summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2002-02-23 01:22:51 +0000
committerdes <des@FreeBSD.org>2002-02-23 01:22:51 +0000
commit8e998796e70b51bb93d361dfbb025152bd686894 (patch)
tree243aca60563786e2294665fe43625ee63617ca3c
downloadFreeBSD-src-8e998796e70b51bb93d361dfbb025152bd686894.zip
FreeBSD-src-8e998796e70b51bb93d361dfbb025152bd686894.tar.gz
Vendor import of OpenPAM Calamite
-rw-r--r--contrib/openpam/HISTORY6
-rw-r--r--contrib/openpam/INSTALL25
-rw-r--r--contrib/openpam/LICENSE34
-rw-r--r--contrib/openpam/MANIFEST87
-rw-r--r--contrib/openpam/Makefile43
-rw-r--r--contrib/openpam/README30
-rw-r--r--contrib/openpam/RELNOTES16
-rw-r--r--contrib/openpam/bin/Makefile40
-rw-r--r--contrib/openpam/bin/su/Makefile44
-rw-r--r--contrib/openpam/bin/su/su.c144
-rw-r--r--contrib/openpam/doc/Makefile40
-rw-r--r--contrib/openpam/doc/man/Makefile65
-rw-r--r--contrib/openpam/doc/man/pam.3160
-rw-r--r--contrib/openpam/doc/man/pam_acct_mgmt.373
-rw-r--r--contrib/openpam/doc/man/pam_authenticate.373
-rw-r--r--contrib/openpam/doc/man/pam_chauthtok.373
-rw-r--r--contrib/openpam/doc/man/pam_close_session.373
-rw-r--r--contrib/openpam/doc/man/pam_end.373
-rw-r--r--contrib/openpam/doc/man/pam_error.373
-rw-r--r--contrib/openpam/doc/man/pam_get_authtok.373
-rw-r--r--contrib/openpam/doc/man/pam_get_data.373
-rw-r--r--contrib/openpam/doc/man/pam_get_item.373
-rw-r--r--contrib/openpam/doc/man/pam_get_user.373
-rw-r--r--contrib/openpam/doc/man/pam_getenv.373
-rw-r--r--contrib/openpam/doc/man/pam_getenvlist.373
-rw-r--r--contrib/openpam/doc/man/pam_info.373
-rw-r--r--contrib/openpam/doc/man/pam_open_session.373
-rw-r--r--contrib/openpam/doc/man/pam_prompt.373
-rw-r--r--contrib/openpam/doc/man/pam_putenv.373
-rw-r--r--contrib/openpam/doc/man/pam_set_data.373
-rw-r--r--contrib/openpam/doc/man/pam_set_item.373
-rw-r--r--contrib/openpam/doc/man/pam_setcred.373
-rw-r--r--contrib/openpam/doc/man/pam_setenv.373
-rw-r--r--contrib/openpam/doc/man/pam_start.373
-rw-r--r--contrib/openpam/doc/man/pam_strerror.373
-rw-r--r--contrib/openpam/doc/man/pam_verror.373
-rw-r--r--contrib/openpam/doc/man/pam_vinfo.373
-rw-r--r--contrib/openpam/doc/man/pam_vprompt.373
-rw-r--r--contrib/openpam/include/security/openpam.h210
-rw-r--r--contrib/openpam/include/security/pam_appl.h180
-rw-r--r--contrib/openpam/include/security/pam_constants.h128
-rw-r--r--contrib/openpam/include/security/pam_modules.h148
-rw-r--r--contrib/openpam/include/security/pam_types.h76
-rw-r--r--contrib/openpam/lib/Makefile85
-rw-r--r--contrib/openpam/lib/openpam_dispatch.c203
-rw-r--r--contrib/openpam/lib/openpam_findenv.c62
-rw-r--r--contrib/openpam/lib/openpam_impl.h106
-rw-r--r--contrib/openpam/lib/openpam_load.c227
-rw-r--r--contrib/openpam/lib/openpam_log.c117
-rw-r--r--contrib/openpam/lib/openpam_ttyconv.c131
-rw-r--r--contrib/openpam/lib/pam_acct_mgmt.c56
-rw-r--r--contrib/openpam/lib/pam_authenticate.c56
-rw-r--r--contrib/openpam/lib/pam_authenticate_secondary.c50
-rw-r--r--contrib/openpam/lib/pam_chauthtok.c56
-rw-r--r--contrib/openpam/lib/pam_close_session.c56
-rw-r--r--contrib/openpam/lib/pam_end.c84
-rw-r--r--contrib/openpam/lib/pam_error.c64
-rw-r--r--contrib/openpam/lib/pam_get_authtok.c75
-rw-r--r--contrib/openpam/lib/pam_get_data.c67
-rw-r--r--contrib/openpam/lib/pam_get_item.c74
-rw-r--r--contrib/openpam/lib/pam_get_mapped_authtok.c49
-rw-r--r--contrib/openpam/lib/pam_get_mapped_username.c50
-rw-r--r--contrib/openpam/lib/pam_get_user.c76
-rw-r--r--contrib/openpam/lib/pam_getenv.c67
-rw-r--r--contrib/openpam/lib/pam_getenvlist.c70
-rw-r--r--contrib/openpam/lib/pam_info.c64
-rw-r--r--contrib/openpam/lib/pam_open_session.c56
-rw-r--r--contrib/openpam/lib/pam_prompt.c62
-rw-r--r--contrib/openpam/lib/pam_putenv.c88
-rw-r--r--contrib/openpam/lib/pam_set_data.c83
-rw-r--r--contrib/openpam/lib/pam_set_item.c95
-rw-r--r--contrib/openpam/lib/pam_set_mapped_authtok.c49
-rw-r--r--contrib/openpam/lib/pam_set_mapped_username.c50
-rw-r--r--contrib/openpam/lib/pam_setcred.c56
-rw-r--r--contrib/openpam/lib/pam_setenv.c79
-rw-r--r--contrib/openpam/lib/pam_start.c292
-rw-r--r--contrib/openpam/lib/pam_strerror.c123
-rw-r--r--contrib/openpam/lib/pam_verror.c60
-rw-r--r--contrib/openpam/lib/pam_vinfo.c60
-rw-r--r--contrib/openpam/lib/pam_vprompt.c74
-rw-r--r--contrib/openpam/modules/Makefile42
-rw-r--r--contrib/openpam/modules/pam_deny/Makefile42
-rw-r--r--contrib/openpam/modules/pam_deny/pam_deny.c89
-rw-r--r--contrib/openpam/modules/pam_dummy/Makefile42
-rw-r--r--contrib/openpam/modules/pam_dummy/pam_dummy.c48
-rw-r--r--contrib/openpam/modules/pam_permit/Makefile42
-rw-r--r--contrib/openpam/modules/pam_permit/pam_permit.c89
87 files changed, 6867 insertions, 0 deletions
diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY
new file mode 100644
index 0000000..58ba3c8
--- /dev/null
+++ b/contrib/openpam/HISTORY
@@ -0,0 +1,6 @@
+============================================================================
+OpenPAM Calamite 2002-02-09
+
+First (beta) release.
+============================================================================
+$Id$
diff --git a/contrib/openpam/INSTALL b/contrib/openpam/INSTALL
new file mode 100644
index 0000000..96d8067
--- /dev/null
+++ b/contrib/openpam/INSTALL
@@ -0,0 +1,25 @@
+
+ Installing OpenPAM
+ ==================
+
+1. REQUIREMENTS
+
+ This release of OpenPAM is targeted at FreeBSD-CURRENT, and has not
+ been tested on other platforms. It should, however, build with
+ little or no trouble other BSDs such as BSDI, Darwin, NetBSD or
+ OpenBSD, and should not prove much of a challenge to port to other
+ platforms, except for the static linking support.
+
+2. CONFIGURATION
+
+ No configuration is necessary or possible at this time.
+
+3. COMPILATION
+
+ Change into the top-level OpenPAM directory and run 'make'.
+
+4. INSTALLATION
+
+ Change into the top-level OpenPAM directory and run 'make install'.
+
+$Id$
diff --git a/contrib/openpam/LICENSE b/contrib/openpam/LICENSE
new file mode 100644
index 0000000..c8076d1
--- /dev/null
+++ b/contrib/openpam/LICENSE
@@ -0,0 +1,34 @@
+
+Copyright (c) 2002 Networks Associates Technologies, Inc.
+All rights reserved.
+
+This software was developed for the FreeBSD Project by ThinkSec AS and
+NAI Labs, the Security Research Division of Network Associates, Inc.
+under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+DARPA CHATS research program.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. The name of the author may not be used to endorse or promote
+ products derived from this software without specific prior written
+ permission.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+$Id$
diff --git a/contrib/openpam/MANIFEST b/contrib/openpam/MANIFEST
new file mode 100644
index 0000000..9f973dd
--- /dev/null
+++ b/contrib/openpam/MANIFEST
@@ -0,0 +1,87 @@
+HISTORY
+INSTALL
+LICENSE
+MANIFEST
+Makefile
+README
+RELNOTES
+bin/Makefile
+bin/su/Makefile
+bin/su/su.c
+doc/Makefile
+doc/man/Makefile
+doc/man/pam.3
+doc/man/pam_acct_mgmt.3
+doc/man/pam_authenticate.3
+doc/man/pam_chauthtok.3
+doc/man/pam_close_session.3
+doc/man/pam_end.3
+doc/man/pam_error.3
+doc/man/pam_get_authtok.3
+doc/man/pam_get_data.3
+doc/man/pam_get_item.3
+doc/man/pam_get_user.3
+doc/man/pam_getenv.3
+doc/man/pam_getenvlist.3
+doc/man/pam_info.3
+doc/man/pam_open_session.3
+doc/man/pam_prompt.3
+doc/man/pam_putenv.3
+doc/man/pam_set_data.3
+doc/man/pam_set_item.3
+doc/man/pam_setcred.3
+doc/man/pam_setenv.3
+doc/man/pam_start.3
+doc/man/pam_strerror.3
+doc/man/pam_verror.3
+doc/man/pam_vinfo.3
+doc/man/pam_vprompt.3
+include/security/openpam.h
+include/security/pam_appl.h
+include/security/pam_constants.h
+include/security/pam_modules.h
+include/security/pam_types.h
+lib/Makefile
+lib/openpam_dispatch.c
+lib/openpam_findenv.c
+lib/openpam_impl.h
+lib/openpam_load.c
+lib/openpam_log.c
+lib/openpam_ttyconv.c
+lib/pam_acct_mgmt.c
+lib/pam_authenticate.c
+lib/pam_authenticate_secondary.c
+lib/pam_chauthtok.c
+lib/pam_close_session.c
+lib/pam_end.c
+lib/pam_error.c
+lib/pam_get_authtok.c
+lib/pam_get_data.c
+lib/pam_get_item.c
+lib/pam_get_mapped_authtok.c
+lib/pam_get_mapped_username.c
+lib/pam_get_user.c
+lib/pam_getenv.c
+lib/pam_getenvlist.c
+lib/pam_info.c
+lib/pam_open_session.c
+lib/pam_prompt.c
+lib/pam_putenv.c
+lib/pam_set_data.c
+lib/pam_set_item.c
+lib/pam_set_mapped_authtok.c
+lib/pam_set_mapped_username.c
+lib/pam_setcred.c
+lib/pam_setenv.c
+lib/pam_start.c
+lib/pam_strerror.c
+lib/pam_verror.c
+lib/pam_vinfo.c
+lib/pam_vprompt.c
+modules/Makefile
+modules/pam_deny/Makefile
+modules/pam_deny/pam_deny.c
+modules/pam_dummy/Makefile
+modules/pam_dummy/pam_dummy.c
+modules/pam_permit/Makefile
+modules/pam_permit/pam_permit.c
diff --git a/contrib/openpam/Makefile b/contrib/openpam/Makefile
new file mode 100644
index 0000000..7fa0b88
--- /dev/null
+++ b/contrib/openpam/Makefile
@@ -0,0 +1,43 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+SUBDIR =
+SUBDIR += modules
+SUBDIR += lib
+SUBDIR += bin
+SUBDIR += doc
+
+.include <bsd.subdir.mk>
diff --git a/contrib/openpam/README b/contrib/openpam/README
new file mode 100644
index 0000000..f32c8db
--- /dev/null
+++ b/contrib/openpam/README
@@ -0,0 +1,30 @@
+OpenPAM is an open source PAM library that focuses on simplicity,
+correctness, and cleanliness.
+
+OpenPAM aims to gather the best features of Solaris PAM, XSSO and
+Linux-PAM, plus some innovations of its own. In areas where these
+implementations disagree, OpenPAM tries to remain compatible with
+Solaris, at the expense of XSSO conformance and Linux-PAM
+compatibility.
