8 files changed, 0 insertions, 583 deletions
diff --git a/modules/pam_securetty/.cvsignore b/modules/pam_securetty/.cvsignore
deleted file mode 100644
index 9fb98574..00000000
--- a/modules/pam_securetty/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.la
-*.lo
-.deps
-.libs
-Makefile
-Makefile.in
diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am
deleted file mode 100644
index ca97ef4d..00000000
--- a/modules/pam_securetty/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
-#
-
-CLEANFILES = *~
-
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty
-
-TESTS = tst-pam_securetty
-
-man_MANS = pam_securetty.8
-XMLS = README.xml pam_securetty.8.xml
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-AM_LDFLAGS = -no-undefined -avoid-version -module \
-	-L$(top_builddir)/libpam -lpam
-if HAVE_VERSIONING
-  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-
-securelib_LTLIBRARIES = pam_securetty.la
-
-if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_securetty.8.xml
--include $(top_srcdir)/Make.xml.rules
-endif
diff --git a/modules/pam_securetty/README b/modules/pam_securetty/README
deleted file mode 100644
index d4ee5f97..00000000
--- a/modules/pam_securetty/README
+++ /dev/null
@@ -1,33 +0,0 @@
-pam_securetty — Limit root login to special devices
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-pam_securetty is a PAM module that allows root logins only if the user is
-logging in on a "secure" tty, as defined by the listing in /etc/securetty.
-pam_securetty also checks to make sure that /etc/securetty is a plain file and
-not world writable.
-
-This module has no effect on non-root users and requires that the application
-fills in the PAM_TTY item correctly.
-
-For canonical usage, should be listed as a required authentication method
-before any sufficient authentication methods.
-
-OPTIONS
-
-debug
-
-    Print debug information.
-
-EXAMPLES
-
-auth  required  pam_securetty.so
-auth  required  pam_unix.so
-
-
-AUTHOR
-
-pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
-
diff --git a/modules/pam_securetty/README.xml b/modules/pam_securetty/README.xml
deleted file mode 100644
index a8c098a0..00000000
--- a/modules/pam_securetty/README.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_securetty.8.xml">
--->
-]>
-
-<article>
-
-  <articleinfo>
-
-    <title>
-      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_securetty.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_securetty-name"]/*)'/>
-    </title>
-
-  </articleinfo>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-description"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-options"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-examples"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-author"]/*)'/>
-  </section>
-
-</article>
diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8
deleted file mode 100644
index f72e611f..00000000
--- a/modules/pam_securetty/pam_securetty.8
+++ /dev/null
@@ -1,85 +0,0 @@
-.\"     Title: pam_securetty
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\"      Date: 06/04/2006
-.\"    Manual: Linux\-PAM Manual
-.\"    Source: Linux\-PAM Manual
-.\"
-.TH "PAM_SECURETTY" "8" "06/04/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-pam_securetty \- Limit root login to special devices
-.SH "SYNOPSIS"
-.HP 17
-\fBpam_securetty.so\fR [debug]
-.SH "DESCRIPTION"
-.PP
-pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
-\fI/etc/securetty\fR. pam_securetty also checks to make sure that
-\fI/etc/securetty\fR
-is a plain file and not world writable.
-.PP
-This module has no effect on non\-root users and requires that the application fills in the
-\fBPAM_TTY\fR
-item correctly.
-.PP
-For canonical usage, should be listed as a
-\fBrequired\fR
-authentication method before any
-\fBsufficient\fR
-authentication methods.
-.SH "OPTIONS"
-.TP 3n
-\fBdebug\fR
-Print debug information.
-.SH "MODULE SERVICES PROVIDED"
-.PP
-Only the
-\fBauth\fR
-service is supported.
-.SH "RETURN VALUES"
-.TP 3n
-PAM_SUCCESS
-The user is allowed to continue authentication. Either the user is not root, or the root user is trying to log in on an acceptable device.
-.TP 3n
-PAM_AUTH_ERR
-Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the
-\fI/etc/securetty\fR
-file is world writable or not a normal file.
-.TP 3n
-PAM_INCOMPLETE
-An application error occurred. pam_securetty was not able to get information it required from the application that called it.
-.TP 3n
-PAM_SERVICE_ERR
-An error occurred while the module was determining the user's name or tty, or the module could not open
-\fI/etc/securetty\fR.
-.TP 3n
-PAM_IGNORE
-The module could not find the user name in the
-\fI/etc/passwd\fR
-file to verify whether the user had a UID of 0. Therefore, the results of running this module are ignored.
