -0,0 +1,400 @@
+/*-
+ * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2004-2014 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <sys/types.h>
+#include <sys/poll.h>
+#include <sys/time.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+#include "openpam_strlset.h"
+
+int openpam_ttyconv_timeout = 0;
+
+static volatile sig_atomic_t caught_signal;
+
+/*
+ * Handle incoming signals during tty conversation
+ */
+static void
+catch_signal(int signo)
+{
+
+	switch (signo) {
+	case SIGINT:
+	case SIGQUIT:
+	case SIGTERM:
+		caught_signal = signo;
+		break;
+	}
+}
+
+/*
+ * Accept a response from the user on a tty
+ */
+static int
+prompt_tty(int ifd, int ofd, const char *message, char *response, int echo)
+{
+	struct sigaction action;
+	struct sigaction saction_sigint, saction_sigquit, saction_sigterm;
+	struct termios tcattr;
+	struct timeval now, target, remaining;
+	int remaining_ms;
+	tcflag_t slflag;
+	struct pollfd pfd;
+	int serrno;
+	int pos, ret;
+	char ch;
+
+	/* turn echo off if requested */
+	slflag = 0; /* prevent bogus uninitialized variable warning */
+	if (!echo) {
+		if (tcgetattr(ifd, &tcattr) != 0) {
+			openpam_log(PAM_LOG_ERROR, "tcgetattr(): %m");
+			return (-1);
+		}
+		slflag = tcattr.c_lflag;
+		tcattr.c_lflag &= ~ECHO;
+		if (tcsetattr(ifd, TCSAFLUSH, &tcattr) != 0) {
+			openpam_log(PAM_LOG_ERROR, "tcsetattr(): %m");
+			return (-1);
+		}
+	}
+
+	/* write prompt */
+	if (write(ofd, message, strlen(message)) < 0) {
+		openpam_log(PAM_LOG_ERROR, "write(): %m");
+		return (-1);
+	}
+
+	/* install signal handlers */
+	caught_signal = 0;
+	action.sa_handler = &catch_signal;
+	action.sa_flags = 0;
+	sigfillset(&action.sa_mask);
+	sigaction(SIGINT, &action, &saction_sigint);
+	sigaction(SIGQUIT, &action, &saction_sigquit);
+	sigaction(SIGTERM, &action, &saction_sigterm);
+
+	/* compute timeout */
+	if (openpam_ttyconv_timeout > 0) {
+		(void)gettimeofday(&now, NULL);
+		remaining.tv_sec = openpam_ttyconv_timeout;
+		remaining.tv_usec = 0;
+		timeradd(&now, &remaining, &target);
+	} else {
+		/* prevent bogus uninitialized variable warning */
+		now.tv_sec = now.tv_usec = 0;
+		remaining.tv_sec = remaining.tv_usec = 0;
+		target.tv_sec = target.tv_usec = 0;
+	}
+
+	/* input loop */
+	pos = 0;
+	ret = -1;
+	serrno = 0;
+	while (!caught_signal) {
+		pfd.fd = ifd;
+		pfd.events = POLLIN;
+		pfd.revents = 0;
+		if (openpam_ttyconv_timeout > 0) {
+			gettimeofday(&now, NULL);
+			if (timercmp(&now, &target, >))
+				break;
+			timersub(&target, &now, &remaining);
+			remaining_ms = remaining.tv_sec * 1000 +
+			    remaining.tv_usec / 1000;
+		} else {
+			remaining_ms = -1;
+		}
+		if ((ret = poll(&pfd, 1, remaining_ms)) < 0) {
+			serrno = errno;
+			if (errno == EINTR)
+				continue;
+			openpam_log(PAM_LOG_ERROR, "poll(): %m");
+			break;
+		} else if (ret == 0) {
+			/* timeout */
