1 files changed, 0 insertions, 336 deletions
diff --git a/security/hpn-ssh/files/auth2-pam-freebsd.c b/security/hpn-ssh/files/auth2-pam-freebsd.c
deleted file mode 100644
index 8840a61f93a7..000000000000
--- a/security/hpn-ssh/files/auth2-pam-freebsd.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*-
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "includes.h"
-RCSID("$FreeBSD: /tmp/pcvs/ports/security/hpn-ssh/files/Attic/auth2-pam-freebsd.c,v 1.4 2002-10-17 04:40:20 dinoex Exp $");
-
-#ifdef USE_PAM
-#include <security/pam_appl.h>
-
-#include "auth.h"
-#include "buffer.h"
-#include "bufaux.h"
-#include "log.h"
-#include "monitor_wrap.h"
-#include "msg.h"
-#include "packet.h"
-#include "ssh2.h"
-#include "xmalloc.h"
-
-struct pam_ctxt {
-	char		*pam_user;
-	pid_t		 pam_pid;
-	int		 pam_sock;
-	int		 pam_done;
-};
-
-static void pam_free_ctx(void *);
-
-/*
- * Conversation function for child process.
- */
-static int
-pam_child_conv(int n,
-	 const struct pam_message **msg,
-	 struct pam_response **resp,
-	 void *data)
-{
-	Buffer buffer;
-	struct pam_ctxt *ctxt;
-	int i;
-
-	ctxt = data;
-	if (n <= 0 || n > PAM_MAX_NUM_MSG)
-		return (PAM_CONV_ERR);
-	*resp = xmalloc(n * sizeof **resp);
-	buffer_init(&buffer);
-	for (i = 0; i < n; ++i) {
-		resp[i]->resp_retcode = 0;
-		resp[i]->resp = NULL;
-		switch (msg[i]->msg_style) {
-		case PAM_PROMPT_ECHO_OFF:
-			buffer_put_cstring(&buffer, msg[i]->msg);
-			ssh_msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer);
-			ssh_msg_recv(ctxt->pam_sock, &buffer);
-			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
-				goto fail;
-			resp[i]->resp = buffer_get_string(&buffer, NULL);
-			break;
-		case PAM_PROMPT_ECHO_ON:
-			buffer_put_cstring(&buffer, msg[i]->msg);
-			ssh_msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer);
-			ssh_msg_recv(ctxt->pam_sock, &buffer);
-			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
-				goto fail;
-			resp[i]->resp = buffer_get_string(&buffer, NULL);
-			break;
-		case PAM_ERROR_MSG:
-			buffer_put_cstring(&buffer, msg[i]->msg);
-			ssh_msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer);
-			break;
-		case PAM_TEXT_INFO:
-			buffer_put_cstring(&buffer, msg[i]->msg);
-			ssh_msg_send(ctxt->pam_sock, msg[i]->msg_style, &buffer);
-			break;
-		default:
-			goto fail;
-		}
-		buffer_clear(&buffer);
-	}
-	buffer_free(&buffer);
-	return (PAM_SUCCESS);
- fail:
-	while (i)
-		xfree(resp[--i]);
-	xfree(*resp);
-	*resp = NULL;
-	buffer_free(&buffer);
-	return (PAM_CONV_ERR);
-}
-
-/*
- * Child process.
- */
-static void *
-pam_child(struct pam_ctxt *ctxt)
-{
-	Buffer buffer;
-	struct pam_conv pam_conv;
-	pam_handle_t *pamh;
-	int pam_err;
-
-	pam_conv.conv = pam_child_conv;
-	pam_conv.appdata_ptr = ctxt;
-	buffer_init(&buffer);
-	setproctitle("%s [pam]", ctxt->pam_user);
-	pam_err = pam_start("sshd", ctxt->pam_user, &pam_conv, &pamh);
-	if (pam_err != PAM_SUCCESS)
-		goto auth_fail;
-	pam_err = pam_authenticate(pamh, 0);
-	if (pam_err != PAM_SUCCESS)
-		goto auth_fail;
-	pam_err = pam_acct_mgmt(pamh, 0);
-	if (pam_err != PAM_SUCCESS)
-		goto auth_fail;
-	buffer_put_cstring(&buffer, "OK");
-	ssh_msg_send(ctxt->pam_sock, PAM_SUCCESS, &buffer);
-	buffer_free(&buffer);
-	pam_end(pamh, pam_err);
-	exit(0);
- auth_fail:
-	buffer_put_cstring(&buffer, pam_strerror(pamh, pam_err));
-	ssh_msg_send(ctxt->pam_sock, PAM_AUTH_ERR, &buffer);
-	buffer_free(&buffer);
-	pam_end(pamh, pam_err);
-	exit(0);
-}
-
-static void
-pam_cleanup(void *ctxtp)
-{
-	struct pam_ctxt *ctxt = ctxtp;
-	int status;
-
-	close(ctxt->pam_sock);
-	kill(ctxt->pam_pid, SIGHUP);
-	waitpid(ctxt->pam_pid, &status, 0);
