d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import Linux PAM 0.75

Browse Source
This commit is contained in:
Mark Murray 2001-05-03 09:36:08 +00:00
parent fff5887d38
commit 5791a4d446
248 changed files with 17892 additions and 6438 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

329
contrib/libpam/CHANGELOG
View File

@ -1,24 +1,329 @@
$Id$
$Id: CHANGELOG,v 1.61 2001/04/08 06:17:04 agmorgan Exp $
-----------------------------
0.66: whenever
TODO:
TODO
- need to supply a backward compatability path for syslog & friends
- need to make pam_system_log() thread safe.
- need to make logging fix available to non-Linux PAM libraries
- need to change modules to make use of new logging API.
- sanitize use of md5 throughout distribution.. Make a static
library for helping to develop modules that contains it and other
stuff. Also add sha-1 and ripemd-160 digest algorithms.
- once above is done. remove hacks from the secret@here module etc..
- remove prototype for gethostname in pam_access.c (Derrick)
- document PAM_INCOMPLETE changes
- document pam_system_log() changes
- verify that the PAM_INCOMPLETE interface is sensible. Can we
catch errors? should we permit item changing etc between
catch errors? should we permit item changing etc., between
pam_authenticate re-invocations?
- verify that the PAM_INCOMPLETE interface works
- add PAM_INCOMPLETE support to modules
- verify that
- verify that the PAM_INCOMPLETE interface works (auth seems ok..)
- add PAM_INCOMPLETE support to modules (partially added to pam_pwdb)
- work on RFC.
- do we still need to remove openlog/closelog from modules..?
- auth and acct support in pam_cracklib, "yes, I know the password
you just typed was valid, I just don't think it was very strong..."
- add in the pam_cap and pam_netid modules
====================================================================
Note, as of release 0.73, all checkins should be accompanied with a
Bug ID. The bug IDs relate to sourceforge IDs.. You can query the
related bug description with the following URL:
http://sourceforge.net/tracker/index.php?func=detail&aid=XXXXXX&group_id=6663&atid=106663
Where you should replace XXXXXX with a bug-id.
If you have found a bug in Linux-PAM, please consider filing such a
bug report - outstanding bugs are listed here:
http://sourceforge.net/tracker/?atid=106663&group_id=6663&func=browse
(to file another bug see the 'submit bug' button on this page).
====================================================================
0.76: please submit patches for this section with actual code/doc
patches!
*
0.75: Sat Apr 7 23:10:50 PDT 2001
** WARNING **
This release contains backwardly incompatible changes to
libpam. Prior versions were buggy - see bugfix for Bug 129775.
** WARNING **
* made 0.75 release (Bug 414665 - agmorgan)
* pam_pwdb has been removed from the suggested pam.conf template. I've
replaced it with pam_unix. (Bug 227565 - agmorgan)
* pam_limits - Richard M. Yumul reported that "<domain> -" didn't
work, first fix suggested by Werner Puschitz (Bug 404953 - agmorgan)
* Nicolay Pelov suggested a simple fix for freebsd support (Bug 407282
- agmorgan)
* Michel D'HOOGE submitted documentation fixes (Bug 408961 - agmorgan)
* fix for module linking directions (Bug 133545 - agmorgan)
* fix for glibc-2.2.2 compilation of pam_issue (Bug 133542 - agmorgan)
* fix pam_userdb to make and link both .o files it needs - converse()
wasn't being linked! (Bug 132880 - agmorgan)
* added some sys-admin documentation for the pam_tally module (Bug
126210 - agmorgan).
* added a link to module examples from the module writers doc (Bug
131192 - agmorgan).
* fixed a small security hole (more of a user confusion issue) with
the unix and pwdb password helper binaries. The beef is described in
the bug report, but no uid change was possible so no-one should
think they need to issue a security bulletin over this one! (Bug
112540 - agmorgan)
* pam_lastlog needs to be linked with -lutil, also removed ambiguity
from sysadmin guide regarding this module being a 'session' module
(Bug 131549 - agmorgan).
* pam_cracklib needs to be linked with -lcrypt (old password checking)
(Bug 131601 - agmorgan).
* fixes for static library builds and also the examples when linked
with the debugging build of the libraries. (Bug 131783 - agmorgan)
* fixed URL for original RFC to a cached kernel.org file. (Bug 131503
- agmorgan)
* quoted the $CRACKLIB_DICTPATH test in configure.in (Bug 130130 -
agmorgan).
* improved handling of the setcred/close_session and update chauthtok
stack. *Warning* This is a backwardly incompatable change, but 'more
sane' than before. (Bug 129775 - agmorgan)
* bumped the version number, and added some code to assist in making
documentation releases (Bug 129644 - agmorgan).
0.74: Sun Jan 21 22:36:08 PST 2001
* made 0.74 release (Bug 129642 - agmorgan)
* libpam - cleaned up a few non-static functions to be static and added
support for libpam to enforce things like pam_[gs]et_data() and
AUTHTOK rules for using the API. Also documented pam_[gs]et_item()
a little better including return codes (Bugs 129027, 128576 -
agmorgan).
* pam_access - fixed the non-default config file option (Bug 127561 -
agmorgan)
* pam.8 manual page clarified with respect to the default location for
finding modules, also added some text describing the [...] control
syntax. (Bug 127625 - agmorgan)
* md5.h ia64 fixes for pam_unix and pam_pwdb (Bug 127700 - agmorgan)
* removed requirement for c++ from the configure{.in,} files (Bug
128298 - agmorgan)
* removed subdirectories from man page redirections (124396 - baggins)
* per David Lee, fixed non-POSIX shell command in modules/pam_filter/Makefile
(Bug 126440 - vorlon)
* modify format of pam_unix log messages to include service name
(Bug 126423 - vorlon)
* prevent pam_unix from logging unknown usernames (Bug 126431 - vorlon)
* changed format of pam_unix 'authentication failure' log messages to make
them clearer and more consistent (Bug 126036 - vorlon)
* improved portability of pam_unix by eliminating Linux-specific utmp
defines in PAM_getlogin() (Bug 125704 - vorlon)
* removed static variables from pam_tally (Bug 117434 - agmorgan)
* added copyright message to pam_access module from original logdaemon
sources (Bug 125022 - agmorgan)
* configure.in - removed the GCC -Wtraditional flag (Bug 124923 - agmorgan)
* pam_mail - use PAM_PATH_MAILDIR as the location of mail spool
(Bug 124397 - baggins)
* _pam_aconf.h.in, configure.in - added PAM_PATH_MAILDIR set via
--with-mailspool=dir option (default is _PAM_MAILDIR if defined
in paths.h otherwise /var/spool/mail (Bug 124397 - baggins)
* removed unnecessary CVS Log tags from all over the source
(Bug 124391 - baggins)
* pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing
to faillog (Bug 124394 - baggins)
* use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins)
* pam_cracklib - removed comments about pam_unix not working with
pam_cracklib, added information about use_authtok parameter
(Bug 124388 - baggins)
* pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel)
(Bug 124386 - baggins)
* fixed example/Makefile include path (Bug 124187, 127563(?) - agmorgan)
* pam_userdb compiles on RH5x. Also removed circular dependency on
configure.in. Also bumped revision number to 0.74. (Bug 124136 -
agmorgan)
0.73: Sat Dec 2 00:04:04 PST 2000
* updated documentaion revisions and added 'make release' support
to the top level Makefile (Bug 124132 - agmorgan).
* documented Qmail support in pam_mail (Bug 109219 - baggins)
* add change_uid option to pam_limits, and set real uid only if
this option is present (Bug 124062 - baggins)
* pam_limits - set real uid to the user for who we set limits.
(Bug 123972 - baggins)
* removed static variables from pam_limits (thread safe now). (Bug
117450 - agmorgan).
* removed static variable from pam_wheel (module should be thread safe
now). (Bug 112906 - agmorgan)
* added support for '/' symbols in pam_time and pam_group config files
(support for modern terminal devices). Fixed infinite loop problem
with '\\[^\n]' in these files. (Bug 116076 - agmorgan)
* avoid potential SIGPIPE when writing to helper binaries with (Bug
123399 - agmorgan)
* replaced bogus logic in the pam_cracklib module for determining if
the replacement is too similar to the old password (Bug 115055 -
agmorgan)
* added accessconf=<filename> feature to pam_access - request from
Aldrin Martoq and Meelis Roos (Bugs 111927,117240 - agmorgan)
* fix for pam_limit module not dealing with all limits Adam J. Richter
(Bug 119554 - agmorgan)
* comment fix describing fail_delay callback in _pam_types.h (Bug
112646 - agmorgan)
* "likeauth" fix for pam_unix and pam_pwdb which (Bug 113596 - agmorgan)
* fix for pam_unix (support.c) to avoid segfault with NULL password
(Bug 113238 - vorlon)
* fix to pam_unix_passwd: try repeatedly to get a lock on the password
file, instead of failing immediately (Bug 108845 - fix vorlon)
* fix to pam_shells: logged information was not formatted correctly
(extra comma) (Bug 111491 - fix vorlon)
* fix for C++ application support (Bug 111645 - fix agmorgan)
* fix for typo in pam_client.h (Bug 111648 - fix agmorgan)
* removal of -lpam from pam_mkhomedir Makefile (Bug 116380 - fix agmorgan)
* autoconf support [Task ID 15788, Bug ID 108297 - agmorgan with help!]
- bugfix for libpamc.h include file [Bug ID 117476 - agmorgan]
- bugfix for pam_filter.h inclusion [Bug ID 117474 - agmorgan]
0.72: Mon Dec 13 22:41:11 PST 1999
* patches from Debian (Ben Collins): pam_ftp supports event driven
conversations now; pwdb_chkpwd cleanup; pam_warn static compile fix;
user_db compiler warnings removed; debian defs file; pam_mail can
now be used as a session module
* ndbm compilation option for user_db module (fix explained by Richard Khoo)
* pam_cracklib bug fix
* packaging fixes & build from scratch stuff (Konst Bulatnikov & Frodo
Looijaard)
* -ldl appended to the libpam.so compilation make rule. (Charles Seeger)
* Red Hat security patch for pam_pwdb forwarded by Debian! (Ben
Collins. Fix provided by Andrey as it caught the problem earlier in the
code.)
* heuristic to prevent leaking filedescriptors to an agent. [This needs
to be better supported perhaps by an additional libpamc API function?]
* pam_userdb segfault fix from (Ben Collins)
* PAM draft spec extras added at request of 'sen_ml'
0.71: Sun Nov 7 20:21:19 PST 1999
* added -lc to linker pass for pam_nologin module (glibc is weird).
* various header changes to lower the number of warnings on glibc
systems (Dan Yefimov)
* merged a bunch of Debian fixes/patches/documentation (Ben Collins)
things touched: libpam (minor); doc/modules/pam_unix.sgml; pam_env
(plus docs); pam_mkhomedir (new module for new home directories on
the fly...); pam_motd (new module); pam_limits (adjust to match
docs); pam_issue (new module + doc) [Some of these were also
submitted by Thorsten Kukuk]
* small hack to lower the number of warnings that pam_client.h was
generating.
* debian and SuSE apparently can use the pam_ftp module, so
removed the obsolete comment about this from the docs. (Thorsten
Kukuk)
0.70: Fri Oct 8 22:05:30 PDT 1999
* bug fix for parsing of value=action tokens in libpam/pam_misc.c was
segfaulting (Jan Rekorajski and independently Matthew Melvin)
* numerous fixes from Thorsten Kukuk (icluding much needed fixes for
bitrot in modules and some documentation) that got included in SuSE 6.2.
* reentrancy issues in pam_unix and pam_cracklib resolved (Jan Rekorajski)
* added hosts_equiv_rootok module option to pam_rhosts module (Tim Berger)
* added comment about 'expose_account' module argument to admin and
module writers' docs (request from Michael K Johnson).
* myriad of bug fixes for libpamc - library now built by default and
works with the biomouse fingerprint scanner agent/module
(distributed separately).
0.69: Sun Aug 1 20:25:37 PDT 1999
* c++ header #ifdef'ing for pam_appl.h (Tuomo Pyhala)
* added pam_userdb module (Cristian Gafton)
* minor documentation changes
* added in revised pam_client library (libpamc). Not installed by
default yet, since the example agent/module combo is not very secure.
* glibc fixes (Thorsten Kukuk, Adam J. Richter)
0.68: Sun Jul 4 23:04:13 PDT 1999
* completely new pam_unix module from Jan Rekorajski and Stephen Langasek
* Jan Rekorajski pam_mail - support for Maildir format mailboxes
* Jan Rekorajski pam_cracklib - support for old password comparison
* Jan Rekorajski bug fix for pam_pwdb setcred reusing auth retval
* Andrey's pam_tally patch (lstat -> fstat)
* Robert Milkowski's additional pam_tally patches to **change format of
/var/log/faillog** to one from shadow-utils, add new option "per_user"
for pam_tally module, failure time logging, support for fail_line
field, and support for fail_locktime field with new option
no_lock_time.
* pam_tally: clean up the tally application too.
* Marcin Korzonek added process priority settings to pam_limits (bonus
points for adding to documentation!)
* Andrey's pam_pwdb patch (cleanup + md5 endian fubar fix)
* more binary prompt preparations (make misc conv more compatible with spec)
* modified callback hook for fail delay to be more useful with event
driven applications (changed function prototype - suspect no one
will notice). Documented this in app developer guide.
* documentation for pam_access from Tim Berger
* syntax fixes for the documentation - a long time since I've built it :*(
added some more names to the CREDITS file.
0.67: Sat Jun 19 14:01:24 PDT 1999
* [dropped libpam_client - libpamc will be in the next release and
conforms to the developing spec in doc/specs/draft-morgan-pam.raw.
Sorry if you are keeping a PAM tree in CVS. CVS is a pain for
directories, but this directory was actually not referenced by
anything so the disruption should be light.]
* updates to pam_tally from Tim
* multiple updates from Stephen Langasek to pam_unix
* pam_filter had some trouble compiling (bug report from Sridhar)
* pam_wheel now attempts to identify the wheel group for the local
system instead of blindly assuming it is gid=0. In the case that
there is no "wheel" group, we default to assuming gid=0 is what was
meant - former behavior. (courtesy of Sridhar)
* NIS+ changes to pam_unix module from Dmitry O Panov
* hopefully, a fix for redefinition of LOG_AUTHPRIV (bug report Luke
Kenneth Casson Leighton)
* fix for minor typo in pam_wheel documentation (Jacek Kopecky)
* slightly more explanation of the [x=y] pam.conf syntax in the sys
admin guide.
0.66: Mon Dec 28 20:22:23 PST 1998 <morgan@linux.kernel.org>
* Started using cvs to keep track of changes to Linux-PAM. This will
likely break some of the automated building stuff (RPMs etc..).
* security bug fix to pam_unix and pam_tally from Andrey.
* modules make file is now more automatic. It should be possible to
unpack an external module in the modules directory and have it automatically
added to the build process. Also added a modules/download-all script
that will make such downloading easier. I'm happy to receive patches to
this file, informing the distribution of places from which to enrich itself.
* removed pam_system_log stuff. Thought about it long and hard: a
bad idea. If libc cannot guarantee a thread safe syslog, it needs
to be fixed and compatibility with other PAM libraries was
unnecessarily strained.
* SAG documentation changes: Seth Chaiklin
* rhosts: problems with NIS lookup failures with the root-uid check.
As a work-around, I've partially eliminated the need for the lookup
by supplying two new arguments: no_uid_check, superuser=<username>.
As a general rule this is more pluggable, since this module might be
used as an authentication scheme for a network service that does not
need root privilege...
* authenticate retval -> setcred for pam_pwdb (likeauth arg).
* pam_pwdb event driven support
* non openlog pam_listfile logging
* BUGFIX: close filedescriptor in pam_group and pam_time (Emmanuel Galanos)
* Chris Adams' mailhash change for pam_mail module
* fixed malloc failure check in pam_handlers.c (follow up to comment
by Brad M. Garcia).
* update to _pam_compat.h (Brad M. Garcia)
* support static modules in libpam again (Brad M. Garcia)
* libpam/pam_misc.c for egcs to grok the code (Brad M. Garcia)
* added a solaris-2.5.1 defs file (revived by Derrick J Brashear)
* pam_listfile logs failed attempts
* added a comment (Michael K Johnson pointed it out) about sgml2latex
having a new syntax. I'll make it the change real when I upgrade...
* a little more text to the RFC, spelling fix from William J Buffam.
* minor changes to pam_securetty to accommodate event driven support.
0.65: Sun Apr 5 22:29:09 PDT 1998 <morgan@linux.kernel.org>

