Vendor import of OpenPAM Cyclamen.

contrib/openpam/CREDITS

@@ -14,6 +14,7 @@ or indirectly, with patches, criticism, suggestions, or ideas:
 	Andrew Morgan <morgan@transmeta.com>
 	Brian Fundakowski Feldman <green@freebsd.org>
 	Darren J. Moffat <Darren.Moffat@sun.com>
+	Eric Melville <eric@freebsd.org>
 	Gary Winiger <Gary.Winiger@sun.com>
 	Joe Marcus Clarke <marcus@marcuscom.com>
 	Mark Murray <markm@freebsd.org>
@@ -22,4 +23,4 @@ or indirectly, with patches, criticism, suggestions, or ideas:
 	Solar Designer <solar@openwall.com>
 	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 
-$P4: //depot/projects/openpam/CREDITS#3 $
+$P4: //depot/projects/openpam/CREDITS#4 $

contrib/openpam/HISTORY

@@ -1,3 +1,18 @@
+OpenPAM Cyclamen						2002-12-12
+
+ - ENHANCE: Improve recursion detection in openpam_dispatch().
+
+ - ENHANCE: Add debugging messages at entry and exit points of most
+   functions.
+
+ - ENHANCE: Fix some minor style issues.
+
+ - BUGFIX: Add default cases to the switches in openpam_log.c.
+
+ - ENHANCE: Add /usr/local/etc/pam.conf to policy search path.
+
+ - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather
+   than stderr.
 ============================================================================
 OpenPAM Citronella						2002-06-30
 
@@ -6,7 +21,7 @@ OpenPAM Citronella						2002-06-30
  - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
    Solaris 9).
 
- - ENHANCE: Flesh out the pam(3) man page.  
+ - ENHANCE: Flesh out the pam(3) man page.
 
  - ENHANCE: Add an openpam(3) page with cross-references to all the
    documented OpenPAM API extensions.
@@ -19,7 +34,6 @@ OpenPAM Citronella						2002-06-30
  - ENHANCE: Added sample pam_unix module.
 
  - BUGFIX: Various documentation nits.
-
 ============================================================================
 OpenPAM Cinquefoil						2002-05-24
 
@@ -184,4 +198,4 @@ OpenPAM	Calamite						2002-02-09
 
 First (beta) release.
 ============================================================================
-$P4: //depot/projects/openpam/HISTORY#13 $
+$P4: //depot/projects/openpam/HISTORY#16 $

contrib/openpam/MANIFEST

@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/openpam/MANIFEST#12 $
+# $P4: //depot/projects/openpam/MANIFEST#13 $
 #
 CREDITS
 HISTORY
@@ -125,8 +125,6 @@ misc/gendoc.pl
 modules/Makefile
 modules/pam_deny/Makefile
 modules/pam_deny/pam_deny.c
-modules/pam_dummy/Makefile
-modules/pam_dummy/pam_dummy.c
 modules/pam_permit/Makefile
 modules/pam_permit/pam_permit.c
 modules/pam_unix/Makefile

contrib/openpam/README

@@ -7,20 +7,21 @@ implementations disagree, OpenPAM tries to remain compatible with
 Solaris, at the expense of XSSO conformance and Linux-PAM
 compatibility.
 
-These are some of OpenPAM's features:	 
+These are some of OpenPAM's features:
 
    - Implements the complete PAM API as described in the original PAM
      paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
-     except for mappings and secondary authentication.
+     except for mappings and secondary authentication.  Also
+     implements some extensions found in Solaris 9.
 
    - Extends the API with several useful and time-saving functions.
 
    - Performs strict checking of return values from service modules.
 
-   - Reads configuration from /etc/pam.d/, /usr/local/etc/pam.d/ and
-     /etc/pam.conf, in that order; this will be made configurable in a
-     future release.
+   - Reads configuration from /etc/pam.d/, /etc/pam.conf,
+     /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
+     this will be made configurable in a future release.
 
 Please direct bug reports and inquiries to openpam@thinksec.com.
 
-$P4: //depot/projects/openpam/README#3 $
+$P4: //depot/projects/openpam/README#4 $

contrib/openpam/RELNOTES

@@ -1,13 +1,26 @@
 
-		 Release notes for OpenPAM Citronella
-		 ====================================
+		  Release notes for OpenPAM Cyclamen
+		  ==================================
+
+This release corresponds to the code used in FreeBSD-CURRENT as of the
+release date.  It has also been successfully built on NetBSD 1.6, and
+should build with minimal or no changes on OpenBSD.  Work is underway
+to port OpenPAM to MacOS 10.2.  It has not been tested on any other
+operating system.
 
 The library itself is complete.  Documentation exists in the form of
-man pages for the library functions.
+man pages for the library functions.  These man pages are generated by
+a Perl script from specially marked-up comments in the source files
+themselves, which minimizes the chance that any of them should be out
+of date.
 
-This release is incorporated into FreeBSD-CURRENT as of 2002-06-30.
-It has also been successfully built on NetBSD, and should build with
-minimal or no changes on OpenBSD.  It has not been tested on any other
-OS.
+The distribution also includes three sample modules (pam_deny,
+pam_permit and pam_unix) and a sample application (su).  These are not
+intended for actual use, but rather to serve as examples for module or
+application developers.
 
