Vendor import of OpenPAM Cineraria.

author: des <des@FreeBSD.org> 2002-04-14 18:28:22 +0000
committer: des <des@FreeBSD.org> 2002-04-14 18:28:22 +0000
commit: 3928c97d18145ce51c22cd530ae9f353b88f85eb (patch)
tree: d8361aa94c01d745b7e3ff0f65d6b71e5425c644 /contrib
parent: 38971df82a9b331625c18dbb591759be82a43bcf (diff)
download: FreeBSD-src-3928c97d18145ce51c22cd530ae9f353b88f85eb.zip
FreeBSD-src-3928c97d18145ce51c22cd530ae9f353b88f85eb.tar.gz
54 files changed, 608 insertions, 346 deletions
diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY
index 740ca6f..98f78d0 100644
--- a/contrib/openpam/HISTORY
+++ b/contrib/openpam/HISTORY
@@ -1,4 +1,18 @@
 ============================================================================
+OpenPAM Cineraria						2002-04-14
+
+ - ENHANCE: Improved documentation.
+
+ - ENHANCE: Adopt the same preprocessor tricks that were used in
+   FreeBSD's version of Linux-PAM to simplify static linking without
+   requiring dummy primitives.
+
+ - ENHANCE: move the policy-loading code out of pam_start.c.
+
+ - BUGFIX: Fix typo in one of the versions of the openpam_log macro.
+
+ - ENHANCE: Add versioning macros.
+============================================================================
 OpenPAM Cinchona						2002-04-08
 
  - ENHANCE: Improved documentation for several API functions.
@@ -114,4 +128,4 @@ OpenPAM	Calamite						2002-02-09
 
 First (beta) release.
 ============================================================================
-$P4: //depot/projects/openpam/HISTORY#8 $
+$P4: //depot/projects/openpam/HISTORY#9 $
diff --git a/contrib/openpam/MANIFEST b/contrib/openpam/MANIFEST
index a328ba1..84b608e 100644
--- a/contrib/openpam/MANIFEST
+++ b/contrib/openpam/MANIFEST
@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/openpam/MANIFEST#6 $
+# $P4: //depot/projects/openpam/MANIFEST#7 $
 #
 CREDITS
 HISTORY
@@ -54,12 +54,14 @@ doc/man/pam_verror.3
 doc/man/pam_vinfo.3
 doc/man/pam_vprompt.3
 include/security/openpam.h
+include/security/openpam_version.h
 include/security/pam_appl.h
 include/security/pam_constants.h
 include/security/pam_modules.h
 include/security/pam_types.h
 lib/Makefile
 lib/openpam_borrow_cred.c
+lib/openpam_configure.c
 lib/openpam_dispatch.c
 lib/openpam_dynamic.c
 lib/openpam_findenv.c
diff --git a/contrib/openpam/RELNOTES b/contrib/openpam/RELNOTES
index 42d62d6..b81156b 100644
--- a/contrib/openpam/RELNOTES
+++ b/contrib/openpam/RELNOTES
@@ -1,14 +1,12 @@
 
-		  Release notes for OpenPAM Cinchona
-		  ==================================
-
-This is a beta release.
+		 Release notes for OpenPAM Cineraria
+		 ===================================
 
 The library itself is complete.  Documentation exists in the form of
 man pages for the library functions, though a few pages are still
 incomplete.
 
-This release is incorporated into FreeBSD-CURRENT as of 2002-04-08.
+This release is incorporated into FreeBSD-CURRENT as of 2002-04-14.
 It has also been successfully built on NetBSD, and should build with
 minimal or no changes on OpenBSD.  It has not been tested on any other
 OS.
@@ -17,9 +15,4 @@ Known issues:
 
   - The documentation is still incomplete.
 
