Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC: r269875

According to opie code and even direct mention in opie(4) challenge buffer
size must be OPIE_CHALLENGE_MAX + 1, not OPIE_CHALLENGE_MAX

Reviewed by: des

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Reject user with names that are longer than OPIE is willing to deal with;
otherwise OPIE will happily truncate it.

Spotted by: ghelmer
MFC after: 2 weeks

Update copyright dates.

Remove all instances of pam_std_option()

style.Makefile(5) police
(I've tried to keep to the spirit of the original formatting)

Reviewed by: des

english(4) police.

Since pam_get_authtok(3) doesn't know about our options structure, setting
the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the
old pam_get_pass(3) code). Instead, call pam_prompt(3) directly. This
actually simplifies the code a bit.

MFC after: 3 days

Major cleanup:

- add __unused where appropriate
- PAM_RETURN -> return since OpenPAM already logs the return value.
- make PAM_LOG use openpam_log()
- make PAM_VERBOSE_ERROR use openpam_get_option() and check flags
for PAM_SILENT
- remove dummy functions since OpenPAM handles missing service
functions
- fix various warnings

Sponsored by: DARPA, NAI Labs

Moved SHLIB_NAME definition into one place.

Approved by: des

Aggressive cleanup of warnings + authtok-related code in preparation for
PAMifying passwd(1).

Sponsored by: DARPA, NAI Labs.

mdoc(7) police: expand contractions.

NAI DBA update.

Switch to OpenPAM. Bump library version. Modules are now versioned, so
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by: DARPA, NAI Labs

Remove NO_WERROR, now that WARNS=n is gone.

#include cleanup.

Sponsored by: DARPA, NAI Labs

WARNS=4 fixes. Protect with NO_WERROR for the modules that have
warnings that are hard to fix or that I've been asked to leave alone.

Further changes to allow enabling pam_opie(8) by default:

- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
challenging the user. These options are meaningless for pam_opie(8)
since the user can't possibly know the right response before she sees
the challenge.

- Introduce the no_fake_prompts option. If this option is set, pam_opie(8)
will fail - rather than present a bogus challenge - if the target user
does not have an OPIE key. With this option, users who haven't set up
OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs

Add a new module, pam_opieaccess(8), which is responsible for checking
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by: DARPA, NAI Labs
Reviewed by: ache, markm

snprintf bloat -> strlcpy
Add getpwnam return check

Approved by: des, markm

Back out recent changes

If user not exist in OPIE system, return failure immediately instead
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.

Previous commit was incomplete, use new error code PAM_CRED_ERR to
indicate die case, different from PAM_SUCCESS and PAM_AUTH_ERR

Rewrite 'pwok' fallback in the way it can be properly chained with pam_unix

Replace snprintf %s with strlcpy

Check for NULL returned from getpwnam()

Set pwok to 1 for non-OPIE users

Implement 'pwok', i.e. conditional fallback to unix password
as supposed by opieaccessfile() and opiealways()

Add dummy functions for all module types. These dummies return PAM_IGNORE
rather than PAM_SUCCESS, so you'll get a failure if you list dummies but
no real modules for a particular module chain.

Sponsored by: DARPA, NAI Labs

Add __FBSDID()s to libpam

1) repair the return value in the PAM_RETURN() macro (Side effects!!).
2) canonicalise the options use in pam_options().

Submitted by: Gunnar Kreitz <gunnark@chello.se>
PR: 30250

Verbose logging, overridable verbose error reporting.

Use a better method to get user credentials to account for (legal)
duplications of UID's in /etc/*passwd.

mdoc(7) police: -xwidth has been fold into -width.

mdoc(7) police: fixed markup, a little bit.

Clean up (and in some cases write) the PAM mudules, using
o The new options-processing API
o The new DEBUG-logging API

Add man(1) pages for ALL modules. MDOC-Police welcome
to check this.

Audit, clean up while I'm here.

Big module cleanup.

Move common stuff into Makefile.inc, and tidy up all the Makefiles
as a result.

Build new modules.

Put a commented-out dependancy on libpam for the (shared) modules.
I can't bring this in just yet, as the dependancy (modules->libpam)
is reversed for the static case (libpam->modules).

Use a unified libgcc rather than a seperate one for threaded and
non-threaded programs. This provides threaded programs with the
needed exception frame symbols.

parts submitted by: Max Khon <fjoe@iclub.nsu.ru>
PR: 23252

Add pam_opie, a PAM module using the OPIE one-time-password scheme.

Submitted by: Jim Bloom <bloom@acm.org>