+			write(ofd, " timed out", 10);
+			openpam_log(PAM_LOG_NOTICE, "timed out");
+			break;
+		}
+		if ((ret = read(ifd, &ch, 1)) < 0) {
+			serrno = errno;
+			openpam_log(PAM_LOG_ERROR, "read(): %m");
+			break;
+		} else if (ret == 0 || ch == '\n') {
+			response[pos] = '\0';
+			ret = pos;
+			break;
+		}
+		if (pos + 1 < PAM_MAX_RESP_SIZE)
+			response[pos++] = ch;
+		/* overflow is discarded */
+	}
+
+	/* restore tty state */
+	if (!echo) {
+		tcattr.c_lflag = slflag;
+		if (tcsetattr(ifd, 0, &tcattr) != 0) {
+			/* treat as non-fatal, since we have our answer */
+			openpam_log(PAM_LOG_NOTICE, "tcsetattr(): %m");
+		}
+	}
+
+	/* restore signal handlers and re-post caught signal*/
+	sigaction(SIGINT, &saction_sigint, NULL);
+	sigaction(SIGQUIT, &saction_sigquit, NULL);
+	sigaction(SIGTERM, &saction_sigterm, NULL);
+	if (caught_signal != 0) {
+		openpam_log(PAM_LOG_ERROR, "caught signal %d",
+		    (int)caught_signal);
+		raise((int)caught_signal);
+		/* if raise() had no effect... */
+		serrno = EINTR;
+		ret = -1;
+	}
+
+	/* done */
+	write(ofd, "\n", 1);
+	errno = serrno;
+	return (ret);
+}
+
+/*
+ * Accept a response from the user on a non-tty stdin.
+ */
+static int
+prompt_notty(const char *message, char *response)
+{
+	struct timeval now, target, remaining;
+	int remaining_ms;
+	struct pollfd pfd;
+	int ch, pos, ret;
+
+	/* show prompt */
+	fputs(message, stdout);
+	fflush(stdout);
+
+	/* compute timeout */
+	if (openpam_ttyconv_timeout > 0) {
+		(void)gettimeofday(&now, NULL);
+		remaining.tv_sec = openpam_ttyconv_timeout;
+		remaining.tv_usec = 0;
+		timeradd(&now, &remaining, &target);
+	} else {
+		/* prevent bogus uninitialized variable warning */
+		now.tv_sec = now.tv_usec = 0;
+		remaining.tv_sec = remaining.tv_usec = 0;
+		target.tv_sec = target.tv_usec = 0;
+	}
+
+	/* input loop */
+	pos = 0;
+	for (;;) {
+		pfd.fd = STDIN_FILENO;
+		pfd.events = POLLIN;
+		pfd.revents = 0;
+		if (openpam_ttyconv_timeout > 0) {
+			gettimeofday(&now, NULL);
+			if (timercmp(&now, &target, >))
+				break;
+			timersub(&target, &now, &remaining);
+			remaining_ms = remaining.tv_sec * 1000 +
+			    remaining.tv_usec / 1000;
+		} else {
+			remaining_ms = -1;
+		}
+		if ((ret = poll(&pfd, 1, remaining_ms)) < 0) {
+			/* interrupt is ok, everything else -> bail */
+			if (errno == EINTR)
+				continue;
+			perror("\nopenpam_ttyconv");
+			return (-1);
+		} else if (ret == 0) {
+			/* timeout */
+			break;
+		} else {
+			/* input */
+			if ((ch = getchar()) == EOF && ferror(stdin)) {
+				perror("\nopenpam_ttyconv");
+				return (-1);
+			}
+			if (ch == EOF || ch == '\n') {
+				response[pos] = '\0';
+				return (pos);
+			}
+			if (pos + 1 < PAM_MAX_RESP_SIZE)
+				response[pos++] = ch;
+			/* overflow is discarded */
+		}
+	}
+	fputs("\nopenpam_ttyconv: timeout\n", stderr);
+	return (-1);