-  - It should be possible to create incomplete modules without
-    recourse to placeholders or elaborate preprocessor tricks.  This
-    is made difficult by the requirement that it should be possible to
-    link modules statically.
-
-$P4: //depot/projects/openpam/RELNOTES#8 $
+$P4: //depot/projects/openpam/RELNOTES#9 $
diff --git a/contrib/openpam/doc/man/openpam_borrow_cred.3 b/contrib/openpam/doc/man/openpam_borrow_cred.3
index b83e14a..ce4f816 100644
--- a/contrib/openpam/doc/man/openpam_borrow_cred.3
+++ b/contrib/openpam/doc/man/openpam_borrow_cred.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_borrow_cred.3#1 $
+.\" $P4: //depot/projects/openpam/doc/man/openpam_borrow_cred.3#2 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt OPENPAM_BORROW_CRED 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/openpam_free_data.3 b/contrib/openpam/doc/man/openpam_free_data.3
index b34d98d..6ee68fb 100644
--- a/contrib/openpam/doc/man/openpam_free_data.3
+++ b/contrib/openpam/doc/man/openpam_free_data.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_free_data.3#1 $
+.\" $P4: //depot/projects/openpam/doc/man/openpam_free_data.3#2 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt OPENPAM_FREE_DATA 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/openpam_get_option.3 b/contrib/openpam/doc/man/openpam_get_option.3
index 06295d2..d3d0b0f 100644
--- a/contrib/openpam/doc/man/openpam_get_option.3
+++ b/contrib/openpam/doc/man/openpam_get_option.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_get_option.3#5 $
+.\" $P4: //depot/projects/openpam/doc/man/openpam_get_option.3#6 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt OPENPAM_GET_OPTION 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/openpam_log.3 b/contrib/openpam/doc/man/openpam_log.3
index 1b3d6e2..43994ea 100644
--- a/contrib/openpam/doc/man/openpam_log.3
+++ b/contrib/openpam/doc/man/openpam_log.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_log.3#6 $
+.\" $P4: //depot/projects/openpam/doc/man/openpam_log.3#7 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt OPENPAM_LOG 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/openpam_restore_cred.3 b/contrib/openpam/doc/man/openpam_restore_cred.3
index 6f293a1..21cdf3a 100644
--- a/contrib/openpam/doc/man/openpam_restore_cred.3
+++ b/contrib/openpam/doc/man/openpam_restore_cred.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_restore_cred.3#1 $
+.\" $P4: //depot/projects/openpam/doc/man/openpam_restore_cred.3#2 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt OPENPAM_RESTORE_CRED 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/openpam_set_option.3 b/contrib/openpam/doc/man/openpam_set_option.3
index 6643ee7..e9cf8ff 100644
--- a/contrib/openpam/doc/man/openpam_set_option.3
+++ b/contrib/openpam/doc/man/openpam_set_option.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_set_option.3#5 $
+.\" $P4: //depot/projects/openpam/doc/man/openpam_set_option.3#6 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt OPENPAM_SET_OPTION 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/openpam_ttyconv.3 b/contrib/openpam/doc/man/openpam_ttyconv.3
index df9b1c9..8b29d3d 100644
--- a/contrib/openpam/doc/man/openpam_ttyconv.3
+++ b/contrib/openpam/doc/man/openpam_ttyconv.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_ttyconv.3#6 $
+.\" $P4: //depot/projects/openpam/doc/man/openpam_ttyconv.3#7 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt OPENPAM_TTYCONV 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3
index e754d8b..82d7567 100644
--- a/contrib/openpam/doc/man/pam.3
+++ b/contrib/openpam/doc/man/pam.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam.3#12 $
+.\" $P4: //depot/projects/openpam/doc/man/pam.3#13 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3
index c73909b..a3bb294 100644
--- a/contrib/openpam/doc/man/pam_acct_mgmt.3
+++ b/contrib/openpam/doc/man/pam_acct_mgmt.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_acct_mgmt.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_acct_mgmt.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_ACCT_MGMT 3
 .Os
 .Sh NAME
@@ -46,7 +46,25 @@
 .Ft int
 .Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags"
 .Sh DESCRIPTION
-No description available.
+The
+.Nm
+function verifies and enforces account restrictions
+after the user has been authenticated.
+.Pp
+The
+.Va flags
+argument is the binary or of zero or more of the following
+values:
+.Bl -tag -width 18n
+.It Dv PAM_SILENT
+Do not emit any messages.
+.It Dv PAM_DISALLOW_NULL_AUTHTOK
+Fail if the user's authentication token is null.
+.El
+If any other bits are set,
+.Xr pam_authenticate 3
+will return
+.Dv PAM_SYMBOL_ERR .
 .Sh RETURN VALUES
 The
 .Nm
@@ -75,6 +93,7 @@ Unknown user.
 .El
 .Sh SEE ALSO
 .Xr pam 3 ,
+.Xr pam_authenticate 3 ,
 .Xr pam_strerror 3
 .Sh STANDARDS
 .Rs
diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3
index 5a8ee56..20808b8 100644
--- a/contrib/openpam/doc/man/pam_authenticate.3
+++ b/contrib/openpam/doc/man/pam_authenticate.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_authenticate.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_authenticate.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_AUTHENTICATE 3
 .Os
 .Sh NAME
@@ -65,12 +65,16 @@ The
 .Va flags
 argument is the binary or of zero or more of the following
 values:
-.Pp
-.Bd -literal
-	=PAM_SILENT
-		Do not emit any messages.
-	=PAM_DISALLOW_NULL_AUTHTOK
-		Fail if the user's authentication token is null.
+.Bl -tag -width 18n
+.It Dv PAM_SILENT
+Do not emit any messages.
+.It Dv PAM_DISALLOW_NULL_AUTHTOK
+Fail if the user's authentication token is null.
+.El
+If any other bits are set,
+.Nm
+will return
+.Dv PAM_SYMBOL_ERR .
 .Sh RETURN VALUES
 The
 .Nm
@@ -94,6 +98,8 @@ Maximum number of tries exceeded.
 Permission denied.
 .It Bq Er PAM_SERVICE_ERR
 Error in service module.
+.It Bq Er PAM_SYMBOL_ERR
+Invalid symbol.
 .It Bq Er PAM_SYSTEM_ERR
 System error.
 .It Bq Er PAM_USER_UNKNOWN
diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3
index 8525d6d..61a0e95 100644
--- a/contrib/openpam/doc/man/pam_chauthtok.3
+++ b/contrib/openpam/doc/man/pam_chauthtok.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_chauthtok.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_chauthtok.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_CHAUTHTOK 3
 .Os
 .Sh NAME
@@ -57,12 +57,16 @@ The
 .Va flags
 argument is the binary or of zero or more of the following
 values:
-.Pp
-.Bd -literal
-	=PAM_SILENT
-		Do not emit any messages.
-	=PAM_CHANGE_EXPIRED_AUTHTOK
-		Change only those authentication tokens that have expired.
+.Bl -tag -width 18n
+.It Dv PAM_SILENT
+Do not emit any messages.
+.It Dv PAM_CHANGE_EXPIRED_AUTHTOK
+Change only those authentication tokens that have expired.
+.El
+If any other bits are set,
+.Nm
+will return
+.Dv PAM_SYMBOL_ERR .
 .Sh RETURN VALUES
 The
 .Nm
diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3
index 54f7a7d..484eb87 100644
--- a/contrib/openpam/doc/man/pam_close_session.3