-$P4: //depot/projects/openpam/RELNOTES#12 $
+NOTE: to the person who sent me MacOS patches in July 2002: I have
+lost your name and email address.  Please contact me so I can give you
+proper credit for your contribution.
+
+$P4: //depot/projects/openpam/RELNOTES#13 $

contrib/openpam/doc/man/openpam.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/openpam_borrow_cred.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM_BORROW_CRED 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/openpam_free_data.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM_FREE_DATA 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/openpam_get_option.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM_GET_OPTION 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/openpam_log.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM_LOG 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/openpam_nullconv.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM_NULLCONV 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/openpam_restore_cred.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM_RESTORE_CRED 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/openpam_set_option.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM_SET_OPTION 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/openpam_ttyconv.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt OPENPAM_TTYCONV 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_acct_mgmt.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_ACCT_MGMT 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_authenticate.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_AUTHENTICATE 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_chauthtok.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_CHAUTHTOK 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_close_session.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_CLOSE_SESSION 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_end.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_END 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_error.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_ERROR 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_get_authtok.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_GET_AUTHTOK 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_get_data.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_GET_DATA 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_get_item.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_GET_ITEM 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_get_user.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_GET_USER 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_getenv.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_GETENV 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_getenvlist.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_GETENVLIST 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_info.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_INFO 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_open_session.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_OPEN_SESSION 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_prompt.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_PROMPT 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_putenv.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_PUTENV 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_set_data.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SET_DATA 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_set_item.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SET_ITEM 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_setcred.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SETCRED 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_setenv.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SETENV 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_sm_acct_mgmt.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SM_ACCT_MGMT 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_sm_authenticate.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SM_AUTHENTICATE 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_sm_chauthtok.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SM_CHAUTHTOK 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_sm_close_session.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SM_CLOSE_SESSION 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_sm_open_session.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SM_OPEN_SESSION 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_sm_setcred.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_SM_SETCRED 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_start.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_START 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_strerror.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_STRERROR 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_verror.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_VERROR 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_vinfo.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_VINFO 3
 .Os
 .Sh NAME

contrib/openpam/doc/man/pam_vprompt.3

@@ -33,7 +33,7 @@
 .\"
 .\" $P4$
 .\"
-.Dd June 30, 2002
+.Dd December 12, 2002
 .Dt PAM_VPROMPT 3
 .Os
 .Sh NAME

contrib/openpam/include/security/pam_constants.h

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/pam_constants.h#18 $
+ * $P4: //depot/projects/openpam/include/security/pam_constants.h#19 $
  */
 
 #ifndef _PAM_CONSTANTS_H_INCLUDED
@@ -76,7 +76,8 @@ enum {
 	PAM_ABORT			=  26,
 	PAM_TRY_AGAIN			=  27,
 	PAM_MODULE_UNKNOWN		=  28,
-	PAM_DOMAIN_UNKNOWN		=  29
+	PAM_DOMAIN_UNKNOWN		=  29,
+	PAM_NUM_ERRORS					/* OpenPAM extension */
 };
 
 /*

contrib/openpam/lib/openpam_borrow_cred.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#2 $
+ * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#3 $
  */
 
 #include <sys/param.h>
@@ -57,30 +57,31 @@ openpam_borrow_cred(pam_handle_t *pamh,
 	struct pam_saved_cred *scred;
 	int r;
 
+	ENTER();
 	if (geteuid() != 0)
-		return (PAM_PERM_DENIED);
+		RETURNC(PAM_PERM_DENIED);
 	scred = calloc(1, sizeof *scred);
 	if (scred == NULL)
-		return (PAM_BUF_ERR);
+		RETURNC(PAM_BUF_ERR);
 	scred->euid = geteuid();
 	scred->egid = getegid();
 	r = getgroups(NGROUPS_MAX, scred->groups);
 	if (r == -1) {
 		free(scred);
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 	}
 	scred->ngroups = r;
 	r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data);
 	if (r != PAM_SUCCESS) {
 		free(scred);
-		return (r);
+		RETURNC(r);
 	}
 	if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 ||
 	      setegid(pwd->pw_gid) == -1 || seteuid(pwd->pw_uid) == -1) {
 		openpam_restore_cred(pamh);
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 	}
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
 }
 
 /*

contrib/openpam/lib/openpam_configure.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_configure.c#5 $
+ * $P4: //depot/projects/openpam/lib/openpam_configure.c#6 $
  */
 
 #include <ctype.h>
@@ -213,6 +213,7 @@ static const char *openpam_policy_path[] = {
 	"/etc/pam.d/",
 	"/etc/pam.conf",
 	"/usr/local/etc/pam.d/",
+	"/usr/local/etc/pam.conf",
 	NULL
 };
 

contrib/openpam/lib/openpam_dispatch.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#17 $
+ * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#18 $
  */
 
 #include <sys/param.h>
@@ -60,13 +60,18 @@ openpam_dispatch(pam_handle_t *pamh,
 	pam_chain_t *chain;
 	int err, fail, r;
 
+	ENTER();
 	if (pamh == NULL)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 
 	/* prevent recursion */
 	if (pamh->current != NULL) {
-		openpam_log(PAM_LOG_ERROR, "indirect recursion");
-		return (PAM_ABORT);
+		openpam_log(PAM_LOG_ERROR,
+		    "%s() called while %s::%s() is in progress",
+		    _pam_func_name[primitive],
+		    pamh->current->module->path,
+		    _pam_sm_func_name[pamh->primitive]);
+		RETURNC(PAM_ABORT);
 	}
 
 	/* pick a chain */
@@ -86,7 +91,7 @@ openpam_dispatch(pam_handle_t *pamh,
 		chain = pamh->chains[PAM_PASSWORD];
 		break;
 	default:
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 	}
 
 	/* execute */
@@ -98,6 +103,7 @@ openpam_dispatch(pam_handle_t *pamh,
 			    chain->module->path, _pam_sm_func_name[primitive]);
 			continue;
 		} else {
+			pamh->primitive = primitive;
 			pamh->current = chain;
 			r = (chain->module->func[primitive])(pamh, flags,
 			    chain->optc, (const char **)chain->optv);
@@ -153,8 +159,7 @@ openpam_dispatch(pam_handle_t *pamh,
 
 	if (!fail && err != PAM_NEW_AUTHTOK_REQD)
 		err = PAM_SUCCESS;
-	openpam_log(PAM_LOG_DEBUG, "returning: %s", pam_strerror(pamh, err));
-	return (err);
+	RETURNC(err);
 }
 
 #if !defined(OPENPAM_RELAX_CHECKS)

contrib/openpam/lib/openpam_findenv.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_findenv.c#8 $
+ * $P4: //depot/projects/openpam/lib/openpam_findenv.c#9 $
  */
 
 #include <string.h>
@@ -53,14 +53,14 @@ openpam_findenv(pam_handle_t *pamh,
 {
 	int i;
 
