From be09d6354efcb2571731bdffc47da86f22621ac8 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Wed, 21 Sep 2005 10:00:58 +0000
Subject: Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
Moved functions from pammodutil to libpam.
---
 CHANGELOG                                          |   1 +
 configure.in                                       |   2 +-
 libpam/Makefile.am                                 |   6 +-
 libpam/include/security/pam_modutil.h              |  65 +++++++++
 libpam/libpam.map                                  |  15 ++
 libpam/pam_modutil_cleanup.c                       |  19 +++
 libpam/pam_modutil_getgrgid.c                      | 151 +++++++++++++++++++++
 libpam/pam_modutil_getgrnam.c                      | 140 +++++++++++++++++++
 libpam/pam_modutil_getlogin.c                      |  74 ++++++++++
 libpam/pam_modutil_getpwnam.c                      | 140 +++++++++++++++++++
 libpam/pam_modutil_getpwuid.c                      | 151 +++++++++++++++++++++
 libpam/pam_modutil_getspnam.c                      | 140 +++++++++++++++++++
 libpam/pam_modutil_ingroup.c                       | 127 +++++++++++++++++
 libpam/pam_modutil_ioloop.c                        |  53 ++++++++
 libpam/pam_modutil_private.h                       |  23 ++++
 modules/Makefile.am                                |   2 +-
 modules/pam_access/Makefile.am                     |   2 -
 modules/pam_access/pam_access.c                    |   6 +-
 modules/pam_cracklib/Makefile.am                   |   4 +-
 modules/pam_debug/Makefile.am                      |   4 +-
 modules/pam_deny/Makefile.am                       |   4 +-
 modules/pam_env/Makefile.am                        |   2 -
 modules/pam_filter/Makefile.am                     |   4 +-
 modules/pam_filter/upperLOWER/Makefile.am          |   4 +-
 modules/pam_filter/upperLOWER/upperLOWER.c         |  14 +-
 modules/pam_ftp/Makefile.am                        |   4 +-
 modules/pam_group/Makefile.am                      |   2 -
 modules/pam_group/pam_group.c                      |   4 +-
 modules/pam_issue/Makefile.am                      |   4 +-
 modules/pam_lastlog/Makefile.am                    |   4 +-
 modules/pam_lastlog/pam_lastlog.c                  |   8 +-
 modules/pam_limits/Makefile.am                     |   2 -
 modules/pam_limits/pam_limits.c                    |  10 +-
 modules/pam_listfile/Makefile.am                   |   4 +-
 modules/pam_listfile/pam_listfile.c                |  10 +-
 modules/pam_localuser/Makefile.am                  |   4 +-
 modules/pam_mail/Makefile.am                       |   4 +-
 modules/pam_mail/pam_mail.c                        |   8 +-
 modules/pam_mkhomedir/Makefile.am                  |   4 +-
 modules/pam_mkhomedir/pam_mkhomedir.c              |  12 +-
 modules/pam_motd/Makefile.am                       |   4 +-
 modules/pam_motd/pam_motd.c                        |   4 +-
 modules/pam_nologin/Makefile.am                    |   4 +-
 modules/pam_nologin/pam_nologin.c                  |   6 +-
 modules/pam_permit/Makefile.am                     |   4 +-
 modules/pam_pwdb/Makefile.am                       |   2 -
 modules/pam_rhosts/Makefile.am                     |   4 +-
 modules/pam_rhosts/pam_rhosts_auth.c               |   8 +-
 modules/pam_rootok/Makefile.am                     |   4 +-
 modules/pam_securetty/Makefile.am                  |   4 +-
 modules/pam_securetty/pam_securetty.c              |   4 +-
 modules/pam_selinux/Makefile.am                    |   4 +-
 modules/pam_selinux/pam_selinux.c                  |   2 +-
 modules/pam_shells/Makefile.am                     |   4 +-
 modules/pam_shells/pam_shells.c                    |   4 +-
 modules/pam_stress/Makefile.am                     |   4 +-
 modules/pam_succeed_if/Makefile.am                 |   4 +-
 modules/pam_succeed_if/pam_succeed_if.c            |  10 +-
 modules/pam_tally/Makefile.am                      |   5 +-
 modules/pam_tally/pam_tally.c                      |   4 +-
 modules/pam_time/Makefile.am                       |   2 -
 modules/pam_umask/Makefile.am                      |   4 +-
 modules/pam_umask/pam_umask.c                      |   6 +-
 modules/pam_unix/Makefile.am                       |   2 -
 modules/pam_unix/pam_unix_acct.c                   |  10 +-
 modules/pam_unix/pam_unix_passwd.c                 |  12 +-
 modules/pam_unix/pam_unix_sess.c                   |   4 +-
 modules/pam_unix/support.c                         |  16 +--
 modules/pam_userdb/Makefile.am                     |   4 +-
 modules/pam_warn/Makefile.am                       |   4 +-
 modules/pam_wheel/Makefile.am                      |   4 +-
 modules/pam_wheel/pam_wheel.c                      |  16 +--
 modules/pam_xauth/Makefile.am                      |   4 +-
 modules/pam_xauth/pam_xauth.c                      |  14 +-
 modules/pammodutil/.cvsignore                      |   3 -
 modules/pammodutil/Makefile.am                     |  16 ---
 modules/pammodutil/README                          |  15 --
 modules/pammodutil/include/security/_pam_modutil.h |  66 ---------
 modules/pammodutil/modutil_cleanup.c               |  17 ---
 modules/pammodutil/modutil_getgrgid.c              | 150 --------------------
 modules/pammodutil/modutil_getgrnam.c              | 139 -------------------
 modules/pammodutil/modutil_getlogin.c              |  73 ----------
 modules/pammodutil/modutil_getpwnam.c              | 139 -------------------
 modules/pammodutil/modutil_getpwuid.c              | 150 --------------------
 modules/pammodutil/modutil_getspnam.c              | 139 -------------------
 modules/pammodutil/modutil_ingroup.c               | 122 -----------------
 modules/pammodutil/modutil_ioloop.c                |  52 -------
 modules/pammodutil/pammodutil.h                    |  23 ----
 po/POTFILES.in                                     |  18 +--
 89 files changed, 1242 insertions(+), 1308 deletions(-)
 create mode 100644 libpam/include/security/pam_modutil.h
 create mode 100644 libpam/pam_modutil_cleanup.c
 create mode 100644 libpam/pam_modutil_getgrgid.c
 create mode 100644 libpam/pam_modutil_getgrnam.c
 create mode 100644 libpam/pam_modutil_getlogin.c
 create mode 100644 libpam/pam_modutil_getpwnam.c
 create mode 100644 libpam/pam_modutil_getpwuid.c
 create mode 100644 libpam/pam_modutil_getspnam.c
 create mode 100644 libpam/pam_modutil_ingroup.c
 create mode 100644 libpam/pam_modutil_ioloop.c
 create mode 100644 libpam/pam_modutil_private.h
 delete mode 100644 modules/pammodutil/.cvsignore
 delete mode 100644 modules/pammodutil/Makefile.am
 delete mode 100644 modules/pammodutil/README
 delete mode 100644 modules/pammodutil/include/security/_pam_modutil.h
 delete mode 100644 modules/pammodutil/modutil_cleanup.c
 delete mode 100644 modules/pammodutil/modutil_getgrgid.c
 delete mode 100644 modules/pammodutil/modutil_getgrnam.c
 delete mode 100644 modules/pammodutil/modutil_getlogin.c
 delete mode 100644 modules/pammodutil/modutil_getpwnam.c
 delete mode 100644 modules/pammodutil/modutil_getpwuid.c
 delete mode 100644 modules/pammodutil/modutil_getspnam.c
 delete mode 100644 modules/pammodutil/modutil_ingroup.c
 delete mode 100644 modules/pammodutil/modutil_ioloop.c
 delete mode 100644 modules/pammodutil/pammodutil.h

diff --git a/CHANGELOG b/CHANGELOG
index 4957260f..04380973 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -64,6 +64,7 @@ bug report - outstanding bugs are listed here:
 * pam_limits: Fix regression from RLIMIT_NICE support (wrong limit
   values for other limits are applied) patch by Anton Guda
 * pam_unix: Always honor nis flag on password change (by Aaron Hope)
+* libpam: Moved functions from pammodutil to libpam (t8m)
 
 0.80: Wed Jul 13 13:23:20 CEST 2005
 * pam_tally: test for NULL data before dereferencing them (t8m)
diff --git a/configure.in b/configure.in
index ffa64ed4..1c8d7dd0 100644
--- a/configure.in
+++ b/configure.in
@@ -377,7 +377,7 @@ dnl Files to be created from when we run configure
 AC_OUTPUT(Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
 	libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
 	po/Makefile.in \
-	modules/Makefile modules/pammodutil/Makefile \
+	modules/Makefile \
 	modules/pam_access/Makefile modules/pam_cracklib/Makefile \
         modules/pam_debug/Makefile modules/pam_deny/Makefile \
 	modules/pam_echo/Makefile modules/pam_env/Makefile \
diff --git a/libpam/Makefile.am b/libpam/Makefile.am
index 7c837b55..2d06e416 100644
--- a/libpam/Makefile.am
+++ b/libpam/Makefile.am
@@ -25,5 +25,7 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \
 	pam_dispatch.c pam_end.c pam_env.c pam_handlers.c pam_item.c \
 	pam_malloc.c pam_misc.c pam_password.c pam_prelude.c \
 	pam_session.c pam_start.c pam_static.c pam_strerror.c \
-	pam_vprompt.c pam_syslog.c
-
+	pam_vprompt.c pam_syslog.c \
+	pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \
+	pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \
+	pam_modutil_getspnam.c pam_modutil_getlogin.c  pam_modutil_ingroup.c
diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h
new file mode 100644
index 00000000..5d03f58f
--- /dev/null
+++ b/libpam/include/security/pam_modutil.h
@@ -0,0 +1,65 @@
+#ifndef _SECURITY__PAM_MODUTIL_H
+#define _SECURITY__PAM_MODUTIL_H
+
+/*
+ * $Id$
+ *
+ * This file is a list of handy libc wrappers that attempt to provide some
+ * thread-safe and other convenient functionality to modules in a common form.
+ *
+ * A number of these functions reserve space in a pam_[sg]et_data item.
+ * In all cases, the name of the item is prefixed with "_pammodutil_*".
+ *
+ * On systems that simply can't support thread safe programming, these
+ * functions don't support it either - sorry.
+ *
+ * Copyright (c) 2001-2002 Andrew Morgan <morgan@kernel.org>
+ */
+
+#include <security/_pam_types.h>
+
+extern struct passwd * PAM_NONNULL((1,2))
+pam_modutil_getpwnam(pam_handle_t *pamh, const char *user);
+
+extern struct passwd * PAM_NONNULL((1))
+pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid);
+
+extern struct group  * PAM_NONNULL((1,2))
+pam_modutil_getgrnam(pam_handle_t *pamh, const char *group);
+ 
+extern struct group  * PAM_NONNULL((1))
+pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid);
+ 
+extern struct spwd   * PAM_NONNULL((1,2))
+pam_modutil_getspnam(pam_handle_t *pamh, const char *user);
+
+extern int PAM_NONNULL((1,2,3))
+pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh,
+                                  const char *user,
+                                  const char *group);
+ 
+extern int PAM_NONNULL((1,2))
+pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh,
+                                  const char *user,
+                                  gid_t group);
+ 
+extern int PAM_NONNULL((1,3))
+pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh,
+                                  uid_t user,
+                                  const char *group);
+ 
+extern int PAM_NONNULL((1))
+pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh,
+                                  uid_t user,
+                                  gid_t group);
+
+extern const char * PAM_NONNULL((1))
+pam_modutil_getlogin(pam_handle_t *pamh);
+
+extern int
+pam_modutil_read(int fd, char *buffer, int count);
+
+extern int
+pam_modutil_write(int fd, const char *buffer, int count);
+
+#endif /* _SECURITY__PAM_MODUTIL_H */
diff --git a/libpam/libpam.map b/libpam/libpam.map
index 515842ae..596754a8 100644
--- a/libpam/libpam.map
+++ b/libpam/libpam.map
@@ -39,3 +39,18 @@ LIBPAM_EXTENSION_1.0 {
     pam_vsyslog;
 };
 