94
contrib/libpam/Make.Rules.in Normal file
View File

@ -0,0 +1,94 @@
##
## $Id: Make.Rules.in,v 1.6 2001/02/10 22:33:09 agmorgan Exp $
##
## @configure_input@
##
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
absolute_srcdir = @LOCALSRCDIR@
# major and minor numbers of this release
MAJOR_REL=@LIBPAM_VERSION_MAJOR@
MINOR_REL=@LIBPAM_VERSION_MINOR@
# The following is the generic set of compiler options for compiling
# Linux-PAM. True, they are a little anal. Pay attention to the comments
# they generate.
HEADER_DIRS=-I./include -I$(absolute_srcdir)/libpam/include \
-I$(absolute_srcdir) -I$(absolute_srcdir)/libpamc/include
WARNINGS=@WARNINGS@
OS_CFLAGS=@OS_CFLAGS@
PIC=@PIC@
# Mode to install shared libraries with
SHLIBMODE=@SHLIBMODE@
NEED_LINK_LIB_C=@PAM_NEEDS_LIBC@
HAVE_LCKPWDF=@HAVE_LCKPWDF@
HAVE_LIBCRACK=@HAVE_LIBCRACK@
HAVE_LIBCRYPT=@HAVE_LIBCRYPT@
HAVE_LIBUTIL=@HAVE_LIBUTIL@
HAVE_NDBM_H=@HAVE_NDBM_H@
HAVE_LIBNDBM=@HAVE_LIBNDBM@
HAVE_LIBDB=@HAVE_LIBDB@
HAVE_LIBFL=@HAVE_LIBFL@
HAVE_LIBNSL=@HAVE_LIBNSL@
HAVE_LIBPWDB=@HAVE_LIBPWDB@
# documentation support
HAVE_SGML2TXT=@HAVE_SGML2TXT@
HAVE_SGML2HTML=@HAVE_SGML2HTML@
PSER=@PSER@
# configuration settings
WITH_DEBUG=@WITH_DEBUG@
WITH_LIBDEBUG=@WITH_LIBDEBUG@
WITH_PAMLOCKING=@WITH_PAMLOCKING@
WITH_LCKPWDF=@WITH_LCKPWDF@
STATIC_LIBPAM=@STATIC_LIBPAM@
DYNAMIC_LIBPAM=@DYNAMIC_LIBPAM@
STATIC=@STATIC@
DYNAMIC=@DYNAMIC@
# Location of libraries when installed on the system
FAKEROOT=@FAKEROOT@
SECUREDIR=@SECUREDIR@
SCONFIGD=@SCONFIGDIR@
SUPLEMENTED=@SUPLEMENTED@
INCLUDED=@INCLUDEDIR@/security
CRACKLIB_DICTPATH=@CRACKLIB_DICTPATH@
# generic build setup
OS=@OS@
CC=@CC@
CFLAGS=$(WARNINGS) -D$(OS) $(OS_CFLAGS) $(HEADER_DIRS) @CONF_CFLAGS@
LD=@LD@
LD_D=@LD_D@
LD_L=@LD_L@
DYNTYPE=@DYNTYPE@
LIBDL=@LIBDL@
MKDIR=@MKDIR@
INSTALL=@INSTALL@
RANLIB=@RANLIB@
STRIP=@STRIP@
CC_STATIC=@CC_STATIC@
LINKLIBS = $(NEED_LINK_LIB_C) $(LIBDL)

324
contrib/libpam/Makefile
View File

@ -1,282 +1,78 @@
##
## $Id: Makefile,v 1.31 1997/04/05 07:04:25 morgan Exp morgan $
##
## $Log: Makefile,v $
##
## $Id: Makefile,v 1.5 2001/01/20 22:29:47 agmorgan Exp $
##
# major and minor numbers of this release
MAJOR_REL=0
MINOR_REL=65
DEBUG_REL=no
#DEBUG_REL=yes
## Note, ideally I would prefer it if this top level makefile did
## not get created by autoconf. As I find typing 'make' and relying
## on it to take care of all dependencies much more friendly than
## the multi-stage autoconf+make and also worry about updates to
## configure.in not getting propagated down the tree. (AGM) [I realise
## that this may not prove possible, but at least I tried.. Sigh.]
# this should be the name of this directory
RELNAME = Linux-PAM-$(MAJOR_REL).$(MINOR_REL)
DISTNAME=Linux-PAM
# this is the name of the archive file
DISTFILE = $(RELNAME).tar.gz
# define this to indicate to subdirectories that they are part of the
# full source tree.
FULL_LINUX_PAM_SOURCE_TREE=yes
export FULL_LINUX_PAM_SOURCE_TREE
DYNLOAD="dl"
DYNTYPE="so"
# Comment out either line to disable that type of linking for *modules only*
# Both at once is a legal configuration!
DYNAMIC=-DPAM_DYNAMIC
#STATIC=-DPAM_STATIC
# Comment out these lines to disable building dynamic/static libpam.*
DYNAMIC_LIBPAM=yes
#STATIC_LIBPAM=yes
# All combinations of the above four variable definitions are legal,
# however, not defining either dynamic or static modules and yet
# creating a some flavor of LIBPAM will make an authentication library
# that always fails!
# Here we indicate which libraries are present on the local system
# they control the building of some modules in this distribution
# Note, these definitions are all "export"ed below...
HAVE_PWDBLIB=no
HAVE_CRACKLIB=no
HAVE_AFSLIBS=no
HAVE_KRBLIBS=no
# NB. The following is the generic defines for compilation.
# They can be overridden in the default.defs file below
#
WARNINGS = -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \
-Wpointer-arith -Wcast-qual -Wcast-align \
-Wtraditional -Wstrict-prototypes -Wmissing-prototypes \
-Wnested-externs -Winline -Wshadow -pedantic
PIC=-fPIC
# Mode to install shared libraries with
SHLIBMODE=644
#
# Conditional defines..
#
ifdef DYNAMIC
# need the dynamic library functions
LIBDL=-l$(DYNLOAD)
ifdef STATIC_LIBPAM
# needed because pam_xxx() fn's are now in statically linked library
RDYNAMIC = -rdynamic
endif
ifeq ($(shell test \! -f Make.Rules || echo yes),yes)
include Make.Rules
endif
# Here we include the defines for the preferred operating system
# these include things like CC, CFLAGS and destination directories
# etc.. By default, this is a symbolic link to one of the .defs files
# the .../defs/ directory. Please take a moment to check that you are
# using the correct one.
THINGSTOMAKE = modules libpam libpamc libpam_misc doc examples
include default.defs
all: $(THINGSTOMAKE)
# to turn on the fprintf(stderr, ..) debugging lines throughout the
# distribution uncomment this line
#EXTRAS += -DDEBUG
# For serious memory allocation tracing uncomment the following
#MEMORY_DEBUG=-DMEMORY_DEBUG
#######################################################################
# The pam_unix module in this file will not work on NIS based systems.#
#######################################################################
# ////////////////////////////////////////////////////
# // You should not modify anything below this line //
# ////////////////////////////////////////////////////
# the sub-directories to make things in
DIRS = modules libpam conf libpam_misc examples
#
# basic defines
#
INCLUDEDIR=-I$(shell pwd)/include
PAMLIB=-L$(shell pwd)/libpam
PAMMISCLIB=-L$(shell pwd)/libpam_misc
ifeq ($(DEBUG_REL),yes)
PAMLIB += -lpamd
PAMMISCLIB += -lpamd_misc
else
PAMLIB += -lpam
PAMMISCLIB += -lpam_misc
endif
# This is Linux-PAM and not a version from Sun etc..
# [Note, this does not describe the operating system you are using
# only that you are compiling the "Linux" (read FREE) implementation
# of Pluggable Authentication Modules.
EXTRAS += -DLINUX_PAM
#
# build composite defines
#
LOADLIBES = $(PAMLIB) $(RDYNAMIC) $(PAMMISCLIB) $(LIBDL) $(ULIBS)
CFLAGS += $(EXTRAS) $(MEMORY_DEBUG) $(WARNINGS) $(INCLUDEDIR) $(PIC)
ifneq ($(strip $(OS)),)
CFLAGS += -D$(OS)
endif
ifneq ($(strip $(ARCH)),)
CFLAGS += -D$(ARCH)
endif
#
# export the libraries-available info; the modules should know how
# to deal with this...
#
export HAVE_PWDBLIB
export HAVE_CRACKLIB
export HAVE_AFSLIBS
export HAVE_KRBLIBS
#
# generic exports
#
export MAJOR_REL # the major release of this distribution
export MINOR_REL # the minor release of this distribution
export DEBUG_REL # for installing a debugging version of PAM
export OS # operating system
export ARCH # architecture
export CC # the C compiler
export INSTALL # to do instalations with
export MKDIR # to ensure directories exist
export CFLAGS # CC flags used to compile everything
export LD_D # build a shared object file (module)
export LD_L # build a shared library (e.g. libpam)
export USESONAME # does shlib link command require soname option
export SOSWITCH # shlib lib soname switch name
export NEEDSONAME # does shared library link need versioned lib
export LD # build a generic library
export LDCONFIG # rebuild the shared libraries
export AR # build a static library
export RANLIB # reorder a static library
export LOADLIBES # libraries needed for application linking
export PAMLIB # where to find the local libpam.xx file
export DYNTYPE # which suffix is used for libraries
export SHLIBMODE # file mode for shared objects
#
# where to install things
#
export FAKEROOT # for package maintainers
#
export PREFIX # basic prefix for all other directories
export SUPLEMENTED # where to store module helper binaries
export LIBDIR # where libpam and libpam_misc go
export SECUREDIR # where the modules will be placed
export INCLUDED # where to store pam---.h files
export CONFIGED # where pam.conf and pam.d/ go
export SCONFIGED # where modules' config files go
#
# Conditional exporting ( ... these go on for a while... )
#
ifdef DYNAMIC
export DYNAMIC
endif
ifdef STATIC
export STATIC
endif
ifdef DYNAMIC_LIBPAM
export DYNAMIC_LIBPAM
endif
ifdef STATIC_LIBPAM
export STATIC_LIBPAM
endif
ifdef MEMORY_DEBUG
export MEMORY_DEBUG
endif
##
## the rules
##
all: .freezemake
@for i in $(DIRS) ; do \
$(MAKE) -C $$i all ; \
if [ $$? -ne 0 ]; then break ; fi ; \
done
.freezemake:
# Do nothing
.old_freezemake: Makefile
@touch .freezemake
@echo "*WARNING*: If you are running a system that is dependent"
@echo " on PAM to work. DO NOT make sterile NOR make remove."
@echo " These options will delete the PAM files on your system"
@echo " and make it unusable!"
@echo ""
@echo "If you are in any doubt, just do 'make all' (or just"
@echo "'make'). It is likely that this is the SAFEST thing to do...."
@exit 1
install:
@for i in $(DIRS) ; do \
$(MAKE) -C $$i install ; \
if [ $$? -ne 0 ]; then break ; fi ; \
done
install ./doc/man/*.3 $(PREFIX)/man/man3/
install ./doc/man/*.8 $(PREFIX)/man/man8/
sterile: .freezemake
@$(MAKE) remove
@$(MAKE) extraclean
remove: .freezemake
@for i in $(DIRS) ; do \
$(MAKE) -C $$i remove ; \
done
prep:
rm -f security
ln -sf . security
clean:
@rm -f *~ core
@for i in $(DIRS) ; do \
$(MAKE) -C $$i clean ; \
done
if [ ! -f Make.Rules ]; then touch Make.Rules ; fi
for i in $(THINGSTOMAKE) ; do $(MAKE) -C $$i clean ; done
rm -f security *~ *.orig *.rej Make.Rules #*#
extraclean:
@for i in $(DIRS) doc; do \
$(MAKE) -C $$i extraclean ; \
done
distclean: clean
rm -f Make.Rules _pam_aconf.h
rm -f config.status config.cache config.log core
check:
@$(MAKE) -C conf check
maintainer-clean: distclean
@echo files should be ok for packaging now.
RCScheck:
@$(MAKE) -C conf RCScheck
# NB _pam_aconf.h.in changes will remake this too
Make.Rules: configure Make.Rules.in _pam_aconf.h.in
@echo XXX - not sure how to preserve past configure options..
@echo XXX - so not attempting to. Feel free to run ./configure
@echo XXX - by hand, with the options you want.
./configure
# this can be used to see what hasn't been check'd into RCS
_pam_aconf.h: Make.Rules
open:
@find . \( -type f -a -perm 644 \) -print
configure: configure.in
@echo
@echo You do not appear to have an up-to-date ./configure file.
@echo Please run autoconf, and then ./configure [..options..]
@echo
@rm -f configure
@exit 1
$(THINGSTOMAKE): _pam_aconf.h prep
$(MAKE) -C $@ all
install: _pam_aconf.h prep
$(MKDIR) $(FAKEROOT)$(INCLUDED)
$(INSTALL) -m 444 security/_pam_aconf.h $(FAKEROOT)$(INCLUDED)
for x in $(THINGSTOMAKE) ; do make -C $$x install ; done
remove:
rm -f $(FAKEROOT)$(INCLUDED)/_pam_aconf.h
for x in $(THINGSTOMAKE) ; do make -C $$x remove ; done
release:
@egrep '^DEBUG\_REL\=yes' Makefile|grep -v grep > /dev/null ;\
if [ $$? -eq 0 ]; then \
echo "You should first set DEBUG_REL to no" ; exit 1 ; fi
$(MAKE) extraclean
rm -f .freezemake
touch .filelist .RCSlist
chmod 600 .filelist .RCSlist
cd .. ; find $(RELNAME) \! -type d -print | fgrep -v RCS | fgrep -v 'conf/.md5sum' > $(RELNAME)/.filelist
cd .. ; find $(RELNAME) -type f -print | fgrep RCS | fgrep -v 'conf/.RCSsum' > $(RELNAME)/.RCSlist
chmod 400 .filelist .RCSlist
$(MAKE) check
$(MAKE) RCScheck
(cat .filelist ; echo $(RELNAME)/conf/.md5sum) | (cd .. ; tar -cz -f$(DISTFILE) -T-)
(cat .RCSlist ; echo $(RELNAME)/conf/.RCSsum) | (cd .. ; tar -cz -fRCS+$(DISTFILE) -T-)
@if [ ! -f Make.Rules ]; then echo make Make.Rules first ; exit 1; fi
@if [ ! -L ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) ]; then \
echo generating ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) link ; \
ln -sf $(DISTNAME) ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) ; \
echo to ../$(DISTNAME) . ; fi
@diff ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/Make.Rules Make.Rules
make distclean
cd .. ; tar zvfc $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL).tar.gz \
--exclude CVS --exclude .cvsignore --exclude '.#*' \
$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/*

167
contrib/libpam/README
View File

@ -1,167 +1,28 @@
#
# $Id: README,v 1.14 1997/04/05 07:04:46 morgan Exp $
# $Id: README,v 1.3 2000/11/20 00:01:49 agmorgan Exp $
#
Hello!
Thanks for downloading Linux-PAM-0.65.
--------------------------------------------------------------------
Before you begin:
* This distribution requires GNU's Make
* It requires GNU's C-compiler: gcc (and 'ld')
* it also requires the GNU shell: bash
* some of the modules require the presence of libpwdb see redhat
* two modules have some need for libcrack too..
--------------------------------------------------------------------
[
Zeroth (optional) thing to do: check the detatched "pgp" signature for
this distribution file, it should be signed by
Type Bits/KeyID Date User ID
pub 1024/2A398175 1996/11/17 Andrew G. Morgan <morgan@linux.kernel.org>
]
First thing to do (I assume you have successfully unpacked it!) is to
run:
make check [ requires md5sum to be present ]
This will also check that the distribution has arrived intact. [
Later, If you change some things, running this command from this
directory will show you what files you have altered. ]
If you choose to get and install the RCS files that accompany this
release, you may also run
make RCScheck
from this directory.
Next, you should check the symbolic link
.../Linux-PAM-X.YY/default.defs
points to the file that best describes your system. The various *.defs
files that are included in this distribution are to be found in the
directory:
.../Linux-PAM-X.YY/defs/
This should configure the distribution to compile on your system. The
default is the version I use for maintaining the distribution. [If you
don't find one that suits your needs, please try to create one, email
it to me and I will include it in a future release.]
If you are running an ELF based Linux system you should be able to
compile the distribution straight from the box. If you are running an
a.out based system, then some of the functionality of Linux-PAM will
be unavailable to you. Instead, you must switch the DYNAMIC variables
*off* in your "defs" file: comment out the DYNAMIC and DYNAMIC_LIBPAM
defines and uncomment the STATIC and STATIC_LIBPAM defines. NOTE, for
ELF based systems, almost any combination of these four definitions is
legal... If you have ELF, I recommend the default however.
Second, try to compile it. Use the following command in *this*
directory:
make
[ or 'make all' if you prefer ]. The first time you type make, it is
likely to complain. This is to remind you to remove any libraries from
previous versions of the distribution that are likely to confuse this
make... Type 'make' again.
Before you do the third thing. You should think about whether you want
the default configuration scripts to be installed or not. If you have
a working PAM based system you probably do *not* want this.. Whatever,
before Linux-PAM installs the default scripts you will be prompted as
to whether it is a good idea. Be sure to say NO if you are worried!
** You have been warned. **
Third, to install the stuff you need to be root. Do the following:
su -c "make install"
If everything has worked as intended there should now be
some executables in ./bin/
some filters for pam_filter in /usr/sbin/pam_filter/
some configuration files:
/etc/pam.conf
/etc/security/*.conf
libpam_misc.a (static library) in /usr/lib/
In addition:
if dynamically linked:
libpam.so.XXX (shared library) in /usr/lib/
libpam_misc.so.XXX (shared library) in /usr/lib/
pam_*.so (modules) in /usr/lib/security/
if statically linked:
libpam.a (static library) in /usr/lib/
[These are the default directories that I use. Your own system may
differ as specified in your XXX.defs file.]
Thanks for downloading Linux-PAM.
NOTES:
* The documentation, what there is of it, is in ./doc. I am only
including the sgml format source-files. But try to make .ps files
available from the above http address. To locally use these sgml files
you should have linuxdoc-sgml installed. Sorry, but I'm conserving net
bandwidth by only including sources!
How to use it is as follows:
* The source for each module is to be found in ./modules/XXX. If you
want to add a new one, make a directory like XXX for it. Add the name
(XXX) to MODDIRS in ./modules/Makefile and hopefully it will become
part of the overall make. Note, the Makefile in ./modules/ is now
smart enough to check if the directory is there before it changes into
it; If you want to start working on a module, send me its name and I
will add it to the "official" Makefile.. This way, you should be able
to insert your developing module into any new release, and not have to
worry at first about letting it out to the public. This may also give
other people some idea about whether a module is currently being
worked on or not.
./configure --help | less
./configure <your-options>
make
* Currently, you have to 'make' binaries from this directory. 'make
clean', however, works in any directory that has a Makefile.
Note, if you are worried - don't even think about doing the next line
(most Linux distributions already support PAM out of the box, so if
something goes wrong with installing the code from this version your
box may stop working..)
* Also, you can 'make remove' (as root) from *this* directory and it
will delete the various installed files dotted around the system. THIS
IS A VERY BAD IDEA IF YOUR SYSTEM DEPENDS ON PAM TO WORK!!!
make install
* 'make sterile' does 'make remove' and then 'make extraclean', this
might be required if you are alternating your choice of
STATIC(_LIBPAM) and DYNAMIC(_LIBPAM) compilation. SEE COMMENT IN
UPPERCASE IN PARAGRAPH ABOVE!!!!
Best wishes
That said, please report problems to me.
Andrew Morgan
Email bugs/comments to: the Linux-PAM list <pam-list@redhat.com>
or me <morgan@linux.kernel.org>
To see about joining the mailing list, send the following email:
--------------------------------
To: pam-list-request@redhat.com
Subject: help
<empty text>
--------------------------------
Additionally, some Linux-PAM files have been known to be found at one
or more of the following places (they are not always the most up to
date...):
http://www.redhat.com/linux-info/pam/
ftp://bach.cis.temple.edu/pub/People/Alex/private/PAM
ftp://ftp.redhat.com/pub/misc/
ftp://linux.nrao.edu/pub/linux/ALPHA/PAM/
ftp://tsx-11.mit.edu/pub/linux/ALPHA/PAM/
<morgan@kernel.org>
<agmorgan@users.sourceforge.net>

