Big module cleanup.

Move common stuff into Makefile.inc, and tidy up all the Makefiles
as a result.

Build new modules.

Put a commented-out dependancy on libpam for the (shared) modules.
I can't bring this in just yet, as the dependancy (modules->libpam)
is reversed for the static case (libpam->modules).

lib/libpam/libpam/Makefile

@@ -65,8 +65,8 @@ SRCS+=		pam_get_pass.c pam_prompt.c pam_std_option.c
 HDRS3=		pam_mod_misc.h
 
 # Static PAM modules:
-STATIC_MODULES+= ${MODOBJDIR}/pam_cleartext_pass_ok/libpam_cleartext_pass_ok.a
 STATIC_MODULES+= ${MODOBJDIR}/pam_deny/libpam_deny.a
+STATIC_MODULES+= ${MODOBJDIR}/pam_ftp/libpam_ftp.a
 .if defined(MAKE_KERBEROS4) && !defined(NOCRYPT) && !defined(NO_OPENSSL)
 STATIC_MODULES+= ${MODOBJDIR}/pam_kerberosIV/libpam_kerberosIV.a
 .endif
@@ -78,7 +78,7 @@ STATIC_MODULES+= ${MODOBJDIR}/pam_opie/libpam_opie.a
 STATIC_MODULES+= ${MODOBJDIR}/pam_permit/libpam_permit.a
 STATIC_MODULES+= ${MODOBJDIR}/pam_radius/libpam_radius.a
 STATIC_MODULES+= ${MODOBJDIR}/pam_rootok/libpam_rootok.a
-STATIC_MODULES+= ${MODOBJDIR}/pam_skey/libpam_skey.a
+STATIC_MODULES+= ${MODOBJDIR}/pam_securetty/libpam_securetty.a
 STATIC_MODULES+= ${MODOBJDIR}/pam_tacplus/libpam_tacplus.a
 STATIC_MODULES+= ${MODOBJDIR}/pam_unix/libpam_unix.a
 STATIC_MODULES+= ${MODOBJDIR}/pam_wheel/libpam_wheel.a

lib/libpam/modules/Makefile

@@ -24,8 +24,8 @@
 #
 #	$FreeBSD$
 
-SUBDIR+=	pam_cleartext_pass_ok
 SUBDIR+=	pam_deny
+SUBDIR+=	pam_ftp
 .if defined(MAKE_KERBEROS4) && !defined(NOCRYPT) && !defined(NO_OPENSSL)
 SUBDIR+=	pam_kerberosIV
 .endif
@@ -37,7 +37,7 @@ SUBDIR+=	pam_opie
 SUBDIR+=	pam_permit
 SUBDIR+=	pam_radius
 SUBDIR+=	pam_rootok
-SUBDIR+=	pam_skey
+SUBDIR+=	pam_securetty
 SUBDIR+=	pam_tacplus
 SUBDIR+=	pam_unix
 SUBDIR+=	pam_wheel

lib/libpam/modules/Makefile.inc

@@ -1,2 +1,17 @@
 # $FreeBSD$
-# Null file to bring back the dead.
+
+PAMDIR=		${.CURDIR}/../../../../contrib/libpam
+
+INTERNALLIB=	yes
+INTERNALSTATICLIB=yes
+
+CFLAGS+=	-Wall
+CFLAGS+=	-I${PAMDIR}/libpam/include
+CFLAGS+=	-I${.CURDIR}/../../libpam
+
+# This is nasty.
+# For the static case, libpam.a depends on the modules.
+# For the dynamic case, the modules depend on libpam.so.N
+# Punt for the time being until I can figure out how to do it.
+#DPADD+=		${LIBPAM}
+#LDADD+=		-lpam

lib/libpam/modules/pam_cleartext_pass_ok/Makefile

@@ -24,16 +24,10 @@
 #
 # $FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
 LIB=		pam_cleartext_pass_ok
 SHLIB_NAME=	pam_cleartext_pass_ok.so
 SRCS=		pam_cleartext_pass_ok.c
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-Wall
 DPADD=		${LIBSKEY}
 LDADD=		-lskey
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
 
 .include <bsd.lib.mk>

lib/libpam/modules/pam_deny/Makefile

@@ -24,16 +24,10 @@
 #
 #	$FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-.PATH:		${PAMDIR}/modules/pam_deny
-
 LIB=		pam_deny
 SHLIB_NAME=	pam_deny.so
 SRCS=		pam_deny.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
 
