Make it possible to use PAM in statically-linked applications.

contrib/libpam/libpam/include/security/pam_modules.h

@@ -28,6 +28,21 @@
 #ifndef _SECURITY_PAM_MODULES_H
 #define _SECURITY_PAM_MODULES_H
 
+/*
+ * Define either PAM_STATIC or PAM_DYNAMIC, based on whether PIC
+ * compilation is being used.
+ */
+#if !defined(PIC) && !defined(PAM_STATIC)
+#define PAM_STATIC
+#endif
+#ifndef PAM_STATIC
+#define PAM_DYNAMIC
+#endif
+
+#ifdef PAM_STATIC
+#include <linker_set.h>
+#endif
+
 #include <security/_pam_types.h>      /* Linux-PAM common defined types */
 
 /* these defines are used by pam_set_item() and pam_get_item() and are
@@ -71,9 +86,50 @@ struct pam_module {
 			    int argc, const char **argv);
 };
 
+#ifdef PAM_SM_AUTH
+#define PAM_SM_AUTH_ENTRY	pam_sm_authenticate
+#define PAM_SM_SETCRED_ENTRY	pam_sm_setcred
+#else
+#define PAM_SM_AUTH_ENTRY	NULL
+#define PAM_SM_SETCRED_ENTRY	NULL
+#endif
+
+#ifdef PAM_SM_ACCOUNT
+#define PAM_SM_ACCOUNT_ENTRY	pam_sm_acct_mgmt
+#else
+#define PAM_SM_ACCOUNT_ENTRY	NULL
+#endif
+
+#ifdef PAM_SM_SESSION
+#define PAM_SM_OPEN_SESSION_ENTRY	pam_sm_open_session
+#define PAM_SM_CLOSE_SESSION_ENTRY	pam_sm_close_session
+#else
+#define PAM_SM_OPEN_SESSION_ENTRY	NULL
+#define PAM_SM_CLOSE_SESSION_ENTRY	NULL
+#endif
+
+#ifdef PAM_SM_PASSWORD
+#define PAM_SM_PASSWORD_ENTRY	pam_sm_chauthtok
+#else
+#define PAM_SM_PASSWORD_ENTRY	NULL
+#endif
+
+#define PAM_MODULE_ENTRY(name)			\
+    static struct pam_module _pam_modstruct = {	\
+	name,					\
+	PAM_SM_AUTH_ENTRY,			\
+	PAM_SM_SETCRED_ENTRY,			\
+	PAM_SM_ACCOUNT_ENTRY,			\
+	PAM_SM_OPEN_SESSION_ENTRY,		\
+	PAM_SM_CLOSE_SESSION_ENTRY,		\
+	PAM_SM_PASSWORD_ENTRY			\
+    };						\
+    DATA_SET(_pam_static_modules, _pam_modstruct)
+
 #else /* !PAM_STATIC */
 
 #define PAM_EXTERN extern
+#define PAM_MODULE_ENTRY(name)
 
 #endif /* PAM_STATIC */
 	

contrib/libpam/libpam/pam_static.c

@@ -19,43 +19,24 @@
  *
  */
 
-/* This whole file is only used for PAM_STATIC */
-
-#ifdef PAM_STATIC
-
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
 
 #include "pam_private.h"
 
-/*
- * Need to include pointers to static modules; this was built by each
- * of the modules that register...
- */
+/* This whole file is only used for PAM_STATIC */
 
-#include "../modules/_static_module_list"
+#ifdef PAM_STATIC
 
-/*
- * and here is a structure that connects libpam to the above static
- * modules
- */
-
-static struct pam_module *static_modules[] = {
-
-#include "../modules/_static_module_entry"
-
-    NULL
-};
-
-/*
- * and now for the functions
- */
+extern struct linker_set _pam_static_modules;
 