64
contrib/libpam/_pam_aconf.h.in Normal file
View File

@ -0,0 +1,64 @@
/*
* $Id: _pam_aconf.h.in,v 1.4 2000/12/04 20:56:10 baggins Exp $
*
*
*/
#ifndef PAM_ACONF_H
#define PAM_ACONF_H
/* lots of stuff gets written to /tmp/pam-debug.log */
#undef DEBUG
/* build libraries with different names (suffixed with 'd') */
#undef WITH_LIBDEBUG
/* provide a global locking facility within libpam */
#undef PAM_LOCKING
/* GNU systems as a class, all have the feature.h file */
#undef HAVE_FEATURES_H
#ifdef HAVE_FEATURES_H
# define _SVID_SOURCE
# define _BSD_SOURCE
# define __USE_BSD
# define __USE_SVID
# define __USE_MISC
# define _GNU_SOURCE
# include <features.h>
#endif /* HAVE_FEATURES_H */
/* we have libcrack available */
#undef HAVE_LIBCRACK
/* we have libcrypt - its not part of libc (do we need both definitions?) */
#undef HAVE_LIBCRYPT
#undef HAVE_CRYPT_H
/* we have libndbm and/or libdb */
#undef HAVE_DB_H
#undef HAVE_NDBM_H
/* have libfl (Flex) */
#undef HAVE_LIBFL
/* have libnsl - instead of libc support */
#undef HAVE_LIBNSL
/* have libpwdb - don't expect this to be important for much longer */
#undef HAVE_LIBPWDB
/* ugly hack to partially support old pam_strerror syntax */
#undef UGLY_HACK_FOR_PRIOR_BEHAVIOR_SUPPORT
/* read both confs - read /etc/pam.d and /etc/pam.conf in serial */
#undef PAM_READ_BOTH_CONFS
#undef HAVE_PATHS_H
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
/* location of the mail spool directory */
#undef PAM_PATH_MAILDIR
#endif /* PAM_ACONF_H */

11
contrib/libpam/bin/README
View File

@ -1,14 +1,5 @@
##
# $Id: README,v 1.6 1997/02/15 19:21:08 morgan Exp $
##
# $Log: README,v $
# Revision 1.6 1997/02/15 19:21:08 morgan
# fixed email
#
# Revision 1.5 1996/08/09 05:29:43 morgan
# trimmed in line with the removal of applications from the distribution
#
#
# $Id: README,v 1.2 2000/12/04 19:02:33 baggins Exp $
##
(now we are getting networked apps, be careful to try and test on a

28
contrib/libpam/conf/Makefile
View File

@ -1,28 +1,5 @@
#
# $Id: Makefile,v 1.8 1997/04/05 06:59:33 morgan Exp $
#
# $Log: Makefile,v $
# Revision 1.8 1997/04/05 06:59:33 morgan
# fakeroot and $(MAKE)
#
# Revision 1.7 1997/02/15 15:53:51 morgan
# added lines to make pam_conv1
#
# Revision 1.6 1996/11/10 19:48:09 morgan
# fix for systems that have not installed bash in /bin/
#
# Revision 1.5 1996/03/16 22:21:26 morgan
# added 'make remove' option
#
# Revision 1.4 1996/03/10 21:01:47 morgan
# added .ignore_age flag file
#
# Revision 1.3 1996/03/10 17:41:28 morgan
# make RCScheck check for the presence of the executable before running
# it!
#
# Revision 1.2 1996/03/10 17:16:42 morgan
# added md5RCS/ RCScheck entry
# $Id: Makefile,v 1.1.1.1 2000/06/20 22:10:44 agmorgan Exp $
#
#
@ -47,9 +24,6 @@ remove:
check:
bash -f ./md5itall
RCScheck:
if [ -x ./md5RCS ]; then bash -f ./md5RCS ; fi
lclean:
rm -f core *~ .ignore_age

4
contrib/libpam/conf/md5itall
View File

@ -1,8 +1,6 @@
#!/bin/bash
#
# $Id$
#
# $Log$
# $Id: md5itall,v 1.2 2000/12/04 19:02:33 baggins Exp $
#
# Created by Andrew G. Morgan (morgan@parc.power.net)
#

74
contrib/libpam/conf/pam.conf
View File

@ -1,9 +1,9 @@
# ---------------------------------------------------------------------------#
# /etc/pam.conf #
# #
# Last modified by Andrew G. Morgan <morgan@parc.power.net> #
# Last modified by Andrew G. Morgan <morgan@kernel.org> #
# ---------------------------------------------------------------------------#
# $Id: pam.conf,v 1.18 1997/02/15 20:20:20 morgan Exp morgan $
# $Id: pam.conf,v 1.2 2001/04/08 06:02:33 agmorgan Exp $
# ---------------------------------------------------------------------------#
# serv. module ctrl module [path] ...[args..] #
# name type flag #
@ -11,46 +11,46 @@
#
# The PAM configuration file for the `chfn' service
#
chfn auth required pam_pwdb.so
chfn account required pam_pwdb.so
chfn auth required pam_unix.so
chfn account required pam_unix.so
chfn password required pam_cracklib.so retry=3
chfn password required pam_pwdb.so shadow md5 use_authtok
chfn password required pam_unix.so shadow md5 use_authtok
#
# The PAM configuration file for the `chsh' service
#
chsh auth required pam_pwdb.so
chsh account required pam_pwdb.so
chsh auth required pam_unix.so
chsh account required pam_unix.so
chsh password required pam_cracklib.so retry=3
chsh password required pam_pwdb.so shadow md5 use_authtok
chsh password required pam_unix.so shadow md5 use_authtok
#
# The PAM configuration file for the `ftp' service
#
ftp auth requisite pam_listfile.so \
item=user sense=deny file=/etc/ftpusers onerr=succeed
ftp auth requisite pam_shells.so
ftp auth required pam_pwdb.so
ftp account required pam_pwdb.so
ftp auth required pam_unix.so
ftp account required pam_unix.so
#
# The PAM configuration file for the `imap' service
#
imap auth required pam_pwdb.so
imap account required pam_pwdb.so
imap auth required pam_unix.so
imap account required pam_unix.so
#
# The PAM configuration file for the `login' service
#
login auth requisite pam_securetty.so
login auth required pam_pwdb.so
login auth required pam_unix.so
login auth optional pam_group.so
login account requisite pam_time.so
login account required pam_pwdb.so
login account required pam_unix.so
login password required pam_cracklib.so retry=3
login password required pam_pwdb.so shadow md5 use_authtok
login session required pam_pwdb.so
login password required pam_unix.so shadow md5 use_authtok
login session required pam_unix.so
#
# The PAM configuration file for the `netatalk' service
#
netatalk auth required pam_pwdb.so
netatalk account required pam_pwdb.so
netatalk auth required pam_unix.so
netatalk account required pam_unix.so
#
# The PAM configuration file for the `other' service
#
@ -64,16 +64,16 @@ other session required pam_deny.so
# The PAM configuration file for the `passwd' service
#
passwd password requisite pam_cracklib.so retry=3
passwd password required pam_pwdb.so shadow md5 use_authtok
passwd password required pam_unix.so shadow md5 use_authtok
#
# The PAM configuration file for the `rexec' service
#
rexec auth requisite pam_securetty.so
rexec auth requisite pam_nologin.so
rexec auth sufficient pam_rhosts_auth.so
rexec auth required pam_pwdb.so
rexec account required pam_pwdb.so
rexec session required pam_pwdb.so
rexec auth required pam_unix.so
rexec account required pam_unix.so
rexec session required pam_unix.so
rexec session required pam_limits.so
#
# The PAM configuration file for the `rlogin' service
@ -82,10 +82,10 @@ rexec session required pam_limits.so
rlogin auth requisite pam_securetty.so
rlogin auth requisite pam_nologin.so
rlogin auth required pam_rhosts_auth.so
rlogin account required pam_pwdb.so
rlogin account required pam_unix.so
rlogin password required pam_cracklib.so retry=3
rlogin password required pam_pwdb.so shadow md5 use_authtok
rlogin session required pam_pwdb.so
rlogin password required pam_unix.so shadow md5 use_authtok
rlogin session required pam_unix.so
rlogin session required pam_limits.so
#
# The PAM configuration file for the `rsh' service
@ -93,34 +93,34 @@ rlogin session required pam_limits.so
rsh auth requisite pam_securetty.so
rsh auth requisite pam_nologin.so
rsh auth sufficient pam_rhosts_auth.so
rsh auth required pam_pwdb.so
rsh account required pam_pwdb.so
rsh session required pam_pwdb.so
rsh auth required pam_unix.so
rsh account required pam_unix.so
rsh session required pam_unix.so
rsh session required pam_limits.so
#
# The PAM configuration file for the `samba' service
#
samba auth required pam_pwdb.so
samba account required pam_pwdb.so
samba auth required pam_unix.so
samba account required pam_unix.so
#
# The PAM configuration file for the `su' service
#
su auth required pam_wheel.so
su auth sufficient pam_rootok.so
su auth required pam_pwdb.so
su account required pam_pwdb.so
su session required pam_pwdb.so
su auth required pam_unix.so
su account required pam_unix.so
su session required pam_unix.so
#
# The PAM configuration file for the `vlock' service
#
vlock auth required pam_pwdb.so
vlock auth required pam_unix.so
#
# The PAM configuration file for the `xdm' service
#
xdm auth required pam_pwdb.so
xdm account required pam_pwdb.so
xdm auth required pam_unix.so
xdm account required pam_unix.so
#
# The PAM configuration file for the `xlock' service
#
xlock auth required pam_pwdb.so
xlock auth required pam_unix.so

2
contrib/libpam/conf/pam_conv1/README
View File

@ -1,4 +1,4 @@
$Id: README,v 1.1 1997/02/15 15:50:50 morgan Exp $
$Id: README,v 1.1.1.1 2000/06/20 22:10:45 agmorgan Exp $
This directory contains a untility to convert pam.conf files to a pam.d/
tree. The conversion program takes pam.conf from the standard input and

4
contrib/libpam/conf/pam_conv1/pam_conv.lex
View File

@ -1,7 +1,7 @@
%{
/*
* $Id: pam_conv.lex,v 1.1 1997/01/23 05:35:50 morgan Exp $
* $Id: pam_conv.lex,v 1.1.1.1 2000/06/20 22:10:45 agmorgan Exp $
*
* Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
*
@ -10,7 +10,7 @@
*/
const static char lexid[]=
"$Id: pam_conv.lex,v 1.1 1997/01/23 05:35:50 morgan Exp $\n"
"$Id: pam_conv.lex,v 1.1.1.1 2000/06/20 22:10:45 agmorgan Exp $\n"
"Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>\n";
extern int current_line;

4
contrib/libpam/conf/pam_conv1/pam_conv.y
View File

@ -1,7 +1,7 @@
%{
/*
* $Id: pam_conv.y,v 1.3 1997/02/15 15:50:50 morgan Exp morgan $
* $Id: pam_conv.y,v 1.1.1.1 2000/06/20 22:10:45 agmorgan Exp $
*
* Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
*
@ -10,7 +10,7 @@
*/
const static char bisonid[]=
"$Id: pam_conv.y,v 1.3 1997/02/15 15:50:50 morgan Exp morgan $\n"
"$Id: pam_conv.y,v 1.1.1.1 2000/06/20 22:10:45 agmorgan Exp $\n"
"Copyright (c) Andrew G. Morgan 1997-8 <morgan@linux.kernel.org>\n";
#include <string.h>