-.SH "EXAMPLES"
-.PP
-
-.sp
-.RS 3n
-.nf
-auth  required  pam_securetty.so
-auth  required  pam_unix.so
-      
-.fi
-.RE
-.sp
-.SH "SEE ALSO"
-.PP
-
-\fBsecuretty\fR(5),
-\fBpam.conf\fR(5),
-\fBpam.d\fR(8),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml
deleted file mode 100644
index 56348d78..00000000
--- a/modules/pam_securetty/pam_securetty.8.xml
+++ /dev/null
@@ -1,167 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_securetty">
-
-  <refmeta>
-    <refentrytitle>pam_securetty</refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
-  </refmeta>
-
-  <refnamediv id="pam_securetty-name">
-    <refname>pam_securetty</refname>
-    <refpurpose>Limit root login to special devices</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis id="pam_securetty-cmdsynopsis">
-      <command>pam_securetty.so</command>
-      <arg choice="opt">
-        debug
-      </arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1 id="pam_securetty-description">
-
-    <title>DESCRIPTION</title>
-
-    <para>
-      pam_securetty is a PAM module that allows root logins only if the
-      user is logging in on a "secure" tty, as defined by the listing
-      in <filename>/etc/securetty</filename>. pam_securetty also checks
-      to make sure that <filename>/etc/securetty</filename> is a plain
-      file and not world writable.
-    </para>
-    <para>
-      This module has no effect on non-root users and requires that the
-      application fills in the <emphasis remap='B'>PAM_TTY</emphasis>
-      item correctly.
-    </para>
-    <para>
-      For canonical usage, should be listed as a
-      <emphasis remap='B'>required</emphasis> authentication method
-      before any <emphasis remap='B'>sufficient</emphasis>
-      authentication methods.
-    </para>
-  </refsect1>
-
-  <refsect1 id="pam_securetty-options">
-    <title>OPTIONS</title>
-        <variablelist>
-      <varlistentry>
-        <term>
-          <option>debug</option>
-        </term>
-        <listitem>
-          <para>
-            Print debug information.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1 id="pam_securetty-services">
-    <title>MODULE SERVICES PROVIDED</title>
-    <para>
-      Only the <option>auth</option> service is supported.
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_securetty-return_values'>
-    <title>RETURN VALUES</title>
-    <variablelist>
-      <varlistentry>
-        <term>PAM_SUCCESS</term>
-        <listitem>
-          <para>
-            The user is allowed to continue authentication.
-            Either the user is not root, or the root user is
-            trying to log in on an acceptable device.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>PAM_AUTH_ERR</term>
-        <listitem>
-          <para>
-            Authentication is rejected. Either root is attempting to
-            log in via an unacceptable device, or the
-            <filename>/etc/securetty</filename> file is world writable or
-            not a normal file.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>PAM_INCOMPLETE</term>
-        <listitem>
-          <para>
-            An application error occurred. pam_securetty was not able
-            to get information it required from the application that
-            called it.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>PAM_SERVICE_ERR</term>
-        <listitem>
-          <para>
-            An error occurred while the module was determining the
-            user's name or tty, or the module could not open
-            <filename>/etc/securetty</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>PAM_IGNORE</term>
-        <listitem>
-          <para>
-            The module could not find the user name in the
-            <filename>/etc/passwd</filename> file to verify whether
-            the user had a UID of 0. Therefore, the results of running
-            this module are ignored.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1 id='pam_securetty-examples'>
-    <title>EXAMPLES</title>
-    <para>
-      <programlisting>
-auth  required  pam_securetty.so
-auth  required  pam_unix.so
-      </programlisting>
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_securetty-see_also'>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-        <refentrytitle>securetty</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_securetty-author'>
-    <title>AUTHOR</title>
-      <para>
-        pam_securetty was written by Elliot Lee &lt;sopwith@cuc.edu&gt;.
-      </para>
-  </refsect1>
-
-</refentry>
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
deleted file mode 100644
index 9dbe9bc4..00000000
--- a/modules/pam_securetty/pam_securetty.c
+++ /dev/null
@@ -1,219 +0,0 @@
-/* pam_securetty module */
-
-#define SECURETTY_FILE "/etc/securetty"
-#define TTY_PREFIX     "/dev/"
-
-/*
- * by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
- * July 25, 1996.
- * This code shamelessly ripped from the pam_rootok module.