+	ENTER();
 	if (pamh == NULL)
-		return (-1);
-
+		RETURNI(-1);
 	for (i = 0; i < pamh->env_count; ++i)
 		if (strncmp(pamh->env[i], name, len) == 0 &&
 		    pamh->env[i][len] == '=')
-			return (i);
-	return (-1);
+			RETURNI(i);
+	RETURNI(-1);
 }
 
 /*

contrib/openpam/lib/openpam_free_data.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_free_data.c#2 $
+ * $P4: //depot/projects/openpam/lib/openpam_free_data.c#3 $
  */
 
 #include <stdlib.h>
@@ -50,10 +50,12 @@
 void
 openpam_free_data(pam_handle_t *pamh, void *data, int status)
 {
-	/* silence compiler warnings */
-	pamh = pamh;
-	status = status;
+
+	ENTER();
+	(void)pamh;
+	(void)status;
 	free(data);
+	RETURNV();
 }
 
 /*

contrib/openpam/lib/openpam_get_option.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_get_option.c#4 $
+ * $P4: //depot/projects/openpam/lib/openpam_get_option.c#5 $
  */
 
 #include <sys/param.h>
@@ -57,19 +57,20 @@ openpam_get_option(pam_handle_t *pamh,
 	size_t len;
 	int i;
 
+	ENTER();
 	if (pamh == NULL || pamh->current == NULL || option == NULL)
-		return (NULL);
+		RETURNS(NULL);
 	cur = pamh->current;
 	len = strlen(option);
 	for (i = 0; i < cur->optc; ++i) {
 		if (strncmp(cur->optv[i], option, len) == 0) {
 			if (cur->optv[i][len] == '\0')
-				return (&cur->optv[i][len]);
+				RETURNS(&cur->optv[i][len]);
 			else if (cur->optv[i][len] == '=')
-				return (&cur->optv[i][len + 1]);
+				RETURNS(&cur->optv[i][len + 1]);
 		}
 	}
-	return (NULL);
+	RETURNS(NULL);
 }
 
 /*

contrib/openpam/lib/openpam_impl.h

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_impl.h#16 $
+ * $P4: //depot/projects/openpam/lib/openpam_impl.h#17 $
  */
 
 #ifndef _OPENPAM_IMPL_H_INCLUDED
@@ -39,7 +39,9 @@
 
 #include <security/openpam.h>
 
+extern const char *_pam_func_name[PAM_NUM_PRIMITIVES];
 extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
+extern const char *_pam_err_name[PAM_NUM_ERRORS];
 
 /*
  * Control flags
@@ -83,6 +85,7 @@ struct pam_handle {
 	/* chains */
 	pam_chain_t	*chains[PAM_NUM_CHAINS];
 	pam_chain_t	*current;
+	int		 primitive;
 
 	/* items and data */
 	void		*item[PAM_NUM_ITEMS];
@@ -118,4 +121,41 @@ pam_module_t   *openpam_static(const char *);
 #endif
 pam_module_t   *openpam_dynamic(const char *);
 
+#ifdef DEBUG
+#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
+#define	RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
+#define RETURNC(c) do { \
+	if ((c) >= 0 && (c) < PAM_NUM_ERRORS)
+		openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[c]); \
+	else \
+		openpam_log(PAM_LOG_DEBUG, "returning %d!", (c)); \
+	return (c); \
+} while (0)
+#define	RETURNI(n) do { \
+	openpam_log(PAM_LOG_DEBUG, "returning %d", (n)); \
+	return (n); \
+} while (0)
+#define	RETURNP(p) do { \
+	if ((p) == NULL) \
+		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
+	else \
+		openpam_log(PAM_LOG_DEBUG, "returning %p", (p)); \
+	return (p); \
+} while (0)
+#define	RETURNS(s) do { \
+	if ((s) == NULL) \
+		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
+	else \
+		openpam_log(PAM_LOG_DEBUG, "returning '%s'", (s)); \
+	return (s); \
+} while (0)
+#else
+#define ENTER()
+#define RETURNV() return
+#define RETURNC(c) return (c)
+#define RETURNI(n) return (i)
+#define RETURNP(p) return (p)
+#define RETURNS(s) return (s)
+#endif
+
 #endif

contrib/openpam/lib/openpam_load.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_load.c#14 $
+ * $P4: //depot/projects/openpam/lib/openpam_load.c#15 $
  */
 
 #include <dlfcn.h>
@@ -42,6 +42,15 @@
 
 #include "openpam_impl.h"
 
+const char *_pam_func_name[PAM_NUM_PRIMITIVES] = {
+	"pam_authenticate",
+	"pam_setcred",
+	"pam_acct_mgmt",
+	"pam_open_session",
+	"pam_close_session",
+	"pam_chauthtok"
+};
+
 const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
 	"pam_sm_authenticate",
 	"pam_sm_setcred",

contrib/openpam/lib/openpam_log.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_log.c#16 $
+ * $P4: //depot/projects/openpam/lib/openpam_log.c#17 $
  */
 
 #include <ctype.h>
@@ -64,9 +64,10 @@ _openpam_log(int level, const char *func, const char *fmt, ...)
 	case PAM_LOG_DEBUG:
 #ifndef DEBUG
 		return;
-#endif
+#else
 		priority = LOG_DEBUG;
 		break;
+#endif
 	case PAM_LOG_VERBOSE:
 		priority = LOG_INFO;
 		break;
@@ -109,9 +110,10 @@ openpam_log(int level, const char *fmt, ...)
 	case PAM_LOG_DEBUG:
 #ifndef DEBUG
 		return;
-#endif
+#else
 		priority = LOG_DEBUG;
 		break;
+#endif
 	case PAM_LOG_VERBOSE:
 		priority = LOG_INFO;
 		break;

contrib/openpam/lib/openpam_nullconv.c

@@ -31,13 +31,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#3 $
+ * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#4 $
  */
 
 #include <sys/types.h>
 
 #include <security/pam_appl.h>
-#include <security/openpam.h>
+
+#include "openpam_impl.h"
 
