Linux only branch. All BSD code removed

2 files changed, 12 insertions, 165 deletions

diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c
index a467421..a07fe46 100644
--- a/modules/pam_nologin/pam_nologin.c
+++ b/modules/pam_nologin/pam_nologin.c
@@ -6,10 +6,6 @@
 #include <unistd.h>
 #include <pwd.h>
 
-#ifndef __linux__
-#include <login_cap.h>
-#endif
-
 #define PAM_SM_AUTH
 
 #include <security/pam_appl.h>
@@ -27,9 +23,6 @@ pam_sm_authenticate( pam_handle_t *pamh, int flags,
 	char *mtmp = NULL;
 	const char * user;
 	int pam_err, fd; 
-#ifndef __linux__ 
-	login_cap_t *lc;
-#endif 
 
 	if( (pam_err = pam_get_user(pamh,&user, NULL)) != PAM_SUCCESS ||
 			(user == NULL) ) {
@@ -37,17 +30,7 @@ pam_sm_authenticate( pam_handle_t *pamh, int flags,
 		return (PAM_USER_UNKNOWN);
 	}
 
-
-#ifndef __linux__ 
-	lc = login_getclass(NULL);
-        nologin = login_getcapstr(lc, "nologin", nologin_def, nologin_def);
-        login_close(lc);
-        lc = NULL;
-
-	fd = open(nologin, O_RDONLY, 0);
-#else
 	fd = open(NOLOGIN, O_RDONLY, 0);
-#endif
 	/* 
 	 * LinuxPAM's nologin returns PAM_IGNORE when no 'nologin' file is
 	 * present while freebsd's nologin returns PAM_SUCCESS. We'll go 
diff --git a/modules/pam_unix/pam_unix.c b/modules/pam_unix/pam_unix.c
index e516162..4072938 100644
--- a/modules/pam_unix/pam_unix.c
+++ b/modules/pam_unix/pam_unix.c
@@ -7,7 +7,7 @@
 #include <unistd.h>
 #include <time.h>
 #include <string.h>
-
+#include <shadow.h>  
 
 #ifndef MAXHOSTNAMELEN
 # define MAXHOSTNAMELEN 256
@@ -18,12 +18,7 @@
 #define PAM_SM_PASSWORD
 #define PAM_SM_SESSION
 
-#ifndef __linux__
-#include <login_cap.h> /* for BSD login classes */
-#include <util.h> /* libutil functions */
-#else 
-#include <shadow.h>  
-#endif
+
 
 #define PASSWORD_HASH           "md5"
 #define MAX_RETRIES 		3
@@ -41,13 +36,11 @@
  * Helper functions for internal use
  */
 
-#ifdef __linux__
 static int update_shadow( pam_handle_t * pamh , 
 		const char * user , const char * newhashedpwd );
 static int update_passwd( pam_handle_t * pamh ,
 		const char * user ,const char * newhashedpwd ); 
 static char * read_shadow(const char * user) ; 
-#endif
 
 static void to64(char *s, long v, int n); 
 void makesalt(char salt[SALTSIZE]);
@@ -59,10 +52,6 @@ void makesalt(char salt[SALTSIZE]);
 PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh, int flags,
 		int argc , const char *argv[] ) {
-
-#ifndef __linux__
-	login_cap_t *lc;
-#endif
 	struct passwd *pwd;
 	const char *pass, *crypt_pass, *real_hash, *user;
 	int pam_err;
@@ -78,7 +67,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	                return (pam_err);
 		}
 
-	        pwd = getpwnam(user);
+		pwd = getpwnam(user);
 	}
 	PAM_LOG("Authenticating user: [%s]", user);
 
@@ -86,7 +75,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 
 	if (pwd != NULL) {
 		PAM_LOG("Doing real authentication");
-	        pass = pwd->pw_passwd;
+		pass = pwd->pw_passwd; 
 		if (pass[0] == '\0') {
 			if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
 					openpam_get_option(pamh, PAM_OPT_NULLOK)){
@@ -94,30 +83,16 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 						Authentication succesfull.", user);
 				return (PAM_SUCCESS);
 			}
-			
-			real_hash = "*";
-		}
-
-#ifndef __linux__
-		lc = login_getpwclass(pwd);
-#endif 
-	} else {
-		PAM_LOG("Doing dummy authentication.");
+		}			
+		
 		real_hash = "*";
 		