3548
contrib/libpam/configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

339
contrib/libpam/configure.in Normal file
View File

@ -0,0 +1,339 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT(conf/pam_conv1/pam_conv.y)
dnl The configuration header file
AC_CONFIG_HEADER(_pam_aconf.h)
dnl
dnl Release specific
dnl
LIBPAM_VERSION_MAJOR=0
LIBPAM_VERSION_MINOR=75
AC_SUBST(LIBPAM_VERSION_MAJOR)
AC_SUBST(LIBPAM_VERSION_MINOR)
AC_DEFINE(LIBPAM_VERSION_MAJOR)
AC_DEFINE(LIBPAM_VERSION_MINOR)
dnl
dnl By default, everything under PAM is installed under the root fs.
dnl
AC_PREFIX_DEFAULT()
dnl
dnl Rules needed for the following (hardcoded Linux defaults for now)
dnl
CC=gcc ; AC_SUBST(CC)
CONF_CFLAGS= ; AC_SUBST(CONF_CFLAGS)
MKDIR="mkdir -p" ; AC_SUBST(MKDIR)
LOCALSRCDIR=`/bin/pwd` ; AC_SUBST(LOCALSRCDIR)
OS=`uname|sed -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
AC_SUBST(OS)
dnl These are most likely platform specific - I think HPUX differs
DYNTYPE=so ; AC_SUBST(DYNTYPE)
USESONAME=yes ; AC_SUBST(USESONAME)
NEEDSONAME=yes ; AC_SUBST(NEEDSONAME)
SHLIBMODE=755 ; AC_SUBST(SHLIBMODE)
dnl ### Should enable this INSTALL detection.
dnl ### Would need to distribute GNU's config.guess and config.sub
dnl AC_PROG_INSTALL
INSTALL=/usr/bin/install ; AC_SUBST(INSTALL)
dnl Checks for programs.
AC_PROG_CC
dnl ### AC_PROG_CXX
AC_PROG_YACC
AC_PROG_LEX
dnl AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
dnl
dnl options and defaults
dnl
dnl lots of debugging information goes to /tmp/pam-debug.log
AC_ARG_ENABLE(debug,
[ --enable-debug qspecify you are building with debugging on],
WITH_DEBUG=yes ; AC_DEFINE(DEBUG) , WITH_DEBUG=no)
AC_SUBST(WITH_DEBUG)
dnl build specially named libraries (for debugging purposes)
AC_ARG_ENABLE(libdebug,
[ --enable-libdebug specify you are building debugging libraries],
WITH_LIBDEBUG=yes ; AC_DEFINE(WITH_LIBDEBUG) , WITH_LIBDEBUG=no)
AC_SUBST(WITH_LIBDEBUG)
dnl packaging convenience
AC_ARG_ENABLE(fakeroot,
[ --enable-fakeroot=<path to packaging directory>], FAKEROOT=$enableval)
AC_SUBST(FAKEROOT)
AC_ARG_ENABLE(securedir,
[ --enable-securedir=<path to location of PAMs> [default \$libdir/security]],
SECUREDIR=$enableval, SECUREDIR=$libdir/security)
AC_SUBST(SECUREDIR)
AC_ARG_ENABLE(sconfigdir,
[ --enable-sconfigdir=<path to module conf files> [default \$sysconfdir/security]],
SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security)
AC_SUBST(SCONFIGDIR)
AC_ARG_ENABLE(suplementedir,
[ --enable-suplementedir=<path to module helper binaries> [default \$sbindir]],
SUPLEMENTED=$enableval, SUPLEMENTED=$sbindir)
AC_SUBST(SUPLEMENTED)
AC_ARG_ENABLE(includedir,
[ --enable-includedir=<path to include location> - where to put <security>],
INCLUDEDIR=$enableval, INCLUDEDIR=/usr/include)
AC_SUBST(INCLUDEDIR)
AC_ARG_ENABLE(pamlocking,
[ --enable-pamlocking configure libpam to observe a global authentication lock],
WITH_PAMLOCKING=yes ; AC_DEFINE(PAM_LOCKING) , WITH_PAMLOCKING=no)
AC_SUBST(WITH_PAMLOCKING)
AC_ARG_ENABLE(uglyhack,
[ --enable-uglyhack configure libpam to try to honor old pam_strerror syntax],
AC_DEFINE(UGLY_HACK_FOR_PRIOR_BEHAVIOR_SUPPORT))
AC_ARG_ENABLE(read-both-confs,
[ --enable-read-both-confs read both /etc/pam.d and /etc/pam.conf files],
AC_DEFINE(PAM_READ_BOTH_CONFS))
AC_SUBST(PAM_READ_BOTH_CONFS)
AC_ARG_ENABLE(static-libpam, [ --enable-static-libpam build a libpam.a library],
STATIC_LIBPAM=yes , STATIC_LIBPAM=no)
AC_SUBST(STATIC_LIBPAM)
AC_ARG_ENABLE(dynamic-libpam,
[ --disable-dynamic-libpam do not build a shared libpam library],
DYNAMIC_LIBPAM=no, DYNAMIC_LIBPAM=yes)
AC_SUBST(DYNAMIC_LIBPAM)
DYNAMIC=-DPAM_DYNAMIC
AC_SUBST(DYNAMIC)
AC_ARG_ENABLE(static-modules,
[ --enable-static-modules do not make the modules dynamically loadable],
STATIC=-DPAM_STATIC)
AC_SUBST(STATIC)
AC_ARG_ENABLE(lckpwdf,
[ --disable-lckpwdf do not use the lckpwdf function],
WITH_LCKPWDF=no, WITH_LCKPWDF=yes)
AC_SUBST(WITH_LCKPWDF)
AC_CHECK_HEADERS(paths.h)
AC_ARG_WITH(mailspool,
[ --with-mailspool path to mail spool directory
[default _PATH_MAILDIR if defined in paths.h, otherwise /var/spool/mail]],
with_mailspool=${withval})
if test x$with_mailspool != x ; then
pam_mail_spool="\"$with_mailspool\""
else
AC_TRY_RUN([
#include <paths.h>
int main() {
#ifdef _PATH_MAILDIR
exit(0);
#else
exit(1);
#endif
}], pam_mail_spool="_PATH_MAILDIR",
pam_mail_spool="\"/var/spool/mail\"",
pam_mail_spool="\"/var/spool/mail\"")
fi
AC_DEFINE_UNQUOTED(PAM_PATH_MAILDIR, $pam_mail_spool)
dnl Checks for libraries.
AC_CHECK_LIB(c, __libc_sched_setscheduler, PAM_NEEDS_LIBC=, PAM_NEEDS_LIBC=-lc)
AC_SUBST(PAM_NEEDS_LIBC)
dnl Checks for the existence of lckpwdf in libc
AC_CHECK_LIB(c, lckpwdf, HAVE_LCKPWDF=yes, HAVE_LCKPWDF=no)
AC_SUBST(HAVE_LCKPWDF)
dnl Checks for the existence of libdl - on BSD its part of libc
AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
AC_SUBST(LIBDL)
dnl
dnl At least on Solaris, the existing libcrack must be dynamic.
dnl Ought to introduce a check for this.
dnl
AC_CHECK_LIB(crack, FascistCheck, HAVE_LIBCRACK=yes ; AC_DEFINE(HAVE_LIBCRACK),
HAVE_LIBCRACK=no)
AC_SUBST(HAVE_LIBCRACK)
AC_CHECK_LIB(crypt, fcrypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT),
HAVE_LIBCRYPT=no)
AC_SUBST(HAVE_LIBCRYPT)
AC_CHECK_LIB(util, logwtmp, HAVE_LIBUTIL=yes ; AC_DEFINE(HAVE_LIBUTIL),
HAVE_LIBUTIL=no)
AC_SUBST(HAVE_LIBUTIL)
AC_CHECK_LIB(ndbm, dbm_store, HAVE_LIBNDBM=yes ; AC_DEFINE(HAVE_LIBNDBM),
HAVE_LIBNDBM=no)
AC_SUBST(HAVE_LIBNDBM)
AC_CHECK_LIB(db, dbm_store, HAVE_LIBDB=yes ; AC_DEFINE(HAVE_LIBDB),
HAVE_LIBDB=no)
AC_SUBST(HAVE_LIBDB)
AC_CHECK_LIB(fl, yylex, yyterminate, HAVE_LIBFL=yes ; AC_DEFINE(HAVE_LIBFL),
HAVE_LIBFL=no)
AC_SUBST(HAVE_LIBFL)
AC_CHECK_LIB(nsl, yp_maplist, HAVE_LIBNSL=yes ; AC_DEFINE(HAVE_LIBNSL),
HAVE_LIBNSL=no)
AC_SUBST(HAVE_LIBNSL)
AC_CHECK_LIB(pwdb, pwdb_db_name, HAVE_LIBPWDB=yes ; AC_DEFINE(HAVE_LIBPWDB),
HAVE_LIBPWDB=no)
AC_SUBST(HAVE_LIBPWDB)
dnl Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h termio.h unistd.h)
dnl Linux wants features.h in some of the source files.
AC_CHECK_HEADERS(features.h)
dnl For module/pam_cracklib
AC_CHECK_HEADERS(crypt.h)
dnl For module/pam_userdb
AC_CHECK_HEADERS(ndbm.h db.h)
dnl I suspect the following two lines are a hack.
HAVE_NDBM_H=$ac_cv_header_ndbm_h
AC_SUBST(HAVE_NDBM_H)
dnl For module/pam_lastlog
AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
dnl This following rule should be made conditional upon HAVE_LIBCRYPT
dnl being found.
dnl Look for cracklib dictionary
AC_MSG_CHECKING(path to cracklib dictionary)
DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \
/usr/local/lib /usr/local/share/lib"
DICT_FILE_CANDIDATES="pw_dict cracklib_dict"
CRACKLIB_DICTPATH=""
for d in $DICT_DIR_CANDIDATES ; do
for f in $DICT_FILE_CANDIDATES ; do
if test -r $d/$f.hwm ; then
CRACKLIB_DICTPATH=$d/$f
break 2
elif test -r $d/dict/$f.hwm ; then
CRACKLIB_DICTPATH=$d/dict/$f
break 2
fi
done
done
if test -z "$CRACKLIB_DICTPATH" ; then
AC_MSG_RESULT(none found)
else
AC_MSG_RESULT($CRACKLIB_DICTPATH)
fi
AC_SUBST(CRACKLIB_DICTPATH)
dnl Set FLAGS, linker options etc. depending on C compiler.
dnl gcc is tested and much preferred; others less so, if at all
dnl
dnl If compiling with gcc, linking is also supposed to be done with gcc;
dnl since we use linker-specific arguments, we may not gain anything by
dnl switching LD_L over, but I think we can use LD_D as-is.
dnl
dnl For the moment, gcc is enforced above at "CC=gcc".
dnl
dnl There is an issue over _POSIX_SOURCE _BSD_SOURCE and _GNU_SOURCE .
dnl The original "Linux-PAM" had blanket inclusion. But portability
dnl requires their default absence: if particular OSes require them,
dnl this should be done selectively.
GCC_WARNINGS="-Wall -Wwrite-strings \
-Wpointer-arith -Wcast-qual -Wcast-align \
-Wstrict-prototypes -Wmissing-prototypes \
-Wnested-externs -Winline -Wshadow"
if test "$GCC" = yes; then
###
### Non-Linux needs attention on per-OS basis
OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic"
WARNINGS="$GCC_WARNINGS"
PIC="-fPIC"
#can/should we use LD=gcc ???
LD=ld
LD_D="gcc -shared -Xlinker -x"
LD_L="$LD -x -shared"
RANLIB=ranlib
STRIP=strip
CC_STATIC="-Xlinker -export-dynamic"
else
###
### Non-gcc needs attention on per-OS basis
###
### [These are Solaris-C specific...]
OS_CFLAGS=""
WARNINGS=""
PIC="-K pic"
LD=ld
LD_D="cc -z text -G -R."
LD_L="$LD_D"
RANLIB=ranlib
STRIP=strip
CC_STATIC=
fi
AC_SUBST(OS_CFLAGS)
AC_SUBST(WARNINGS)
AC_SUBST(PIC)
AC_SUBST(LD)
AC_SUBST(LD_D)
AC_SUBST(LD_L)
AC_SUBST(RANLIB)
AC_SUBST(STRIP)
AC_SUBST(CC_STATIC)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_BIGENDIAN
AC_C_CONST
AC_TYPE_UID_T
AC_TYPE_OFF_T
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
AC_STRUCT_TM
dnl Checks for library functions.
AC_TYPE_GETGROUPS
AC_PROG_GCC_TRADITIONAL
AC_FUNC_MEMCMP
AC_FUNC_VPRINTF
AC_CHECK_FUNCS(gethostname gettimeofday mkdir select strcspn strdup strerror strspn strstr strtol uname)
dnl Checks for programs/utilities
AC_CHECK_PROG(HAVE_SGML2TXT, sgml2txt, yes, no)
AC_CHECK_PROG(HAVE_SGML2HTML, sgml2html, yes, no)
AC_CHECK_PROG(HAVE_SGML2LATEX, sgml2latex, yes, no)
if test $HAVE_SGML2LATEX = "yes" ; then
if sgml2latex -h | grep -e --paper | grep ' -p ' > /dev/null ; then
PSER="sgml2latex -o ps"
else
PSER="sgml2latex -p"
fi
else
AC_CHECK_PROG(HAVE_SGML2PS, sgml2ps, yes, no)
if test $HAVE_SGML2PS = yes ; then
PSER="sgml2ps"
fi
fi
AC_SUBST(PSER)
dnl Files to be created from when we run configure
AC_OUTPUT(Make.Rules)

40
contrib/libpam/defs/debian.defs Normal file
View File

@ -0,0 +1,40 @@
##
# defs for Debian
# Ben Collins <bcollins@debian.org>
##
# this file indicates the compiler and the various hardware/OS dependent
# flags for installation. It also defines the various destinations of
# installed files on the system.
##
CFLAGS := -O2 -I${shell pwd}/include # -D__NO_STRING_INLINES
ifneq (,$(findstring $(DEB_BUILD_OPTIONS),debug DEBUG Debug))
CFLAGS += -g
endif
OS := $(shell dpkg-architecture -qDEB_BUILD_GNU_SYSTEM)
ARCH := $(shell dpkg-architecture -qDEB_BUILD_GNU_CPU)
CC := gcc
INSTALL := install
MKDIR := mkdir -p
ULIBS :=
LD := ld
LD_D := gcc -shared -Xlinker -x
LD_L := $(LD) -x -shared
AR := ar -cr
RANLIB := ranlib
PREFIX :=
LIBDIR := $(PREFIX)/lib
USESONAME := yes
SOSWITCH := -soname
LINKLIBS := -lc -L${shell pwd}/libpam -L${shell pwd}/libpam_misc
NEEDSONAME := no
LDCONFIG := /sbin/ldconfig
FAKEROOT :=
SUPLEMENTED := $(PREFIX)/sbin
SECUREDIR := $(LIBDIR)/security
INCLUDED := /usr/include/security
CONFIGED := /etc
SCONFIGED := /etc/security
EXTRALS := -lnsl -lcrypt
WARNINGS := -Wall

4
contrib/libpam/defs/linux.defs
View File

@ -6,7 +6,7 @@
# preferred OS/vendor.
OS=linux
ARCH=`uname -m | sed 's/^i?86/i386/'`
ARCH=i386 # should be changed for alpha
CC=gcc
INSTALL=install
MKDIR=mkdir -p
@ -16,6 +16,7 @@ LD=ld
LD_D=gcc -shared -Xlinker -x
LD_L=$(LD) -x -shared
USESONAME=yes
LINKLIBS=-lc
SOSWITCH=-soname
NEEDSONAME=no
LDCONFIG=/sbin/ldconfig
@ -29,4 +30,3 @@ SECUREDIR=$(LIBDIR)/security
INCLUDED=/usr/include/security
CONFIGED=/etc
SCONFIGED=/etc/security
NSLLIB=-lnsl

1
contrib/libpam/defs/morgan.defs
View File

@ -21,6 +21,7 @@ LD_D=gcc -shared -Xlinker -x
LD_L=$(LD) -x -shared
USESONAME=yes
SOSWITCH=-soname
LINKLIBS=-lc
NEEDSONAME=no
LDCONFIG=/sbin/ldconfig
AR=ar -cr

4
contrib/libpam/defs/redhat.defs
View File

@ -9,7 +9,7 @@
# This file is the version used for Red Hat Linux.
OS=linux
ARCH=$(shell rpm --showrc | grep 'build arch' | sed 's/^.*: //g')
ARCH=$(shell rpm --showrc | grep '^build arch' | sed 's/^.*: //g')
CC=gcc
INSTALL=install
MKDIR=mkdir -p
@ -20,6 +20,7 @@ LD_D=gcc -shared -Xlinker -x
LD_L=$(LD) -x -shared
USESONAME=yes
SOSWITCH=-soname
LINKLIBS=-lc
NEEDSONAME=no
LDCONFIG=/sbin/ldconfig
AR=ar -cr
@ -32,3 +33,4 @@ SECUREDIR=$(LIBDIR)/security
INCLUDED=/usr/include/security
CONFIGED=/etc
SCONFIGED=/etc/security
EXTRALS=-lcrypt

35
contrib/libpam/defs/redhat4.defs Normal file
View File

@ -0,0 +1,35 @@
##
# defs for Red Hat Linux
# Michael K. Johnson <johnsonm@redhat.com>
##
# this file indicates the compiler and the various hardware/OS dependent
# flags for installation. It also defines the various destinations of
# installed files on the system.
#
# This file is the version used for Red Hat Linux.
OS=linux
ARCH=$(shell rpm --showrc | grep '^build arch' | sed 's/^.*: //g')
CC=gcc
INSTALL=install
MKDIR=mkdir -p
CFLAGS=$(RPM_OPT_FLAGS) -pipe -g
ULIBS=#-lefence
LD=ld
LD_D=gcc -shared -Xlinker -x
LD_L=$(LD) -x -shared
USESONAME=yes
SOSWITCH=-soname
LINKLIBS=-lc
NEEDSONAME=no
LDCONFIG=/sbin/ldconfig
AR=ar -cr
RANLIB=ranlib
FAKEROOT=$(RPM_BUILD_ROOT)
PREFIX=
SUPLEMENTED=$(PREFIX)/sbin
LIBDIR=$(PREFIX)/lib
SECUREDIR=$(LIBDIR)/security
INCLUDED=/usr/include/security
CONFIGED=/etc
SCONFIGED=/etc/security

45
contrib/libpam/defs/solaris-2.1.5.defs Normal file
View File

@ -0,0 +1,45 @@
##
# Solaris defs contributed by Josh Wilmes <josh@makita.jpl.nasa.gov>
##
# this file indicates the compiler and the various hardware/OS dependent
# flags for installation. It also defines the various destinations of
# installed files on the system.
#
# This file is the default version. Please look in .../defs/ for your
# preferred OS/vendor.
# Please note that the linker used must be the GNU ld, not the native Sun
# linker. It is fairly common for the gnu linker (/usr/ccs/bin/ld) to be
# configured as the default linker for gcc. To tell gcc to use the
# gnu linker, you need to set the GCC_EXEC_PREFIX environment variable
# to point at the directory where the gnu linker is installed. Here's
# what I do:
# $ mkdir /tmp/foo
# $ ln -s /path/to/gnu/ld /tmp/foo/ld
# $ export GCC_EXEC_PREFIX=/tmp/foo/
# $ export PATH=/tmp/foo:$PATH
OS=solaris
ARCH=sun
CC=gcc
INSTALL=install
MKDIR=mkdir -p
CFLAGS=-O7 -pipe -g -D__EXTENSIONS__ -Dsolaris
ULIBS=
LD_D=gcc -shared -Xlinker -x
LD=ld
LD_L=$(LD) -G
USESONAME=yes
SOSWITCH=-h
NEEDSONAME=no
LDCONFIG=/sbin/echo
AR=ar -cr
RANLIB=ranlib
FAKEROOT=
PREFIX=/usr
SUPLEMENTED=$(PREFIX)/sbin
LIBDIR=$(PREFIX)/lib
SECUREDIR=$(LIBDIR)/security
INCLUDED=/usr/include/security
CONFIGED=/etc
SCONFIGED=/etc/security

36
contrib/libpam/defs/suse.defs Normal file
View File

@ -0,0 +1,36 @@
##
# defs for SuSE Linux
# Thorsten Kukuk <kukuk@suse.de>
##
# this file indicates the compiler and the various hardware/OS dependent
# flags for installation. It also defines the various destinations of
# installed files on the system.
#
# This file is the version used for SuSE Linux.
OS=linux
ARCH=$(shell rpm --showrc | grep 'build arch' | grep -v "compatible" | sed 's/^.*: //g')
CC=gcc
INSTALL=install
MKDIR=mkdir -p
CFLAGS=$(RPM_OPT_FLAGS) -pipe -D_REENTRANT
ULIBS=#-lefence
LD=ld
LD_D=gcc -shared -Xlinker -x
LD_L=$(LD) -x -shared
USESONAME=yes
SOSWITCH=-soname
LINKLIBS=-lc
NEEDSONAME=yes
LDCONFIG=/sbin/ldconfig
AR=ar -cr
RANLIB=ranlib
FAKEROOT=$(RPM_BUILD_ROOT)
PREFIX=
SUPLEMENTED=$(PREFIX)/sbin
LIBDIR=$(PREFIX)/lib
SECUREDIR=$(LIBDIR)/security
INCLUDED=/usr/include/security
CONFIGED=/etc
SCONFIGED=/etc/security
EXTRALS=-lcrypt

14
contrib/libpam/doc/CREDITS
View File

@ -1,29 +1,41 @@
<!--
an sgml list of people to credit for their contributions to Linux-PAM
$Id: CREDITS,v 1.4 1997/04/05 06:47:26 morgan Exp morgan $
$Id: CREDITS,v 1.2 2001/03/19 01:46:41 agmorgan Exp $
-->
Chris Adams,
Peter Allgeyer,
Tim Baverstock,
Tim Berger,
Craig S. Bell,
Derrick J. Brashear,
Ben Buxton,
Seth Chaiklin,
Oliver Crow,
Chris Dent,
Marc Ewing,
Cristian Gafton,
Emmanuel Galanos,
Brad M. Garcia,
Eric Hester,
Michel D'Hooge,
Roger Hu,
Eric Jacksch,
Michael K. Johnson,
David Kinchlea,
Olaf Kirch,
Marcin Korzonek,
Stephen Langasek,
Nicolai Langfeldt,
Elliot Lee,
Luke Kenneth Casson Leighton,
Al Longyear,
Ingo Luetkebohle,
Marek Michalkiewicz,
Robert Milkowski,
Aleph One,
Martin Pool,
Sean Reifschneider,
Jan Rekorajski,
Erik Troan,
Theodore Ts'o,
Jeff Uphoff,

