Prepare to release Ximenia tomorrow.

My thanks to Robert Morris <rtm@lcs.mit.edu> for finding and reporting the bug.

.gitignore

@@ -0,0 +1,30 @@
+/aclocal.m4
+/autom4te.cache
+/compile
+/config.guess
+/config.h.in
+/config.h
+/config.log
+/config.status
+/config.sub
+/configure
+/cov
+/depcomp
+/install-sh
+/libtool
+/ltmain.sh
+/missing
+/stamp-h1
+/test-driver
+*~
+.deps
+.libs
+*.a
+*.la
+*.lo
+*.log
+*.o
+*.pc
+*.profraw
+Makefile
+Makefile.in

CREDITS

@@ -15,23 +15,28 @@ directly or indirectly, with patches, criticism, suggestions, or
 ideas:
 
 	Andrew Morgan <morgan@transmeta.com>
+	Ankita Pal <pal.ankita.ankita@gmail.com>
+	Baptiste Daroussin <bapt@freebsd.org>
 	Brian Fundakowski Feldman <green@freebsd.org>
+	Brooks Davis <brooks@freebsd.org>
 	Christos Zoulas <christos@netbsd.org>
 	Daniel Richard G. <skunk@iskunk.org>
 	Darren J. Moffat <darren.moffat@sun.com>
+	Dimitry Andric <dim@freebsd.org>
 	Dmitry V. Levin <ldv@altlinux.org>
 	Don Lewis <truckman@freebsd.org>
 	Emmanuel Dreyfus <manu@netbsd.org>
 	Eric Melville <eric@freebsd.org>
 	Espen Grøndahl <espegro@usit.uio.no>
 	Gary Winiger <gary.winiger@sun.com>
+	Gavin Atkinson <gavin@freebsd.org>
 	Gleb Smirnoff <glebius@freebsd.org>
 	Hubert Feyrer <hubert@feyrer.de>
 	Jason Evans <jasone@freebsd.org>
 	Joe Marcus Clarke <marcus@freebsd.org>
-	Juli Mallett <jmallett@freebsd.org>
-	Ankita Pal <pal.ankita.ankita@gmail.com>
 	Jörg Sonnenberger <joerg@britannica.bec.de>
+	Juli Mallett <jmallett@freebsd.org>
+	Larry Baird <lab@gta.com>
 	Maëlle Lesage <lesage.maelle@gmail.com>
 	Mark Murray <markm@freebsd.org>
 	Matthias Drochner <drochner@netbsd.org>
@@ -39,12 +44,13 @@ ideas:
 	Mikhail Teterin <mi@aldan.algebra.com>
 	Mikko Työläjärvi <mbsd@pacbell.net>
 	Nick Hibma <nick@van-laarhoven.org>
+	Patrick Bihan-Faou <patrick-fbsd@mindstep.com>
+	Robert Morris <rtm@lcs.mit.edu>
 	Robert Watson <rwatson@freebsd.org>
 	Ruslan Ermilov <ru@freebsd.org>
 	Sebastian Krahmer <sebastian.krahmer@gmail.com>
 	Solar Designer <solar@openwall.com>
 	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
+	Tim Creech <tcreech@tcreech.com>
 	Wojciech A. Koszek <wkoszek@freebsd.org>
 	Yar Tikhiy <yar@freebsd.org>
-
-$Id$

HISTORY

@@ -1,3 +1,81 @@
+OpenPAM Ximenia							2023-06-27
+
+ - BUGFIX: Fix race condition in openpam_ttyconv(3) when used with
+   expect scripts.
+
+ - BUGFIX: In openpam_set_option(3), when removing an option, properly
+   decrement the option count.
+
+ - BUGFIX: In openpam_subst(3), avoid incrementing past the end of the
+   template.
+============================================================================
+OpenPAM Tabebuia						2019-02-24
+
+ - BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
+   OpenPAM Radula.
+
+ - ENHANCE: Add unit tests for pam_{get,put,set}env(3).
+============================================================================
+OpenPAM Resedacea						2017-04-30
+
+ - BUGFIX: Reinstore the NULL check in pam_end(3) which was removed in
+   OpenPAM Radula, as it breaks common error-handling constructs.
+
+ - BUGFIX: Return PAM_SYMBOL_ERR instead of PAM_SYSTEM_ERR from the
+   dispatcher when the required service function could not be found.
+
+ - ENHANCE: Introduce the PAM_BAD_HANDLE error code for when pamh is
+   NULL in API functions that have a NULL check.
+
+ - ENHANCE: Introduce the PAM_BAD_ITEM, PAM_BAD_FEATURE and
+   PAM_BAD_CONSTANT error codes for situations where we previously
+   incorrectly used PAM_SYMBOL_ERR to denote that an invalid constant
+   had been passed to an API function.
+
+ - ENHANCE: Improve the RETURN VALUES section in API man pages,
+   especially for functions that cannot fail, which were incorrectly
+   documented as returning -1 on failure.
+============================================================================
+OpenPAM Radula							2017-02-19
+
+ - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
+   pam_get_user(3) from using application-provided custom prompts.
+
+ - BUGFIX: Plug a memory leak in pam_set_item(3).
+
+ - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
+
+ - BUGFIX: In openpam_readword(3), support line continuations within
+   whitespace.
+
+ - ENHANCE: Add a feature flag to control fallback to "other" policy.
+
+ - ENHANCE: Add a pam_return(8) module which returns an arbitrary
+   code specified in the module options.
+
+ - ENHANCE: More and better unit tests.
+============================================================================
+OpenPAM Ourouparia						2014-09-12
+
+ - ENHANCE: When executing a chain, require at least one service
+   function to succeed.  This mitigates fail-open scenarios caused by
+   misconfigurations or missing modules.
+
+ - ENHANCE: Make sure to overwrite buffers which may have contained an
+   authentication token when they're no longer needed.
+
+ - BUGFIX: Under certain circumstances, specifying a non-existent
+   module (or misspelling the name of a module) in a policy could
+   result in a fail-open scenario.  (CVE-2014-3879)
+
+ - FEATURE: Add a search path for modules.  This was implemented in
+   Nummularia but inadvertently left out of the release notes.
+
+ - BUGFIX: The is_upper() predicate only accepted the letter A as an
+   upper-case character instead of the entire A-Z range.  As a result,
+   service and module names containing upper-case letters other than A
+   would be rejected.
+============================================================================
 OpenPAM Nummularia						2013-09-07
 
  - ENHANCE: Rewrite the dynamic loader to improve readability and
@@ -97,7 +175,7 @@ OpenPAM Lycopsida						2011-12-18
    module before loading it.
 
  - ENHANCE: added / improved input validation in many cases, including
-   the policy file and some function arguments.
+   the policy file and some function arguments.  (CVE-2011-4122)
 ============================================================================
 OpenPAM Hydrangea						2007-12-21
 
@@ -427,5 +505,3 @@ Fixed a number of bugs in the previous release, including:
 OpenPAM Calamite						2002-02-09
 
 First (beta) release.
-============================================================================
-$Id$

INSTALL

@@ -54,5 +54,3 @@
   directory:
 
   # make install
-
-$Id$

LICENSE

@@ -1,6 +1,6 @@
 
 Copyright (c) 2002-2003 Networks Associates Technology, Inc.
-Copyright (c) 2004-2012 Dag-Erling Smørgrav
+Copyright (c) 2004-2023 Dag-Erling Smørgrav
 All rights reserved.
 
 This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,5 +31,3 @@ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGE.
-
-$Id$

Makefile.am

@@ -1,8 +1,6 @@
-# $Id$
-
 ACLOCAL_AMFLAGS = -I m4
 
-SUBDIRS = lib bin modules include
+SUBDIRS = misc include lib bin modules
 
 if WITH_DOC
 SUBDIRS += doc
@@ -19,3 +17,32 @@ EXTRA_DIST = \
 	RELNOTES \
 	autogen.sh \
 	misc/gendoc.pl
+
+if WITH_CODE_COVERAGE
+covdir = @abs_top_builddir@/cov
+coverage: coverage-clean all coverage-prepare coverage-run coverage-report
+coverage-clean:
+	-rm -rf "${covdir}"
+coverage-prepare:
+	mkdir "${covdir}"
+if CLANG_CODE_COVERAGE
+profdata = ${covdir}/@PACKAGE@.profdata
+# hardcoding libpam.so here is horrible, need to find a better solution
+coverage-run:
+	LLVM_PROFILE_FILE="${covdir}/@PACKAGE@.%p.raw" \
+	    ${MAKE} -C "@abs_top_builddir@" check
+coverage-report:
+	llvm-profdata@clang_ver@ merge \
+	    --sparse "${covdir}/@PACKAGE@".*.raw -o "${profdata}"
+	llvm-cov@clang_ver@ show \
+	    --format=html --tab-size=8 \
+	    --output-dir="${covdir}" \
+	    --instr-profile="${profdata}" \
+	    --object "@abs_top_builddir@/lib/libpam/.libs/libpam.so"
+	@echo "coverage report: file://${covdir}/index.html"
+endif
+else
+coverage:
+	echo "code coverage is not enabled." >&2
+	false
+endif

README

@@ -7,21 +7,4 @@ implementations disagree, OpenPAM tries to remain compatible with
 Solaris, at the expense of XSSO conformance and Linux-PAM
 compatibility.
 
-These are some of OpenPAM's features:
-
-   - Implements the complete PAM API as described in the original PAM
-     paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
-     except for mappings and secondary authentication.  Also
-     implements some extensions found in Solaris 9.
-
-   - Extends the API with several useful and time-saving functions.
-
-   - Performs strict checking of return values from service modules.
-
-   - Reads configuration from /etc/pam.d/, /etc/pam.conf,
-     /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
-     this will be made configurable in a future release.
-
 Please direct bug reports and inquiries to <des@des.no>.
-
-$Id$

RELNOTES

@@ -1,24 +1,21 @@
 
-		 Release notes for OpenPAM Nummularia
-		 ====================================
+		  Release notes for OpenPAM Ximenia
+		  =================================
 
-This release corresponds to the code used in FreeBSD HEAD as of the
-release date, and is also expected to work on almost any POSIX-like
-platform that has GNU autotools, GNU make and the GNU compiler suite
-installed.
+OpenPAM is developed primarily on FreeBSD, but is expected to work on
+almost any POSIX-like platform that has GNU autotools, GNU make and
+the GNU compiler suite installed.
 