+
+These are some of OpenPAM's features:
+
+ - Implements the complete PAM API as described in the original PAM
+ paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
+ except for mappings and secondary authentication.
+
+ - Extends the API with several useful and time-saving functions:
+ pam_error(), pam_get_authtok(), pam_info(), pam_prompt(),
+ pam_setenv(), pam_verror(), pam_vinfo(), pam_vprompt()
+
+ - Offers a number of time-saving convenience functions:
+ openpam_log(), openpam_ttyconv().
+
+ - Performs strict checking of return values from service modules.
+
+ - Reads configuration from /etc/pam.d/, /usr/local/etc/pam.d/ and
+ /etc/pam.conf, in that order; this will be made configurable in a
+ future release.Please direct bug reports and inquiries to
+ openpam@thinksec.com.
+
+$Id$
diff --git a/contrib/openpam/RELNOTES b/contrib/openpam/RELNOTES
new file mode 100644
index 0000000..9309bc6
--- /dev/null
+++ b/contrib/openpam/RELNOTES
@@ -0,0 +1,16 @@
+
+ Release notes for OpenPAM Calamite
+ ==================================
+
+This is a beta release.
+
+The library itself is mostly complete. Documentation exists in the
+form of skeletal man pages for the library itself, but no detailed
+documentation is provided in this release.
+
+This release is primarily intended for reviewers and developers
+interested in testing OpenPAM on FreeBSD. It has not been tested on
+any other OS, though it should build and run with minimal tweaks on
+NetBSD and OpenBSD.
+
+$Id$
diff --git a/contrib/openpam/bin/Makefile b/contrib/openpam/bin/Makefile
new file mode 100644
index 0000000..e12368d
--- /dev/null
+++ b/contrib/openpam/bin/Makefile
@@ -0,0 +1,40 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+SUBDIR =
+SUBDIR += su
+
+.include <bsd.subdir.mk>
diff --git a/contrib/openpam/bin/su/Makefile b/contrib/openpam/bin/su/Makefile
new file mode 100644
index 0000000..40533bb
--- /dev/null
+++ b/contrib/openpam/bin/su/Makefile
@@ -0,0 +1,44 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+PROG = su
+WARNS ?= 4
+CFLAGS += -I${.CURDIR}/../../include
+DPADD = ${.OBJDIR}/../../lib/libpam.so
+LDADD = -L${.OBJDIR}/../../lib -R${.OBJDIR}/../../lib -lpam
+NOMAN = YES
+
+.include <bsd.prog.mk>
diff --git a/contrib/openpam/bin/su/su.c b/contrib/openpam/bin/su/su.c
new file mode 100644
index 0000000..27b6002
--- /dev/null
+++ b/contrib/openpam/bin/su/su.c
@@ -0,0 +1,144 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+#include <sys/wait.h>
+
+#include <err.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+static pam_handle_t *pamh;
+static struct pam_conv pamc;
+
+static void
+usage(void)
+{
+
+ fprintf(stderr, "Usage: su [login [args]]\n");
+ exit(1);
+}
+
+static int
+check(const char *func, int pam_err)
+{
+
+ if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
+ return pam_err;
+ openlog("su", LOG_CONS, LOG_AUTH);
+ syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
+ errx(1, "Sorry.");
+}
+
+int
+main(int argc, char *argv[])
+{
+ char hostname[MAXHOSTNAMELEN];
+ const char *user, *tty;
+ struct passwd *pwd;
+ int o, status;
+ pid_t pid;
+
+ while ((o = getopt(argc, argv, "h")) != -1)
+ switch (o) {
+ case 'h':
+ default:
+ usage();
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ /* initialize PAM */
+ pamc.conv = &openpam_ttyconv;
+ pam_start("su", argc ? *argv : "root", &pamc, &pamh);
+
+ /* set some items */
+ gethostname(hostname, sizeof(hostname));
+ check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
+ user = getlogin();
+ check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
+ tty = ttyname(STDERR_FILENO);
+ check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
+
+ /* authenticate the applicant */
+ check("pam_authenticate", pam_authenticate(pamh, 0));
+ if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
+ PAM_NEW_AUTHTOK_REQD)
+ check("pam_chauthtok",
+ pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
+
+ /* establish the requested credentials */
+ check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
+
+ /* authentication succeeded; open a session */
+ check("pam_open_session", pam_open_session(pamh, 0));
+
+ if (initgroups(pwd->pw_name, pwd->pw_gid) == -1)
+ err(1, "initgroups()");
+ if (setuid(pwd->pw_uid) == -1)
+ err(1, "setuid()");
+
+ /* XXX export environment variables */
+
+ switch ((pid = fork())) {
+ case -1:
+ err(1, "fork()");
+ case 0:
+ /* child: start a shell */
+ *argv = pwd->pw_shell;
+ execvp(*argv, argv);
+ err(1, "execvp()");
+ default:
+ /* parent: wait for child to exit */
+ waitpid(pid, &status, 0);
+ if (WIFEXITED(status))
+ status = WEXITSTATUS(status);
+ else
+ status = 1;
+ }
+
+ /* close the session and release PAM resources */
+ check("pam_close_session", pam_close_session(pamh, 0));
+ check("pam_end", pam_end(pamh, 0));
+
+ exit(status);
+}
diff --git a/contrib/openpam/doc/Makefile b/contrib/openpam/doc/Makefile
new file mode 100644
index 0000000..2e2b09b
--- /dev/null
+++ b/contrib/openpam/doc/Makefile
@@ -0,0 +1,40 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+SUBDIR =
+SUBDIR += man
+
+.include <bsd.subdir.mk>
diff --git a/contrib/openpam/doc/man/Makefile b/contrib/openpam/doc/man/Makefile
new file mode 100644
index 0000000..f63e248
--- /dev/null
+++ b/contrib/openpam/doc/man/Makefile
@@ -0,0 +1,65 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+MAN =
+MAN += pam.3
+MAN += pam_acct_mgmt.3
+MAN += pam_authenticate.3
+MAN += pam_chauthtok.3
+MAN += pam_close_session.3
+MAN += pam_end.3
+MAN += pam_error.3
+MAN += pam_get_authtok.3
+MAN += pam_get_data.3
+MAN += pam_get_item.3
+MAN += pam_get_user.3
+MAN += pam_getenv.3
+MAN += pam_getenvlist.3
+MAN += pam_info.3
+MAN += pam_open_session.3
+MAN += pam_prompt.3
+MAN += pam_putenv.3
+MAN += pam_set_data.3
+MAN += pam_set_item.3
+MAN += pam_setcred.3
+MAN += pam_setenv.3
+MAN += pam_start.3
+MAN += pam_strerror.3
+MAN += pam_verror.3
+MAN += pam_vinfo.3
+MAN += pam_vprompt.3
+
+.include <bsd.prog.mk>
diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3
new file mode 100644
index 0000000..02141b1
--- /dev/null
+++ b/contrib/openpam/doc/man/pam.3
@@ -0,0 +1,160 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM 3
+.Os
+.Sh NAME
+.Nm pam_acct_mgmt ,
+.Nm pam_authenticate ,
+.Nm pam_chauthtok ,
+.Nm pam_close_session ,
+.Nm pam_end ,
+.Nm pam_error ,
+.Nm pam_get_authtok ,
+.Nm pam_get_data ,
+.Nm pam_get_item ,
+.Nm pam_get_user ,
+.Nm pam_getenv ,
+.Nm pam_getenvlist ,
+.Nm pam_info ,
+.Nm pam_open_session ,
+.Nm pam_prompt ,
+.Nm pam_putenv ,
+.Nm pam_set_data ,
+.Nm pam_set_item ,
+.Nm pam_setcred ,
+.Nm pam_setenv ,
+.Nm pam_start ,
+.Nm pam_strerror ,
+.Nm pam_verror ,
+.Nm pam_vinfo ,
+.Nm pam_vprompt
+.Nd Pluggable Authentication Modules Library
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags"
+.Ft int
+.Fn pam_authenticate "pam_handle_t *pamh" "int flags"
+.Ft int
+.Fn pam_chauthtok "pam_handle_t *pamh" "int flags"
+.Ft int
+.Fn pam_close_session "pam_handle_t *pamh" "int flags"
+.Ft int
+.Fn pam_end "pam_handle_t *pamh" "int status"
+.Ft int
+.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..."
+.Ft int
+.Fn pam_get_authtok "pam_handle_t *pamh" "const char **authtok" "const char *prompt"
+.Ft int
+.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "void **data"
+.Ft int
+.Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item"
+.Ft int
+.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt"
+.Ft char *
+.Fn pam_getenv "pam_handle_t *pamh" "const char *name"
+.Ft char **
+.Fn pam_getenvlist "pam_handle_t *pamh"
+.Ft int
+.Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..."
+.Ft int
+.Fn pam_open_session "pam_handle_t *pamh" "int flags"
+.Ft int
+.Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..."
+.Ft int
+.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue"
+.Ft int
+.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)"
+.Ft int
+.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item"
+.Ft int
+.Fn pam_setcred "pam_handle_t *pamh" "int flags"
+.Ft int
+.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite"
+.Ft int
+.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh"
+.Ft const char *
+.Fn pam_strerror "pam_handle_t *pamh" "int error_number"
+.Ft int
+.Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap"
+.Ft int
+.Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap"
+.Ft int
+.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap"
+.Sh DESCRIPTION
+.Sh RETURN VALUES
+.Sh SEE ALSO
+.Xr pam_acct_mgmt 3 ,
+.Xr pam_authenticate 3 ,
+.Xr pam_chauthtok 3 ,
+.Xr pam_close_session 3 ,
+.Xr pam_end 3 ,
+.Xr pam_error 3 ,
+.Xr pam_get_authtok 3 ,
+.Xr pam_get_data 3 ,
+.Xr pam_get_item 3 ,
+.Xr pam_get_user 3 ,
+.Xr pam_getenv 3 ,
+.Xr pam_getenvlist 3 ,
+.Xr pam_info 3 ,
+.Xr pam_open_session 3 ,
+.Xr pam_prompt 3 ,
+.Xr pam_putenv 3 ,
+.Xr pam_set_data 3 ,
+.Xr pam_set_item 3 ,
+.Xr pam_setcred 3 ,
+.Xr pam_setenv 3 ,
+.Xr pam_start 3 ,
+.Xr pam_strerror 3 ,
+.Xr pam_verror 3 ,
+.Xr pam_vinfo 3 ,
+.Xr pam_vprompt 3 ,
+.Xr pam.conf 5
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The OpenPAM library and this manual page were developed for the
+FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
+Division of Network Associates, Inc. under DARPA/SPAWAR contract
+N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3
new file mode 100644
index 0000000..88b54f6
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_acct_mgmt.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_ACCT_MGMT 3
+.Os
+.Sh NAME
+.Nm pam_acct_mgmt
+.Nd perform PAM account validation procedures
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3
new file mode 100644
index 0000000..1885376
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_authenticate.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_AUTHENTICATE 3
+.Os
+.Sh NAME
+.Nm pam_authenticate
+.Nd perform authentication within the PAM framework
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_authenticate "pam_handle_t *pamh" "int flags"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3
new file mode 100644
index 0000000..a287f38
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_chauthtok.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_CHAUTHTOK 3
+.Os
+.Sh NAME
+.Nm pam_chauthtok
+.Nd perform password related functions within the PAM framework
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_chauthtok "pam_handle_t *pamh" "int flags"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3
new file mode 100644
index 0000000..ba91ab3
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_close_session.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_CLOSE_SESSION 3
+.Os
+.Sh NAME
+.Nm pam_close_session
+.Nd close an existing user session
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_close_session "pam_handle_t *pamh" "int flags"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3
new file mode 100644
index 0000000..141aa83
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_end.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_END 3
+.Os
+.Sh NAME
+.Nm pam_end
+.Nd terminate the PAM transaction
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_end "pam_handle_t *pamh" "int status"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3
new file mode 100644
index 0000000..f0216f1
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_error.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_ERROR 3
+.Os
+.Sh NAME
+.Nm pam_error
+.Nd display an error message
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..."