88
contrib/libpam/doc/Makefile
View File

@ -1,10 +1,13 @@
### $Id: Makefile,v 1.9 1997/01/04 21:55:52 morgan Exp $
### $Id: Makefile,v 1.3 2001/01/22 08:03:01 agmorgan Exp $
TXTER=sgml2txt
HTMLER=sgml2html
# older distributions use, sgml2ps
PSER=sgml2latex -p
include ../Make.Rules
# These two should probably be moved into autoconf...
DOCDIR=/usr/doc/Linux-PAM
MANDIR=/usr/man
#######################################################
FILES=pam pam_appl pam_modules
FSRCS=pam.sgml pam_appl.sgml pam_modules.sgml
@ -26,36 +29,48 @@ all: htmls texts postscript
htmls: $(HTMLS)
$(HTMLS) : $(FSRCS)
ifeq ($(HAVE_SGML2HTML),yes)
@for i in $(FILES) ; do \
if [ ! -f "html/$$i.html" ] || [ "$$i.sgml" -nt "html/$$i.html" ]; \
then \
cd html ; $(HTMLER) ../$$i ; \
cd html ; sgml2html ../$$i ; \
if [ $$? -ne 0 ]; then exit 1 ; fi ; \
cd .. ; \
fi ; \
done
else
@echo XXX - you do not have the sgml2html binary installed
endif
texts: $(TEXTS)
$(TEXTS) : $(FSRCS)
ifeq ($(HAVE_SGML2TXT),yes)
@for i in $(FILES) ; do \
if [ ! -f "txts/$$i.txt" ] \
|| [ "$$i.sgml" -nt "txts/$$i.txt" ]; then \
cd txts ; $(TXTER) ../$$i ; cd .. ; \
cd txts ; sgml2txt ../$$i ; cd .. ; \
fi ; \
done
else
@echo XXX - you do not have the sgml2txt binary installed
endif
postscript: $(PSFILES)
$(PSFILES): $(FSRCS)
ifneq ($(PSER),)
@for i in $(FILES) ; do \
if [ ! -f "ps/$$i.ps" ] || [ "$$i.sgml" -nt "ps/$$i.ps" ]; then \
cd ps ; $(PSER) ../$$i ; cd .. ; \
fi ; \
done
else
@echo XXX - neither sgml2ps nor sgml2latex binaries are installed
endif
pam.sgml: pam_source.sgml MODULES-SGML
@sed -e '/^<!\-\- insert\-file MODULES\-SGML \-\->/r MODULES-SGML' pam_source.sgml > pam.sgml
pam.sgml: pam_source.sgml MODULES-SGML CREDITS
@sed -e '/^<!\-\- insert\-file MODULES\-SGML \-\->/r MODULES-SGML' pam_source.sgml | sed -e '/^<!\-\- insert\-file CREDITS \-\->/r CREDITS' > pam.sgml
MODULES-SGML: $(MODULES)
@echo 'Building module text from files in modules/*.sgml'
@ -67,11 +82,64 @@ MODULES-SGML: $(MODULES)
extraclean: clean
remove:
cd man && for file in *.3 ; do \
rm -f $(FAKEROOT)$(MANDIR)/man3/$$file ; \
done
cd man && for file in *.8 ; do \
rm -f $(FAKEROOT)$(MANDIR)/man8/$$file ; \
done
cd txts && for file in *.txt; do \
rm -f $(FAKEROOT)$(DOCDIR)/text/$$file ; \
done
cd ps && for file in *.ps; do \
rm -f $(FAKEROOT)$(DOCDIR)/ps/$$file ; \
done
cd html && for file in *.html; do \
rm -f $(FAKEROOT)$(DOCDIR)/html/$$file ; \
done
install: all
ifeq ($(HAVE_SGML2TXT),yes)
mkdir -p $(FAKEROOT)$(DOCDIR)/text
for file in txts/*.txt; do \
install -m 644 $$file $(FAKEROOT)$(DOCDIR)/text ; \
done
endif
ifneq ($(PSER),)
mkdir -p $(FAKEROOT)$(DOCDIR)/ps
for file in ps/*.ps; do \
install -m 644 $$file $(FAKEROOT)$(DOCDIR)/ps ; \
done
endif
ifeq ($(HAVE_SGML2HTML),yes)
mkdir -p $(FAKEROOT)$(DOCDIR)/html
for file in html/*.html; do \
install -m 644 $$file $(FAKEROOT)$(DOCDIR)/html ; \
done
endif
mkdir -p $(FAKEROOT)$(MANDIR)/man{3,8}
for file in man/*.3 ; do \
install -m 644 $$file $(FAKEROOT)$(MANDIR)/man3 ; \
done
for file in man/*.8 ; do \
install -m 644 $$file $(FAKEROOT)$(MANDIR)/man8 ; \
done
spec:
cd specs/formatter && make
specs/formatter/padout < specs/draft-morgan-pam.raw > specs/draft-morgan-pam-current.txt
releasedocs: all spec
tar zvfc Linux-PAM-$(MAJOR_REL).$(MINOR_REL)-docs.tar.gz --exclude CVS html ps txts specs/draft-morgan-pam-current.txt
clean:
rm -f *~ *.bak
rm -f html/pam*.html
rm -f man/*~
rm -f $(TEXTS)
rm -f $(PSFILES)
rm -f $(PSFILES) ps/missfont.log
rm -f MODULES-SGML pam.sgml
rm -f specs/draft-morgan-pam-current.txt
make -C specs/formatter clean

2
contrib/libpam/doc/html/index.html
View File

@ -17,5 +17,5 @@ currently not complete. However, in order of decreasing length:
<hr>
<p>
REVISION: <tt>$Id: index.html,v 1.4 1996/11/21 06:51:01 morgan Exp $</tt>
REVISION: <tt>$Id: index.html,v 1.1.1.1 2000/06/20 22:10:56 agmorgan Exp $</tt>
</BODY>

124
contrib/libpam/doc/man/pam.8
View File

@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id: pam.8,v 1.2 1997/02/15 18:37:27 morgan Exp $
.\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@linux.kernel.org>
.TH PAM 8 "1997 Feb 9" "Linux-PAM 0.56" "Linux-PAM Manual"
.\" $Id: pam.8,v 1.2 2001/01/20 23:47:07 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1996-7,2001 <morgan@kernel.org>
.TH PAM 8 "2001 Jan 20" "Linux-PAM 0.74" "Linux-PAM Manual"
.SH NAME
Linux-PAM \- Pluggable Authentication Modules for Linux
@ -197,7 +197,14 @@ The meaning of each of these tokens was explained above.
The third field,
.BR control ", "
indicates the behavior of the PAM-API should the module fail to
succeed in its authentication task. Valid
succeed in its authentication task. There are two types of syntax for
this control field: the simple one has a single simple keyword; the
more complicated one involves a square-bracketed selection of
.B value=action
pairs.
.sp
For the simple (historical) syntax valid
.BR control
values are:
.BR requisite
@ -223,9 +230,98 @@ module has failed the success of this one is
only module in the stack associated with this
.BR service "+" type "."
.sp
For the more complicated syntax valid
.B control
values have the following form:
.sp
.RB [value1=action1 value2=action2 ...]
.sp
Where
.B valueN
corresponds to the return code from the function invoked in the module
for which the line is defined. It is selected from one of these:
.BR success ;
.BR open_err ;
.BR symbol_err ;
.BR service_err ;
.BR system_err ;
.BR buf_err ;
.BR perm_denied ;
.BR auth_err ;
.BR cred_insufficient ;
.BR authinfo_unavail ;
.BR user_unknown ;
.BR maxtries ;
.BR new_authtok_reqd ;
.BR acct_expired ;
.BR session_err ;
.BR cred_unavail ;
.BR cred_expired ;
.BR cred_err ;
.BR no_module_data ;
.BR conv_err ;
.BR authtok_err ;
.BR authtok_recover_err ;
.BR authtok_lock_busy ;
.BR authtok_disable_aging ;
.BR try_again ;
.BR ignore ;
.BR abort ;
.BR authtok_expired ;
.BR module_unknown ;
.BR bad_item "; and"
.BR default .
The last of these,
.BR default ,
implies 'all
.BR valueN 's
not mentioned explicitly. Note, the full list of PAM errors is
available in /usr/include/security/_pam_types.h . The
.B actionN
can be: an unsigned integer,
.BR J ,
signifying an action of 'jump over the next J modules in the stack';
or take one of the following forms:
.br
.B ignore
- when used with a stack of modules, the module's return status will
not contribute to the return code the application obtains;
.br
.B bad
- this action indicates that the return code should be thought of as
indicative of the module failing. If this module is the first in the
stack to fail, its status value will be used for that of the whole
stack.
.br
.B die
- equivalent to bad with the side effect of terminating the module
stack and PAM immediately returning to the application.
.br
.B ok
- this tells PAM that the administrator thinks this return code
should contribute directly to the return code of the full stack of
modules. In other words, if the former state of the stack would lead
to a return of
.BR PAM_SUCCESS ,
the module's return code will override this value. Note, if the former
state of the stack holds some value that is indicative of a modules
failure, this 'ok' value will not be used to override that value.
.br
.B done
- equivalent to ok with the side effect of terminating the module
stack and PAM immediately returning to the application.
.br
.B reset
- clear all memory of the state of the module stack and start again
with the next stacked module.
.sp
.BR module-path
- this is the full filename of the PAM to be used by the application
- this is either the full filename of the PAM to be used by the
application (it begins with a '/'), or a relative pathname from the
default module location:
.BR /lib/security/ .
.sp
.BR module-arguments
@ -238,19 +334,13 @@ documented for each individual module.
.br
.BR /etc/pam.d/ " - the"
.BR Linux-PAM
configuration directory. If this directory is present, the
configuration directory. Generally, if this directory is present, the
.B /etc/pam.conf
file is ignored.
.br
.BR /usr/lib/libpam.so.X " - the dynamic library"
.BR /lib/libpam.so.X " - the dynamic library"
.br
.BR /usr/lib/security/*.so " - the PAMs
.sp
Note, to conform to the Linux File-system standard, the libraries and
modules in your system may be located in
.BR /lib " and " /lib/security
respectively.
.BR /lib/security/*.so " - the PAMs
.SH ERRORS
Typically errors generated by the
@ -261,8 +351,8 @@ system of libraries, will be written to
.SH "CONFORMING TO"
DCE-RFC 86.0, October 1995.
.br
Contains additional features, currently under consideration by the
DCE-RFC committee.
Contains additional features, but remains backwardly compatible with
this RFC.
.SH BUGS
.sp 2
@ -273,7 +363,7 @@ None known.
The three
.BR Linux-PAM
Guides, for
.BR "System administrators" ", "
.BR "system administrators" ", "
.BR "module developers" ", "
and
.BR "application developers" ". "

2
contrib/libpam/doc/man/pam.conf.8
View File

@ -1 +1 @@
.so man8/pam.8
.so pam.8

2
contrib/libpam/doc/man/pam.d.8
View File

@ -1 +1 @@
.so man8/pam.8
.so pam.8

2
contrib/libpam/doc/man/pam_authenticate.3
View File

@ -1,5 +1,5 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id: pam_authenticate.3,v 1.2 1997/02/15 18:39:59 morgan Exp $
.\" $Id: pam_authenticate.3,v 1.1.1.1 2000/06/20 22:10:57 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@parc.power.net>
.TH PAM_AUTHENTICATE 3 "1996 Dec 9" "Linux-PAM 0.55" "App. Programmers' Manual"
.SH NAME

2
contrib/libpam/doc/man/pam_chauthtok.3
View File

@ -1,5 +1,5 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id: pam_chauthtok.3,v 1.2 1997/02/15 18:42:23 morgan Exp $
.\" $Id: pam_chauthtok.3,v 1.1.1.1 2000/06/20 22:10:57 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
.TH PAM_CHAUTHTOK 3 "1997 Jan 4" "Linux-PAM 0.55" "App. Programmers' Manual"
.SH NAME

2
contrib/libpam/doc/man/pam_close_session.3
View File

@ -1 +1 @@
.so man3/pam_open_session.3
.so pam_open_session.3

2
contrib/libpam/doc/man/pam_end.3
View File

@ -1 +1 @@
.so man3/pam_start.3
.so pam_start.3

2
contrib/libpam/doc/man/pam_fail_delay.3
View File

@ -1,5 +1,5 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id: pam_fail_delay.3,v 1.2 1997/02/15 18:47:46 morgan Exp morgan $
.\" $Id: pam_fail_delay.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
.TH PAM_FAIL_DELAY 3 "1997 Jan 12" "Linux-PAM 0.56" "Programmers' Manual"
.SH NAME

2
contrib/libpam/doc/man/pam_open_session.3
View File

@ -1,5 +1,5 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id: pam_open_session.3,v 1.2 1997/02/15 18:49:02 morgan Exp $
.\" $Id: pam_open_session.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
.TH PAM_OPEN_SESSION 3 "1997 Jan 4" "Linux-PAM 0.55" "App. Programmers' Manual"
.SH NAME

2
contrib/libpam/doc/man/pam_setcred.3
View File

@ -1,5 +1,5 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id: pam_setcred.3,v 1.2 1997/02/15 18:50:49 morgan Exp morgan $
.\" $Id: pam_setcred.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1996,1997 <morgan@parc.power.net>
.TH PAM_SETCRED 3 "1997 July 6" "Linux-PAM 0.58" "App. Programmers' Manual"
.SH NAME

2
contrib/libpam/doc/man/pam_start.3
View File

@ -1,5 +1,5 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id: pam_start.3,v 1.2 1997/02/15 18:51:54 morgan Exp $
.\" $Id: pam_start.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@parc.power.net>
.TH PAM_START 3 "1997 Feb 15" "Linux-PAM 0.56" "Application Programmers' Manual"
.SH NAME

14
contrib/libpam/doc/man/pam_strerror.3
View File

@ -1,8 +1,8 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" ripped off from Rick Faith's getgroups man page
.\" $Id: pam_strerror.3,v 1.2 1997/02/15 18:53:04 morgan Exp $
.\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@parc.power.net>
.TH PAM_STRERROR 3 "1997 Feb 15" "Linux-PAM 0.56" "Programmers' Manual"
.\" $Id: pam_strerror.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@linux.kernel.org>
.TH PAM_STRERROR 3 "1999 Oct 4" "Linux-PAM 0.70" "Programmers' Manual"
.SH NAME
pam_strerror \- return a textual description of a Linux-PAM error
@ -14,14 +14,16 @@ or,
.br
.B #include <security/pam_modules.h>
.sp
.BI "const char *pam_strerror(" int " pam_error);
.BI "const char * pam_strerror( pam_handle_t " "*pamh" ", int " pam_error ");"
.sp 2
.SH DESCRIPTION
.B pam_strerror
This function returns a pointer to a line of text describing the
This function returns some text describing the
.BR Linux-PAM
error passed as its sole argument.
error associated with the
.B pam_error
argument.
.SH "RETURN VALUE"

2
contrib/libpam/doc/man/template-man
View File

@ -1,5 +1,5 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\" $Id: template-man,v 1.1 1997/01/04 18:25:13 morgan Exp $
.\" $Id: template-man,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $
.\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>
.TH PAM_???? 2 "1997 Jan 4" "Linux-PAM 0.55" "Application Programmers' Manual"
.SH NAME

2
contrib/libpam/doc/modules/README
View File

@ -1,4 +1,4 @@
$Id: README,v 1.2 1996/11/17 17:20:28 morgan Exp $
$Id: README,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $
This directory contains a number of sgml sub-files. One for each
documented module. They contain a description of each module and give

4
contrib/libpam/doc/modules/module.sgml-template
View File

@ -1,9 +1,9 @@
<!--
$Id: module.sgml-template,v 1.1 1996/11/30 20:59:32 morgan Exp $
$Id: module.sgml-template,v 1.2 2001/02/11 07:52:56 agmorgan Exp $
This template file was written by Andrew G. Morgan
<morgan@parc.power.net>
<morgan@kernel.org>
[
Text that should be deleted/replaced, is enclosed within

108
contrib/libpam/doc/modules/pam_access.sgml Normal file
View File

@ -0,0 +1,108 @@
<!--
pam_access module docs added by Tim Berger <timb@transmeta.com>
-->
<sect1> The access module
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
<tt>pam_access</tt>
<tag><bf>Author[s]:</bf></tag>
Alexei Nogin &lt;alexei@nogin.dnttm.ru&gt;
<tag><bf>Maintainer:</bf></tag>
Author
<tag><bf>Management groups provided:</bf></tag>
account
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
Requires a configuration file. By default
<tt>/etc/security/access.conf</tt> is used but this can be overridden.
<tag><bf>Network aware:</bf></tag>
Through <tt/PAM_TTY/ if set, otherwise attempts getting tty name of
the stdin file descriptor with <tt/ttyname()/. Standard
gethostname(), <tt/yp_get_default_domain()/, <tt/gethostbyname()/
calls. <bf/NIS/ is used for netgroup support.
</descrip>
<sect2>Overview of module
<p>
Provides logdaemon style login access control.
<sect2> Account component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt>accessfile=<it>/path/to/file.conf</it></tt>
<tag><bf>Description:</bf></tag>
This module provides logdaemon style login access control based on
login names and on host (or domain) names, internet addresses (or
network numbers), or on terminal line names in case of non-networked
logins. Diagnostics are reported through <tt/syslog(3)/. Wietse
Venema's <tt/login_access.c/ from <em/logdaemon-5.6/ is used with
several changes by A. Nogin.
<p>
The behavior of this module can be modified with the following
arguments:
<itemize>
<item><tt>accessfile=/path/to/file.conf</tt> -
indicate an alternative <em/access/ configuration file to override
the default. This can be useful when different services need different
access lists.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
Use of module is recommended, for example, on administrative machines
such as <bf/NIS/ servers and mail servers where you need several accounts
active but don't want them all to have login capability.
For <tt>/etc/pam.d</tt> style configurations where your modules live
in <tt>/lib/security</tt>, start by adding the following line to
<tt>/etc/pam.d/login</tt>, <tt>/etc/pam.d/rlogin</tt>,
<tt>/etc/pam.d/rsh</tt> and <tt>/etc/pam.d/ftp</tt>:
<tscreen>
<verb>
account required /lib/security/pam_access.so
</verb>
</tscreen>
Note that use of this module is not effective unless your system ignores
<tt>.rhosts</tt> files. See the the pam_rhosts_auth documentation.
A sample <tt>access.conf</tt> configuration file is included with the
distribution.
</descrip>

2
contrib/libpam/doc/modules/pam_chroot.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_chroot.sgml,v 1.1 1996/11/30 20:59:32 morgan Exp $
$Id: pam_chroot.sgml,v 1.1.1.1 2000/06/20 22:10:59 agmorgan Exp $
This file was written by Bruce Campbell <brucec@humbug.org.au>
-->