-The distribution consists of the following components:
+The OpenPAM distribution consists of the following components:
 
  - The PAM library itself, with complete API documentation.
 
  - Sample modules (pam_permit, pam_deny and pam_unix) and a sample
-   application (su) which demonstrate how to use PAM.
+   application (su) which demonstrate how to use the PAM library.
 
  - A test application (pamtest) which can be used to test policies and
    modules.
 
- - Unit tests for limited portions of the libraries.
+ - Unit tests for limited portions of the library.
 
 Please direct bug reports and inquiries to <des@des.no>.
-
-$Id$

TODO

@@ -1,17 +1,9 @@
-Before the next release:
+- Fix try_first_pass / use_first_pass (pam_get_authtok() code &
+  documentation are slightly incorrect, OpenPAM's pam_unix(8) is
+  incorrect, all FreeBSD modules are broken)
 
- - Rewrite openpam_ttyconv(3).
-   - mostly done, needs review.
+- Add loop detection to openpam_load_chain().
 
- - Fix try_first_pass / use_first_pass (pam_get_authtok() code &
-   documentation are slightly incorrect, OpenPAM's pam_unix(8) is
-   incorrect, all FreeBSD modules are broken)
+- Complete unit tests for openpam_dispatch().
 
- - Add loop detection to openpam_load_chain().
-
- - Look into the possibility of implementing a version of (or a
-   wrapper for) openpam_log() which respects the PAM_SILENT flag and
-   the no_warn module option.  This would eliminate the need for
-   FreeBSD's _pam_verbose_error().
-
-$Id$
+- Stop using PAM_SYMBOL_ERR incorrectly.

autogen.des

@@ -1,7 +1,4 @@
 #!/bin/sh
-#
-# $Id$
-#
 
 set -ex
 
@@ -18,4 +15,5 @@ export CONFIG_SHELL=/bin/sh
 	--enable-debug \
 	--enable-developer-warnings \
 	--enable-werror \
+	--enable-code-coverage \
 	"$@"

autogen.sh

@@ -1,10 +1,7 @@
 #!/bin/sh
-#
-# $Id$
-#
 
-aclocal -I m4
 libtoolize --copy --force
+aclocal -I m4
 autoheader
-automake -a -c --foreign
+automake --add-missing --copy --foreign
 autoconf

bin/Makefile.am

@@ -1,5 +1,3 @@
-# $Id$
-
 SUBDIRS = openpam_dump_policy
 
 if WITH_PAMTEST

bin/openpam_dump_policy/.gitignore

@@ -0,0 +1 @@
+/openpam_dump_policy

bin/openpam_dump_policy/Makefile.am

@@ -1,7 +1,9 @@
-# $Id$
-
 AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/lib/libpam
 
 noinst_PROGRAMS = openpam_dump_policy
 openpam_dump_policy_SOURCES = openpam_dump_policy.c
+if WITH_SYSTEM_LIBPAM
+openpam_dump_policy_LDADD = $(SYSTEM_LIBPAM)
+else
 openpam_dump_policy_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif

bin/openpam_dump_policy/openpam_dump_policy.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2011 Dag-Erling Smørgrav
+ * Copyright (c) 2011-2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -64,7 +62,7 @@ openpam_facility_index_name(pam_facility_t fclt)
 	if (asprintf(&name, "PAM_%s", facility) == -1)
 		return (NULL);
 	for (p = name + 4; *p; ++p)
-		*p = toupper(*p);
+		*p = toupper((unsigned char)*p);
 	return (name);
 }
 

bin/pamtest/.gitignore

@@ -0,0 +1 @@
+/pamtest

bin/pamtest/Makefile.am

@@ -1,9 +1,11 @@
-# $Id$
-
 AM_CPPFLAGS = -I$(top_srcdir)/include
 
 bin_PROGRAMS = pamtest
 pamtest_SOURCES = pamtest.c
+if WITH_SYSTEM_LIBPAM
+pamtest_LDADD = $(SYSTEM_LIBPAM)
+else
 pamtest_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif
 
 dist_man1_MANS = pamtest.1

bin/pamtest/pamtest.1

@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2011 Dag-Erling Smørgrav
+.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,15 +26,13 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id$
-.\"
-.Dd September 7, 2013
+.Dd July 11, 2013
 .Dt PAMTEST 1
 .Os
 .Sh NAME
 .Nm pamtest
 .Nd PAM policy tester
-.Sh SYNOPSYS
+.Sh SYNOPSIS
 .Nm
 .Op Fl dkMPsv
 .Op Fl H Ar rhost
@@ -168,7 +166,7 @@ pamtest -v system auth account change setcred open close unsetcred
 The
 .Nm
 utility and this manual page were written by
-.An Dag-Erling Sm\(/orgrav Aq des@des.no .
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .
 .Sh BUGS
 The
 .Nm

bin/pamtest/pamtest.c

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

bin/su/.gitignore

@@ -0,0 +1 @@
+/su

bin/su/Makefile.am

@@ -1,9 +1,11 @@
-# $Id$
-
 AM_CPPFLAGS = -I$(top_srcdir)/include
 
 bin_PROGRAMS = su
 su_SOURCES = su.c
+if WITH_SYSTEM_LIBPAM
+su_LDADD = $(SYSTEM_LIBPAM)
+else
 su_LDADD = $(top_builddir)/lib/libpam/libpam.la
+endif
 
 dist_man1_MANS = su.1

bin/su/su.1

@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2011 Dag-Erling Smørgrav
+.\" Copyright (c) 2011-2017 Dag-Erling Smørgrav
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,15 +26,13 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id$
-.\"
-.Dd September 7, 2013
+.Dd November 2, 2011
 .Dt SU 1
 .Os
 .Sh NAME
 .Nm su
 .Nd switch user identity
-.Sh SYNOPSYS
+.Sh SYNOPSIS
 .Nm
 .Op Ar login Op Ar ...
 .Sh DESCRIPTION
@@ -62,4 +60,4 @@ and should not be used in production systems.
 The
 .Nm
 utility and this manual page were written by
-.An Dag-Erling Sm\(/orgrav Aq des@des.no .
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

bin/su/su.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

configure.ac

@@ -1,8 +1,5 @@
-dnl $Id$
-
-AC_PREREQ([2.62])
-AC_REVISION([$Id$])
-AC_INIT([OpenPAM], [20130907], [des@des.no], [openpam], [http://www.openpam.org/])
+AC_PREREQ([2.69])
+AC_INIT([OpenPAM], [trunk], [des@des.no], [openpam], [https://openpam.org/])
 AC_CONFIG_SRCDIR([lib/libpam/pam_start.c])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE([foreign])
@@ -10,18 +7,23 @@ AM_CONFIG_HEADER([config.h])
 
 # C compiler and features
 AC_LANG(C)
-AC_PROG_CC
+AC_PROG_CC([clang gcc cc])
 AC_PROG_CC_STDC
 AC_PROG_CPP
+AC_PROG_CXX([clang++ g++ c++])
 AC_GNU_SOURCE
 AC_C_CONST
 AC_C_RESTRICT
 AC_C_VOLATILE
+AX_COMPILER_VENDOR
 
 # libtool
 LT_PREREQ([2.2.6])
 LT_INIT([disable-static dlopen])
 
+# pkg-config
+AX_PROG_PKG_CONFIG
+
 # other programs
 AC_PROG_INSTALL
 
@@ -31,26 +33,26 @@ AC_DEFINE_UNQUOTED(LIB_MAJ, $LIB_MAJ, [OpenPAM library major number])
 
 AC_ARG_ENABLE([debug],
     AC_HELP_STRING([--enable-debug],
-	[turn debugging macros on]),
+        [turn debugging macros on]),
     AC_DEFINE(OPENPAM_DEBUG, 1, [Turn debugging macros on]))
 
 AC_ARG_ENABLE([unversioned-modules],
     AC_HELP_STRING([--disable-unversioned-modules],
-	[support loading of unversioned modules]),
+        [support loading of unversioned modules]),
     [AS_IF([test x"$enableval" = x"no"], [
-	AC_DEFINE(DISABLE_UNVERSIONED_MODULES,
-	    1,
-	    [Whether loading unversioned modules support is disabled])
+        AC_DEFINE(DISABLE_UNVERSIONED_MODULES,
+            1,
+            [Whether loading unversioned modules support is disabled])
     ])])
 
 AC_ARG_WITH([modules-dir],
     AC_HELP_STRING([--with-modules-dir=DIR],
-	[OpenPAM modules directory]),
+        [OpenPAM modules directory]),
     [AS_IF([test x"$withval" != x"no"], [
-	OPENPAM_MODULES_DIR="$withval"
-	AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR, 
-	    "${OPENPAM_MODULES_DIR%/}",
-	    [OpenPAM modules directory])
+        OPENPAM_MODULES_DIR="$withval"
+        AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR,
+            "${OPENPAM_MODULES_DIR%/}",
+            [OpenPAM modules directory])
     ])])
 AC_SUBST(OPENPAM_MODULES_DIR)
 AM_CONDITIONAL([CUSTOM_MODULES_DIR], [test x"$OPENPAM_MODULES_DIR" != x""])
@@ -62,30 +64,36 @@ AC_ARG_WITH([doc],
 AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" = x"yes"])
 