+LIBPAM_MODUTIL_1.0 {
+  global:
+    pam_modutil_getpwnam;
+    pam_modutil_getpwuid;
+    pam_modutil_getgrnam;
+    pam_modutil_getgrgid;
+    pam_modutil_getspnam;
+    pam_modutil_user_in_group_nam_nam;
+    pam_modutil_user_in_group_nam_gid;
+    pam_modutil_user_in_group_uid_nam;
+    pam_modutil_user_in_group_uid_gid;
+    pam_modutil_getlogin;
+    pam_modutil_read;
+    pam_modutil_write;
+};
diff --git a/libpam/pam_modutil_cleanup.c b/libpam/pam_modutil_cleanup.c
new file mode 100644
index 00000000..8224ce67
--- /dev/null
+++ b/libpam/pam_modutil_cleanup.c
@@ -0,0 +1,19 @@
+/*
+ * $Id$
+ *
+ * This function provides a common pam_set_data() friendly version of free().
+ */
+
+#include "pam_modutil_private.h"
+
+#include <stdlib.h>
+
+void
+pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data,
+		     int error_status UNUSED)
+{
+    if (data) {
+	/* junk it */
+	(void) free(data);
+    }
+}
diff --git a/libpam/pam_modutil_getgrgid.c b/libpam/pam_modutil_getgrgid.c
new file mode 100644
index 00000000..07503a38
--- /dev/null
+++ b/libpam/pam_modutil_getgrgid.c
@@ -0,0 +1,151 @@
+/*
+ * $Id$
+ *
+ * This function provides a thread safer version of getgrgid() for use
+ * with PAM modules that care about this sort of thing.
+ *
+ * XXX - or at least it should provide a thread-safe alternative.
+ */
+
+#include "pam_modutil_private.h"
+
+#include <errno.h>
+#include <limits.h>
+#include <grp.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
+static void _pammodutil_lock(void)
+{
+	pthread_mutex_lock(&_pammodutil_mutex);
+}
+static void _pammodutil_unlock(void)
+{
+	pthread_mutex_unlock(&_pammodutil_mutex);
+}
+
+static int intlen(int number)
+{ 
+    int len = 2;
+    while (number != 0) {
+        number /= 10;
+	len++;
+    }
+    return len;
+}
+
+static int longlen(long number)
+{ 
+    int len = 2;
+    while (number != 0) {
+        number /= 10;
+	len++;
+    }
+    return len;
+}
+
+struct group *
+pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid)
+{
+#ifdef HAVE_GETGRGID_R
+
+    void *buffer=NULL;
+    size_t length = PWD_INITIAL_LENGTH;
+
+    do {
+	int status;
+	void *new_buffer;
+	struct group *result = NULL;
+
+	new_buffer = realloc(buffer, sizeof(struct group) + length);
+	if (new_buffer == NULL) {
+
+	    D(("out of memory"));
+
+	    /* no memory for the user - so delete the memory */
+	    if (buffer) {
+		free(buffer);
+	    }
+	    return NULL;
+	}
+	buffer = new_buffer;
+
+	/* make the re-entrant call to get the grp structure */
+	errno = 0;
+	status = getgrgid_r(gid, buffer,
+			    sizeof(struct group) + (char *) buffer,
+			    length, &result);
+	if (!status && (result == buffer)) {
+	    char *data_name;
+	    const void *ignore;
+	    int i;
+
+	    data_name = malloc(strlen("_pammodutil_getgrgid") + 1 +
+	    		       longlen((long)gid) + 1 + intlen(INT_MAX) + 1);
+	    if ((pamh != NULL) && (data_name == NULL)) {
+	        D(("was unable to register the data item [%s]",
+	           pam_strerror(pamh, status)));
+		free(buffer);
+		return NULL;
+	    }
+
+	    if (pamh != NULL) {
+	        for (i = 0; i < INT_MAX; i++) {
+	            sprintf(data_name, "_pammodutil_getgrgid_%ld_%d",
+		   	    (long) gid, i);
+	            _pammodutil_lock();
+		    status = PAM_NO_MODULE_DATA;
+	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
+		        status = pam_set_data(pamh, data_name,
+					      result, pam_modutil_cleanup);
+		    }
+	            _pammodutil_unlock();
+		    if (status == PAM_SUCCESS) {
+		        break;
+		    }
+		}
+	    } else {
+	        status = PAM_SUCCESS;
+	    }
+
+	    free(data_name);
+
+	    if (status == PAM_SUCCESS) {
+		D(("success"));
+		return result;
+	    }
+
+	    D(("was unable to register the data item [%s]",
+	       pam_strerror(pamh, status)));
+
+	    free(buffer);
+	    return NULL;
+
+	} else if (errno != ERANGE && errno != EINTR) {
+		/* no sense in repeating the call */
+		break;
+	}
+	
+	length <<= 2;
+
+    } while (length < PWD_ABSURD_PWD_LENGTH);
+
+    D(("grp structure took %u bytes or so of memory",
+       length+sizeof(struct group)));
+
+    free(buffer);
+    return NULL;
+
+#else /* ie. ifndef HAVE_GETGRGID_R */
+
+    /*
+     * Sorry, there does not appear to be a reentrant version of
+     * getgrgid(). So, we use the standard libc function.
+     */
+    
+    return getgrgid(gid);
+
+#endif /* def HAVE_GETGRGID_R */
+}
diff --git a/libpam/pam_modutil_getgrnam.c b/libpam/pam_modutil_getgrnam.c
new file mode 100644
index 00000000..11df353f
--- /dev/null
+++ b/libpam/pam_modutil_getgrnam.c
@@ -0,0 +1,140 @@
+/*
+ * $Id$
+ *
+ * This function provides a thread safer version of getgrnam() for use
+ * with PAM modules that care about this sort of thing.
+ *
+ * XXX - or at least it should provide a thread-safe alternative.
+ */
+
+#include "pam_modutil_private.h"
+
+#include <errno.h>
+#include <limits.h>
+#include <grp.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
+static void _pammodutil_lock(void)
+{
+	pthread_mutex_lock(&_pammodutil_mutex);
+}
+static void _pammodutil_unlock(void)
+{
+	pthread_mutex_unlock(&_pammodutil_mutex);
+}
+
+static int intlen(int number)
+{ 
+    int len = 2;
+    while (number != 0) {
+        number /= 10;
+	len++;
+    }
+    return len;
+}
+
+struct group *
+pam_modutil_getgrnam(pam_handle_t *pamh, const char *group)
+{
+#ifdef HAVE_GETGRNAM_R
+
+    void *buffer=NULL;
+    size_t length = PWD_INITIAL_LENGTH;
+
+    do {
+	int status;
+	void *new_buffer;
+	struct group *result = NULL;
+
+	new_buffer = realloc(buffer, sizeof(struct group) + length);
+	if (new_buffer == NULL) {
+
+	    D(("out of memory"));
+
+	    /* no memory for the group - so delete the memory */
+	    if (buffer) {
+		free(buffer);
+	    }
+	    return NULL;
+	}
+	buffer = new_buffer;
+
+	/* make the re-entrant call to get the grp structure */
+	errno = 0;
+	status = getgrnam_r(group, buffer,
+			    sizeof(struct group) + (char *) buffer,
+			    length, &result);
+	if (!status && (result == buffer)) {
+	    char *data_name;
+	    const void *ignore;
+	    int i;
+
+	    data_name = malloc(strlen("_pammodutil_getgrnam") + 1 +
+	    		       strlen(group) + 1 + intlen(INT_MAX) + 1);
+	    if ((pamh != NULL) && (data_name == NULL)) {
+	        D(("was unable to register the data item [%s]",
+	           pam_strerror(pamh, status)));
+		free(buffer);
+		return NULL;
+	    }
+
+	    if (pamh != NULL) {
+	        for (i = 0; i < INT_MAX; i++) {
+	            sprintf(data_name, "_pammodutil_getgrnam_%s_%d", group, i);
+	            _pammodutil_lock();
+		    status = PAM_NO_MODULE_DATA;
+	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
+		        status = pam_set_data(pamh, data_name,
+					      result, pam_modutil_cleanup);
+		    }
+	            _pammodutil_unlock();
+		    if (status == PAM_SUCCESS) {
+		        break;
+		    }
+		}
+	    } else {
+	        status = PAM_SUCCESS;
+	    }
+
+	    free(data_name);
+
+	    if (status == PAM_SUCCESS) {
+		D(("success"));
+		return result;
+	    }
+
+	    D(("was unable to register the data item [%s]",
+	       pam_strerror(pamh, status)));
+
+	    free(buffer);
+	    return NULL;
+
+	} else if (errno != ERANGE && errno != EINTR) {
+                /* no sense in repeating the call */
+                break;
+        }
+	
+	length <<= 2;
+
+    } while (length < PWD_ABSURD_PWD_LENGTH);
+
+    D(("grp structure took %u bytes or so of memory",
+       length+sizeof(struct group)));
+
+    free(buffer);
+    return NULL;
+
+#else /* ie. ifndef HAVE_GETGRNAM_R */
+
+    /*
+     * Sorry, there does not appear to be a reentrant version of
+     * getgrnam(). So, we use the standard libc function.
+     */
+    
+    return getgrnam(group);
+
+#endif /* def HAVE_GETGRNAM_R */
+}
diff --git a/libpam/pam_modutil_getlogin.c b/libpam/pam_modutil_getlogin.c
new file mode 100644
index 00000000..d30f1dfa
--- /dev/null
+++ b/libpam/pam_modutil_getlogin.c
@@ -0,0 +1,74 @@
+/*
+ * $Id$
+ *
+ * A central point for invoking getlogin(). Hopefully, this is a
+ * little harder to spoof than all the other versions that are out
+ * there.
+ */
+
+#include "pam_modutil_private.h"
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <utmp.h>
+
+#define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin"
+
+const char *
+pam_modutil_getlogin(pam_handle_t *pamh)
+{
+    int status;
+    const void *logname;
+    const void *void_curr_tty;
+    const char *curr_tty;
+    char *curr_user;
+    struct utmp *ut, line;
+
+    status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname);
+    if (status == PAM_SUCCESS) {
+	return logname;
+    }
+
+    status = pam_get_item(pamh, PAM_TTY, &void_curr_tty);
+    if ((status != PAM_SUCCESS) || (void_curr_tty == NULL))
+      curr_tty = ttyname(0);
+    else
+      curr_tty = (const char*)void_curr_tty;
+
+    if ((curr_tty == NULL) || memcmp(curr_tty, "/dev/", 5)) {
+	return NULL;
+    }
+
+    curr_tty += 5;  /* strlen("/dev/") */
+    logname = NULL;
+
+    setutent();
+    strncpy(line.ut_line, curr_tty, sizeof(line.ut_line));
+
+    if ((ut = getutline(&line)) == NULL) {
+	goto clean_up_and_go_home;
+    }
+
+    curr_user = calloc(sizeof(line.ut_user)+1, 1);
+    if (curr_user == NULL) {
+	goto clean_up_and_go_home;
+    }
+
+    strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user));
+    /* calloc already zeroed the memory */
+
+    status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, curr_user,
+			  pam_modutil_cleanup);
+    if (status != PAM_SUCCESS) {
+	free(curr_user);
+	goto clean_up_and_go_home;
+    }
+
+    logname = curr_user;
+
+clean_up_and_go_home:
+
+    endutent();
+
+    return logname;
+}
diff --git a/libpam/pam_modutil_getpwnam.c b/libpam/pam_modutil_getpwnam.c
new file mode 100644
index 00000000..026e61a7
--- /dev/null
+++ b/libpam/pam_modutil_getpwnam.c
@@ -0,0 +1,140 @@
+/*
+ * $Id$
+ *
+ * This function provides a thread safer version of getpwnam() for use
+ * with PAM modules that care about this sort of thing.
+ *
+ * XXX - or at least it should provide a thread-safe alternative.
+ */
+
+#include "pam_modutil_private.h"
+
+#include <errno.h>
+#include <limits.h>
+#include <pthread.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
+static void _pammodutil_lock(void)
+{
+	pthread_mutex_lock(&_pammodutil_mutex);
+}
+static void _pammodutil_unlock(void)
+{
+	pthread_mutex_unlock(&_pammodutil_mutex);
+}
+
+static int intlen(int number)
+{ 
+    int len = 2;
+    while (number != 0) {
+        number /= 10;
+	len++;
+    }
+    return len;
+}
+
+struct passwd *
+pam_modutil_getpwnam(pam_handle_t *pamh, const char *user)
+{
+#ifdef HAVE_GETPWNAM_R
+
+    void *buffer=NULL;
+    size_t length = PWD_INITIAL_LENGTH;
+
+    do {
+	int status;
+	void *new_buffer;
+	struct passwd *result = NULL;
+
+	new_buffer = realloc(buffer, sizeof(struct passwd) + length);
+	if (new_buffer == NULL) {
+
+	    D(("out of memory"));
+
+	    /* no memory for the user - so delete the memory */
+	    if (buffer) {
+		free(buffer);
+	    }
+	    return NULL;
+	}
+	buffer = new_buffer;
+
+	/* make the re-entrant call to get the pwd structure */
+	errno = 0;
+	status = getpwnam_r(user, buffer,
+			    sizeof(struct passwd) + (char *) buffer,
+			    length, &result);
+	if (!status && (result == buffer)) {
+	    char *data_name;
+	    const void *ignore;
+	    int i;
+
+	    data_name = malloc(strlen("_pammodutil_getpwnam") + 1 +
+	    		       strlen(user) + 1 + intlen(INT_MAX) + 1);
+	    if ((pamh != NULL) && (data_name == NULL)) {
+	        D(("was unable to register the data item [%s]",
+	           pam_strerror(pamh, status)));
+		free(buffer);
+		return NULL;
+	    }
+
+	    if (pamh != NULL) {
+	        for (i = 0; i < INT_MAX; i++) {
+	            sprintf(data_name, "_pammodutil_getpwnam_%s_%d", user, i);
+	            _pammodutil_lock();
+		    status = PAM_NO_MODULE_DATA;
+	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
+		        status = pam_set_data(pamh, data_name,
+					      result, pam_modutil_cleanup);
+		    }
+	            _pammodutil_unlock();
+		    if (status == PAM_SUCCESS) {
+		        break;
+		    }
+		}
+	    } else {
+	        status = PAM_SUCCESS;
+	    }
+
+	    free(data_name);
+
+	    if (status == PAM_SUCCESS) {
+		D(("success"));
+		return result;
+	    }
+
+	    D(("was unable to register the data item [%s]",
+	       pam_strerror(pamh, status)));
+
+	    free(buffer);
+	    return NULL;
+
+	} else if (errno != ERANGE && errno != EINTR) {
+                /* no sense in repeating the call */