 /* Return pointer to data structure used to define a static module */
 struct pam_module * _pam_open_static_handler(char *path) {
     int i;
     char *lpath = path, *end;
+    struct pam_module **static_modules =
+	(struct pam_module **)_pam_static_modules.ls_items;
 
     if (strchr(lpath, '/')) {
         /* ignore path and leading "/" */
@@ -79,11 +60,6 @@ struct pam_module * _pam_open_static_handler(char *path) {
 	}
     }
 
-    if (static_modules[i] == NULL) {
-	pam_system_log(pamh, NULL, LOG_ERR, "no static module named %s",
-		       lpath);
-    }
-
     free(lpath);
     return (static_modules[i]);
 }

lib/libpam/Makefile

@@ -24,7 +24,8 @@
 #
 #	$FreeBSD$
 
-SUBDIR+=	libpam
-SUBDIR+=	modules
+# The modules must be built first, because they are built into the
+# static version of libpam.
+SUBDIR+=	modules libpam
 
 .include <bsd.subdir.mk>

lib/libpam/libpam/Makefile

@@ -25,23 +25,22 @@
 #	$FreeBSD$
 
 PAMDIR=		${.CURDIR}/../../../contrib/libpam
+MODOBJDIR=	../modules
 
 .PATH:		${PAMDIR}/libpam ${PAMDIR}/libpam_misc ${PAMDIR}/doc/man
 
 LIB=		pam
 CFLAGS+=	-I${PAMDIR}/libpam/include -I.
 CFLAGS+=	-DDEFAULT_MODULE_PATH=\"${SHLIBDIR}/\"
-CFLAGS+=	-DPAM_DYNAMIC
-#CFLAGS+=	-DPAM_STATIC
 NOPROFILE=	true
-INTERNALLIB=	true
 CLEANFILES+=	security
 
 # Files from ${PAMDIR}/libpam:
 SRCS=		pam_account.c pam_auth.c pam_data.c pam_delay.c \
 		pam_dispatch.c pam_end.c pam_env.c pam_handlers.c \
 		pam_item.c pam_log.c pam_misc.c pam_password.c \
-		pam_second.c pam_session.c pam_start.c pam_strerror.c
+		pam_second.c pam_session.c pam_start.c pam_static.c \
+		pam_strerror.c
 HDRS1=		_pam_compat.h _pam_macros.h _pam_types.h \
 		pam_appl.h pam_malloc.h pam_modules.h
 MAN3+=		pam_authenticate.3 pam_chauthtok.3 pam_fail_delay.3 \
@@ -60,6 +59,38 @@ HDRS2=		pam_misc.h
 SRCS+=		pam_get_pass.c pam_prompt.c pam_std_option.c
 HDRS3=		pam_mod_misc.h
 
+# Static PAM modules:
+STATIC_MODULES+= ${MODOBJDIR}/pam_cleartext_pass_ok/libpam_cleartext_pass_ok.a
+.if defined(MAKE_KERBEROS4)
+STATIC_MODULES+= ${MODOBJDIR}/pam_kerberosIV/libpam_kerberosIV.a
+.endif
+STATIC_MODULES+= ${MODOBJDIR}/pam_radius/libpam_radius.a
+STATIC_MODULES+= ${MODOBJDIR}/pam_skey/libpam_skey.a
+STATIC_MODULES+= ${MODOBJDIR}/pam_tacplus/libpam_tacplus.a
+STATIC_MODULES+= ${MODOBJDIR}/pam_unix/libpam_unix.a
+
+STATICOBJS+=	pam_static_modules.o
+
+.if ${OBJFORMAT} == elf
+CLEANFILES+=	setdef0.o _pam_static_modules.o setdef1.o \
+		setdef0.c setdef1.c setdefs.h
+
+pam_static_modules.o:	setdef0.o _pam_static_modules.o setdef1.o
+	${LD} -o ${.TARGET} -r ${.ALLSRC}
+
+setdef0.o:	setdef0.c setdefs.h
+setdef1.o:	setdef1.c setdefs.h
+
+setdef0.c setdef1.c setdefs.h:	_pam_static_modules.o
+	gensetdefs ${.ALLSRC}
+
+_pam_static_modules.o:	${STATIC_MODULES}
+	${LD} -o ${.TARGET} -r --whole-archive ${.ALLSRC}
+.else
+pam_static_modules.o:	${STATIC_MODULES}
+	${LD} -o ${.TARGET} -r -Bforcearchive ${.ALLSRC}
+.endif
+
 all:		security
 
