d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of OpenPAM Cantaloupe

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2002-02-23 01:24:02 +00:00
parent ac676a1116
commit 46acc37026
94 changed files with 3860 additions and 284 deletions
contrib/openpam
HISTORYMANIFESTRELNOTES
doc/man
Makefileopenpam_get_option.3openpam_log.3openpam_set_option.3openpam_ttyconv.3pam.3pam_acct_mgmt.3pam_authenticate.3pam_chauthtok.3pam_close_session.3pam_end.3pam_error.3pam_get_authtok.3pam_get_data.3pam_get_item.3pam_get_user.3pam_getenv.3pam_getenvlist.3pam_info.3pam_open_session.3pam_prompt.3pam_putenv.3pam_set_data.3pam_set_item.3pam_setcred.3pam_setenv.3pam_sm_acct_mgmt.3pam_sm_authenticate.3pam_sm_chauthtok.3pam_sm_close_session.3pam_sm_open_session.3pam_sm_setcred.3pam_start.3pam_strerror.3pam_verror.3pam_vinfo.3pam_vprompt.3
include/security
openpam.hpam_constants.h
lib
Makefileopenpam_dispatch.copenpam_findenv.copenpam_get_option.copenpam_impl.hopenpam_load.copenpam_log.copenpam_set_option.copenpam_static.copenpam_ttyconv.cpam_acct_mgmt.cpam_authenticate.cpam_authenticate_secondary.cpam_chauthtok.cpam_close_session.cpam_end.cpam_error.cpam_get_authtok.cpam_get_data.cpam_get_item.cpam_get_mapped_authtok.cpam_get_mapped_username.cpam_get_user.cpam_getenv.cpam_getenvlist.cpam_info.cpam_open_session.cpam_prompt.cpam_putenv.cpam_set_data.cpam_set_item.cpam_set_mapped_authtok.cpam_set_mapped_username.cpam_setcred.cpam_setenv.cpam_sm_acct_mgmt.cpam_sm_authenticate.cpam_sm_authenticate_secondary.cpam_sm_chauthtok.cpam_sm_close_session.cpam_sm_get_mapped_authtok.cpam_sm_get_mapped_username.cpam_sm_open_session.cpam_sm_set_mapped_authtok.cpam_sm_set_mapped_username.cpam_sm_setcred.cpam_start.cpam_strerror.cpam_verror.cpam_vinfo.cpam_vprompt.c
misc
gendoc.pl

30
contrib/openpam/HISTORY

@ -1,4 +1,34 @@
============================================================================
OpenPAM Cantaloupe 2002-02-22
- BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid
argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures.
- ENHANCE: Add in-line documentation in most source files, and a Perl
script that generates mdoc code from that.
- BUGFIX: The environment list was not properly NULL-terminated.
- ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt
specified by the module.
- BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to
pam_constants.h to avoid it going stale again.
- ENHANCE: Move all code related to static modules into a separate
file.
- ENHANCE: openpam_ttyconv() now masks most signals while prompting the
user, and supports setting a timeout (which defaults to off).
- BUGFIX: Some manual pages referenced XSSO even though they
documented OpenPAM-specific functions.
- ENHANCE: Added openpam_get_option() and openpam_set_option().
- ENHANCE: openpam_get_authtok() now respects the echo_pass,
try_first_pass, and use_first_pass options.
============================================================================
OpenPAM Caliopsis 2002-02-13
Fixed a number of bugs in the previous release, including:

25
contrib/openpam/MANIFEST

@ -10,6 +10,10 @@ bin/su/Makefile
bin/su/su.c
doc/Makefile
doc/man/Makefile
doc/man/openpam_get_option.3
doc/man/openpam_log.3
doc/man/openpam_set_option.3
doc/man/openpam_ttyconv.3
doc/man/pam.3
doc/man/pam_acct_mgmt.3
doc/man/pam_authenticate.3
@ -31,6 +35,12 @@ doc/man/pam_set_data.3
doc/man/pam_set_item.3
doc/man/pam_setcred.3
doc/man/pam_setenv.3
doc/man/pam_sm_acct_mgmt.3
doc/man/pam_sm_authenticate.3
doc/man/pam_sm_chauthtok.3
doc/man/pam_sm_close_session.3
doc/man/pam_sm_open_session.3
doc/man/pam_sm_setcred.3
doc/man/pam_start.3
doc/man/pam_strerror.3
doc/man/pam_verror.3
@ -44,9 +54,12 @@ include/security/pam_types.h
lib/Makefile
lib/openpam_dispatch.c
lib/openpam_findenv.c
lib/openpam_get_option.c
lib/openpam_impl.h
lib/openpam_load.c
lib/openpam_log.c
lib/openpam_set_option.c
lib/openpam_static.c
lib/openpam_ttyconv.c
lib/pam_acct_mgmt.c
lib/pam_authenticate.c
@ -73,11 +86,23 @@ lib/pam_set_mapped_authtok.c
lib/pam_set_mapped_username.c
lib/pam_setcred.c
lib/pam_setenv.c
lib/pam_sm_acct_mgmt.c
lib/pam_sm_authenticate.c
lib/pam_sm_authenticate_secondary.c
lib/pam_sm_chauthtok.c
lib/pam_sm_close_session.c
lib/pam_sm_get_mapped_authtok.c
lib/pam_sm_get_mapped_username.c
lib/pam_sm_open_session.c
lib/pam_sm_set_mapped_authtok.c
lib/pam_sm_set_mapped_username.c
lib/pam_sm_setcred.c
lib/pam_start.c
lib/pam_strerror.c
lib/pam_verror.c
lib/pam_vinfo.c
lib/pam_vprompt.c
misc/gendoc.pl
modules/Makefile
modules/pam_deny/Makefile
modules/pam_deny/pam_deny.c

19
contrib/openpam/RELNOTES

@ -1,12 +1,12 @@
Release notes for OpenPAM Caliopsis
===================================
Release notes for OpenPAM Cantaloupe
====================================
This is a beta release.
The library itself is mostly complete. Documentation exists in the
form of skeletal man pages for the library itself, but no detailed
documentation is provided in this release.
form of man pages for the library functions, though some pages are
still incomplete.
This release is primarily intended for reviewers and developers
interested in testing OpenPAM on FreeBSD. It has not been tested on
@ -15,14 +15,9 @@ NetBSD and OpenBSD.
Known issues:
- The pam_get_user() and pam_get_authtok() functions do not check
for commonly used options such as {use,try}_first_pass or
auth_as_self. In fact, pam_get_authtok() behaves as if
try_first_pass was always specified.
- The documentation is still incomplete.
- The provided conversation function, openpam_ttyconv(), should
block signals, and support some sort of timeout.
- The documentation is far from complete.
Oh, and the previous release's code name was misspelled - egg on my
face! It should have been "Calliopsis".
$Id$

13
contrib/openpam/doc/man/Makefile

@ -35,6 +35,10 @@
#
MAN =
MAN += openpam_get_option.3
MAN += openpam_log.3
MAN += openpam_set_option.3
MAN += openpam_ttyconv.3
MAN += pam.3
MAN += pam_acct_mgmt.3
MAN += pam_authenticate.3
@ -56,10 +60,19 @@ MAN += pam_set_data.3
MAN += pam_set_item.3
MAN += pam_setcred.3
MAN += pam_setenv.3
MAN += pam_sm_acct_mgmt.3
MAN += pam_sm_authenticate.3
MAN += pam_sm_chauthtok.3
MAN += pam_sm_close_session.3
MAN += pam_sm_open_session.3
MAN += pam_sm_setcred.3
MAN += pam_start.3
MAN += pam_strerror.3
MAN += pam_verror.3
MAN += pam_vinfo.3
MAN += pam_vprompt.3
generate:
(cd ${.CURDIR} && perl -w ../../misc/gendoc.pl ../../lib/*.c >pam.3)
.include <bsd.prog.mk>

74
contrib/openpam/doc/man/openpam_get_option.3 Normal file

@ -0,0 +1,74 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt OPENPAM_GET_OPTION 3
.Os
.Sh NAME
.Nm openpam_get_option
.Nd returns the value of a module option
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.Ft const char *
.Fn openpam_get_option "pam_handle_t *pamh" "const char *option"
.Sh DESCRIPTION
The
.Nm
function returns the value of the specified
option in the context of the currently executing service module, or
.Dv NULL
if the option is not set or no module is currently executing.
.Sh RETURN VALUES
The
.Nm
function returns
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr pam 3
.Sh STANDARDS
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

63
contrib/openpam/doc/man/openpam_log.3 Normal file

@ -0,0 +1,63 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt OPENPAM_LOG 3
.Os
.Sh NAME
.Nm openpam_log
.Nd it). Do the next best thing
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.Ft void
.Fn openpam_log "int level" "const char *fmt" "..."
.Sh DESCRIPTION
No description available.
.Sh SEE ALSO
.Xr pam 3
.Sh STANDARDS
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

77
contrib/openpam/doc/man/openpam_set_option.3 Normal file

@ -0,0 +1,77 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt OPENPAM_SET_OPTION 3
.Os
.Sh NAME
.Nm openpam_set_option
.Nd sets the value of a module option
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.Ft int
.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value"
.Sh DESCRIPTION
The
.Nm
function sets the specified option in the
context of the currently executing service module.
.Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

76
contrib/openpam/doc/man/openpam_ttyconv.3 Normal file

@ -0,0 +1,76 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt OPENPAM_TTYCONV 3
.Os
.Sh NAME
.Nm openpam_ttyconv
.Nd simple tty-based conversation function
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.Ft int
.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
.Sh DESCRIPTION
No description available.
.Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