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3
new file mode 100644
index 0000000..3bfb70d
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_get_authtok.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_GET_AUTHTOK 3
+.Os
+.Sh NAME
+.Nm pam_get_authtok
+.Nd retrieve authentication token
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_get_authtok "pam_handle_t *pamh" "const char **authtok" "const char *prompt"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3
new file mode 100644
index 0000000..b622f38
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_get_data.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_GET_DATA 3
+.Os
+.Sh NAME
+.Nm pam_get_data
+.Nd get module information
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "void **data"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3
new file mode 100644
index 0000000..3f337fd
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_get_item.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_GET_ITEM 3
+.Os
+.Sh NAME
+.Nm pam_get_item
+.Nd get PAM information
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3
new file mode 100644
index 0000000..8d8fa30
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_get_user.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_GET_USER 3
+.Os
+.Sh NAME
+.Nm pam_get_user
+.Nd retrieve user name
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3
new file mode 100644
index 0000000..dd0359d
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_getenv.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_GETENV 3
+.Os
+.Sh NAME
+.Nm pam_getenv
+.Nd retrieve the value of a PAM environment variable
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft char *
+.Fn pam_getenv "pam_handle_t *pamh" "const char *name"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3
new file mode 100644
index 0000000..2fc85e2
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_getenvlist.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_GETENVLIST 3
+.Os
+.Sh NAME
+.Nm pam_getenvlist
+.Nd returns a list of all the PAM environment variables
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft char **
+.Fn pam_getenvlist "pam_handle_t *pamh"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3
new file mode 100644
index 0000000..573a8a1
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_info.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_INFO 3
+.Os
+.Sh NAME
+.Nm pam_info
+.Nd display an information message
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..."
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3
new file mode 100644
index 0000000..3db2b16
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_open_session.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_OPEN_SESSION 3
+.Os
+.Sh NAME
+.Nm pam_open_session
+.Nd open a user session
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_open_session "pam_handle_t *pamh" "int flags"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3
new file mode 100644
index 0000000..e3ebef8
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_prompt.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_PROMPT 3
+.Os
+.Sh NAME
+.Nm pam_prompt
+.Nd call the conversation function
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..."
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3
new file mode 100644
index 0000000..7193b96
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_putenv.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_PUTENV 3
+.Os
+.Sh NAME
+.Nm pam_putenv
+.Nd set the value of an environment variable
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3
new file mode 100644
index 0000000..b179cb9
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_set_data.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_SET_DATA 3
+.Os
+.Sh NAME
+.Nm pam_set_data
+.Nd set module information
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3
new file mode 100644
index 0000000..eb45705
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_set_item.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_SET_ITEM 3
+.Os
+.Sh NAME
+.Nm pam_set_item
+.Nd set authentication information
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3
new file mode 100644
index 0000000..65913c5
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_setcred.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_SETCRED 3
+.Os
+.Sh NAME
+.Nm pam_setcred
+.Nd modify / delete user credentials for an authentication service
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_setcred "pam_handle_t *pamh" "int flags"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3
new file mode 100644
index 0000000..c2425e3
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_setenv.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_SETENV 3
+.Os
+.Sh NAME
+.Nm pam_setenv
+.Nd mirrors setenv(3)
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3
new file mode 100644
index 0000000..3eb5212
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_start.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_START 3
+.Os
+.Sh NAME
+.Nm pam_start
+.Nd initiate a PAM transaction
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3
new file mode 100644
index 0000000..55e1e82
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_strerror.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_STRERROR 3
+.Os
+.Sh NAME
+.Nm pam_strerror
+.Nd get PAM standard error message string
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft const char *
+.Fn pam_strerror "pam_handle_t *pamh" "int error_number"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3
new file mode 100644
index 0000000..eb74d4d
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_verror.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_VERROR 3
+.Os
+.Sh NAME
+.Nm pam_verror
+.Nd display an error message
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3
new file mode 100644
index 0000000..bbd7efb
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_vinfo.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_VINFO 3
+.Os
+.Sh NAME
+.Nm pam_vinfo
+.Nd display an information message
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3
new file mode 100644
index 0000000..e6e29a3
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_vprompt.3
@@ -0,0 +1,73 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" NAI Labs, the Security Research Division of Network Associates, Inc.
+.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\" products derived from this software without specific prior written
+.\" permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id$
+.\"
+.Dd February 9, 2002
+.Dt PAM_VPROMPT 3
+.Os
+.Sh NAME
+.Nm pam_vprompt
+.Nd call the conversation function
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Ft int
+.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap"
+.Sh DESCRIPTION
+The
+.Nm
+function is not yet documented.
+.Sh RETURN VALUES
+The
+.Fn
+function returns one of the following values:
+.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
+.El
+.Sh SEE ALSO
+.Xr pam_strerror 3 ,
+.Xr pam 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The
+.Nm
+function and this manual page were developed for the FreeBSD Project
+by ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/include/security/openpam.h b/contrib/openpam/include/security/openpam.h
new file mode 100644
index 0000000..5b5497f
--- /dev/null
+++ b/contrib/openpam/include/security/openpam.h
@@ -0,0 +1,210 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _SECURITY_OPENPAM_H_INCLUDED
+#define _SECURITY_OPENPAM_H_INCLUDED
+
+/*
+ * Annoying but necessary header pollution
+ */
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * API extensions
+ */
+int
+pam_error(pam_handle_t *_pamh,
+ const char *_fmt,
+ ...);
+
+int
+pam_get_authtok(pam_handle_t *_pamh,
+ const char **_authtok,
+ const char *_prompt);
+
+int
+pam_info(pam_handle_t *_pamh,
+ const char *_fmt,
+ ...);
+
+int
+pam_prompt(pam_handle_t *_pamh,
+ int _style,
+ char **_resp,
+ const char *_fmt,
+ ...);
+
+int
+pam_setenv(pam_handle_t *_pamh,
+ const char *_name,
+ const char *_value,
+ int _overwrite);
+
+int
+pam_vinfo(pam_handle_t *_pamh,
+ const char *_fmt,
+ va_list _ap);
+
+int
+pam_verror(pam_handle_t *_pamh,
+ const char *_fmt,
+ va_list _ap);
+
+int
+pam_vprompt(pam_handle_t *_pamh,
+ int _style,
+ char **_resp,
+ const char *_fmt,
+ va_list _ap);
+
+/*
+ * Log levels
+ */
+enum {
+ PAM_LOG_DEBUG,
+ PAM_LOG_VERBOSE,
+ PAM_LOG_NOTICE,
+ PAM_LOG_ERROR
+};
+
+/*
+ * Log to syslog
+ */
+void _openpam_log(int _level,
+ const char *_func,
+ const char *_fmt,
+ ...);
+
+#if defined(__STDC__) && (__STDC_VERSION__ > 199901L)
+#define openpam_log(lvl, fmt, ...) \
+ _openpam_log((lvl), __func__, fmt, __VA_ARGS__)
+#elif defined(__GNUC__)
+#define openpam_log(lvl, fmt...) \
+ _openpam_log((lvl), __func__, ##fmt)
+#else
+extern openpam_log(int _level, const char *_format, ...);
+#endif
+
+/*
+ * Generic conversation function
+ */
+struct pam_message;
+struct pam_response;
+int openpam_ttyconv(int _n,
+ const struct pam_message **_msg,
+ struct pam_response **_resp,
+ void *_data);
+
+/*
+ * PAM primitives
+ */
+enum {
+ PAM_SM_AUTHENTICATE,
+ PAM_SM_SETCRED,
+ PAM_SM_ACCT_MGMT,
+ PAM_SM_OPEN_SESSION,
+ PAM_SM_CLOSE_SESSION,
+ PAM_SM_CHAUTHTOK,
+ /* keep this last */
+ PAM_NUM_PRIMITIVES
+};
+
+/*
+ * Dummy service module function
+ */
+#define PAM_SM_DUMMY(type) \
+PAM_EXTERN int \
+pam_sm_##type(pam_handle_t *pamh, int flags, \
+ int argc, const char *argv[]) \
+{ \
+ return (PAM_IGNORE); \
+}
+
+/*
+ * PAM service module functions match this typedef
+ */
+struct pam_handle;
+typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
+
+/*
+ * A struct that describes a module.
+ */
+typedef struct pam_module pam_module_t;
+struct pam_module {
+ const char *path;
+ pam_func_t func[PAM_NUM_PRIMITIVES];
+ void *dlh;
+ int refcount;
+ pam_module_t *prev;
+ pam_module_t *next;
+};
+
+/*
+ * Infrastructure for static modules using GCC linker sets.
+ * You are not expected to understand this.
+ */
+#if defined(__GNUC__) && !defined(__PIC__)
+#if defined(__FreeBSD__)
+#define PAM_SOEXT ".so"
+#else
+#error Static linking is not supported on your platform
+#endif
+/* gcc, static linking */
+#include <sys/cdefs.h>
+#include <linker_set.h>
+#define OPENPAM_STATIC_MODULES
+#define PAM_EXTERN static
+#define PAM_MODULE_ENTRY(name) \
+static struct pam_module _pam_module = { name PAM_SOEXT, { \
+ pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, \
+ pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }, \
+ NULL, 0, NULL, NULL }; \
+DATA_SET(_openpam_modules, _pam_module)
+#else
+/* normal case */
+#define PAM_EXTERN
+#define PAM_MODULE_ENTRY(name)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/include/security/pam_appl.h b/contrib/openpam/include/security/pam_appl.h
new file mode 100644
index 0000000..f3e7e60
--- /dev/null
+++ b/contrib/openpam/include/security/pam_appl.h
@@ -0,0 +1,180 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _PAM_APPL_H_INCLUDED
+#define _PAM_APPL_H_INCLUDED
+
+#include <security/pam_types.h>
+#include <security/pam_constants.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * XSSO 4.2.1, 6
+ */
+
+int
+pam_acct_mgmt(pam_handle_t *_pamh,
+ int _flags);
+
+int
+pam_authenticate(pam_handle_t *_pamh,
+ int _flags);
+
+int