-#ifndef __linux__
-		lc = login_getpwclass(NULL);
-#endif
+	} else {
+		PAM_LOG("Doing dummy authentication.");
+		real_hash = "x";
 	}
 
-	
-#ifndef __linux__
-        prompt = login_getcapstr(lc, "passwd_prompt", NULL, NULL);
-        pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &pass, prompt);
-        login_close(lc);
-#else
 	pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **) &pass, NULL);
-#endif
 	PAM_LOG("Got password for user [%s]", user);
 
         if (pam_err == PAM_CONV_ERR)
@@ -125,15 +100,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	if (pam_err != PAM_SUCCESS)
 	        return (PAM_AUTH_ERR);
 	
-	
 	/* check passwd entry */
 
-	if ( strncmp(real_hash, "*", sizeof(char)) !=0 ) {
-#ifndef __linux__
-		real_hash = pwd->pw_passwd;
-#else
+	if ( strncmp(real_hash, "x", sizeof(char)) != 0 ) {
 		real_hash = read_shadow(user);
-#endif
 	}
 
 	crypt_pass = crypt(pass,real_hash); 
@@ -170,20 +140,11 @@ PAM_EXTERN int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
 		    int argc , const char *argv[] ) {
 
-#ifndef __linux__
-	login_cap_t *lc;
-#endif
-
 	struct spwd *pwd;
 	int pam_err;
 	const char *user;
 	time_t curtime;
 	
-#ifndef __linux__
-	const void *rhost, *tty;
-	char rhostip[MAXHOSTNAMELEN] = "";
-#endif
-
 	/* Sanity checks for uname,pwd,tty,host etc */
 
 	pam_err = pam_get_user(pamh, &user, NULL);
@@ -196,47 +157,18 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
 
 
 	PAM_LOG("Got user [%s]" , user );
-#ifndef __linux__
-
-	/* 
-	 * tty/host info are provided by login classes
-	 * and cannot be used out of the box under Linux
-	 * for sanity checking (BSD only). May need to 
-	 * be ported/rewritten to work on Linux as well.
-	 * Time will tell...
-	 */
-	pam_err = pam_get_item(pamh, PAM_RHOST, &rhost);
-
-	if (pam_err != PAM_SUCCESS)
-		return (pam_err);
-
-	pam_err = pam_get_item(pamh, PAM_TTY, &tty);
-
-	if (pam_err != PAM_SUCCESS)
-		return (pam_err);
-#endif
+	
 	if (*pwd->sp_pwdp == '\0' &&
          	(flags & PAM_DISALLOW_NULL_AUTHTOK) != 0)
 		return (PAM_NEW_AUTHTOK_REQD);
 
-#ifndef __linux__
-	lc = login_getpwclass(pwd);
-	
-	if (lc == NULL) {
-		PAM_ERROR("Unable to get login class for user [%s]");
-		return (PAM_SERVICE_ERR);		
-	}
-#endif
 	/* Calculate current time */
 	curtime = time(NULL) / (60 * 60 * 24);
 	
 	/* Check for account expiration */
 	if (pwd->sp_expire > 0) {
 		 fprintf(stdout, "Account expiration data value is %ld\n", pwd->sp_expire);
-		if ( (curtime > pwd->sp_expire ) && ( pwd->sp_expire != -1 ) ) {  
-#ifndef __linux__ 		
-			login_close(lc);
-#endif
+		if ( (curtime > pwd->sp_expire ) && ( pwd->sp_expire != -1 ) ) {
 			PAM_ERROR("Account has expired!");
 			return (PAM_ACCT_EXPIRED);
 		} else if ( ( pwd->sp_expire - curtime < DEFAULT_WARN) ) {
@@ -275,19 +207,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags ,
 	}
 	pam_err = (PAM_SUCCESS);
 
-#ifndef __linux__
-
-	/* validate tty/host/time */
-
-	if (!auth_hostok(lc, rhost, rhostip) ||
-			!auth_ttyok(lc, tty) ||
-			!auth_timeok(lc, time(NULL)))
-		pam_err = PAM_AUTH_ERR;
-
-
-	login_close(lc);
-#endif
-
 	return (pam_err);
 
