MFH (r314598): load default options before requesting ticket

PR: 213909

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

libpam: replace 0 with NULL for pointers.

Found with devel/coccinelle.

Reviewed by: des

remove duplicate semicolons where possible.

Approved by: cperciva
MFC after: 1 week

Fix two instances in pam_krb5(8), where the variable 'princ_name' could
be used uninitialized.

Found by: clang 3.2
Reviewed by: des
MFC after: 1 week

Add an option for pam_krb5 to allow it to authenticate users which don't have
a local account.

PR: 76678
Submitted by: daved at tamu.edu
MFC after: 2 weeks

- Avoid using deprecated heimdal functions in pam_krb5.

Code indent according to style(9).

PR: bin/146186
Submitted by: myself
Approved by: delphij (mentor)
MFC after: 2 weeks

Implement the no_user_check option to pam_krb5.

This option is available in the Linux implementation of pam_krb5
and allows to authorize a user not known to the local system.

Ccache is not used as we don't have a secure uid/gid for the cache file.

Usable for authentication of external kerberos users (e.g Active Directory)
via PAM from applications like Cyrus saslauthd, PHP or perl.

PR: bin/146186
Submitted by: myself
Approved by: deplhij (mentor)
MFC after: 2 weeks

Adjust for OpenPAM Hydrangea.

This is sort of an MFS. Peter made these changes to the RELENG_*
branches but missed HEAD. This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).

From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync. For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root

The Makefile tweaks will be MFC-ed, the rest is already done.

MFC after: 3 days
Approved by: re (dwhite)

When "no_ccache" is set as an argument to the pam_krb5 module, don't
copy the acquired TGT from the in-memory cache to the on-disk cache
at login. This was documented but un-implemented behavior.

MFC after: 1 week
PR: bin/64464
Reported and tested by: Eric van Gyzen <vangyzen at stat dot duke dot edu>

The final argument to verify_krb_v5_tgt() is the debug flag, not the
ticket forwardable flag, so key generation of debugging output to
"debug" rather than "forwardable".

Update copyright.

MFC after: 3 days

Fix numerous constness and aliasing issues.

More strict aliasing fixes.

Submitted by: Andreas Hauser <andy-freebsd@splashground.de>

Update copyright dates.

Remove all instances of pam_std_option()

Comment-only assistance to lint to kill warnings.

In pam_sm_acct_mgmt(), retrieve the cached credentials before trying to
initialize the context. This way, a failure to initialize the context is
not fatal unless we actually have work to do - because if we don't, we
return PAM_SUCCESS without even trying to initialize the context.

Whitespace cleanup

Do not return inappropriate error codes in pam_sm_setcred.

About September 2001, I consulted with all the previous authors of
pam_krb5 to consolidate the copyright texts. The semi-official
pam_krb5 module has been distributed with this new license text ever
since, but I'm just now getting around to updating the text here.

The pam_krb5 module stored a reference to a krb5_ccache structure as
PAM module state (created in pam_sm_authenticate and referenced later
in pam_sm_setcred and pam_sm_acct_mgmt). However, the krb5_ccache
structure shares some data members with the krb5_context structure
that was used in its creation. Since a new krb5_context is created
and destroyed at each PAM entry point, this inevitably caused the
krb5_ccache structure to reference free'd memory.

Now instead of storing a pointer to the krb5_ccache structure,
we store the name of the cache (e.g. `MEMORY:0x123CACHE') in
pam_sm_authenticate, and resolve the name in the other entry points.

This bug was uncovered by phkmalloc's free'd memory scrubbing.

Approved by: re (jhb)

Use `krb5_get_err_text' instead of `error_message' so that instead of
e.g.

Unknown error: -1765328378

we get

Client not found in Kerberos database

Another way to accomplish this would have been to leave
`error_message' alone, but to explicitly load the Kerberos com_err
error tables. However, I don't really like the idea of a PAM module
dorking with global tables.

Approved by: re (jhb)

Don't declare krb5_mcc_ops, it's already declared in <krb5.h>

Major cleanup:

- add __unused where appropriate
- PAM_RETURN -> return since OpenPAM already logs the return value.
- make PAM_LOG use openpam_log()
- make PAM_VERBOSE_ERROR use openpam_get_option() and check flags
for PAM_SILENT
- remove dummy functions since OpenPAM handles missing service
functions
- fix various warnings

Sponsored by: DARPA, NAI Labs

Aggressive cleanup of warnings + authtok-related code in preparation for
PAMifying passwd(1).

Sponsored by: DARPA, NAI Labs.

Unbreak the pam_krb5 build: cast a couple of const pointers
to normal char *. A better fix might be some const'ifying
of the Heimdal code, but this will do to fix the build
for the present.

Approved by: des

#include cleanup.

Sponsored by: DARPA, NAI Labs

WARNS=4 fixes. Protect with NO_WERROR for the modules that have
warnings that are hard to fix or that I've been asked to leave alone.

Don't put an extra space after password prompts, because it violates POLA,
makes FreeBSD inconsistent with previous releases and "other unices" as well
as with some internal password-asking services (e.g. ftp) within the same
release.

Add __FBSDID()s to libpam

Clean up this module very extensively. Fix the logging, the coding
standards and the option handling. This module is now much more easy
to maintain as a part of the FreeBSD tree.