Upgrade to OpenPAM Radula.

contrib/openpam/CREDITS

@@ -43,6 +43,7 @@ ideas:
 	Mikhail Teterin <[email protected]>
 	Mikko Työläjärvi <[email protected]>
 	Nick Hibma <[email protected]>
+	Patrick Bihan-Faou <[email protected]>
 	Robert Watson <[email protected]>
 	Ruslan Ermilov <[email protected]>
 	Sebastian Krahmer <[email protected]>

contrib/openpam/HISTORY

@@ -1,3 +1,22 @@
+OpenPAM Radula							2017-02-19
+
+ - BUGFIX: Fix an inverted test which prevented pam_get_authtok(3) and
+   pam_get_user(3) from using application-provided custom prompts.
+
+ - BUGFIX: Plug a memory leak in pam_set_item(3).
+
+ - BUGFIX: Plug a potential memory leak in openpam_readlinev(3).
+
+ - BUGFIX: In openpam_readword(3), support line continuations within
+   whitespace.
+
+ - ENHANCE: Add a feature flag to control fallback to "other" policy.
+
+ - ENHANCE: Add a pam_return(8) module which returns an arbitrary
+   code specified in the module options.
+
+ - ENHANCE: More and better unit tests.
+============================================================================
 OpenPAM Ourouparia						2014-09-12
 
  - ENHANCE: When executing a chain, require at least one service

contrib/openpam/LICENSE

@@ -1,6 +1,6 @@
 
 Copyright (c) 2002-2003 Networks Associates Technology, Inc.
-Copyright (c) 2004-2012 Dag-Erling Smørgrav
+Copyright (c) 2004-2017 Dag-Erling Smørgrav
 All rights reserved.
 
 This software was developed for the FreeBSD Project by ThinkSec AS and

contrib/openpam/Makefile.am

@@ -1,8 +1,8 @@
-# $Id: Makefile.am 816 2014-09-12 07:50:22Z des $
+# $Id: Makefile.am 917 2017-02-18 14:45:27Z des $
 
 ACLOCAL_AMFLAGS = -I m4
 
-SUBDIRS = lib bin modules include
+SUBDIRS = misc include lib bin modules
 
 if WITH_DOC
 SUBDIRS += doc

contrib/openpam/Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -14,9 +14,19 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.am 816 2014-09-12 07:50:22Z des $
+# $Id: Makefile.am 917 2017-02-18 14:45:27Z des $
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -81,20 +91,20 @@ build_triplet = @build@
 host_triplet = @host@
 @WITH_DOC_TRUE@am__append_1 = doc
 subdir = .
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/configure $(am__configure_deps) \
-	$(srcdir)/config.h.in $(srcdir)/pamgdb.in $(srcdir)/mkpkgng.in \
-	INSTALL README TODO compile config.guess config.sub install-sh \
-	missing ltmain.sh
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
+	$(am__configure_deps) $(am__DIST_COMMON)
 am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
  configure.lineno config.status.lineno
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES = pamgdb mkpkgng
+CONFIG_CLEAN_FILES = mkpkgng
 CONFIG_CLEAN_VPATH_FILES =
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@@ -152,7 +162,10 @@ am__define_uniq_tagged_files = \
 ETAGS = etags
 CTAGS = ctags
 CSCOPE = cscope
-DIST_SUBDIRS = lib bin modules include doc t
+DIST_SUBDIRS = misc include lib bin modules doc t
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
+	$(srcdir)/mkpkgng.in INSTALL README TODO compile config.guess \
+	config.sub depcomp install-sh ltmain.sh missing
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
@@ -208,6 +221,7 @@ CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYB_TEST_LIBS = @CRYB_TEST_LIBS@
 CRYPTO_LIBS = @CRYPTO_LIBS@
 CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
@@ -238,6 +252,7 @@ LIB_MAJ = @LIB_MAJ@
 LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -261,6 +276,7 @@ SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 STRIP = @STRIP@
+SYSTEM_LIBPAM = @SYSTEM_LIBPAM@
 VERSION = @VERSION@
 abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
@@ -315,7 +331,7 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 ACLOCAL_AMFLAGS = -I m4
-SUBDIRS = lib bin modules include $(am__append_1) t
+SUBDIRS = misc include lib bin modules $(am__append_1) t
 EXTRA_DIST = \
 	CREDITS \
 	HISTORY \
@@ -345,7 +361,6 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --foreign Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -379,8 +394,6 @@ $(srcdir)/config.h.in:  $(am__configure_deps)
 
 distclean-hdr:
 	-rm -f config.h stamp-h1
-pamgdb: $(top_builddir)/config.status $(srcdir)/pamgdb.in
-	cd $(top_builddir) && $(SHELL) ./config.status $@
 mkpkgng: $(top_builddir)/config.status $(srcdir)/mkpkgng.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
 