69
contrib/openpam/doc/man/pam.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM 3
.Os
.Sh NAME
@ -82,7 +82,7 @@
.Ft int
.Fn pam_get_authtok "pam_handle_t *pamh" "const char **authtok" "const char *prompt"
.Ft int
.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "void **data"
.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "const void **data"
.Ft int
.Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item"
.Ft int
@ -119,6 +119,71 @@
.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap"
.Sh DESCRIPTION
.Sh RETURN VALUES
The following return codes are defined in the
.In security/pam_constants.h
header:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_ACCT_EXPIRED
User accound has expired.
.It Bq Er PAM_AUTHINFO_UNAVAIL
Authentication information is unavailable.
.It Bq Er PAM_AUTHTOK_DISABLE_AGING
Authentication token aging disabled.
.It Bq Er PAM_AUTHTOK_ERR
Authentication token failure.
.It Bq Er PAM_AUTHTOK_EXPIRED
Password has expired.
.It Bq Er PAM_AUTHTOK_LOCK_BUSY
Authentication token lock busy.
.It Bq Er PAM_AUTHTOK_RECOVERY_ERR
Failed to recover old authentication token.
.It Bq Er PAM_AUTH_ERR
Authentication error.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_CRED_ERR
Failed to set user credentials.
.It Bq Er PAM_CRED_EXPIRED
User credentials have expired.
.It Bq Er PAM_CRED_INSUFFICIENT
Insufficient credentials.
.It Bq Er PAM_CRED_UNAVAIL
Failed to retrieve user credentials.
.It Bq Er PAM_DOMAIN_UNKNOWN
Unknown authentication domain.
.It Bq Er PAM_IGNORE
Ignore this module.
.It Bq Er PAM_MAXTRIES
Maximum number of tries exceeded.
.It Bq Er PAM_MODULE_UNKNOWN
Unknown module type.
.It Bq Er PAM_NEW_AUTHTOK_REQD
New authentication token required.
.It Bq Er PAM_NO_MODULE_DATA
Module data not found.
.It Bq Er PAM_OPEN_ERR
Failed to load module.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SESSION_ERR
Session failure.
.It Bq Er PAM_SUCCESS
Success.
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_TRY_AGAIN
Try again.
.It Bq Er PAM_USER_UNKNOWN
Unknown user.
.El
.Sh SEE ALSO
.Xr pam_acct_mgmt 3 ,
.Xr pam_authenticate 3 ,

34
contrib/openpam/doc/man/pam_acct_mgmt.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_ACCT_MGMT 3
.Os
.Sh NAME
@ -46,18 +46,36 @@
.Ft int
.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
No description available.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_ACCT_EXPIRED
User accound has expired.
.It Bq Er PAM_AUTH_ERR
Authentication error.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_NEW_AUTHTOK_REQD
New authentication token required.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_USER_UNKNOWN
Unknown user.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

36
contrib/openpam/doc/man/pam_authenticate.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_AUTHENTICATE 3
.Os
.Sh NAME
@ -46,18 +46,38 @@
.Ft int
.Fn pam_authenticate "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
No description available.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_AUTHINFO_UNAVAIL
Authentication information is unavailable.
.It Bq Er PAM_AUTH_ERR
Authentication error.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_CRED_INSUFFICIENT
Insufficient credentials.
.It Bq Er PAM_MAXTRIES
Maximum number of tries exceeded.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_USER_UNKNOWN
Unknown user.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

34
contrib/openpam/doc/man/pam_chauthtok.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_CHAUTHTOK 3
.Os
.Sh NAME
@ -46,18 +46,36 @@
.Ft int
.Fn pam_chauthtok "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
No description available.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_AUTHTOK_DISABLE_AGING
Authentication token aging disabled.
.It Bq Er PAM_AUTHTOK_ERR
Authentication token failure.
.It Bq Er PAM_AUTHTOK_LOCK_BUSY
Authentication token lock busy.
.It Bq Er PAM_AUTHTOK_RECOVERY_ERR
Failed to recover old authentication token.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

28
contrib/openpam/doc/man/pam_close_session.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_CLOSE_SESSION 3
.Os
.Sh NAME
@ -46,18 +46,30 @@
.Ft int
.Fn pam_close_session "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
No description available.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SESSION_ERR
Session failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

22
contrib/openpam/doc/man/pam_end.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_END 3
.Os
.Sh NAME
@ -48,16 +48,26 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function terminates a PAM transaction and destroys the
corresponding PAM context, releasing all resources allocated to it.
.Pp
The
.Va status
argument should be set to the error code returned by the
last API call before the call to
.Nm
.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

30
contrib/openpam/doc/man/pam_error.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_ERROR 3
.Os
.Sh NAME
@ -47,22 +47,32 @@
.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..."
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
.Xr pam_info 3
function displays an error message through the
intermediary of the given PAM context's conversation function.
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_info 3 ,
.Xr pam_prompt 3 ,
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam_verror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm

27
contrib/openpam/doc/man/pam_get_authtok.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_GET_AUTHTOK 3
.Os
.Sh NAME
@ -46,23 +46,26 @@
.Ft int
.Fn pam_get_authtok "pam_handle_t *pamh" "const char **authtok" "const char *prompt"
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
No description available.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm

33
contrib/openpam/doc/man/pam_get_data.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_GET_DATA 3
.Os
.Sh NAME
@ -44,20 +44,39 @@
.Sh SYNOPSIS
.In security/pam_appl.h
.Ft int
.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "void **data"
.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "const void **data"
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function looks up the opaque object associated with
the string specified by the
.Va module_data_name
argument, in the PAM
context specified by the
.Va pamh
argument.
A pointer to the object is stored in the location pointed to by the
.Va data
argument.
.Pp
This function and its counterpart
.Xr pam_set_data 3
are useful for managing
data that are meaningful only to a particular service module.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_NO_MODULE_DATA
Module data not found.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_set_data 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

60
contrib/openpam/doc/man/pam_get_item.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_GET_ITEM 3
.Os
.Sh NAME
@ -48,16 +48,64 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function stores a pointer to the item specified by
the
.Va item_type
argument in the location specified by the
.Va item
argument.
The item is retrieved from the PAM context specified by the
.Va pamh
argument.
The following item types are recognized:
.Bl -tag -width 18n
.It Dv PAM_SERVICE
The name of the requesting service.
.It Dv PAM_USER
The name of the user the application is trying to
authenticate.
.It Dv PAM_TTY
The name of the current terminal.
.It Dv PAM_RHOST
The name of the applicant's host.
.It Dv PAM_CONV
A
.Vt struct pam_conv
describing the current conversation
function.
.It Dv PAM_AUTHTOK
The current authentication token.
.It Dv PAM_OLDAUTHTOK
The expired authentication token.
.It Dv PAM_RUSER
The name of the applicant.
.It Dv PAM_USER_PROMPT
The prompt to use when asking the applicant for a user
name to authenticate as.
.It Dv PAM_AUTHTOK_PROMPT
The prompt to use when asking the applicant for an
authentication token.
.El
See
.Xr pam_start 3
for a description of
.Vt struct pam_conv .
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_set_item 3 ,
.Xr pam_start 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

20
contrib/openpam/doc/man/pam_get_user.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_GET_USER 3
.Os
.Sh NAME
@ -46,18 +46,22 @@
.Ft int
.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt"
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
No description available.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

24
contrib/openpam/doc/man/pam_getenv.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_GETENV 3
.Os
.Sh NAME
@ -48,16 +48,24 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function returns the value of an environment variable.
Its semantics are similar to those of
.Xr getenv 3 ,
but it accesses the PAM
context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
.Fn
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.El
.Nm
function returns
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr getenv 3 ,
.Xr pam 3 ,
.Xr pam_getenvlist 3 ,
.Xr pam_putenv 3 ,
.Xr pam_setenv 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

45
contrib/openpam/doc/man/pam_getenvlist.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_GETENVLIST 3
.Os
.Sh NAME
@ -48,16 +48,45 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function returns a copy of the given PAM context's
environment list as a pointer to an array of strings.
The last element in the array is
.Dv NULL .
The pointer is suitable for assignment to
.Va environ .
.Pp
The array and the strings it lists are allocated using
.Xr malloc 3 ,
and
should be released using
.Xr free 3
after use:
.Pp
.Bd -literal
char **envlist, **env;
envlist = environ;
environ = pam_getenvlist(pamh);
/* do something nifty */
for (env = environ; *env != NULL; env++)
free(*env);
free(environ);
environ = envlist;
.Sh RETURN VALUES
The
.Fn
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.El
.Nm
function returns
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr environ 7 ,
.Xr free 3 ,
.Xr malloc 3 ,
.Xr pam 3 ,
.Xr pam_getenv 3 ,
.Xr pam_putenv 3 ,
.Xr pam_setenv 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

28
contrib/openpam/doc/man/pam_info.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_INFO 3
.Os
.Sh NAME
@ -48,21 +48,31 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function displays an informational message through the
intermediary of the given PAM context's conversation function.
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_error 3 ,
.Xr pam_prompt 3 ,
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam_vinfo 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm

28
contrib/openpam/doc/man/pam_open_session.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_OPEN_SESSION 3
.Os
.Sh NAME
@ -46,18 +46,30 @@
.Ft int
.Fn pam_open_session "pam_handle_t *pamh" "int flags"
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
No description available.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SESSION_ERR
Session failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

40
contrib/openpam/doc/man/pam_prompt.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_PROMPT 3
.Os
.Sh NAME
@ -48,21 +48,43 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function constructs a message from the specified format
string and arguments and passes it to the given PAM context's
conversation function.
.Pp
A pointer to the response, or
.Dv NULL
if the conversation function did
not return one, is stored in the location pointed to by the
.Va resp
argument.
.Pp
See
.Xr pam_vprompt 3
for further details.
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_error 3 ,
.Xr pam_info 3 ,
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam_vprompt 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm

23
contrib/openpam/doc/man/pam_putenv.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_PUTENV 3
.Os
.Sh NAME
@ -48,16 +48,29 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function sets a environment variable.
Its semantics are similar to those of
.Xr putenv 3 ,
but it modifies the PAM
context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_getenv 3 ,
.Xr pam_getenvlist 3 ,
.Xr pam_setenv 3 ,
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr putenv 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

36
contrib/openpam/doc/man/pam_set_data.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_SET_DATA 3
.Os
.Sh NAME
@ -48,16 +48,40 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function associates a pointer to an opaque object
with an arbitrary string specified by the
.Va module_data_name
argument,
in the PAM context specified by the
.Va pamh
argument.
.Pp
If not
.Dv NULL ,
the
.Xr cleanup 3
argument should point to a function
responsible for releasing the resources associated with the object.
.Pp
This function and its counterpart
.Xr pam_get_data 3
are useful for managing
data that are meaningful only to a particular service module.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr cleanup 3 ,
.Xr pam 3 ,
.Xr pam_get_data 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

