Relevant BUGIDs:

Purpose of commit:

Commit summary:
---------------

Remove pam_pwdb and all references to it.

2006-02-10  Thorsten Kukuk  <kukuk@thkukuk.de>

        * configure.in: Remove pam_pwdb support.
        * modules/Makefile.am: remove pam_pwdb.
        * modules/pam_pwdb: Remove complete directory.
        * libpam/Makefile.am: Remove LIBPWDB references.
        * libpam/pam_static_modules.h: Remove pam_pwdb references.
        * doc/modules/pam_pwdb.sgml: Removed.
        * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries.
        * doc/pam_source.sgml: Remove references to libpwdb.
        * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb.
        * doc/modules/pam_group.sgml: Likewise.
        * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix.
        * doc/modules/pam_userdb.sgml: Likewise.
        * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb
        with pam_unix.
        * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise.
        * modules/pam_group/pam_group.c: Remove dead code for libpwdb.

1 files changed, 0 insertions, 373 deletions

diff --git a/modules/pam_pwdb/pam_unix_passwd.-c b/modules/pam_pwdb/pam_unix_passwd.-c
deleted file mode 100644
index 0949af7f..00000000
--- a/modules/pam_pwdb/pam_unix_passwd.-c
+++ /dev/null
@@ -1,373 +0,0 @@
-/* $Id$ */
-
-static const char rcsid_pass[] =
-"$Id$\n"
-" - PAM_PWDB password module <morgan@parc.power.net>"
-;
-
-#include "pam_unix_pwupd.-c"
-
-/* passwd/salt conversion macros */
-
-#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
-#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
-
-/* data tokens */
-
-#define _UNIX_OLD_AUTHTOK  "-UN*X-OLD-PASS"
-#define _UNIX_NEW_AUTHTOK  "-UN*X-NEW-PASS"
-
-/* Implementation */
-
-/*
- * i64c - convert an integer to a radix 64 character
- */
-static int i64c(int i)
-{
-    if (i < 0)
-        return ('.');
-    else if (i > 63)
-        return ('z');
-    if (i == 0)
-        return ('.');
-    if (i == 1)
-        return ('/');
-    if (i >= 2 && i <= 11)
-        return ('0' - 2 + i);
-    if (i >= 12 && i <= 37)
-        return ('A' - 12 + i);
-    if (i >= 38 && i <= 63)
-        return ('a' - 38 + i);
-    return ('\0');
-}
-
-/*
- * FUNCTION: _pam_unix_chauthtok() 
- *
- * this function works in two passes. The first, when UNIX__PRELIM is
- * set, obtains the previous password. It sets the PAM_OLDAUTHTOK item
- * or stores it as a data item. The second function obtains a new
- * password (verifying if necessary, that the user types it the same a
- * second time.) depending on the 'ctrl' flags this new password may
- * be stored in the PAM_AUTHTOK item or a private data item.
- *
- * Having obtained a new password. The function updates the
- * /etc/passwd (and optionally the /etc/shadow) file(s).
- *
- * Provision is made for the creation of a blank shadow file if none
- * is available, but one is required to update the shadow file -- the
- * intention being for shadow passwords to be seamlessly implemented
- * from the generic UNIX scheme. -- THIS BIT IS PRE-ALPHA.. and included
- * in this release (.52) mostly for the purpose of discussion.
- */
-
-static int _unix_chauthtok(pam_handle_t *pamh, unsigned int ctrl)
-{
-    int retval;
-    unsigned int lctrl;
-
-    /* <DO NOT free() THESE> */
-    const char *user;
-    const char *pass_old, *pass_new;
-    /* </DO NOT free() THESE> */
-
-    D(("called"));
-
-    /*
-     * First get the name of a user
-     */
-
-    retval = _unix_get_user( pamh, ctrl, "Username: ", &user );
-    if ( retval != PAM_SUCCESS ) {
-	if ( on(UNIX_DEBUG,ctrl) ) {