+pam_chauthtok(pam_handle_t *_pamh,
+ int _flags);
+
+int
+pam_close_session(pam_handle_t *_pamh,
+ int _flags);
+
+int
+pam_end(pam_handle_t *_pamh,
+ int _status);
+
+int
+pam_get_data(pam_handle_t *_pamh,
+ const char *_module_data_name,
+ void **_data);
+
+int
+pam_get_item(pam_handle_t *_pamh,
+ int _item_type,
+ const void **_item);
+
+int
+pam_get_user(pam_handle_t *_pamh,
+ const char **_user,
+ const char *_prompt);
+
+char *
+pam_getenv(pam_handle_t *_pamh,
+ const char *_name);
+
+char **
+pam_getenvlist(pam_handle_t *_pamh);
+
+int
+pam_open_session(pam_handle_t *_pamh,
+ int _flags);
+
+int
+pam_putenv(pam_handle_t *_pamh,
+ const char *_namevalue);
+
+int
+pam_set_data(pam_handle_t *_pamh,
+ const char *_module_data_name,
+ void *_data,
+ void (*_cleanup)(pam_handle_t *_pamh,
+ void *_data,
+ int _pam_end_status));
+
+int
+pam_set_item(pam_handle_t *_pamh,
+ int _item_type,
+ const void *_item);
+
+int
+pam_setcred(pam_handle_t *_pamh,
+ int _flags);
+
+int
+pam_start(const char *_service,
+ const char *_user,
+ const struct pam_conv *_pam_conv,
+ pam_handle_t **_pamh);
+
+const char *
+pam_strerror(pam_handle_t *_pamh,
+ int _error_number);
+
+/*
+ * Single Sign-On extensions
+ */
+#if 0
+int
+pam_authenticate_secondary(pam_handle_t *_pamh,
+ char *_target_username,
+ char *_target_module_type,
+ char *_target_authn_domain,
+ char *_target_supp_data,
+ char *_target_module_authtok,
+ int _flags);
+
+int
+pam_get_mapped_authtok(pam_handle_t *_pamh,
+ const char *_target_module_username,
+ const char *_target_module_type,
+ const char *_target_authn_domain,
+ size_t *_target_authtok_len,
+ unsigned char **_target_module_authtok);
+
+int
+pam_get_mapped_username(pam_handle_t *_pamh,
+ const char *_src_username,
+ const char *_src_module_type,
+ const char *_src_authn_domain,
+ const char *_target_module_type,
+ const char *_target_authn_domain,
+ char **_target_module_username);
+
+int
+pam_set_mapped_authtok(pam_handle_t *_pamh,
+ const char *_target_module_username,
+ size_t _target_authtok_len,
+ unsigned char *_target_module_authtok,
+ const char *_target_module_type,
+ const char *_target_authn_domain);
+
+int
+pam_set_mapped_username(pam_handle_t *_pamh,
+ char *_src_username,
+ char *_src_module_type,
+ char *_src_authn_domain,
+ char *_target_module_username,
+ char *_target_module_type,
+ char *_target_authn_domain);
+#endif /* 0 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/include/security/pam_constants.h b/contrib/openpam/include/security/pam_constants.h
new file mode 100644
index 0000000..71d6ba8
--- /dev/null
+++ b/contrib/openpam/include/security/pam_constants.h
@@ -0,0 +1,128 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _PAM_CONSTANTS_H_INCLUDED
+#define _PAM_CONSTANTS_H_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * XSSO 5.2
+ */
+enum {
+ PAM_SUCCESS = 0,
+ PAM_OPEN_ERR = 1,
+ PAM_SYMBOL_ERR = 2,
+ PAM_SERVICE_ERR = 3,
+ PAM_SYSTEM_ERR = 4,
+ PAM_BUF_ERR = 5,
+ PAM_CONV_ERR = 6,
+ PAM_PERM_DENIED = 7,
+ PAM_MAXTRIES = 8,
+ PAM_AUTH_ERR = 9,
+ PAM_NEW_AUTHTOK_REQD = 10,
+ PAM_CRED_INSUFFICIENT = 11,
+ PAM_AUTHINFO_UNAVAIL = 12,
+ PAM_USER_UNKNOWN = 13,
+ PAM_CRED_UNAVAIL = 14,
+ PAM_CRED_EXPIRED = 15,
+ PAM_CRED_ERR = 16,
+ PAM_ACCT_EXPIRED = 17,
+ PAM_AUTHTOK_EXPIRED = 18,
+ PAM_SESSION_ERR = 19,
+ PAM_AUTHTOK_ERR = 20,
+ PAM_AUTHTOK_RECOVERY_ERR = 21,
+ PAM_AUTHTOK_LOCK_BUSY = 22,
+ PAM_AUTHTOK_DISABLE_AGING = 23,
+ PAM_NO_MODULE_DATA = 24,
+ PAM_IGNORE = 25,
+ PAM_ABORT = 26,
+ PAM_TRY_AGAIN = 27,
+ PAM_MODULE_UNKNOWN = 28,
+ PAM_DOMAIN_UNKNOWN = 29
+};
+
+/*
+ * XSSO 5.3
+ */
+enum {
+ PAM_PROMPT_ECHO_OFF = 1,
+ PAM_PROMPT_ECHO_ON = 2,
+ PAM_ERROR_MSG = 3,
+ PAM_TEXT_INFO = 4,
+ PAM_MAX_NUM_MSG = 32,
+ PAM_MAX_MSG_SIZE = 512,
+ PAM_MAX_RESP_SIZE = 512
+};
+
+/*
+ * XSSO 5.4
+ */
+enum {
+ PAM_SILENT = 0x80000000,
+ PAM_DISALLOW_NULL_AUTHTOK = 0x1,
+ PAM_ESTABLISH_CRED = 0x1,
+ PAM_DELETE_CRED = 0x2,
+ PAM_REINITIALISE_CRED = 0x4,
+ PAM_REFRESH_CRED = 0x8,
+ PAM_PRELIM_CHECK = 0x1,
+ PAM_UPDATE_AUTHTOK = 0x2,
+ PAM_CHANGE_EXPIRED_AUTHTOK = 0x4
+};
+
+/*
+ * XSSO 5.5
+ */
+enum {
+ PAM_SERVICE = 1,
+ PAM_USER = 2,
+ PAM_TTY = 3,
+ PAM_RHOST = 4,
+ PAM_CONV = 5,
+ PAM_AUTHTOK = 6,
+ PAM_OLDAUTHTOK = 7,
+ PAM_RUSER = 8,
+ PAM_USER_PROMPT = 9,
+ PAM_AUTHTOK_PROMPT = 10 /* OpenPAM extension */
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/include/security/pam_modules.h b/contrib/openpam/include/security/pam_modules.h
new file mode 100644
index 0000000..35c8eb9
--- /dev/null
+++ b/contrib/openpam/include/security/pam_modules.h
@@ -0,0 +1,148 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _PAM_MODULES_H_INCLUDED
+#define _PAM_MODULES_H_INCLUDED
+
+#include <security/pam_types.h>
+#include <security/pam_constants.h>
+#include <security/openpam.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * XSSO 4.2.2, 6
+ */
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *_pamh,
+ int _flags,
+ int _argc,
+ const char **_argv);
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *_pamh,
+ int _flags,
+ int _argc,
+ const char **_argv);
+
+PAM_EXTERN int
+pam_sm_chauthtok(pam_handle_t *_pamh,
+ int _flags,
+ int _argc,
+ const char **_argv);
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *_pamh,
+ int _flags,
+ int _args,
+ const char **_argv);
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *_pamh,
+ int _flags,
+ int _argc,
+ const char **_argv);
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *_pamh,
+ int _flags,
+ int _argc,
+ const char **_argv);
+
+/*
+ * Single Sign-On extensions
+ */
+#if 0
+PAM_EXTERN int
+pam_sm_authenticate_secondary(pam_handle_t *_pamh,
+ char *_target_username,
+ char *_target_module_type,
+ char *_target_authn_domain,
+ char *_target_supp_data,
+ unsigned char *_target_module_authtok,
+ int _flags,
+ int _argc,
+ const char **_argv);
+
+PAM_EXTERN int
+pam_sm_get_mapped_authtok(pam_handle_t *_pamh,
+ char *_target_module_username,
+ char *_target_module_type,
+ char *_target_authn_domain,
+ size_t *_target_authtok_len,
+ unsigned char **_target_module_authtok,
+ int _argc,
+ char *_argv);
+
+PAM_EXTERN int
+pam_sm_get_mapped_username(pam_handle_t *_pamh,
+ char *_src_username,
+ char *_src_module_type,
+ char *_src_authn_domain,
+ char *_target_module_type,
+ char *_target_authn_domain,
+ char **_target_module_username,
+ int _argc,
+ const char **_argv);
+
+PAM_EXTERN int
+pam_sm_set_mapped_authtok(pam_handle_t *_pamh,
+ char *_target_module_username,
+ size_t _target_authtok_len,
+ unsigned char *_target_module_authtok,
+ char *_target_module_type,
+ char *_target_authn_domain,
+ int _argc,
+ const char *_argv);
+
+PAM_EXTERN int
+pam_sm_set_mapped_username(pam_handle_t *_pamh,
+ char *_target_module_username,
+ char *_target_module_type,
+ char *_target_authn_domain,
+ int _argc,
+ const char **_argv);
+
+#endif /* 0 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/include/security/pam_types.h b/contrib/openpam/include/security/pam_types.h
new file mode 100644
index 0000000..d8ba80b
--- /dev/null
+++ b/contrib/openpam/include/security/pam_types.h
@@ -0,0 +1,76 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _PAM_TYPES_H_INCLUDED
+#define _PAM_TYPES_H_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * XSSO 5.1.1
+ */
+struct pam_message {
+ int msg_style;
+ char *msg;
+};
+
+struct pam_response {
+ char *resp;
+ int resp_retcode;
+};
+
+/*
+ * XSSO 5.1.2
+ */
+struct pam_conv {
+ int (*conv)(int, const struct pam_message **,
+ struct pam_response **, void *);
+ void *appdata_ptr;
+};
+
+/*
+ * XSSO 5.1.3
+ */
+struct pam_handle;
+typedef struct pam_handle pam_handle_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile
new file mode 100644
index 0000000..1fd9041
--- /dev/null
+++ b/contrib/openpam/lib/Makefile
@@ -0,0 +1,85 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+LIB = pam
+SHLIB_MAJOR = 2
+SHLIB_MINOR = 0
+
+WARNS ?= 4
+NO_WERROR = yes
+CFLAGS += -I${.CURDIR}/../include
+
+SRCS =
+SRCS += openpam_dispatch.c
+SRCS += openpam_findenv.c
+SRCS += openpam_load.c
+SRCS += openpam_log.c
+SRCS += openpam_ttyconv.c
+SRCS += pam_acct_mgmt.c
+SRCS += pam_authenticate.c
+SRCS += pam_chauthtok.c
+SRCS += pam_close_session.c
+SRCS += pam_end.c
+SRCS += pam_error.c
+SRCS += pam_get_authtok.c
+SRCS += pam_get_data.c
+SRCS += pam_get_item.c
+SRCS += pam_get_user.c
+SRCS += pam_getenv.c
+SRCS += pam_getenvlist.c
+SRCS += pam_info.c
+SRCS += pam_open_session.c
+SRCS += pam_prompt.c
+SRCS += pam_putenv.c
+SRCS += pam_set_data.c
+SRCS += pam_set_item.c
+SRCS += pam_setcred.c
+SRCS += pam_setenv.c
+SRCS += pam_start.c
+SRCS += pam_strerror.c
+SRCS += pam_verror.c
+SRCS += pam_vinfo.c
+SRCS += pam_vprompt.c
+
+.if 0
+SRCS += pam_authenticate_secondary.c
+SRCS += pam_get_mapped_authtok.c
+SRCS += pam_get_mapped_username.c
+SRCS += pam_set_mapped_authtok.c
+SRCS += pam_set_mapped_username.c
+.endif
+
+.include <bsd.lib.mk>
diff --git a/contrib/openpam/lib/openpam_dispatch.c b/contrib/openpam/lib/openpam_dispatch.c
new file mode 100644
index 0000000..9c7c287
--- /dev/null
+++ b/contrib/openpam/lib/openpam_dispatch.c
@@ -0,0 +1,203 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+#if !defined(OPENPAM_RELAX_CHECKS)
+static void _openpam_check_error_code(int, int);
+#else
+#define _openpam_check_error_code(a, b)
+#endif /* !defined(OPENPAM_RELAX_CHECKS) */
+
+/*
+ * Execute a module chain
+ */
+
+int
+openpam_dispatch(pam_handle_t *pamh,
+ int primitive,
+ int flags)
+{
+ pam_chain_t *chain;
+ int err, fail, r;
+
+ if (pamh == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ /* prevent recursion */
+ if (pamh->current != NULL) {
+ openpam_log(PAM_LOG_ERROR, "indirect recursion");
+ return (PAM_ABORT);
+ }
+
+ /* pick a chain */
+ switch (primitive) {
+ case PAM_SM_AUTHENTICATE:
+ case PAM_SM_SETCRED:
+ chain = pamh->chains[PAM_AUTH];
+ break;
+ case PAM_SM_ACCT_MGMT:
+ chain = pamh->chains[PAM_ACCOUNT];
+ break;
+ case PAM_SM_OPEN_SESSION:
+ case PAM_SM_CLOSE_SESSION:
+ chain = pamh->chains[PAM_SESSION];
+ break;
+ case PAM_SM_CHAUTHTOK:
+ chain = pamh->chains[PAM_PASSWORD];
+ break;
+ default:
+ return (PAM_SYSTEM_ERR);
+ }
+
+ /* execute */
+ for (err = fail = 0; chain != NULL; chain = chain->next) {
+ if (chain->module->func[primitive] == NULL) {
+ openpam_log(PAM_LOG_ERROR, "%s: no %s()",
+ chain->module->path, _pam_sm_func_name[primitive]);
+ continue;
+ } else {
+ pamh->current = chain;
+ r = (chain->module->func[primitive])(pamh, flags,
+ chain->optc, (const char **)chain->optv);
+ pamh->current = NULL;
+ openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
+ chain->module->path, _pam_sm_func_name[primitive],
+ pam_strerror(pamh, r));
+ }
+
+ if (r == PAM_IGNORE)
+ continue;
+ if (r == PAM_SUCCESS) {
+ /*
+ * For pam_setcred(), treat "sufficient" as
+ * "optional".
+ *
+ * Note that Solaris libpam does not terminate
+ * the chain here if a required module has
+ * previously failed. I'm not sure why.
+ */
+ if (chain->flag == PAM_SUFFICIENT &&
+ primitive != PAM_SM_SETCRED)
+ break;
+ }
+
+ _openpam_check_error_code(primitive, r);
+
+ /*
+ * Record the return code from the first module to
+ * fail. If a required module fails, record the
+ * return code from the first required module to fail.
+ */
+ if (err == 0)
+ err = r;
+ if (chain->flag == PAM_REQUIRED && !fail) {
+ fail = 1;
+ err = r;
+ }
+
+ /*
+ * If a requisite module fails, terminate the chain
+ * immediately.