+++ b/contrib/openpam/doc/man/pam_close_session.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_close_session.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_close_session.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_CLOSE_SESSION 3
 .Os
 .Sh NAME
@@ -46,7 +46,24 @@
 .Ft int
 .Fn pam_close_session "pam_handle_t *pamh" "int flags"
 .Sh DESCRIPTION
-No description available.
+The
+.Nm
+function tears down the user session previously
+set up by
+.Xr pam_open_session 3 .
+.Pp
+The
+.Va flags
+argument is the binary or of zero or more of the following
+values:
+.Bl -tag -width 18n
+.It Dv PAM_SILENT
+Do not emit any messages.
+.El
+If any other bits are set,
+.Nm
+will return
+.Dv PAM_SYMBOL_ERR .
 .Sh RETURN VALUES
 The
 .Nm
@@ -64,11 +81,14 @@ Permission denied.
 Error in service module.
 .It Bq Er PAM_SESSION_ERR
 Session failure.
+.It Bq Er PAM_SYMBOL_ERR
+Invalid symbol.
 .It Bq Er PAM_SYSTEM_ERR
 System error.
 .El
 .Sh SEE ALSO
 .Xr pam 3 ,
+.Xr pam_open_session 3 ,
 .Xr pam_strerror 3
 .Sh STANDARDS
 .Rs
diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3
index b4a88fc..8c66380 100644
--- a/contrib/openpam/doc/man/pam_end.3
+++ b/contrib/openpam/doc/man/pam_end.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_end.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_end.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_END 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3
index e68dcf8..40fb8e1 100644
--- a/contrib/openpam/doc/man/pam_error.3
+++ b/contrib/openpam/doc/man/pam_error.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_error.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_error.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_ERROR 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3
index a582991..7f9c186 100644
--- a/contrib/openpam/doc/man/pam_get_authtok.3
+++ b/contrib/openpam/doc/man/pam_get_authtok.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_get_authtok.3#11 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_get_authtok.3#12 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_GET_AUTHTOK 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3
index 1a59578..1e69979 100644
--- a/contrib/openpam/doc/man/pam_get_data.3
+++ b/contrib/openpam/doc/man/pam_get_data.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_get_data.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_get_data.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_GET_DATA 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3
index 33cee1e..6d08728 100644
--- a/contrib/openpam/doc/man/pam_get_item.3
+++ b/contrib/openpam/doc/man/pam_get_item.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_get_item.3#11 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_get_item.3#12 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_GET_ITEM 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3
index e6aba14..6bf718e 100644
--- a/contrib/openpam/doc/man/pam_get_user.3
+++ b/contrib/openpam/doc/man/pam_get_user.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_get_user.3#11 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_get_user.3#12 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_GET_USER 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3
index 3c7cc61..f612010 100644
--- a/contrib/openpam/doc/man/pam_getenv.3
+++ b/contrib/openpam/doc/man/pam_getenv.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_getenv.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_getenv.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_GETENV 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3
index 46147a6..ec27b8d 100644
--- a/contrib/openpam/doc/man/pam_getenvlist.3
+++ b/contrib/openpam/doc/man/pam_getenvlist.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_getenvlist.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_getenvlist.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_GETENVLIST 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3
index 99237cc..33598f8 100644
--- a/contrib/openpam/doc/man/pam_info.3
+++ b/contrib/openpam/doc/man/pam_info.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_info.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_info.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_INFO 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3
index 872ebca..4904dfd 100644
--- a/contrib/openpam/doc/man/pam_open_session.3
+++ b/contrib/openpam/doc/man/pam_open_session.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_open_session.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_open_session.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_OPEN_SESSION 3
 .Os
 .Sh NAME
@@ -46,7 +46,24 @@
 .Ft int
 .Fn pam_open_session "pam_handle_t *pamh" "int flags"
 .Sh DESCRIPTION
-No description available.
+The
+.Nm
+sets up a user session for a previously
+authenticated user.  The session should later be torn down by a call to
+.Xr pam_close_session 3 .
+.Pp
+The
+.Va flags
+argument is the binary or of zero or more of the following
+values:
+.Bl -tag -width 18n
+.It Dv PAM_SILENT
+Do not emit any messages.
+.El
+If any other bits are set,
+.Nm
+will return
+.Dv PAM_SYMBOL_ERR .
 .Sh RETURN VALUES
 The
 .Nm
@@ -64,11 +81,14 @@ Permission denied.
 Error in service module.
 .It Bq Er PAM_SESSION_ERR
 Session failure.
+.It Bq Er PAM_SYMBOL_ERR
+Invalid symbol.
 .It Bq Er PAM_SYSTEM_ERR
 System error.
 .El
 .Sh SEE ALSO
 .Xr pam 3 ,
+.Xr pam_close_session 3 ,
 .Xr pam_strerror 3
 .Sh STANDARDS
 .Rs
diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3
index 18a8273..9e14484 100644
--- a/contrib/openpam/doc/man/pam_prompt.3
+++ b/contrib/openpam/doc/man/pam_prompt.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_prompt.3#11 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_prompt.3#12 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_PROMPT 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3
index 254ed80..6743b1c 100644
--- a/contrib/openpam/doc/man/pam_putenv.3
+++ b/contrib/openpam/doc/man/pam_putenv.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_putenv.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_putenv.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_PUTENV 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3
index 1d325e3..2697ebe 100644
--- a/contrib/openpam/doc/man/pam_set_data.3
+++ b/contrib/openpam/doc/man/pam_set_data.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_set_data.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_set_data.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SET_DATA 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3
index 99d4f5e..9e9c2ef 100644
--- a/contrib/openpam/doc/man/pam_set_item.3
+++ b/contrib/openpam/doc/man/pam_set_item.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_set_item.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_set_item.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SET_ITEM 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3
index 8055f9a..b948432 100644