-	    _log_err(LOG_DEBUG, "password - could not identify user");
-	}
-	return retval;
-    }
-
-    if ( on(UNIX__PRELIM, ctrl) ) {
-	/*
-	 * obtain and verify the current password (OLDAUTHTOK) for
-	 * the user.
-	 */
-
-	char *Announce;
-
-	D(("prelim check"));
-
-	if ( _unix_blankpasswd(ctrl, user) ) {
-
-	    return PAM_SUCCESS;
-
-	} else if ( off(UNIX__IAMROOT, ctrl) ) {
-
-	    /* instruct user what is happening */
-#define greeting "Changing password for "
-	    Announce = (char *) malloc(sizeof(greeting)+strlen(user));
-	    if (Announce == NULL) {
-		_log_err(LOG_CRIT, "password - out of memory");
-		return PAM_BUF_ERR;
-	    }
-	    (void) strcpy(Announce, greeting);
-	    (void) strcpy(Announce+sizeof(greeting)-1, user);
-#undef greeting
-
-	    lctrl = ctrl;
-	    set(UNIX__OLD_PASSWD, lctrl);
-	    retval = _unix_read_password( pamh, lctrl
-					  , Announce
-					  , "(current) UNIX password: "
-					  , NULL
-					  , _UNIX_OLD_AUTHTOK
-					  , &pass_old );
-	    free(Announce);
-
-	    if ( retval != PAM_SUCCESS ) {
-		_log_err(LOG_NOTICE
-			 , "password - (old) token not obtained");
-		return retval;
-	    }
-
-	    /* verify that this is the password for this user */
-
-	    retval = _unix_verify_password(pamh, user, pass_old, ctrl);
-	} else {
-	    D(("process run by root so do nothing this time around"));
-	    pass_old = NULL;
-	    retval = PAM_SUCCESS;           /* root doesn't have too */
-	}
-
-	if ( retval != PAM_SUCCESS ) {
-	    D(("Authentication failed"));
-	    pass_old = NULL;
-	    return retval;
-	}
-
-	retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old);
-	pass_old = NULL;
-	if ( retval != PAM_SUCCESS ) {
-	    _log_err(LOG_CRIT, "failed to set PAM_OLDAUTHTOK");
-	}
-
-    } else if ( on( UNIX__UPDATE, ctrl ) ) {
-	/* tpass is used below to store the _pam_md() return; it
-	 * should be _pam_delete()'d. */
-
-	char *tpass=NULL;     
-
-	/*
-	 * obtain the proposed password
-	 */
-
-	D(("do update"));
-
-	/*
-	 * get the old token back. NULL was ok only if root [at this
-	 * point we assume that this has already been enforced on a
-	 * previous call to this function].
-	 */
-
-	if ( off(UNIX_NOT_SET_PASS, ctrl) ) {
-	    retval = pam_get_item(pamh, PAM_OLDAUTHTOK
-				  , (const void **)&pass_old);
-	} else {
-	    retval = pam_get_data(pamh, _UNIX_OLD_AUTHTOK
-				  , (const void **)&pass_old);
-	    if (retval == PAM_NO_MODULE_DATA) {
-		retval = PAM_SUCCESS;
-		pass_old = NULL;
-	    }
-	}
-
-	if (retval != PAM_SUCCESS) {
-	    _log_err(LOG_NOTICE, "user not authenticated");
-	    return retval;
-	}
-
-	D(("get new password now"));
-
-	lctrl = ctrl;
-
-	/*
-	 * use_authtok is to force the use of a previously entered
-	 * password -- needed for pluggable password strength checking
-	 */
-
-	if ( on(UNIX_USE_AUTHTOK, lctrl) ) {
-	    set(UNIX_USE_FIRST_PASS, lctrl);
-	}
-
-	retval = _unix_read_password( pamh, lctrl
-				      , NULL
-				      , "Enter new UNIX password: "
-				      , "Retype new UNIX password: "
-				      , _UNIX_NEW_AUTHTOK
-				      , &pass_new );
-
-	if ( retval != PAM_SUCCESS ) {
-	    if ( on(UNIX_DEBUG,ctrl) ) {
-		_log_err(LOG_ALERT
-			 , "password - new password not obtained");
-	    }
-	    pass_old = NULL;                               /* tidy up */
-	    return retval;
-	}
-
-	D(("returned to _unix_chauthtok"));
-
-	/*
-	 * At this point we know who the user is and what they
-	 * propose as their new password. Verify that the new
-	 * password is acceptable.
-	 */
-
-	if (pass_new[0] == '\0') {     /* "\0" password = NULL */
-	    pass_new = NULL;
-	}