+ */
+ if (chain->flag == PAM_REQUISITE) {
+ fail = 1;
+ break;
+ }
+ }
+
+ return (fail ? err : PAM_SUCCESS);
+}
+
+#if !defined(OPENPAM_RELAX_CHECKS)
+static void
+_openpam_check_error_code(int primitive, int r)
+{
+ /* common error codes */
+ if (r == PAM_SERVICE_ERR ||
+ r == PAM_BUF_ERR ||
+ r == PAM_BUF_ERR ||
+ r == PAM_CONV_ERR ||
+ r == PAM_PERM_DENIED)
+ return;
+
+ /* specific error codes */
+ switch (primitive) {
+ case PAM_SM_AUTHENTICATE:
+ if (r == PAM_AUTH_ERR ||
+ r == PAM_CRED_INSUFFICIENT ||
+ r == PAM_AUTHINFO_UNAVAIL ||
+ r == PAM_USER_UNKNOWN ||
+ r == PAM_MAXTRIES)
+ return;
+ break;
+ case PAM_SM_SETCRED:
+ if (r == PAM_CRED_UNAVAIL ||
+ r == PAM_CRED_EXPIRED ||
+ r == PAM_USER_UNKNOWN ||
+ r == PAM_CRED_ERR)
+ return;
+ break;
+ case PAM_SM_ACCT_MGMT:
+ if (r == PAM_USER_UNKNOWN ||
+ r == PAM_AUTH_ERR ||
+ r == PAM_NEW_AUTHTOK_REQD ||
+ r == PAM_ACCT_EXPIRED)
+ return;
+ break;
+ case PAM_SM_OPEN_SESSION:
+ case PAM_SM_CLOSE_SESSION:
+ if (r == PAM_SESSION_ERR)
+ return;
+ break;
+ case PAM_SM_CHAUTHTOK:
+ if (r == PAM_PERM_DENIED ||
+ r == PAM_AUTHTOK_ERR ||
+ r == PAM_AUTHTOK_RECOVERY_ERR ||
+ r == PAM_AUTHTOK_LOCK_BUSY ||
+ r == PAM_AUTHTOK_DISABLE_AGING)
+ return;
+ break;
+ }
+
+ openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d",
+ _pam_sm_func_name[primitive], r);
+}
+#endif /* !defined(OPENPAM_RELAX_CHECKS) */
diff --git a/contrib/openpam/lib/openpam_findenv.c b/contrib/openpam/lib/openpam_findenv.c
new file mode 100644
index 0000000..c32dd27
--- /dev/null
+++ b/contrib/openpam/lib/openpam_findenv.c
@@ -0,0 +1,62 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * Locate an environment variable
+ */
+
+int
+openpam_findenv(pam_handle_t *pamh,
+ const char *name,
+ size_t len)
+{
+ int i;
+
+ if (pamh == NULL)
+ return (-1);
+
+ for (i = 0; i < pamh->env_count; ++i)
+ if (strncmp(pamh->env[i], name, len) == 0 &&
+ pamh->env[i][len] == '=')
+ return (i);
+ return (-1);
+}
diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h
new file mode 100644
index 0000000..5988628
--- /dev/null
+++ b/contrib/openpam/lib/openpam_impl.h
@@ -0,0 +1,106 @@
+/*-
+ * Copyright (c) 2001 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _OPENPAM_IMPL_H_INCLUDED
+#define _OPENPAM_IMPL_H_INCLUDED
+
+#include <security/openpam.h>
+
+extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
+
+/*
+ * Control flags
+ */
+#define PAM_REQUIRED 1
+#define PAM_REQUISITE 2
+#define PAM_SUFFICIENT 3
+#define PAM_OPTIONAL 4
+#define PAM_NUM_CONTROLFLAGS 5
+
+/*
+ * Chains
+ */
+#define PAM_AUTH 0
+#define PAM_ACCOUNT 1
+#define PAM_SESSION 2
+#define PAM_PASSWORD 3
+#define PAM_NUM_CHAINS 4
+
+typedef struct pam_chain pam_chain_t;
+struct pam_chain {
+ pam_module_t *module;
+ int flag;
+ int optc;
+ char **optv;
+ pam_chain_t *next;
+};
+
+#define PAM_NUM_ITEMS 10
+
+typedef struct pam_data pam_data_t;
+struct pam_data {
+ char *name;
+ void *data;
+ void (*cleanup)(pam_handle_t *, void *, int);
+ pam_data_t *next;
+};
+
+struct pam_handle {
+ char *service;
+
+ /* chains */
+ pam_chain_t *chains[PAM_NUM_CHAINS];
+ pam_chain_t *current;
+
+ /* items and data */
+ void *item[PAM_NUM_ITEMS];
+ pam_data_t *module_data;
+
+ /* environment list */
+ char **env;
+ int env_count;
+ int env_size;
+};
+
+#define PAM_OTHER "other"
+
+int openpam_dispatch(pam_handle_t *, int, int);
+int openpam_findenv(pam_handle_t *, const char *, size_t);
+int openpam_add_module(pam_handle_t *, int, int,
+ const char *, int, const char **);
+void openpam_clear_chains(pam_handle_t *);
+
+#endif
diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c
new file mode 100644
index 0000000..d938959
--- /dev/null
+++ b/contrib/openpam/lib/openpam_load.c
@@ -0,0 +1,227 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <dlfcn.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+#ifdef OPENPAM_STATIC_MODULES
+SET_DECLARE(_openpam_modules, pam_module_t);
+#endif
+
+const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
+ "pam_sm_acct_mgmt",
+ "pam_sm_authenticate",
+ "pam_sm_chauthtok",
+ "pam_sm_close_session",
+ "pam_sm_open_session",
+ "pam_sm_setcred"
+};
+
+static pam_module_t *modules;
+
+/*
+ * Load a dynamic module, or locate a static one. Keep a list of
+ * previously found modules to speed up the process.
+ */
+
+static pam_module_t *
+openpam_load_module(const char *path)
+{
+ pam_module_t *module;
+ void *dlh;
+ int i;
+
+ /* check cache first */
+ for (module = modules; module != NULL; module = module->next)
+ if (strcmp(module->path, path) == 0)
+ goto found;
+
+ /* nope; try to load */
+ if ((dlh = dlopen(path, RTLD_NOW)) == NULL) {
+ openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
+ } else {
+ if ((module = calloc(1, sizeof *module)) == NULL)
+ goto buf_err;
+ if ((module->path = strdup(path)) == NULL)
+ goto buf_err;
+ module->dlh = dlh;
+ for (i = 0; i < PAM_NUM_PRIMITIVES; ++i)
+ module->func[i] = dlsym(dlh, _pam_sm_func_name[i]);
+ }
+ openpam_log(PAM_LOG_DEBUG, "%s dynamic %s",
+ (module == NULL) ? "no" : "using", path);
+
+#ifdef OPENPAM_STATIC_MODULES
+ /* look for a static module */
+ if (module == NULL && strchr(path, '/') == NULL) {
+ pam_module_t **modp;
+
+ SET_FOREACH(modp, _openpam_modules) {
+ if (strcmp((*modp)->path, path) == 0) {
+ module = *modp;
+ break;
+ }
+ }
+ openpam_log(PAM_LOG_DEBUG, "%s static %s",
+ (module == NULL) ? "no" : "using", path);
+ }
+#endif
+ if (module == NULL)
+ return (NULL);
+ module->next = modules;
+ module->prev = NULL;
+ modules = module;
+ found:
+ ++module->refcount;
+ return (module);
+ buf_err:
+ openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+ dlclose(dlh);
+ free(module);
+ return (NULL);
+}
+
+
+/*
+ * Release a module.
+ * XXX highly thread-unsafe
+ */
+
+static void
+openpam_release_module(pam_module_t *module)
+{
+ if (module == NULL)
+ return;
+ --module->refcount;
+ if (module->refcount > 0)
+ /* still in use */
+ return;
+ if (module->refcount < 0) {
+ openpam_log(PAM_LOG_ERROR, "module %s has negative refcount",
+ module->path);
+ module->refcount = 0;
+ }
+ if (module->dlh == NULL)
+ /* static module */
+ return;
+ dlclose(module->dlh);
+ if (module->prev != NULL)
+ module->prev->next = module->next;
+ if (module->next != NULL)
+ module->next->prev = module->prev;
+ free(module);
+}
+
+
+/*
+ * Destroy a chain, freeing all its links and releasing the modules
+ * they point to.
+ */
+
+static void
+openpam_destroy_chain(pam_chain_t *chain)
+{
+ if (chain == NULL)
+ return;
+ openpam_destroy_chain(chain->next);
+ chain->next = NULL;
+ while (chain->optc--)
+ free(chain->optv[chain->optc]);
+ free(chain->optv);
+ openpam_release_module(chain->module);
+ free(chain);
+}
+
+/*
+ * Add a module to a chain.
+ */
+
+int
+openpam_add_module(pam_handle_t *pamh,
+ int chain,
+ int flag,
+ const char *modpath,
+ int optc,
+ const char *optv[])
+{
+ pam_chain_t *new, *iterator;
+
+ if ((new = calloc(1, sizeof *new)) == NULL)
+ goto buf_err;
+ if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL)
+ goto buf_err;
+ while (optc--)
+ if ((new->optv[new->optc++] = strdup(*optv++)) == NULL)
+ goto buf_err;
+ new->optv[new->optc] = NULL;
+ new->flag = flag;
+ if ((new->module = openpam_load_module(modpath)) == NULL) {
+ openpam_destroy_chain(new);
+ return (PAM_OPEN_ERR);
+ }
+ if ((iterator = pamh->chains[chain]) != NULL) {
+ while (iterator->next != NULL)
+ iterator = iterator->next;
+ iterator->next = new;
+ } else {
+ pamh->chains[chain] = new;
+ }
+ return (PAM_SUCCESS);
+
+ buf_err:
+ openpam_log(PAM_LOG_ERROR, "%m");
+ openpam_destroy_chain(new);
+ return (PAM_BUF_ERR);
+}
+
+
+/*
+ * Clear the chains and release the modules
+ */
+
+void
+openpam_clear_chains(pam_handle_t *pamh)
+{
+ int i;
+
+ for (i = 0; i < PAM_NUM_CHAINS; ++i)
+ openpam_destroy_chain(pamh->chains[i]);
+}
diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c
new file mode 100644
index 0000000..d733b69
--- /dev/null
+++ b/contrib/openpam/lib/openpam_log.c
@@ -0,0 +1,117 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+#if defined(openpam_log)
+
+/*
+ * Log a message through syslog(3)
+ */
+
+void
+_openpam_log(int level, const char *func, const char *fmt, ...)
+{
+ va_list ap;
+ char *format;
+ int priority;
+
+ switch (level) {
+ case PAM_LOG_DEBUG:
+ priority = LOG_DEBUG;
+ break;
+ case PAM_LOG_VERBOSE:
+ priority = LOG_INFO;
+ break;
+ case PAM_LOG_NOTICE:
+ priority = LOG_NOTICE;
+ break;
+ case PAM_LOG_ERROR:
+ priority = LOG_ERR;
+ break;
+ }
+ va_start(ap, fmt);
+ if ((format = malloc(strlen(func) + strlen(fmt) + 8)) != NULL) {
+ sprintf(format, "in %s(): %s", func, fmt);
+ vsyslog(priority, format, ap);
+ free(format);
+ } else {
+ vsyslog(priority, fmt, ap);
+ }
+ va_end(ap);
+}
+
+#else
+
+/*
+ * If openpam_log isn't defined as a macro, we're on a platform that
+ * doesn't support varadic macros (or it does but we aren't aware of
+ * it). Do the next best thing.
+ */
+
+void
+openpam_log(int level, const char *fmt, ...)
+{
+ va_list ap;
+ int priority;
+
+ switch (level) {
+ case PAM_LOG_DEBUG:
+ priority = LOG_DEBUG;
+ break;
+ case PAM_LOG_VERBOSE:
+ priority = LOG_INFO;
+ break;
+ case PAM_LOG_NOTICE:
+ priority = LOG_NOTICE;
+ break;
+ case PAM_LOG_ERROR:
+ priority = LOG_ERR;
+ break;
+ }
+ va_start(ap, fmt);
+ vsyslog(priority, fmt, ap);
+ va_end(ap);
+}
+
+#endif
diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c
new file mode 100644
index 0000000..ac7eecd
--- /dev/null
+++ b/contrib/openpam/lib/openpam_ttyconv.c
@@ -0,0 +1,131 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/types.h>
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <termios.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+/*
+ * Simple tty-based conversation function.