 .include <bsd.lib.mk>
+
+.PATH:		${PAMDIR}/modules/pam_deny

lib/libpam/modules/pam_kerberosIV/Makefile

@@ -24,24 +24,11 @@
 #
 #	$FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
 LIB=		pam_kerberosIV
 SHLIB_NAME=	pam_kerberosIV.so
 SRCS=		pam_kerberosIV.c klogin.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-CFLAGS+=	-DKERBEROS
-DPADD+=		${LIBKRB}
-LDADD+=		-lkrb
-.if !defined(NOSECURE)
-DPADD+=		${LIBCRYPTO}
-LDADD+=		-lcrypto
-.endif
-DPADD+=		${LIBCOM_ERR}
-LDADD+=		-lcom_err
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
+CFLAGS=		-DKERBEROS
+DPADD=		${LIBKRB} ${LIBCRYPTO} ${LIBCOM_ERR}
+LDADD=		-lkrb -lcrypto -lcom_err
 
 .include <bsd.lib.mk>

lib/libpam/modules/pam_krb5/Makefile

@@ -24,21 +24,14 @@
 #
 #	$FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
 LIB=		pam_krb5
 SHLIB_NAME=	pam_krb5.so
 SRCS=		pam_krb5_auth.c pam_krb5_pass.c pam_krb5_acct.c \
 		pam_krb5_sess.c support.c compat_heimdal.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBKRB5} ${LIBGSSAPI} ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} \
-		${LIBCOM_ERR}
-LDADD+=		-lkrb5 -lgssapi -lasn1 -lroken -lcrypto -lcrypt -lcom_err \
-		-L${.OBJDIR}/../../../../kerberos5/lib/libroken
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
+DPADD=		${LIBKRB5} ${LIBGSSAPI} ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} \
+		${LIBCOM_ERR} ${LIBROKEN}
+LDADD=		-lkrb5 -lgssapi -lasn1 -lcrypto -lcrypt -lcom_err \
+		-L${.OBJDIR}/../../../../kerberos5/lib/libroken -lroken 
 MAN=		pam_krb5.8
 
 .include <bsd.lib.mk>

lib/libpam/modules/pam_nologin/Makefile

@@ -24,16 +24,10 @@
 #
 # $FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-.PATH:		${PAMDIR}/modules/pam_nologin
-
 LIB=		pam_nologin
 SHLIB_NAME=	pam_nologin.so
 SRCS=		pam_nologin.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
 
 .include <bsd.lib.mk>
+
+.PATH:		${PAMDIR}/modules/pam_nologin

lib/libpam/modules/pam_opie/Makefile

@@ -25,17 +25,10 @@
 #
 #	$FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
 LIB=		pam_opie
 SHLIB_NAME=	pam_opie.so
 SRCS=		pam_opie.c
-CFLAGS+=	-Wall -g
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBOPIE}
-LDADD+=		-lopie
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
+DPADD=		${LIBOPIE}
+LDADD=		-lopie
 
 .include <bsd.lib.mk>

lib/libpam/modules/pam_permit/Makefile

@@ -24,17 +24,10 @@
 #
 #	$FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-.PATH:		${PAMDIR}/modules/pam_permit
-
 LIB=		pam_permit
 SHLIB_NAME=	pam_permit.so
 SRCS=		pam_permit.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
 
 .include <bsd.lib.mk>
+
+.PATH:		${PAMDIR}/modules/pam_permit

lib/libpam/modules/pam_radius/Makefile

@@ -24,18 +24,11 @@
 #
 #	$FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
 LIB=		pam_radius
 SHLIB_NAME=	pam_radius.so
 SRCS=		pam_radius.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBRADIUS}
-LDADD+=		-lradius
-INTERNALLIB=    yes
-INTERNALSTATICLIB=yes
+DPADD=		${LIBRADIUS}
+LDADD=		-lradius
 
 MAN=		pam_radius.8
 

lib/libpam/modules/pam_rootok/Makefile

@@ -24,16 +24,10 @@
 #
 # $FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-.PATH:		${PAMDIR}/modules/pam_rootok
-
 LIB=		pam_rootok
 SHLIB_NAME=	pam_rootok.so
 SRCS=		pam_rootok.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
 
 .include <bsd.lib.mk>
+
+.PATH:		${PAMDIR}/modules/pam_rootok

lib/libpam/modules/pam_skey/Makefile

@@ -1,40 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-LIB=		pam_skey
-SHLIB_NAME=	pam_skey.so
-SRCS=		pam_skey.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBSKEY}
-LDADD+=		-lskey
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
-
-.include <bsd.lib.mk>