-
-	retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);
-
-	if (retval != PAM_SUCCESS) {
-	    _log_err(LOG_NOTICE, "new password not acceptable");
-	    pass_new = pass_old = NULL;	              /* tidy up */
-	    return retval;
-	}
-
-	/*
-	 * By reaching here we have approved the passwords and must now
-	 * rebuild the password database file.
-	 *
-	 * This includes the fact that the password is _not_ NULL.
-	 */
-
-	/*
-	 * First we encrypt the new password.
-	 *
-	 * XXX - this is where we might need some code for RADIUS types
-	 *       of password handling... no encryption needed..
-	 */
-
-	if ( on(UNIX_MD5_PASS, ctrl) ) {
-
-	    /*
-	     * Code lifted from Marek Michalkiewicz's shadow suite. (CG)
-	     * removed use of static variables (AGM)
-	     */
-
-	    struct timeval tv;
-	    MD5_CTX ctx;
-	    unsigned char result[16];
-	    char *cp = (char *)result;
-	    unsigned char tmp[16];
-	    int i;
-
-	    GoodMD5Init(&ctx);
-	    gettimeofday(&tv, (struct timezone *) 0);
-	    GoodMD5Update(&ctx, (void *) &tv, sizeof tv);
-	    i = getpid();
-	    GoodMD5Update(&ctx, (void *) &i, sizeof i);
-	    i = clock();
-	    GoodMD5Update(&ctx, (void *) &i, sizeof i);
-	    GoodMD5Update(&ctx, result, sizeof result);
-	    GoodMD5Final(tmp, &ctx);
-	    strcpy(cp, "$1$");  /* magic for the MD5 */
-	    cp += strlen(cp);
-	    for (i = 0; i < 8; i++)
-		*cp++ = i64c(tmp[i] & 077);
-	    *cp = '\0';
-
-	    /* no longer need cleartext */
-	    pass_new = tpass = _pam_md(pass_new, (const char *)result);
-
-	} else {
-	    /*
-	     * Salt manipulation is stolen from Rick Faith's passwd
-	     * program.  Sorry Rick :) -- alex
-	     */
-
-	    time_t tm;
-	    char salt[3];
-
-	    time(&tm);
-	    salt[0] = bin_to_ascii(tm & 0x3f);
-	    salt[1] = bin_to_ascii((tm >> 6) & 0x3f);
-	    salt[2] = '\0';
-
-	    if ( off(UNIX_BIGCRYPT, ctrl) && strlen(pass_new) > 8 ) {
-		/* to avoid using the _extensions_ of the bigcrypt()
-		   function we truncate the newly entered password */
-		char *temp = malloc(9);
-
-		if (temp == NULL) {
-		    _log_err(LOG_CRIT, "out of memory for password");
-		    pass_new = pass_old = NULL;	         /* tidy up */
-		    return PAM_BUF_ERR;
-		}
-
-		/* copy first 8 bytes of password */
-		strncpy(temp, pass_new, 8);
-		temp[8] = '\0';
-
-		/* no longer need cleartext */
-		pass_new = tpass = _pam_md( temp, salt );
-
-		_pam_delete(temp);                       /* tidy up */
-	    } else {
-		/* no longer need cleartext */
-		pass_new = tpass = _pam_md( pass_new, salt );
-	    }
-	}
-
-	D(("password processed"));
-
-	/* update the password database(s) -- race conditions..? */
-
-	retval = unix_update_db(pamh, ctrl, user, pass_old, pass_new);
-	pass_old = pass_new = NULL;
-
-    } else {            /* something has broken with the module */
-
-	_log_err(LOG_ALERT, "password received unknown request");
-	retval = PAM_ABORT;
-
-    }
-
-    return retval;
-}
-
-/* ******************************************************************
- * Copyright (c) Alexander O. Yuriev (alex@bach.cis.temple.edu), 1996.
- * Copyright (c) Andrew Morgan <morgan@parc.power.net> 1996, 1997.
- * Copyright (c) Cristian Gafton, <gafton@redhat.com> 1996, 1997.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, and the entire permission notice in its entirety,
- *    including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior
- *    written permission.
- * 
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions.  (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- * 
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */