Removed broken PAM support from rshd(8) and rlogind(8). rshd does

not allocate a pty(4) so it is not suitable at all for interactive
PAM modules.  rlogind calls login(1) which is already PAM enabled.

Approved by:	markm

etc/pam.conf

@@ -22,9 +22,6 @@ ftpd	auth	requisite	pam_cleartext_pass_ok.so
 #ftpd	auth	sufficient	pam_kerberosIV.so		try_first_pass
 ftpd	auth	required	pam_unix.so			try_first_pass
 
-# r-utils are broken; ensure this doesn't bother folk
-rshd	auth	required	pam_deny.so
-
 # Don't break startx
 xserver	auth	required	pam_permit.so
 

libexec/rlogind/Makefile

@@ -8,12 +8,4 @@ DPADD=	${LIBUTIL}
 LDADD=	-lutil
 CFLAGS+= -Wall -DINET6
 
-.if defined(NOPAM)
-CFLAGS+= -DNO_PAM
-.else
-SRCS+=	auth_pam.c
-DPADD+= ${LIBPAM}
-LDADD+= ${MINUSLPAM}
-.endif
-
 .include <bsd.prog.mk>

libexec/rlogind/auth_pam.c

@@ -1,142 +0,0 @@
-/*-
- * Copyright (c) 1999 John Polstra
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-#include <paths.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-/*
- * Attempt to authenticate the user using PAM.  Returns 0 if the user is
- * authenticated, or 1 if not authenticated.  If some sort of PAM system
- * error occurs (e.g., the "/etc/pam.conf" file is missing) then this
- * function returns -1.  This can be used as an indication that we should
- * fall back to a different authentication mechanism.
- */
-
-int
-auth_pam(char *username)
-{
-	struct passwd *pawd;
-	pam_handle_t *pamh = NULL;
-	const char *tmpl_user;
-	const void *item;
-	int rval;
-	char *tty, *ttyn;
-	char hostname[MAXHOSTNAMELEN];
-	char tname[sizeof(_PATH_TTY) + 10];
-	int e;
-
-	static struct pam_conv conv = { misc_conv, NULL };
-
-	ttyn = ttyname(STDIN_FILENO);
-
-	if (ttyn == NULL || *ttyn == '\0') {
-		(void)snprintf(tname, sizeof(tname), "%s??", _PATH_TTY);
-		ttyn = tname;
-	}
-	if ((tty = strrchr(ttyn, '/')) != NULL)
-		++tty;
-	else
-		tty = ttyn;
-
-	rval = gethostname(hostname, sizeof(hostname));
-
-	if (rval < 0) {
-		syslog(LOG_ERR, "auth_pam: Failed to resolve local hostname");
-		return -1;
-	}
-	if ((e = pam_start("rshd", username, &conv, &pamh)) != PAM_SUCCESS) {
-		syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e));
-		return -1;
-	}
-	if ((e = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS) {
-		syslog(LOG_ERR, "pam_set_item(PAM_TTY): %s",
-			pam_strerror(pamh, e));
-		return -1;
-	}
-	if (hostname != NULL &&
-		(e = pam_set_item(pamh,PAM_RHOST, hostname)) != PAM_SUCCESS) {
-		syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s",
-			pam_strerror(pamh, e));
-		return -1;
-	}
-
-	e = pam_authenticate(pamh, 0);
-
-	switch (e) {
-	case PAM_SUCCESS:
-		/*
-		 * With PAM we support the concept of a "template"
-		 * user.  The user enters a login name which is
-		 * authenticated by PAM, usually via a remote service
-		 * such as RADIUS or TACACS+.  If authentication
-		 * succeeds, a different but related "template" name
-		 * is used for setting the credentials, shell, and
-		 * home directory.  The name the user enters need only
-		 * exist on the remote authentication server, but the
-		 * template name must be present in the local password
-		 * database.
-		 *
-		 * This is supported by two various mechanisms in the
-		 * individual modules.  However, from the application's
-		 * point of view, the template user is always passed
-		 * back as a changed value of the PAM_USER item.
-		 */
-		if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
-			PAM_SUCCESS) {
-			    tmpl_user = (const char *) item;
-			    if (strcmp(username, tmpl_user) != 0)
-			            pawd = getpwnam(tmpl_user);
-		} else
-			    syslog(LOG_ERR, "Couldn't get PAM_USER: %s", pam_strerror(pamh, e));
-		rval = 0;
-		break;
-
-	case PAM_AUTH_ERR:
-	case PAM_USER_UNKNOWN:
-	case PAM_MAXTRIES:
-		rval = 1;
-		break;
-
-	default:
-		syslog(LOG_ERR, "auth_pam: %s", pam_strerror(pamh, e));
-		rval = -1;
-		break;
-	}
-	if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
-		syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
-		rval = -1;
-	}
-	return rval;
-}