29
contrib/openpam/doc/man/pam_set_item.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_SET_ITEM 3
.Os
.Sh NAME
@ -48,16 +48,33 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function sets the item specified by the
.Va item_type
argument to a copy of the object pointed to by the
.Va item
argument.
The item is stored in the PAM context specified by the
.Va pamh
argument.
See
.Xr pam_get_item 3
for a list of recognized item types.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_SYMBOL_ERR
Invalid symbol.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_get_item 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

44
contrib/openpam/doc/man/pam_setcred.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_SETCRED 3
.Os
.Sh NAME
@ -48,16 +48,48 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function manages the application's credentials.
The operation to perform is specified by the
.Va flags
argument:
.Bl -tag -width 18n
.It PAM_ESTABLISH_CRED
Establish the credentials of the target user.
.It PAM_DELETE_CRED
Revoke all established credentials.
.It PAM_REINITIALISE_CRED
Fully reinitialise credentials.
.It PAM_REFRESH_CRED
Refresh credentials.
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_CRED_ERR
Failed to set user credentials.
.It Bq Er PAM_CRED_EXPIRED
User credentials have expired.
.It Bq Er PAM_CRED_UNAVAIL
Failed to retrieve user credentials.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_USER_UNKNOWN
Unknown user.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

30
contrib/openpam/doc/man/pam_setenv.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_SETENV 3
.Os
.Sh NAME
@ -48,21 +48,33 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function sets a environment variable.
Its semantics are similar to those of
.Xr setenv 3 ,
but it modifies the PAM
context's environment list instead of the application's.
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_getenv 3 ,
.Xr pam_getenvlist 3 ,
.Xr pam_putenv 3 ,
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr setenv 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm

100
contrib/openpam/doc/man/pam_sm_acct_mgmt.3 Normal file

@ -0,0 +1,100 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt PAM_SM_ACCT_MGMT 3
.Os
.Sh NAME
.Nm pam_sm_acct_mgmt
.Nd service module implementation for pam_acct_mgmt
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.In security/pam_modules.h
.Ft int
.Fn pam_sm_acct_mgmt "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
function is the service module's implementation
of the
.Xr pam_acct_mgmt 3
API function.
.Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_ACCT_EXPIRED
User accound has expired.
.It Bq Er PAM_AUTH_ERR
Authentication error.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_IGNORE
Ignore this module.
.It Bq Er PAM_NEW_AUTHTOK_REQD
New authentication token required.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_USER_UNKNOWN
Unknown user.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_acct_mgmt 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

102
contrib/openpam/doc/man/pam_sm_authenticate.3 Normal file

@ -0,0 +1,102 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt PAM_SM_AUTHENTICATE 3
.Os
.Sh NAME
.Nm pam_sm_authenticate
.Nd service module implementation for pam_authenticate
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.In security/pam_modules.h
.Ft int
.Fn pam_sm_authenticate "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
function is the service module's
implementation of the
.Xr pam_authenticate 3
API function.
.Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_AUTHINFO_UNAVAIL
Authentication information is unavailable.
.It Bq Er PAM_AUTH_ERR
Authentication error.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_CRED_INSUFFICIENT
Insufficient credentials.
.It Bq Er PAM_IGNORE
Ignore this module.
.It Bq Er PAM_MAXTRIES
Maximum number of tries exceeded.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_USER_UNKNOWN
Unknown user.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_authenticate 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

100
contrib/openpam/doc/man/pam_sm_chauthtok.3 Normal file

@ -0,0 +1,100 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt PAM_SM_CHAUTHTOK 3
.Os
.Sh NAME
.Nm pam_sm_chauthtok
.Nd service module implementation for pam_chauthtok
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.In security/pam_modules.h
.Ft int
.Fn pam_sm_chauthtok "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
function is the service module's implementation
of the
.Xr pam_chauthtok 3
API function.
.Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_AUTHTOK_DISABLE_AGING
Authentication token aging disabled.
.It Bq Er PAM_AUTHTOK_ERR
Authentication token failure.
.It Bq Er PAM_AUTHTOK_LOCK_BUSY
Authentication token lock busy.
.It Bq Er PAM_AUTHTOK_RECOVERY_ERR
Failed to recover old authentication token.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_IGNORE
Ignore this module.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_chauthtok 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

94
contrib/openpam/doc/man/pam_sm_close_session.3 Normal file

@ -0,0 +1,94 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt PAM_SM_CLOSE_SESSION 3
.Os
.Sh NAME
.Nm pam_sm_close_session
.Nd service module implementation for pam_close_session
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.In security/pam_modules.h
.Ft int
.Fn pam_sm_close_session "pam_handle_t *pamh" "int flags" "int args" "const char **argv"
.Sh DESCRIPTION
The
.Nm
function is the service module's
implementation of the
.Xr pam_close_session 3
API function.
.Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_IGNORE
Ignore this module.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SESSION_ERR
Session failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_close_session 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

94
contrib/openpam/doc/man/pam_sm_open_session.3 Normal file

@ -0,0 +1,94 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt PAM_SM_OPEN_SESSION 3
.Os
.Sh NAME
.Nm pam_sm_open_session
.Nd service module implementation for pam_open_session
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.In security/pam_modules.h
.Ft int
.Fn pam_sm_open_session "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
function is the service module's
implementation of the
.Xr pam_open_session 3
API function.
.Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_IGNORE
Ignore this module.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SESSION_ERR
Session failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_open_session 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

100
contrib/openpam/doc/man/pam_sm_setcred.3 Normal file

@ -0,0 +1,100 @@
.\"-
.\" Copyright (c) 2002 Networks Associates Technologies, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
.\" DARPA CHATS research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id$
.\"
.Dd February 22, 2002
.Dt PAM_SM_SETCRED 3
.Os
.Sh NAME
.Nm pam_sm_setcred
.Nd service module implementation for pam_setcred
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
.In security/pam_modules.h
.Ft int
.Fn pam_sm_setcred "pam_handle_t *pamh" "int flags" "int argc" "const char **argv"
.Sh DESCRIPTION
The
.Nm
function is the service module's implementation of
the
.Xr pam_setcred 3
API function.
.Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
.It Bq Er PAM_ABORT
General failure.
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_CRED_ERR
Failed to set user credentials.
.It Bq Er PAM_CRED_EXPIRED
User credentials have expired.
.It Bq Er PAM_CRED_UNAVAIL
Failed to retrieve user credentials.
.It Bq Er PAM_IGNORE
Ignore this module.
.It Bq Er PAM_PERM_DENIED
Permission denied.
.It Bq Er PAM_SERVICE_ERR
Error in service module.
.It Bq Er PAM_SYSTEM_ERR
System error.
.It Bq Er PAM_USER_UNKNOWN
Unknown user.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_setcred 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
.Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.

50
contrib/openpam/doc/man/pam_start.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_START 3
.Os
.Sh NAME
@ -48,16 +48,54 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function creates and initializes a PAM context.
.Pp
The
.Va service
argument specifies the name of the policy to apply, and is
stored in the
.Dv PAM_SERVICE
item in the created context.
.Pp
The
.Va user
argument specifies the name of the target user - the user the
created context will serve to authenticate.
It is stored in the
.Dv PAM_USER
item in the created context.
.Pp
The
.Va pam_conv
argument points to a
.Vt struct pam_conv
describing the
conversation function to use.
This structure is defined as follows:
.Pp
.Bd -literal
struct pam_conv {
int (*conv)(int, const struct pam_message **,
struct pam_response **, void *);
void *appdata_ptr;
};
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam 3 ,
.Xr pam_end 3 ,
.Xr pam_get_item 3 ,
.Xr pam_set_item 3 ,
.Xr pam_strerror 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"

18
contrib/openpam/doc/man/pam_strerror.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_STRERROR 3
.Os
.Sh NAME
@ -48,15 +48,19 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function returns a pointer to a string containing a
textual description of the error indicated by the
.Va error_number
argument, in the context of the PAM transaction described by the
.Va pamh
argument.
.Sh RETURN VALUES
The
.Fn
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.El
.Nm
function returns
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr pam_strerror 3 ,
.Xr pam 3
.Sh STANDARDS
.Rs

34
contrib/openpam/doc/man/pam_verror.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_VERROR 3
.Os
.Sh NAME
@ -48,21 +48,37 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function passes its arguments to
.Xr pam_vprompt 3
with a
.Xr style 3
argument of
.Dv PAM_ERROR_MSG ,
and discards the response.
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr 3 ,
.Xr pam 3 ,
.Xr pam_error 3 ,
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam_vinfo 3 ,
.Xr pam_vprompt 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm

34
contrib/openpam/doc/man/pam_vinfo.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_VINFO 3
.Os
.Sh NAME
@ -48,21 +48,37 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function passes its arguments to
.Xr pam_vprompt 3
with a
.Xr style 3
argument of
.Dv PAM_TEXT_INFO ,
and discards the response.
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr 3 ,
.Xr pam 3 ,
.Xr pam_info 3 ,
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam_verror 3 ,
.Xr pam_vprompt 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm

68
contrib/openpam/doc/man/pam_vprompt.3

@ -33,7 +33,7 @@
.\"
.\" $Id$
.\"
.Dd February 9, 2002
.Dd February 22, 2002
.Dt PAM_VPROMPT 3
.Os
.Sh NAME
@ -48,21 +48,71 @@
.Sh DESCRIPTION
The
.Nm
function is not yet documented.
function constructs a string from the
.Va fmt
and
.Va ap
arguments using
.Xr vsnprintf 3 ,
and passes it to the given PAM context's
conversation function.
.Pp
The
.Va style
argument specifies the type of interaction requested, and
must be one of the following:
.Bl -tag -width 18n
.It Dv PAM_PROMPT_ECHO_OFF
Display the message and obtain the user's response without
displaying it.
.It Dv PAM_PROMPT_ECHO_ON
Display the message and obtain the user's response.
.It Dv PAM_ERROR_MSG
Display the message as an error message, and do not wait
for a response.
.It Dv PAM_TEXT_INFO
Display the message as an informational message, and do
not wait for a response.
.El
A pointer to the response, or
.Dv NULL
if the conversation function did
not return one, is stored in the location pointed to by the
.Va resp
argument.
.Pp
The message and response should not exceed
.Dv PAM_MAX_MSG_SIZE
or
.Dv PAM_MAX_RESP_SIZE ,
respectively.
If they do, they may be truncated.
.Pp
.Sh RETURN VALUES
The
.Fn
.Nm
function returns one of the following values:
.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING
.Bl -tag -width 18n
.It Bq Er PAM_BUF_ERR
Memory buffer error.
.It Bq Er PAM_CONV_ERR
Conversation failure.
.It Bq Er PAM_SYSTEM_ERR
System error.
.El
.Sh SEE ALSO
.Xr pam 3 ,
.Xr pam_error 3 ,
.Xr pam_info 3 ,
.Xr pam_prompt 3 ,
.Xr pam_strerror 3 ,
.Xr pam 3
.Xr pam_verror 3 ,
.Xr pam_vinfo 3 ,
.Xr vsnprintf 3
.Sh STANDARDS
.Rs
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
.%D "June 1997"
.Re
The
.Nm
function is an OpenPAM extension.
.Sh AUTHORS
The
.Nm