--- a/contrib/openpam/doc/man/pam_setcred.3
+++ b/contrib/openpam/doc/man/pam_setcred.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_setcred.3#11 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_setcred.3#12 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SETCRED 3
 .Os
 .Sh NAME
@@ -49,18 +49,29 @@
 The
 .Nm
 function manages the application's credentials.
-The operation to perform is specified by the
+.Pp
+The
 .Va flags
-argument:
+argument is the binary or of zero or more of the following
+values:
 .Bl -tag -width 18n
-.It PAM_ESTABLISH_CRED
+.It Dv PAM_SILENT
+Do not emit any messages.
+.It Dv PAM_ESTABLISH_CRED
 Establish the credentials of the target user.
-.It PAM_DELETE_CRED
+.It Dv PAM_DELETE_CRED
 Revoke all established credentials.
-.It PAM_REINITIALIZE_CRED
+.It Dv PAM_REINITIALIZE_CRED
 Fully reinitialise credentials.
-.It PAM_REFRESH_CRED
+.It Dv PAM_REFRESH_CRED
 Refresh credentials.
+.El
+The latter four are mutually exclusive.
+.Pp
+If any other bits are set,
+.Nm
+will return
+.Dv PAM_SYMBOL_ERR .
 .Sh RETURN VALUES
 The
 .Nm
@@ -82,6 +93,8 @@ Failed to retrieve user credentials.
 Permission denied.
 .It Bq Er PAM_SERVICE_ERR
 Error in service module.
+.It Bq Er PAM_SYMBOL_ERR
+Invalid symbol.
 .It Bq Er PAM_SYSTEM_ERR
 System error.
 .It Bq Er PAM_USER_UNKNOWN
diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3
index 5c942b9..6db7b5a 100644
--- a/contrib/openpam/doc/man/pam_setenv.3
+++ b/contrib/openpam/doc/man/pam_setenv.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_setenv.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_setenv.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SETENV 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3
index cdfe7e1..b4aaf1d 100644
--- a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3
+++ b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_acct_mgmt.3#6 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_sm_acct_mgmt.3#7 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SM_ACCT_MGMT 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_sm_authenticate.3 b/contrib/openpam/doc/man/pam_sm_authenticate.3
index e8254c7..edf9929 100644
--- a/contrib/openpam/doc/man/pam_sm_authenticate.3
+++ b/contrib/openpam/doc/man/pam_sm_authenticate.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_authenticate.3#6 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_sm_authenticate.3#7 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SM_AUTHENTICATE 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_sm_chauthtok.3 b/contrib/openpam/doc/man/pam_sm_chauthtok.3
index 11291c7..6141b57 100644
--- a/contrib/openpam/doc/man/pam_sm_chauthtok.3
+++ b/contrib/openpam/doc/man/pam_sm_chauthtok.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_chauthtok.3#6 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_sm_chauthtok.3#7 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SM_CHAUTHTOK 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_sm_close_session.3 b/contrib/openpam/doc/man/pam_sm_close_session.3
index bc7e982..c629194 100644
--- a/contrib/openpam/doc/man/pam_sm_close_session.3
+++ b/contrib/openpam/doc/man/pam_sm_close_session.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_close_session.3#6 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_sm_close_session.3#7 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SM_CLOSE_SESSION 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_sm_open_session.3 b/contrib/openpam/doc/man/pam_sm_open_session.3
index 796eb08..669ac4c 100644
--- a/contrib/openpam/doc/man/pam_sm_open_session.3
+++ b/contrib/openpam/doc/man/pam_sm_open_session.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_open_session.3#6 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_sm_open_session.3#7 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SM_OPEN_SESSION 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_sm_setcred.3 b/contrib/openpam/doc/man/pam_sm_setcred.3
index adaac06..e9c8808 100644
--- a/contrib/openpam/doc/man/pam_sm_setcred.3
+++ b/contrib/openpam/doc/man/pam_sm_setcred.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_setcred.3#6 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_sm_setcred.3#7 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_SM_SETCRED 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3
index 913ac03..6eff458 100644
--- a/contrib/openpam/doc/man/pam_start.3
+++ b/contrib/openpam/doc/man/pam_start.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_start.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_start.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_START 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3
index 993e32e..39eb0b7 100644
--- a/contrib/openpam/doc/man/pam_strerror.3
+++ b/contrib/openpam/doc/man/pam_strerror.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_strerror.3#10 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_strerror.3#11 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_STRERROR 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3
index f71381c..b773219 100644
--- a/contrib/openpam/doc/man/pam_verror.3
+++ b/contrib/openpam/doc/man/pam_verror.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_verror.3#8 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_verror.3#9 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_VERROR 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3
index 8a2ba09..e0ddce9 100644
--- a/contrib/openpam/doc/man/pam_vinfo.3
+++ b/contrib/openpam/doc/man/pam_vinfo.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_vinfo.3#8 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_vinfo.3#9 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_VINFO 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3
index dd31d06..073cf5b 100644
--- a/contrib/openpam/doc/man/pam_vprompt.3
+++ b/contrib/openpam/doc/man/pam_vprompt.3
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_vprompt.3#8 $
+.\" $P4: //depot/projects/openpam/doc/man/pam_vprompt.3#9 $
 .\"
-.Dd April 8, 2002
+.Dd April 14, 2002
 .Dt PAM_VPROMPT 3
 .Os
 .Sh NAME
diff --git a/contrib/openpam/include/security/openpam_version.h b/contrib/openpam/include/security/openpam_version.h
new file mode 100644
index 0000000..e69c4c3
--- /dev/null
+++ b/contrib/openpam/include/security/openpam_version.h
@@ -0,0 +1,44 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/openpam/include/security/openpam_version.h#2 $
+ */
+
+#ifndef _OPENPAM_VERSION_H_INCLUDED
+#define _OPENPAM_VERSION_H_INCLUDED
+
+#define _OPENPAM
+#define _OPENPAM_VERSION	20020414
+#define _OPENPAM_RELEASE	"Cineraria"
+
+#endif
diff --git a/contrib/openpam/include/security/pam_constants.h b/contrib/openpam/include/security/pam_constants.h
index 5cb0b40..9f3d38f 100644
--- a/contrib/openpam/include/security/pam_constants.h
+++ b/contrib/openpam/include/security/pam_constants.h
@@ -31,12 +31,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/pam_constants.h#13 $
+ * $P4: //depot/projects/openpam/include/security/pam_constants.h#14 $
  */
 