39
contrib/libpam/doc/modules/pam_cracklib.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_cracklib.sgml,v 1.2 1997/02/15 18:25:44 morgan Exp morgan $
$Id: pam_cracklib.sgml,v 1.3 2000/12/04 15:23:15 baggins Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
long password amendments are from Philip W. Dalrymple III <pwd@mdtsoft.com>
@ -48,10 +48,6 @@ Requires the system library <tt/libcrack/ and a system dictionary:
<p>
This module can be plugged into the <tt/password/ stack of a given
application to provide some plug-in strength-checking for passwords.
(XXX - note this does not necessarily work with the pam_unix module,
although it is known to work with the pam_pwdb replacement for the
unix module -- see example and pam_pwdb write up for more
information).
<p>
This module works in the following manner: it first calls the
@ -70,23 +66,35 @@ Is the new password the the old one with only a change of case?
<item> <bf/Similar/ -
Is the new password too much like the old one? This is controlled
by one argument, <tt/difok/ which is a number of characters that if
different between the old and new are enough to accept the new
Is the new password too much like the old one? This is primarily
controlled by one argument, <tt/difok/ which is a number of characters
that if different between the old and new are enough to accept the new
password, this defaults to 10 or 1/2 the size of the new password
whichever is smaller.
<item <bf/Simple/ -
To avoid the lockup associated with trying to change a long and
complicated password, <tt/difignore/ is available. This argument can
be used to specify the minimum length a new password needs to be
before the <tt/difok/ value is ignored. The default value for
<tt/difignore/ is 23.
<item> <bf/Simple/ -
Is the new password too small? This is controlled by 5 arguments
<tt/minlen/, <tt/dcredit/, <tt/ucredit/, <tt/lcredit/, and
<tt/ocredit/. See the section on the arguments for the details of how
these work and there defaults.
<item <bf/Rotated/ -
<item> <bf/Rotated/ -
Is the new password a rotated version of the old password?
<item> <bf/Already used/ -
Was the password used in the past? Previously used passwords are to
be found in /etc/security/opasswd.
</itemize>
<p>
@ -113,6 +121,7 @@ share most of these characters with the old password.
<tt/debug/; <tt/type=XXX/; <tt/retry=N/; <tt/difok=N/; <tt/minlen=N/;
<tt/dcredit=N/; <tt/ucredit=N/; <tt/lcredit=N/; <tt/ocredit=N/;
<tt/use_authtok/;
<tag><bf>Description:</bf></tag>
@ -204,14 +213,16 @@ character will count +1 towards meeting the current <tt/minlen/ value.
The default for <tt/ocredit/ is 1 which is the recommended value for
<tt/minlen/ less than 10.
<item> <tt/use_authtok/ -
This argument is used to <em/force/ the module to not prompt the user
for a new password but use the one provided by the previously stacked
<tt/password/ module.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
(At the time of writing, this module can only be stacked before the
<tt/pam_pwdb/ module. Cracklib strength checking may be compiled by
default into the <tt/pam_unix/ module.)
<p>
For an example of the use of this module, we show how it may be
stacked with the password component of <tt/pam_pwdb/:

2
contrib/libpam/doc/modules/pam_deny.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_deny.sgml,v 1.3 1997/02/15 18:25:44 morgan Exp morgan $
$Id: pam_deny.sgml,v 1.1.1.1 2000/06/20 22:11:00 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
-->

24
contrib/libpam/doc/modules/pam_env.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_env.sgml,v 1.1 1997/04/05 06:50:42 morgan Exp $
$Id: pam_env.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $
This file was written by Dave Kinchlea <kinch@kinch.ark.com>
Ed. AGM
@ -50,7 +50,8 @@ is the use of previously set environment variables as well as
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/; <tt/conffile=/<em/configuration-file-name/
<tt/debug/; <tt/conffile=/<em/configuration-file-name/;
<tt/envfile/=<em/env-file-name/; <tt/readenv/=<em/0|1/
<tag><bf>Description:</bf></tag>
This module allows you to (un)set arbitrary environment variables
@ -60,9 +61,9 @@ and/or <em/PAM_ITEM/s.
<p>
All is controlled via a configuration file (by default,
<tt>/etc/security/pam_env.conf</tt> but can be overriden with
<tt>connfile</tt> argument). Each line starts with the variable name,
<tt>conffile</tt> argument). Each line starts with the variable name,
there are then two possible options for each variable <bf>DEFAULT</bf>
and <bf>OVERRIDE</bf>. <bf>DEFAULT</bf> allows and administrator to
and <bf>OVERRIDE</bf>. <bf>DEFAULT</bf> allows an administrator to
set the value of the variable to some default value, if none is
supplied then the empty string is assumed. The <bf>OVERRIDE</bf>
option tells pam_env that it should enter in its value (overriding the
@ -87,6 +88,12 @@ be used in values (but not environment variable names) when white
space is needed <bf>the full value must be delimited by the quotes and
embedded or escaped quotes are not supported</bf>.
<p>
This module can also parse a file with simple <tt>KEY=VAL</tt> pairs
on seperate lines (<tt>/etc/environment</tt> by default). You can
change the default file to parse, with the <em/envfile/ flag and turn
it on or off by setting the <em/readenv/ flag to 1 or 0 respectively.
<p>
The behavior of this module can be modified with one of the following
flags:
@ -102,6 +109,15 @@ flags:
the configuration file. This option overrides the default. You must
supply a complete path + file name.
<item><tt/envfile=/<em/filename/
- by default the file <tt>/etc/environment</tt> is used to load KEY=VAL
pairs directly into the env. This option overrides the default. You must
supply a complete path + file name.
<item><tt/readenv=/<em/0|1/
- turns on or off the reading of the file specified by envfile (0 is off,
1 is on). By default this option is on.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>

6
contrib/libpam/doc/modules/pam_filter.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_filter.sgml,v 1.2 1997/02/15 18:25:44 morgan Exp $
$Id: pam_filter.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
-->
@ -100,8 +100,8 @@ the filter might expect.
<p>
Permitted values for <tt/X/ are <tt/1/ and <tt/2/. These indicate the
precise time the that filter is to be run. To explain this concept it
will be useful to have read the Linux-PAM Module developer's
precise time that the filter is to be run. To understand this concept
it will be useful to have read the Linux-PAM Module developer's
guide. Basically, for each management group there are up to two ways
of calling the module's functions.

8
contrib/libpam/doc/modules/pam_ftp.sgml
View File

@ -1,7 +1,7 @@
<!--
$Id: pam_ftp.sgml,v 1.1 1996/11/30 20:59:32 morgan Exp $
$Id: pam_ftp.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
This file was written by Andrew G. Morgan <morgan@linux.kernel.org>
-->
<sect1>Anonymous access module
@ -15,7 +15,7 @@
<tt/pam_ftp.so/
<tag><bf>Author:</bf></tag>
Andrew G. Morgan &lt;morgan@parc.power.net&gt;
Andrew G. Morgan &lt;morgan@linux.kernel.org&gt;
<tag><bf>Maintainer:</bf></tag>
Author.
@ -56,7 +56,7 @@ mode of access.
This module intercepts the user's name and password. If the name is
``<tt/ftp/'' or ``<tt/anonymous/'', the user's password is broken up
at the `<tt/@/' delimiter into a <tt/PAM_RUSER/ and a <tt/PAM_RHOST/
at the `<tt/&commat;/' delimiter into a <tt/PAM_RUSER/ and a <tt/PAM_RHOST/
part; these pam-items being set accordingly. The username is set to
``<tt/ftp/''. In this case the module succeeds. Alternatively, the
module sets the <tt/PAM_AUTHTOK/ item with the entered password and

2
contrib/libpam/doc/modules/pam_group.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_group.sgml,v 1.2 1997/01/04 20:50:10 morgan Exp $
$Id: pam_group.sgml,v 1.1.1.1 2000/06/20 22:11:01 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
-->

120
contrib/libpam/doc/modules/pam_issue.sgml Normal file
View File

@ -0,0 +1,120 @@
<!--
Ben Collins <bcollins@debian.org>
-->
<sect1>Add issue file to user prompt
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
<tt/pam_issue/
<tag><bf>Author:</bf></tag>
Ben Collins &lt;bcollins@debian.org&gt;
<tag><bf>Maintainer:</bf></tag>
Author
<tag><bf>Management groups provided:</bf></tag>
Authentication (pam_sm_authenticate)
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
<tag><bf>Network aware:</bf></tag>
</descrip>
<sect2>Overview of module
<p>
This module prepends the issue file (<em>/etc/issue</em> by default) when
prompting for a username.
<sect2>Authentication component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/issue=issue-file-name/; <tt/noesc/;
<tag><bf>Description:</bf></tag>
This module allows you to prepend an issue file to the username prompt. It
also by default parses escape codes in the issue file similar to some
common getty's (using &bsol;x format).
<p>
Recognized escapes:
<itemize>
<item><tt/d/
- current date
<item><tt/s/
- operating system name
<item><tt/l/
- name of this tty
<item><tt/m/
- architecture of this system (i686, sparc, powerpc, ...)
<item><tt/n/
- hostname of this system
<item><tt/o/
- domainname of this system
<item><tt/r/
- release number of the operation system (eg. 2.2.12)
<item><tt/t/
- current time
<item><tt/u/
- number of users currently logged in
<item><tt/U/
- same as <tt/u/, except it is suffixed with "user" or "users" (eg. "1
user" or "10 users"
<item><tt/v/
- version/build-date of the operating system (eg. "&num;3 Mon Aug 23 14:38:16
EDT 1999" on Linux).
</itemize>
<p>
The behavior of this module can be modified with one of the following
flags:
<p>
<itemize>
<item><tt/issue/
- the file to output if not using the default
<item><tt/noesc/
- turns off escape code parsing
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
login auth pam_issue.so issue=/etc/issue
</descrip>
<!--
End of sgml insert for this module.
-->

2
contrib/libpam/doc/modules/pam_krb4.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_krb4.sgml,v 1.1 1996/11/30 20:59:32 morgan Exp $
$Id: pam_krb4.sgml,v 1.1.1.1 2000/06/20 22:11:01 agmorgan Exp $
This file was written by Derrick J. Brashear <shadow@DEMENTIA.ORG>
-->

24
contrib/libpam/doc/modules/pam_lastlog.sgml
View File

@ -1,7 +1,7 @@
<!--
$Id: pam_mail.sgml,v 1.2 1997/02/15 18:25:44 morgan Exp $
$Id: pam_lastlog.sgml,v 1.2 2001/02/17 01:55:38 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
This file was written by Andrew G. Morgan <morgan@kernel.org>
-->
<sect1>The last login module
@ -15,7 +15,7 @@
<tt/pam_lastlog/
<tag><bf>Author:</bf></tag>
Andrew G. Morgan &lt;morgan@parc.power.net&gt;
Andrew G. Morgan &lt;morgan@kernel.org&gt;
<tag><bf>Maintainer:</bf></tag>
Author
@ -30,7 +30,7 @@ auth
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
uses information contained in the <tt>/var/log/wtmp</tt> file.
uses information contained in the <tt>/var/log/lastlog</tt> file.
<tag><bf>Network aware:</bf></tag>
@ -39,14 +39,14 @@ uses information contained in the <tt>/var/log/wtmp</tt> file.
<sect2>Overview of module
<p>
This session module maintains the <tt>/var/log/wtmp</tt> file. Adding
This session module maintains the <tt>/var/log/lastlog</tt> file. Adding
an open entry when called via the <tt>pam_open_seesion()</tt> function
and completing it when <tt>pam_close_session()</tt> is called. This
module can also display a line of information about the last login of
the user. If an application already performs these tasks, it is not
necessary to use this module.
<sect2>Authentication component
<sect2>Session component
<p>
<descrip>
@ -61,7 +61,7 @@ necessary to use this module.
This module can be used to provide a ``Last login on ...''
message. when the user logs into the system from what ever application
uses the PAM libraries. In addition, the module maintains the
<tt>/var/log/wtmp</tt> file.
<tt>/var/log/lastlog</tt> file.
<p>
The behavior of this module can be modified with one of the following
@ -85,10 +85,10 @@ attempt.
<item><tt/silent/
- neglect to inform the user about any previous login: just update
the <tt>/var/log/wtmp</tt> file.
the <tt>/var/log/lastlog</tt> file.
<item><tt/never/
- if the <tt>/var/log/wtmp</tt> file does not contain any old entries
- if the <tt>/var/log/lastlog</tt> file does not contain any old entries
for the user, indicate that the user has never previously logged in
with a ``welcome..." message.
@ -98,13 +98,13 @@ with a ``welcome..." message.
This module can be used to indicate that the user has new mail when
they <em/login/ to the system. Here is a sample entry for your
<tt>/etc/pam.conf</tt> file:
<tt>/etc/pam.d/XXX</tt> file:
<tscreen>
<verb>
#
# do we have any mail?
# When were we last here?
#
login session optional pam_lastlog.so
session optional pam_lastlog.so
</verb>
</tscreen>

38
contrib/libpam/doc/modules/pam_limits.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_limits.sgml,v 1.2 1997/02/15 18:25:44 morgan Exp $
$Id: pam_limits.sgml,v 1.4 2001/03/29 04:21:16 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
from information compiled by Cristian Gafton (author of module)
@ -74,6 +74,12 @@ verbose logging to <tt/syslog(3)/.
<item><tt>conf=/path/to/file.conf</tt> -
indicate an alternative <em/limits/ configuration file to the default.
<item><tt/change_uid/ -
change real uid to the user for who the limits are set up. Use this
option if you have problems like login not forking a shell for user
who has no processes. Be warned that something else may break when
you do this.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
@ -103,7 +109,7 @@ The fields listed above should be filled as follows...<newline>
</itemize>
<p>
<tt>&lt;type&gt;</tt> can have the two values:
<tt>&lt;type&gt;</tt> can have the three values:
<itemize>
<item> <tt/hard/ for enforcing <em/hard/ resource limits. These limits
@ -116,6 +122,9 @@ by any pre-exisiting <em/hard/ limits. The values specified with this
token can be thought of as <em/default/ values, for normal system
usage.
<item> <tt/-/ for enforcing both <em/soft/ and <em/hard/ limits
together.
</itemize>
<p>
@ -132,15 +141,22 @@ usage.
<item><tt/nproc/ - max number of processes
<item><tt/as/ - address space limit
<item><tt/maxlogins/ - max number of logins for this user.
<item><tt/priority/ - the priority to run user process with
</itemize>
<p>
To completely disable limits for a user (or a group), a single dash
(-) will do (Example: ``<tt/bin -/'', ``<tt/@admin -/''). Please
remember that individual limits have priority over group limits, so if
you impose no limits for <tt/admin/ group, but one of the members in this
group have a limits line, the user will have its limits set according
to this line.
Note, if you specify a type of ``-'' but neglect to supply the
<tt/item/ and <tt/value/ fields then the module will never enforce any
limits on the corresponding user/group-members etc. . Note, the first
entry of the form which applies to the authenticating user will
override all other entries in the limits configuration file. In such
cases, the <tt/pam_limits/ module will always return <tt/PAM_SUCCESS/.
<p>
In general, individual limits have priority over group limits, so if
you impose no limits for <tt/admin/ group, but one of the members in
this group have a limits line, the user will have its limits set
according to this line.
<p>
Also, please note that all limit settings are set <em/per login/.
@ -173,11 +189,11 @@ ftp hard nproc 0
</tscreen>
Note, the use of <tt/soft/ and <tt/hard/ limits for the same resource
(see <tt/@faculty/) -- this establishes the <em/default/ and permitted
<em/extreme/ level of resources that the user can can obtain in a
given service-session.
<em/extreme/ level of resources that the user can obtain in a given
service-session.
<p>
For the services that need resources limits (login for example) put a
For the services that need resources limits (login for example) put
the following line in <tt>/etc/pam.conf</tt> as the last line for that
service (usually after the pam_unix session line:
<tscreen>

6
contrib/libpam/doc/modules/pam_listfile.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_listfile.sgml,v 1.3 1997/02/15 18:25:44 morgan Exp $
$Id: pam_listfile.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $
This file was written by Michael K. Johnson <johnsonm@redhat.com>
-->
@ -111,8 +111,8 @@ Note, users listed in <tt>/etc/ftpusers</tt> file are
(counterintuitively) <bf/not/ allowed access to the ftp service.
<p>
To allow login access only for certain users, you can use an
pam.conf entry like this:
To allow login access only for certain users, you can use a
<tt/pam.conf/ entry like this:
<tscreen>
<verb>
#

46
contrib/libpam/doc/modules/pam_mail.sgml
View File

@ -1,7 +1,7 @@
<!--
$Id: pam_mail.sgml,v 1.2 1997/02/15 18:25:44 morgan Exp $
$Id: pam_mail.sgml,v 1.3 2001/03/19 01:46:41 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
This file was written by Andrew G. Morgan <morgan@linux.kernel.org>
-->
<sect1>The mail module
@ -15,13 +15,14 @@
<tt/pam_mail/
<tag><bf>Author:</bf></tag>
Andrew G. Morgan &lt;morgan@parc.power.net&gt;
Andrew G. Morgan &lt;morgan@linux.kernel.org&gt;
<tag><bf>Maintainer:</bf></tag>
Author
<tag><bf>Management groups provided:</bf></tag>
auth
Authentication (credential)
Session (open)
<tag><bf>Cryptographically sensitive:</bf></tag>
@ -42,14 +43,15 @@ Default mail directory <tt>/var/spool/mail/</tt>
This module looks at the user's mail directory and indicates
whether the user has any mail in it.
<sect2>Authentication component
<sect2>Session component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/; <tt/dir=/<em/direcory-name/; <tt/nopen/; <tt/close/;
<tt/noenv/; <tt/empty/
<tt/debug/; <tt/dir=/<em/directory-name/; <tt/nopen/; <tt/close/;
<tt/noenv/; <tt/empty/; <tt/hash=/<em/hashcount/; <tt/standard/;
<tt/quiet/;
<tag><bf>Description:</bf></tag>
@ -59,12 +61,6 @@ single message indicating the <em/newness/ of any mail it finds in the
user's mail folder. This module also sets the <bf/Linux-PAM/
environment variable, <tt/MAIL/, to the user's mail directory.
<p>
Although the module supplies functions for the authentication
management group of functions, it cannot be used to authenticate a
user; its authentication function instructs <tt/libpam/ to simply
ignore it when authenticating the user.
<p>
The behavior of this module can be modified with one of the following
flags:
@ -97,6 +93,17 @@ the user's credentials are revoked.
- indicate that the user's mail directory is empty if this is found to
be the case.
<item><tt/hash=/<em/hashcount/
- mail directory hash depth. For example, a <em/hashcount/ of 2 would
make the mailfile be <tt>/var/spool/mail/u/s/user</tt>.
<item><tt/standard/
- old style "You have..." format which doesn't show the mail spool being used.
this also implies "empty"
<item><tt/quiet/
- only report when there is new mail.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
@ -109,16 +116,27 @@ they <em/login/ to the system. Here is a sample entry for your
#
# do we have any mail?
#
login auth optional pam_mail.so
login session optional pam_mail.so
</verb>
</tscreen>
<p>
Note, if the mail spool file (be it <tt>/var/spool/mail/$USER</tt> or
a pathname given with the <tt>dir=</tt> parameter) is a directory then
<tt>pam_mail</tt> assumes it is in the <it>Qmail Maildir</it> format.
<p>
Note, some applications may perform this function themselves. In such
cases, this module is not necessary.
</descrip>
<sect2>Authentication component
<p>
Then authentication companent works the same as the session component,
except that everything is done during the <tt>pam_setcred()</tt> phase.
<!--
End of sgml insert for this module.
-->