+ */
+
+int
+openpam_ttyconv(int n,
+ const struct pam_message **msg,
+ struct pam_response **resp,
+ void *data)
+{
+ char buf[PAM_MAX_RESP_SIZE];
+ struct termios tattr;
+ tcflag_t lflag;
+ int fd, err, i;
+ size_t len;
+
+ data = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+ if ((*resp = calloc(n, sizeof **resp)) == NULL)
+ return (PAM_BUF_ERR);
+ fd = fileno(stdin);
+ for (i = 0; i < n; ++i) {
+ resp[i]->resp_retcode = 0;
+ resp[i]->resp = NULL;
+ switch (msg[i]->msg_style) {
+ case PAM_PROMPT_ECHO_OFF:
+ case PAM_PROMPT_ECHO_ON:
+ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+ if (tcgetattr(fd, &tattr) != 0) {
+ openpam_log(PAM_LOG_ERROR,
+ "tcgetattr(): %m");
+ err = PAM_CONV_ERR;
+ goto fail;
+ }
+ lflag = tattr.c_lflag;
+ tattr.c_lflag &= ~ECHO;
+ if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) {
+ openpam_log(PAM_LOG_ERROR,
+ "tcsetattr(): %m");
+ err = PAM_CONV_ERR;
+ goto fail;
+ }
+ }
+ fputs(msg[i]->msg, stderr);
+ buf[0] = '\0';
+ fgets(buf, sizeof buf, stdin);
+ if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
+ tattr.c_lflag = lflag;
+ (void)tcsetattr(fd, TCSANOW, &tattr);
+ fputs("\n", stderr);
+ }
+ if (ferror(stdin)) {
+ err = PAM_CONV_ERR;
+ goto fail;
+ }
+ for (len = strlen(buf); len > 0; --len)
+ if (!isspace(buf[len - 1]))
+ break;
+ buf[len] = '\0';
+ if ((resp[i]->resp = strdup(buf)) == NULL) {
+ err = PAM_BUF_ERR;
+ goto fail;
+ }
+ break;
+ case PAM_ERROR_MSG:
+ fputs(msg[i]->msg, stderr);
+ break;
+ case PAM_TEXT_INFO:
+ fputs(msg[i]->msg, stdout);
+ break;
+ default:
+ err = PAM_BUF_ERR;
+ goto fail;
+ }
+ }
+ return (PAM_SUCCESS);
+ fail:
+ while (i)
+ free(resp[--i]);
+ free(*resp);
+ *resp = NULL;
+ return (err);
+}
diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c
new file mode 100644
index 0000000..d88a24e
--- /dev/null
+++ b/contrib/openpam/lib/pam_acct_mgmt.c
@@ -0,0 +1,56 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 32
+ *
+ * Perform PAM account validation procedures
+ */
+
+int
+pam_acct_mgmt(pam_handle_t *pamh,
+ int flags)
+{
+
+ return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags));
+}
diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c
new file mode 100644
index 0000000..d98d1df
--- /dev/null
+++ b/contrib/openpam/lib/pam_authenticate.c
@@ -0,0 +1,56 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 34
+ *
+ * Perform authentication within the PAM framework
+ */
+
+int
+pam_authenticate(pam_handle_t *pamh,
+ int flags)
+{
+
+ return (openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags));
+}
diff --git a/contrib/openpam/lib/pam_authenticate_secondary.c b/contrib/openpam/lib/pam_authenticate_secondary.c
new file mode 100644
index 0000000..37a57fe
--- /dev/null
+++ b/contrib/openpam/lib/pam_authenticate_secondary.c
@@ -0,0 +1,50 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <security/pam_appl.h>
+
+int
+pam_authenticate_secondary(pam_handle_t *pamh,
+ char *target_username,
+ char *target_module_type,
+ char *target_authn_domain,
+ char *target_supp_data,
+ char *target_module_authtok,
+ int flags)
+{
+
+ return (PAM_SYSTEM_ERR);
+}
diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c
new file mode 100644
index 0000000..c35ed49
--- /dev/null
+++ b/contrib/openpam/lib/pam_chauthtok.c
@@ -0,0 +1,56 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 38
+ *
+ * Perform password related functions within the PAM framework
+ */
+
+int
+pam_chauthtok(pam_handle_t *pamh,
+ int flags)
+{
+
+ return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags));
+}
diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c
new file mode 100644
index 0000000..9b2a1ae
--- /dev/null
+++ b/contrib/openpam/lib/pam_close_session.c
@@ -0,0 +1,56 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 40
+ *
+ * Close an existing user session
+ */
+
+int
+pam_close_session(pam_handle_t *pamh,
+ int flags)
+{
+
+ return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
+}
diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c
new file mode 100644
index 0000000..0fbfdf8
--- /dev/null
+++ b/contrib/openpam/lib/pam_end.c
@@ -0,0 +1,84 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 42
+ *
+ * Terminate the PAM transaction
+ */
+
+int
+pam_end(pam_handle_t *pamh,
+ int status)
+{
+ pam_data_t *dp;
+ int i;
+
+ if (pamh == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ /* clear module data */
+ while ((dp = pamh->module_data) != NULL) {
+ if (dp->cleanup)
+ (dp->cleanup)(pamh, dp->data, status);
+ pamh->module_data = dp->next;
+ free(dp->name);
+ free(dp);
+ }
+
+ /* clear environment */
+ while (pamh->env_count)
+ free(pamh->env[--pamh->env_count]);
+ free(pamh->env);
+
+ /* clear chains */
+ openpam_clear_chains(pamh);
+
+ /* clear items */
+ for (i = 0; i < PAM_NUM_ITEMS; ++i)
+ pam_set_item(pamh, i, NULL);
+
+ free(pamh);
+
+ return (PAM_SUCCESS);
+}
diff --git a/contrib/openpam/lib/pam_error.c b/contrib/openpam/lib/pam_error.c
new file mode 100644
index 0000000..aded8f1
--- /dev/null
+++ b/contrib/openpam/lib/pam_error.c
@@ -0,0 +1,64 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+/*
+ * OpenPAM extension
+ *
+ * Display an error message
+ */
+
+int
+pam_error(pam_handle_t *pamh,
+ const char *fmt,
+ ...)
+{
+ va_list ap;
+ char *rsp;
+ int r;
+
+ va_start(ap, fmt);
+ r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap);
+ va_end(ap);
+ free(rsp); /* ignore response */
+ return (r);
+}
diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c
new file mode 100644
index 0000000..741b02d
--- /dev/null
+++ b/contrib/openpam/lib/pam_get_authtok.c
@@ -0,0 +1,75 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+#include "openpam_impl.h"
+
+/*
+ * OpenPAM extension
+ *
+ * Retrieve authentication token
+ */
+
+int
+pam_get_authtok(pam_handle_t *pamh,
+ const char **authtok,
+ const char *prompt)
+{
+ char *p, *resp;
+ int r;
+
+ if (pamh == NULL || authtok == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ r = pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok);
+ if (r == PAM_SUCCESS)
+ return (PAM_SUCCESS);
+ if (prompt == NULL) {
+ if (pam_get_item(pamh, PAM_AUTHTOK_PROMPT,
+ (const void **)&p) != PAM_SUCCESS || p == NULL)
+ prompt = "Password:";
+ }
+ r = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp,
+ "%s", prompt ? prompt : p);
+ if (r != PAM_SUCCESS)
+ return (r);
+ *authtok = resp;
+ return (pam_set_item(pamh, PAM_AUTHTOK, *authtok));
+}
diff --git a/contrib/openpam/lib/pam_get_data.c b/contrib/openpam/lib/pam_get_data.c
new file mode 100644
index 0000000..8b2b090
--- /dev/null
+++ b/contrib/openpam/lib/pam_get_data.c
@@ -0,0 +1,67 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 43
+ *
+ * Get module information
+ */
+
+int
+pam_get_data(pam_handle_t *pamh,
+ const char *module_data_name,
+ void **data)
+{
+ pam_data_t *dp;
+
+ if (pamh == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ for (dp = pamh->module_data; dp != NULL; dp = dp->next)
+ if (strcmp(dp->name, module_data_name) == 0) {
+ *data = dp->data;
+ return (PAM_SUCCESS);
+ }
+
+ return (PAM_NO_MODULE_DATA);
+}
diff --git a/contrib/openpam/lib/pam_get_item.c b/contrib/openpam/lib/pam_get_item.c
new file mode 100644
index 0000000..7369c48
--- /dev/null
+++ b/contrib/openpam/lib/pam_get_item.c
@@ -0,0 +1,74 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 46
+ *
+ * Get PAM information
+ */
+
+int
+pam_get_item(pam_handle_t *pamh,
+ int item_type,
+ const void **item)
+{
+ if (pamh == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ switch (item_type) {
+ case PAM_SERVICE:
+ case PAM_USER:
+ case PAM_AUTHTOK:
+ case PAM_OLDAUTHTOK:
+ case PAM_TTY:
+ case PAM_RHOST:
+ case PAM_RUSER:
+ case PAM_CONV:
+ case PAM_USER_PROMPT:
+ case PAM_AUTHTOK_PROMPT:
+ *item = pamh->item[item_type];
+ return (PAM_SUCCESS);
+ default:
+ return (PAM_SYSTEM_ERR);
+ }
+}
diff --git a/contrib/openpam/lib/pam_get_mapped_authtok.c b/contrib/openpam/lib/pam_get_mapped_authtok.c
new file mode 100644
index 0000000..0050c0e
--- /dev/null
+++ b/contrib/openpam/lib/pam_get_mapped_authtok.c
@@ -0,0 +1,49 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <security/pam_appl.h>
+
+int
+pam_get_mapped_authtok(pam_handle_t *pamh,
+ const char *target_module_username,
+ const char *target_module_type,
+ const char *target_authn_domain,
+ size_t *target_authtok_len,
+ unsigned char **target_module_authtok)
+{
+
+ return (PAM_SYSTEM_ERR);
+}
diff --git a/contrib/openpam/lib/pam_get_mapped_username.c b/contrib/openpam/lib/pam_get_mapped_username.c
new file mode 100644
index 0000000..faa78bb
--- /dev/null
+++ b/contrib/openpam/lib/pam_get_mapped_username.c
@@ -0,0 +1,50 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <security/pam_appl.h>
+
+int
+pam_get_mapped_username(pam_handle_t *pamh,
+ const char *src_username,
+ const char *src_module_type,
+ const char *src_authn_domain,
+ const char *target_module_type,
+ const char *target_authn_domain,
+ char **target_module_username)
+{
+
+ return (PAM_SYSTEM_ERR);
+}
diff --git a/contrib/openpam/lib/pam_get_user.c b/contrib/openpam/lib/pam_get_user.c
new file mode 100644
index 0000000..17572c4
--- /dev/null
+++ b/contrib/openpam/lib/pam_get_user.c
@@ -0,0 +1,76 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 52
+ *
+ * Retrieve user name
+ */
+
+int
+pam_get_user(pam_handle_t *pamh,
+ const char **user,
+ const char *prompt)
+{
+ char *p, *resp;
+ int r;
+
+ if (pamh == NULL || user == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ r = pam_get_item(pamh, PAM_USER, (const void **)user);
+ if (r == PAM_SUCCESS)
+ return (PAM_SUCCESS);
+ if (prompt == NULL) {
+ if (pam_get_item(pamh, PAM_USER_PROMPT,
+ (const void **)&p) != PAM_SUCCESS || p == NULL)
+ prompt = "Login: ";
+ }
+ r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp,
+ "%s", prompt ? prompt : p);
+ if (r != PAM_SUCCESS)
+ return (r);
+ *user = resp;
+ return (pam_set_item(pamh, PAM_USER, *user));
+}
diff --git a/contrib/openpam/lib/pam_getenv.c b/contrib/openpam/lib/pam_getenv.c
new file mode 100644
index 0000000..d6bf219
--- /dev/null
+++ b/contrib/openpam/lib/pam_getenv.c
@@ -0,0 +1,67 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 44
+ *
+ * Retrieve the value of a PAM environment variable
+ */
+
+char *
+pam_getenv(pam_handle_t *pamh,
+ const char *name)
+{
+ int i;
+
+ if (pamh == NULL)
+ return (NULL);
+
+ /* sanity checks */
+ if (name == NULL || strchr(name, '=') != NULL)
+ return (NULL);
+
+ if ((i = openpam_findenv(pamh, name, strlen(name))) == -1)
+ return (NULL);
+ return (strdup(pamh->env[i]));
+}
diff --git a/contrib/openpam/lib/pam_getenvlist.c b/contrib/openpam/lib/pam_getenvlist.c
new file mode 100644
index 0000000..4409a89
--- /dev/null
+++ b/contrib/openpam/lib/pam_getenvlist.c
@@ -0,0 +1,70 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 45
+ *
+ * Returns a list of all the PAM environment variables
+ */
+
+char **
+pam_getenvlist(pam_handle_t *pamh)
+{
+ char **envlist;
+ int i;
+
+ if (pamh == NULL)
+ return (NULL);
+
+ if ((envlist = malloc(sizeof(char *) * (pamh->env_count + 1))) == NULL)
+ return (NULL);
+ for (i = 0; i < pamh->env_count; ++i) {
+ if ((envlist[i] = strdup(pamh->env[i])) == NULL) {
+ while (i)
+ free(envlist[--i]);
+ free(envlist);
+ return (NULL);
+ }
+ }
+ return (envlist);
+}
diff --git a/contrib/openpam/lib/pam_info.c b/contrib/openpam/lib/pam_info.c
new file mode 100644
index 0000000..ce1d2b8
--- /dev/null
+++ b/contrib/openpam/lib/pam_info.c
@@ -0,0 +1,64 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+/*
+ * OpenPAM extension
+ *
+ * Display an information message
+ */
+
+int
+pam_info(pam_handle_t *pamh,
+ const char *fmt,
+ ...)