+                break;
+        }
+	
+	length <<= 2;
+
+    } while (length < PWD_ABSURD_PWD_LENGTH);
+
+    D(("pwd structure took %u bytes or so of memory",
+       length+sizeof(struct passwd)));
+
+    free(buffer);
+    return NULL;
+
+#else /* ie. ifndef HAVE_GETPWNAM_R */
+
+    /*
+     * Sorry, there does not appear to be a reentrant version of
+     * getpwnam(). So, we use the standard libc function.
+     */
+    
+    return getpwnam(user);
+
+#endif /* def HAVE_GETPWNAM_R */
+}
diff --git a/libpam/pam_modutil_getpwuid.c b/libpam/pam_modutil_getpwuid.c
new file mode 100644
index 00000000..732771d2
--- /dev/null
+++ b/libpam/pam_modutil_getpwuid.c
@@ -0,0 +1,151 @@
+/*
+ * $Id$
+ *
+ * This function provides a thread safer version of getpwuid() for use
+ * with PAM modules that care about this sort of thing.
+ *
+ * XXX - or at least it should provide a thread-safe alternative.
+ */
+
+#include "pam_modutil_private.h"
+
+#include <errno.h>
+#include <limits.h>
+#include <pthread.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
+static void _pammodutil_lock(void)
+{
+	pthread_mutex_lock(&_pammodutil_mutex);
+}
+static void _pammodutil_unlock(void)
+{
+	pthread_mutex_unlock(&_pammodutil_mutex);
+}
+
+static int intlen(int number)
+{ 
+    int len = 2;
+    while (number != 0) {
+        number /= 10;
+	len++;
+    }
+    return len;
+}
+
+static int longlen(long number)
+{ 
+    int len = 2;
+    while (number != 0) {
+        number /= 10;
+	len++;
+    }
+    return len;
+}
+
+struct passwd *
+pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid)
+{
+#ifdef HAVE_GETPWUID_R
+
+    void *buffer=NULL;
+    size_t length = PWD_INITIAL_LENGTH;
+
+    do {
+	int status;
+	void *new_buffer;
+	struct passwd *result = NULL;
+
+	new_buffer = realloc(buffer, sizeof(struct passwd) + length);
+	if (new_buffer == NULL) {
+
+	    D(("out of memory"));
+
+	    /* no memory for the user - so delete the memory */
+	    if (buffer) {
+		free(buffer);
+	    }
+	    return NULL;
+	}
+	buffer = new_buffer;
+
+	/* make the re-entrant call to get the pwd structure */
+        errno = 0;
+	status = getpwuid_r(uid, buffer,
+			    sizeof(struct passwd) + (char *) buffer,
+			    length, &result);
+	if (!status && (result == buffer)) {
+	    char *data_name;
+	    const void *ignore;
+	    int i;
+
+	    data_name = malloc(strlen("_pammodutil_getpwuid") + 1 +
+	    		       longlen((long) uid) + 1 + intlen(INT_MAX) + 1);
+	    if ((pamh != NULL) && (data_name == NULL)) {
+	        D(("was unable to register the data item [%s]",
+	           pam_strerror(pamh, status)));
+		free(buffer);
+		return NULL;
+	    }
+
+	    if (pamh != NULL) {
+	        for (i = 0; i < INT_MAX; i++) {
+	            sprintf(data_name, "_pammodutil_getpwuid_%ld_%d",
+		   	    (long) uid, i);
+	            _pammodutil_lock();
+		    status = PAM_NO_MODULE_DATA;
+	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
+		        status = pam_set_data(pamh, data_name,
+					      result, pam_modutil_cleanup);
+		    }
+	            _pammodutil_unlock();
+		    if (status == PAM_SUCCESS) {
+		        break;
+		    }
+		}
+	    } else {
+	        status = PAM_SUCCESS;
+	    }
+
+	    free(data_name);
+
+	    if (status == PAM_SUCCESS) {
+		D(("success"));
+		return result;
+	    }
+
+	    D(("was unable to register the data item [%s]",
+	       pam_strerror(pamh, status)));
+
+	    free(buffer);
+	    return NULL;
+
+	} else if (errno != ERANGE && errno != EINTR) {
+                /* no sense in repeating the call */
+                break;
+        }
+	
+	length <<= 2;
+
+    } while (length < PWD_ABSURD_PWD_LENGTH);
+
+    D(("pwd structure took %u bytes or so of memory",
+       length+sizeof(struct passwd)));
+
+    free(buffer);
+    return NULL;
+
+#else /* ie. ifndef HAVE_GETPWUID_R */
+
+    /*
+     * Sorry, there does not appear to be a reentrant version of
+     * getpwuid(). So, we use the standard libc function.
+     */
+    
+    return getpwuid(uid);
+
+#endif /* def HAVE_GETPWUID_R */
+}
diff --git a/libpam/pam_modutil_getspnam.c b/libpam/pam_modutil_getspnam.c
new file mode 100644
index 00000000..7fc696e2
--- /dev/null
+++ b/libpam/pam_modutil_getspnam.c
@@ -0,0 +1,140 @@
+/*
+ * $Id$
+ *
+ * This function provides a thread safer version of getspnam() for use
+ * with PAM modules that care about this sort of thing.
+ *
+ * XXX - or at least it should provide a thread-safe alternative.
+ */
+
+#include "pam_modutil_private.h"
+
+#include <errno.h>
+#include <limits.h>
+#include <pthread.h>
+#include <shadow.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
+static void _pammodutil_lock(void)
+{
+	pthread_mutex_lock(&_pammodutil_mutex);
+}
+static void _pammodutil_unlock(void)
+{
+	pthread_mutex_unlock(&_pammodutil_mutex);
+}
+
+static int intlen(int number)
+{ 
+    int len = 2;
+    while (number != 0) {
+        number /= 10;
+	len++;
+    }
+    return len;
+}
+
+struct spwd *
+pam_modutil_getspnam(pam_handle_t *pamh, const char *user)
+{
+#ifdef HAVE_GETSPNAM_R
+
+    void *buffer=NULL;
+    size_t length = PWD_INITIAL_LENGTH;
+
+    do {
+	int status;
+	void *new_buffer;
+	struct spwd *result = NULL;
+
+	new_buffer = realloc(buffer, sizeof(struct spwd) + length);
+	if (new_buffer == NULL) {
+
+	    D(("out of memory"));
+
+	    /* no memory for the user - so delete the memory */
+	    if (buffer) {
+		free(buffer);
+	    }
+	    return NULL;
+	}
+	buffer = new_buffer;
+
+	/* make the re-entrant call to get the spwd structure */
+        errno = 0;
+	status = getspnam_r(user, buffer,
+			    sizeof(struct spwd) + (char *) buffer,
+			    length, &result);
+	if (!status && (result == buffer)) {
+	    char *data_name;
+	    const void *ignore;
+	    int i;
+
+	    data_name = malloc(strlen("_pammodutil_getspnam") + 1 +
+	    		       strlen(user) + 1 + intlen(INT_MAX) + 1);
+	    if ((pamh != NULL) && (data_name == NULL)) {
+	        D(("was unable to register the data item [%s]",
+	           pam_strerror(pamh, status)));
+		free(buffer);
+		return NULL;
+	    }
+
+	    if (pamh != NULL) {
+	        for (i = 0; i < INT_MAX; i++) {
+	            sprintf(data_name, "_pammodutil_getspnam_%s_%d", user, i);
+	            _pammodutil_lock();
+		    status = PAM_NO_MODULE_DATA;
+	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
+		        status = pam_set_data(pamh, data_name,
+					      result, pam_modutil_cleanup);
+		    }
+	            _pammodutil_unlock();
+		    if (status == PAM_SUCCESS) {
+		        break;
+		    }
+		}
+	    } else {
+	        status = PAM_SUCCESS;
+	    }
+
+	    free(data_name);
+
+	    if (status == PAM_SUCCESS) {
+		D(("success"));
+		return result;
+	    }
+
+	    D(("was unable to register the data item [%s]",
+	       pam_strerror(pamh, status)));
+
+	    free(buffer);
+	    return NULL;
+
+	} else if (errno != ERANGE && errno != EINTR) {
+                /* no sense in repeating the call */
+                break;
+        }
+	
+	length <<= 2;
+
+    } while (length < PWD_ABSURD_PWD_LENGTH);
+
+    D(("spwd structure took %u bytes or so of memory",
+       length+sizeof(struct spwd)));
+
+    free(buffer);
+    return NULL;
+
+#else /* ie. ifndef HAVE_GETSPNAM_R */
+
+    /*
+     * Sorry, there does not appear to be a reentrant version of
+     * getspnam(). So, we use the standard libc function.
+     */
+    
+    return getspnam(user);
+
+#endif /* def HAVE_GETSPNAM_R */
+}
diff --git a/libpam/pam_modutil_ingroup.c b/libpam/pam_modutil_ingroup.c
new file mode 100644
index 00000000..7a15f712
--- /dev/null
+++ b/libpam/pam_modutil_ingroup.c
@@ -0,0 +1,127 @@
+/*
+ * $Id$
+ *
+ * This function provides common methods for checking if a user is in a
+ * specified group.
+ */
+
+#include "pam_modutil_private.h"
+
+#include <stdlib.h>
+#include <pwd.h>
+#include <grp.h>
+
+#ifdef HAVE_GETGROUPLIST
+static int checkgrouplist(const char *user, gid_t primary, gid_t target)
+{
+	gid_t *grouplist = NULL;
+	int agroups, ngroups, i;
+	ngroups = agroups = 3;
+	do {
+		grouplist = malloc(sizeof(gid_t) * agroups);
+		if (grouplist == NULL) {
+			return 0;
+		}
+		ngroups = agroups;
+		i = getgrouplist(user, primary, grouplist, &ngroups);
+		if ((i < 0) || (ngroups < 1)) {
+			agroups *= 2;
+			free(grouplist);
+		} else {
+			for (i = 0; i < ngroups; i++) {
+				if (grouplist[i] == target) {
+					free(grouplist);
+					return 1;
+				}
+			}
+			free(grouplist);
+		}
+	} while (((i < 0) || (ngroups < 1)) && (agroups < 10000));
+	return 0;
+}
+#endif
+
+static int
+pam_modutil_user_in_group_common(pam_handle_t *pamh UNUSED,
+				 struct passwd *pwd,
+				 struct group *grp)
+{
+	int i;
+
+	if (pwd == NULL) {
+		return 0;
+	}
+	if (grp == NULL) {
+		return 0;
+	}
+
+	if (pwd->pw_gid == grp->gr_gid) {
+		return 1;
+	}
+
+	for (i = 0; (grp->gr_mem != NULL) && (grp->gr_mem[i] != NULL); i++) {
+		if (strcmp(pwd->pw_name, grp->gr_mem[i]) == 0) {
+			return 1;
+		}
+	}
+
+#ifdef HAVE_GETGROUPLIST
+	if (checkgrouplist(pwd->pw_name, pwd->pw_gid, grp->gr_gid)) {
+		return 1;
+	}
+#endif
+
+	return 0;
+}
+
+int 
+pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh,
+				 const char *user, const char *group)
+{
+	struct passwd *pwd;
+	struct group *grp;
+
+	pwd = pam_modutil_getpwnam(pamh, user);
+	grp = pam_modutil_getgrnam(pamh, group);
+
+	return pam_modutil_user_in_group_common(pamh, pwd, grp);
+}
+
+int
+pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh,
+				  const char *user, gid_t group)
+{
+	struct passwd *pwd;
+	struct group *grp;
+
+	pwd = pam_modutil_getpwnam(pamh, user);
+	grp = pam_modutil_getgrgid(pamh, group);
+
+	return pam_modutil_user_in_group_common(pamh, pwd, grp);
+}
+
+int
+pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh,
+				  uid_t user, const char *group)
+{
+	struct passwd *pwd;
+	struct group *grp;
+
+	pwd = pam_modutil_getpwuid(pamh, user);
+	grp = pam_modutil_getgrnam(pamh, group);
+
+	return pam_modutil_user_in_group_common(pamh, pwd, grp);
+}
+
+int
+pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh,
+				  uid_t user, gid_t group)
+{
+	struct passwd *pwd;
+	struct group *grp;
+
+	pwd = pam_modutil_getpwuid(pamh, user);
+	grp = pam_modutil_getgrgid(pamh, group);
+
+	return pam_modutil_user_in_group_common(pamh, pwd, grp);
+}
diff --git a/libpam/pam_modutil_ioloop.c b/libpam/pam_modutil_ioloop.c
new file mode 100644
index 00000000..54ab0e55
--- /dev/null
+++ b/libpam/pam_modutil_ioloop.c
@@ -0,0 +1,53 @@
+/*
+ * $Id$
+ *
+ * These functions provides common methods for ensure a complete read or
+ * write occurs. It handles EINTR and partial read/write returns.
+ */
+
+#include "pam_modutil_private.h"
+
+#include <unistd.h>
+#include <errno.h>
+
+int
+pam_modutil_read(int fd, char *buffer, int count)
+{
+       int block, offset = 0;
+
+       while (count > 0) {
+               block = read(fd, &buffer[offset], count);
+
+               if (block < 0) {
+                       if (errno == EINTR) continue;
+                       return block;
+               }
+               if (block == 0) return offset;
+
+               offset += block;
+               count -= block;
+       }
+
+       return offset;
+}
+
+int
+pam_modutil_write(int fd, const char *buffer, int count)
+{
+       int block, offset = 0;
+
+       while (count > 0) {
+               block = write(fd, &buffer[offset], count);
+
+               if (block < 0) {
+                       if (errno == EINTR) continue;
+                       return block;
+               }
+               if (block == 0) return offset;
+
+               offset += block;
+               count -= block;
+       }
+
+       return offset;
+}
diff --git a/libpam/pam_modutil_private.h b/libpam/pam_modutil_private.h
new file mode 100644
index 00000000..f242fdfe
--- /dev/null
+++ b/libpam/pam_modutil_private.h
@@ -0,0 +1,23 @@
+#ifndef PAMMODUTIL_PRIVATE_H
+#define PAMMODUTIL_PRIVATE_H
+
+/*
+ * $Id$
+ *
+ * Copyright (c) 2001 Andrew Morgan <morgan@kernel.org>
+ */
+
+#include "config.h"
+
+#include <security/_pam_macros.h>
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+
+#define PWD_INITIAL_LENGTH     0x100
+#define PWD_ABSURD_PWD_LENGTH  0x8000
+
+extern void
+pam_modutil_cleanup(pam_handle_t *pamh, void *data,
+                    int error_status);
+
+#endif /* PAMMODUTIL_PRIVATE_H */
diff --git a/modules/Makefile.am b/modules/Makefile.am
index afa3e621..4ba6e4eb 100644
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -2,7 +2,7 @@
 # Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
 #
 