 }
@@ -309,11 +228,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
         const char *user, *old_pass, *new_pass;
         char  *hashedpwd,  salt[SALTSIZE+1];
 
-#ifndef __linux__
-	struct passwd *new_pwd;
-	login_cap_t * lc;
-	int pfd, tfd;
-#endif
 	int pam_err, retries;
 	
 	/* identify user */
@@ -358,7 +272,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 
 	if (flags & PAM_PRELIM_CHECK) {
 		PAM_LOG("Doing preliminary actions.");
-
 		if (getuid() == 0 ) { 
 			/* root doesn't need old passwd */
 			return (pam_set_item(pamh, PAM_OLDAUTHTOK, ""));
@@ -392,7 +305,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 
 	} else if ( flags & PAM_UPDATE_AUTHTOK ) {
 		PAM_LOG("Doing actual update.");
-
 		pam_err= pam_get_authtok(pamh, PAM_OLDAUTHTOK ,&old_pass, NULL);
                 
 		if (pam_err != PAM_SUCCESS)
@@ -429,44 +341,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 				!openpam_get_option(pamh, PAM_OPT_NULLOK))
 			return (PAM_PERM_DENIED);
 
-#ifndef __linux__
-
-		/*
-		 * The BSD way to update the passwd entry. Taken as is 
-		 * from the freebsd-lib module pam_unix. Unfortunately, 
-		 * the following won't work under Linux. 
-		 */
-
-		if ((new_pwd = pw_dup(old_pwd)) == NULL) 
-			return (PAM_BUF_ERR);
-
-		new_pwd->pw_change = 0;
-		lc = login_getclass(new_pwd->pw_class);
-		if (login_setcryptfmt(lc, password_hash, NULL) == NULL)
-			openpam_log(PAM_LOG_ERROR,
-				"can't set password cipher, relying on default");
-		
-		login_close(lc);
-		makesalt(salt);
-		new_pwd->pw_passwd = crypt(new_pass, salt);
-
-
-		pam_err = PAM_SERVICE_ERR;
-		if (pw_init(NULL, NULL))
-			openpam_log(PAM_LOG_ERROR, "pw_init() failed");
-		else if ((pfd = pw_lock()) == -1)
-			openpam_log(PAM_LOG_ERROR, "pw_lock() failed");
-		else if ((tfd = pw_tmp(-1)) == -1)
-			openpam_log(PAM_LOG_ERROR, "pw_tmp() failed");
-		else if (pw_copy(pfd, tfd, new_pwd, old_pwd) == -1)
-			openpam_log(PAM_LOG_ERROR, "pw_copy() failed");
-		else if (pw_mkdb(new_pwd->pw_name) == -1)
-			openpam_log(PAM_LOG_ERROR, "pw_mkdb() failed");
-		else
-			pam_err = PAM_SUCCESS;
-		pw_fini();
-		
-#else
 		makesalt(salt);	
 		/* Update shadow/passwd entries for Linux */
 		pam_err = update_shadow( pamh ,user,crypt(new_pass, salt));
@@ -477,8 +351,6 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		update_passwd( pamh ,user,"x");
 		if ( pam_err != PAM_SUCCESS) 
 			return (pam_err);
-
-#endif
 	
 		PAM_LOG("Password changed for user [%s]", user);
 	} else {
@@ -542,8 +414,6 @@ pam_sm_close_session( pam_handle_t * pamh, int flags,
 	return PAM_SUCCESS;
 }
 
-#ifdef __linux__
-
 #define NEW_SHADOW "/etc/.shadow"
 /*
  * Update shadow with new user password
@@ -758,7 +628,6 @@ static char * read_shadow(const char * user) {
 }
 
 
-#endif
 
 /* 
  * Mostly stolen from freebsd-lib's pam_unix module which was mostly 
@@ -787,12 +656,7 @@ makesalt(char salt[SALTSIZE]) {
 		 */
 		
 		for (i = 0; i < SALTSIZE; i += 4)
-
-#ifndef __linux__
-			to64(&salt[i], arc4random(), 4);
-#else
 			to64(&salt[i], random(), 4);
-#endif
 
 		salt[SALTSIZE] = '\0';
 }