 #ifndef _PAM_CONSTANTS_H_INCLUDED
 #define _PAM_CONSTANTS_H_INCLUDED
 
+#include <security/openpam_version.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile
index f2fb006..eb7f242 100644
--- a/contrib/openpam/lib/Makefile
+++ b/contrib/openpam/lib/Makefile
@@ -31,7 +31,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/lib/Makefile#13 $
+# $P4: //depot/projects/openpam/lib/Makefile#14 $
 #
 
 LIB		 = pam
@@ -45,6 +45,7 @@ CFLAGS		+= -DLIB_MAJ=${SHLIB_MAJOR}
 
 SRCS		 =
 SRCS		+= openpam_borrow_cred.c
+SRCS		+= openpam_configure.c
 SRCS		+= openpam_dispatch.c
 SRCS		+= openpam_dynamic.c
 SRCS		+= openpam_findenv.c
diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c
new file mode 100644
index 0000000..8c12e10
--- /dev/null
+++ b/contrib/openpam/lib/openpam_configure.c
@@ -0,0 +1,264 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/openpam/lib/openpam_configure.c#1 $
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+#define PAM_CONF_STYLE	0
+#define PAM_D_STYLE	1
+#define MAX_LINE_LEN	1024
+#define MAX_OPTIONS	256
+
+static int
+openpam_read_policy_file(pam_handle_t *pamh,
+	const char *service,
+	const char *filename,
+	int style)
+{
+	char buf[MAX_LINE_LEN], *p, *q;
+	const char *optv[MAX_OPTIONS + 1];
+	int ch, chain, flag, line, optc, n, r;
+	size_t len;
+	FILE *f;
+
+	n = 0;
+
+	if ((f = fopen(filename, "r")) == NULL) {
+		openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,
+		    "%s: %m", filename);
+		return (0);
+	}
+	openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
+	    service, filename);
+
+	for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
+		if ((len = strlen(buf)) == 0)
+			continue;
+
+		/* check for overflow */
+		if (buf[--len] != '\n' && !feof(f)) {
+			openpam_log(PAM_LOG_ERROR, "%s: line %d too long",
+			    filename, line);
+			openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
+			    filename, line);
+			while ((ch = fgetc(f)) != EOF)
+				if (ch == '\n')
+					break;
+			continue;
+		}
+
+		/* strip comments and trailing whitespace */
+		if ((p = strchr(buf, '#')) != NULL)
+			len = p - buf ? p - buf - 1 : p - buf;
+		while (len > 0 && isspace(buf[len - 1]))
+			--len;
+		if (len == 0)
+			continue;
+		buf[len] = '\0';
+		p = q = buf;
+
+		/* check service name */
+		if (style == PAM_CONF_STYLE) {
+			for (q = p = buf; *q != '\0' && !isspace(*q); ++q)
+				/* nothing */;
+			if (*q == '\0')
+				goto syntax_error;
+			*q++ = '\0';
+			if (strcmp(p, service) != 0)
+				continue;
+			openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'",
+			    filename, line, service);
+		}
+
+
+		/* get module type */
+		for (p = q; isspace(*p); ++p)
+			/* nothing */;
+		for (q = p; *q != '\0' && !isspace(*q); ++q)
+			/* nothing */;
+		if (q == p || *q == '\0')
+			goto syntax_error;
+		*q++ = '\0';
+		if (strcmp(p, "auth") == 0) {
+			chain = PAM_AUTH;
+		} else if (strcmp(p, "account") == 0) {
+			chain = PAM_ACCOUNT;
+		} else if (strcmp(p, "session") == 0) {
+			chain = PAM_SESSION;
+		} else if (strcmp(p, "password") == 0) {
+			chain = PAM_PASSWORD;
+		} else {
+			openpam_log(PAM_LOG_ERROR,
+			    "%s: invalid module type on line %d: '%s'",
+			    filename, line, p);
+			continue;
+		}
+
+		/* get control flag */
+		for (p = q; isspace(*p); ++p)
+			/* nothing */;
+		for (q = p; *q != '\0' && !isspace(*q); ++q)
+			/* nothing */;
+		if (q == p || *q == '\0')
+			goto syntax_error;
+		*q++ = '\0';
+		if (strcmp(p, "required") == 0) {
+			flag = PAM_REQUIRED;
+		} else if (strcmp(p, "requisite") == 0) {
+			flag = PAM_REQUISITE;
+		} else if (strcmp(p, "sufficient") == 0) {
+			flag = PAM_SUFFICIENT;
+		} else if (strcmp(p, "optional") == 0) {
+			flag = PAM_OPTIONAL;
+		} else {
+			openpam_log(PAM_LOG_ERROR,
+			    "%s: invalid control flag on line %d: '%s'",
+			    filename, line, p);
+			continue;
+		}
+
+		/* get module name */
+		for (p = q; isspace(*p); ++p)
+			/* nothing */;
+		for (q = p; *q != '\0' && !isspace(*q); ++q)
+			/* nothing */;
+		if (q == p)
+			goto syntax_error;
+
+		/* get options */
+		for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) {
+			*q++ = '\0';
+			while (isspace(*q))
+				++q;
+			optv[optc] = q;
+			while (*q != '\0' && !isspace(*q))
+				++q;
+		}
+		optv[optc] = NULL;
+		if (*q != '\0') {
+			*q = '\0';
+			openpam_log(PAM_LOG_ERROR,
+			    "%s: too many options on line %d",
+			    filename, line);
+		}
+
+		/*
+		 * Finally, add the module at the end of the
+		 * appropriate chain and bump the counter.
+		 */
+		r = openpam_add_module(pamh, chain, flag, p, optc, optv);
+		if (r != PAM_SUCCESS)
+			return (-r);
+		++n;
+		continue;
+ syntax_error:
+		openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d",
+		    filename, line);
+		openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]",
+		    filename, line, q);
+		openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
+		    filename, line);
+	}
+
+	if (ferror(f))
+		openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
+
+	fclose(f);
+	return (n);
+}
+
+static const char *openpam_policy_path[] = {
+	"/etc/pam.d/",
+	"/etc/pam.conf",
+	"/usr/local/etc/pam.d/",
+	NULL
+};
+
+/*
+ * OpenPAM internal
+ *
+ * Configure a service
+ */
+
+int
+openpam_configure(pam_handle_t *pamh,
+	const char *service)
+{
+	const char **path;
+	char *filename;
+	size_t len;
+	int r;
+
+	for (path = openpam_policy_path; *path != NULL; ++path) {
+		len = strlen(*path);
+		if ((*path)[len - 1] == '/') {
+			filename = malloc(len + strlen(service) + 1);
+			if (filename == NULL) {
+				openpam_log(PAM_LOG_ERROR, "malloc(): %m");
+				return (PAM_BUF_ERR);
+			}
+			strcpy(filename, *path);
+			strcat(filename, service);
+			r = openpam_read_policy_file(pamh,
+			    service, filename, PAM_D_STYLE);
+			free(filename);
+		} else {
+			r = openpam_read_policy_file(pamh,
+			    service, *path, PAM_CONF_STYLE);
+		}
+		if (r < 0)
+			return (-r);
+		if (r > 0)
+			return (PAM_SUCCESS);
+	}
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NODOC
+ *
+ * Error codes:
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ */
diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h
index a9b011e..1fc0184 100644
--- a/contrib/openpam/lib/openpam_impl.h
+++ b/contrib/openpam/lib/openpam_impl.h
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_impl.h#12 $
+ * $P4: //depot/projects/openpam/lib/openpam_impl.h#13 $
  */
 