-SUBDIRS = pammodutil pam_access pam_cracklib pam_debug pam_deny pam_echo \
+SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
 	pam_env pam_filter pam_ftp pam_group pam_issue pam_lastlog \
 	pam_limits pam_listfile pam_localuser pam_mail pam_mkhomedir \
 	pam_motd pam_nologin pam_permit pam_pwdb pam_rhosts pam_rootok \
diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am
index 36d060a4..94f7048b 100644
--- a/modules/pam_access/Makefile.am
+++ b/modules/pam_access/Makefile.am
@@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/ \
 	-DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\"
 AM_LDFLAGS =  -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam @LIBNSL@
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 55feaeff..55b7818d 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -59,7 +59,7 @@
 
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */
@@ -291,7 +291,7 @@ static int user_match(pam_handle_t *pamh, char *tok, struct login_info *item)
 	return (netgroup_match(tok + 1, (char *) 0, string));
     else if (string_match (tok, string)) /* ALL or exact match */
 	return YES;
-    else if (_pammodutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok))
+    else if (pam_modutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok))
       /* try group membership */
       return YES;
 
@@ -437,7 +437,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED,
         }
     }
 
-    if ((user_pw=_pammodutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN);
+    if ((user_pw=pam_modutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN);
 
     /*
      * Bundle up the arguments to avoid unnecessary clumsiness later on.
diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am
index 8229a068..29bc017b 100644
--- a/modules/pam_cracklib/Makefile.am
+++ b/modules/pam_cracklib/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_debug/Makefile.am b/modules/pam_debug/Makefile.am
index e1fb3951..4b1bfec8 100644
--- a/modules/pam_debug/Makefile.am
+++ b/modules/pam_debug/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS =  -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_deny/Makefile.am b/modules/pam_deny/Makefile.am
index 62ae29af..eeb6b78d 100644
--- a/modules/pam_deny/Makefile.am
+++ b/modules/pam_deny/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am
index d2c6faed..79a03e09 100644
--- a/modules/pam_env/Makefile.am
+++ b/modules/pam_env/Makefile.am
@@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/ \
 	-DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\"
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_filter/Makefile.am b/modules/pam_filter/Makefile.am
index 9d455781..6993592d 100644
--- a/modules/pam_filter/Makefile.am
+++ b/modules/pam_filter/Makefile.am
@@ -11,10 +11,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_filter/upperLOWER/Makefile.am b/modules/pam_filter/upperLOWER/Makefile.am
index 4341bcea..d49de828 100644
--- a/modules/pam_filter/upperLOWER/Makefile.am
+++ b/modules/pam_filter/upperLOWER/Makefile.am
@@ -8,7 +8,7 @@ securelibfilterdir = $(SECUREDIR)/pam_filter
 
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/ -I..
-AM_LDFLAGS = $(top_builddir)/modules/pammodutil/libpammodutil.la
+	-I..
+AM_LDFLAGS = -L$(top_builddir)/libpam -lpam
 
 securelibfilter_PROGRAMS = upperLOWER
diff --git a/modules/pam_filter/upperLOWER/upperLOWER.c b/modules/pam_filter/upperLOWER/upperLOWER.c
index d1c10114..314d2fed 100644
--- a/modules/pam_filter/upperLOWER/upperLOWER.c
+++ b/modules/pam_filter/upperLOWER/upperLOWER.c
@@ -23,7 +23,7 @@
 #include "pam_filter.h"
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 
 /* ---------------------------------------------------------------- */
 
@@ -98,27 +98,27 @@ int main(int argc, char **argv UNUSED)
 	  /* application errors */
 
 	  if ( FD_ISSET(APPERR_FILENO,&readers) ) {
-	       int got = _pammodutil_read(APPERR_FILENO, buffer, BUFSIZ);
+	       int got = pam_modutil_read(APPERR_FILENO, buffer, BUFSIZ);
 	       if (got <= 0) {
 		    break;
 	       } else {
 		    /* translate to give to real terminal */
 		    if (before_user != NULL)
 			 before_user(buffer, got);
-		    if (_pammodutil_write(STDERR_FILENO, buffer, got) != got ) {
+		    if (pam_modutil_write(STDERR_FILENO, buffer, got) != got ) {
 			 syslog(LOG_WARNING,"couldn't write %d bytes?!",got);
 			 break;
 		    }
 	       }
 	  } else if ( FD_ISSET(APPOUT_FILENO,&readers) ) {    /* app output */
-	       int got = _pammodutil_read(APPOUT_FILENO, buffer, BUFSIZ);
+	       int got = pam_modutil_read(APPOUT_FILENO, buffer, BUFSIZ);
 	       if (got <= 0) {
 		    break;
 	       } else {
 		    /* translate to give to real terminal */
 		    if (before_user != NULL)
 			 before_user(buffer, got);
-		    if (_pammodutil_write(STDOUT_FILENO, buffer, got) != got ) {
+		    if (pam_modutil_write(STDOUT_FILENO, buffer, got) != got ) {
 			 syslog(LOG_WARNING,"couldn't write %d bytes!?",got);
 			 break;
 		    }
@@ -126,7 +126,7 @@ int main(int argc, char **argv UNUSED)
 	  }
 
 	  if ( FD_ISSET(STDIN_FILENO, &readers) ) {  /* user input */
-	       int got = _pammodutil_read(STDIN_FILENO, buffer, BUFSIZ);
+	       int got = pam_modutil_read(STDIN_FILENO, buffer, BUFSIZ);
 	       if (got < 0) {
 		    syslog(LOG_WARNING,"user input junked");
 		    break;
@@ -134,7 +134,7 @@ int main(int argc, char **argv UNUSED)
 		    /* translate to give to application */
 		    if (before_app != NULL)
 			 before_app(buffer, got);
-		    if (_pammodutil_write(APPIN_FILENO, buffer, got) != got ) {
+		    if (pam_modutil_write(APPIN_FILENO, buffer, got) != got ) {
 			 syslog(LOG_WARNING,"couldn't pass %d bytes!?",got);
 			 break;
 		    }
diff --git a/modules/pam_ftp/Makefile.am b/modules/pam_ftp/Makefile.am
index e89f8a70..4fd85bdc 100644
--- a/modules/pam_ftp/Makefile.am
+++ b/modules/pam_ftp/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_group/Makefile.am b/modules/pam_group/Makefile.am
index 1dd5e7a1..73a88676 100644
--- a/modules/pam_group/Makefile.am
+++ b/modules/pam_group/Makefile.am
@@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/ \
 	-DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\"
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 99141e7c..4e6aa915 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -52,7 +52,7 @@ typedef enum { AND, OR } operator;
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /* --- static functions for checking whether the user should be let in --- */
@@ -583,7 +583,7 @@ static int mkgrplist(pam_handle_t *pamh, char *buf, gid_t **list, int len)
 	  {
 	      const struct group *grp;
 
-	      grp = _pammodutil_getgrnam(pamh, buf+at);
+	      grp = pam_modutil_getgrnam(pamh, buf+at);
 	      if (grp == NULL) {
 		  pam_syslog(pamh,LOG_ERR,"bad group: %s", buf+at);
 	      } else {
diff --git a/modules/pam_issue/Makefile.am b/modules/pam_issue/Makefile.am
index c96f9b1b..761833c4 100644
--- a/modules/pam_issue/Makefile.am
+++ b/modules/pam_issue/Makefile.am
@@ -7,10 +7,8 @@ CLEANFILES = *~
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_lastlog/Makefile.am b/modules/pam_lastlog/Makefile.am
index 8d7934c5..30b7bf1b 100644
--- a/modules/pam_lastlog/Makefile.am
+++ b/modules/pam_lastlog/Makefile.am
@@ -7,10 +7,8 @@ CLEANFILES = *~
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index 0ed370a2..d0ad8216 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -79,7 +79,7 @@ struct lastlog {
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /* argument parsing */
@@ -163,7 +163,7 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid)
 	    sleep(LASTLOG_IGNORE_LOCK_TIME);
 	}
 
-	win = (_pammodutil_read (last_fd, (char *) &last_login,
+	win = (pam_modutil_read (last_fd, (char *) &last_login,
 				 sizeof(last_login)) == sizeof(last_login));
 
 	last_lock.l_type = F_UNLCK;
@@ -307,7 +307,7 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid)
 	    }
 
 	    D(("writing to the last_log file"));
-	    _pammodutil_write (last_fd, (char *) &last_login,
+	    pam_modutil_write (last_fd, (char *) &last_login,
 			        sizeof (last_login));
 
 	    last_lock.l_type = F_UNLCK;
@@ -353,7 +353,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc
 
     /* what uid? */
 
-    pwd = _pammodutil_getpwnam (pamh, user);
+    pwd = pam_modutil_getpwnam (pamh, user);
     if (pwd == NULL) {
 	D(("couldn't identify user %s", user));
 	return PAM_CRED_INSUFFICIENT;
diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am
index 46e03dea..cb6085b9 100644
--- a/modules/pam_limits/Makefile.am
+++ b/modules/pam_limits/Makefile.am
@@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/ \
 	-DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\"
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index d3b5a51e..db0fcdba 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -92,7 +92,7 @@ struct pam_limit_s {
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /* argument parsing */
@@ -189,7 +189,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
                 continue;
 	    }
 	    if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP)
-		&& !_pammodutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) {
+		&& !pam_modutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) {
                 continue;
 	    }
 	}
@@ -504,7 +504,7 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
 				   "checking if %s is in group %s",
 				   uname, domain + 1);
 		    }
-                if (_pammodutil_user_in_group_nam_nam(pamh, uname, domain+1))
+                if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1))
                     process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl,
 				  pl);
             } else if (domain[0]=='%') {
@@ -516,7 +516,7 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
 		if (strcmp(domain,"%") == 0)
 		    process_limit(pamh, LIMITS_DEF_ALL, ltype, item, value, ctrl,
 				  pl);
-		else if (_pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) {
+		else if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) {
 		    strcpy(pl->login_group, domain+1);
                     process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl,
 				  pl);
@@ -531,7 +531,7 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl,
 		}
 		fclose(fil);
 		return PAM_IGNORE;
-	    } else if (domain[0] == '@' && _pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) {
+	    } else if (domain[0] == '@' && pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) {
 		if (ctrl & PAM_DEBUG_ARG) {
 		    pam_syslog(pamh, LOG_DEBUG,
 			       "no limits for '%s' in group '%s'",
diff --git a/modules/pam_listfile/Makefile.am b/modules/pam_listfile/Makefile.am
index ad38ccb7..d622d7b6 100644
--- a/modules/pam_listfile/Makefile.am
+++ b/modules/pam_listfile/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index e9d921dd..c19cfc1a 100644
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -39,7 +39,7 @@
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /* some syslogging */
@@ -218,7 +218,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		    return PAM_IGNORE;
 		}
 	    } else if(apply_type==APPLY_TYPE_GROUP) {
-		if(!_pammodutil_user_in_group_nam_nam(pamh,user_name,apply_val)) {
+		if(!pam_modutil_user_in_group_nam_nam(pamh,user_name,apply_val)) {
 		    /* Not a member of apply= group */
 #ifdef DEBUG
 		    pam_syslog(pamh,LOG_DEBUG,
@@ -261,14 +261,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     if(extitem) {
 	switch(extitem) {
 	    case EI_GROUP:
-		userinfo = _pammodutil_getpwnam(pamh, citemp);
+		userinfo = pam_modutil_getpwnam(pamh, citemp);
 		if (userinfo == NULL) {
 		    pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed",
 			     citemp);
 		    free(ifname);
 		    return onerr;
 		}
-		grpinfo = _pammodutil_getgrgid(pamh, userinfo->pw_gid);
+		grpinfo = pam_modutil_getgrgid(pamh, userinfo->pw_gid);
 		if (grpinfo == NULL) {
 		    pam_syslog(pamh,LOG_ERR, "getgrgid(%d) failed",
 			     (int)userinfo->pw_gid);
@@ -290,7 +290,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		/* Assume that we have already gotten PAM_USER in
 		   pam_get_item() - a valid assumption since citem
 		   gets set to PAM_USER in the extitem switch */
-		userinfo = _pammodutil_getpwnam(pamh, citemp);
+		userinfo = pam_modutil_getpwnam(pamh, citemp);
 		if (userinfo == NULL) {
 		    pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed",
 			     citemp);
diff --git a/modules/pam_localuser/Makefile.am b/modules/pam_localuser/Makefile.am
index 10316a83..689266d2 100644
--- a/modules/pam_localuser/Makefile.am
+++ b/modules/pam_localuser/Makefile.am
@@ -11,10 +11,8 @@ man_MANS = pam_localuser.8
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_mail/Makefile.am b/modules/pam_mail/Makefile.am
index 4151c042..733fa6ae 100644
--- a/modules/pam_mail/Makefile.am
+++ b/modules/pam_mail/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c
index 1c2c6043..59424ff4 100644
--- a/modules/pam_mail/pam_mail.c
+++ b/modules/pam_mail/pam_mail.c
@@ -22,6 +22,10 @@
 #include <unistd.h>
 #include <dirent.h>
 
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
 #define DEFAULT_MAIL_DIRECTORY    PAM_PATH_MAILDIR
 #define MAIL_FILE_FORMAT          "%s%s/%s"
 #define MAIL_ENV_NAME             "MAIL"
@@ -42,7 +46,7 @@
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /* argument parsing */
@@ -134,7 +138,7 @@ static int get_folder(pam_handle_t *pamh, int ctrl,
     if (ctrl & PAM_NEW_MAIL_DIR) {
 	path = *path_mail;
 	if (*path == '~') {       /* support for $HOME delivery */
-	    pwd = _pammodutil_getpwnam(pamh, user);
+	    pwd = pam_modutil_getpwnam(pamh, user);
 	    if (pwd == NULL) {
 		pam_syslog(pamh,LOG_ERR, "user [%s] unknown", user);
 		_pam_overwrite(*path_mail);
diff --git a/modules/pam_mkhomedir/Makefile.am b/modules/pam_mkhomedir/Makefile.am
index c955404e..641a5618 100644
--- a/modules/pam_mkhomedir/Makefile.am
+++ b/modules/pam_mkhomedir/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c
index 8cc20667..de67c0cc 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -53,7 +53,7 @@
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 
@@ -400,18 +400,18 @@ create_homedir (pam_handle_t * pamh, int ctrl,
       /* Copy the file */
       do
       {
-	 Res = _pammodutil_read(SrcFd,remark,sizeof(remark));
+	 Res = pam_modutil_read(SrcFd,remark,sizeof(remark));
 
 	 if (Res == 0)
 	     continue;
 
 	 if (Res > 0) {
-	     if (_pammodutil_write(DestFd,remark,Res) == Res)
+	     if (pam_modutil_write(DestFd,remark,Res) == Res)
 		continue;
 	 }
 
-	 /* If we get here, pammodutil_read returned a -1 or
-	    _pammodutil_write returned something unexpected. */
+	 /* If we get here, pam_modutil_read returned a -1 or
+	    pam_modutil_write returned something unexpected. */
 	 close(SrcFd);
 	 close(DestFd);
 	 closedir(D);
@@ -473,7 +473,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc,
    }
 
    /* Get the password entry */
-   pwd = _pammodutil_getpwnam (pamh, user);
+   pwd = pam_modutil_getpwnam (pamh, user);
    if (pwd == NULL)
    {
       D(("couldn't identify user %s", user));
diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am
index 7a1c66d6..b35883b7 100644
--- a/modules/pam_motd/Makefile.am
+++ b/modules/pam_motd/Makefile.am
@@ -7,10 +7,8 @@ CLEANFILES = *~
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
index 552c4fc0..fff76e07 100644
--- a/modules/pam_motd/pam_motd.c
+++ b/modules/pam_motd/pam_motd.c
@@ -34,7 +34,7 @@
 #define DEFAULT_MOTD	"/etc/motd"
 
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 
 /* --- session management functions (only) --- */
 
@@ -85,7 +85,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
 	if (!(mtmp = malloc(st.st_size+1)))
 	    break;
 