 AC_ARG_WITH([pam-unix],
-    AC_HELP_STRING([--with-pam-unix], [compile sample pam_unix(8) module]),
+    AC_HELP_STRING([--with-pam-unix], [build sample pam_unix(8) module]),
     [],
     [with_pam_unix=no])
 AM_CONDITIONAL([WITH_PAM_UNIX], [test x"$with_pam_unix" = x"yes"])
 
 AC_ARG_WITH(pamtest,
-    AC_HELP_STRING([--with-pamtest], [compile test application]),
+    AC_HELP_STRING([--with-pamtest], [build test application]),
     [],
     [with_pamtest=no])
 AM_CONDITIONAL([WITH_PAMTEST], [test x"$with_pamtest" = x"yes"])
 
 AC_ARG_WITH(su,
-    AC_HELP_STRING([--with-su], [compile sample su(1) implementation]),
+    AC_HELP_STRING([--with-su], [build sample su(1) implementation]),
     [],
     [with_su=no])
 AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"])
 
+AC_ARG_WITH(system-libpam,
+    AC_HELP_STRING([--with-system-libpam], [use system libpam]),
+    [],
+    [with_system_libpam=no])
+AM_CONDITIONAL([WITH_SYSTEM_LIBPAM], [test x"$with_system_libpam" = x"yes"])
+
 AC_CHECK_HEADERS([crypt.h])
 
 AC_CHECK_FUNCS([asprintf vasprintf])
 AC_CHECK_FUNCS([dlfunc fdlopen])
 AC_CHECK_FUNCS([fpurge])
 AC_CHECK_FUNCS([setlogmask])
-AC_CHECK_FUNCS([strlcat strlcmp strlcpy])
+AC_CHECK_FUNCS([strlcat strlcmp strlcpy strlset])
 
 saved_LIBS="${LIBS}"
 LIBS=""
@@ -96,21 +104,19 @@ AC_SUBST(DL_LIBS)
 
 saved_LIBS="${LIBS}"
 LIBS=""
-AC_CHECK_LIB([crypt], [crypt])
-CRYPT_LIBS="${LIBS}"
+AC_CHECK_LIB([pam], [pam_start])
+SYSTEM_LIBPAM="${LIBS}"
 LIBS="${saved_LIBS}"
-AC_SUBST(CRYPT_LIBS)
+AC_SUBST(SYSTEM_LIBPAM)
 
-saved_LIBS="${LIBS}"
-LIBS=""
-AC_CHECK_LIB([crypto], [HMAC_CTX_init])
-CRYPTO_LIBS="${LIBS}"
-LIBS="${saved_LIBS}"
-AC_SUBST(CRYPTO_LIBS)
+AX_PKG_CONFIG_CHECK([cryb-test],
+  [AC_MSG_NOTICE([Cryb test framework found, unit tests enabled.])],
+  [AC_MSG_WARN([Cryb test framework not found, unit tests disabled.])])
+AM_CONDITIONAL([WITH_TEST], [test x"$CRYB_TEST_LIBS" != x""])
 
 AC_ARG_ENABLE([developer-warnings],
     AS_HELP_STRING([--enable-developer-warnings], [enable strict warnings (default is NO)]),
-    [CFLAGS="${CFLAGS} -Wall -Wextra"])
+    [CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual"])
 AC_ARG_ENABLE([debugging-symbols],
     AS_HELP_STRING([--enable-debugging-symbols], [enable debugging symbols (default is NO)]),
     [CFLAGS="${CFLAGS} -O0 -g -fno-inline"])
@@ -118,6 +124,27 @@ AC_ARG_ENABLE([werror],
     AS_HELP_STRING([--enable-werror], [use -Werror (default is NO)]),
     [CFLAGS="${CFLAGS} -Werror"])
 
+AC_ARG_ENABLE([code-coverage],
+    AS_HELP_STRING([--enable-code-coverage],
+        [enable code coverage]))
+AS_IF([test x"$enable_code_coverage" = x"yes"], [
+    AM_COND_IF([WITH_TEST], [
+        AS_IF([test x"$ax_cv_c_compiler_vendor" = x"clang"], [
+            CFLAGS="${CFLAGS} -fprofile-instr-generate -fcoverage-mapping"
+            clang_code_coverage="yes"
+	    AC_SUBST([clang_ver], [${CC#clang}])
+        ], [
+            AC_MSG_ERROR([code coverage is only supported with clang])
+        ])
+        AC_DEFINE([WITH_CODE_COVERAGE], [1], [Define to 1 if code coverage is enabled])
+        AC_MSG_NOTICE([code coverage enabled])
+    ], [
+        AC_MSG_ERROR([code coverage requires unit tests])
+    ])
+])
+AM_CONDITIONAL([WITH_CODE_COVERAGE], [test x"$enable_code_coverage" = x"yes"])
+AM_CONDITIONAL([CLANG_CODE_COVERAGE], [test x"$clang_code_coverage" = x"yes"])
+
 AC_CONFIG_FILES([
     Makefile
     bin/Makefile
@@ -126,16 +153,18 @@ AC_CONFIG_FILES([
     bin/su/Makefile
     doc/Makefile
     doc/man/Makefile
+    freebsd/Makefile
     include/Makefile
     include/security/Makefile
     lib/Makefile
     lib/libpam/Makefile
+    misc/Makefile
     modules/Makefile
     modules/pam_deny/Makefile
     modules/pam_permit/Makefile
+    modules/pam_return/Makefile
     modules/pam_unix/Makefile
     t/Makefile
 ])
-AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb])
-AC_CONFIG_FILES([mkpkgng],[chmod +x mkpkgng])
+AC_CONFIG_FILES([misc/coverity.sh],[chmod +x misc/coverity.sh])
 AC_OUTPUT

doc/Makefile.am

@@ -1,3 +1 @@
-# $Id$
-
 SUBDIRS = man

doc/man/.gitignore

@@ -0,0 +1,2 @@
+/*.3
+!/pam_conv.3

doc/man/Makefile.am

@@ -1,9 +1,7 @@
-# $Id$
-
 NULL =
 
 # Standard PAM API
-PMAN = \
+PAM_MAN = \
 	pam_acct_mgmt.3 \
 	pam_authenticate.3 \
 	pam_chauthtok.3 \
@@ -24,7 +22,7 @@ PMAN = \
 	$(NULL)
 
 # Standard module API
-MMAN = \
+MOD_MAN = \
 	pam_sm_acct_mgmt.3 \
 	pam_sm_authenticate.3 \
 	pam_sm_chauthtok.3 \
@@ -34,7 +32,7 @@ MMAN = \
 	$(NULL)
 
 # OpenPAM extensions
-OMAN = \
+OPENPAM_MAN = \
 	openpam_borrow_cred.3 \
 	openpam_free_data.3 \
 	openpam_free_envlist.3 \
@@ -63,8 +61,13 @@ OMAN = \
 
 EXTRA_DIST = openpam.man pam.man
 
-ALLCMAN = $(PMAN) $(MMAN) $(OMAN)
-GENMAN = $(ALLCMAN) openpam.3 pam.3
+if !WITH_SYSTEM_LIBPAM
+PAMCMAN = $(PAM_MAN) $(MOD_MAN) $(OPENPAM_MAN)
+PAMXMAN = openpam.3 pam.3
+endif
+
+ALLCMAN = $(PAMCMAN)
+GENMAN = $(ALLCMAN) $(PAMXMAN)
 
 dist_man3_MANS = $(GENMAN) pam_conv.3
 
@@ -74,9 +77,9 @@ CLEANFILES = $(GENMAN)
 
 GENDOC = $(top_srcdir)/misc/gendoc.pl
 
-LIBSRCDIR = $(top_srcdir)/lib/libpam
+LIBPAMSRCDIR = $(top_srcdir)/lib/libpam
 
-VPATH = $(LIBSRCDIR) $(srcdir)
+VPATH = $(LIBPAMSRCDIR) $(srcdir)
 
 SUFFIXES = .3
 

doc/man/openpam.man

@@ -1,6 +1,3 @@
-.\"
-.\" $Id$
-.\"
 .Sh DESCRIPTION
 These functions are OpenPAM extensions to the PAM API.
 Those named

doc/man/pam.conf.5

@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2005-2011 Dag-Erling Smørgrav
+.\" Copyright (c) 2005-2017 Dag-Erling Smørgrav
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,9 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id$
-.\"
-.Dd September 7, 2013
+.Dd March 17, 2013
 .Dt PAM.CONF 5
 .Os
 .Sh NAME
@@ -212,4 +210,4 @@ DARPA/SPAWAR contract N66001-01-C-8035
 as part of the DARPA CHATS research program.
 .Pp
 The OpenPAM library is maintained by
-.An Dag-Erling Sm\(/orgrav Aq des@des.no .
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

doc/man/pam.man

@@ -1,6 +1,3 @@
-.\"
-.\" $Id$
-.\"
 .Sh DESCRIPTION
 The Pluggable Authentication Modules (PAM) library abstracts a number
 of common authentication-related operations and provides a framework

doc/man/pam_conv.3

@@ -1,6 +1,6 @@
 .\"-
 .\" Copyright (c) 2002-2003 Networks Associates Technology, Inc.
-.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
+.\" Copyright (c) 2004-2017 Dag-Erling Smørgrav
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,9 +32,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $Id$
-.\"
-.Dd September 7, 2013
+.Dd June 16, 2005
 .Dt PAM_CONV 3
 .Os
 .Sh NAME
@@ -76,7 +74,7 @@ item.
 .Pp
 The conversation function's first argument specifies the number of
 messages (up to
-.Dv PAM_NUM_MSG )
+.Dv PAM_MAX_NUM_MSG )
 to process.
 The second argument is a pointer to an array of pointers to
 .Vt pam_message
@@ -183,4 +181,4 @@ DARPA/SPAWAR contract N66001-01-C-8035
 as part of the DARPA CHATS research program.
 .Pp
 The OpenPAM library is maintained by
-.An Dag-Erling Sm\(/orgrav Aq des@des.no .
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

doc/xsso_errata.txt

@@ -1,5 +1,3 @@
-$Id$
-
 Errata in XSSO, chapter 5:
 