-}
-
-static void *
-pam_init_ctx(Authctxt *authctxt)
-{
-	struct pam_ctxt *ctxt;
-	int socks[2];
-	int i;
-
-	ctxt = xmalloc(sizeof *ctxt);
-	ctxt->pam_user = xstrdup(authctxt->user);
-	ctxt->pam_done = 0;
-	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
-		error("%s: failed create sockets: %s",
-		    __func__, strerror(errno));
-		xfree(ctxt);
-		return (NULL);
-	}
-	if ((ctxt->pam_pid = fork()) == -1) {
-		error("%s: failed to fork auth-pam child: %s",
-		    __func__, strerror(errno));
-		close(socks[0]);
-		close(socks[1]);
-		xfree(ctxt);
-		return (NULL);
-	}
-	if (ctxt->pam_pid == 0) {
-		/* close everything except our end of the pipe */
-		ctxt->pam_sock = socks[1];
-		for (i = 3; i < getdtablesize(); ++i)
-			if (i != ctxt->pam_sock)
-				close(i);
-		pam_child(ctxt);
-		/* not reached */
-		exit(1);
-	}
-	ctxt->pam_sock = socks[0];
-	close(socks[1]);
-	fatal_add_cleanup(pam_cleanup, ctxt);
-	return (ctxt);
-}
-
-static int
-pam_query(void *ctx, char **name, char **info,
-    u_int *num, char ***prompts, u_int **echo_on)
-{
-	Buffer buffer;
-	struct pam_ctxt *ctxt = ctx;
-	size_t plen;
-	u_char type;
-	char *msg;
-
-	buffer_init(&buffer);
-	*name = xstrdup("");
-	*info = xstrdup("");
-	*prompts = xmalloc(sizeof(char *));
-	**prompts = NULL;
-	plen = 0;
-	*echo_on = xmalloc(sizeof(u_int));
-	while (ssh_msg_recv(ctxt->pam_sock, &buffer) == 0) {
-		type = buffer_get_char(&buffer);
-		msg = buffer_get_string(&buffer, NULL);
-		switch (type) {
-		case PAM_PROMPT_ECHO_ON:
-		case PAM_PROMPT_ECHO_OFF:
-			*num = 1;
-			**prompts = xrealloc(**prompts, plen + strlen(msg) + 1);
-			plen += sprintf(**prompts + plen, "%s", msg);
-			**echo_on = (type == PAM_PROMPT_ECHO_ON);
-			xfree(msg);
-			return (0);
-		case PAM_ERROR_MSG:
-		case PAM_TEXT_INFO:
-			/* accumulate messages */
-			**prompts = xrealloc(**prompts, plen + strlen(msg) + 1);
-			plen += sprintf(**prompts + plen, "%s", msg);
-			xfree(msg);
-			break;
-		case PAM_SUCCESS:
-		case PAM_AUTH_ERR:
-			if (**prompts != NULL) {
-				/* drain any accumulated messages */
-#if 0 /* not compatible with privsep */
-				packet_start(SSH2_MSG_USERAUTH_BANNER);
-				packet_put_cstring(**prompts);
-				packet_put_cstring("");
-				packet_send();
-				packet_write_wait();
-#endif
-				xfree(**prompts);
-				**prompts = NULL;
-			}
-			if (type == PAM_SUCCESS) {
-				*num = 0;
-				**echo_on = 0;
-				ctxt->pam_done = 1;
-				xfree(msg);
-				return (0);
-			}
-			error("%s", msg);
-		default:
-			*num = 0;
-			**echo_on = 0;
-			xfree(msg);
-			ctxt->pam_done = -1;
-			return (-1);
-		}
-	}
-	return (-1);
-}
-
-static int
-pam_respond(void *ctx, u_int num, char **resp)
-{
-	Buffer buffer;
-	struct pam_ctxt *ctxt = ctx;
-	char *msg;
-
-	debug2(__func__);
-	switch (ctxt->pam_done) {
-	case 1:
-		return (0);	
-	case 0:
-		break;
-	default:
-		return (-1);
-	}
-	if (num != 1) {
-		error("expected one response, got %u", num);
-		return (-1);
-	}
-	buffer_init(&buffer);
-	buffer_put_cstring(&buffer, *resp);
-	ssh_msg_send(ctxt->pam_sock, PAM_AUTHTOK, &buffer);
-	buffer_free(&buffer);
-	return (1);
-}
-
-static void
-pam_free_ctx(void *ctxtp)
-{
-	struct pam_ctxt *ctxt = ctxtp;
-	int status;
-
-	fatal_remove_cleanup(pam_cleanup, ctxt);
-	close(ctxt->pam_sock);
-	kill(ctxt->pam_pid, SIGHUP);
-	waitpid(ctxt->pam_pid, &status, 0);
-	xfree(ctxt->pam_user);
-	xfree(ctxt);
-}
-
-KbdintDevice pam_device = {
-	"pam",
-	pam_init_ctx,
-	pam_query,
-	pam_respond,
-	pam_free_ctx
-};
-
-KbdintDevice mm_pam_device = {
-	"pam",
-	mm_pam_init_ctx,
-	mm_pam_query,
-	mm_pam_respond,
-	mm_pam_free_ctx
-};
-
-#endif /* USE_PAM */