-	if (_pammodutil_read(fd, mtmp, st.st_size) != st.st_size)
+	if (pam_modutil_read(fd, mtmp, st.st_size) != st.st_size)
 	    break;
 
 	if (mtmp[st.st_size-1] == '\n')
diff --git a/modules/pam_nologin/Makefile.am b/modules/pam_nologin/Makefile.am
index 0a6181c2..8c483f9a 100644
--- a/modules/pam_nologin/Makefile.am
+++ b/modules/pam_nologin/Makefile.am
@@ -11,10 +11,8 @@ man_MANS = pam_nologin.8
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c
index d9da7bcd..1b6c0bee 100644
--- a/modules/pam_nologin/pam_nologin.c
+++ b/modules/pam_nologin/pam_nologin.c
@@ -29,7 +29,7 @@
 #define PAM_SM_ACCOUNT
 
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /*
@@ -85,7 +85,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
 	struct passwd *user_pwd;
 	struct stat st;
 
-	user_pwd = _pammodutil_getpwnam(pamh, username);
+	user_pwd = pam_modutil_getpwnam(pamh, username);
 	if (user_pwd == NULL) {
 
 	    retval = PAM_USER_UNKNOWN;
@@ -111,7 +111,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
 	    goto clean_up_fd;
 	}
 
-	if (_pammodutil_read(fd, mtmp, st.st_size) == st.st_size) {
+	if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) {
 		mtmp[st.st_size] = '\000';
 
 		pam_prompt (pamh, msg_style, NULL, "%s", mtmp);
diff --git a/modules/pam_permit/Makefile.am b/modules/pam_permit/Makefile.am
index ef8ce215..6ba98769 100644
--- a/modules/pam_permit/Makefile.am
+++ b/modules/pam_permit/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_pwdb/Makefile.am b/modules/pam_pwdb/Makefile.am
index 559b2120..09b6e233 100644
--- a/modules/pam_pwdb/Makefile.am
+++ b/modules/pam_pwdb/Makefile.am
@@ -14,10 +14,8 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/ \
 	-DCHKPWD_HELPER=\"$(sbindir)/$(CHKPWD)\"
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam @LIBCRYPT@ @LIBPWDB@
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_rhosts/Makefile.am b/modules/pam_rhosts/Makefile.am
index 5b2bb210..e0fec5dd 100644
--- a/modules/pam_rhosts/Makefile.am
+++ b/modules/pam_rhosts/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_rhosts/pam_rhosts_auth.c b/modules/pam_rhosts/pam_rhosts_auth.c
index 1e6a85af..24a7135a 100644
--- a/modules/pam_rhosts/pam_rhosts_auth.c
+++ b/modules/pam_rhosts/pam_rhosts_auth.c
@@ -85,7 +85,7 @@
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /*
@@ -471,7 +471,7 @@ pam_iruserok(pam_handle_t *pamh,
      * Identify user's local .rhosts file
      */
 
-    pwd = _pammodutil_getpwnam(pamh, luser);
+    pwd = pam_modutil_getpwnam(pamh, luser);
     if (pwd == NULL) {
 	/*
 	 * luser is assumed to be valid because of an earlier check for uid = 0
@@ -532,7 +532,7 @@ pam_iruserok(pam_handle_t *pamh,
 
 	/* private group caveat */
 	if (opts->opt_private_group) {
-	    struct group *grp = _pammodutil_getgrgid(pamh, sbuf.st_gid);
+	    struct group *grp = pam_modutil_getgrgid(pamh, sbuf.st_gid);
 
 	    if (NULL == grp || NULL == grp->gr_name
 		|| strcmp(luser,grp->gr_name)) {
@@ -694,7 +694,7 @@ static int _pam_auth_rhosts (pam_handle_t *pamh,
 	if (! opts.opt_no_uid_check) {
 	    struct passwd *luser_pwd;
 
-	    luser_pwd = _pammodutil_getpwnam(pamh, luser);
+	    luser_pwd = pam_modutil_getpwnam(pamh, luser);
 	    if (luser_pwd == NULL) {
 		if (opts.opt_debug)
 		    pam_syslog(pamh,LOG_DEBUG, "user '%s' unknown to this system",
diff --git a/modules/pam_rootok/Makefile.am b/modules/pam_rootok/Makefile.am
index b09c8881..132168cd 100644
--- a/modules/pam_rootok/Makefile.am
+++ b/modules/pam_rootok/Makefile.am
@@ -9,13 +9,11 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 if HAVE_LIBSELINUX
 AM_CFLAGS += -DWITH_SELINUX
 endif
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam @LIBSELINUX@
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am
index 8ea6b662..c79bee4b 100644
--- a/modules/pam_securetty/Makefile.am
+++ b/modules/pam_securetty/Makefile.am
@@ -11,10 +11,8 @@ man_MANS = pam_securetty.8
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index a31bed35..fd0af9b1 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -34,7 +34,7 @@
 #define PAM_SM_ACCOUNT
 
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 #define PAM_DEBUG_ARG       0x0001
@@ -85,7 +85,7 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 	return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR);
     }
 
-    user_pwd = _pammodutil_getpwnam(pamh, username);
+    user_pwd = pam_modutil_getpwnam(pamh, username);
     if (user_pwd == NULL) {
 	return PAM_USER_UNKNOWN;
     } else if (user_pwd->pw_uid != 0) { /* If the user is not root,
diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am
index 154dbf42..5dfe6a5d 100644
--- a/modules/pam_selinux/Makefile.am
+++ b/modules/pam_selinux/Makefile.am
@@ -12,10 +12,8 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/libpam_misc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+	-I$(top_srcdir)/libpam_misc/include
 AM_LDFLAGS = -no-undefined \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam @LIBSELINUX@
 
 pam_selinux_check_LDFLAGS = -L$(top_builddir)/libpam_misc -lpam_misc
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index d59cc39d..373a38f3 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -57,7 +57,7 @@
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 #include <selinux/selinux.h>
diff --git a/modules/pam_shells/Makefile.am b/modules/pam_shells/Makefile.am
index ad504a0f..4eef6288 100644
--- a/modules/pam_shells/Makefile.am
+++ b/modules/pam_shells/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index 793b3dff..be4aeb18 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -31,7 +31,7 @@
 #define PAM_SM_ACCOUNT
 
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 static int perform_check(pam_handle_t *pamh)
@@ -61,7 +61,7 @@ static int perform_check(pam_handle_t *pamh)
 	    return PAM_SERVICE_ERR;
     }
 
-    pw = _pammodutil_getpwnam(pamh, userName);
+    pw = pam_modutil_getpwnam(pamh, userName);
     if (!pw) {
 	return PAM_AUTH_ERR;		/* user doesn't exist */
     }
diff --git a/modules/pam_stress/Makefile.am b/modules/pam_stress/Makefile.am
index da019f89..5aec6a4c 100644
--- a/modules/pam_stress/Makefile.am
+++ b/modules/pam_stress/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_succeed_if/Makefile.am b/modules/pam_succeed_if/Makefile.am
index 4ed10b72..71a63dc1 100644
--- a/modules/pam_succeed_if/Makefile.am
+++ b/modules/pam_succeed_if/Makefile.am
@@ -11,10 +11,8 @@ man_MANS = pam_succeed_if.8
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index 2f5e6294..9e3046f3 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -53,7 +53,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /* Basically, run cmp(atol(left), atol(right)), returning PAM_SUCCESS if
@@ -184,7 +184,7 @@ static int
 evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *group)
 {
 	int ret;
-	ret = _pammodutil_user_in_group_nam_nam(pamh, user, group);
+	ret = pam_modutil_user_in_group_nam_nam(pamh, user, group);
 	switch (ret) {
 	case 1:
 		return PAM_SUCCESS;
@@ -199,7 +199,7 @@ static int
 evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
 {
 	int ret;
-	ret = _pammodutil_user_in_group_nam_nam(pamh, user, group);
+	ret = pam_modutil_user_in_group_nam_nam(pamh, user, group);
 	switch (ret) {
 	case 0:
 		return PAM_SUCCESS;
@@ -349,7 +349,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 
 	if (use_uid) {
 		/* Get information about the user. */
-		pwd = _pammodutil_getpwuid(pamh, getuid());
+		pwd = pam_modutil_getpwuid(pamh, getuid());
 		if (pwd == NULL) {
 			pam_syslog(pamh,LOG_CRIT,
 				  "error retrieving information about user %ld",
@@ -367,7 +367,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		}
 
 		/* Get information about the user. */
-		pwd = _pammodutil_getpwnam(pamh, user);
+		pwd = pam_modutil_getpwnam(pamh, user);
 		if (pwd == NULL) {
 			pam_syslog(pamh,LOG_CRIT,
 				  "error retrieving information about user %s",
diff --git a/modules/pam_tally/Makefile.am b/modules/pam_tally/Makefile.am
index a900612b..73c819c4 100644
--- a/modules/pam_tally/Makefile.am
+++ b/modules/pam_tally/Makefile.am
@@ -11,9 +11,8 @@ secureconfdir = $(SCONFIGDIR)
 
 noinst_HEADERS = faillog.h
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
-AM_LDFLAGS = $(top_builddir)/modules/pammodutil/libpammodutil.la \
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_LDFLAGS = -no-undefined -avoid-version -module \
 	-L$(top_builddir)/libpam -lpam
 
 pam_tally_la_LDFLAGS = -no-undefined -avoid-version -module
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index 579eb58f..9abe7d49 100644
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -52,7 +52,7 @@
 /* #define PAM_SM_PASSWORD */
 
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /*---------------------------------------------------------------------*/
@@ -238,7 +238,7 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
       return PAM_AUTH_ERR;
     }
 
-    if ( ! ( pw = _pammodutil_getpwnam( pamh, user ) ) ) {
+    if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
       opts->ctrl & OPT_AUDIT ?
 	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
 	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user");
diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am
index d0a09f75..8a84ef78 100644
--- a/modules/pam_time/Makefile.am
+++ b/modules/pam_time/Makefile.am
@@ -10,10 +10,8 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/ \
 	-DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\"
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_umask/Makefile.am b/modules/pam_umask/Makefile.am
index c887cd47..abc1cd68 100644
--- a/modules/pam_umask/Makefile.am
+++ b/modules/pam_umask/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index ff705567..e93efc01 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -51,7 +51,7 @@
 #define PAM_SM_SESSION
 
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 struct options_t {
@@ -192,7 +192,7 @@ setup_limits_from_gecos (pam_handle_t *pamh, options_t *options,
 	 owner bits (examples: 022 -> 002, 077 -> 007).  */
       if (pw->pw_uid != 0 && pw->pw_uid == pw->pw_gid)
 	{
-	  struct group *grp = _pammodutil_getgrgid (pamh, pw->pw_gid);
+	  struct group *grp = pam_modutil_getgrgid (pamh, pw->pw_gid);
 	  if (grp && (strcmp (pw->pw_name, grp->gr_name) == 0))
 	    {
 	      mode_t oldmask = umask (0777);
@@ -250,7 +250,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
       return PAM_SERVICE_ERR;
     }
 
-  pw = _pammodutil_getpwnam (pamh, name);
+  pw = pam_modutil_getpwnam (pamh, name);
   if (pw == NULL)
     {
       pam_syslog (pamh, LOG_ERR, "account for %s not found", name);
diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am
index 9997603b..608a095f 100644
--- a/modules/pam_unix/Makefile.am
+++ b/modules/pam_unix/Makefile.am
@@ -12,7 +12,6 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/ \
 	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\"
 
 AM_LDFLAGS = -L$(top_builddir)/libpam -lpam @LIBCRYPT@ @LIBSELINUX@
@@ -25,7 +24,6 @@ if HAVE_LIBCRACK
 endif
 
 pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	@LIBCRACK@ @LIBNSL@
 if HAVE_VERSIONING
   pam_unix_la_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index d01a1fc0..03143d96 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -59,7 +59,7 @@
 #define PAM_SM_ACCOUNT
 
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 
 #ifndef LINUX_PAM
 #include <security/pam_appl.h>
@@ -143,7 +143,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons
       } else {
 	retval = WEXITSTATUS(retval);
 	if (retval != PAM_AUTHINFO_UNAVAIL) {
-          rc = _pammodutil_read(fds[0], buf, sizeof(buf) - 1);
+          rc = pam_modutil_read(fds[0], buf, sizeof(buf) - 1);
 	  if(rc > 0) {
 	      buf[rc] = '\0';
 	      if (sscanf(buf,"%ld:%ld:%ld:%ld:%ld:%ld",
@@ -208,7 +208,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 		return PAM_USER_UNKNOWN;
 	}
 
-	pwent = _pammodutil_getpwnam(pamh, uname);
+	pwent = pam_modutil_getpwnam(pamh, uname);
 	if (!pwent) {
 		_log_err(LOG_ALERT, pamh
 			 ,"could not identify user (from getpwnam(%s))"
@@ -232,7 +232,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 					return PAM_CRED_INSUFFICIENT;
 			}
 		}
-		spent = _pammodutil_getspnam (pamh, uname);
+		spent = pam_modutil_getspnam (pamh, uname);
 		if (save_uid == pwent->pw_uid)
 			setreuid( save_uid, save_euid );
 		else {
@@ -242,7 +242,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 		}
 
 	} else if (_unix_shadowed (pwent))
-		spent = _pammodutil_getspnam (pamh, uname);
+		spent = pam_modutil_getspnam (pamh, uname);
 	else
 		return PAM_SUCCESS;
 
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 54b3de83..7212952e 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -83,7 +83,7 @@ static security_context_t prev_context=NULL;
 #include <security/pam_appl.h>
 #endif				/* LINUX_PAM */
 
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 
 #include "yppasswd.h"
 #include "md5.h"
@@ -282,14 +282,14 @@ static int _unix_run_shadow_binary(pam_handle_t *pamh, unsigned int ctrl, const
 	/* if the stored password is NULL */
         int rc=0;
 	if (fromwhat)
-	  _pammodutil_write(fds[1], fromwhat, strlen(fromwhat)+1);
+	  pam_modutil_write(fds[1], fromwhat, strlen(fromwhat)+1);
 	else
-	  _pammodutil_write(fds[1], "", 1);
+	  pam_modutil_write(fds[1], "", 1);
 	if (towhat) {
-	  _pammodutil_write(fds[1], towhat, strlen(towhat)+1);
+	  pam_modutil_write(fds[1], towhat, strlen(towhat)+1);
 	}
 	else
-	  _pammodutil_write(fds[1], "", 1);
+	  pam_modutil_write(fds[1], "", 1);
 
 	close(fds[0]);       /* close here to avoid possible SIGPIPE above */
 	close(fds[1]);
@@ -463,7 +463,7 @@ static int save_old_password(pam_handle_t *pamh,
     fclose(opwfile);
 
     if (!found) {
-	pwd = _pammodutil_getpwnam(pamh, forwho);
+	pwd = pam_modutil_getpwnam(pamh, forwho);
 	if (pwd == NULL) {
 	    err = 1;
 	} else {
diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c
index e783039e..49aa29aa 100644
--- a/modules/pam_unix/pam_unix_sess.c
+++ b/modules/pam_unix/pam_unix_sess.c
@@ -53,7 +53,7 @@
 