+{
+ va_list ap;
+ char *rsp;
+ int r;
+
+ va_start(ap, fmt);
+ r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap);
+ va_end(ap);
+ free(rsp); /* ignore response */
+ return (r);
+}
diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c
new file mode 100644
index 0000000..dcbf2b8
--- /dev/null
+++ b/contrib/openpam/lib/pam_open_session.c
@@ -0,0 +1,56 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 54
+ *
+ * Open a user session
+ */
+
+int
+pam_open_session(pam_handle_t *pamh,
+ int flags)
+{
+
+ return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
+}
diff --git a/contrib/openpam/lib/pam_prompt.c b/contrib/openpam/lib/pam_prompt.c
new file mode 100644
index 0000000..afc4169
--- /dev/null
+++ b/contrib/openpam/lib/pam_prompt.c
@@ -0,0 +1,62 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdarg.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+/*
+ * OpenPAM extension
+ *
+ * Call the conversation function
+ */
+
+int
+pam_prompt(pam_handle_t *pamh,
+ int style,
+ char **resp,
+ const char *fmt,
+ ...)
+{
+ va_list ap;
+ int r;
+
+ va_start(ap, fmt);
+ r = pam_vprompt(pamh, style, resp, fmt, ap);
+ va_end(ap);
+ return (r);
+}
diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c
new file mode 100644
index 0000000..c8701f3
--- /dev/null
+++ b/contrib/openpam/lib/pam_putenv.c
@@ -0,0 +1,88 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 56
+ *
+ * Set the value of an environment variable
+ */
+
+int
+pam_putenv(pam_handle_t *pamh,
+ const char *namevalue)
+{
+ char **env, *p;
+ int i;
+
+ if (pamh == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ /* sanity checks */
+ if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ /* see if the variable is already in the environment */
+ if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) != -1) {
+ if ((p = strdup(namevalue)) == NULL)
+ return (PAM_BUF_ERR);
+ free(pamh->env[i]);
+ pamh->env[i] = p;
+ return (PAM_SUCCESS);
+ }
+
+ /* grow the environment list if necessary */
+ if (pamh->env_count == pamh->env_size) {
+ env = realloc(pamh->env, pamh->env_size * 2 + 1);
+ if (env == NULL)
+ return (PAM_BUF_ERR);
+ pamh->env = env;
+ pamh->env_size = pamh->env_size * 2 + 1;
+ }
+
+ /* add the variable at the end */
+ if ((pamh->env[pamh->env_count] = strdup(namevalue)) == NULL)
+ return (PAM_BUF_ERR);
+ ++pamh->env_count;
+ return (PAM_SUCCESS);
+}
diff --git a/contrib/openpam/lib/pam_set_data.c b/contrib/openpam/lib/pam_set_data.c
new file mode 100644
index 0000000..59d5751
--- /dev/null
+++ b/contrib/openpam/lib/pam_set_data.c
@@ -0,0 +1,83 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 59
+ *
+ * Set module information
+ */
+
+int
+pam_set_data(pam_handle_t *pamh,
+ const char *module_data_name,
+ void *data,
+ void (*cleanup)(pam_handle_t *pamh,
+ void *data,
+ int pam_end_status))
+{
+ pam_data_t *dp;
+
+ if (pamh == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ for (dp = pamh->module_data; dp != NULL; dp = dp->next) {
+ if (strcmp(dp->name, module_data_name) == 0) {
+ if (dp->cleanup)
+ (dp->cleanup)(pamh, dp->data, PAM_SUCCESS);
+ dp->data = data;
+ dp->cleanup = cleanup;
+ return (PAM_SUCCESS);
+ }
+ }
+
+ if ((dp = malloc(sizeof *dp)) == NULL)
+ return (PAM_BUF_ERR);
+ if ((dp->name = strdup(module_data_name)) == NULL) {
+ free(data);
+ return (PAM_BUF_ERR);
+ }
+ dp->next = pamh->module_data;
+ pamh->module_data = data;
+ return (PAM_SUCCESS);
+}
diff --git a/contrib/openpam/lib/pam_set_item.c b/contrib/openpam/lib/pam_set_item.c
new file mode 100644
index 0000000..1cebfd5
--- /dev/null
+++ b/contrib/openpam/lib/pam_set_item.c
@@ -0,0 +1,95 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 60
+ *
+ * Set authentication information
+ */
+
+int
+pam_set_item(pam_handle_t *pamh,
+ int item_type,
+ const void *item)
+{
+ void **slot, *tmp;
+ size_t size;
+
+ if (pamh == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ slot = &pamh->item[item_type];
+ switch (item_type) {
+ case PAM_SERVICE:
+ case PAM_USER:
+ case PAM_AUTHTOK:
+ case PAM_OLDAUTHTOK:
+ case PAM_TTY:
+ case PAM_RHOST:
+ case PAM_RUSER:
+ case PAM_USER_PROMPT:
+ case PAM_AUTHTOK_PROMPT:
+ size = strlen(*slot) + 1;
+ if (item != NULL)
+ tmp = strdup(item);
+ break;
+ case PAM_CONV:
+ size = sizeof(struct pam_conv);
+ if (item != NULL)
+ tmp = malloc(size);
+ break;
+ default:
+ return (PAM_SYSTEM_ERR);
+ }
+ if (item != NULL && tmp == NULL)
+ return (PAM_BUF_ERR);
+ if (*slot != NULL) {
+ memset(*slot, 0xd0, size);
+ free(*slot);
+ }
+ *slot = tmp;
+ return (PAM_SUCCESS);
+}
diff --git a/contrib/openpam/lib/pam_set_mapped_authtok.c b/contrib/openpam/lib/pam_set_mapped_authtok.c
new file mode 100644
index 0000000..ad066df
--- /dev/null
+++ b/contrib/openpam/lib/pam_set_mapped_authtok.c
@@ -0,0 +1,49 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <security/pam_appl.h>
+
+int
+pam_set_mapped_authtok(pam_handle_t *pamh,
+ const char *target_module_username,
+ size_t target_authtok_len,
+ unsigned char *target_module_authtok,
+ const char *target_module_type,
+ const char *target_authn_domain)
+{
+
+ return (PAM_SYSTEM_ERR);
+}
diff --git a/contrib/openpam/lib/pam_set_mapped_username.c b/contrib/openpam/lib/pam_set_mapped_username.c
new file mode 100644
index 0000000..fc12989
--- /dev/null
+++ b/contrib/openpam/lib/pam_set_mapped_username.c
@@ -0,0 +1,50 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <security/pam_appl.h>
+
+int
+pam_set_mapped_username(pam_handle_t *pamh,
+ char *src_username,
+ char *src_module_type,
+ char *src_authn_domain,
+ char *target_module_username,
+ char *target_module_type,
+ char *target_authn_domain)
+{
+
+ return (PAM_SYSTEM_ERR);
+}
diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c
new file mode 100644
index 0000000..0ea10ff
--- /dev/null
+++ b/contrib/openpam/lib/pam_setcred.c
@@ -0,0 +1,56 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 57
+ *
+ * Modify / delete user credentials for an authentication service
+ */
+
+int
+pam_setcred(pam_handle_t *pamh,
+ int flags)
+{
+
+ return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
+}
diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c
new file mode 100644
index 0000000..6165b7c
--- /dev/null
+++ b/contrib/openpam/lib/pam_setenv.c
@@ -0,0 +1,79 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * OpenPAM extension
+ *
+ * Set the value of an environment variable
+ * Mirrors setenv(3)
+ */
+
+int
+pam_setenv(pam_handle_t *pamh,
+ const char *name,
+ const char *value,
+ int overwrite)
+{
+ char *env;
+ int r;
+
+ if (pamh == NULL)
+ return (PAM_SYSTEM_ERR);
+
+ /* sanity checks */
+ if (name == NULL || value == NULL || strchr(name, '=') != NULL)
+ return (PAM_SYSTEM_ERR);
+
+ /* is it already there? */
+ if (!overwrite && openpam_findenv(pamh, name, strlen(name)) != -1)
+ return (PAM_SUCCESS);
+
+ /* set it... */
+ if ((env = malloc(strlen(name) + strlen(value) + 2)) == NULL)
+ return (PAM_BUF_ERR);
+ sprintf(env, "%s=%s", name, value);
+ r = pam_putenv(pamh, env);
+ free(env);
+ return (r);
+}
diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c
new file mode 100644
index 0000000..ff9cc32
--- /dev/null
+++ b/contrib/openpam/lib/pam_start.c
@@ -0,0 +1,292 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+static int _pam_configure_service(pam_handle_t *pamh, const char *service);
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 89
+ *
+ * Initiate a PAM transaction
+ */
+
+int
+pam_start(const char *service,
+ const char *user,
+ const struct pam_conv *pam_conv,
+ pam_handle_t **pamh)
+{
+ struct pam_handle *ph;
+ int r;
+
+ if ((ph = calloc(1, sizeof *ph)) == NULL)
+ return (PAM_BUF_ERR);
+ if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS)
+ goto fail;
+ if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS)
+ goto fail;
+ if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS)
+ goto fail;
+
+ if ((r = _pam_configure_service(ph, service)) != PAM_SUCCESS &&
+ r != PAM_BUF_ERR)
+ r = _pam_configure_service(ph, PAM_OTHER);
+ if (r != PAM_SUCCESS)
+ goto fail;
+
+ *pamh = ph;
+ openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service);
+ return (PAM_SUCCESS);
+
+ fail:
+ pam_end(ph, r);
+ return (r);
+}
+
+#define PAM_CONF_STYLE 0
+#define PAM_D_STYLE 1
+#define MAX_LINE_LEN 1024
+#define MAX_OPTIONS 256
+
+static int
+_pam_read_policy_file(pam_handle_t *pamh,
+ const char *service,
+ const char *filename,
+ int style)
+{
+ char buf[MAX_LINE_LEN], *p, *q;
+ const char *optv[MAX_OPTIONS + 1];
+ int ch, chain, flag, line, optc, n, r;
+ size_t len;
+ FILE *f;
+
+ n = 0;
+
+ if ((f = fopen(filename, "r")) == NULL) {
+ openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,
+ "%s: %m", filename);
+ return (0);
+ }
+ openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
+ service, filename);
+
+ for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
+ if ((len = strlen(buf)) == 0)
+ continue;
+
+ /* check for overflow */
+ if (buf[--len] != '\n' && !feof(f)) {
+ openpam_log(PAM_LOG_ERROR, "%s: line %d too long",
+ filename, line);
+ openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
+ filename, line);
+ while ((ch = fgetc(f)) != EOF)
+ if (ch == '\n')
+ break;
+ continue;
+ }
+
+ /* strip comments and trailing whitespace */
+ if ((p = strchr(buf, '#')) != NULL)
+ len = p - buf ? p - buf - 1 : p - buf;
+ while (len > 0 && isspace(buf[len]))
+ --len;
+ if (len == 0)
+ continue;
+ buf[len] = '\0';
+ p = q = buf;
+
+ /* check service name */
+ if (style == PAM_CONF_STYLE) {
+ for (q = p = buf; *q != '\0' && !isspace(*q); ++q)
+ /* nothing */;
+ if (*q == '\0')
+ goto syntax_error;
+ *q++ = '\0';
+ if (strcmp(p, service) != 0)
+ continue;
+ openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'",
+ filename, line, service);
+ }
+
+
+ /* get module type */
+ for (p = q; isspace(*p); ++p)
+ /* nothing */;
+ for (q = p; *q != '\0' && !isspace(*q); ++q)
+ /* nothing */;
+ if (q == p || *q == '\0')
+ goto syntax_error;
+ *q++ = '\0';
+ if (strcmp(p, "auth") == 0) {
+ chain = PAM_AUTH;
+ } else if (strcmp(p, "account") == 0) {
+ chain = PAM_ACCOUNT;
+ } else if (strcmp(p, "session") == 0) {
+ chain = PAM_SESSION;
+ } else if (strcmp(p, "password") == 0) {
+ chain = PAM_PASSWORD;
+ } else {
+ openpam_log(PAM_LOG_ERROR,
+ "%s: invalid module type on line %d: '%s'",
+ filename, line, p);
+ continue;
+ }
+
+ /* get control flag */
+ for (p = q; isspace(*p); ++p)
+ /* nothing */;
+ for (q = p; *q != '\0' && !isspace(*q); ++q)
+ /* nothing */;
+ if (q == p || *q == '\0')
+ goto syntax_error;
+ *q++ = '\0';
+ if (strcmp(p, "required") == 0) {
+ flag = PAM_REQUIRED;
+ } else if (strcmp(p, "requisite") == 0) {
+ flag = PAM_REQUISITE;
+ } else if (strcmp(p, "sufficient") == 0) {
+ flag = PAM_SUFFICIENT;
+ } else if (strcmp(p, "optional") == 0) {
+ flag = PAM_OPTIONAL;
+ } else {
+ openpam_log(PAM_LOG_ERROR,
+ "%s: invalid control flag on line %d: '%s'",
+ filename, line, p);
+ continue;
+ }
+
+ /* get module name */
+ for (p = q; isspace(*p); ++p)
+ /* nothing */;
+ for (q = p; *q != '\0' && !isspace(*q); ++q)
+ /* nothing */;
+ if (q == p)
+ goto syntax_error;
+
+ /* get options */
+ for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) {
+ *q++ = '\0';
+ while (isspace(*q))
+ ++q;
+ optv[optc] = q;
+ while (*q != '\0' && !isspace(*q))
+ ++q;
+ }
+ optv[optc] = NULL;
+ if (*q != '\0') {
+ *q = '\0';
+ openpam_log(PAM_LOG_ERROR,
+ "%s: too many options on line %d",
+ filename, line);
+ }
+
+ /*
+ * Finally, add the module at the end of the
+ * appropriate chain and bump the counter.