83
contrib/libpam/doc/modules/pam_mkhomedir.sgml Normal file
View File

@ -0,0 +1,83 @@
<!--
Ben Collins <bcollins@debian.org>
-->
<sect1>Create home directories on initial login
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
<tt/pam_mkhomedir/
<tag><bf>Author:</bf></tag>
Jason Gunthorpe &lt;jgg@ualberta.ca&gt;
<tag><bf>Maintainer:</bf></tag>
Ben Collins &lt;bcollins@debian.org&gt;
<tag><bf>Management groups provided:</bf></tag>
Session
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
<tag><bf>Network aware:</bf></tag>
</descrip>
<sect2>Overview of module
<p>
Creates home directories on the fly for authenticated users.
<sect2>Session component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/; <tt/skel=skeleton-dir/; <tt/umask=octal-umask/;
<tag><bf>Description:</bf></tag>
This module is useful for distributed systems where the user account is
managed in a central database (such as NIS, NIS+, or LDAP) and accessed
through miltiple systems. It frees the administrator from having to create
a default home directory on each of the systems by creating it upon the
first succesfully authenticated login of that user. The skeleton directory
(usually /etc/skel/) is used to copy default files and also set's a umask
for the creation.
<p>
The behavior of this module can be modified with one of the following
flags:
<p>
<itemize>
<item><tt/skel/
- The skeleton directory for default files to copy to the new home directory.
<item><tt/umask/
- An octal for of the same format as you would pass to the shells umask command.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
</descrip>
<!--
End of sgml insert for this module.
-->

77
contrib/libpam/doc/modules/pam_motd.sgml Normal file
View File

@ -0,0 +1,77 @@
<!--
Ben Collins <bcollins@debian.org>
-->
<sect1>Output the motd file
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
<tt/pam_motd/
<tag><bf>Author:</bf></tag>
Ben Collins &lt;bcollins@debian.org&gt;
<tag><bf>Maintainer:</bf></tag>
Author
<tag><bf>Management groups provided:</bf></tag>
Session (open)
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
<tag><bf>Network aware:</bf></tag>
</descrip>
<sect2>Overview of module
<p>
This module outputs the motd file (<em>/etc/motd</em> by default) upon
successful login.
<sect2>Session component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/; <tt/motd=motd-file-name/;
<tag><bf>Description:</bf></tag>
This module allows you to have arbitrary motd's (message of the day)
output after a succesful login. By default this file is <em>/etc/motd</em>,
but is configurable to any file.
<p>
The behavior of this module can be modified with one of the following
flags:
<p>
<itemize>
<item><tt/motd/
- the file to output if not using the default.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
login session pam_motd.so motd=/etc/motd
</descrip>
<!--
End of sgml insert for this module.
-->

2
contrib/libpam/doc/modules/pam_nologin.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_nologin.sgml,v 1.2 1997/01/04 21:56:55 morgan Exp $
$Id: pam_nologin.sgml,v 1.1.1.1 2000/06/20 22:11:02 agmorgan Exp $
This file was written by Michael K. Johnson <johnsonm@redhat.com>
-->

2
contrib/libpam/doc/modules/pam_permit.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_permit.sgml,v 1.2 1997/02/15 18:20:12 morgan Exp $
$Id: pam_permit.sgml,v 1.1.1.1 2000/06/20 22:11:02 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
-->

19
contrib/libpam/doc/modules/pam_pwdb.sgml
View File

@ -1,7 +1,7 @@
<!--
$Id: pam_pwdb.sgml,v 1.3 1997/04/05 06:50:42 morgan Exp morgan $
$Id: pam_pwdb.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
This file was written by Andrew G. Morgan <morgan@kernel.org>
-->
<sect1>The Password-Database module
@ -16,7 +16,7 @@ pam_pwdb
<tag><bf>Author:</bf></tag>
Cristian Gafton &lt;gafton@redhat.com&gt; <newline>
and Andrew G. Morgan &lt;morgan@parc.power.net&gt;
and Andrew G. Morgan &lt;morgan@kernel.org&gt;
<tag><bf>Maintainer:</bf></tag>
Authors.
@ -44,8 +44,8 @@ This module is a pluggable replacement for the <tt/pam_unix_../
modules. It uses the generic interface of the <em/Password Database/
library
<tt><htmlurl
url="http://parc.power.net/morgan/libpwdb/index.html"
name="http://parc.power.net/morgan/libpwdb/index.html"></tt>.
url="http://linux.kernel.org/morgan/libpwdb/index.html"
name="http://linux.kernel.org/morgan/libpwdb/index.html"></tt>.
<sect2>Account component
@ -101,7 +101,8 @@ login account required pam_pwdb.so
<tt/use_first_pass/;
<tt/try_first_pass/;
<tt/nullok/;
<tt/nodelay/
<tt/nodelay/;
<tt/likeauth/
<tag><bf>Description:</bf></tag>
@ -141,6 +142,12 @@ it. It is called transparently on behalf of the user by the
authenticating component of this module. In this way it is possible
for applications like <em>xlock</em> to work without being setuid-root.
<p>
The <tt>likeauth</tt> argument makes the module return the same value
when called as a credential setting module and an authentication
module. This will help libpam take a sane path through the auth
component of your configuration file.
<tag><bf>Examples/suggested usage:</bf></tag>
The correct functionality of this module is dictated by having an

6
contrib/libpam/doc/modules/pam_radius.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_radius.sgml,v 1.2 1997/02/15 18:25:44 morgan Exp $
$Id: pam_radius.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $
This file was written by Cristian Gafton <gafton@redhat.com>
-->
@ -44,7 +44,7 @@ yes; this is a network module (independent of application).
<p>
This module is intended to provide the session service for users
autheticated with a RADIUS server. At the present stage, the only
authenticated with a RADIUS server. At the present stage, the only
option supported is the use of the RADIUS server as an accounting
server.
@ -60,7 +60,7 @@ server.
<tag><bf>Description:</bf></tag>
This module is intended to provide the session service for users
autheticated with a RADIUS server. At the present stage, the only
authenticated with a RADIUS server. At the present stage, the only
option supported is the use of the RADIUS server as an <em/accounting/
server.

11
contrib/libpam/doc/modules/pam_rhosts.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_rhosts.sgml,v 1.4 1997/04/05 06:50:42 morgan Exp $
$Id: pam_rhosts.sgml,v 1.1.1.1 2000/06/20 22:11:04 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
-->
@ -81,7 +81,8 @@ of independently probing the network connection for such information.
<p>
In the case of <tt/root/-access, the <tt>/etc/host.equiv</tt> file is
<em/ignored/. Instead, the superuser must have a correctly configured
<em/ignored/ unless the <tt>hosts_equiv_rootok</tt> option
should be used. Instead, the superuser must have a correctly configured
personal configuration file.
<p>
@ -102,6 +103,12 @@ fix this!)
<tt/no_hosts_equiv/ -
ignore the contents of the <tt>/etc/hosts.equiv</tt> file.
<item>
<tt/hosts_equiv_rootok/ -
allow the use of <tt>/etc/hosts.equiv</tt> for superuser. Without this
option <tt>/etc/hosts.equiv</tt> is not consulted for the superuser account.
This option has no effect if the <tt>no_hosts_equiv</tt> option is used.
<item>
<tt/no_rhosts/ -
ignore the contents of all user's personal configuration file

2
contrib/libpam/doc/modules/pam_rootok.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_rootok.sgml,v 1.2 1997/02/15 18:25:44 morgan Exp $
$Id: pam_rootok.sgml,v 1.1.1.1 2000/06/20 22:11:04 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
-->

2
contrib/libpam/doc/modules/pam_securetty.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_securetty.sgml,v 1.1 1996/11/30 20:59:32 morgan Exp $
$Id: pam_securetty.sgml,v 1.1.1.1 2000/06/20 22:11:04 agmorgan Exp $
This file was written by Michael K. Johnson <johnsonm@redhat.com>
-->

191
contrib/libpam/doc/modules/pam_tally.sgml Normal file
View File

@ -0,0 +1,191 @@
<!--
$Id: pam_tally.sgml,v 1.1 2001/02/11 07:52:56 agmorgan Exp $
This template file was written by Andrew G. Morgan <morgan@kernel.org>
adapted from text provided by Tim Baverstock.
-->
<sect1>The login counter (tallying) module
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
pam_tally
<tag><bf>Author[s]:</bf></tag>
Tim Baverstock
<tag><bf>Maintainer:</bf></tag>
<tag><bf>Management groups provided:</bf></tag>
auth; account
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
A faillog file (default location /var/log/faillog)
<tag><bf>Network aware:</bf></tag>
</descrip>
<sect2>Overview of module
<p>
This module maintains a count of attempted accesses, can reset count
on success, can deny access if too many attempts fail.
<p>
pam_tally comes in two parts: <tt>pam_tally.so</tt> and
<tt>pam_tally</tt>. The former is the PAM module and the latter, a
stand-alone program. <tt>pam_tally</tt> is an (optional) application
which can be used to interrogate and manipulate the counter file. It
can display users' counts, set individual counts, or clear all
counts. Setting artificially high counts may be useful for blocking
users without changing their passwords. For example, one might find it
useful to clear all counts every midnight from a cron job.
<p>
The counts file is organized as a binary-word array, indexed by
uid. You can probably make sense of it with <tt>od</tt>, if you don't
want to use the supplied appliction.
<p>
Note, there are some outstanding issues with this module:
<tt>pam_tally</tt> is very dependant on <tt>getpw*()</tt> - a database
of usernames would be much more flexible; the `keep a count of current
logins' bit has been <tt>#ifdef</tt>'d out and you can only reset the
counter on successful authentication, for now.
<sect3>Generic options accepted by both components
<p>
<itemize>
<item> <tt>onerr=</tt>(<tt>succeed</tt>|<tt>fail</tt>):
if something weird happens, such as unable to open the file, how
should the module react?
<item> <tt>file=</tt><em>/where/to/keep/counts</em>:
specify the file location for the counts.
The default location is <tt>/var/log/faillog</tt>.
</itemize>
<sect2>Authentication component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt>onerr=</tt>(<tt>succeed</tt>|<tt>fail</tt>);
<tt>file=</tt>/where/to/keep/counts;
<tt>no_magic_root</tt>
<tag><bf>Description:</bf></tag>
<p>
The authentication component of this module increments the attempted
login counter.
<p>
<tag><bf>Examples/suggested usage:</bf></tag>
<p>
The module argument <tt>no_magic_root</tt> is used to indicate that if
the module is invoked by a user with uid=0, then the counter is
incremented. The sys-admin should use this for daemon-launched
services, like <tt>telnet</tt>/<tt>rsh</tt>/<tt>login</tt>. For user
launched services, like <tt>su</tt>, this argument should be omitted.
<p>
By way of more explanation, when a process already running as root
tries to access some service, the access is <em>magic</em>, and
bypasses <tt>pam_tally</tt>'s checks: this is handy for <tt>su</tt>ing
from root into an account otherwise blocked. However, for services
like <tt>telnet</tt> or <tt>login</tt>, which always effectively run
from the root account, root (ie everyone) shouldn't be granted this
magic status, and the flag `no_magic_root' should be set in this
situation, as noted in the summary above.
</descrip>
<sect2>Account component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt>onerr=</tt>(<tt>succeed</tt>|<tt>fail</tt>);
<tt>file=</tt>/where/to/keep/counts;
<tt>deny=</tt><em>n</em>;
<tt>no_magic_root</tt>;
<tt>even_deny_root_account</tt>;
<tt>reset</tt>;
<tt>no_reset</tt>;
<tt>per_user</tt>;
<tt>no_lock_time</tt>
<tag><bf>Description:</bf></tag>
<p>
The account component can deny access and/or reset the attempts
counter. It also checks to make sure that the counts file is a plain
file and not world writable.
<tag><bf>Examples/suggested usage:</bf></tag>
<p>
The <tt>deny=</tt><em>n</em> option is used to deny access if tally
for this user exceeds <em>n</em>. The presence of
<tt>deny=</tt><em>n</em> changes the default for
<tt>reset</tt>/<tt>no_reset</tt> to <tt>reset</tt>, unless the user
trying to gain access is root and the <tt>no_magic_root</tt> option
has NOT been specified.
<p>
The <tt>no_magic_root</tt> option ensures that access attempts by root
DON'T ignore deny. Use this for daemon-based stuff, like
<tt>telnet</tt>/<tt>rsh</tt>/<tt>login</tt>.
<p>
The <tt>even_deny_root_account</tt> option is used to ensure that the
root account can become unavailable. <bf>Note</bf> that magic root
trying to gain root bypasses this, but normal users can be locked out.
<p>
The <tt>reset</tt> option instructs the module to reset count to 0 on
successful entry, even for magic root. The <tt>no_reset</tt> option is
used to instruct the module to not reset the count on successful
entry. This is the default unless <tt>deny</tt> exists and the user
attempting access is NOT magic root.
<p>
If <tt>/var/log/faillog</tt> contains a non-zero <tt>.fail_max</tt>
field for this user then the <tt>per_user</tt> module argument will
ensure that the module uses this value and not the global
<tt>deny=</tt><em>n</em> parameter.
<p>
The <tt>no_lock_time</tt> option is for ensuring that the module does
not use the <tt>.fail_locktime</tt> field in /var/log/faillog for this
user.
<p>
Normally, failed attempts to access root will <bf>NOT</bf> cause the
root account to become blocked, to prevent denial-of-service: if your
users aren't given shell accounts and root may only login via
<tt>su</tt> or at the machine console (not
<tt>telnet</tt>/<tt>rsh</tt>, etc), this is safe. If you really want
root to be blocked for some given service, use
<tt>even_deny_root_account</tt>.
</descrip>
<!--
End of sgml insert for this module.
-->

4
contrib/libpam/doc/modules/pam_time.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_time.sgml,v 1.2 1997/02/15 18:25:44 morgan Exp $
$Id: pam_time.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
-->
@ -142,7 +142,7 @@ Some examples of rules that can be placed in the
<tt>/etc/security/time.conf</tt> configuration file are the following:
<descrip>
<tag><tt>login ; tty* &amp ; !ttyp* ; !root ; !Al0000-2400</tt></tag>
<tag><tt>login ; tty* &amp; !ttyp* ; !root ; !Al0000-2400</tt></tag>
all users except for <tt/root/ are denied access to console-login at
all times.