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 
 #ifndef LINUX_PAM
 #include <security/pam_appl.h>
@@ -91,7 +91,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags,
 		         "open_session - error recovering service");
 		return PAM_SESSION_ERR;
 	}
-	login_name = _pammodutil_getlogin(pamh);
+	login_name = pam_modutil_getlogin(pamh);
 	if (login_name == NULL) {
 	    login_name = "";
 	}
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 91920291..f9b84da5 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -25,7 +25,7 @@
 
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 
 #include "md5.h"
 #include "support.h"
@@ -476,7 +476,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
 	/* UNIX passwords area */
 
 	/* Get password file entry... */
-	pwd = _pammodutil_getpwnam (pamh, name);
+	pwd = pam_modutil_getpwnam (pamh, name);
 
 	if (pwd != NULL) {
 		if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
@@ -498,7 +498,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
 				}
 			}
 
-			spwdent = _pammodutil_getspnam (pamh, name);
+			spwdent = pam_modutil_getspnam (pamh, name);
 			if (save_uid == pwd->pw_uid)
 				setreuid( save_uid, save_euid );
 			else {
@@ -511,7 +511,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
 			 * ...and shadow password file entry for this user,
 			 * if shadowing is enabled
 			 */
-			spwdent = _pammodutil_getspnam(pamh, name);
+			spwdent = pam_modutil_getspnam(pamh, name);
 		}
 		if (spwdent)
 			salt = x_strdup(spwdent->sp_pwdp);
@@ -662,7 +662,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 	D(("locating user's record"));
 
 	/* UNIX passwords area */
-	pwd = _pammodutil_getpwnam (pamh, name);	/* Get password file entry... */
+	pwd = pam_modutil_getpwnam (pamh, name);	/* Get password file entry... */
 
 	if (pwd != NULL) {
 		if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
@@ -683,7 +683,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 				}
 			}
 
-			spwdent = _pammodutil_getspnam (pamh, name);
+			spwdent = pam_modutil_getspnam (pamh, name);
 			if (save_uid == pwd->pw_uid)
 				setreuid( save_uid, save_euid );
 			else {
@@ -696,7 +696,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 			 * ...and shadow password file entry for this user,
 			 * if shadowing is enabled
 			 */
-			spwdent = _pammodutil_getspnam (pamh, name);
+			spwdent = pam_modutil_getspnam (pamh, name);
 		}
 		if (spwdent)
 			salt = x_strdup(spwdent->sp_pwdp);
@@ -806,7 +806,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 			    const void *void_old;
 
 
-			    login_name = _pammodutil_getlogin(pamh);
+			    login_name = pam_modutil_getlogin(pamh);
 			    if (login_name == NULL) {
 				login_name = "";
 			    }
diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am
index 8a68533a..080ff6b1 100644
--- a/modules/pam_userdb/Makefile.am
+++ b/modules/pam_userdb/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README create.pl
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam @LIBDB@ @LIBCRYPT@
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_warn/Makefile.am b/modules/pam_warn/Makefile.am
index a3916205..5cdb6668 100644
--- a/modules/pam_warn/Makefile.am
+++ b/modules/pam_warn/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_wheel/Makefile.am b/modules/pam_wheel/Makefile.am
index e1b115a2..0b098be1 100644
--- a/modules/pam_wheel/Makefile.am
+++ b/modules/pam_wheel/Makefile.am
@@ -9,10 +9,8 @@ EXTRA_DIST = README
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
index eaf32660..ddbf3b86 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -43,7 +43,7 @@
 #define PAM_SM_ACCOUNT
 
 #include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 /* checks if a user is on a list of members of the GID 0 group */
@@ -115,7 +115,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
         return PAM_SERVICE_ERR;
     }
 
-    pwd = _pammodutil_getpwnam (pamh, username);
+    pwd = pam_modutil_getpwnam (pamh, username);
     if (!pwd) {
         if (ctrl & PAM_DEBUG_ARG) {
             pam_syslog(pamh,LOG_NOTICE,"unknown user %s",username);
@@ -130,7 +130,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
     }
 
     if (ctrl & PAM_USE_UID_ARG) {
-	tpwd = _pammodutil_getpwuid (pamh, getuid());
+	tpwd = pam_modutil_getpwuid (pamh, getuid());
 	if (!tpwd) {
 	    if (ctrl & PAM_DEBUG_ARG) {
                 pam_syslog(pamh,LOG_NOTICE, "who is running me ?!");
@@ -139,9 +139,9 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
 	}
 	fromsu = tpwd->pw_name;
     } else {
-	fromsu = _pammodutil_getlogin(pamh);
+	fromsu = pam_modutil_getlogin(pamh);
 	if (fromsu) {
-	    tpwd = _pammodutil_getpwnam (pamh, fromsu);
+	    tpwd = pam_modutil_getpwnam (pamh, fromsu);
 	}
 	if (!fromsu || !tpwd) {
 	    if (ctrl & PAM_DEBUG_ARG) {
@@ -156,11 +156,11 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
      */
 
     if (!use_group[0]) {
-	if ((grp = _pammodutil_getgrnam (pamh, "wheel")) == NULL) {
-	    grp = _pammodutil_getgrgid (pamh, 0);
+	if ((grp = pam_modutil_getgrnam (pamh, "wheel")) == NULL) {
+	    grp = pam_modutil_getgrgid (pamh, 0);
 	}
     } else {
-	grp = _pammodutil_getgrnam (pamh, use_group);
+	grp = pam_modutil_getgrnam (pamh, use_group);
     }
 
     if (!grp || (!grp->gr_mem && (tpwd->pw_gid != grp->gr_gid))) {
diff --git a/modules/pam_xauth/Makefile.am b/modules/pam_xauth/Makefile.am
index 2e7f0e0f..2dc65cd6 100644
--- a/modules/pam_xauth/Makefile.am
+++ b/modules/pam_xauth/Makefile.am
@@ -11,10 +11,8 @@ EXTRA_DIST = README ${MANS}
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/modules/pammodutil/include/
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
 AM_LDFLAGS = -no-undefined -avoid-version -module \
-	$(top_builddir)/modules/pammodutil/libpammodutil.la \
 	-L$(top_builddir)/libpam -lpam
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=../modules.map
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 27a657b9..382186f9 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -54,7 +54,7 @@
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
-#include <security/_pam_modutil.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
 #define DATANAME "pam_xauth_cookie_file"
@@ -141,12 +141,12 @@ run_coprocess(const char *input, char **output,
 	close(opipe[1]);
 	/* Send input to the process (if we have any), then send an EOF. */
 	if (input) {
-		(void)_pammodutil_write(ipipe[1], input, strlen(input));
+		(void)pam_modutil_write(ipipe[1], input, strlen(input));
 	}
 	close(ipipe[1]);
 