 p. 25:	the first member of struct pam_response is named "resp", not

freebsd/.gitignore

@@ -0,0 +1,2 @@
+!/Makefile.in
+/work

freebsd/Makefile.in

@@ -0,0 +1,33 @@
+# $FreeBSD: portlint$
+
+PORTNAME=	@PACKAGE_TARNAME@
+PORTVERSION=	@PACKAGE_VERSION@
+CATEGORIES=	security devel
+MASTER_SITES=	#
+DISTFILES=	#
+
+MAINTAINER=	@PACKAGE_BUGREPORT@
+COMMENT=	BSD-licensed implementation of Pluggable Authentication Modules
+
+LICENSE=	BSD3CLAUSE
+
+USES=		gmake libtool pkgconfig
+USE_LDCONFIG=	yes
+GNU_CONFIGURE=	yes
+INSTALL_TARGET=	install-strip
+TEST_TARGET=	check
+
+DESCR=		${WRKDIR}/pkg-descr
+
+do-extract:
+	(cd @abs_top_srcdir@ && \
+	    ${GMAKE} distdir && ${MV} ${PKGNAME} ${WRKDIR})
+	(${CAT} ${WRKSRC}/README && ${ECHO} && \
+	    ${ECHO} "WWW: @PACKAGE_URL@") >${DESCR}
+
+post-stage:
+	(cd ${STAGEDIR} && \
+	    ${FIND} -s . -type f -or -type l | cut -c 2- | \
+	    ${SED} -E '/\/man\//s/([0-9])$$/\1.gz/') >>${TMPPLIST}
+
+.include <bsd.port.mk>

include/Makefile.am

@@ -1,3 +1 @@
-# $Id$
-
 SUBDIRS = security

include/security/Makefile.am

@@ -1,5 +1,3 @@
-# $Id$
-
 securitydir = $(includedir)/security
 
 security_HEADERS = \

include/security/openpam.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_OPENPAM_H_INCLUDED
@@ -186,6 +184,7 @@ enum {
 	OPENPAM_VERIFY_POLICY_FILE,
 	OPENPAM_RESTRICT_MODULE_NAME,
 	OPENPAM_VERIFY_MODULE_FILE,
+	OPENPAM_FALLBACK_TO_OTHER,
 	OPENPAM_NUM_FEATURES
 };
 

include/security/openpam_attr.h

@@ -1,7 +1,3 @@
-/*
- * $Id$
- */
-
 #ifndef SECURITY_OPENPAM_ATTR_H_INCLUDED
 #define SECURITY_OPENPAM_ATTR_H_INCLUDED
 

include/security/openpam_version.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2023 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,15 +31,13 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_OPENPAM_VERSION_H_INCLUDED
 #define SECURITY_OPENPAM_VERSION_H_INCLUDED
 
 #define OPENPAM
-#define OPENPAM_VERSION	20130907
-#define OPENPAM_RELEASE	"Nummularia"
+#define OPENPAM_VERSION	20230627
+#define OPENPAM_RELEASE	"Ximenia"
 
 #endif /* !SECURITY_OPENPAM_VERSION_H_INCLUDED */

include/security/pam_appl.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_PAM_APPL_H_INCLUDED

include/security/pam_constants.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_PAM_CONSTANTS_H_INCLUDED
@@ -78,6 +76,10 @@ enum {
 	PAM_TRY_AGAIN			=  27,
 	PAM_MODULE_UNKNOWN		=  28,
 	PAM_DOMAIN_UNKNOWN		=  29,
+	PAM_BAD_HANDLE			=  30,		/* OpenPAM extension */
+	PAM_BAD_ITEM			=  31,		/* OpenPAM extension */
+	PAM_BAD_FEATURE			=  32,		/* OpenPAM extension */
+	PAM_BAD_CONSTANT		=  33,		/* OpenPAM extension */
 	PAM_NUM_ERRORS					/* OpenPAM extension */
 };
 

include/security/pam_modules.h

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_PAM_MODULES_H_INCLUDED

include/security/pam_types.h

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef SECURITY_PAM_TYPES_H_INCLUDED

lib/Makefile.am

@@ -1,3 +1,5 @@
-# $Id$
+SUBDIRS =
 
-SUBDIRS = libpam
+if !WITH_SYSTEM_LIBPAM
+SUBDIRS += libpam
+endif

lib/libpam/Makefile.am

@@ -1,5 +1,3 @@
-# $Id$
-
 NULL =
 
 AM_CPPFLAGS = -I$(top_srcdir)/include
@@ -18,6 +16,7 @@ noinst_HEADERS = \
 	openpam_strlcat.h \
 	openpam_strlcmp.h \
 	openpam_strlcpy.h \
+	openpam_strlset.h \
 	openpam_vasprintf.h
 
 libpam_la_SOURCES = \
@@ -44,9 +43,10 @@ libpam_la_SOURCES = \
 	openpam_set_option.c \
 	openpam_set_feature.c \
 	openpam_static.c \
+	openpam_straddch.c \
 	openpam_strlcat.c \
 	openpam_strlcpy.c \
-	openpam_straddch.c \
+	openpam_strlset.c \
 	openpam_subst.c \
 	openpam_vasprintf.c \
 	openpam_ttyconv.c \
@@ -77,8 +77,8 @@ libpam_la_SOURCES = \
 	pam_vprompt.c \
 	$(NULL)
 
-libpam_la_LDFLAGS = -no-undefined -version-info @LIB_MAJ@
-libpam_la_LIBADD = @DL_LIBS@
+libpam_la_LDFLAGS = -no-undefined -version-info $(LIB_MAJ)
+libpam_la_LIBADD = $(DL_LIBS)
 
 EXTRA_DIST = \
 	pam_authenticate_secondary.c \

lib/libpam/openpam_asprintf.c

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_asprintf.h

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_ASPRINTF_H_INCLUDED

lib/libpam/openpam_borrow_cred.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_check_owner_perms.c

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_configure.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2012 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -193,6 +191,7 @@ openpam_parse_chain(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_ERROR,
 			    "%s(%d): missing or invalid facility",
 			    filename, lineno);
+			errno = EINVAL;
 			goto fail;
 		}
 		if (facility != fclt && facility != PAM_FACILITY_ANY) {
@@ -208,18 +207,28 @@ openpam_parse_chain(pam_handle_t *pamh,
 				openpam_log(PAM_LOG_ERROR,
 				    "%s(%d): missing or invalid service name",
 				    filename, lineno);
+				errno = EINVAL;
 				goto fail;
 			}
 			if (wordv[i] != NULL) {
 				openpam_log(PAM_LOG_ERROR,
 				    "%s(%d): garbage at end of line",
 				    filename, lineno);
+				errno = EINVAL;
 				goto fail;
 			}
 			ret = openpam_load_chain(pamh, servicename, fclt);
 			FREEV(wordc, wordv);
-			if (ret < 0)
+			if (ret < 0) {
+				/*
+				 * Bogus errno, but this ensures that the
+				 * outer loop does not just ignore the
+				 * error and keep searching.
+				 */
+				if (errno == ENOENT)
+					errno = EINVAL;
 				goto fail;
+			}
 			continue;
 		}
 
@@ -229,6 +238,7 @@ openpam_parse_chain(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_ERROR,
 			    "%s(%d): missing or invalid control flag",
 			    filename, lineno);
+			errno = EINVAL;
 			goto fail;
 		}
 
@@ -238,6 +248,7 @@ openpam_parse_chain(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_ERROR,
 			    "%s(%d): missing or invalid module name",
 			    filename, lineno);
+			errno = EINVAL;
 			goto fail;
 		}
 
@@ -247,8 +258,11 @@ openpam_parse_chain(pam_handle_t *pamh,
 		this->flag = ctlf;
 
 		/* load module */
-		if ((this->module = openpam_load_module(modulename)) == NULL)
+		if ((this->module = openpam_load_module(modulename)) == NULL) {
+			if (errno == ENOENT)
+				errno = ENOEXEC;
 			goto fail;
+		}
 
 		/*
 		 * The remaining items in wordv are the module's
@@ -281,7 +295,11 @@ openpam_parse_chain(pam_handle_t *pamh,
 	 * The loop ended because openpam_readword() returned NULL, which
 	 * can happen for four different reasons: an I/O error (ferror(f)
 	 * is true), a memory allocation failure (ferror(f) is false,
-	 * errno is non-zero)
+	 * feof(f) is false, errno is non-zero), the file ended with an
+	 * unterminated quote or backslash escape (ferror(f) is false,
+	 * feof(f) is true, errno is non-zero), or the end of the file was
+	 * reached without error (ferror(f) is false, feof(f) is true,
+	 * errno is zero).
 	 */
 	if (ferror(f) || errno != 0)
 		goto syserr;
@@ -390,6 +408,10 @@ openpam_load_chain(pam_handle_t *pamh,
 	for (path = openpam_policy_path; *path != NULL; ++path) {
 		/* construct filename */
 		len = strlcpy(filename, *path, sizeof filename);
+		if (len >= sizeof filename) {
+			errno = ENAMETOOLONG;
+			RETURNN(-1);
+		}
 		if (filename[len - 1] == '/') {
 			len = strlcat(filename, service, sizeof filename);
 			if (len >= sizeof filename) {
@@ -402,6 +424,9 @@ openpam_load_chain(pam_handle_t *pamh,
 		}
 		ret = openpam_load_file(pamh, service, facility,
 		    filename, style);
+		/* success */
+		if (ret > 0)
+			RETURNN(ret);
 		/* the file exists, but an error occurred */
 		if (ret == -1 && errno != ENOENT)
 			RETURNN(ret);
@@ -411,7 +436,8 @@ openpam_load_chain(pam_handle_t *pamh,
 	}
 