- * Slight modifications AGM. 1996/12/3
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <syslog.h>
-#include <stdarg.h>
-#include <pwd.h>
-#include <string.h>
-#include <ctype.h>
-
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
-#include <security/pam_modules.h>
-#include <security/pam_modutil.h>
-#include <security/pam_ext.h>
-
-#define PAM_DEBUG_ARG       0x0001
-
-static int
-_pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
-{
-    int ctrl=0;
-
-    /* step through arguments */
-    for (ctrl=0; argc-- > 0; ++argv) {
-
-	/* generic options */
-
-	if (!strcmp(*argv,"debug"))
-	    ctrl |= PAM_DEBUG_ARG;
-	else {
-	    pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
-	}
-    }
-
-    return ctrl;
-}
-
-static int
-securetty_perform_check (pam_handle_t *pamh, int ctrl,
-			 const char *function_name)
-{
-    int retval = PAM_AUTH_ERR;
-    const char *username;
-    const char *uttyname;
-    const void *void_uttyname;
-    char ttyfileline[256];
-    char ptname[256];
-    struct stat ttyfileinfo;
-    struct passwd *user_pwd;
-    FILE *ttyfile;
-
-    /* log a trail for debugging */
-    if (ctrl & PAM_DEBUG_ARG) {
-        pam_syslog(pamh, LOG_DEBUG, "pam_securetty called via %s function",
-		   function_name);
-    }
-
-    retval = pam_get_user(pamh, &username, NULL);
-    if (retval != PAM_SUCCESS || username == NULL) {
-        pam_syslog(pamh, LOG_WARNING, "cannot determine username");
-	return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR);
-    }
-
-    user_pwd = pam_modutil_getpwnam(pamh, username);
-    if (user_pwd == NULL) {
-	return PAM_USER_UNKNOWN;
-    } else if (user_pwd->pw_uid != 0) { /* If the user is not root,
-					   securetty's does not apply
-					   to them */
-	return PAM_SUCCESS;
-    }
-
-    retval = pam_get_item(pamh, PAM_TTY, &void_uttyname);
-    uttyname = void_uttyname;
-    if (retval != PAM_SUCCESS || uttyname == NULL) {
-        pam_syslog (pamh, LOG_WARNING, "cannot determine user's tty");
-	return PAM_SERVICE_ERR;
-    }
-
-    /* The PAM_TTY item may be prefixed with "/dev/" - skip that */
-    if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) {
-	uttyname += sizeof(TTY_PREFIX)-1;
-    }
-
-    if (stat(SECURETTY_FILE, &ttyfileinfo)) {
-	pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE);
-	return PAM_SUCCESS; /* for compatibility with old securetty handling,
-			       this needs to succeed.  But we still log the
-			       error. */
-    }
-
-    if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) {
-	/* If the file is world writable or is not a
-	   normal file, return error */
-	pam_syslog(pamh, LOG_ERR,
-		   "%s is either world writable or not a normal file",
-		   SECURETTY_FILE);
-	return PAM_AUTH_ERR;
-    }
-
-    ttyfile = fopen(SECURETTY_FILE,"r");
-    if (ttyfile == NULL) { /* Check that we opened it successfully */
-	pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE);
-	return PAM_SERVICE_ERR;
-    }
-
-    if (isdigit(uttyname[0])) {
-	snprintf(ptname, sizeof(ptname), "pts/%s", uttyname);
-    } else {
-	ptname[0] = '\0';
-    }
-
-    retval = 1;
-
-    while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL)
-	   && retval) {
-	if (ttyfileline[strlen(ttyfileline) - 1] == '\n')
-	    ttyfileline[strlen(ttyfileline) - 1] = '\0';
-
-	retval = ( strcmp(ttyfileline, uttyname)
-		   && (!ptname[0] || strcmp(ptname, uttyname)) );
-    }
-    fclose(ttyfile);
-
-    if (retval) {
-	    pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
-		     uttyname);
-
-	    retval = PAM_AUTH_ERR;
-    } else {
-	if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) {
-	    pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",
-		     username, uttyname);
-	}
-	retval = PAM_SUCCESS;
-
-    }
-
-    return retval;
-}
-
-/* --- authentication management functions --- */
-
-PAM_EXTERN
-int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc,
-			const char **argv)
-{
-    int ctrl;
-
-    /* parse the arguments */
-    ctrl = _pam_parse (pamh, argc, argv);
-
-    return securetty_perform_check(pamh, ctrl, __FUNCTION__);
-}
-
-PAM_EXTERN int
-pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
-		int argc UNUSED, const char **argv UNUSED)
-{
-    return PAM_SUCCESS;
-}
-
-/* --- account management functions --- */
-
-PAM_EXTERN int
-pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED,
-		  int argc, const char **argv)
-{
-    int ctrl;
-
-    /* parse the arguments */
-    ctrl = _pam_parse (pamh, argc, argv);
-
-    /* take the easy route */
-    return securetty_perform_check(pamh, ctrl, __FUNCTION__);
-}
-
-
-#ifdef PAM_STATIC
-
-/* static module data */
-
-struct pam_module _pam_securetty_modstruct = {
-     "pam_securetty",
-     pam_sm_authenticate,
-     pam_sm_setcred,
-     pam_sm_acct_mgmt,
-     NULL,
-     NULL,
-     NULL,
-};
-
-#endif /* PAM_STATIC */
-
-/* end of module definition */
diff --git a/modules/pam_securetty/tst-pam_securetty b/modules/pam_securetty/tst-pam_securetty
deleted file mode 100755
index 1252f798..00000000
--- a/modules/pam_securetty/tst-pam_securetty
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_securetty.so