 #ifndef _OPENPAM_IMPL_H_INCLUDED
@@ -105,6 +105,7 @@ struct pam_saved_cred {
 
 #define PAM_OTHER	"other"
 
+int		openpam_configure(pam_handle_t *, const char *);
 int		openpam_dispatch(pam_handle_t *, int, int);
 int		openpam_findenv(pam_handle_t *, const char *, size_t);
 int		openpam_add_module(pam_handle_t *, int, int,
diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c
index 4464604..11e389d 100644
--- a/contrib/openpam/lib/pam_acct_mgmt.c
+++ b/contrib/openpam/lib/pam_acct_mgmt.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#7 $
+ * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#8 $
  */
 
 #include <sys/param.h>
@@ -62,3 +62,19 @@ pam_acct_mgmt(pam_handle_t *pamh,
  *	=pam_sm_acct_mgmt
  *	!PAM_IGNORE
  */
+
+/**
+ * The =pam_acct_mgmt function verifies and enforces account restrictions
+ * after the user has been authenticated.
+ *
+ * The =flags argument is the binary or of zero or more of the following
+ * values:
+ *
+ *	=PAM_SILENT:
+ *		Do not emit any messages.
+ *	=PAM_DISALLOW_NULL_AUTHTOK:
+ *		Fail if the user's authentication token is null.
+ *
+ * If any other bits are set, =pam_authenticate will return
+ * =PAM_SYMBOL_ERR.
+ */
diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c
index 20c656e..fbf3829 100644
--- a/contrib/openpam/lib/pam_authenticate.c
+++ b/contrib/openpam/lib/pam_authenticate.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_authenticate.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_authenticate.c#10 $
  */
 
 #include <sys/param.h>
@@ -66,6 +66,7 @@ pam_authenticate(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_authenticate
  *	!PAM_IGNORE
+ *	PAM_SYMBOL_ERR
  */
 
 /**
@@ -79,8 +80,11 @@ pam_authenticate(pam_handle_t *pamh,
  * The =flags argument is the binary or of zero or more of the following
  * values:
  *
- *	=PAM_SILENT
+ *	=PAM_SILENT:
  *		Do not emit any messages.
- *	=PAM_DISALLOW_NULL_AUTHTOK
+ *	=PAM_DISALLOW_NULL_AUTHTOK:
  *		Fail if the user's authentication token is null.
+ *
+ * If any other bits are set, =pam_authenticate will return
+ * =PAM_SYMBOL_ERR.
  */
diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c
index bf56a13..3101d0c 100644
--- a/contrib/openpam/lib/pam_chauthtok.c
+++ b/contrib/openpam/lib/pam_chauthtok.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#10 $
+ * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#11 $
  */
 
 #include <sys/param.h>
@@ -82,8 +82,10 @@ pam_chauthtok(pam_handle_t *pamh,
  * The =flags argument is the binary or of zero or more of the following
  * values:
  *
- *	=PAM_SILENT
+ *	=PAM_SILENT:
  *		Do not emit any messages.
- *	=PAM_CHANGE_EXPIRED_AUTHTOK
+ *	=PAM_CHANGE_EXPIRED_AUTHTOK:
  *		Change only those authentication tokens that have expired.
+ *
+ * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR.
  */
diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c
index bf806f7..50d8ba2 100644
--- a/contrib/openpam/lib/pam_close_session.c
+++ b/contrib/openpam/lib/pam_close_session.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_close_session.c#7 $
+ * $P4: //depot/projects/openpam/lib/pam_close_session.c#8 $
  */
 
 #include <sys/param.h>
@@ -52,6 +52,8 @@ pam_close_session(pam_handle_t *pamh,
 	int flags)
 {
 
+	if (flags & ~(PAM_SILENT))
+		return (PAM_SYMBOL_ERR);
 	return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
 }
 