 	/* no hit */
-	RETURNN(0);
+	errno = ENOENT;
+	RETURNN(-1);
 }
 
 /*
@@ -432,13 +458,17 @@ openpam_configure(pam_handle_t *pamh,
 		openpam_log(PAM_LOG_ERROR, "invalid service name");
 		RETURNC(PAM_SYSTEM_ERR);
 	}
-	if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0)
-		goto load_err;
+	if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) {
+		if (errno != ENOENT)
+			goto load_err;
+	}
 	for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) {
 		if (pamh->chains[fclt] != NULL)
 			continue;
-		if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
-			goto load_err;
+		if (OPENPAM_FEATURE(FALLBACK_TO_OTHER)) {
+			if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0)
+				goto load_err;
+		}
 	}
 	RETURNC(PAM_SUCCESS);
 load_err:

lib/libpam/openpam_constants.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -44,86 +42,126 @@
 #include "openpam_impl.h"
 
 const char *pam_err_name[PAM_NUM_ERRORS] = {
-	"PAM_SUCCESS",
-	"PAM_OPEN_ERR",
-	"PAM_SYMBOL_ERR",
-	"PAM_SERVICE_ERR",
-	"PAM_SYSTEM_ERR",
-	"PAM_BUF_ERR",
-	"PAM_CONV_ERR",
-	"PAM_PERM_DENIED",
-	"PAM_MAXTRIES",
-	"PAM_AUTH_ERR",
-	"PAM_NEW_AUTHTOK_REQD",
-	"PAM_CRED_INSUFFICIENT",
-	"PAM_AUTHINFO_UNAVAIL",
-	"PAM_USER_UNKNOWN",
-	"PAM_CRED_UNAVAIL",
-	"PAM_CRED_EXPIRED",
-	"PAM_CRED_ERR",
-	"PAM_ACCT_EXPIRED",
-	"PAM_AUTHTOK_EXPIRED",
-	"PAM_SESSION_ERR",
-	"PAM_AUTHTOK_ERR",
-	"PAM_AUTHTOK_RECOVERY_ERR",
-	"PAM_AUTHTOK_LOCK_BUSY",
-	"PAM_AUTHTOK_DISABLE_AGING",
-	"PAM_NO_MODULE_DATA",
-	"PAM_IGNORE",
-	"PAM_ABORT",
-	"PAM_TRY_AGAIN",
-	"PAM_MODULE_UNKNOWN",
-	"PAM_DOMAIN_UNKNOWN"
+	[PAM_SUCCESS]			 = "PAM_SUCCESS",
+	[PAM_OPEN_ERR]			 = "PAM_OPEN_ERR",
+	[PAM_SYMBOL_ERR]		 = "PAM_SYMBOL_ERR",
+	[PAM_SERVICE_ERR]		 = "PAM_SERVICE_ERR",
+	[PAM_SYSTEM_ERR]		 = "PAM_SYSTEM_ERR",
+	[PAM_BUF_ERR]			 = "PAM_BUF_ERR",
+	[PAM_CONV_ERR]			 = "PAM_CONV_ERR",
+	[PAM_PERM_DENIED]		 = "PAM_PERM_DENIED",
+	[PAM_MAXTRIES]			 = "PAM_MAXTRIES",
+	[PAM_AUTH_ERR]			 = "PAM_AUTH_ERR",
+	[PAM_NEW_AUTHTOK_REQD]		 = "PAM_NEW_AUTHTOK_REQD",
+	[PAM_CRED_INSUFFICIENT]		 = "PAM_CRED_INSUFFICIENT",
+	[PAM_AUTHINFO_UNAVAIL]		 = "PAM_AUTHINFO_UNAVAIL",
+	[PAM_USER_UNKNOWN]		 = "PAM_USER_UNKNOWN",
+	[PAM_CRED_UNAVAIL]		 = "PAM_CRED_UNAVAIL",
+	[PAM_CRED_EXPIRED]		 = "PAM_CRED_EXPIRED",
+	[PAM_CRED_ERR]			 = "PAM_CRED_ERR",
+	[PAM_ACCT_EXPIRED]		 = "PAM_ACCT_EXPIRED",
+	[PAM_AUTHTOK_EXPIRED]		 = "PAM_AUTHTOK_EXPIRED",
+	[PAM_SESSION_ERR]		 = "PAM_SESSION_ERR",
+	[PAM_AUTHTOK_ERR]		 = "PAM_AUTHTOK_ERR",
+	[PAM_AUTHTOK_RECOVERY_ERR]	 = "PAM_AUTHTOK_RECOVERY_ERR",
+	[PAM_AUTHTOK_LOCK_BUSY]		 = "PAM_AUTHTOK_LOCK_BUSY",
+	[PAM_AUTHTOK_DISABLE_AGING]	 = "PAM_AUTHTOK_DISABLE_AGING",
+	[PAM_NO_MODULE_DATA]		 = "PAM_NO_MODULE_DATA",
+	[PAM_IGNORE]			 = "PAM_IGNORE",
+	[PAM_ABORT]			 = "PAM_ABORT",
+	[PAM_TRY_AGAIN]			 = "PAM_TRY_AGAIN",
+	[PAM_MODULE_UNKNOWN]		 = "PAM_MODULE_UNKNOWN",
+	[PAM_DOMAIN_UNKNOWN]		 = "PAM_DOMAIN_UNKNOWN",
+	[PAM_BAD_HANDLE]		 = "PAM_BAD_HANDLE",
+	[PAM_BAD_ITEM]			 = "PAM_BAD_ITEM",
+	[PAM_BAD_FEATURE]		 = "PAM_BAD_FEATURE",
+	[PAM_BAD_CONSTANT]		 = "PAM_BAD_CONSTANT",
+};
+
+const char *pam_err_text[PAM_NUM_ERRORS] = {
+	[PAM_SUCCESS]			 = "Success",
+	[PAM_OPEN_ERR]			 = "Failed to load module",
+	[PAM_SYMBOL_ERR]		 = "Invalid symbol",
+	[PAM_SERVICE_ERR]		 = "Error in service module",
+	[PAM_SYSTEM_ERR]		 = "System error",
+	[PAM_BUF_ERR]			 = "Memory buffer error",
+	[PAM_CONV_ERR]			 = "Conversation failure",
+	[PAM_PERM_DENIED]		 = "Permission denied",
+	[PAM_MAXTRIES]			 = "Maximum number of tries exceeded",
+	[PAM_AUTH_ERR]			 = "Authentication error",
+	[PAM_NEW_AUTHTOK_REQD]		 = "New authentication token required",
+	[PAM_CRED_INSUFFICIENT]		 = "Insufficient credentials",
+	[PAM_AUTHINFO_UNAVAIL]		 = "Authentication information is unavailable",
+	[PAM_USER_UNKNOWN]		 = "Unknown user",
+	[PAM_CRED_UNAVAIL]		 = "Failed to retrieve user credentials",
+	[PAM_CRED_EXPIRED]		 = "User credentials have expired",
+	[PAM_CRED_ERR]			 = "Failed to set user credentials",
+	[PAM_ACCT_EXPIRED]		 = "User account has expired",
+	[PAM_AUTHTOK_EXPIRED]		 = "Password has expired",
+	[PAM_SESSION_ERR]		 = "Session failure",
+	[PAM_AUTHTOK_ERR]		 = "Authentication token failure",
+	[PAM_AUTHTOK_RECOVERY_ERR]	 = "Failed to recover old authentication token",
+	[PAM_AUTHTOK_LOCK_BUSY]		 = "Authentication token lock busy",
+	[PAM_AUTHTOK_DISABLE_AGING]	 = "Authentication token aging disabled",
+	[PAM_NO_MODULE_DATA]		 = "Module data not found",
+	[PAM_IGNORE]			 = "Ignore this module",
+	[PAM_ABORT]			 = "General failure",
+	[PAM_TRY_AGAIN]			 = "Try again",
+	[PAM_MODULE_UNKNOWN]		 = "Unknown module type",
+	[PAM_DOMAIN_UNKNOWN]		 = "Unknown authentication domain",
+	[PAM_BAD_HANDLE]		 = "Invalid PAM handle",
+	[PAM_BAD_ITEM]			 = "Unrecognized or restricted item",
+	[PAM_BAD_FEATURE]		 = "Unrecognized or restricted feature",
+	[PAM_BAD_CONSTANT]		 = "Invalid constant",
 };
 
 const char *pam_item_name[PAM_NUM_ITEMS] = {
-	"(NO ITEM)",
-	"PAM_SERVICE",
-	"PAM_USER",
-	"PAM_TTY",
-	"PAM_RHOST",
-	"PAM_CONV",
-	"PAM_AUTHTOK",
-	"PAM_OLDAUTHTOK",
-	"PAM_RUSER",
-	"PAM_USER_PROMPT",
-	"PAM_REPOSITORY",
-	"PAM_AUTHTOK_PROMPT",
-	"PAM_OLDAUTHTOK_PROMPT",
-	"PAM_HOST",
+	[PAM_SERVICE]		 = "PAM_SERVICE",
+	[PAM_USER]		 = "PAM_USER",
+	[PAM_TTY]		 = "PAM_TTY",
+	[PAM_RHOST]		 = "PAM_RHOST",
+	[PAM_CONV]		 = "PAM_CONV",
+	[PAM_AUTHTOK]		 = "PAM_AUTHTOK",
+	[PAM_OLDAUTHTOK]	 = "PAM_OLDAUTHTOK",
+	[PAM_RUSER]		 = "PAM_RUSER",
+	[PAM_USER_PROMPT]	 = "PAM_USER_PROMPT",
+	[PAM_REPOSITORY]	 = "PAM_REPOSITORY",
+	[PAM_AUTHTOK_PROMPT]	 = "PAM_AUTHTOK_PROMPT",
+	[PAM_OLDAUTHTOK_PROMPT]	 = "PAM_OLDAUTHTOK_PROMPT",
+	[PAM_HOST]		 = "PAM_HOST",
 };
 