 /*
  * OpenPAM extension
@@ -52,11 +53,12 @@ openpam_nullconv(int n,
 	 void *data)
 {
 
+	ENTER();
 	(void)n;
 	(void)msg;
 	(void)resp;
 	(void)data;
-	return (PAM_CONV_ERR);
+	RETURNC(PAM_CONV_ERR);
 }
 
 /*

contrib/openpam/lib/openpam_restore_cred.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#2 $
+ * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#3 $
  */
 
 #include <sys/param.h>
@@ -56,17 +56,18 @@ openpam_restore_cred(pam_handle_t *pamh)
 	struct pam_saved_cred *scred;
 	int r;
 
+	ENTER();
 	r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred);
 	if (r != PAM_SUCCESS)
-		return (r);
+		RETURNC(r);
 	if (scred == NULL)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 	if (seteuid(scred->euid) == -1 ||
 	    setgroups(scred->ngroups, scred->groups) == -1 ||
 	    setegid(scred->egid) == -1)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 	pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL);
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
 }
 
 /*

contrib/openpam/lib/openpam_set_option.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_set_option.c#5 $
+ * $P4: //depot/projects/openpam/lib/openpam_set_option.c#6 $
  */
 
 #include <sys/param.h>
@@ -61,8 +61,9 @@ openpam_set_option(pam_handle_t *pamh,
 	size_t len;
 	int i;
 
+	ENTER();
 	if (pamh == NULL || pamh->current == NULL || option == NULL)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 	cur = pamh->current;
 	for (len = 0; option[len] != '\0'; ++len)
 		if (option[len] == '=')
@@ -75,21 +76,21 @@ openpam_set_option(pam_handle_t *pamh,
 	if (value == NULL) {
 		/* remove */
 		if (i == cur->optc)
-			return (PAM_SUCCESS);
+			RETURNC(PAM_SUCCESS);
 		for (free(cur->optv[i]); i < cur->optc; ++i)
 			cur->optv[i] = cur->optv[i + 1];
 		cur->optv[i] = NULL;
-		return (PAM_SUCCESS);
+		RETURNC(PAM_SUCCESS);
 	}
 	if ((opt = malloc(len + strlen(value) + 2)) == NULL)
-		return (PAM_BUF_ERR);
+		RETURNC(PAM_BUF_ERR);
 	sprintf(opt, "%.*s=%s", (int)len, option, value);
 	if (i == cur->optc) {
 		/* add */
 		optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2));
 		if (optv == NULL) {
 			free(opt);
-			return (PAM_BUF_ERR);
+			RETURNC(PAM_BUF_ERR);
 		}
 		optv[i] = opt;
 		optv[i + 1] = NULL;
@@ -100,7 +101,7 @@ openpam_set_option(pam_handle_t *pamh,
 		free(cur->optv[i]);
 		cur->optv[i] = opt;
 	}
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
 }
 
 /*

contrib/openpam/lib/openpam_ttyconv.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#13 $
+ * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#14 $
  */
 
 #include <sys/types.h>
@@ -46,7 +46,8 @@
 #include <unistd.h>
 
 #include <security/pam_appl.h>
-#include <security/openpam.h>
+
+#include "openpam_impl.h"
 
 int openpam_ttyconv_timeout = 0;
 static jmp_buf jmpenv;
@@ -139,11 +140,12 @@ openpam_ttyconv(int n,
 {
 	int i;
 
-	data = data;
+	ENTER();
+	(void)data;
 	if (n <= 0 || n > PAM_MAX_NUM_MSG)
-		return (PAM_CONV_ERR);
+		RETURNC(PAM_CONV_ERR);
 	if ((*resp = calloc(n, sizeof **resp)) == NULL)
-		return (PAM_BUF_ERR);
+		RETURNC(PAM_BUF_ERR);
 	for (i = 0; i < n; ++i) {
 		resp[i]->resp_retcode = 0;
 		resp[i]->resp = NULL;
@@ -174,13 +176,13 @@ openpam_ttyconv(int n,
 			goto fail;
 		}
 	}
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
  fail:
 	while (i)
 		free(resp[--i]);
 	free(*resp);
 	*resp = NULL;
-	return (PAM_CONV_ERR);
+	RETURNC(PAM_CONV_ERR);
 }
 
 /*

contrib/openpam/lib/pam_acct_mgmt.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#10 $
  */
 
 #include <sys/param.h>
@@ -51,8 +51,11 @@ int
 pam_acct_mgmt(pam_handle_t *pamh,
 	int flags)
 {
+	int pam_err;
 
-	return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags));
+	ENTER();
+	pam_err = openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags);
+	RETURNC(pam_err);
 }
 
 /*

contrib/openpam/lib/pam_authenticate.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_authenticate.c#11 $
+ * $P4: //depot/projects/openpam/lib/pam_authenticate.c#12 $
  */
 
 #include <sys/param.h>
@@ -53,11 +53,12 @@ pam_authenticate(pam_handle_t *pamh,
 {
 	int pam_err;
 
+	ENTER();
 	if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK))
-		return (PAM_SYMBOL_ERR);
+		RETURNC(PAM_SYMBOL_ERR);
 	pam_err = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags);
 	pam_set_item(pamh, PAM_AUTHTOK, NULL);
-	return (pam_err);
+	RETURNC(pam_err);
 }
 
 /*

contrib/openpam/lib/pam_authenticate_secondary.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#7 $
  */
 
 #include <security/pam_appl.h>
@@ -53,7 +53,8 @@ pam_authenticate_secondary(pam_handle_t *pamh,
 	int flags)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_chauthtok.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#12 $
+ * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#13 $
  */
 
 #include <sys/param.h>
@@ -53,8 +53,9 @@ pam_chauthtok(pam_handle_t *pamh,
 {
 	int pam_err;
 