11
contrib/openpam/include/security/openpam.h

@ -49,6 +49,15 @@ extern "C" {
/*
* API extensions
*/
const char *
openpam_get_option(pam_handle_t *_pamh,
const char *_option);
int
openpam_set_option(pam_handle_t *_pamh,
const char *_option,
const char *_value);
int
pam_error(pam_handle_t *_pamh,
const char *_fmt,
@ -196,7 +205,7 @@ static struct pam_module _pam_module = { name PAM_SOEXT, { \
pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, \
pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }, \
NULL, 0, NULL, NULL }; \
DATA_SET(_openpam_modules, _pam_module)
DATA_SET(_openpam_static_modules, _pam_module)
#else
/* normal case */
#define PAM_EXTERN

3
contrib/openpam/include/security/pam_constants.h

@ -118,7 +118,8 @@ enum {
PAM_OLDAUTHTOK = 7,
PAM_RUSER = 8,
PAM_USER_PROMPT = 9,
PAM_AUTHTOK_PROMPT = 10 /* OpenPAM extension */
PAM_AUTHTOK_PROMPT = 10, /* OpenPAM extension */
PAM_NUM_ITEMS /* OpenPAM extension */
};
#ifdef __cplusplus

3
contrib/openpam/lib/Makefile

@ -45,8 +45,11 @@ CFLAGS += -I${.CURDIR}/../include
SRCS =
SRCS += openpam_dispatch.c
SRCS += openpam_findenv.c
SRCS += openpam_get_option.c
SRCS += openpam_load.c
SRCS += openpam_log.c
SRCS += openpam_set_option.c
SRCS += openpam_static.c
SRCS += openpam_ttyconv.c
SRCS += pam_acct_mgmt.c
SRCS += pam_authenticate.c

8
contrib/openpam/lib/openpam_dispatch.c

@ -47,6 +47,8 @@ static void _openpam_check_error_code(int, int);
#endif /* !defined(OPENPAM_RELAX_CHECKS) */
/*
* OpenPAM internal
*
* Execute a module chain
*/
@ -210,3 +212,9 @@ _openpam_check_error_code(int primitive, int r)
_pam_sm_func_name[primitive], r);
}
#endif /* !defined(OPENPAM_RELAX_CHECKS) */
/*
* NODOC
*
* Error codes:
*/

6
contrib/openpam/lib/openpam_findenv.c

@ -41,6 +41,8 @@
#include "openpam_impl.h"
/*
* OpenPAM internal
*
* Locate an environment variable
*/
@ -60,3 +62,7 @@ openpam_findenv(pam_handle_t *pamh,
return (i);
return (-1);
}
/*
* NODOC
*/

83
contrib/openpam/lib/openpam_get_option.c Normal file

@ -0,0 +1,83 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <string.h>
#include <security/pam_appl.h>
#include <security/openpam.h>
#include "openpam_impl.h"
/*
* OpenPAM extension
*
* Returns the value of a module option
*/
const char *
openpam_get_option(pam_handle_t *pamh,
const char *option)
{
pam_chain_t *cur;
size_t len;
int i;
if (pamh == NULL || pamh->current == NULL || option == NULL)
return (NULL);
cur = pamh->current;
len = strlen(option);
for (i = 0; i < cur->optc; ++i) {
if (strncmp(cur->optv[i], option, len) == 0) {
if (cur->optv[i][len] == '\0')
return (&cur->optv[i][len]);
else if (cur->optv[i][len] == '=')
return (&cur->optv[i][len + 1]);
}
}
return (NULL);
}
/*
* NOLIST
*/
/**
* The =openpam_get_option function returns the value of the specified
* option in the context of the currently executing service module, or
* =NULL if the option is not set or no module is currently executing.
*/

6
contrib/openpam/lib/openpam_impl.h

@ -68,8 +68,6 @@ struct pam_chain {
pam_chain_t *next;
};
#define PAM_NUM_ITEMS 10
typedef struct pam_data pam_data_t;
struct pam_data {
char *name;
@ -103,4 +101,8 @@ int openpam_add_module(pam_handle_t *, int, int,
const char *, int, const char **);
void openpam_clear_chains(pam_handle_t *);
#ifdef OPENPAM_STATIC_MODULES
pam_module_t *openpam_static(const char *);
#endif
#endif

17
contrib/openpam/lib/openpam_load.c

@ -42,10 +42,6 @@
#include "openpam_impl.h"
#ifdef OPENPAM_STATIC_MODULES
SET_DECLARE(_openpam_modules, pam_module_t);
#endif
const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
"pam_sm_authenticate",
"pam_sm_setcred",
@ -92,14 +88,7 @@ openpam_load_module(const char *path)
#ifdef OPENPAM_STATIC_MODULES
/* look for a static module */
if (module == NULL && strchr(path, '/') == NULL) {
pam_module_t **modp;
SET_FOREACH(modp, _openpam_modules) {
if (strcmp((*modp)->path, path) == 0) {
module = *modp;
break;
}
}
module = openpam_static(path);
openpam_log(PAM_LOG_DEBUG, "%s static %s",
(module == NULL) ? "no" : "using", path);
}
@ -225,3 +214,7 @@ openpam_clear_chains(pam_handle_t *pamh)
for (i = 0; i < PAM_NUM_CHAINS; ++i)
openpam_destroy_chain(pamh->chains[i]);
}
/*
* NOPARSE
*/

6
contrib/openpam/lib/openpam_log.c

@ -47,6 +47,8 @@
#if defined(openpam_log)
/*
* OpenPAM extension
*
* Log a message through syslog(3)
*/
@ -121,3 +123,7 @@ openpam_log(int level, const char *fmt, ...)
}
#endif
/*
* NOLIST
*/

104
contrib/openpam/lib/openpam_set_option.c Normal file

@ -0,0 +1,104 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <security/pam_appl.h>
#include <security/openpam.h>
#include "openpam_impl.h"
/*
* OpenPAM extension
*
* Sets the value of a module option
*/
int
openpam_set_option(pam_handle_t *pamh,
const char *option,
const char *value)
{
pam_chain_t *cur;
char *opt, **optv;
size_t len;
int i;
if (pamh == NULL || pamh->current == NULL || option == NULL)
return (PAM_SYSTEM_ERR);
cur = pamh->current;
for (len = 0; option[len] != '\0'; ++len)
if (option[len] == '=')
break;
for (i = 0; i < cur->optc; ++i) {
if (strncmp(cur->optv[i], option, len) == 0 &&
(cur->optv[i][len] == '\0' || cur->optv[i][len] == '='))
break;
}
if ((opt = malloc(len + strlen(value) + 2)) == NULL)
return (PAM_BUF_ERR);
sprintf(opt, "%.*s=%s", (int)len, option, value);
if (i == cur->optc) {
optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2));
if (optv == NULL) {
free(opt);
return (PAM_BUF_ERR);
}
optv[i] = opt;
optv[i + 1] = NULL;
cur->optv = optv;
++cur->optc;
}
return (PAM_SUCCESS);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/
/**
* The =openpam_set_option function sets the specified option in the
* context of the currently executing service module.
*/

69
contrib/openpam/lib/openpam_static.c Normal file

@ -0,0 +1,69 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <string.h>
#include <security/pam_appl.h>
#include "openpam_impl.h"
#ifdef OPENPAM_STATIC_MODULES
SET_DECLARE(_openpam_static_modules, pam_module_t);
/*
* OpenPAM internal
*
* Locate a statically linked module
*/
pam_module_t *
openpam_static(const char *path)
{
pam_module_t **module;
SET_FOREACH(module, _openpam_static_modules) {
if (strcmp((*module)->path, path) == 0)
return (*module);
}
return (NULL);
}
#endif
/*
* NOPARSE
*/