 const char *pam_facility_name[PAM_NUM_FACILITIES] = {
-	[PAM_ACCOUNT]		= "account",
-	[PAM_AUTH]		= "auth",
-	[PAM_PASSWORD]		= "password",
-	[PAM_SESSION]		= "session",
+	[PAM_ACCOUNT]		 = "account",
+	[PAM_AUTH]		 = "auth",
+	[PAM_PASSWORD]		 = "password",
+	[PAM_SESSION]		 = "session",
 };
 
 const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
-	[PAM_BINDING]		= "binding",
-	[PAM_OPTIONAL]		= "optional",
-	[PAM_REQUIRED]		= "required",
-	[PAM_REQUISITE]		= "requisite",
-	[PAM_SUFFICIENT]	= "sufficient",
+	[PAM_BINDING]		 = "binding",
+	[PAM_OPTIONAL]		 = "optional",
+	[PAM_REQUIRED]		 = "required",
+	[PAM_REQUISITE]		 = "requisite",
+	[PAM_SUFFICIENT]	 = "sufficient",
 };
 
 const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
-	"pam_authenticate",
-	"pam_setcred",
-	"pam_acct_mgmt",
-	"pam_open_session",
-	"pam_close_session",
-	"pam_chauthtok"
+	[PAM_SM_AUTHENTICATE]	 = "pam_authenticate",
+	[PAM_SM_SETCRED]	 = "pam_setcred",
+	[PAM_SM_ACCT_MGMT]	 = "pam_acct_mgmt",
+	[PAM_SM_OPEN_SESSION]	 = "pam_open_session",
+	[PAM_SM_CLOSE_SESSION]	 = "pam_close_session",
+	[PAM_SM_CHAUTHTOK]	 = "pam_chauthtok"
 };
 
 const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
-	"pam_sm_authenticate",
-	"pam_sm_setcred",
-	"pam_sm_acct_mgmt",
-	"pam_sm_open_session",
-	"pam_sm_close_session",
-	"pam_sm_chauthtok"
+	[PAM_SM_AUTHENTICATE]	 = "pam_sm_authenticate",
+	[PAM_SM_SETCRED]	 = "pam_sm_setcred",
+	[PAM_SM_ACCT_MGMT]	 = "pam_sm_acct_mgmt",
+	[PAM_SM_OPEN_SESSION]	 = "pam_sm_open_session",
+	[PAM_SM_CLOSE_SESSION]	 = "pam_sm_close_session",
+	[PAM_SM_CHAUTHTOK]	 = "pam_sm_chauthtok"
 };
 
 const char *openpam_policy_path[] = {

lib/libpam/openpam_constants.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2011 Dag-Erling Smørgrav
+ * Copyright (c) 2011-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,14 +25,13 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_CONSTANTS_H_INCLUDED
 #define OPENPAM_CONSTANTS_H_INCLUDED
 
 extern const char *pam_err_name[PAM_NUM_ERRORS];
+extern const char *pam_err_text[PAM_NUM_ERRORS];
 extern const char *pam_item_name[PAM_NUM_ITEMS];
 extern const char *pam_facility_name[PAM_NUM_FACILITIES];
 extern const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS];

lib/libpam/openpam_cred.h

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_CRED_H_INCLUDED

lib/libpam/openpam_ctype.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_CTYPE_H_INCLUDED
@@ -38,11 +36,19 @@
 #define is_digit(ch)				\
 	(ch >= '0' && ch <= '9')
 
+/*
+ * Evaluates to non-zero if the argument is a hex digit.
+ */
+#define is_xdigit(ch)				\
+	((ch >= '0' && ch <= '9') ||		\
+	 (ch >= 'a' && ch <= 'f') ||		\
+	 (ch >= 'A' && ch <= 'F'))
+
 /*
  * Evaluates to non-zero if the argument is an uppercase letter.
  */
 #define is_upper(ch)				\
-	(ch >= 'A' && ch <= 'A')
+	(ch >= 'A' && ch <= 'Z')
 
 /*
  * Evaluates to non-zero if the argument is a lowercase letter.

lib/libpam/openpam_debug.h

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_DEBUG_H_INCLUDED

lib/libpam/openpam_dispatch.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -41,6 +39,8 @@
 
 #include <sys/param.h>
 
+#include <stdint.h>
+
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
@@ -63,12 +63,10 @@ openpam_dispatch(pam_handle_t *pamh,
 	int flags)
 {
 	pam_chain_t *chain;
-	int err, fail, r;
+	int err, fail, nsuccess, r;
 	int debug;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 
 	/* prevent recursion */
 	if (pamh->current != NULL) {
@@ -101,11 +99,13 @@ openpam_dispatch(pam_handle_t *pamh,
 	}
 
 	/* execute */
-	for (err = fail = 0; chain != NULL; chain = chain->next) {
+	err = PAM_SUCCESS;
+	fail = nsuccess = 0;
+	for (; chain != NULL; chain = chain->next) {
 		if (chain->module->func[primitive] == NULL) {
 			openpam_log(PAM_LOG_ERROR, "%s: no %s()",
 			    chain->module->path, pam_sm_func_name[primitive]);
-			r = PAM_SYSTEM_ERR;
+			r = PAM_SYMBOL_ERR;
 		} else {
 			pamh->primitive = primitive;
 			pamh->current = chain;
@@ -115,7 +115,7 @@ openpam_dispatch(pam_handle_t *pamh,
 			openpam_log(PAM_LOG_LIBDEBUG, "calling %s() in %s",
 			    pam_sm_func_name[primitive], chain->module->path);
 			r = (chain->module->func[primitive])(pamh, flags,
-			    chain->optc, (const char **)chain->optv);
+			    chain->optc, (const char **)(intptr_t)chain->optv);
 			pamh->current = NULL;
 			openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s",
 			    chain->module->path, pam_sm_func_name[primitive],
@@ -127,6 +127,7 @@ openpam_dispatch(pam_handle_t *pamh,
 		if (r == PAM_IGNORE)
 			continue;
 		if (r == PAM_SUCCESS) {
+			++nsuccess;
 			/*
 			 * For pam_setcred() and pam_chauthtok() with the
 			 * PAM_PRELIM_CHECK flag, treat "sufficient" as
@@ -148,7 +149,7 @@ openpam_dispatch(pam_handle_t *pamh,
 		 * fail.  If a required module fails, record the
 		 * return code from the first required module to fail.
 		 */
-		if (err == 0)
+		if (err == PAM_SUCCESS)
 			err = r;
 		if ((chain->flag == PAM_REQUIRED ||
 		    chain->flag == PAM_BINDING) && !fail) {
@@ -170,6 +171,18 @@ openpam_dispatch(pam_handle_t *pamh,
 
 	if (!fail && err != PAM_NEW_AUTHTOK_REQD)
 		err = PAM_SUCCESS;
+
+	/*
+	 * Require the chain to be non-empty, and at least one module
+	 * in the chain to be successful, so that we don't fail open.
+	 */
+	if (err == PAM_SUCCESS && nsuccess < 1) {
+		openpam_log(PAM_LOG_ERROR,
+		    "all modules were unsuccessful for %s()",
+		    pam_sm_func_name[primitive]);
+		err = PAM_SYSTEM_ERR;
+	}
+
 	RETURNC(err);
 }
 

lib/libpam/openpam_dlfunc.h

@@ -10,6 +10,9 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -22,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_DLFCN_H_INCLUDED

lib/libpam/openpam_dynamic.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_features.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2015 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -65,4 +63,9 @@ struct openpam_feature openpam_features[OPENPAM_NUM_FEATURES] = {
 	    "Verify ownership and permissions of module files",
 	    1
 	),
+	STRUCT_OPENPAM_FEATURE(
+	    FALLBACK_TO_OTHER,
+	    "Fall back to \"other\" policy for empty chains",
+	    1
+	),
 };

lib/libpam/openpam_features.h

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_FEATURES_H_INCLUDED

lib/libpam/openpam_findenv.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,14 +31,13 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
 #endif
 
+#include <errno.h>
 #include <string.h>
 
 #include <security/pam_appl.h>
@@ -59,12 +58,11 @@ openpam_findenv(pam_handle_t *pamh,
 	int i;
 
 	ENTER();
-	if (pamh == NULL)
-		RETURNN(-1);
 	for (i = 0; i < pamh->env_count; ++i)
 		if (strncmp(pamh->env[i], name, len) == 0 &&
 		    pamh->env[i][len] == '=')
 			RETURNN(i);
+	errno = ENOENT;
 	RETURNN(-1);
 }
 

lib/libpam/openpam_free_data.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_free_envlist.c

@@ -23,8 +23,6 @@
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_get_feature.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -50,7 +48,7 @@ openpam_get_feature(int feature, int *onoff)
 
 	ENTERF(feature);
 	if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_FEATURE);
 	*onoff = openpam_features[feature].onoff;
 	RETURNC(PAM_SUCCESS);
 }
@@ -58,7 +56,7 @@ openpam_get_feature(int feature, int *onoff)
 /*
  * Error codes:
  *
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_FEATURE
  */
 
 /**

lib/libpam/openpam_get_option.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_impl.h

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_IMPL_H_INCLUDED
@@ -130,19 +128,28 @@ struct pam_handle {
 /*
  * Internal functions
  */
-int		 openpam_configure(pam_handle_t *, const char *);
-int		 openpam_dispatch(pam_handle_t *, int, int);
-int		 openpam_findenv(pam_handle_t *, const char *, size_t);
-pam_module_t	*openpam_load_module(const char *);
-void		 openpam_clear_chains(pam_chain_t **);
+int		 openpam_configure(pam_handle_t *, const char *)
+	OPENPAM_NONNULL((1));
+int		 openpam_dispatch(pam_handle_t *, int, int)
+	OPENPAM_NONNULL((1));
+int		 openpam_findenv(pam_handle_t *, const char *, size_t)
+	OPENPAM_NONNULL((1,2));
+pam_module_t	*openpam_load_module(const char *)
+	OPENPAM_NONNULL((1));
+void		 openpam_clear_chains(pam_chain_t **)
+	OPENPAM_NONNULL((1));
 