lib/libpam/modules/pam_skey/pam_skey.c

@@ -1,108 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#include <syslog.h>	/* XXX */
-
-#include <stdio.h>
-#include <string.h>
-#include <skey.h>
-
-#define PAM_SM_AUTH
-#include <security/pam_modules.h>
-
-#include "pam_mod_misc.h"
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
-    const char **argv)
-{
-	int retval;
-	const char *user;
-	const char *response;
-	struct skey skey;
-	char challenge[128];
-	char prompt[128];
-	char resp_buf[128];
-	int options;
-	int i;
-	int e;
-
-	options = 0;
-	for (i = 0;  i < argc;  i++)
-		pam_std_option(&options, argv[i]);
-	/*
-	 * It doesn't make sense to use a password that has already been
-	 * typed in, since we haven't presented the challenge to the user
-	 * yet.
-	 */
-	options &= ~(PAM_OPT_USE_FIRST_PASS | PAM_OPT_TRY_FIRST_PASS);
-	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
-		return retval;
-	if (skeyinfo(&skey, user, challenge) != 0)
-		return PAM_AUTH_ERR;
-	snprintf(prompt, sizeof prompt, "%s\nPassword: ", challenge);
-	if ((retval = pam_get_pass(pamh, &response, prompt, options)) !=
-	    PAM_SUCCESS)
-		return retval;
-	if (response[0] == '\0' && !(options & PAM_OPT_ECHO_PASS)) {
-		options |= PAM_OPT_ECHO_PASS;
-		snprintf(prompt, sizeof prompt,
-			 "%s\nPassword [echo on]: ", challenge);
-		if ((retval = pam_get_pass(pamh, &response, prompt,
-		    options)) != PAM_SUCCESS)
-			return retval;
-	}
-	/*
-	 * Skeyinfo closed the database file, so we have to call skeylookup
-	 * to open it again.
-	 */
-	if ((e = skeylookup(&skey, user)) != 0) {
-		if (e == -1) {
-			syslog(LOG_ERR, "Error opening S/Key database");
-			return PAM_SERVICE_ERR;
-		} else
-			return PAM_AUTH_ERR;
-	}
-	/* We have to copy the response, because skeyverify mucks with it. */
-	snprintf(resp_buf, sizeof resp_buf, "%s", response);
-	/*
-	 * Skeyverify is supposed to return -1 only if an error occurs.
-	 * But it returns -1 even if the response string isn't in the form
-	 * it expects.  Thus we can't log an error and can only check for
-	 * success or lack thereof.
-	 */
-	return skeyverify(&skey, resp_buf) == 0 ? PAM_SUCCESS : PAM_AUTH_ERR;
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	return PAM_SUCCESS;
-}
-
-PAM_MODULE_ENTRY("pam_skey");

lib/libpam/modules/pam_ssh/Makefile

@@ -6,11 +6,10 @@ SSHSRC=	${.CURDIR}/../../../../crypto/openssh
 LIB=		pam_ssh
 SHLIB_NAME=	pam_ssh.so
 SRCS=		log-client.c pam_ssh.c
-CFLAGS+=	-Wall -I${SSHSRC}
+CFLAGS=		-I${SSHSRC}
 DPADD+=		${LIBCRYPTO} ${LIBCRYPT} ${LIBUTIL} ${LIBZ}
-LDADD+=		-L${.OBJDIR}/../../../../secure/lib/libssh -lssh -lcrypto -lcrypt -lutil -lz
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
+LDADD+=		-L${.OBJDIR}/../../../../secure/lib/libssh -lssh -lcrypto \
+		-lcrypt -lutil -lz
 
 .include <bsd.lib.mk>
 

lib/libpam/modules/pam_tacplus/Makefile

@@ -24,17 +24,10 @@
 #
 #	$FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
 LIB=		pam_tacplus
 SHLIB_NAME=	pam_tacplus.so
 SRCS=		pam_tacplus.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBTACPLUS}
-LDADD+=		-ltacplus
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
+DPADD=		${LIBTACPLUS}
+LDADD=		-ltacplus
 
 .include <bsd.lib.mk>

lib/libpam/modules/pam_unix/Makefile

@@ -24,17 +24,10 @@
 #
 #	$FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
 LIB=		pam_unix
 SHLIB_NAME=	pam_unix.so
 SRCS=		pam_unix.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBUTIL} ${LIBCRYPT}
-LDADD+=		-lutil -lcrypt
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
+DPADD=		${LIBUTIL} ${LIBCRYPT}
+LDADD=		-lutil -lcrypt
 
 .include <bsd.lib.mk>

lib/libpam/modules/pam_wheel/Makefile

@@ -24,16 +24,10 @@
 #
 # $FreeBSD$
 
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-.PATH:		${PAMDIR}/modules/pam_wheel
-
 LIB=		pam_wheel
 SHLIB_NAME=	pam_wheel.so
 SRCS=		pam_wheel.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
 
 .include <bsd.lib.mk>
+
+.PATH:		${PAMDIR}/modules/pam_wheel