+	ENTER();
 	if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK))
-		return (PAM_SYMBOL_ERR);
+		RETURNC(PAM_SYMBOL_ERR);
 	pam_err = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK,
 	    flags | PAM_PRELIM_CHECK);
 	if (pam_err == PAM_SUCCESS)
@@ -62,7 +63,7 @@ pam_chauthtok(pam_handle_t *pamh,
 		    flags | PAM_UPDATE_AUTHTOK);
 	pam_set_item(pamh, PAM_OLDAUTHTOK, NULL);
 	pam_set_item(pamh, PAM_AUTHTOK, NULL);
-	return (pam_err);
+	RETURNC(pam_err);
 }
 
 /*

contrib/openpam/lib/pam_close_session.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_close_session.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_close_session.c#10 $
  */
 
 #include <sys/param.h>
@@ -52,9 +52,10 @@ pam_close_session(pam_handle_t *pamh,
 	int flags)
 {
 
+	ENTER();
 	if (flags & ~(PAM_SILENT))
-		return (PAM_SYMBOL_ERR);
-	return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
+		RETURNC(PAM_SYMBOL_ERR);
+	RETURNC(openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
 }
 
 /*

contrib/openpam/lib/pam_end.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_end.c#10 $
+ * $P4: //depot/projects/openpam/lib/pam_end.c#11 $
  */
 
 #include <stdlib.h>
@@ -54,8 +54,9 @@ pam_end(pam_handle_t *pamh,
 	pam_data_t *dp;
 	int i;
 
+	ENTER();
 	if (pamh == NULL)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 
 	/* clear module data */
 	while ((dp = pamh->module_data) != NULL) {
@@ -80,7 +81,7 @@ pam_end(pam_handle_t *pamh,
 
 	free(pamh);
 
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
 }
 
 /*

contrib/openpam/lib/pam_get_authtok.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#19 $
+ * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#20 $
  */
 
 #include <sys/param.h>
@@ -65,9 +65,9 @@ pam_get_authtok(pam_handle_t *pamh,
 	char *resp, *resp2;
 	int pitem, r, style, twice;
 
+	ENTER();
 	if (pamh == NULL || authtok == NULL)
-		return (PAM_SYSTEM_ERR);
-
+		RETURNC(PAM_SYSTEM_ERR);
 	*authtok = NULL;
 	twice = 0;
 	switch (item) {
@@ -86,16 +86,15 @@ pam_get_authtok(pam_handle_t *pamh,
 		twice = 0;
 		break;
 	default:
-		return (PAM_SYMBOL_ERR);
+		RETURNC(PAM_SYMBOL_ERR);
 	}
-
 	if (openpam_get_option(pamh, "try_first_pass") ||
 	    openpam_get_option(pamh, "use_first_pass")) {
 		r = pam_get_item(pamh, item, (const void **)authtok);
 		if (r == PAM_SUCCESS && *authtok != NULL)
-			return (PAM_SUCCESS);
+			RETURNC(PAM_SUCCESS);
 		else if (openpam_get_option(pamh, "use_first_pass"))
-			return (r == PAM_SUCCESS ? PAM_AUTH_ERR : r);
+			RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r);
 	}
 	if (prompt == NULL) {
 		r = pam_get_item(pamh, pitem, (const void **)&prompt);
@@ -106,12 +105,12 @@ pam_get_authtok(pam_handle_t *pamh,
 	    PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
 	r = pam_prompt(pamh, style, &resp, "%s", prompt);
 	if (r != PAM_SUCCESS)
-		return (r);
+		RETURNC(r);
 	if (twice) {
 		r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
 		if (r != PAM_SUCCESS) {
 			free(resp);
-			return (r);
+			RETURNC(r);
 		}
 		if (strcmp(resp, resp2) != 0) {
 			free(resp);
@@ -120,12 +119,12 @@ pam_get_authtok(pam_handle_t *pamh,
 		free(resp2);
 	}
 	if (resp == NULL)
-		return (PAM_TRY_AGAIN);
+		RETURNC(PAM_TRY_AGAIN);
 	r = pam_set_item(pamh, item, resp);
 	free(resp);
 	if (r != PAM_SUCCESS)
-		return (r);
-	return (pam_get_item(pamh, item, (const void **)authtok));
+		RETURNC(r);
+	RETURNC(pam_get_item(pamh, item, (const void **)authtok));
 }
 
 /*

contrib/openpam/lib/pam_get_data.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_data.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_get_data.c#9 $
  */
 
 #include <string.h>
@@ -54,16 +54,15 @@ pam_get_data(pam_handle_t *pamh,
 {
 	pam_data_t *dp;
 
+	ENTER();
 	if (pamh == NULL)
-		return (PAM_SYSTEM_ERR);
-
+		RETURNC(PAM_SYSTEM_ERR);
 	for (dp = pamh->module_data; dp != NULL; dp = dp->next)
 		if (strcmp(dp->name, module_data_name) == 0) {
 			*data = dp->data;
-			return (PAM_SUCCESS);
+			RETURNC(PAM_SUCCESS);
 		}
-
-	return (PAM_NO_MODULE_DATA);
+	RETURNC(PAM_NO_MODULE_DATA);
 }
 
 /*

contrib/openpam/lib/pam_get_item.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_item.c#13 $
+ * $P4: //depot/projects/openpam/lib/pam_get_item.c#14 $
  */
 
 #include <sys/param.h>
@@ -52,9 +52,10 @@ pam_get_item(pam_handle_t *pamh,
 	int item_type,
 	const void **item)
 {
-	if (pamh == NULL)
-		return (PAM_SYSTEM_ERR);
 
+	ENTER();
+	if (pamh == NULL)
+		RETURNC(PAM_SYSTEM_ERR);
 	switch (item_type) {
 	case PAM_SERVICE:
 	case PAM_USER:
@@ -69,9 +70,9 @@ pam_get_item(pam_handle_t *pamh,
 	case PAM_OLDAUTHTOK_PROMPT:
 	case PAM_REPOSITORY:
 		*item = pamh->item[item_type];
-		return (PAM_SUCCESS);
+		RETURNC(PAM_SUCCESS);
 	default:
-		return (PAM_SYMBOL_ERR);
+		RETURNC(PAM_SYMBOL_ERR);
 	}
 }
 

contrib/openpam/lib/pam_get_mapped_authtok.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#7 $
  */
 