 beforedepend:	security

lib/libpam/modules/Makefile.inc

@@ -1,28 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-BINDIR=		${SHLIBDIR}
-BINMODE=	${LIBMODE}

lib/libpam/modules/pam_cleartext_pass_ok/Makefile

@@ -26,13 +26,14 @@
 
 PAMDIR=		${.CURDIR}/../../../../contrib/libpam
 
-PROG=		pam_cleartext_pass_ok.so
+LIB=		pam_cleartext_pass_ok
+SHLIB_NAME=	pam_cleartext_pass_ok.so
 SRCS=		pam_cleartext_pass_ok.c
 CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-fpic
 CFLAGS+=	-Wall
-LDFLAGS+=	-shared
+DPADD+=		${LIBSKEY}
 LDADD+=		-lskey -lgcc_pic
-NOMAN=		true
+INTERNALLIB=	yes
+INTERNALSTATICLIB=yes
 
-.include <bsd.prog.mk>
+.include <bsd.lib.mk>

lib/libpam/modules/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c

@@ -63,3 +63,5 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return PAM_SUCCESS;
 }
+
+PAM_MODULE_ENTRY("pam_cleartext_pass_ok");

lib/libpam/modules/pam_kerberosIV/Makefile

@@ -26,17 +26,16 @@
 
 PAMDIR=		${.CURDIR}/../../../../contrib/libpam
 
-PROG=		pam_kerberosIV.so
+LIB=		pam_kerberosIV
+SHLIB_NAME=	pam_kerberosIV.so
 SRCS=		pam_kerberosIV.c klogin.c
-CFLAGS+=	-fpic
 CFLAGS+=	-Wall
 CFLAGS+=	-I${PAMDIR}/libpam/include
 CFLAGS+=	-I${.CURDIR}/../../libpam
 CFLAGS+=	-DKERBEROS
-LDFLAGS+=	-shared
-LDFLAGS+=	-L../../libpam
 DPADD+=		${LIBKRB} ${LIBDES} ${LIBGCC_PIC}
-LDADD+=		-lpam -lkrb -ldes -lgcc_pic
-NOMAN=		true
+LDADD+=		-lkrb -ldes -lgcc_pic
+INTERNALLIB=	yes
+INTERNALSTATICLIB=yes
 
-.include <bsd.prog.mk>
+.include <bsd.lib.mk>

lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c

@@ -104,3 +104,5 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return PAM_SUCCESS;
 }
+
+PAM_MODULE_ENTRY("pam_kerberosIV");

lib/libpam/modules/pam_radius/Makefile

@@ -26,16 +26,15 @@
 
 PAMDIR=		${.CURDIR}/../../../../contrib/libpam
 
-PROG=		pam_radius.so
+LIB=		pam_radius
+SHLIB_NAME=	pam_radius.so
 SRCS=		pam_radius.c
-CFLAGS+=	-fpic
 CFLAGS+=	-Wall
 CFLAGS+=	-I${PAMDIR}/libpam/include
 CFLAGS+=	-I${.CURDIR}/../../libpam
-LDFLAGS+=	-shared
-LDFLAGS+=	-L../../libpam
 DPADD+=		${LIBRADIUS} ${LIBGCC_PIC}
-LDADD+=		-lpam -lradius -lgcc_pic
-NOMAN=		true
+LDADD+=		-lradius -lgcc_pic
+INTERNALLIB=	yes
+INTERNALSTATICLIB=yes
 