 	/* Read data output until we run out of stuff to read. */
-	i = _pammodutil_read(opipe[0], buf, sizeof(buf));
+	i = pam_modutil_read(opipe[0], buf, sizeof(buf));
 	while ((i != 0) && (i != -1)) {
 		char *tmp;
 		/* Resize the buffer to hold the data. */
@@ -168,7 +168,7 @@ run_coprocess(const char *input, char **output,
 		buffer[buffer_size + i] = '\0';
 		buffer_size += i;
 		/* Try to read again. */
-		i = _pammodutil_read(opipe[0], buf, sizeof(buf));
+		i = pam_modutil_read(opipe[0], buf, sizeof(buf));
 	}
 	/* No more data.  Clean up and return data. */
 	close(opipe[0]);
@@ -197,7 +197,7 @@ check_acl(pam_handle_t *pamh,
 	int i;
 	uid_t euid;
 	/* Check this user's <sense> file. */
-	pwd = _pammodutil_getpwnam(pamh, this_user);
+	pwd = pam_modutil_getpwnam(pamh, this_user);
 	if (pwd == NULL) {
 		pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining "
 		       "home directory for '%s'", this_user);
@@ -333,7 +333,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 		retval = PAM_SESSION_ERR;
 		goto cleanup;
 	}
-	rpwd = _pammodutil_getpwuid(pamh, getuid());
+	rpwd = pam_modutil_getpwuid(pamh, getuid());
 	if (rpwd == NULL) {
 		pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining invoking "
 		       "user's name");
@@ -343,7 +343,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 
 	/* Get the target user's UID and primary GID, which we'll need to set
 	 * on the xauthority file we create later on. */
-	tpwd = _pammodutil_getpwnam(pamh, user);
+	tpwd = pam_modutil_getpwnam(pamh, user);
 	if (tpwd == NULL) {
 		pam_syslog(pamh,LOG_ERR, "pam_xauth: error determining target "
 		       "user's UID");
diff --git a/modules/pammodutil/.cvsignore b/modules/pammodutil/.cvsignore
deleted file mode 100644
index 99d2856d..00000000
--- a/modules/pammodutil/.cvsignore
+++ /dev/null
@@ -1,3 +0,0 @@
-static
-Makefile
-Makefile.in
diff --git a/modules/pammodutil/Makefile.am b/modules/pammodutil/Makefile.am
deleted file mode 100644
index a55ff394..00000000
--- a/modules/pammodutil/Makefile.am
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Copyright (c) 2005 Thorsten Kukuk <kukuk@suse.de>
-#
-
-CLEANFILES = *~
-
-AM_CFLAGS = -I$(srcdir)/include -I$(top_srcdir)/libpam/include
-
-noinst_HEADERS = pammodutil.h include/security/_pam_modutil.h
-
-noinst_LTLIBRARIES = libpammodutil.la
-
-libpammodutil_la_SOURCES = modutil_cleanup.c modutil_getgrgid.c \
-	modutil_getgrnam.c modutil_getlogin.c modutil_getpwnam.c \
-	modutil_getpwuid.c modutil_getspnam.c modutil_ingroup.c \
-	modutil_ioloop.c
diff --git a/modules/pammodutil/README b/modules/pammodutil/README
deleted file mode 100644
index 241f83a7..00000000
--- a/modules/pammodutil/README
+++ /dev/null
@@ -1,15 +0,0 @@
-$Id$
-
-This is a libarary of routines for use by modules. The routines seem
-to have a common use for modules, but are not part of libpam and never
-will be. They are also a convenient layer of abstraction for providing
-thread-safe functions that may require use of pam_handle_t 'data'
-items to make their thread-safeness tied to the use of a single
-pam_handle_t per thread.
-
-Functions provided so far are all listed in
-
-   include/security/_pam_modutil.h
-
-.
-
diff --git a/modules/pammodutil/include/security/_pam_modutil.h b/modules/pammodutil/include/security/_pam_modutil.h
deleted file mode 100644
index c2ac24c2..00000000
--- a/modules/pammodutil/include/security/_pam_modutil.h
+++ /dev/null
@@ -1,66 +0,0 @@
-#ifndef _PAM_MODUTIL_H
-#define _PAM_MODUTIL_H
-
-/*
- * $Id$
- *
- * This file is a list of handy libc wrappers that attempt to provide some
- * thread-safe and other convenient functionality to modules in a form that
- * is common, but not dynamically linked with yet another dynamic pam
- * library extension.
- *
- * A number of these functions reserve space in a pam_[sg]et_data item.
- * In all cases, the name of the item is prefixed with "_pammodutil_*".
- *
- * On systems that simply can't support thread safe programming, these
- * functions don't support it either - sorry.
- *
- * Copyright (c) 2001-2002 Andrew Morgan <morgan@kernel.org>
- */
-
-#include <pwd.h>
-#include <grp.h>
-#include <shadow.h>
-#include <sys/types.h>
-
-extern struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh,
-					   const char *user);
-
-extern struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh,
-					   uid_t uid);
-
-extern struct group  *_pammodutil_getgrnam(pam_handle_t *pamh,
-                                           const char *group);
- 
-extern struct group  *_pammodutil_getgrgid(pam_handle_t *pamh,
-                                           gid_t gid);
- 
-extern struct spwd   *_pammodutil_getspnam(pam_handle_t *pamh,
-                                           const char *user);
-
-extern int _pammodutil_user_in_group_nam_nam(pam_handle_t *pamh,
-                                             const char *user,
-                                             const char *group);
- 
-extern int _pammodutil_user_in_group_nam_gid(pam_handle_t *pamh,
-                                             const char *user,
-                                             gid_t group);
- 
-extern int _pammodutil_user_in_group_uid_nam(pam_handle_t *pamh,
-                                             uid_t user,
-                                             const char *group);
- 
-extern int _pammodutil_user_in_group_uid_gid(pam_handle_t *pamh,
-                                             uid_t user,
-                                             gid_t group);
-
-extern void _pammodutil_cleanup(pam_handle_t *pamh, void *data,
-				int error_status);
-
-extern const char *_pammodutil_getlogin(pam_handle_t *pamh);
-
-extern int _pammodutil_read(int fd, char *buffer, int count);
-
-extern int _pammodutil_write(int fd, const char *buffer, int count);
-
-#endif /* _PAM_MODUTIL_H */
diff --git a/modules/pammodutil/modutil_cleanup.c b/modules/pammodutil/modutil_cleanup.c
deleted file mode 100644
index 7460da14..00000000
--- a/modules/pammodutil/modutil_cleanup.c
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * $Id$
- *
- * This function provides a common pam_set_data() friendly version of free().
- */
-
-#include "pammodutil.h"
-
-void
-_pammodutil_cleanup (pam_handle_t *pamh UNUSED, void *data,
-		     int error_status UNUSED)
-{
-    if (data) {
-	/* junk it */
-	(void) free(data);
-    }
-}
diff --git a/modules/pammodutil/modutil_getgrgid.c b/modules/pammodutil/modutil_getgrgid.c
deleted file mode 100644
index 179df3b2..00000000
--- a/modules/pammodutil/modutil_getgrgid.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * $Id$
- *
- * This function provides a thread safer version of getgrgid() for use
- * with PAM modules that care about this sort of thing.
- *
- * XXX - or at least it should provide a thread-safe alternative.
- */
-
-#include "pammodutil.h"
-
-#include <errno.h>
-#include <limits.h>
-#include <grp.h>
-#include <pthread.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
-static void _pammodutil_lock(void)
-{
-	pthread_mutex_lock(&_pammodutil_mutex);
-}
-static void _pammodutil_unlock(void)
-{
-	pthread_mutex_unlock(&_pammodutil_mutex);
-}
-
-static int intlen(int number)
-{ 
-    int len = 2;
-    while (number != 0) {
-        number /= 10;
-	len++;
-    }
-    return len;
-}
-
-static int longlen(long number)
-{ 
-    int len = 2;
-    while (number != 0) {
-        number /= 10;
-	len++;
-    }
-    return len;
-}
-
-struct group *_pammodutil_getgrgid(pam_handle_t *pamh, gid_t gid)
-{
-#ifdef HAVE_GETGRGID_R
-
-    void *buffer=NULL;
-    size_t length = PWD_INITIAL_LENGTH;
-
-    do {
-	int status;
-	void *new_buffer;
-	struct group *result = NULL;
-
-	new_buffer = realloc(buffer, sizeof(struct group) + length);
-	if (new_buffer == NULL) {
-
-	    D(("out of memory"));
-
-	    /* no memory for the user - so delete the memory */
-	    if (buffer) {
-		free(buffer);
-	    }
-	    return NULL;
-	}
-	buffer = new_buffer;
-
-	/* make the re-entrant call to get the grp structure */
-	errno = 0;
-	status = getgrgid_r(gid, buffer,
-			    sizeof(struct group) + (char *) buffer,
-			    length, &result);
-	if (!status && (result == buffer)) {
-	    char *data_name;
-	    const void *ignore;
-	    int i;
-
-	    data_name = malloc(strlen("_pammodutil_getgrgid") + 1 +
-	    		       longlen((long)gid) + 1 + intlen(INT_MAX) + 1);
-	    if ((pamh != NULL) && (data_name == NULL)) {
-	        D(("was unable to register the data item [%s]",
-	           pam_strerror(pamh, status)));
-		free(buffer);
-		return NULL;
-	    }
-
-	    if (pamh != NULL) {
-	        for (i = 0; i < INT_MAX; i++) {
-	            sprintf(data_name, "_pammodutil_getgrgid_%ld_%d",
-		   	    (long) gid, i);
-	            _pammodutil_lock();
-		    status = PAM_NO_MODULE_DATA;
-	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
-		        status = pam_set_data(pamh, data_name,
-					      result, _pammodutil_cleanup);
-		    }
-	            _pammodutil_unlock();
-		    if (status == PAM_SUCCESS) {
-		        break;
-		    }
-		}
-	    } else {
-	        status = PAM_SUCCESS;
-	    }
-
-	    free(data_name);
-
-	    if (status == PAM_SUCCESS) {
-		D(("success"));
-		return result;
-	    }
-
-	    D(("was unable to register the data item [%s]",
-	       pam_strerror(pamh, status)));
-
-	    free(buffer);
-	    return NULL;
-
-	} else if (errno != ERANGE && errno != EINTR) {
-		/* no sense in repeating the call */
-		break;
-	}
-	
-	length <<= 2;
-
-    } while (length < PWD_ABSURD_PWD_LENGTH);
-
-    D(("grp structure took %u bytes or so of memory",
-       length+sizeof(struct group)));
-
-    free(buffer);
-    return NULL;
-
-#else /* ie. ifndef HAVE_GETGRGID_R */
-
-    /*
-     * Sorry, there does not appear to be a reentrant version of
-     * getgrgid(). So, we use the standard libc function.
-     */
-    
-    return getgrgid(gid);
-
-#endif /* def HAVE_GETGRGID_R */
-}
diff --git a/modules/pammodutil/modutil_getgrnam.c b/modules/pammodutil/modutil_getgrnam.c
deleted file mode 100644
index e34d4c45..00000000
--- a/modules/pammodutil/modutil_getgrnam.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * $Id$
- *
- * This function provides a thread safer version of getgrnam() for use
- * with PAM modules that care about this sort of thing.
- *
- * XXX - or at least it should provide a thread-safe alternative.
- */
-
-#include "pammodutil.h"
-
-#include <errno.h>
-#include <limits.h>
-#include <grp.h>
-#include <pthread.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
-static void _pammodutil_lock(void)
-{
-	pthread_mutex_lock(&_pammodutil_mutex);
-}
-static void _pammodutil_unlock(void)
-{
-	pthread_mutex_unlock(&_pammodutil_mutex);
-}
-
-static int intlen(int number)
-{ 
-    int len = 2;
-    while (number != 0) {
-        number /= 10;
-	len++;
-    }
-    return len;
-}
-
-struct group *_pammodutil_getgrnam(pam_handle_t *pamh, const char *group)
-{
-#ifdef HAVE_GETGRNAM_R
-
-    void *buffer=NULL;
-    size_t length = PWD_INITIAL_LENGTH;
-
-    do {
-	int status;
-	void *new_buffer;
-	struct group *result = NULL;
-
-	new_buffer = realloc(buffer, sizeof(struct group) + length);
-	if (new_buffer == NULL) {
-
-	    D(("out of memory"));
-
-	    /* no memory for the group - so delete the memory */
-	    if (buffer) {
-		free(buffer);
-	    }
-	    return NULL;
-	}
-	buffer = new_buffer;
-
-	/* make the re-entrant call to get the grp structure */
-	errno = 0;
-	status = getgrnam_r(group, buffer,
-			    sizeof(struct group) + (char *) buffer,
-			    length, &result);
-	if (!status && (result == buffer)) {
-	    char *data_name;
-	    const void *ignore;
-	    int i;
-
-	    data_name = malloc(strlen("_pammodutil_getgrnam") + 1 +
-	    		       strlen(group) + 1 + intlen(INT_MAX) + 1);
-	    if ((pamh != NULL) && (data_name == NULL)) {
-	        D(("was unable to register the data item [%s]",
-	           pam_strerror(pamh, status)));
-		free(buffer);
-		return NULL;
-	    }
-
-	    if (pamh != NULL) {
-	        for (i = 0; i < INT_MAX; i++) {
-	            sprintf(data_name, "_pammodutil_getgrnam_%s_%d", group, i);
-	            _pammodutil_lock();
-		    status = PAM_NO_MODULE_DATA;
-	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
-		        status = pam_set_data(pamh, data_name,
-					      result, _pammodutil_cleanup);
-		    }
-	            _pammodutil_unlock();
-		    if (status == PAM_SUCCESS) {
-		        break;
-		    }
-		}
-	    } else {
-	        status = PAM_SUCCESS;
-	    }
-
-	    free(data_name);
-
-	    if (status == PAM_SUCCESS) {
-		D(("success"));
-		return result;
-	    }
-
-	    D(("was unable to register the data item [%s]",
-	       pam_strerror(pamh, status)));
-
-	    free(buffer);
-	    return NULL;
-
-	} else if (errno != ERANGE && errno != EINTR) {
-                /* no sense in repeating the call */
-                break;
-        }
-	
-	length <<= 2;
-
-    } while (length < PWD_ABSURD_PWD_LENGTH);
-
-    D(("grp structure took %u bytes or so of memory",
-       length+sizeof(struct group)));
-
-    free(buffer);
-    return NULL;
-
-#else /* ie. ifndef HAVE_GETGRNAM_R */
-
-    /*
-     * Sorry, there does not appear to be a reentrant version of
-     * getgrnam(). So, we use the standard libc function.
-     */
-    
-    return getgrnam(group);
-
-#endif /* def HAVE_GETGRNAM_R */
-}
diff --git a/modules/pammodutil/modutil_getlogin.c b/modules/pammodutil/modutil_getlogin.c
deleted file mode 100644
index fa67402d..00000000
--- a/modules/pammodutil/modutil_getlogin.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * $Id$
- *
- * A central point for invoking getlogin(). Hopefully, this is a
- * little harder to spoof than all the other versions that are out
- * there.
- */
-
-#include "pammodutil.h"
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <utmp.h>
-
-#define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin"
-
-const char *_pammodutil_getlogin(pam_handle_t *pamh)
-{
-    int status;
-    const void *logname;
-    const void *void_curr_tty;
-    const char *curr_tty;
-    char *curr_user;
-    struct utmp *ut, line;
-
-    status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname);
-    if (status == PAM_SUCCESS) {
-	return logname;
-    }
-
-    status = pam_get_item(pamh, PAM_TTY, &void_curr_tty);
-    if ((status != PAM_SUCCESS) || (void_curr_tty == NULL))
-      curr_tty = ttyname(0);
-    else
-      curr_tty = (const char*)void_curr_tty;
-
-    if ((curr_tty == NULL) || memcmp(curr_tty, "/dev/", 5)) {
-	return NULL;
-    }
-
-    curr_tty += 5;  /* strlen("/dev/") */
-    logname = NULL;
-
-    setutent();
-    strncpy(line.ut_line, curr_tty, sizeof(line.ut_line));
-
-    if ((ut = getutline(&line)) == NULL) {
-	goto clean_up_and_go_home;
-    }
-
-    curr_user = calloc(sizeof(line.ut_user)+1, 1);
-    if (curr_user == NULL) {
-	goto clean_up_and_go_home;
-    }
-
-    strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user));
-    /* calloc already zeroed the memory */
-
-    status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, curr_user,
-			  _pammodutil_cleanup);
-    if (status != PAM_SUCCESS) {
-	free(curr_user);
-	goto clean_up_and_go_home;
-    }
-
-    logname = curr_user;
-
-clean_up_and_go_home:
-
-    endutent();
-
-    return logname;
-}
diff --git a/modules/pammodutil/modutil_getpwnam.c b/modules/pammodutil/modutil_getpwnam.c
deleted file mode 100644
index e0dfdca3..00000000
--- a/modules/pammodutil/modutil_getpwnam.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * $Id$
- *
- * This function provides a thread safer version of getpwnam() for use
- * with PAM modules that care about this sort of thing.
- *
- * XXX - or at least it should provide a thread-safe alternative.
- */
-
-#include "pammodutil.h"
-
-#include <errno.h>
-#include <limits.h>
-#include <pthread.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
-static void _pammodutil_lock(void)
-{
-	pthread_mutex_lock(&_pammodutil_mutex);
-}
-static void _pammodutil_unlock(void)