+}
+
+/*
+ * Determine whether stdin is a tty; if not, try to open the tty; in
+ * either case, call the appropriate method.
+ */
+static int
+prompt(const char *message, char *response, int echo)
+{
+	int ifd, ofd, ret;
+
+	if (isatty(STDIN_FILENO)) {
+		fflush(stdout);
+#ifdef HAVE_FPURGE
+		fpurge(stdin);
+#endif
+		ifd = STDIN_FILENO;
+		ofd = STDOUT_FILENO;
+	} else {
+		if ((ifd = open("/dev/tty", O_RDWR)) < 0)
+			/* no way to prevent echo */
+			return (prompt_notty(message, response));
+		ofd = ifd;
+	}
+	ret = prompt_tty(ifd, ofd, message, response, echo);
+	if (ifd != STDIN_FILENO)
+		close(ifd);
+	return (ret);
+}
+
+/*
+ * OpenPAM extension
+ *
+ * Simple tty-based conversation function
+ */
+
+int
+openpam_ttyconv(int n,
+	 const struct pam_message **msg,
+	 struct pam_response **resp,
+	 void *data)
+{
+	char respbuf[PAM_MAX_RESP_SIZE];
+	struct pam_response *aresp;
+	int i;
+
+	ENTER();
+	(void)data;
+	if (n <= 0 || n > PAM_MAX_NUM_MSG)
+		RETURNC(PAM_CONV_ERR);
+	if ((aresp = calloc(n, sizeof *aresp)) == NULL)
+		RETURNC(PAM_BUF_ERR);
+	for (i = 0; i < n; ++i) {
+		aresp[i].resp_retcode = 0;
+		aresp[i].resp = NULL;
+		switch (msg[i]->msg_style) {
+		case PAM_PROMPT_ECHO_OFF:
+			if (prompt(msg[i]->msg, respbuf, 0) < 0 ||
+			    (aresp[i].resp = strdup(respbuf)) == NULL)
+				goto fail;
+			break;
+		case PAM_PROMPT_ECHO_ON:
+			if (prompt(msg[i]->msg, respbuf, 1) < 0 ||
+			    (aresp[i].resp = strdup(respbuf)) == NULL)
+				goto fail;
+			break;
+		case PAM_ERROR_MSG:
+			fputs(msg[i]->msg, stderr);
+			if (strlen(msg[i]->msg) > 0 &&
+			    msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n')
+				fputc('\n', stderr);
+			break;
+		case PAM_TEXT_INFO:
+			fputs(msg[i]->msg, stdout);
+			if (strlen(msg[i]->msg) > 0 &&
+			    msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n')
+				fputc('\n', stdout);
+			break;
+		default:
+			goto fail;
+		}
+	}
+	*resp = aresp;
+	memset(respbuf, 0, sizeof respbuf);
+	RETURNC(PAM_SUCCESS);
+fail:
+	for (i = 0; i < n; ++i) {
+		if (aresp[i].resp != NULL) {
+			strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE);
+			FREE(aresp[i].resp);
+		}
+	}
+	memset(aresp, 0, n * sizeof *aresp);
+	FREE(aresp);
+	*resp = NULL;
+	memset(respbuf, 0, sizeof respbuf);
+	RETURNC(PAM_CONV_ERR);
+}
+
+/*
+ * Error codes:
+ *
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ */
+
+/**
+ * The =openpam_ttyconv function is a standard conversation function
+ * suitable for use on TTY devices.
+ * It should be adequate for the needs of most text-based interactive
+ * programs.
+ *
+ * The =openpam_ttyconv function allows the application to specify a
+ * timeout for user input by setting the global integer variable
+ * :openpam_ttyconv_timeout to the length of the timeout in seconds.
+ *
+ * >openpam_nullconv
+ * >pam_prompt
+ * >pam_vprompt
+ */