 #include <security/pam_appl.h>
@@ -52,7 +52,8 @@ pam_get_mapped_authtok(pam_handle_t *pamh,
 	unsigned char **target_module_authtok)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_get_mapped_username.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#7 $
  */
 
 #include <security/pam_appl.h>
@@ -53,7 +53,8 @@ pam_get_mapped_username(pam_handle_t *pamh,
 	char **target_module_username)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_get_user.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_user.c#12 $
+ * $P4: //depot/projects/openpam/lib/pam_get_user.c#13 $
  */
 
 #include <sys/param.h>
@@ -60,12 +60,12 @@ pam_get_user(pam_handle_t *pamh,
 	char *resp;
 	int r;
 
+	ENTER();
 	if (pamh == NULL || user == NULL)
-		return (PAM_SYSTEM_ERR);
-
+		RETURNC(PAM_SYSTEM_ERR);
 	r = pam_get_item(pamh, PAM_USER, (const void **)user);
 	if (r == PAM_SUCCESS)
-		return (PAM_SUCCESS);
+		RETURNC(PAM_SUCCESS);
 	if (prompt == NULL) {
 		r = pam_get_item(pamh, PAM_USER_PROMPT, (const void **)&prompt);
 		if (r != PAM_SUCCESS || prompt == NULL)
@@ -73,12 +73,12 @@ pam_get_user(pam_handle_t *pamh,
 	}
 	r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt);
 	if (r != PAM_SUCCESS)
-		return (r);
+		RETURNC(r);
 	r = pam_set_item(pamh, PAM_USER, resp);
 	free(resp);
 	if (r != PAM_SUCCESS)
-		return (r);
-	return (pam_get_item(pamh, PAM_USER, (const void **)user));
+		RETURNC(r);
+	RETURNC(pam_get_item(pamh, PAM_USER, (const void **)user));
 }
 
 /*

contrib/openpam/lib/pam_getenv.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_getenv.c#7 $
+ * $P4: //depot/projects/openpam/lib/pam_getenv.c#8 $
  */
 
 #include <stdlib.h>
@@ -54,16 +54,14 @@ pam_getenv(pam_handle_t *pamh,
 {
 	int i;
 
+	ENTER();
 	if (pamh == NULL)
-		return (NULL);
-
-	/* sanity checks */
+		RETURNC(NULL);
 	if (name == NULL || strchr(name, '=') != NULL)
-		return (NULL);
-
+		RETURNC(NULL);
 	if ((i = openpam_findenv(pamh, name, strlen(name))) == -1)
-		return (NULL);
-	return (strdup(pamh->env[i]));
+		RETURNC(NULL);
+	RETURNC(strdup(pamh->env[i]));
 }
 
 /**

contrib/openpam/lib/pam_getenvlist.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#10 $
  */
 
 #include <stdlib.h>
@@ -54,14 +54,14 @@ pam_getenvlist(pam_handle_t *pamh)
 	char **envlist;
 	int i;
 
+	ENTER();
 	if (pamh == NULL)
-		return (NULL);
-
+		RETURNP(NULL);
 	envlist = malloc(sizeof(char *) * (pamh->env_count + 1));
 	if (envlist == NULL) {
 		openpam_log(PAM_LOG_ERROR, "%s",
 			pam_strerror(pamh, PAM_BUF_ERR));
-		return (NULL);
+		RETURNP(NULL);
 	}
 	for (i = 0; i < pamh->env_count; ++i) {
 		if ((envlist[i] = strdup(pamh->env[i])) == NULL) {
@@ -70,12 +70,11 @@ pam_getenvlist(pam_handle_t *pamh)
 			free(envlist);
 			openpam_log(PAM_LOG_ERROR, "%s",
 				pam_strerror(pamh, PAM_BUF_ERR));
-			return (NULL);
+			RETURNP(NULL);
 		}
 	}
 	envlist[i] = NULL;
-	openpam_log(PAM_LOG_DEBUG, "returning %d variables\n", pamh->env_count);
-	return (envlist);
+	RETURNP(envlist);
 }
 
 /**

contrib/openpam/lib/pam_open_session.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_open_session.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_open_session.c#10 $
  */
 
 #include <sys/param.h>
@@ -52,9 +52,10 @@ pam_open_session(pam_handle_t *pamh,
 	int flags)
 {
 
+	ENTER();
 	if (flags & ~(PAM_SILENT))
-		return (PAM_SYMBOL_ERR);
-	return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
+		RETURNC(PAM_SYMBOL_ERR);
+	RETURNC(openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
 }
 
 /*

contrib/openpam/lib/pam_putenv.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_putenv.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_putenv.c#9 $
  */
 
 #include <stdlib.h>
@@ -55,20 +55,21 @@ pam_putenv(pam_handle_t *pamh,
 	char **env, *p;
 	int i;
 
+	ENTER();
 	if (pamh == NULL)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 
 	/* sanity checks */
 	if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 
 	/* see if the variable is already in the environment */
 	if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) != -1) {
 		if ((p = strdup(namevalue)) == NULL)
-			return (PAM_BUF_ERR);
+			RETURNC(PAM_BUF_ERR);
 		free(pamh->env[i]);
 		pamh->env[i] = p;
-		return (PAM_SUCCESS);
+		RETURNC(PAM_SUCCESS);
 	}
 
 	/* grow the environment list if necessary */
@@ -76,16 +77,16 @@ pam_putenv(pam_handle_t *pamh,
 		env = realloc(pamh->env,
 		    sizeof(char *) * (pamh->env_size * 2 + 1));
 		if (env == NULL)
-			return (PAM_BUF_ERR);
+			RETURNC(PAM_BUF_ERR);
 		pamh->env = env;
 		pamh->env_size = pamh->env_size * 2 + 1;
 	}
 
 	/* add the variable at the end */
 	if ((pamh->env[pamh->env_count] = strdup(namevalue)) == NULL)
-		return (PAM_BUF_ERR);
+		RETURNC(PAM_BUF_ERR);
 	++pamh->env_count;
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
 }
 
 /*

contrib/openpam/lib/pam_set_data.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_set_data.c#10 $
+ * $P4: //depot/projects/openpam/lib/pam_set_data.c#11 $
  */
 