145
contrib/openpam/lib/openpam_ttyconv.c

@ -37,16 +37,98 @@
#include <sys/types.h>
#include <ctype.h>
#include <setjmp.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#include <security/pam_appl.h>
#include <security/openpam.h>
int openpam_ttyconv_timeout = 0;
static jmp_buf jmpenv;
static int timed_out;
static void
timeout(int sig)
{
timed_out = 1;
longjmp(jmpenv, sig);
}
static char *
prompt(const char *msg)
{
char buf[PAM_MAX_RESP_SIZE];
struct sigaction action, saved_action;
sigset_t saved_sigset, sigset;
unsigned int saved_alarm;
size_t len;
sigemptyset(&sigset);
sigaddset(&sigset, SIGINT);
sigaddset(&sigset, SIGTSTP);
sigprocmask(SIG_SETMASK, &sigset, &saved_sigset);
action.sa_handler = &timeout;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
sigaction(SIGALRM, &action, &saved_action);
fputs(msg, stderr);
buf[0] = '\0';
timed_out = 0;
saved_alarm = alarm(openpam_ttyconv_timeout);
if (setjmp(jmpenv) == 0)
fgets(buf, sizeof buf, stdin);
else
fputs(" timeout!\n", stderr);
alarm(0);
sigaction(SIGALRM, &saved_action, NULL);
sigprocmask(SIG_SETMASK, &saved_sigset, NULL);
alarm(saved_alarm);
if (timed_out || ferror(stdin))
return (NULL);
/* trim trailing whitespace */
for (len = strlen(buf); len > 0; --len)
if (!isspace(buf[len - 1]))
break;
buf[len] = '\0';
return (strdup(buf));
}
static char *
prompt_echo_off(const char *msg)
{
struct termios tattr;
tcflag_t lflag;
char *ret;
int fd;
fd = fileno(stdin);
if (tcgetattr(fd, &tattr) != 0) {
openpam_log(PAM_LOG_ERROR, "tcgetattr(): %m");
return (NULL);
}
lflag = tattr.c_lflag;
tattr.c_lflag &= ~ECHO;
if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) {
openpam_log(PAM_LOG_ERROR, "tcsetattr(): %m");
return (NULL);
}
ret = prompt(msg);
tattr.c_lflag = lflag;
(void)tcsetattr(fd, TCSANOW, &tattr);
if (ret != NULL)
fputs("\n", stdout);
return (ret);
}
/*
* Simple tty-based conversation function.
* OpenPAM extension
*
* Simple tty-based conversation function
*/
int
@ -55,60 +137,26 @@ openpam_ttyconv(int n,
struct pam_response **resp,
void *data)
{
char buf[PAM_MAX_RESP_SIZE];
struct termios tattr;
tcflag_t lflag;
int fd, err, i;
size_t len;
int i;
data = data;
if (n <= 0 || n > PAM_MAX_NUM_MSG)
return (PAM_CONV_ERR);
if ((*resp = calloc(n, sizeof **resp)) == NULL)
return (PAM_BUF_ERR);
fd = fileno(stdin);
for (i = 0; i < n; ++i) {
resp[i]->resp_retcode = 0;
resp[i]->resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
resp[i]->resp = prompt_echo_off(msg[i]->msg);
if (resp[i]->resp == NULL)
goto fail;
break;
case PAM_PROMPT_ECHO_ON:
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
if (tcgetattr(fd, &tattr) != 0) {
openpam_log(PAM_LOG_ERROR,
"tcgetattr(): %m");
err = PAM_CONV_ERR;
goto fail;
}
lflag = tattr.c_lflag;
tattr.c_lflag &= ~ECHO;
if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) {
openpam_log(PAM_LOG_ERROR,
"tcsetattr(): %m");
err = PAM_CONV_ERR;
goto fail;
}
}
fputs(msg[i]->msg, stderr);
buf[0] = '\0';
fgets(buf, sizeof buf, stdin);
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
tattr.c_lflag = lflag;
(void)tcsetattr(fd, TCSANOW, &tattr);
fputs("\n", stderr);
}
if (ferror(stdin)) {
err = PAM_CONV_ERR;
resp[i]->resp = prompt(msg[i]->msg);
if (resp[i]->resp == NULL)
goto fail;
}
for (len = strlen(buf); len > 0; --len)
if (!isspace(buf[len - 1]))
break;
buf[len] = '\0';
if ((resp[i]->resp = strdup(buf)) == NULL) {
err = PAM_BUF_ERR;
goto fail;
}
break;
case PAM_ERROR_MSG:
fputs(msg[i]->msg, stderr);
@ -117,7 +165,6 @@ openpam_ttyconv(int n,
fputs(msg[i]->msg, stdout);
break;
default:
err = PAM_BUF_ERR;
goto fail;
}
}
@ -127,5 +174,15 @@ openpam_ttyconv(int n,
free(resp[--i]);
free(*resp);
*resp = NULL;
return (err);
return (PAM_CONV_ERR);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
*/

8
contrib/openpam/lib/pam_acct_mgmt.c

@ -54,3 +54,11 @@ pam_acct_mgmt(pam_handle_t *pamh,
return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags));
}
/*
* Error codes:
*
* =openpam_dispatch
* =pam_sm_acct_mgmt
* !PAM_IGNORE
*/

8
contrib/openpam/lib/pam_authenticate.c

@ -54,3 +54,11 @@ pam_authenticate(pam_handle_t *pamh,
return (openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags));
}
/*
* Error codes:
*
* =openpam_dispatch
* =pam_sm_authenticate
* !PAM_IGNORE
*/

11
contrib/openpam/lib/pam_authenticate_secondary.c

@ -36,6 +36,13 @@
#include <security/pam_appl.h>
/*
* XSSO 4.2.1
* XSSO 6 page 36
*
* Perform authentication to a secondary domain within the PAM framework
*/
int
pam_authenticate_secondary(pam_handle_t *pamh,
char *target_username,
@ -48,3 +55,7 @@ pam_authenticate_secondary(pam_handle_t *pamh,
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

8
contrib/openpam/lib/pam_chauthtok.c

@ -54,3 +54,11 @@ pam_chauthtok(pam_handle_t *pamh,
return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags));
}
/*
* Error codes:
*
* =openpam_dispatch
* =pam_sm_chauthtok
* !PAM_IGNORE
*/

8
contrib/openpam/lib/pam_close_session.c

@ -54,3 +54,11 @@ pam_close_session(pam_handle_t *pamh,
return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
}
/*
* Error codes:
*
* =openpam_dispatch
* =pam_sm_close_session
* !PAM_IGNORE
*/

14
contrib/openpam/lib/pam_end.c

@ -82,3 +82,17 @@ pam_end(pam_handle_t *pamh,
return (PAM_SUCCESS);
}
/*
* Error codes:
*
* PAM_SYSTEM_ERR
*/
/**
* The =pam_end function terminates a PAM transaction and destroys the
* corresponding PAM context, releasing all resources allocated to it.
*
* The =status argument should be set to the error code returned by the
* last API call before the call to =pam_end.
*/

18
contrib/openpam/lib/pam_error.c

@ -62,3 +62,21 @@ pam_error(pam_handle_t *pamh,
free(rsp); /* ignore response */
return (r);
}
/*
* Error codes:
*
* !PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
*/
/**
* The =pam_info function displays an error message through the
* intermediary of the given PAM context's conversation function.
*
* >pam_info
* >pam_prompt
* >pam_verror
*/

34
contrib/openpam/lib/pam_get_authtok.c

@ -53,23 +53,37 @@ pam_get_authtok(pam_handle_t *pamh,
const char *prompt)
{
char *p, *resp;
int r;
int r, style;
if (pamh == NULL || authtok == NULL)
return (PAM_SYSTEM_ERR);
r = pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok);
if (r == PAM_SUCCESS && *authtok != NULL)
return (PAM_SUCCESS);
if (prompt == NULL) {
if (pam_get_item(pamh, PAM_AUTHTOK_PROMPT,
(const void **)&p) != PAM_SUCCESS || p == NULL)
prompt = "Password:";
if (openpam_get_option(pamh, "try_first_pass") ||
openpam_get_option(pamh, "use_first_pass")) {
r = pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok);
if (r == PAM_SUCCESS && *authtok != NULL)
return (PAM_SUCCESS);
else if (openpam_get_option(pamh, "use_first_pass"))
return (r == PAM_SUCCESS ? PAM_AUTH_ERR : r);
}
r = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp,
"%s", prompt ? prompt : p);
if (pam_get_item(pamh, PAM_AUTHTOK_PROMPT,
(const void **)&p) != PAM_SUCCESS || p == NULL)
if (prompt == NULL)
prompt = "Password:";
style = openpam_get_option(pamh, "echo_pass") ?
PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
r = pam_prompt(pamh, style, &resp, "%s", p ? p : prompt);
if (r != PAM_SUCCESS)
return (r);
*authtok = resp;
return (pam_set_item(pamh, PAM_AUTHTOK, *authtok));
}
/*
* Error codes:
*
* =pam_get_item
* =pam_prompt
* =pam_set_item
* !PAM_SYMBOL_ERR
*/

18
contrib/openpam/lib/pam_get_data.c

@ -65,3 +65,21 @@ pam_get_data(pam_handle_t *pamh,
return (PAM_NO_MODULE_DATA);
}
/*
* Error codes:
*
* PAM_SYSTEM_ERR
* PAM_NO_MODULE_DATA
*/
/**
* The =pam_get_data function looks up the opaque object associated with
* the string specified by the =module_data_name argument, in the PAM
* context specified by the =pamh argument.
* A pointer to the object is stored in the location pointed to by the
* =data argument.
*
* This function and its counterpart =pam_set_data are useful for managing
* data that are meaningful only to a particular service module.
*/

47
contrib/openpam/lib/pam_get_item.c

@ -69,6 +69,51 @@ pam_get_item(pam_handle_t *pamh,
*item = pamh->item[item_type];
return (PAM_SUCCESS);
default:
return (PAM_SYSTEM_ERR);
return (PAM_SYMBOL_ERR);
}
}
/*
* Error codes:
*
* PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
*/
/**
* The =pam_get_item function stores a pointer to the item specified by
* the =item_type argument in the location specified by the =item
* argument.
* The item is retrieved from the PAM context specified by the =pamh
* argument.
* The following item types are recognized:
*
* =PAM_SERVICE:
* The name of the requesting service.
* =PAM_USER:
* The name of the user the application is trying to
* authenticate.
* =PAM_TTY:
* The name of the current terminal.
* =PAM_RHOST:
* The name of the applicant's host.
* =PAM_CONV:
* A =struct pam_conv describing the current conversation
* function.
* =PAM_AUTHTOK:
* The current authentication token.
* =PAM_OLDAUTHTOK:
* The expired authentication token.
* =PAM_RUSER:
* The name of the applicant.
* =PAM_USER_PROMPT:
* The prompt to use when asking the applicant for a user
* name to authenticate as.
* =PAM_AUTHTOK_PROMPT:
* The prompt to use when asking the applicant for an
* authentication token.
*
* See =pam_start for a description of =struct pam_conv.
*
* >pam_set_item
*/

11
contrib/openpam/lib/pam_get_mapped_authtok.c

@ -36,6 +36,13 @@
#include <security/pam_appl.h>
/*
* XSSO 4.2.1
* XSSO 6 page 48
*
* Get mapped password for the user
*/
int
pam_get_mapped_authtok(pam_handle_t *pamh,
const char *target_module_username,
@ -47,3 +54,7 @@ pam_get_mapped_authtok(pam_handle_t *pamh,
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

11
contrib/openpam/lib/pam_get_mapped_username.c

@ -36,6 +36,13 @@
#include <security/pam_appl.h>
/*
* XSSO 4.2.1
* XSSO 6 page 50
*
* Get valid matched identity in new domain
*/
int
pam_get_mapped_username(pam_handle_t *pamh,
const char *src_username,
@ -48,3 +55,7 @@ pam_get_mapped_username(pam_handle_t *pamh,
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