-int		 openpam_check_desc_owner_perms(const char *, int);
-int		 openpam_check_path_owner_perms(const char *);
+int		 openpam_check_desc_owner_perms(const char *, int)
+	OPENPAM_NONNULL((1));
+int		 openpam_check_path_owner_perms(const char *)
+	OPENPAM_NONNULL((1));
 
 #ifdef OPENPAM_STATIC_MODULES
-pam_module_t	*openpam_static(const char *);
+pam_module_t	*openpam_static(const char *)
+	OPENPAM_NONNULL((1));
 #endif
-pam_module_t	*openpam_dynamic(const char *);
+pam_module_t	*openpam_dynamic(const char *)
+	OPENPAM_NONNULL((1));
 
 #define	FREE(p)					\
 	do {					\
@@ -152,11 +159,11 @@ pam_module_t	*openpam_dynamic(const char *);
 
 #define FREEV(c, v)				\
 	do {					\
-		while (c) {			\
-			--(c);			\
-			FREE((v)[(c)]);		\
+		if ((v) != NULL) {		\
+			while ((c)-- > 0)	\
+				FREE((v)[(c)]);	\
+			FREE(v);		\
 		}				\
-		FREE(v);			\
 	} while (0)
 
 #include "openpam_constants.h"

lib/libpam/openpam_load.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2013 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -84,6 +82,7 @@ openpam_load_module(const char *modulename)
 static void
 openpam_release_module(pam_module_t *module)
 {
+
 	if (module == NULL)
 		return;
 	if (module->dlh == NULL)
@@ -104,6 +103,7 @@ openpam_release_module(pam_module_t *module)
 static void
 openpam_destroy_chain(pam_chain_t *chain)
 {
+
 	if (chain == NULL)
 		return;
 	openpam_destroy_chain(chain->next);

lib/libpam/openpam_log.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_nullconv.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_readline.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_readlinev.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2016 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -59,7 +57,6 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 	wordvsize = MIN_WORDV_SIZE;
 	wordvlen = 0;
 	if ((wordv = malloc(wordvsize * sizeof *wordv)) == NULL) {
-		openpam_log(PAM_LOG_ERROR, "malloc(): %m");
 		errno = ENOMEM;
 		return (NULL);
 	}
@@ -70,7 +67,6 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 			wordvsize *= 2;
 			tmp = realloc(wordv, wordvsize * sizeof *wordv);
 			if (tmp == NULL) {
-				openpam_log(PAM_LOG_ERROR, "malloc(): %m");
 				errno = ENOMEM;
 				break;
 			}
@@ -79,6 +75,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 		/* insert our word */
 		wordv[wordvlen++] = word;
 		wordv[wordvlen] = NULL;
+		word = NULL;
 	}
 	if (errno != 0) {
 		/* I/O error or out of memory */
@@ -86,6 +83,7 @@ openpam_readlinev(FILE *f, int *lineno, int *lenp)
 		while (wordvlen--)
 			free(wordv[wordvlen]);
 		free(wordv);
+		free(word);
 		errno = serrno;
 		return (NULL);
 	}

lib/libpam/openpam_readword.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -55,18 +53,35 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 {
 	char *word;
 	size_t size, len;
-	int ch, comment, escape, quote;
+	int ch, escape, quote;
 	int serrno;
 
 	errno = 0;
 
 	/* skip initial whitespace */
-	comment = 0;
-	while ((ch = getc(f)) != EOF && ch != '\n') {
-		if (ch == '#')
-			comment = 1;
-		if (!is_lws(ch) && !comment)
+	escape = quote = 0;
+	while ((ch = getc(f)) != EOF) {
+		if (ch == '\n') {
+			/* either EOL or line continuation */
+			if (!escape)
+				break;
+			if (lineno != NULL)
+				++*lineno;
+			escape = 0;
+		} else if (escape) {
+			/* escaped something else */
 			break;
+		} else if (ch == '#') {
+			/* comment: until EOL, no continuation */
+			while ((ch = getc(f)) != EOF)
+				if (ch == '\n')
+					break;
+			break;
+		} else if (ch == '\\') {
+			escape = 1;
+		} else if (!is_ws(ch)) {
+			break;
+		}
 	}
 	if (ch == EOF)
 		return (NULL);
@@ -76,7 +91,6 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 
 	word = NULL;
 	size = len = 0;
-	escape = quote = 0;
 	while ((ch = fgetc(f)) != EOF && (!is_ws(ch) || quote || escape)) {
 		if (ch == '\\' && !escape && quote != '\'') {
 			/* escape next character */
@@ -90,7 +104,7 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 		} else if (ch == quote && !escape) {
 			/* end quote */
 			quote = 0;
-		} else if (ch == '\n' && escape && quote != '\'') {
+		} else if (ch == '\n' && escape) {
 			/* line continuation */
 			escape = 0;
 		} else {
@@ -118,7 +132,6 @@ openpam_readword(FILE *f, int *lineno, size_t *lenp)
 	}
 	if (ch == EOF && (escape || quote)) {
 		/* Missing escaped character or closing quote. */
-		openpam_log(PAM_LOG_ERROR, "unexpected end of file");
 		free(word);
 		errno = EINVAL;
 		return (NULL);

lib/libpam/openpam_restore_cred.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_set_feature.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2012-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -50,7 +48,7 @@ openpam_set_feature(int feature, int onoff)
 
 	ENTERF(feature);
 	if (feature < 0 || feature >= OPENPAM_NUM_FEATURES)
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_FEATURE);
 	openpam_features[feature].onoff = onoff;
 	RETURNC(PAM_SUCCESS);
 }
@@ -58,7 +56,7 @@ openpam_set_feature(int feature, int onoff)
 /*
  * Error codes:
  *
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_FEATURE
  */
 
 /**

lib/libpam/openpam_set_option.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2023 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -85,6 +83,7 @@ openpam_set_option(pam_handle_t *pamh,
 		for (free(cur->optv[i]); i < cur->optc; ++i)
 			cur->optv[i] = cur->optv[i + 1];
 		cur->optv[i] = NULL;
+		--cur->optc;
 		RETURNC(PAM_SUCCESS);
 	}
 	if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0)

lib/libpam/openpam_static.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_straddch.c

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -58,7 +56,6 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
 		/* initial allocation */
 		tmpsize = MIN_STR_SIZE;
 		if ((tmpstr = malloc(tmpsize)) == NULL) {
-			openpam_log(PAM_LOG_ERROR, "malloc(): %m");
 			errno = ENOMEM;
 			return (-1);
 		}
@@ -69,7 +66,6 @@ openpam_straddch(char **str, size_t *size, size_t *len, int ch)
 		/* additional space required */
 		tmpsize = *size * 2;
 		if ((tmpstr = realloc(*str, tmpsize)) == NULL) {
-			openpam_log(PAM_LOG_ERROR, "realloc(): %m");
 			errno = ENOMEM;
 			return (-1);
 		}

lib/libpam/openpam_strlcat.c

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_strlcat.h

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_STRLCAT_H_INCLUDED

lib/libpam/openpam_strlcmp.h

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_STRLCMP_H_INCLUDED

lib/libpam/openpam_strlcpy.c

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_strlcpy.h

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_STRLCPY_H_INCLUDED

lib/libpam/openpam_strlset.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2012 Dag-Erling Smørgrav
+ * Copyright (c) 2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,59 +25,32 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
-#ifndef T_H_INCLUDED
-#define T_H_INCLUDED
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
 
-#include <security/openpam_attr.h>
+#ifndef HAVE_STRLSET
 
-struct t_test {
-	int (*func)(void *);
-	const char *desc;
-	void *arg;
-};
+#include <stddef.h>
 
-#define T_FUNC(n, d)				\
-	static int t_ ## n ## _func(void *);	\
-	static const struct t_test t_ ## n =	\
-	    { t_ ## n ## _func, d, NULL };	\
-	static int t_ ## n ## _func(OPENPAM_UNUSED(void *arg))
-
-#define T_FUNC_ARG(n, d, a)			\
-	static int t_ ## n ## _func(void *);	\
-	static const struct t_test t_ ## n =	\
-	    { t_ ## n ## _func, d, a };		\
-	static int t_ ## n ## _func(void *arg)
-
-#define T(n)					\
-	&t_ ## n
-
-extern const char *t_progname;
-
-const struct t_test **t_prepare(int, char **);
-void t_cleanup(void);
-
-void t_verbose(const char *, ...)
-	OPENPAM_FORMAT((__printf__, 1, 2));
+#include "openpam_strlset.h"
 
 /*
- * Convenience functions for temp files
+ * like memset(3), but stops at the first NUL byte and NUL-terminates the
+ * result.  Returns the number of bytes that were written, not including
+ * the terminating NUL.
  */
-struct t_file {
-	char *name;
-	FILE *file;
-	struct t_file *prev, *next;
-};
+size_t
+openpam_strlset(char *str, int ch, size_t size)
+{
+	size_t len;
 
-struct t_file *t_fopen(const char *);
-int t_fprintf(struct t_file *, const char *, ...);
-int t_ferror(struct t_file *);
-int t_feof(struct t_file *);
-void t_frewind(struct t_file *);
-void t_fclose(struct t_file *);
-void t_fcloseall(void);
+	for (len = 0; *str && size > 1; ++len, --size)
+		*str++ = ch;
+	*str = '\0';
+	return (++len);
+}
 