-{
-	pthread_mutex_unlock(&_pammodutil_mutex);
-}
-
-static int intlen(int number)
-{ 
-    int len = 2;
-    while (number != 0) {
-        number /= 10;
-	len++;
-    }
-    return len;
-}
-
-struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, const char *user)
-{
-#ifdef HAVE_GETPWNAM_R
-
-    void *buffer=NULL;
-    size_t length = PWD_INITIAL_LENGTH;
-
-    do {
-	int status;
-	void *new_buffer;
-	struct passwd *result = NULL;
-
-	new_buffer = realloc(buffer, sizeof(struct passwd) + length);
-	if (new_buffer == NULL) {
-
-	    D(("out of memory"));
-
-	    /* no memory for the user - so delete the memory */
-	    if (buffer) {
-		free(buffer);
-	    }
-	    return NULL;
-	}
-	buffer = new_buffer;
-
-	/* make the re-entrant call to get the pwd structure */
-	errno = 0;
-	status = getpwnam_r(user, buffer,
-			    sizeof(struct passwd) + (char *) buffer,
-			    length, &result);
-	if (!status && (result == buffer)) {
-	    char *data_name;
-	    const void *ignore;
-	    int i;
-
-	    data_name = malloc(strlen("_pammodutil_getpwnam") + 1 +
-	    		       strlen(user) + 1 + intlen(INT_MAX) + 1);
-	    if ((pamh != NULL) && (data_name == NULL)) {
-	        D(("was unable to register the data item [%s]",
-	           pam_strerror(pamh, status)));
-		free(buffer);
-		return NULL;
-	    }
-
-	    if (pamh != NULL) {
-	        for (i = 0; i < INT_MAX; i++) {
-	            sprintf(data_name, "_pammodutil_getpwnam_%s_%d", user, i);
-	            _pammodutil_lock();
-		    status = PAM_NO_MODULE_DATA;
-	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
-		        status = pam_set_data(pamh, data_name,
-					      result, _pammodutil_cleanup);
-		    }
-	            _pammodutil_unlock();
-		    if (status == PAM_SUCCESS) {
-		        break;
-		    }
-		}
-	    } else {
-	        status = PAM_SUCCESS;
-	    }
-
-	    free(data_name);
-
-	    if (status == PAM_SUCCESS) {
-		D(("success"));
-		return result;
-	    }
-
-	    D(("was unable to register the data item [%s]",
-	       pam_strerror(pamh, status)));
-
-	    free(buffer);
-	    return NULL;
-
-	} else if (errno != ERANGE && errno != EINTR) {
-                /* no sense in repeating the call */
-                break;
-        }
-	
-	length <<= 2;
-
-    } while (length < PWD_ABSURD_PWD_LENGTH);
-
-    D(("pwd structure took %u bytes or so of memory",
-       length+sizeof(struct passwd)));
-
-    free(buffer);
-    return NULL;
-
-#else /* ie. ifndef HAVE_GETPWNAM_R */
-
-    /*
-     * Sorry, there does not appear to be a reentrant version of
-     * getpwnam(). So, we use the standard libc function.
-     */
-    
-    return getpwnam(user);
-
-#endif /* def HAVE_GETPWNAM_R */
-}
diff --git a/modules/pammodutil/modutil_getpwuid.c b/modules/pammodutil/modutil_getpwuid.c
deleted file mode 100644
index aadd817b..00000000
--- a/modules/pammodutil/modutil_getpwuid.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * $Id$
- *
- * This function provides a thread safer version of getpwuid() for use
- * with PAM modules that care about this sort of thing.
- *
- * XXX - or at least it should provide a thread-safe alternative.
- */
-
-#include "pammodutil.h"
-
-#include <errno.h>
-#include <limits.h>
-#include <pthread.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
-static void _pammodutil_lock(void)
-{
-	pthread_mutex_lock(&_pammodutil_mutex);
-}
-static void _pammodutil_unlock(void)
-{
-	pthread_mutex_unlock(&_pammodutil_mutex);
-}
-
-static int intlen(int number)
-{ 
-    int len = 2;
-    while (number != 0) {
-        number /= 10;
-	len++;
-    }
-    return len;
-}
-
-static int longlen(long number)
-{ 
-    int len = 2;
-    while (number != 0) {
-        number /= 10;
-	len++;
-    }
-    return len;
-}
-
-struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, uid_t uid)
-{
-#ifdef HAVE_GETPWUID_R
-
-    void *buffer=NULL;
-    size_t length = PWD_INITIAL_LENGTH;
-
-    do {
-	int status;
-	void *new_buffer;
-	struct passwd *result = NULL;
-
-	new_buffer = realloc(buffer, sizeof(struct passwd) + length);
-	if (new_buffer == NULL) {
-
-	    D(("out of memory"));
-
-	    /* no memory for the user - so delete the memory */
-	    if (buffer) {
-		free(buffer);
-	    }
-	    return NULL;
-	}
-	buffer = new_buffer;
-
-	/* make the re-entrant call to get the pwd structure */
-        errno = 0;
-	status = getpwuid_r(uid, buffer,
-			    sizeof(struct passwd) + (char *) buffer,
-			    length, &result);
-	if (!status && (result == buffer)) {
-	    char *data_name;
-	    const void *ignore;
-	    int i;
-
-	    data_name = malloc(strlen("_pammodutil_getpwuid") + 1 +
-	    		       longlen((long) uid) + 1 + intlen(INT_MAX) + 1);
-	    if ((pamh != NULL) && (data_name == NULL)) {
-	        D(("was unable to register the data item [%s]",
-	           pam_strerror(pamh, status)));
-		free(buffer);
-		return NULL;
-	    }
-
-	    if (pamh != NULL) {
-	        for (i = 0; i < INT_MAX; i++) {
-	            sprintf(data_name, "_pammodutil_getpwuid_%ld_%d",
-		   	    (long) uid, i);
-	            _pammodutil_lock();
-		    status = PAM_NO_MODULE_DATA;
-	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
-		        status = pam_set_data(pamh, data_name,
-					      result, _pammodutil_cleanup);
-		    }
-	            _pammodutil_unlock();
-		    if (status == PAM_SUCCESS) {
-		        break;
-		    }
-		}
-	    } else {
-	        status = PAM_SUCCESS;
-	    }
-
-	    free(data_name);
-
-	    if (status == PAM_SUCCESS) {
-		D(("success"));
-		return result;
-	    }
-
-	    D(("was unable to register the data item [%s]",
-	       pam_strerror(pamh, status)));
-
-	    free(buffer);
-	    return NULL;
-
-	} else if (errno != ERANGE && errno != EINTR) {
-                /* no sense in repeating the call */
-                break;
-        }
-	
-	length <<= 2;
-
-    } while (length < PWD_ABSURD_PWD_LENGTH);
-
-    D(("pwd structure took %u bytes or so of memory",
-       length+sizeof(struct passwd)));
-
-    free(buffer);
-    return NULL;
-
-#else /* ie. ifndef HAVE_GETPWUID_R */
-
-    /*
-     * Sorry, there does not appear to be a reentrant version of
-     * getpwuid(). So, we use the standard libc function.
-     */
-    
-    return getpwuid(uid);
-
-#endif /* def HAVE_GETPWUID_R */
-}
diff --git a/modules/pammodutil/modutil_getspnam.c b/modules/pammodutil/modutil_getspnam.c
deleted file mode 100644
index e069d009..00000000
--- a/modules/pammodutil/modutil_getspnam.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * $Id$
- *
- * This function provides a thread safer version of getspnam() for use
- * with PAM modules that care about this sort of thing.
- *
- * XXX - or at least it should provide a thread-safe alternative.
- */
-
-#include "pammodutil.h"
-
-#include <errno.h>
-#include <limits.h>
-#include <pthread.h>
-#include <shadow.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER;
-static void _pammodutil_lock(void)
-{
-	pthread_mutex_lock(&_pammodutil_mutex);
-}
-static void _pammodutil_unlock(void)
-{
-	pthread_mutex_unlock(&_pammodutil_mutex);
-}
-
-static int intlen(int number)
-{ 
-    int len = 2;
-    while (number != 0) {
-        number /= 10;
-	len++;
-    }
-    return len;
-}
-
-struct spwd *_pammodutil_getspnam(pam_handle_t *pamh, const char *user)
-{
-#ifdef HAVE_GETSPNAM_R
-
-    void *buffer=NULL;
-    size_t length = PWD_INITIAL_LENGTH;
-
-    do {
-	int status;
-	void *new_buffer;
-	struct spwd *result = NULL;
-
-	new_buffer = realloc(buffer, sizeof(struct spwd) + length);
-	if (new_buffer == NULL) {
-
-	    D(("out of memory"));
-
-	    /* no memory for the user - so delete the memory */
-	    if (buffer) {
-		free(buffer);
-	    }
-	    return NULL;
-	}
-	buffer = new_buffer;
-
-	/* make the re-entrant call to get the spwd structure */
-        errno = 0;
-	status = getspnam_r(user, buffer,
-			    sizeof(struct spwd) + (char *) buffer,
-			    length, &result);
-	if (!status && (result == buffer)) {
-	    char *data_name;
-	    const void *ignore;
-	    int i;
-
-	    data_name = malloc(strlen("_pammodutil_getspnam") + 1 +
-	    		       strlen(user) + 1 + intlen(INT_MAX) + 1);
-	    if ((pamh != NULL) && (data_name == NULL)) {
-	        D(("was unable to register the data item [%s]",
-	           pam_strerror(pamh, status)));
-		free(buffer);
-		return NULL;
-	    }
-
-	    if (pamh != NULL) {
-	        for (i = 0; i < INT_MAX; i++) {
-	            sprintf(data_name, "_pammodutil_getspnam_%s_%d", user, i);
-	            _pammodutil_lock();
-		    status = PAM_NO_MODULE_DATA;
-	            if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) {
-		        status = pam_set_data(pamh, data_name,
-					      result, _pammodutil_cleanup);
-		    }
-	            _pammodutil_unlock();
-		    if (status == PAM_SUCCESS) {
-		        break;
-		    }
-		}
-	    } else {
-	        status = PAM_SUCCESS;
-	    }
-
-	    free(data_name);
-
-	    if (status == PAM_SUCCESS) {
-		D(("success"));
-		return result;
-	    }
-
-	    D(("was unable to register the data item [%s]",
-	       pam_strerror(pamh, status)));
-
-	    free(buffer);
-	    return NULL;
-
-	} else if (errno != ERANGE && errno != EINTR) {
-                /* no sense in repeating the call */
-                break;
-        }
-	
-	length <<= 2;
-
-    } while (length < PWD_ABSURD_PWD_LENGTH);
-
-    D(("spwd structure took %u bytes or so of memory",
-       length+sizeof(struct spwd)));
-
-    free(buffer);
-    return NULL;
-
-#else /* ie. ifndef HAVE_GETSPNAM_R */
-
-    /*
-     * Sorry, there does not appear to be a reentrant version of
-     * getspnam(). So, we use the standard libc function.
-     */
-    
-    return getspnam(user);
-
-#endif /* def HAVE_GETSPNAM_R */
-}
diff --git a/modules/pammodutil/modutil_ingroup.c b/modules/pammodutil/modutil_ingroup.c
deleted file mode 100644
index cb04d866..00000000
--- a/modules/pammodutil/modutil_ingroup.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * $Id$
- *
- * This function provides common methods for checking if a user is in a
- * specified group.
- */
-
-#include "pammodutil.h"
-#include "include/security/_pam_modutil.h"
-#include <pwd.h>
-#include <grp.h>
-
-#ifdef HAVE_GETGROUPLIST
-static int checkgrouplist(const char *user, gid_t primary, gid_t target)
-{
-	gid_t *grouplist = NULL;
-	int agroups, ngroups, i;
-	ngroups = agroups = 3;
-	do {
-		grouplist = malloc(sizeof(gid_t) * agroups);
-		if (grouplist == NULL) {
-			return 0;
-		}
-		ngroups = agroups;
-		i = getgrouplist(user, primary, grouplist, &ngroups);
-		if ((i < 0) || (ngroups < 1)) {
-			agroups *= 2;
-			free(grouplist);
-		} else {
-			for (i = 0; i < ngroups; i++) {
-				if (grouplist[i] == target) {
-					free(grouplist);
-					return 1;
-				}
-			}
-			free(grouplist);
-		}
-	} while (((i < 0) || (ngroups < 1)) && (agroups < 10000));
-	return 0;
-}
-#endif
-
-static int
-_pammodutil_user_in_group_common(pam_handle_t *pamh UNUSED,
-				 struct passwd *pwd,
-				 struct group *grp)
-{
-	int i;
-
-	if (pwd == NULL) {
-		return 0;
-	}
-	if (grp == NULL) {
-		return 0;
-	}
-
-	if (pwd->pw_gid == grp->gr_gid) {
-		return 1;
-	}
-
-	for (i = 0; (grp->gr_mem != NULL) && (grp->gr_mem[i] != NULL); i++) {
-		if (strcmp(pwd->pw_name, grp->gr_mem[i]) == 0) {
-			return 1;
-		}
-	}
-
-#ifdef HAVE_GETGROUPLIST
-	if (checkgrouplist(pwd->pw_name, pwd->pw_gid, grp->gr_gid)) {
-		return 1;
-	}
-#endif
-
-	return 0;
-}
-
-int _pammodutil_user_in_group_nam_nam(pam_handle_t *pamh,
-				      const char *user, const char *group)
-{
-	struct passwd *pwd;
-	struct group *grp;
-
-	pwd = _pammodutil_getpwnam(pamh, user);
-	grp = _pammodutil_getgrnam(pamh, group);
-
-	return _pammodutil_user_in_group_common(pamh, pwd, grp);
-}
-
-int _pammodutil_user_in_group_nam_gid(pam_handle_t *pamh,
-				      const char *user, gid_t group)
-{
-	struct passwd *pwd;
-	struct group *grp;
-
-	pwd = _pammodutil_getpwnam(pamh, user);
-	grp = _pammodutil_getgrgid(pamh, group);
-
-	return _pammodutil_user_in_group_common(pamh, pwd, grp);
-}
-
-int _pammodutil_user_in_group_uid_nam(pam_handle_t *pamh,
-				      uid_t user, const char *group)
-{
-	struct passwd *pwd;
-	struct group *grp;
-
-	pwd = _pammodutil_getpwuid(pamh, user);
-	grp = _pammodutil_getgrnam(pamh, group);
-
-	return _pammodutil_user_in_group_common(pamh, pwd, grp);
-}
-
-int _pammodutil_user_in_group_uid_gid(pam_handle_t *pamh,
-				      uid_t user, gid_t group)
-{
-	struct passwd *pwd;
-	struct group *grp;
-
-	pwd = _pammodutil_getpwuid(pamh, user);
-	grp = _pammodutil_getgrgid(pamh, group);
-
-	return _pammodutil_user_in_group_common(pamh, pwd, grp);
-}
diff --git a/modules/pammodutil/modutil_ioloop.c b/modules/pammodutil/modutil_ioloop.c
deleted file mode 100644
index a852a7b8..00000000
--- a/modules/pammodutil/modutil_ioloop.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * $Id$
- *
- * These functions provides common methods for ensure a complete read or
- * write occurs. It handles EINTR and partial read/write returns.
- */
-
-#include <unistd.h>
-#include <errno.h>
-
-#include <security/pam_modules.h>
-#include "include/security/_pam_modutil.h"
-
-int _pammodutil_read(int fd, char *buffer, int count)
-{
-       int block, offset = 0;
-
-       while (count > 0) {
-               block = read(fd, &buffer[offset], count);
-
-               if (block < 0) {
-                       if (errno == EINTR) continue;
-                       return block;
-               }
-               if (block == 0) return offset;
-
-               offset += block;
-               count -= block;
-       }
-
-       return offset;
-}
-
-int _pammodutil_write(int fd, const char *buffer, int count)
-{
-       int block, offset = 0;
-
-       while (count > 0) {
-               block = write(fd, &buffer[offset], count);
-
-               if (block < 0) {
-                       if (errno == EINTR) continue;
-                       return block;
-               }
-               if (block == 0) return offset;
-
-               offset += block;
-               count -= block;
-       }
-
-       return offset;
-}
diff --git a/modules/pammodutil/pammodutil.h b/modules/pammodutil/pammodutil.h
deleted file mode 100644
index d60d588a..00000000
--- a/modules/pammodutil/pammodutil.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef PAMMODUTIL_H
-#define PAMMODUTIL_H
-
-/*
- * $Id$
- *
- * Copyright (c) 2001 Andrew Morgan <morgan@kernel.org>
- */
-
-#include "config.h"
-
-#include <security/_pam_macros.h>
-#include <security/pam_modules.h>
-#include <security/_pam_modutil.h>
-
-#define PWD_INITIAL_LENGTH     0x100
-#define PWD_ABSURD_PWD_LENGTH  0x8000
-
-/* This is a simple cleanup, it just free()s the 'data' memory */
-extern void _pammodutil_cleanup(pam_handle_t *pamh, void *data,
-				int error_status);
-
-#endif /* PAMMODUTIL_H */
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 8015767c..9d3b07b8 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -27,15 +27,6 @@
 ./modules/pam_selinux/pam_selinux_check.c
 ./modules/pam_selinux/pam_selinux.c
 ./modules/pam_permit/pam_permit.c
-./modules/pammodutil/modutil_getlogin.c
-./modules/pammodutil/modutil_cleanup.c
-./modules/pammodutil/modutil_getspnam.c
-./modules/pammodutil/modutil_ingroup.c
-./modules/pammodutil/modutil_getgrgid.c
-./modules/pammodutil/modutil_getgrnam.c
-./modules/pammodutil/modutil_getpwnam.c
-./modules/pammodutil/modutil_getpwuid.c
-./modules/pammodutil/modutil_ioloop.c
 ./modules/pam_deny/pam_deny.c
 ./modules/pam_rhosts/pam_rhosts_auth.c
 ./modules/pam_mail/pam_mail.c
@@ -91,6 +82,15 @@
 ./libpam/pam_malloc.c
 ./libpam/pam_syslog.c
 ./libpam/pam_vprompt.c
+./libpam/pam_modutil_getlogin.c
+./libpam/pam_modutil_cleanup.c
+./libpam/pam_modutil_getspnam.c
+./libpam/pam_modutil_ingroup.c
+./libpam/pam_modutil_getgrgid.c
+./libpam/pam_modutil_getgrnam.c
+./libpam/pam_modutil_getpwnam.c
+./libpam/pam_modutil_getpwuid.c
+./libpam/pam_modutil_ioloop.c
 ./examples/xsh.c
 ./examples/check_user.c
 ./examples/vpass.c
-- 
cgit v1.2.3