9
contrib/openpam/lib/pam_get_user.c

@ -74,3 +74,12 @@ pam_get_user(pam_handle_t *pamh,
*user = resp;
return (pam_set_item(pamh, PAM_USER, *user));
}
/*
* Error codes:
*
* =pam_get_item
* =pam_prompt
* =pam_set_item
* !PAM_SYMBOL_ERR
*/

10
contrib/openpam/lib/pam_getenv.c

@ -65,3 +65,13 @@ pam_getenv(pam_handle_t *pamh,
return (NULL);
return (strdup(pamh->env[i]));
}
/**
* The =pam_getenv function returns the value of an environment variable.
* Its semantics are similar to those of =getenv, but it accesses the PAM
* context's environment list instead of the application's.
*
* >pam_getenvlist
* >pam_putenv
* >pam_setenv
*/

36
contrib/openpam/lib/pam_getenvlist.c

@ -40,6 +40,7 @@
#include <security/pam_appl.h>
#include "openpam_impl.h"
/*
* XSSO 4.2.1
* XSSO 6 page 45
@ -56,15 +57,48 @@ pam_getenvlist(pam_handle_t *pamh)
if (pamh == NULL)
return (NULL);
if ((envlist = malloc(sizeof(char *) * (pamh->env_count + 1))) == NULL)
envlist = malloc(sizeof(char *) * (pamh->env_count + 1));
if (envlist == NULL) {
openpam_log(PAM_LOG_ERROR, "%s",
pam_strerror(pamh, PAM_BUF_ERR));
return (NULL);
}
for (i = 0; i < pamh->env_count; ++i) {
if ((envlist[i] = strdup(pamh->env[i])) == NULL) {
while (i)
free(envlist[--i]);
free(envlist);
openpam_log(PAM_LOG_ERROR, "%s",
pam_strerror(pamh, PAM_BUF_ERR));
return (NULL);
}
}
envlist[i] = NULL;
openpam_log(PAM_LOG_DEBUG, "returning %d variables\n", pamh->env_count);
return (envlist);
}
/**
* The =pam_getenvlist function returns a copy of the given PAM context's
* environment list as a pointer to an array of strings.
* The last element in the array is =NULL.
* The pointer is suitable for assignment to {Va environ}.
*
* The array and the strings it lists are allocated using =malloc, and
* should be released using =free after use:
*
* char **envlist, **env;
*
* envlist = environ;
* environ = pam_getenvlist(pamh);
* \/\* do something nifty \*\/
* for (env = environ; *env != NULL; env++)
* free(*env);
* free(environ);
* environ = envlist;
*
* >environ 7
* >pam_getenv
* >pam_putenv
* >pam_setenv
*/

18
contrib/openpam/lib/pam_info.c

@ -62,3 +62,21 @@ pam_info(pam_handle_t *pamh,
free(rsp); /* ignore response */
return (r);
}
/*
* Error codes:
*
* !PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
*/
/**
* The =pam_info function displays an informational message through the
* intermediary of the given PAM context's conversation function.
*
* >pam_error
* >pam_prompt
* >pam_vinfo
*/

8
contrib/openpam/lib/pam_open_session.c

@ -54,3 +54,11 @@ pam_open_session(pam_handle_t *pamh,
return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
}
/*
* Error codes:
*
* =openpam_dispatch
* =pam_sm_open_session
* !PAM_IGNORE
*/

25
contrib/openpam/lib/pam_prompt.c

@ -60,3 +60,28 @@ pam_prompt(pam_handle_t *pamh,
va_end(ap);
return (r);
}
/*
* Error codes:
*
* !PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
*/
/**
* The =pam_prompt function constructs a message from the specified format
* string and arguments and passes it to the given PAM context's
* conversation function.
*
* A pointer to the response, or =NULL if the conversation function did
* not return one, is stored in the location pointed to by the =resp
* argument.
*
* See =pam_vprompt for further details.
*
* >pam_error
* >pam_info
* >pam_vprompt
*/

17
contrib/openpam/lib/pam_putenv.c

@ -86,3 +86,20 @@ pam_putenv(pam_handle_t *pamh,
++pamh->env_count;
return (PAM_SUCCESS);
}
/*
* Error codes:
*
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/
/**
* The =pam_putenv function sets a environment variable.
* Its semantics are similar to those of =putenv, but it modifies the PAM
* context's environment list instead of the application's.
*
* >pam_getenv
* >pam_getenvlist
* >pam_setenv
*/

19
contrib/openpam/lib/pam_set_data.c

@ -81,3 +81,22 @@ pam_set_data(pam_handle_t *pamh,
pamh->module_data = data;
return (PAM_SUCCESS);
}
/*
* Error codes:
*
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/
/**
* The =pam_set_data function associates a pointer to an opaque object
* with an arbitrary string specified by the =module_data_name argument,
* in the PAM context specified by the =pamh argument.
*
* If not =NULL, the =cleanup argument should point to a function
* responsible for releasing the resources associated with the object.
*
* This function and its counterpart =pam_get_data are useful for managing
* data that are meaningful only to a particular service module.
*/

17
contrib/openpam/lib/pam_set_item.c

@ -88,7 +88,7 @@ pam_set_item(pam_handle_t *pamh,
}
break;
default:
return (PAM_SYSTEM_ERR);
return (PAM_SYMBOL_ERR);
}
if (*slot != NULL) {
memset(*slot, 0xd0, size);
@ -97,3 +97,18 @@ pam_set_item(pam_handle_t *pamh,
*slot = tmp;
return (PAM_SUCCESS);
}
/*
* Error codes:
*
* PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/
/**
* The =pam_set_item function sets the item specified by the =item_type
* argument to a copy of the object pointed to by the =item argument.
* The item is stored in the PAM context specified by the =pamh argument.
* See =pam_get_item for a list of recognized item types.
*/

11
contrib/openpam/lib/pam_set_mapped_authtok.c

@ -36,6 +36,13 @@
#include <security/pam_appl.h>
/*
* XSSO 4.2.1
* XSSO 6 page 62
*
* Store the password for the username supplied
*/
int
pam_set_mapped_authtok(pam_handle_t *pamh,
const char *target_module_username,
@ -47,3 +54,7 @@ pam_set_mapped_authtok(pam_handle_t *pamh,
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

11
contrib/openpam/lib/pam_set_mapped_username.c

@ -36,6 +36,13 @@
#include <security/pam_appl.h>
/*
* XSSO 4.2.1
* XSSO 6 page 64
*
* Set a username
*/
int
pam_set_mapped_username(pam_handle_t *pamh,
char *src_username,
@ -48,3 +55,7 @@ pam_set_mapped_username(pam_handle_t *pamh,
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

22
contrib/openpam/lib/pam_setcred.c

@ -54,3 +54,25 @@ pam_setcred(pam_handle_t *pamh,
return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
}
/*
* Error codes:
*
* =openpam_dispatch
* =pam_sm_setcred
* !PAM_IGNORE
*/
/**
* The =pam_setcred function manages the application's credentials.
* The operation to perform is specified by the =flags argument:
*
* PAM_ESTABLISH_CRED:
* Establish the credentials of the target user.
* PAM_DELETE_CRED:
* Revoke all established credentials.
* PAM_REINITIALISE_CRED:
* Fully reinitialise credentials.
* PAM_REFRESH_CRED:
* Refresh credentials.
*/

18
contrib/openpam/lib/pam_setenv.c

@ -77,3 +77,21 @@ pam_setenv(pam_handle_t *pamh,
free(env);
return (r);
}
/*
* Error codes:
*
* =pam_putenv
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/
/**
* The =pam_setenv function sets a environment variable.
* Its semantics are similar to those of =setenv, but it modifies the PAM
* context's environment list instead of the application's.
*
* >pam_getenv
* >pam_getenvlist
* >pam_putenv
*/

81
contrib/openpam/lib/pam_sm_acct_mgmt.c Normal file

@ -0,0 +1,81 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 66
*
* Service module implementation for pam_acct_mgmt
*/
int
pam_sm_acct_mgmt(pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SERVICE_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
* PAM_PERM_DENIED
* PAM_IGNORE
* PAM_ABORT
*
* PAM_USER_UNKNOWN
* PAM_AUTH_ERR
* PAM_NEW_AUTHTOK_REQD
* PAM_ACCT_EXPIRED
*/
/**
* The =pam_sm_acct_mgmt function is the service module's implementation
* of the =pam_acct_mgmt API function.
*/

82
contrib/openpam/lib/pam_sm_authenticate.c Normal file

@ -0,0 +1,82 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 68
*
* Service module implementation for pam_authenticate
*/
int
pam_sm_authenticate(pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SERVICE_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
* PAM_PERM_DENIED
* PAM_IGNORE
* PAM_ABORT
*
* PAM_AUTH_ERR
* PAM_CRED_INSUFFICIENT
* PAM_AUTHINFO_UNAVAIL
* PAM_USER_UNKNOWN
* PAM_MAXTRIES
*/
/**
* The =pam_sm_authenticate function is the service module's
* implementation of the =pam_authenticate API function.
*/

66
contrib/openpam/lib/pam_sm_authenticate_secondary.c Normal file

@ -0,0 +1,66 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 70
*
* Service module implementation for pam_authenticate_secondary
*/
int
pam_sm_authenticate_secondary(pam_handle_t *pamh,
char *target_username,
char *target_module_type,
char *target_authn_domain,
char *target_supp_data,
unsigned char *target_module_authtok,
int flags,
int argc,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

82
contrib/openpam/lib/pam_sm_chauthtok.c Normal file

@ -0,0 +1,82 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 72
*
* Service module implementation for pam_chauthtok
*/
int
pam_sm_chauthtok(pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SERVICE_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
* PAM_PERM_DENIED
* PAM_IGNORE
* PAM_ABORT
*
* PAM_PERM_DENIED
* PAM_AUTHTOK_ERR
* PAM_AUTHTOK_RECOVERY_ERR
* PAM_AUTHTOK_LOCK_BUSY
* PAM_AUTHTOK_DISABLE_AGING
*/
/**
* The =pam_sm_chauthtok function is the service module's implementation
* of the =pam_chauthtok API function.
*/

78
contrib/openpam/lib/pam_sm_close_session.c Normal file

@ -0,0 +1,78 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 75
*
* Service module implementation for pam_close_session
*/
int
pam_sm_close_session(pam_handle_t *pamh,
int flags,
int args,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SERVICE_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
* PAM_PERM_DENIED
* PAM_IGNORE
* PAM_ABORT
*
* PAM_SESSION_ERR
*/
/**
* The =pam_sm_close_session function is the service module's
* implementation of the =pam_close_session API function.
*/