@@ -580,15 +593,15 @@ dist-xz: distdir
 	$(am__post_remove_distdir)
 
 dist-tarZ: distdir
-	@echo WARNING: "Support for shar distribution archives is" \
-	               "deprecated." >&2
+	@echo WARNING: "Support for distribution archives compressed with" \
+		       "legacy program 'compress' is deprecated." >&2
 	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
 	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
 	$(am__post_remove_distdir)
 
 dist-shar: distdir
-	@echo WARNING: "Support for distribution archives compressed with" \
-		       "legacy program 'compress' is deprecated." >&2
+	@echo WARNING: "Support for shar distribution archives is" \
+	               "deprecated." >&2
 	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
 	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
 	$(am__post_remove_distdir)
@@ -624,16 +637,17 @@ distcheck: dist
 	esac
 	chmod -R a-w $(distdir)
 	chmod u+w $(distdir)
-	mkdir $(distdir)/_build $(distdir)/_inst
+	mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
 	chmod a-w $(distdir)
 	test -d $(distdir)/_build || exit 0; \
 	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
 	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
 	  && am__cwd=`pwd` \
-	  && $(am__cd) $(distdir)/_build \
-	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	  && $(am__cd) $(distdir)/_build/sub \
+	  && ../../configure \
 	    $(AM_DISTCHECK_CONFIGURE_FLAGS) \
 	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	    --srcdir=../.. --prefix="$$dc_install_base" \
 	  && $(MAKE) $(AM_MAKEFLAGS) \
 	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
 	  && $(MAKE) $(AM_MAKEFLAGS) check \
@@ -810,6 +824,8 @@ uninstall-am:
 	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
 	uninstall-am
 
+.PRECIOUS: Makefile
+
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.

contrib/openpam/README

@@ -7,19 +7,4 @@ implementations disagree, OpenPAM tries to remain compatible with
 Solaris, at the expense of XSSO conformance and Linux-PAM
 compatibility.
 
-These are some of OpenPAM's features:
-
-   - Implements the complete PAM API as described in the original PAM
-     paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
-     except for mappings and secondary authentication.  Also
-     implements some extensions found in Solaris 9.
-
-   - Extends the API with several useful and time-saving functions.
-
-   - Performs strict checking of return values from service modules.
-
-   - Reads configuration from /etc/pam.d/, /etc/pam.conf,
-     /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
-     this will be made configurable in a future release.
-
 Please direct bug reports and inquiries to <[email protected]>.

contrib/openpam/RELNOTES

@@ -1,22 +1,21 @@
 
-                 Release notes for OpenPAM Ourouparia
-                 ====================================
+		   Release notes for OpenPAM Radula
+		   ================================
 
-This release corresponds to the code used in FreeBSD HEAD as of the
-release date, and is also expected to work on almost any POSIX-like
-platform that has GNU autotools, GNU make and the GNU compiler suite
-installed.
+OpenPAM is developed primarily on FreeBSD, but is expected to work on
+almost any POSIX-like platform that has GNU autotools, GNU make and
+the GNU compiler suite installed.
 
-The distribution consists of the following components:
+The OpenPAM distribution consists of the following components:
 
  - The PAM library itself, with complete API documentation.
 
  - Sample modules (pam_permit, pam_deny and pam_unix) and a sample
-   application (su) which demonstrate how to use PAM.
+   application (su) which demonstrate how to use the PAM library.
 
  - A test application (pamtest) which can be used to test policies and
    modules.
 
- - Unit tests for limited portions of the libraries.
+ - Unit tests for limited portions of the library.
 
 Please direct bug reports and inquiries to <[email protected]>.

contrib/openpam/TODO

@@ -1,15 +1,9 @@
-Before the next release:
+- Fix try_first_pass / use_first_pass (pam_get_authtok() code &
+  documentation are slightly incorrect, OpenPAM's pam_unix(8) is
+  incorrect, all FreeBSD modules are broken)
 
- - Rewrite openpam_ttyconv(3).
-   - mostly done, needs review.
+- Add loop detection to openpam_load_chain().
 
- - Fix try_first_pass / use_first_pass (pam_get_authtok() code &
-   documentation are slightly incorrect, OpenPAM's pam_unix(8) is
-   incorrect, all FreeBSD modules are broken)
+- Complete unit tests for openpam_dispatch().
 
- - Add loop detection to openpam_load_chain().
-
- - Look into the possibility of implementing a version of (or a
-   wrapper for) openpam_log() which respects the PAM_SILENT flag and
-   the no_warn module option.  This would eliminate the need for
-   FreeBSD's _pam_verbose_error().
+- Stop using PAM_SYMBOL_ERR incorrectly.