@@ -61,4 +63,19 @@ pam_close_session(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_close_session
  *	!PAM_IGNORE
+ *	PAM_SYMBOL_ERR
+ */
+
+/**
+ * The =pam_close_session function tears down the user session previously
+ * set up by =pam_open_session.
+ *
+ * The =flags argument is the binary or of zero or more of the following
+ * values:
+ *
+ *	=PAM_SILENT:
+ *		Do not emit any messages.
+ *
+ * If any other bits are set, =pam_close_session will return
+ * =PAM_SYMBOL_ERR.
  */
diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c
index c33c829..02f73fb 100644
--- a/contrib/openpam/lib/pam_open_session.c
+++ b/contrib/openpam/lib/pam_open_session.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_open_session.c#7 $
+ * $P4: //depot/projects/openpam/lib/pam_open_session.c#8 $
  */
 
 #include <sys/param.h>
@@ -52,6 +52,8 @@ pam_open_session(pam_handle_t *pamh,
 	int flags)
 {
 
+	if (flags & ~(PAM_SILENT))
+		return (PAM_SYMBOL_ERR);
 	return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
 }
 
@@ -61,4 +63,20 @@ pam_open_session(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_open_session
  *	!PAM_IGNORE
+ *	PAM_SYMBOL_ERR
+ */
+
+/**
+ * The =pam_open_session sets up a user session for a previously
+ * authenticated user.  The session should later be torn down by a call to
+ * =pam_close_session.
+ *
+ * The =flags argument is the binary or of zero or more of the following
+ * values:
+ *
+ *	=PAM_SILENT:
+ *		Do not emit any messages.
+ *
+ * If any other bits are set, =pam_open_session will return
+ * =PAM_SYMBOL_ERR.
  */
diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c
index f381139..1273cb4 100644
--- a/contrib/openpam/lib/pam_setcred.c
+++ b/contrib/openpam/lib/pam_setcred.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_setcred.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_setcred.c#9 $
  */
 
 #include <sys/param.h>
@@ -52,6 +52,10 @@ pam_setcred(pam_handle_t *pamh,
 	int flags)
 {
 
+	if (flags & ~(PAM_SILENT|PAM_ESTABLISH_CRED|PAM_DELETE_CRED|
+		PAM_REINITIALIZE_CRED|PAM_REFRESH_CRED))
+		return (PAM_SYMBOL_ERR);
+	/* XXX enforce exclusivity */
 	return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
 }
 
@@ -61,18 +65,27 @@ pam_setcred(pam_handle_t *pamh,
  *	=openpam_dispatch
  *	=pam_sm_setcred
  *	!PAM_IGNORE
+ *	PAM_SYMBOL_ERR
  */
 
 /**
  * The =pam_setcred function manages the application's credentials.
- * The operation to perform is specified by the =flags argument:
  *
- *	PAM_ESTABLISH_CRED:
+ * The =flags argument is the binary or of zero or more of the following
+ * values:
+ *
+ *	=PAM_SILENT:
+ *		Do not emit any messages.
+ *	=PAM_ESTABLISH_CRED:
  *		Establish the credentials of the target user.
- *	PAM_DELETE_CRED:
+ *	=PAM_DELETE_CRED:
  *		Revoke all established credentials.
- *	PAM_REINITIALIZE_CRED:
+ *	=PAM_REINITIALIZE_CRED:
  *		Fully reinitialise credentials.
- *	PAM_REFRESH_CRED:
+ *	=PAM_REFRESH_CRED:
  *		Refresh credentials.
+ *
+ * The latter four are mutually exclusive.
+ *
+ * If any other bits are set, =pam_setcred will return =PAM_SYMBOL_ERR.
  */
diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c
index 4043f16..49976b4 100644
--- a/contrib/openpam/lib/pam_start.c
+++ b/contrib/openpam/lib/pam_start.c
@@ -31,21 +31,15 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_start.c#12 $
+ * $P4: //depot/projects/openpam/lib/pam_start.c#13 $
  */
 
-#include <ctype.h>
-#include <errno.h>
-#include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
 
-static int _pam_configure_service(pam_handle_t *pamh, const char *service);
-
 /*
  * XSSO 4.2.1
  * XSSO 6 page 89
@@ -71,9 +65,9 @@ pam_start(const char *service,
 	if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS)
 		goto fail;
 
-	if ((r = _pam_configure_service(ph, service)) != PAM_SUCCESS &&
-	    r != PAM_BUF_ERR)
-		r = _pam_configure_service(ph, PAM_OTHER);
+	r = openpam_configure(ph, service);
+	if (r != PAM_SUCCESS && r != PAM_BUF_ERR)
+		r = openpam_configure(ph, PAM_OTHER);
 	if (r != PAM_SUCCESS)
 		goto fail;
 