65
contrib/openpam/lib/pam_sm_get_mapped_authtok.c Normal file

@ -0,0 +1,65 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 77
*
* Service module implementation for pam_get_mapped_authtok
*/
int
pam_sm_get_mapped_authtok(pam_handle_t *pamh,
char *target_module_username,
char *target_module_type,
char *target_authn_domain,
size_t *target_authtok_len,
unsigned char **target_module_authtok,
int argc,
char *argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

66
contrib/openpam/lib/pam_sm_get_mapped_username.c Normal file

@ -0,0 +1,66 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 79
*
* Service module implementation for pam_get_mapped_username
*/
int
pam_sm_get_mapped_username(pam_handle_t *pamh,
char *src_username,
char *src_module_type,
char *src_authn_domain,
char *target_module_type,
char *target_authn_domain,
char **target_module_username,
int argc,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

78
contrib/openpam/lib/pam_sm_open_session.c Normal file

@ -0,0 +1,78 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 81
*
* Service module implementation for pam_open_session
*/
int
pam_sm_open_session(pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SERVICE_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
* PAM_PERM_DENIED
* PAM_IGNORE
* PAM_ABORT
*
* PAM_SESSION_ERR
*/
/**
* The =pam_sm_open_session function is the service module's
* implementation of the =pam_open_session API function.
*/

65
contrib/openpam/lib/pam_sm_set_mapped_authtok.c Normal file

@ -0,0 +1,65 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 83
*
* Service module implementation for pam_set_mapped_authtok
*/
int
pam_sm_set_mapped_authtok(pam_handle_t *pamh,
char *target_module_username,
size_t target_authtok_len,
unsigned char *target_module_authtok,
char *target_module_type,
char *target_authn_domain,
int argc,
const char *argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

63
contrib/openpam/lib/pam_sm_set_mapped_username.c Normal file

@ -0,0 +1,63 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 85
*
* Service module implementation for pam_set_mapped_username
*/
int
pam_sm_set_mapped_username(pam_handle_t *pamh,
char *target_module_username,
char *target_module_type,
char *target_authn_domain,
int argc,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NODOC
*/

82
contrib/openpam/lib/pam_sm_setcred.c Normal file

@ -0,0 +1,82 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
/*
* XSSO 4.2.2
* XSSO 6 page 87
*
* Service module implementation for pam_setcred
*/
int
pam_sm_setcred(pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return (PAM_SYSTEM_ERR);
}
/*
* NOLIST
*
* Error codes:
*
* PAM_SERVICE_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
* PAM_PERM_DENIED
* PAM_IGNORE
* PAM_ABORT
*
* PAM_CRED_UNAVAIL
* PAM_CRED_EXPIRED
* PAM_USER_UNKNOWN
* PAM_CRED_ERR
*/
/**
* The =pam_sm_setcred function is the service module's implementation of
* the =pam_setcred API function.
*/

34
contrib/openpam/lib/pam_start.c

@ -290,3 +290,37 @@ _pam_configure_service(pam_handle_t *pamh,
return (PAM_SYSTEM_ERR);
}
/*
* Error codes:
*
* =pam_set_item
* !PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
*/
/**
* The =pam_start function creates and initializes a PAM context.
*
* The =service argument specifies the name of the policy to apply, and is
* stored in the =PAM_SERVICE item in the created context.
*
* The =user argument specifies the name of the target user - the user the
* created context will serve to authenticate.
* It is stored in the =PAM_USER item in the created context.
*
* The =pam_conv argument points to a =struct pam_conv describing the
* conversation function to use.
* This structure is defined as follows:
*
* struct pam_conv {
* int (*conv)(int, const struct pam_message **,
* struct pam_response **, void *);
* void *appdata_ptr;
* };
*
* >pam_get_item
* >pam_set_item
* >pam_end
*/

11
contrib/openpam/lib/pam_strerror.c

@ -61,7 +61,7 @@ pam_strerror(pam_handle_t *pamh,
case PAM_OPEN_ERR:
return ("failed to load module");
case PAM_SYMBOL_ERR:
return ("symbol not found in module");
return ("invalid symbol");
case PAM_SERVICE_ERR:
return ("error in service module");
case PAM_SYSTEM_ERR:
@ -103,7 +103,7 @@ pam_strerror(pam_handle_t *pamh,
case PAM_AUTHTOK_LOCK_BUSY:
return ("authentication token lock busy");
case PAM_AUTHTOK_DISABLE_AGING:
return ("authentication token ageing disabled");
return ("authentication token aging disabled");
case PAM_NO_MODULE_DATA:
return ("module data not found");
case PAM_IGNORE:
@ -121,3 +121,10 @@ pam_strerror(pam_handle_t *pamh,
return (unknown);
}
}
/**
* The =pam_strerror function returns a pointer to a string containing a
* textual description of the error indicated by the =error_number
* argument, in the context of the PAM transaction described by the =pamh
* argument.
*/

17
contrib/openpam/lib/pam_verror.c

@ -58,3 +58,20 @@ pam_verror(pam_handle_t *pamh,
free(rsp); /* ignore response */
return (r);
}
/*
* Error codes:
*
* !PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
*/
/**
* The =pam_verror function passes its arguments to =pam_vprompt with a
* =style argument of =PAM_ERROR_MSG, and discards the response.
*
* >pam_error
* >pam_vinfo
*/

17
contrib/openpam/lib/pam_vinfo.c

@ -58,3 +58,20 @@ pam_vinfo(pam_handle_t *pamh,
free(rsp); /* ignore response */
return (r);
}
/*
* Error codes:
*
* !PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
*/
/**
* The =pam_vinfo function passes its arguments to =pam_vprompt with a
* =style argument of =PAM_TEXT_INFO, and discards the response.
*
* >pam_info
* >pam_verror
*/

44
contrib/openpam/lib/pam_vprompt.c

@ -77,3 +77,47 @@ pam_vprompt(pam_handle_t *pamh,
free(rsp);
return (r);
}
/*
* Error codes:
*
* !PAM_SYMBOL_ERR
* PAM_SYSTEM_ERR
* PAM_BUF_ERR
* PAM_CONV_ERR
*/
/**
* The =pam_vprompt function constructs a string from the =fmt and =ap
* arguments using =vsnprintf, and passes it to the given PAM context's
* conversation function.
*
* The =style argument specifies the type of interaction requested, and
* must be one of the following:
*
* =PAM_PROMPT_ECHO_OFF:
* Display the message and obtain the user's response without
* displaying it.
* =PAM_PROMPT_ECHO_ON:
* Display the message and obtain the user's response.
* =PAM_ERROR_MSG:
* Display the message as an error message, and do not wait
* for a response.
* =PAM_TEXT_INFO:
* Display the message as an informational message, and do
* not wait for a response.
*
* A pointer to the response, or =NULL if the conversation function did
* not return one, is stored in the location pointed to by the =resp
* argument.
*
* The message and response should not exceed =PAM_MAX_MSG_SIZE or
* =PAM_MAX_RESP_SIZE, respectively.
* If they do, they may be truncated.
*
* >pam_error
* >pam_info
* >pam_prompt
* >pam_verror
* >pam_vinfo
*/