libexec/rlogind/rlogind.c

@@ -80,10 +80,6 @@ static const char rcsid[] =
 #include <unistd.h>
 #include "pathnames.h"
 
-#ifndef NO_PAM
-#include <security/pam_appl.h>
-#include <security/pam_misc.h>
-#endif
 
 #ifndef TIOCPKT_WINDOW
 #define TIOCPKT_WINDOW 0x80
@@ -131,9 +127,6 @@ void	setup_term __P((int));
 int	do_krb_login __P((struct sockaddr_in *));
 void	usage __P((void));
 
-#ifndef NO_PAM
-extern int auth_pam __P((char *));
-#endif
 
 int
 main(argc, argv)
@@ -570,28 +563,11 @@ int
 do_rlogin(dest)
 	union sockunion *dest;
 {
-#ifndef NO_PAM
-	int retval;
-#endif
 
 	getstr(rusername, sizeof(rusername), "remuser too long");
 	getstr(lusername, sizeof(lusername), "locuser too long");
 	getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
 
-#ifndef  NO_PAM
-	retval = auth_pam(lusername);
- 
-	if (retval) {
-		if (retval == -1) {
-			syslog(LOG_ERR, "PAM authentication failed");
-		}  
-		else {
-			syslog(LOG_ERR,
-				"User %s failed PAM authentication", lusername);
-			exit(1);
-		}
-	}
-#endif
 	pwd = getpwnam(lusername);
 	if (pwd == NULL)
 		return (-1);

libexec/rshd/Makefile

@@ -5,14 +5,7 @@ PROG=	rshd
 SRCS=	rshd.c
 MAN8=	rshd.8
 
-.if defined(NOPAM)
-CFLAGS+= -DNO_PAM
-.else
-#CFLAGS+= -DCRYPT -DNO_PAM
-SRCS+=	auth_pam.c
-DPADD+= ${LIBPAM}
-LDADD+= ${MINUSLPAM}
-.endif
+#CFLAGS+= -DCRYPT
 
 # For login_cap handling
 CFLAGS+=-DLOGIN_CAP -Wall
@@ -23,5 +16,3 @@ LDADD+= -lutil
 CFLAGS+= -DINET6
 
 .include <bsd.prog.mk>
-
-.PATH:	${.CURDIR}/../rlogind

libexec/rshd/rshd.c

@@ -113,9 +113,6 @@ int	 local_domain __P((char *));
 char	*topdomain __P((char *));
 void	 usage __P((void));
 
-#ifndef NO_PAM
-extern int auth_pam __P((char *));
-#endif
 
 #define	OPTIONS	"alnDL"
 
@@ -216,7 +213,6 @@ doit(fromp)
 	char fromhost[2 * MAXHOSTNAMELEN + 1];
 	char numericname[INET6_ADDRSTRLEN];
 	int af = fromp->su_family, err;
-	int retval;
 #ifdef	CRYPT
 	int rc;
 	int pv1[2], pv2[2];
@@ -382,20 +378,6 @@ doit(fromp)
 		pwd->pw_dir = "/";
 	}
 
-#ifndef  NO_PAM
-	retval = auth_pam(locuser);
-
-	if (retval) {
-		if (retval == -1) {
-			syslog(LOG_ERR,"PAM authentication failed");
-		}
-		else {
-			syslog(LOG_ERR,
-				"User %s failed PAM authentication", locuser);
-			exit(1);
-		}
-	}
-#endif 
 
 		if (errorstr ||
 		    (pwd->pw_expire && time(NULL) >= pwd->pw_expire) ||