lib/libpam/openpam_vasprintf.c

@@ -0,0 +1,58 @@
+/*-
+ * Copyright (c) 2011-2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#ifndef HAVE_VASPRINTF
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "openpam_vasprintf.h"
+
+/* like vsprintf(3), but allocates memory for the result. */
+int
+openpam_vasprintf(char **str, const char *fmt, va_list ap)
+{
+        va_list apcopy;
+        int len, ret;
+
+        va_copy(apcopy, ap);
+        len = vsnprintf(NULL, 0, fmt, ap);
+        if ((*str = malloc(len + 1)) == NULL)
+                return (-1);
+        ret = vsnprintf(*str, len + 1, fmt, apcopy);
+        va_end(apcopy);
+        return (ret);
+}
+
+#endif

lib/libpam/openpam_vasprintf.h

@@ -0,0 +1,39 @@
+/*-
+ * Copyright (c) 2012 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef OPENPAM_VASPRINTF_H_INCLUDED
+#define OPENPAM_VASPRINTF_H_INCLUDED
+
+#ifndef HAVE_VASPRINTF
+int openpam_vasprintf(char **, const char *, va_list);
+#undef vasprintf
+#define vasprintf(arg, ...) openpam_vasprintf(arg, __VA_ARGS__)
+#endif
+
+#endif

lib/libpam/pam_acct_mgmt.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/pam_authenticate.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,7 +58,7 @@ pam_authenticate(pam_handle_t *pamh,
 
 	ENTER();
 	if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK))
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_CONSTANT);
 	r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags);
 	pam_set_item(pamh, PAM_AUTHTOK, NULL);
 	RETURNC(r);
@@ -72,7 +70,7 @@ pam_authenticate(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_authenticate
  *	!PAM_IGNORE
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_CONSTANT
  */
 
 /**
@@ -92,5 +90,5 @@ pam_authenticate(pam_handle_t *pamh,
  *		Fail if the user's authentication token is null.
  *
  * If any other bits are set, =pam_authenticate will return
- * =PAM_SYMBOL_ERR.
+ * =PAM_BAD_CONSTANT.
  */

lib/libpam/pam_authenticate_secondary.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/pam_chauthtok.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,7 +58,7 @@ pam_chauthtok(pam_handle_t *pamh,
 
 	ENTER();
 	if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK))
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_CONSTANT);
 	r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
 	    flags | PAM_PRELIM_CHECK);
 	if (r == PAM_SUCCESS)
@@ -77,7 +75,7 @@ pam_chauthtok(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_chauthtok
  *	!PAM_IGNORE
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_CONSTANT
  */
 
 /**
@@ -93,5 +91,5 @@ pam_chauthtok(pam_handle_t *pamh,
  *	=PAM_CHANGE_EXPIRED_AUTHTOK:
  *		Change only those authentication tokens that have expired.
  *
- * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR.
+ * If any other bits are set, =pam_chauthtok will return =PAM_BAD_CONSTANT.
  */

lib/libpam/pam_close_session.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,7 +58,7 @@ pam_close_session(pam_handle_t *pamh,
 
 	ENTER();
 	if (flags & ~(PAM_SILENT))
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_CONSTANT);
 	r = openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags);
 	RETURNC(r);
 }
@@ -71,7 +69,7 @@ pam_close_session(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_close_session
  *	!PAM_IGNORE
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_CONSTANT
  */
 
 /**
@@ -85,5 +83,5 @@ pam_close_session(pam_handle_t *pamh,
  *		Do not emit any messages.
  *
  * If any other bits are set, =pam_close_session will return
- * =PAM_SYMBOL_ERR.
+ * =PAM_BAD_CONSTANT.
  */

lib/libpam/pam_end.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -61,7 +59,7 @@ pam_end(pam_handle_t *pamh,
 
 	ENTER();
 	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
+		RETURNC(PAM_BAD_HANDLE);
 