444
contrib/openpam/misc/gendoc.pl Normal file

@ -0,0 +1,444 @@
#!/usr/bin/perl -w
#-
# Copyright (c) 2002 Networks Associates Technologies, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS and
# NAI Labs, the Security Research Division of Network Associates, Inc.
# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
# DARPA CHATS research program.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote
# products derived from this software without specific prior written
# permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Id$
#
use strict;
use Fcntl;
use POSIX qw(strftime);
use vars qw($COPYRIGHT $TODAY %FUNCTIONS %PAMERR);
%PAMERR = (
PAM_SUCCESS => "Success",
PAM_OPEN_ERR => "Failed to load module",
PAM_SYMBOL_ERR => "Invalid symbol",
PAM_SERVICE_ERR => "Error in service module",
PAM_SYSTEM_ERR => "System error",
PAM_BUF_ERR => "Memory buffer error",
PAM_CONV_ERR => "Conversation failure",
PAM_PERM_DENIED => "Permission denied",
PAM_MAXTRIES => "Maximum number of tries exceeded",
PAM_AUTH_ERR => "Authentication error",
PAM_NEW_AUTHTOK_REQD => "New authentication token required",
PAM_CRED_INSUFFICIENT => "Insufficient credentials",
PAM_AUTHINFO_UNAVAIL => "Authentication information is unavailable",
PAM_USER_UNKNOWN => "Unknown user",
PAM_CRED_UNAVAIL => "Failed to retrieve user credentials",
PAM_CRED_EXPIRED => "User credentials have expired",
PAM_CRED_ERR => "Failed to set user credentials",
PAM_ACCT_EXPIRED => "User accound has expired",
PAM_AUTHTOK_EXPIRED => "Password has expired",
PAM_SESSION_ERR => "Session failure",
PAM_AUTHTOK_ERR => "Authentication token failure",
PAM_AUTHTOK_RECOVERY_ERR => "Failed to recover old authentication token",
PAM_AUTHTOK_LOCK_BUSY => "Authentication token lock busy",
PAM_AUTHTOK_DISABLE_AGING => "Authentication token aging disabled",
PAM_NO_MODULE_DATA => "Module data not found",
PAM_IGNORE => "Ignore this module",
PAM_ABORT => "General failure",
PAM_TRY_AGAIN => "Try again",
PAM_MODULE_UNKNOWN => "Unknown module type",
PAM_DOMAIN_UNKNOWN => "Unknown authentication domain",
);
sub parse_source($) {
my $fn = shift;
local *FILE;
my $source;
my $func;
my $descr;
my $type;
my $args;
my $argnames;
my $man;
my $inlist;
my $inliteral;
my %xref;
my @errors;
if ($fn !~ m,\.c$,) {
warn("$fn: not C source, ignoring\n");
return;
}
sysopen(FILE, $fn, O_RDONLY)
or die("$fn: open(): $!\n");
$source = join('', <FILE>);
close(FILE);
return if ($source =~ m/^ \* NOPARSE\s*$/m);
if (!defined($COPYRIGHT) && $source =~ m,^(/\*-\n.*?)\s*\*/,s) {
$COPYRIGHT = $1;
$COPYRIGHT =~ s,^.\*,.\\\",gm;
$COPYRIGHT =~ s,(\$Id).*?\$,$1\$,;
$COPYRIGHT .= "\n.\\\"";
}
$func = $fn;
$func =~ s,^(?:.*/)?([^/]+)\.c$,$1,;
if ($source !~ m,\n \* ([\S ]+)\n \*/\n\n([\S ]+)\n$func\((.*?)\)\n\{,s) {
warn("$fn: can't find $func\n");
return;
}
($descr, $type, $args) = ($1, $2, $3);
$descr =~ s,^([A-Z][a-z]),lc($1),e;
$descr =~ s,[\.\s]*$,,;
while ($args =~ s/^((?:[^\(]|\([^\)]*\))*),\s*/$1\" \"/g) {
# nothing
}
$args =~ s/,\s+/, /gs;
$args = "\"$args\"";
%xref = (
"pam 3" => 1
);
if ($type eq "int") {
foreach (split("\n", $source)) {
next unless (m/^ \*\s+(!?PAM_[A-Z_]+|=[a-z_]+)\s*$/);
push(@errors, $1);
}
$xref{"pam_strerror 3"} = 1;
}
$argnames = $args;
$argnames =~ s/\"[^\"]+\*?\b(\w+)\"/\"$1\"/g;
$argnames =~ s/([\|\[\]\(\)\.\*\+\?])/\\$1/g;
$argnames =~ s/\" \"/|/g;
$argnames =~ s/^\"(.*)\"$/($1)/;
foreach (split("\n", $source)) {
s/\s*$//;
if (!defined($man)) {
if (m/^\/\*\*$/) {
$man = "";
}
next;
}
last if (m/^ \*\/$/);
s/^ \* ?//;
s/\\(.)/$1/gs;
if (m/^$/) {
if ($man ne "" && $man !~ m/\.Pp\n$/s) {
if ($inliteral) {
$man .= "\0\n";
} elsif ($inlist) {
$man .= ".El\n";
$inlist = 0;
} else {
$man .= ".Pp\n";
}
}
next;
}
if (m/^>(\w+)(?:\s+(\d))?$/) {
++$xref{$2 ? "$1 $2" : "$1 3"};
next;
}
if (s/^\s+(=?\w+):\s*/.It $1/) {
if ($inliteral) {
$man .= ".Ed\n";
$inliteral = 0;
}
if (!$inlist) {
$man =~ s/\.Pp\n$//s;
$man .= ".Bl -tag -width 18n\n";
$inlist = 1;
}
s/^\.It =([A-Z][A-Z_]+)$/.It Dv $1/gs;
$man .= "$_\n";
next;
} elsif ($inlist && m/^\S/) {
$man .= ".El\n";
$inlist = 0;
} elsif ($inliteral && m/^\S/) {
$man .= ".Ed\n";
$inlist = 0;
} elsif ($inliteral) {
$man .= "$_\n";
next;
} elsif ($inlist) {
s/^\s+//;
} elsif (m/^\s+/) {
$man .= ".Bd -literal\n";
$inliteral = 1;
$man .= "$_\n";
next;
}
s/\s*=$func\b\s*/\n.Nm\n/gs;
s/\s*=$argnames\b\s*/\n.Va $1\n/gs;
s/\s*=(struct \w+(?: \*)?)\b\s*/\n.Vt $1\n/gs;
if (s/\s*=([a-z_]+)\b\s*/\n.Xr $1 3\n/gs) {
++$xref{"$1 3"};
}
s/\s*\"(?=\w)/\n.Do\n/gs;
s/\"(?!\w)\s*/\n.Dc\n/gs;
s/\s*=([A-Z][A-Z_]+)\b\s*(?![\.,:;])/\n.Dv $1\n/gs;
s/\s*=([A-Z][A-Z_]+)\b([\.,:;]+)\s*/\n.Dv $1 $2\n/gs;
s/\s*{([A-Z][a-z] .*?)}\s*/\n.$1\n/gs;
$man .= "$_\n";
}
if (defined($man)) {
$man =~ s/(\n\.[A-Z][a-z] [\w ]+)\n([\.,:;-]\S*)\s*/$1 $2\n/gs;
$man =~ s/\s*$/\n/gm;
$man =~ s/\n+/\n/gs;
$man =~ s/\0//gs;
chomp($man);
} else {
$man = "No description available.";
}
$FUNCTIONS{$func} = {
'name' => $func,
'descr' => $descr,
'type' => $type,
'args' => $args,
'man' => $man,
'xref' => \%xref,
'errors' => \@errors,
};
if ($source =~ m/^ \* NODOC\s*$/m) {
$FUNCTIONS{$func}->{'nodoc'} = 1;
$FUNCTIONS{$func}->{'nolist'} = 1;
}
if ($source =~ m/^ \* NOLIST\s*$/m) {
$FUNCTIONS{$func}->{'nolist'} = 1;
}
if ($source !~ m/^ \* XSSO \d/m) {
$FUNCTIONS{$func}->{'openpam'} = 1;
}
}
sub expand_errors($);
sub expand_errors($) {
my $func = shift; # Ref to function hash
my %errors;
if (defined($func->{'recursed'})) {
warn("$func->{'name'}(): loop in error spec\n");
return qw();
}
$func->{'recursed'} = 1;
foreach (@{$func->{'errors'}}) {
if (m/^(PAM_[A-Z_]+)$/) {
if (!defined($PAMERR{$1})) {
warn("$func->{'name'}(): unrecognized error: $1\n");
next;
}
$errors{$1} = 1;
} elsif (m/^!(PAM_[A-Z_]+)$/) {
# treat negations separately
} elsif (m/^=([a-z_]+)$/) {
if (!defined($FUNCTIONS{$1})) {
warn("$func->{'name'}(): reference to unknown $1()\n");
next;
}
foreach (expand_errors($FUNCTIONS{$1})) {
$errors{$_} = 1;
}
} else {
warn("$func->{'name'}(): invalid error specification: $_\n");
}
}
foreach (@{$func->{'errors'}}) {
if (m/^!(PAM_[A-Z_]+)$/) {
delete($errors{$1});
}
}
delete($func->{'recursed'});
return (sort(keys(%errors)));
}
sub gendoc($) {
my $func = shift; # Ref to function hash
local *FILE;
my $mdoc;
my $fn;
return if defined($func->{'nodoc'});
$mdoc = "$COPYRIGHT
.Dd $TODAY
.Dt " . uc($func->{'name'}) . " 3
.Os
.Sh NAME
.Nm $func->{'name'}
.Nd $func->{'descr'}
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
";
if ($func->{'name'} =~ m/_sm_/) {
$mdoc .= ".In security/pam_modules.h\n"
}
$mdoc .= ".Ft $func->{'type'}
.Fn $func->{'name'} $func->{'args'}
.Sh DESCRIPTION
$func->{'man'}
";
if ($func->{'type'} eq "int") {
$mdoc .= ".Sh RETURN VALUES
The
.Nm
function returns one of the following values:
.Bl -tag -width 18n
";
my @errors = expand_errors($func);
warn("$func->{'name'}(): no error specification\n")
unless(@errors);
foreach (@errors) {
$mdoc .= ".It Bq Er $_\n$PAMERR{$_}.\n";
}
$mdoc .= ".El\n";
} else {
if ($func->{'type'} =~ m/\*$/) {
$mdoc .= ".Sh RETURN VALUES
The
.Nm
function returns
.Dv NULL
on failure.
";
}
}
$mdoc .= ".Sh SEE ALSO\n";
my @xref = sort(keys(%{$func->{'xref'}}));
while (@xref) {
$mdoc .= ".Xr " . shift(@xref) . (@xref ? " ,\n" : "\n");
}
$mdoc .= ".Sh STANDARDS\n";
if ($func->{'openpam'}) {
$mdoc .= "The
.Nm
function is an OpenPAM extension.
";
} else {
$mdoc .= ".Rs
.%T \"X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules\"
.%D \"June 1997\"
.Re
";
}
$mdoc .= ".Sh AUTHORS
The
.Nm
function and this manual page were developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
";
$fn = "$func->{'name'}.3";
sysopen(FILE, $fn, O_RDWR|O_CREAT|O_TRUNC)
or die("$fn: open(): $!\n");
print(FILE $mdoc);
close(FILE);
}
sub gensummary() {
my $func;
print "$COPYRIGHT
.Dd $TODAY
.Dt PAM 3
.Os
.Sh NAME
";
my @funcs = sort(keys(%FUNCTIONS));
while ($func = shift(@funcs)) {
next if (defined($FUNCTIONS{$func}->{'nolist'}));
print ".Nm $func". (@funcs ? " ,\n" : "\n");
}
print ".Nd Pluggable Authentication Modules Library
.Sh LIBRARY
.Lb libpam
.Sh SYNOPSIS
.In security/pam_appl.h
";
foreach $func (sort(keys(%FUNCTIONS))) {
next if (defined($FUNCTIONS{$func}->{'nolist'}));
print ".Ft $FUNCTIONS{$func}->{'type'}\n";
print ".Fn $func $FUNCTIONS{$func}->{'args'}\n";
}
print ".Sh DESCRIPTION
.Sh RETURN VALUES
The following return codes are defined in the
.In security/pam_constants.h
header:
.Bl -tag -width 18n
";
foreach (sort(keys(%PAMERR))) {
print ".It Bq Er $_\n$PAMERR{$_}.\n";
}
print ".El
.Sh SEE ALSO
";
foreach $func (sort(keys(%FUNCTIONS))) {
next if (defined($FUNCTIONS{$func}->{'nolist'}));
print ".Xr $func 3 ,\n";
}
print ".Xr pam.conf 5
.Sh STANDARDS
.Rs
.%T \"X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules\"
.%D \"June 1997\"
.Re
.Sh AUTHORS
The OpenPAM library and this manual page were developed for the
FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
Division of Network Associates, Inc. under DARPA/SPAWAR contract
N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
"
}
MAIN:{
$TODAY = strftime("%B %e, %Y", localtime(time()));
$TODAY =~ s,\s+, ,g;
foreach my $fn (@ARGV) {
parse_source($fn);
}
foreach my $func (values(%FUNCTIONS)) {
gendoc($func);
}
gensummary();
}