 #include <stdlib.h>
@@ -58,30 +58,29 @@ pam_set_data(pam_handle_t *pamh,
 {
 	pam_data_t *dp;
 
+	ENTER();
 	if (pamh == NULL)
-		return (PAM_SYSTEM_ERR);
-
+		RETURNC(PAM_SYSTEM_ERR);
 	for (dp = pamh->module_data; dp != NULL; dp = dp->next) {
 		if (strcmp(dp->name, module_data_name) == 0) {
 			if (dp->cleanup)
 				(dp->cleanup)(pamh, dp->data, PAM_SUCCESS);
 			dp->data = data;
 			dp->cleanup = cleanup;
-			return (PAM_SUCCESS);
+			RETURNC(PAM_SUCCESS);
 		}
 	}
-
 	if ((dp = malloc(sizeof *dp)) == NULL)
-		return (PAM_BUF_ERR);
+		RETURNC(PAM_BUF_ERR);
 	if ((dp->name = strdup(module_data_name)) == NULL) {
 		free(dp);
-		return (PAM_BUF_ERR);
+		RETURNC(PAM_BUF_ERR);
 	}
 	dp->data = data;
 	dp->cleanup = cleanup;
 	dp->next = pamh->module_data;
 	pamh->module_data = dp;
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
 }
 
 /*

contrib/openpam/lib/pam_set_item.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_set_item.c#15 $
+ * $P4: //depot/projects/openpam/lib/pam_set_item.c#16 $
  */
 
 #include <sys/param.h>
@@ -58,9 +58,9 @@ pam_set_item(pam_handle_t *pamh,
 	void **slot, *tmp;
 	size_t nsize, osize;
 
+	ENTER();
 	if (pamh == NULL)
-		return (PAM_SYSTEM_ERR);
-
+		RETURNC(PAM_SYSTEM_ERR);
 	slot = &pamh->item[item_type];
 	switch (item_type) {
 	case PAM_SERVICE:
@@ -85,7 +85,7 @@ pam_set_item(pam_handle_t *pamh,
 		osize = nsize = sizeof(struct pam_conv);
 		break;
 	default:
-		return (PAM_SYMBOL_ERR);
+		RETURNC(PAM_SYMBOL_ERR);
 	}
 	if (*slot != NULL) {
 		memset(*slot, 0xd0, osize);
@@ -93,13 +93,13 @@ pam_set_item(pam_handle_t *pamh,
 	}
 	if (item != NULL) {
 		if ((tmp = malloc(nsize)) == NULL)
-			return (PAM_BUF_ERR);
+			RETURNC(PAM_BUF_ERR);
 		memcpy(tmp, item, nsize);
 	} else {
 		tmp = NULL;
 	}
 	*slot = tmp;
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
 }
 
 /*

contrib/openpam/lib/pam_set_mapped_authtok.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#7 $
  */
 
 #include <security/pam_appl.h>
@@ -52,7 +52,8 @@ pam_set_mapped_authtok(pam_handle_t *pamh,
 	const char *target_authn_domain)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_set_mapped_username.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#7 $
  */
 
 #include <security/pam_appl.h>
@@ -53,7 +53,8 @@ pam_set_mapped_username(pam_handle_t *pamh,
 	char *target_authn_domain)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_setcred.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_setcred.c#10 $
+ * $P4: //depot/projects/openpam/lib/pam_setcred.c#11 $
  */
 
 #include <sys/param.h>
@@ -52,11 +52,12 @@ pam_setcred(pam_handle_t *pamh,
 	int flags)
 {
 
+	ENTER();
 	if (flags & ~(PAM_SILENT|PAM_ESTABLISH_CRED|PAM_DELETE_CRED|
 		PAM_REINITIALIZE_CRED|PAM_REFRESH_CRED))
-		return (PAM_SYMBOL_ERR);
+		RETURNC(PAM_SYMBOL_ERR);
 	/* XXX enforce exclusivity */
-	return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
+	RETURNC(openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
 }
 
 /*

contrib/openpam/lib/pam_setenv.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_setenv.c#7 $
+ * $P4: //depot/projects/openpam/lib/pam_setenv.c#8 $
  */
 
 #include <stdlib.h>
@@ -58,24 +58,25 @@ pam_setenv(pam_handle_t *pamh,
 	char *env;
 	int r;
 
+	ENTER();
 	if (pamh == NULL)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 
 	/* sanity checks */
 	if (name == NULL || value == NULL || strchr(name, '=') != NULL)
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 
 	/* is it already there? */
 	if (!overwrite && openpam_findenv(pamh, name, strlen(name)) != -1)
-		return (PAM_SUCCESS);
+		RETURNC(PAM_SUCCESS);
 
 	/* set it... */
 	if ((env = malloc(strlen(name) + strlen(value) + 2)) == NULL)
-		return (PAM_BUF_ERR);
+		RETURNC(PAM_BUF_ERR);
 	sprintf(env, "%s=%s", name, value);
 	r = pam_putenv(pamh, env);
 	free(env);
-	return (r);
+	RETURNC(r);
 }
 
 /*

contrib/openpam/lib/pam_sm_acct_mgmt.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#5 $
  */
 
 #include <sys/param.h>
@@ -53,7 +53,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_authenticate.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#5 $
  */
 
 #include <sys/param.h>
@@ -53,7 +53,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_authenticate_secondary.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#5 $
  */
 
 #include <sys/param.h>
@@ -58,7 +58,8 @@ pam_sm_authenticate_secondary(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_chauthtok.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#5 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#6 $
  */
 
 #include <sys/param.h>
@@ -53,7 +53,8 @@ pam_sm_chauthtok(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_close_session.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#5 $
  */
 
 #include <sys/param.h>
@@ -53,7 +53,8 @@ pam_sm_close_session(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_get_mapped_authtok.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#5 $
  */
 
 #include <sys/param.h>
@@ -57,7 +57,8 @@ pam_sm_get_mapped_authtok(pam_handle_t *pamh,
 	char *argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_get_mapped_username.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#5 $
  */
 