 	/* clear module data */
 	while ((dp = pamh->module_data) != NULL) {
@@ -94,7 +92,7 @@ pam_end(pam_handle_t *pamh,
 /*
  * Error codes:
  *
- *	PAM_SYSTEM_ERR
+ *	PAM_BAD_HANDLE
  */
 
 /**

lib/libpam/pam_error.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/pam_get_authtok.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -48,6 +46,7 @@
 #include <security/openpam.h>
 
 #include "openpam_impl.h"
+#include "openpam_strlset.h"
 
 static const char authtok_prompt[] = "Password:";
 static const char authtok_prompt_remote[] = "Password for %u@%h:";
@@ -75,8 +74,6 @@ pam_get_authtok(pam_handle_t *pamh,
 	int pitem, r, style, twice;
 
 	ENTER();
-	if (pamh == NULL || authtok == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	*authtok = NULL;
 	twice = 0;
 	switch (item) {
@@ -105,7 +102,7 @@ pam_get_authtok(pam_handle_t *pamh,
 		twice = 0;
 		break;
 	default:
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_CONSTANT);
 	}
 	if (openpam_get_option(pamh, "try_first_pass") ||
 	    openpam_get_option(pamh, "use_first_pass")) {
@@ -113,17 +110,19 @@ pam_get_authtok(pam_handle_t *pamh,
 		if (r == PAM_SUCCESS && prevauthtok != NULL) {
 			*authtok = prevauthtok;
 			RETURNC(PAM_SUCCESS);
-		}
-		else if (openpam_get_option(pamh, "use_first_pass"))
+		} else if (openpam_get_option(pamh, "use_first_pass")) {
 			RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r);
+		}
 	}
 	/* pam policy overrides the module's choice */
 	if ((promptp = openpam_get_option(pamh, prompt_option)) != NULL)
 		prompt = promptp;
 	/* no prompt provided, see if there is one tucked away somewhere */
-	if (prompt == NULL)
-		if (pam_get_item(pamh, pitem, &promptp) && promptp != NULL)
+	if (prompt == NULL) {
+		r = pam_get_item(pamh, pitem, &promptp);
+		if (r == PAM_SUCCESS && promptp != NULL)
 			prompt = promptp;
+	}
 	/* fall back to hardcoded default */
 	if (prompt == NULL)
 		prompt = default_prompt;
@@ -140,16 +139,21 @@ pam_get_authtok(pam_handle_t *pamh,
 	if (twice) {
 		r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
 		if (r != PAM_SUCCESS) {
+			strlset(resp, 0, PAM_MAX_RESP_SIZE);
 			FREE(resp);
 			RETURNC(r);
 		}
-		if (strcmp(resp, resp2) != 0)
+		if (strcmp(resp, resp2) != 0) {
+			strlset(resp, 0, PAM_MAX_RESP_SIZE);
 			FREE(resp);
+		}
+		strlset(resp2, 0, PAM_MAX_RESP_SIZE);
 		FREE(resp2);
 	}
 	if (resp == NULL)
 		RETURNC(PAM_TRY_AGAIN);
 	r = pam_set_item(pamh, item, resp);
+	strlset(resp, 0, PAM_MAX_RESP_SIZE);
 	FREE(resp);
 	if (r != PAM_SUCCESS)
 		RETURNC(r);
@@ -164,14 +168,17 @@ pam_get_authtok(pam_handle_t *pamh,
  *	=pam_prompt
  *	=pam_set_item
  *	!PAM_SYMBOL_ERR
+ *	PAM_BAD_CONSTANT
  *	PAM_TRY_AGAIN
  */
 