 #endif

lib/libpam/openpam_strlset.h

@@ -0,0 +1,39 @@
+/*-
+ * Copyright (c) 2014 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef OPENPAM_STRLSET_H_INCLUDED
+#define OPENPAM_STRLSET_H_INCLUDED
+
+#ifndef HAVE_STRLSET
+size_t openpam_strlset(char *, int, size_t);
+#undef strlset
+#define strlset(arg, ...) openpam_strlset(arg, __VA_ARGS__)
+#endif
+
+#endif

lib/libpam/openpam_subst.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2011 Dag-Erling Smørgrav
+ * Copyright (c) 2011-2023 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -106,7 +104,8 @@ openpam_subst(const pam_handle_t *pamh,
 				subst_char('%');
 				subst_char(*template);
 			}
-			++template;
+			if (*template)
+				++template;
 		} else {
 			subst_char(*template++);
 		}

lib/libpam/openpam_ttyconv.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2014 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -55,10 +53,11 @@
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
+#include "openpam_strlset.h"
 
 int openpam_ttyconv_timeout = 0;
 
-volatile sig_atomic_t caught_signal;
+static volatile sig_atomic_t caught_signal;
 
 /*
  * Handle incoming signals during tty conversation
@@ -93,12 +92,6 @@ prompt_tty(int ifd, int ofd, const char *message, char *response, int echo)
 	int pos, ret;
 	char ch;
 
-	/* write prompt */
-	if (write(ofd, message, strlen(message)) < 0) {
-		openpam_log(PAM_LOG_ERROR, "write(): %m");
-		return (-1);
-	}
-
 	/* turn echo off if requested */
 	slflag = 0; /* prevent bogus uninitialized variable warning */
 	if (!echo) {
@@ -114,6 +107,12 @@ prompt_tty(int ifd, int ofd, const char *message, char *response, int echo)
 		}
 	}
 
+	/* write prompt */
+	if (write(ofd, message, strlen(message)) < 0) {
+		openpam_log(PAM_LOG_ERROR, "write(): %m");
+		return (-1);
+	}
+
 	/* install signal handlers */
 	caught_signal = 0;
 	action.sa_handler = &catch_signal;
@@ -366,7 +365,7 @@ openpam_ttyconv(int n,
 fail:
 	for (i = 0; i < n; ++i) {
 		if (aresp[i].resp != NULL) {
-			memset(aresp[i].resp, 0, strlen(aresp[i].resp));
+			strlset(aresp[i].resp, 0, PAM_MAX_RESP_SIZE);
 			FREE(aresp[i].resp);
 		}
 	}

lib/libpam/openpam_vasprintf.c

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/openpam_vasprintf.h

@@ -25,8 +25,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifndef OPENPAM_VASPRINTF_H_INCLUDED

lib/libpam/pam_acct_mgmt.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/pam_authenticate.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,7 +58,7 @@ pam_authenticate(pam_handle_t *pamh,
 
 	ENTER();
 	if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK))
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_CONSTANT);
 	r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags);
 	pam_set_item(pamh, PAM_AUTHTOK, NULL);
 	RETURNC(r);
@@ -72,7 +70,7 @@ pam_authenticate(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_authenticate
  *	!PAM_IGNORE
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_CONSTANT
  */
 
 /**
@@ -92,5 +90,5 @@ pam_authenticate(pam_handle_t *pamh,
  *		Fail if the user's authentication token is null.
  *
  * If any other bits are set, =pam_authenticate will return
- * =PAM_SYMBOL_ERR.
+ * =PAM_BAD_CONSTANT.
  */

lib/libpam/pam_authenticate_secondary.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/pam_chauthtok.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,7 +58,7 @@ pam_chauthtok(pam_handle_t *pamh,
 
 	ENTER();
 	if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK))
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_CONSTANT);
 	r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
 	    flags | PAM_PRELIM_CHECK);
 	if (r == PAM_SUCCESS)
@@ -77,7 +75,7 @@ pam_chauthtok(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_chauthtok
  *	!PAM_IGNORE
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_CONSTANT
  */
 
 /**
@@ -93,5 +91,5 @@ pam_chauthtok(pam_handle_t *pamh,
  *	=PAM_CHANGE_EXPIRED_AUTHTOK:
  *		Change only those authentication tokens that have expired.
  *
- * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR.
+ * If any other bits are set, =pam_chauthtok will return =PAM_BAD_CONSTANT.
  */

lib/libpam/pam_close_session.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,7 +58,7 @@ pam_close_session(pam_handle_t *pamh,
 
 	ENTER();
 	if (flags & ~(PAM_SILENT))
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_CONSTANT);
 	r = openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags);
 	RETURNC(r);
 }
@@ -71,7 +69,7 @@ pam_close_session(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_close_session
  *	!PAM_IGNORE
- *	PAM_SYMBOL_ERR
+ *	PAM_BAD_CONSTANT
  */
 
 /**
@@ -85,5 +83,5 @@ pam_close_session(pam_handle_t *pamh,
  *		Do not emit any messages.
  *
  * If any other bits are set, =pam_close_session will return
- * =PAM_SYMBOL_ERR.
+ * =PAM_BAD_CONSTANT.
  */

lib/libpam/pam_end.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -61,7 +59,7 @@ pam_end(pam_handle_t *pamh,
 
 	ENTER();
 	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
+		RETURNC(PAM_BAD_HANDLE);
 
 	/* clear module data */
 	while ((dp = pamh->module_data) != NULL) {
@@ -94,7 +92,7 @@ pam_end(pam_handle_t *pamh,
 /*
  * Error codes:
  *
- *	PAM_SYSTEM_ERR
+ *	PAM_BAD_HANDLE
  */
 
 /**

lib/libpam/pam_error.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/pam_get_authtok.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -48,6 +46,7 @@
 #include <security/openpam.h>
 
 #include "openpam_impl.h"
+#include "openpam_strlset.h"
 
 static const char authtok_prompt[] = "Password:";
 static const char authtok_prompt_remote[] = "Password for %u@%h:";
@@ -75,8 +74,6 @@ pam_get_authtok(pam_handle_t *pamh,
 	int pitem, r, style, twice;
 
 	ENTER();
-	if (pamh == NULL || authtok == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	*authtok = NULL;
 	twice = 0;
 	switch (item) {
@@ -105,7 +102,7 @@ pam_get_authtok(pam_handle_t *pamh,
 		twice = 0;
 		break;
 	default:
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_CONSTANT);
 	}
 	if (openpam_get_option(pamh, "try_first_pass") ||
 	    openpam_get_option(pamh, "use_first_pass")) {
@@ -121,9 +118,11 @@ pam_get_authtok(pam_handle_t *pamh,
 	if ((promptp = openpam_get_option(pamh, prompt_option)) != NULL)
 		prompt = promptp;
 	/* no prompt provided, see if there is one tucked away somewhere */
-	if (prompt == NULL)
-		if (pam_get_item(pamh, pitem, &promptp) && promptp != NULL)
+	if (prompt == NULL) {
+		r = pam_get_item(pamh, pitem, &promptp);
+		if (r == PAM_SUCCESS && promptp != NULL)
 			prompt = promptp;
+	}
 	/* fall back to hardcoded default */
 	if (prompt == NULL)
 		prompt = default_prompt;
@@ -140,16 +139,21 @@ pam_get_authtok(pam_handle_t *pamh,
 	if (twice) {
 		r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
 		if (r != PAM_SUCCESS) {
+			strlset(resp, 0, PAM_MAX_RESP_SIZE);
 			FREE(resp);
 			RETURNC(r);
 		}
-		if (strcmp(resp, resp2) != 0)
+		if (strcmp(resp, resp2) != 0) {
+			strlset(resp, 0, PAM_MAX_RESP_SIZE);
 			FREE(resp);
+		}
+		strlset(resp2, 0, PAM_MAX_RESP_SIZE);
 		FREE(resp2);
 	}
 	if (resp == NULL)
 		RETURNC(PAM_TRY_AGAIN);
 	r = pam_set_item(pamh, item, resp);
+	strlset(resp, 0, PAM_MAX_RESP_SIZE);
 	FREE(resp);
 	if (r != PAM_SUCCESS)
 		RETURNC(r);
@@ -164,6 +168,7 @@ pam_get_authtok(pam_handle_t *pamh,
  *	=pam_prompt
  *	=pam_set_item
  *	!PAM_SYMBOL_ERR
+ *	PAM_BAD_CONSTANT
  *	PAM_TRY_AGAIN
  */
 

lib/libpam/pam_get_data.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -60,8 +58,6 @@ pam_get_data(const pam_handle_t *pamh,
 	pam_data_t *dp;
 
 	ENTERS(module_data_name);
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	for (dp = pamh->module_data; dp != NULL; dp = dp->next) {
 		if (strcmp(dp->name, module_data_name) == 0) {
 			*data = (void *)dp->data;
@@ -74,7 +70,6 @@ pam_get_data(const pam_handle_t *pamh,
 /*
  * Error codes:
  *
- *	PAM_SYSTEM_ERR
  *	PAM_NO_MODULE_DATA
  */
 

lib/libpam/pam_get_item.c

@@ -1,6 +1,6 @@
 /*-
  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
- * Copyright (c) 2004-2011 Dag-Erling Smørgrav
+ * Copyright (c) 2004-2017 Dag-Erling Smørgrav
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H
@@ -59,8 +57,6 @@ pam_get_item(const pam_handle_t *pamh,
 {
 
 	ENTERI(item_type);
-	if (pamh == NULL)
-		RETURNC(PAM_SYSTEM_ERR);
 	switch (item_type) {
 	case PAM_SERVICE:
 	case PAM_USER:
@@ -78,15 +74,14 @@ pam_get_item(const pam_handle_t *pamh,
 		*item = pamh->item[item_type];
 		RETURNC(PAM_SUCCESS);
 	default:
-		RETURNC(PAM_SYMBOL_ERR);
+		RETURNC(PAM_BAD_ITEM);
 	}
 }
 
 /*
  * Error codes:
  *
- *	PAM_SYMBOL_ERR
- *	PAM_SYSTEM_ERR
+ *	PAM_BAD_ITEM
  */
 
 /**

lib/libpam/pam_get_mapped_authtok.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H

lib/libpam/pam_get_mapped_username.c

@@ -31,8 +31,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id$
  */
 
 #ifdef HAVE_CONFIG_H