-.include <bsd.prog.mk>
+.include <bsd.lib.mk>

lib/libpam/modules/pam_radius/pam_radius.c

@@ -296,3 +296,5 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return PAM_SUCCESS;
 }
+
+PAM_MODULE_ENTRY("pam_radius");

lib/libpam/modules/pam_skey/Makefile

@@ -26,16 +26,15 @@
 
 PAMDIR=		${.CURDIR}/../../../../contrib/libpam
 
-PROG=		pam_skey.so
+LIB=		pam_skey
+SHLIB_NAME=	pam_skey.so
 SRCS=		pam_skey.c
-CFLAGS+=	-fpic
 CFLAGS+=	-Wall
 CFLAGS+=	-I${PAMDIR}/libpam/include
 CFLAGS+=	-I${.CURDIR}/../../libpam
-LDFLAGS+=	-shared
-LDFLAGS+=	-L../../libpam
 DPADD+=		${LIBSKEY} ${LIBGCC_PIC}
-LDADD+=		-lpam -lskey -lgcc_pic
-NOMAN=		true
+LDADD+=		-lskey -lgcc_pic
+INTERNALLIB=	yes
+INTERNALSTATICLIB=yes
 
-.include <bsd.prog.mk>
+.include <bsd.lib.mk>

lib/libpam/modules/pam_skey/pam_skey.c

@@ -104,3 +104,5 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return PAM_SUCCESS;
 }
+
+PAM_MODULE_ENTRY("pam_skey");

lib/libpam/modules/pam_tacplus/Makefile

@@ -26,16 +26,15 @@
 
 PAMDIR=		${.CURDIR}/../../../../contrib/libpam
 
-PROG=		pam_tacplus.so
+LIB=		pam_tacplus
+SHLIB_NAME=	pam_tacplus.so
 SRCS=		pam_tacplus.c
-CFLAGS+=	-fpic
 CFLAGS+=	-Wall
 CFLAGS+=	-I${PAMDIR}/libpam/include
 CFLAGS+=	-I${.CURDIR}/../../libpam
-LDFLAGS+=	-shared
-LDFLAGS+=	-L../../libpam
 DPADD+=		${LIBTACPLUS} ${LIBGCC_PIC}
-LDADD+=		-lpam -ltacplus -lgcc_pic
-NOMAN=		true
+LDADD+=		-ltacplus -lgcc_pic
+INTERNALLIB=	yes
+INTERNALSTATICLIB=yes
 
-.include <bsd.prog.mk>
+.include <bsd.lib.mk>

lib/libpam/modules/pam_tacplus/pam_tacplus.c

@@ -254,3 +254,5 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return PAM_SUCCESS;
 }
+
+PAM_MODULE_ENTRY("pam_tacplus");

lib/libpam/modules/pam_unix/Makefile

@@ -26,16 +26,15 @@
 
 PAMDIR=		${.CURDIR}/../../../../contrib/libpam
 
-PROG=		pam_unix.so
+LIB=		pam_unix
+SHLIB_NAME=	pam_unix.so
 SRCS=		pam_unix.c
-CFLAGS+=	-fpic
 CFLAGS+=	-Wall
 CFLAGS+=	-I${PAMDIR}/libpam/include
 CFLAGS+=	-I${.CURDIR}/../../libpam
-LDFLAGS+=	-shared
-LDFLAGS+=	-L../../libpam
 DPADD+=		${LIBGCC_PIC}
-LDADD+=		-lpam -lgcc_pic
-NOMAN=		true
+LDADD+=		-lgcc_pic
+INTERNALLIB=	yes
+INTERNALSTATICLIB=yes
 
-.include <bsd.prog.mk>
+.include <bsd.lib.mk>

lib/libpam/modules/pam_unix/pam_unix.c

@@ -86,3 +86,5 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return PAM_SUCCESS;
 }
+
+PAM_MODULE_ENTRY("pam_unix");