 /**
- * The =pam_get_authtok function returns the cached authentication token,
- * or prompts the user if no token is currently cached.
+ * The =pam_get_authtok function either prompts the user for an
+ * authentication token or retrieves a cached authentication token,
+ * depending on circumstances.
  * Either way, a pointer to the authentication token is stored in the
- * location pointed to by the =authtok argument.
+ * location pointed to by the =authtok argument, and the corresponding PAM
+ * item is updated.
  *
  * The =item argument must have one of the following values:
  *
@@ -186,20 +193,47 @@ pam_get_authtok(pam_handle_t *pamh,
  * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item,
  * as appropriate, will be used.
  * If that item is also =NULL, a hardcoded default prompt will be used.
- * Either way, the prompt is expanded using =openpam_subst before it is
- * passed to the conversation function.
- *
- * If =pam_get_authtok is called from a module and the ;authtok_prompt /
- * ;oldauthtok_prompt option is set in the policy file, the value of that
- * option takes precedence over both the =prompt argument and the
- * =PAM_AUTHTOK_PROMPT / =PAM_OLDAUTHTOK_PROMPT item.
+ * Additionally, when =pam_get_authtok is called from a service module,
+ * the prompt may be affected by module options as described below.
+ * The prompt is then expanded using =openpam_subst before it is passed to
+ * the conversation function.
  *
  * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK
  * item, =pam_get_authtok will ask the user to confirm the new token by
  * retyping it.
  * If there is a mismatch, =pam_get_authtok will return =PAM_TRY_AGAIN.
  *
+ * MODULE OPTIONS
+ *
+ * When called by a service module, =pam_get_authtok will recognize the
+ * following module options:
+ *
+ *	;authtok_prompt:
+ *		Prompt to use when =item is set to =PAM_AUTHTOK.
+ *		This option overrides both the =prompt argument and the
+ *		=PAM_AUTHTOK_PROMPT item.
+ *	;echo_pass:
+ *		If the application's conversation function allows it, this
+ *		lets the user see what they are typing.
+ *		This should only be used for non-reusable authentication
+ *		tokens.
+ *	;oldauthtok_prompt:
+ *		Prompt to use when =item is set to =PAM_OLDAUTHTOK.
+ *		This option overrides both the =prompt argument and the
+ *		=PAM_OLDAUTHTOK_PROMPT item.
+ *	;try_first_pass:
+ *		If the requested item is non-null, return it without
+ *		prompting the user.
+ *		Typically, the service module will verify the token, and
+ *		if it does not match, clear the item before calling
+ *		=pam_get_authtok a second time.
+ *	;use_first_pass:
+ *		Do not prompt the user at all; just return the cached
+ *		value, or =PAM_AUTH_ERR if there is none.
+ *
+ * >pam_conv
  * >pam_get_item
  * >pam_get_user
+ * >openpam_get_option
  * >openpam_subst
  */

lib/libpam/pam_get_data.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,8 +58,6 @@ pam_get_data(const pam_handle_t *pamh,
 	pam_data_t *dp;
 
 	ENTERS(module_data_name);
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	for (dp = pamh->module_data; dp != NULL; dp = dp->next) {
 		if (strcmp(dp->name, module_data_name) == 0) {
 			*data = (void *)dp->data;
@@ -74,7 +70,6 @@ pam_get_data(const pam_handle_t *pamh,
 /*
  * Error codes:
  *
- *	PAM_SYSTEM_ERR
  *	PAM_NO_MODULE_DATA
  */
 

lib/libpam/pam_get_item.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -59,8 +57,6 @@ pam_get_item(const pam_handle_t *pamh,
 {
 
 	ENTERI(item_type);
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	switch (item_type) {
 	case PAM_SERVICE:
 	case PAM_USER:
@@ -78,15 +74,14 @@ pam_get_item(const pam_handle_t *pamh,
 		*item = pamh->item[item_type];
 		RETURNC(PAM_SUCCESS);
 	default:
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_ITEM);
 	}
 }
 
 /*
  * Error codes:
  *
- *	PAM_SYMBOL_ERR
- *	PAM_SYSTEM_ERR
+ *	PAM_BAD_ITEM
  */
 
 /**

lib/libpam/pam_get_mapped_authtok.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/pam_get_mapped_username.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H