+ */
+ r = openpam_add_module(pamh, chain, flag, p, optc, optv);
+ if (r != PAM_SUCCESS)
+ return (-r);
+ ++n;
+ continue;
+ syntax_error:
+ openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d",
+ filename, line);
+ openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]",
+ filename, line, q);
+ openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
+ filename, line);
+ }
+
+ if (ferror(f))
+ openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
+
+ fclose(f);
+ return (n);
+}
+
+static const char *_pam_policy_path[] = {
+ "/etc/pam.d/",
+ "/etc/pam.conf",
+ "/usr/local/etc/pam.d/",
+ NULL
+};
+
+static int
+_pam_configure_service(pam_handle_t *pamh,
+ const char *service)
+{
+ const char **path;
+ char *filename;
+ size_t len;
+ int r;
+
+ for (path = _pam_policy_path; *path != NULL; ++path) {
+ len = strlen(*path);
+ if ((*path)[len - 1] == '/') {
+ filename = malloc(len + strlen(service) + 1);
+ if (filename == NULL) {
+ openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+ return (PAM_BUF_ERR);
+ }
+ strcpy(filename, *path);
+ strcat(filename, service);
+ r = _pam_read_policy_file(pamh,
+ service, filename, PAM_D_STYLE);
+ free(filename);
+ } else {
+ r = _pam_read_policy_file(pamh,
+ service, *path, PAM_CONF_STYLE);
+ }
+ if (r < 0)
+ return (-r);
+ if (r > 0)
+ return (PAM_SUCCESS);
+ }
+
+ return (PAM_SYSTEM_ERR);
+}
diff --git a/contrib/openpam/lib/pam_strerror.c b/contrib/openpam/lib/pam_strerror.c
new file mode 100644
index 0000000..516374c
--- /dev/null
+++ b/contrib/openpam/lib/pam_strerror.c
@@ -0,0 +1,123 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdio.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 92
+ *
+ * Get PAM standard error message string
+ */
+
+const char *
+pam_strerror(pam_handle_t *pamh,
+ int error_number)
+{
+ static char unknown[16];
+
+ pamh = pamh;
+
+ switch (error_number) {
+ case PAM_SUCCESS:
+ return ("success");
+ case PAM_OPEN_ERR:
+ return ("failed to load module");
+ case PAM_SYMBOL_ERR:
+ return ("symbol not found in module");
+ case PAM_SERVICE_ERR:
+ return ("error in service module");
+ case PAM_SYSTEM_ERR:
+ return ("system error");
+ case PAM_BUF_ERR:
+ return ("memory buffer error");
+ case PAM_CONV_ERR:
+ return ("conversation failure");
+ case PAM_PERM_DENIED:
+ return ("permission denied");
+ case PAM_MAXTRIES:
+ return ("maximum number of tries exceeded");
+ case PAM_AUTH_ERR:
+ return ("authentication error");
+ case PAM_NEW_AUTHTOK_REQD:
+ return ("new authentication token required");
+ case PAM_CRED_INSUFFICIENT:
+ return ("insufficient credentials");
+ case PAM_AUTHINFO_UNAVAIL:
+ return ("authentication information is unavailable");
+ case PAM_USER_UNKNOWN:
+ return ("unknown user");
+ case PAM_CRED_UNAVAIL:
+ return ("failed to retrieve user credentials");
+ case PAM_CRED_EXPIRED:
+ return ("user credentials have expired");
+ case PAM_CRED_ERR:
+ return ("failed to set user credentials");
+ case PAM_ACCT_EXPIRED:
+ return ("user accound has expired");
+ case PAM_AUTHTOK_EXPIRED:
+ return ("password has expired");
+ case PAM_SESSION_ERR:
+ return ("session failure");
+ case PAM_AUTHTOK_ERR:
+ return ("authentication token failure");
+ case PAM_AUTHTOK_RECOVERY_ERR:
+ return ("failed to recover old authentication token");
+ case PAM_AUTHTOK_LOCK_BUSY:
+ return ("authentication token lock busy");
+ case PAM_AUTHTOK_DISABLE_AGING:
+ return ("authentication token ageing disabled");
+ case PAM_NO_MODULE_DATA:
+ return ("module data not found");
+ case PAM_IGNORE:
+ return ("ignore this module");
+ case PAM_ABORT:
+ return ("general failure");
+ case PAM_TRY_AGAIN:
+ return ("try again");
+ case PAM_MODULE_UNKNOWN:
+ return ("unknown module type");
+ case PAM_DOMAIN_UNKNOWN:
+ return ("unknown authentication domain");
+ default:
+ snprintf(unknown, sizeof unknown, "#%d", error_number);
+ return (unknown);
+ }
+}
diff --git a/contrib/openpam/lib/pam_verror.c b/contrib/openpam/lib/pam_verror.c
new file mode 100644
index 0000000..feeaa6e
--- /dev/null
+++ b/contrib/openpam/lib/pam_verror.c
@@ -0,0 +1,60 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+/*
+ * OpenPAM extension
+ *
+ * Display an error message
+ */
+
+int
+pam_verror(pam_handle_t *pamh,
+ const char *fmt,
+ va_list ap)
+{
+ char *rsp;
+ int r;
+
+ r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap);
+ free(rsp); /* ignore response */
+ return (r);
+}
diff --git a/contrib/openpam/lib/pam_vinfo.c b/contrib/openpam/lib/pam_vinfo.c
new file mode 100644
index 0000000..2484998
--- /dev/null
+++ b/contrib/openpam/lib/pam_vinfo.c
@@ -0,0 +1,60 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdarg.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+/*
+ * OpenPAM extension
+ *
+ * Display an information message
+ */
+
+int
+pam_vinfo(pam_handle_t *pamh,
+ const char *fmt,
+ va_list ap)
+{
+ char *rsp;
+ int r;
+
+ r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap);
+ free(rsp); /* ignore response */
+ return (r);
+}
diff --git a/contrib/openpam/lib/pam_vprompt.c b/contrib/openpam/lib/pam_vprompt.c
new file mode 100644
index 0000000..f090b23
--- /dev/null
+++ b/contrib/openpam/lib/pam_vprompt.c
@@ -0,0 +1,74 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+#include <security/openpam.h>
+
+/*
+ * OpenPAM extension
+ *
+ * Call the conversation function
+ */
+
+int
+pam_vprompt(pam_handle_t *pamh,
+ int style,
+ char **resp,
+ const char *fmt,
+ va_list ap)
+{
+ char msgbuf[PAM_MAX_MSG_SIZE];
+ struct pam_message msg;
+ const struct pam_message *msgp;
+ struct pam_response *rsp;
+ struct pam_conv conv;
+ int r;
+
+ if ((r = pam_get_item(pamh, PAM_CONV, (void *)&conv)) != PAM_SUCCESS)
+ return (r);
+ vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap);
+ msg.msg_style = style;
+ msg.msg = msgbuf;
+ msgp = &msg;
+ r = (conv.conv)(1, &msgp, &rsp, conv.appdata_ptr);
+ *resp = rsp == NULL ? NULL : rsp->resp;
+ free(rsp);
+ return (r);
+}
diff --git a/contrib/openpam/modules/Makefile b/contrib/openpam/modules/Makefile
new file mode 100644
index 0000000..006a229
--- /dev/null
+++ b/contrib/openpam/modules/Makefile
@@ -0,0 +1,42 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+SUBDIR =
+SUBDIR += pam_deny
+SUBDIR += pam_dummy
+SUBDIR += pam_permit
+
+.include <bsd.subdir.mk>
diff --git a/contrib/openpam/modules/pam_deny/Makefile b/contrib/openpam/modules/pam_deny/Makefile
new file mode 100644
index 0000000..acbd994
--- /dev/null
+++ b/contrib/openpam/modules/pam_deny/Makefile
@@ -0,0 +1,42 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+LIB = pam_deny
+SHLIB_NAME = pam_deny.so
+SRCS = pam_deny.c
+CFLAGS += -I${.CURDIR}/../../include
+
+.include <bsd.lib.mk>
diff --git a/contrib/openpam/modules/pam_deny/pam_deny.c b/contrib/openpam/modules/pam_deny/pam_deny.c
new file mode 100644
index 0000000..2a219de
--- /dev/null
+++ b/contrib/openpam/modules/pam_deny/pam_deny.c
@@ -0,0 +1,89 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_modules.h>
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_AUTH_ERR);
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_PERM_DENIED);
+}
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_AUTH_ERR);
+}
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_SESSION_ERR);
+}
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_SESSION_ERR);
+}
+
+PAM_EXTERN int
+pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_PERM_DENIED);
+}
+
+PAM_MODULE_ENTRY("pam_deny");
diff --git a/contrib/openpam/modules/pam_dummy/Makefile b/contrib/openpam/modules/pam_dummy/Makefile
new file mode 100644
index 0000000..144828c
--- /dev/null
+++ b/contrib/openpam/modules/pam_dummy/Makefile
@@ -0,0 +1,42 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+LIB = pam_dummy
+SHLIB_NAME = pam_dummy.so
+SRCS = pam_dummy.c
+CFLAGS += -I${.CURDIR}/../../include
+
+.include <bsd.lib.mk>
diff --git a/contrib/openpam/modules/pam_dummy/pam_dummy.c b/contrib/openpam/modules/pam_dummy/pam_dummy.c
new file mode 100644
index 0000000..9d98f37
--- /dev/null
+++ b/contrib/openpam/modules/pam_dummy/pam_dummy.c
@@ -0,0 +1,48 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_modules.h>
+
+PAM_SM_DUMMY(authenticate);
+PAM_SM_DUMMY(setcred);
+PAM_SM_DUMMY(acct_mgmt);
+PAM_SM_DUMMY(open_session);
+PAM_SM_DUMMY(close_session);
+PAM_SM_DUMMY(chauthtok);
+
+PAM_MODULE_ENTRY("pam_deny");
diff --git a/contrib/openpam/modules/pam_permit/Makefile b/contrib/openpam/modules/pam_permit/Makefile
new file mode 100644
index 0000000..93ae3d9
--- /dev/null
+++ b/contrib/openpam/modules/pam_permit/Makefile
@@ -0,0 +1,42 @@
+#-
+# Copyright (c) 2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $Id$
+#
+
+LIB = pam_permit
+SHLIB_NAME = pam_permit.so
+SRCS = pam_permit.c
+CFLAGS += -I${.CURDIR}/../../include
+
+.include <bsd.lib.mk>
diff --git a/contrib/openpam/modules/pam_permit/pam_permit.c b/contrib/openpam/modules/pam_permit/pam_permit.c
new file mode 100644
index 0000000..856fb45
--- /dev/null
+++ b/contrib/openpam/modules/pam_permit/pam_permit.c
@@ -0,0 +1,89 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_modules.h>
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+ int argc, const char *argv[])
+{
+
+ return (PAM_SUCCESS);
+}
+
+PAM_MODULE_ENTRY("pam_permit");
OpenPOWER on IntegriCloud