 #include <sys/param.h>
@@ -58,7 +58,8 @@ pam_sm_get_mapped_username(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_open_session.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#5 $
  */
 
 #include <sys/param.h>
@@ -53,7 +53,8 @@ pam_sm_open_session(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_set_mapped_authtok.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#5 $
  */
 
 #include <sys/param.h>
@@ -57,7 +57,8 @@ pam_sm_set_mapped_authtok(pam_handle_t *pamh,
 	const char *argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_set_mapped_username.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#5 $
  */
 
 #include <sys/param.h>
@@ -55,7 +55,8 @@ pam_sm_set_mapped_username(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 /*

contrib/openpam/lib/pam_sm_setcred.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#5 $
  */
 
 #include <sys/param.h>
@@ -53,7 +53,8 @@ pam_sm_setcred(pam_handle_t *pamh,
 	const char **argv)
 {
 
-	return (PAM_SYSTEM_ERR);
+	ENTER();
+	RETURNC(PAM_SYSTEM_ERR);
 }
 
 

contrib/openpam/lib/pam_start.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_start.c#16 $
+ * $P4: //depot/projects/openpam/lib/pam_start.c#17 $
  */
 
 #include <stdlib.h>
@@ -56,8 +56,9 @@ pam_start(const char *service,
 	struct pam_handle *ph;
 	int r;
 
+	ENTER();
 	if ((ph = calloc(1, sizeof *ph)) == NULL)
-		return (PAM_BUF_ERR);
+		RETURNC(PAM_BUF_ERR);
 	if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS)
 		goto fail;
 	if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS)
@@ -71,11 +72,11 @@ pam_start(const char *service,
 
 	*pamh = ph;
 	openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service);
-	return (PAM_SUCCESS);
+	RETURNC(PAM_SUCCESS);
 
  fail:
 	pam_end(ph, r);
-	return (r);
+	RETURNC(r);
 }
 
 /*

contrib/openpam/lib/pam_strerror.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_strerror.c#10 $
+ * $P4: //depot/projects/openpam/lib/pam_strerror.c#11 $
  */
 
 #include <stdio.h>
@@ -40,6 +40,39 @@
 
 #include "openpam_impl.h"
 
+const char *_pam_err_name[PAM_NUM_ERRORS] = {
+	"PAM_SUCCESS",
+	"PAM_OPEN_ERR",
+	"PAM_SYMBOL_ERR",
+	"PAM_SERVICE_ERR",
+	"PAM_SYSTEM_ERR",
+	"PAM_BUF_ERR",
+	"PAM_CONV_ERR",
+	"PAM_PERM_DENIED",
+	"PAM_MAXTRIES",
+	"PAM_AUTH_ERR",
+	"PAM_NEW_AUTHTOK_REQD",
+	"PAM_CRED_INSUFFICIENT",
+	"PAM_AUTHINFO_UNAVAIL",
+	"PAM_USER_UNKNOWN",
+	"PAM_CRED_UNAVAIL",
+	"PAM_CRED_EXPIRED",
+	"PAM_CRED_ERR",
+	"PAM_ACCT_EXPIRED",
+	"PAM_AUTHTOK_EXPIRED",
+	"PAM_SESSION_ERR",
+	"PAM_AUTHTOK_ERR",
+	"PAM_AUTHTOK_RECOVERY_ERR",
+	"PAM_AUTHTOK_LOCK_BUSY",
+	"PAM_AUTHTOK_DISABLE_AGING",
+	"PAM_NO_MODULE_DATA",
+	"PAM_IGNORE",
+	"PAM_ABORT",
+	"PAM_TRY_AGAIN",
+	"PAM_MODULE_UNKNOWN",
+	"PAM_DOMAIN_UNKNOWN"
+};
+
 /*
  * XSSO 4.2.1
  * XSSO 6 page 92
@@ -53,7 +86,7 @@ pam_strerror(pam_handle_t *pamh,
 {
 	static char unknown[16];
 
-	pamh = pamh;
+	(void)pamh;
 
 	switch (error_number) {
 	case PAM_SUCCESS:

contrib/openpam/lib/pam_vprompt.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_vprompt.c#7 $
+ * $P4: //depot/projects/openpam/lib/pam_vprompt.c#8 $
  */
 
 #include <stdarg.h>
@@ -39,7 +39,8 @@
 #include <stdlib.h>
 
 #include <security/pam_appl.h>
-#include <security/openpam.h>
+
+#include "openpam_impl.h"
 
 /*
  * OpenPAM extension
@@ -61,12 +62,13 @@ pam_vprompt(pam_handle_t *pamh,
 	struct pam_conv *conv;
 	int r;
 
+	ENTER();
 	r = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
 	if (r != PAM_SUCCESS)
-		return (r);
+		RETURNC(r);
 	if (conv == NULL) {
 		openpam_log(PAM_LOG_ERROR, "no conversation function");
-		return (PAM_SYSTEM_ERR);
+		RETURNC(PAM_SYSTEM_ERR);
 	}
 	vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap);
 	msg.msg_style = style;
@@ -76,7 +78,7 @@ pam_vprompt(pam_handle_t *pamh,
 	r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr);
 	*resp = rsp == NULL ? NULL : rsp->resp;
 	free(rsp);
-	return (r);
+	RETURNC(r);
 }
 
 /*

contrib/openpam/modules/Makefile

@@ -31,12 +31,11 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/modules/Makefile#7 $
+# $P4: //depot/projects/openpam/modules/Makefile#8 $
 #
 
 SUBDIR		 =
 SUBDIR		+= pam_deny
-SUBDIR		+= pam_dummy
 SUBDIR		+= pam_permit
 SUBDIR		+= pam_unix
 

contrib/openpam/modules/pam_unix/pam_unix.c

@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#2 $
+ * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#3 $
  */
 
 #include <sys/param.h>
@@ -43,6 +43,7 @@
 #include <unistd.h>
 
 #include <security/pam_modules.h>
+#include <security/pam_appl.h>
 
 #ifndef _OPENPAM
 static char password_prompt[] = "Password:";