@@ -86,217 +80,12 @@ pam_start(const char *service,
 	return (r);
 }
 
-#define PAM_CONF_STYLE	0
-#define PAM_D_STYLE	1
-#define MAX_LINE_LEN	1024
-#define MAX_OPTIONS	256
-
-static int
-_pam_read_policy_file(pam_handle_t *pamh,
-	const char *service,
-	const char *filename,
-	int style)
-{
-	char buf[MAX_LINE_LEN], *p, *q;
-	const char *optv[MAX_OPTIONS + 1];
-	int ch, chain, flag, line, optc, n, r;
-	size_t len;
-	FILE *f;
-
-	n = 0;
-
-	if ((f = fopen(filename, "r")) == NULL) {
-		openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE,
-		    "%s: %m", filename);
-		return (0);
-	}
-	openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
-	    service, filename);
-
-	for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
-		if ((len = strlen(buf)) == 0)
-			continue;
-
-		/* check for overflow */
-		if (buf[--len] != '\n' && !feof(f)) {
-			openpam_log(PAM_LOG_ERROR, "%s: line %d too long",
-			    filename, line);
-			openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
-			    filename, line);
-			while ((ch = fgetc(f)) != EOF)
-				if (ch == '\n')
-					break;
-			continue;
-		}
-
-		/* strip comments and trailing whitespace */
-		if ((p = strchr(buf, '#')) != NULL)
-			len = p - buf ? p - buf - 1 : p - buf;
-		while (len > 0 && isspace(buf[len - 1]))
-			--len;
-		if (len == 0)
-			continue;
-		buf[len] = '\0';
-		p = q = buf;
-
-		/* check service name */
-		if (style == PAM_CONF_STYLE) {
-			for (q = p = buf; *q != '\0' && !isspace(*q); ++q)
-				/* nothing */;
-			if (*q == '\0')
-				goto syntax_error;
-			*q++ = '\0';
-			if (strcmp(p, service) != 0)
-				continue;
-			openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'",
-			    filename, line, service);
-		}
-
-
-		/* get module type */
-		for (p = q; isspace(*p); ++p)
-			/* nothing */;
-		for (q = p; *q != '\0' && !isspace(*q); ++q)
-			/* nothing */;
-		if (q == p || *q == '\0')
-			goto syntax_error;
-		*q++ = '\0';
-		if (strcmp(p, "auth") == 0) {
-			chain = PAM_AUTH;
-		} else if (strcmp(p, "account") == 0) {
-			chain = PAM_ACCOUNT;
-		} else if (strcmp(p, "session") == 0) {
-			chain = PAM_SESSION;
-		} else if (strcmp(p, "password") == 0) {
-			chain = PAM_PASSWORD;
-		} else {
-			openpam_log(PAM_LOG_ERROR,
-			    "%s: invalid module type on line %d: '%s'",
-			    filename, line, p);
-			continue;
-		}
-
-		/* get control flag */
-		for (p = q; isspace(*p); ++p)
-			/* nothing */;
-		for (q = p; *q != '\0' && !isspace(*q); ++q)
-			/* nothing */;
-		if (q == p || *q == '\0')
-			goto syntax_error;
-		*q++ = '\0';
-		if (strcmp(p, "required") == 0) {
-			flag = PAM_REQUIRED;
-		} else if (strcmp(p, "requisite") == 0) {
-			flag = PAM_REQUISITE;
-		} else if (strcmp(p, "sufficient") == 0) {
-			flag = PAM_SUFFICIENT;
-		} else if (strcmp(p, "optional") == 0) {
-			flag = PAM_OPTIONAL;
-		} else {
-			openpam_log(PAM_LOG_ERROR,
-			    "%s: invalid control flag on line %d: '%s'",
-			    filename, line, p);
-			continue;
-		}
-
-		/* get module name */
-		for (p = q; isspace(*p); ++p)
-			/* nothing */;
-		for (q = p; *q != '\0' && !isspace(*q); ++q)
-			/* nothing */;
-		if (q == p)
-			goto syntax_error;
-
-		/* get options */
-		for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) {
-			*q++ = '\0';
-			while (isspace(*q))
-				++q;
-			optv[optc] = q;
-			while (*q != '\0' && !isspace(*q))
-				++q;
-		}
-		optv[optc] = NULL;
-		if (*q != '\0') {
-			*q = '\0';
-			openpam_log(PAM_LOG_ERROR,
-			    "%s: too many options on line %d",
-			    filename, line);
-		}
-
-		/*
-		 * Finally, add the module at the end of the
-		 * appropriate chain and bump the counter.
-		 */
-		r = openpam_add_module(pamh, chain, flag, p, optc, optv);
-		if (r != PAM_SUCCESS)
-			return (-r);
-		++n;
-		continue;
- syntax_error:
-		openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d",
-		    filename, line);
-		openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]",
-		    filename, line, q);
-		openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d",
-		    filename, line);
-	}
-
-	if (ferror(f))
-		openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
-
-	fclose(f);
-	return (n);
-}
-
-static const char *_pam_policy_path[] = {
-	"/etc/pam.d/",
-	"/etc/pam.conf",
-	"/usr/local/etc/pam.d/",
-	NULL
-};
-
-static int
-_pam_configure_service(pam_handle_t *pamh,
-	const char *service)
-{
-	const char **path;
-	char *filename;
-	size_t len;
-	int r;
-
-	for (path = _pam_policy_path; *path != NULL; ++path) {
-		len = strlen(*path);
-		if ((*path)[len - 1] == '/') {
-			filename = malloc(len + strlen(service) + 1);
-			if (filename == NULL) {
-				openpam_log(PAM_LOG_ERROR, "malloc(): %m");
-				return (PAM_BUF_ERR);
-			}
-			strcpy(filename, *path);
-			strcat(filename, service);
-			r = _pam_read_policy_file(pamh,
-			    service, filename, PAM_D_STYLE);
-			free(filename);
-		} else {
-			r = _pam_read_policy_file(pamh,
-			    service, *path, PAM_CONF_STYLE);
-		}
-		if (r < 0)
-			return (-r);
-		if (r > 0)
-			return (PAM_SUCCESS);
-	}
-
-	return (PAM_SYSTEM_ERR);
-}
-
 /*
  * Error codes:
  *
+ *	=openpam_configure
  *	=pam_set_item
  *	!PAM_SYMBOL_ERR
- *	PAM_SYSTEM_ERR
  *	PAM_BUF_ERR
  */
author	des <des@FreeBSD.org>	2002-04-14 18:28:22 +0000
committer	des <des@FreeBSD.org>	2002-04-14 18:28:22 +0000
commit	3928c97d18145ce51c22cd530ae9f353b88f85eb (patch)
tree	d8361aa94c01d745b7e3ff0f65d6b71e5425c644 /contrib
parent	38971df82a9b331625c18dbb591759be82a43bcf (diff)
download	FreeBSD-src-3928c97d18145ce51c22cd530ae9f353b88f85eb.zip FreeBSD-src-3928c97d18145ce51c22cd530ae9f353b88f85eb.tar.gz