288
contrib/libpam/doc/modules/pam_unix.sgml Normal file
View File

@ -0,0 +1,288 @@
<!--
This file was written by Andrew G. Morgan <morgan@linux.kernel.org>
Converted from the pam_pwdb.sgml file for pam_unix by Ben Collins <bcollins@debian.org>
-->
<sect1>The Unix Password module
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
pam_unix
<tag><bf>Author:</bf></tag>
<tag><bf>Maintainer:</bf></tag>
<tag><bf>Management groups provided:</bf></tag>
account; authentication; password; session
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
<tag><bf>Network aware:</bf></tag>
</descrip>
<sect2>Overview of module
<p>
This is the standard Unix authentication module. It uses standard calls
from the system's libraries to retrieve and set account information as
well as authentication. Usually this is obtained from the /etc/passwd
and the /etc/shadow file as well if shadow is enabled.
<sect2>Account component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/; <tt/audit/
<tag><bf>Description:</bf></tag>
The <tt/debug/ argument makes the accounting functions of this module
<tt/syslog(3)/ more information on its actions. (Remaining arguments
supported by the other functions of this module are silently ignored,
but others are logged as errors through <tt/syslog(3)/). The <tt/audit/
argument causes even more logging.
Based on the following <tt/shadow/ elements:
<tt/expire/;
<tt/last_change/;
<tt/max_change/;
<tt/min_change/;
<tt/warn_change/,
this module performs the task of establishing the status of the user's
account and password. In the case of the latter, it may offer advice
to the user on changing their password or, through the
<tt/PAM_AUTHTOKEN_REQD/ return, delay giving service to the user until
they have established a new password. The entries listed above are
documented in the <em/GNU Libc/ info documents. Should the user's record
not contain one or more of these entries, the corresponding <em/shadow/
check is not performed.
<tag><bf>Examples/suggested usage:</bf></tag>
In its accounting mode, this module can be inserted as follows:
<tscreen>
<verb>
#
# Ensure users account and password are still active
#
login account required pam_unix.so
</verb>
</tscreen>
</descrip>
<sect2>Authentication component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/;
<tt/audit/;
<tt/use_first_pass/;
<tt/try_first_pass/;
<tt/nullok/;
<tt/nodelay/
<tag><bf>Description:</bf></tag>
The <tt/debug/ argument makes the authentication functions of this
module <tt/syslog(3)/ more information on its actions. The <tt/audit/
causes even more information to be logged.
<p>
The default action of this module is to not permit the user access to
a service if their <em/official/ password is blank. The <tt/nullok/
argument overrides this default.
<p>
When given the argument <tt/try_first_pass/, before prompting the user
for their password, the module first tries the previous stacked
<tt/auth/-module's password in case that satisfies this module as
well. The argument <tt/use_first_pass/ forces the module to use such a
recalled password and will never prompt the user - if no password is
available or the password is not appropriate, the user will be denied
access.
<p>
The argument, <tt>nodelay</tt>, can be used to discourage the
authentication component from requesting a delay should the
authentication as a whole fail. The default action is for the module
to request a delay-on-failure of the order of one second.
<p>
Remaining arguments, supported by the other functions of this module,
are silently ignored. Other arguments are logged as errors through
<tt/syslog(3)/.
<p>
A helper binary, <tt>unix_chkpwd</tt>, is provided to check the user's
password when it is stored in a read protected database. This binary
is very simple and will only check the password of the user invoking
it. It is called transparently on behalf of the user by the
authenticating component of this module. In this way it is possible
for applications like <em>xlock</em> to work without being setuid-root.
<tag><bf>Examples/suggested usage:</bf></tag>
The correct functionality of this module is dictated by having an
appropriate <tt>/etc/nsswitch.conf</tt> file, the user
databases specified there dictate the source of the authenticated
user's record.
<p>
In its authentication mode, this module can be inserted as follows:
<tscreen>
<verb>
#
# Authenticate the user
#
login auth required pam_unix.so
</verb>
</tscreen>
</descrip>
<sect2>Password component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/;
<tt/audit/;
<tt/nullok/;
<tt/not_set_pass/;
<tt/use_authtok/;
<tt/try_first_pass/;
<tt/use_first_pass/;
<tt/md5/;
<tt/bigcrypt/;
<tt/shadow/;
<tt/nis/;
<tt/remember/
<tag><bf>Description:</bf></tag>
This part of the <tt/pam_unix/ module performs the task of updating
the user's password.
<p>
In the case of conventional unix databases (which store the password
encrypted) the <tt/md5/ argument is used to do the encryption with the
MD5 function as opposed to the <em/conventional/ <tt/crypt(3)/ call.
As an alternative to this, the <tt/bigcrypt/ argument can be used to
encrypt more than the first 8 characters of a password with DEC's
(Digital Equipment Cooperation) `C2' extension to the standard UNIX
<tt/crypt()/ algorithm.
<p>
The <tt/nullok/ argument is used to permit the changing of a password
<em/from/ an empty one. Without this argument, empty passwords are
treated as account-locking ones.
<p>
The argument <tt/use_first_pass/ is used to lock the choice of old and
new passwords to that dictated by the previously stacked <tt/password/
module. The <tt/try_first_pass/ argument is used to avoid the user
having to re-enter an old password when <tt/pam_unix/ follows a module
that possibly shared the user's old password - if this old password is
not correct the user will be prompted for the correct one. The
argument <tt/use_authtok/ is used to <em/force/ this module to set the
new password to the one provided by the previously stacked
<tt/password/ module (this is used in an example of the stacking of
the <em/Cracklib/ module documented above).
<p>
The <tt/not_set_pass/ argument is used to inform the module that it is
not to pay attention to/make available the old or new passwords from/to
other (stacked) password modules.
<p>
The <tt/debug/ argument makes the password functions of this module
<tt/syslog(3)/ more information on its actions. Other arguments may be
logged as erroneous to <tt/syslog(3)/. The <tt/audit/ argument causes
even more information to be logged.
<p>
With the <tt/nis/ argument, <tt/pam_unix/ will attempt to use NIS RPC
for setting new passwords.
<p>
The <tt/remember/ argument takes one value. This is the number of most
recent passwords to save for each user. These are saved in
<tt>/etc/security/opasswd</tt> in order to force password change history
and keep the user from alternating between the same password too frequently.
<tag><bf>Examples/suggested usage:</bf></tag>
Standard usage:
<tscreen>
<verb>
#
# Change the users password
#
passwd password required pam_unix.so
</verb>
</tscreen>
<p>
An example of the stacking of this module with respect to the
pluggable password checking module, <tt/pam_cracklib/:
<tscreen>
<verb>
#
# Change the users password
#
passwd password required pam_cracklib.so retry=3 minlen=6 difok=3
passwd password required pam_unix.so use_authtok nullok md5
</verb>
</tscreen>
</descrip>
<sect2>Session component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tag><bf>Description:</bf></tag>
No arguments are recognized by this module component. Its action is
simply to log the username and the service-type to
<tt/syslog(3)/. Messages are logged at the beginning and end of the
user's session.
<tag><bf>Examples/suggested usage:</bf></tag>
The use of the session modules is straightforward:
<tscreen>
<verb>
#
# session opening and closing
#
login session required pam_unix.so
</verb>
</tscreen>
</descrip>
<!--
End of sgml insert for this module.
-->

112
contrib/libpam/doc/modules/pam_userdb.sgml Normal file
View File

@ -0,0 +1,112 @@
<!--
This file was written by Cristian Gafton <gafton@redhat.com>
-->
<sect1>The userdb module
<sect2>Synopsis
<p>
<descrip>
<tag><bf>Module Name:</bf></tag>
<tt/pam_userdb/
<tag><bf>Author:</bf></tag>
Cristian Gafton &lt;gafton@redhat.com&gt;
<tag><bf>Maintainer:</bf></tag>
Author.
<tag><bf>Management groups provided:</bf></tag>
authentication
<tag><bf>Cryptographically sensitive:</bf></tag>
<tag><bf>Security rating:</bf></tag>
<tag><bf>Clean code base:</bf></tag>
<tag><bf>System dependencies:</bf></tag>
Requires Berkeley DB.
<tag><bf>Network aware:</bf></tag>
</descrip>
<sect2>Overview of module
<p>
Look up users in a .db database and verify their password against
what is contained in that database.
<sect2>Authentication component
<p>
<descrip>
<tag><bf>Recognized arguments:</bf></tag>
<tt/debug/;
<tt/icase/;
<tt/dump/;
<tt/db=XXXX/;
<tag><bf>Description:</bf></tag>
This module is used to verify a username/password pair against values stored in
a Berkeley DB database. The database is indexed by the username, and the data
fields corresponding to the username keys are the passwords, in unencrypted form,
so caution must be exercised over the access rights to the DB database itself..
The module will read the password from the user using the conversation mechanism. If
you are using this module on top of another authetication module (like <tt/pam_pwdb/;)
then you should tell that module to read the entered password from the PAM_AUTHTOK field, which is set by this module.
<p>
The action of the module may be modified from this default by one or
more of the following flags in the <tt>/etc/pam.d/&lt;service&gt;</tt> file.
<itemize>
<item>
<tt/debug/ -
Supply more debugging information to <tt/syslog(3)/.
<item>
<tt/icase/ -
Perform the password comparisons case insensitive.
<item>
<tt/dump/ -
dump all the entries in the database to the log (eek,
don't do this by default!)
<item>
<tt/db=XXXX/ -
use the database found on pathname XXXX. Note that Berkeley DB usually adds the
needed filename extension for you, so you should use something like <tt>/etc/foodata</tt>
instead of <tt>/etc/foodata.db</tt>.
</itemize>
<tag><bf>Examples/suggested usage:</bf></tag>
This is a normal ftp configuration file (usually placed as <tt>/etc/pam.d/ftp</tt>
on most systems) that will accept for login users whose username/password pairs are
provided in the <tt>/tmp/dbtest.db</tt> file:
<tscreen>
<verb>
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth sufficient pam_userdb.so icase db=/tmp/dbtest
auth required pam_pwdb.so shadow nullok try_first_pass
auth required pam_shells.so
account required pam_pwdb.so
session required pam_pwdb.so
</verb>
</tscreen>
</descrip>
<!--
End of sgml insert for this module.
-->

2
contrib/libpam/doc/modules/pam_warn.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_warn.sgml,v 1.1 1996/11/30 20:59:32 morgan Exp $
$Id: pam_warn.sgml,v 1.1.1.1 2000/06/20 22:11:05 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
-->

13
contrib/libpam/doc/modules/pam_wheel.sgml
View File

@ -1,5 +1,5 @@
<!--
$Id: pam_wheel.sgml,v 1.3 1997/02/15 18:25:44 morgan Exp morgan $
$Id: pam_wheel.sgml,v 1.1.1.1 2000/06/20 22:11:05 agmorgan Exp $
This file was written by Andrew G. Morgan <morgan@parc.power.net>
from notes provided by Cristian Gafton.
@ -56,10 +56,11 @@ Only permit root access to members of the wheel (<tt/gid=0/) group.
<tag><bf>Description:</bf></tag>
This module is used to enforce the so-called wheel group. By default,
it permits root access to the system if the applicant user is a member
of the <tt/wheel/ group (better described as the group with group-id
<tt/0/).
This module is used to enforce the so-called <em/wheel/ group. By
default, it permits root access to the system if the applicant user is
a member of the <tt/wheel/ group (first, the module checks for the
existence of a '<tt/wheel/' group. Otherwise the module defines the
group with group-id <tt/0/ to be the <em/wheel/ group).
<p>
The action of the module may be modified from this default by one or
@ -70,7 +71,7 @@ more of the following flags in the <tt>/etc/pam.conf</tt> file.
Supply more debugging information to <tt/syslog(3)/.
<item>
<tt/use_id/ -
<tt/use_uid/ -
This option modifies the behavior of the module by using the current
<tt/uid/ of the process and not the <tt/getlogin(3)/ name of the user.
This option is useful for being able to jump from one account to

288
contrib/libpam/doc/pam_appl.sgml
View File

@ -2,9 +2,9 @@
<!--
$Id: pam_appl.sgml,v 1.16 1997/04/05 06:49:14 morgan Exp morgan $
$Id: pam_appl.sgml,v 1.5 2001/03/19 01:46:41 agmorgan Exp $
Copyright (C) Andrew G. Morgan 1996, 1997. All rights reserved.
Copyright (C) Andrew G. Morgan 1996-2001. All rights reserved.
Redistribution and use in source (sgml) and binary (derived) forms,
with or without modification, are permitted provided that the
@ -45,8 +45,8 @@ DAMAGE.
<article>
<title>The Linux-PAM Application Developers' Guide
<author>Andrew G. Morgan, <tt>morgan@linux.kernel.org</tt>
<date>DRAFT v0.63 1998/1/18
<author>Andrew G. Morgan, <tt>morgan@kernel.org</tt>
<date>DRAFT v0.75 2001/03/18
<abstract>
This manual documents what an application developer needs to know
about the <bf>Linux-PAM</bf> library. It describes how an application
@ -71,7 +71,7 @@ information:
<verb>
#include <security/pam_appl.h>
cc -o application .... -lpam
cc -o application .... -lpam -ldl
</verb>
</tscreen>
@ -85,7 +85,7 @@ specific to the Linux-PAM distribution):
...
#include <security/pam_misc.h>
cc -o application .... -lpam -lpam_misc
cc -o application .... -lpam -lpam_misc -ldl
</verb>
</tscreen>
@ -130,7 +130,7 @@ manage. In addition to authentication, PAM provides account
management, credential management, session management and
authentication-token (password changing) management services. It is
important to realize when writing a PAM based application that these
services are provided in a manner that is <bf>transparent</bf> to the
services are provided in a manner that is <bf>transparent</bf> to
the application. That is to say, when the application is written, no
assumptions can be made about <em>how</em> the client will be
authenticated.
@ -179,7 +179,7 @@ provided in a later section.
For example, the conversation function may be called by the PAM library
with a request to prompt the user for a password. Its job is to
reformat the prompt request into a form that the client will
understand. In the case of <tt>ftpd</tt>, this will involve prefixing
understand. In the case of <tt>ftpd</tt>, this might involve prefixing
the string with the number <tt>331</tt> and sending the request over
the network to a connected client. The conversation function will
then obtain any reply and, after extracting the typed password, will
@ -218,9 +218,9 @@ PAM is also capable of setting and deleting the users credentials with
the call <tt>pam_setcred()</tt>. This function should always be
called after the user is authenticated and before service is offered
to the user. By convention, this should be the last call to the PAM
library before service is given to the user. What exactly a
credential is, is not well defined. However, some examples are given
in the glossary below.
library before the PAM session is opened. What exactly a credential
is, is not well defined. However, some examples are given in the
glossary below.
<sect>The public interface to <bf>Linux-PAM</bf>
@ -233,7 +233,7 @@ some guiding remarks for programmers.
<sect1>What can be expected by the application
<p>
Here we document those functions in the <bf/Linux-PAM/ library that
Below we document those functions in the <bf/Linux-PAM/ library that
may be called from an application.
<sect2>Initialization of Linux-PAM
@ -288,12 +288,16 @@ to cause a segmentation fault if accessed).
<p>
Under normal conditions the argument <tt/pam_status/ has the value
PAM_SUCCESS, but in the event of an unsuccessful service application
the approprite <bf/Linux-PAM/ error-return value should be used
here.
attempt its purpose is to be passed as an argument to the
module specific function <tt/cleanup()/ (see the <bf/Linux-PAM/
<htmlurl url="pam_modules.html" name="Module Developers' Guide">).
PAM_SUCCESS, but in the event of an unsuccessful application for
service the appropriate <bf/Linux-PAM/ error-return value should be
used here. Note, <tt/pam_end()/ unconditionally shuts down the
authentication stack associated with the <tt/pamh/ handle. The value
taken by <tt/pam_status/ is used as an argument to the module specific
callback functions, <tt/cleanup()/ (see the <bf/Linux-PAM/ <htmlurl
url="pam_modules.html" name="Module Developers' Guide">). In this way,
the module can be given notification of the pass/fail nature of the
tear-down process, and perform any last minute tasks that are
appropriate to the module before it is unlinked.
<sect2>Setting PAM items
<label id="pam-set-item-section">
@ -316,33 +320,41 @@ extern int pam_set_item(pam_handle_t *pamh, int item_type,
<tag><tt/PAM_USER/</tag>
The user name
<tag><tt/PAM_USER_PROMPT/</tag>
The string used when prompting for a user's name. The default
value for this string is ``Please enter username: ''.
<tag><tt/PAM_TTY/</tag>
The terminal name: prefixed by <tt>/dev/</tt> if it is a
device file; for graphical, X-based, applications the value for this
item should be the <tt/&dollar;DISPLAY/ variable.
<tag><tt/PAM_RUSER/</tag>
The requesting user's username
<tag><tt/PAM_RHOST/</tag>
The remote host name
The requesting hostname (the hostname of the machine from which
the <tt/PAM_RUSER/ is requesting service)
<tag><tt/PAM_CONV/</tag>
The conversation structure (see section <ref
id="the-conversation-function" name="below">)
<tag><tt/PAM_RUSER/</tag>
The remote user name
<tag><tt/PAM_USER_PROMPT/</tag>
The string used when prompting for a user's name. The default
value for this string is ``Please enter username: ''.
<tag><tt/PAM_FAIL_DELAY/</tag> A function pointer to redirect
centrally managed failure delays (see section <ref
id="the-failure-delay-function" name="below">).
</descrip>
<p>
For all <tt/item_type/s, other than <tt/PAM_CONV/, <tt/item/ is a
pointer to a <tt>&lt;NUL&gt;</tt> terminated character string. In the
case of <tt/PAM_CONV/, <tt/item/ points to an initialized
<tt/pam_conv/ structure (see section <ref
id="the-conversation-function" name="below">).
For all <tt/item_type/s, other than <tt/PAM_CONV/ and
<tt/PAM_FAIL_DELAY/, <tt/item/ is a pointer to a <tt>&lt;NUL&gt;</tt>
terminated character string. In the case of <tt/PAM_CONV/, <tt/item/
points to an initialized <tt/pam_conv/ structure (see section <ref
id="the-conversation-function" name="below">). In the case of
<tt/PAM_FAIL_DELAY/, <tt/item/ is a function pointer: <tt/void
(*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr)/ (see
section <ref id="the-failure-delay-function" name="below">).
<p>
A successful call to this function returns <tt/PAM_SUCCESS/. However,
@ -350,13 +362,17 @@ the application should expect one of the following errors:
<p>
<descrip>
<tag><tt/PAM_SYSTEM_ERR/</tag>
The <tt/pam_handle_t/ passed as a first argument to this
function was invalid.
<tag><tt/PAM_PERM_DENIED/</tag>
An attempt was made to replace the conversation structure with
a <tt/NULL/ value.
a <tt/NULL/ value.
<tag><tt/PAM_BUF_ERR/</tag>
The function ran out of memory making a copy of the item.
<tag><tt/PAM_BAD_ITEM/</tag>
The application attempted to set an undefined item.
The application attempted to set an undefined or inaccessible
item.
</descrip>
<sect2>Getting PAM items
@ -375,9 +391,31 @@ This function is used to obtain the value of the indicated
<tt/item_type/. Upon successful return, <tt/*item/ contains a pointer
to the value of the corresponding item. Note, this is a pointer to
the <em/actual/ data and should <em/not/ be <tt/free()/'ed or
over-written! A successful call is signaled by a return value of
<tt/PAM_SUCCESS/. If an attempt is made to get an undefined item,
<tt/PAM_BAD_ITEM/ is returned.
over-written!
<p>
A successful call is signaled by a return value of <tt/PAM_SUCCESS/.
However, the application should expect one of the following errors:
<p>
<descrip>
<tag><tt/PAM_SYSTEM_ERR/</tag>
The <tt/pam_handle_t/ passed as a first argument to this
function was invalid.
<tag><tt/PAM_PERM_DENIED/</tag>
The value of <tt/item/ was <tt/NULL/.
<tag><tt/PAM_BAD_ITEM/</tag>
The application attempted to set an undefined or inaccessible
item.
</descrip>
<p>
Note, in the case of an error, the contents of <tt/item/ is not
modified - that is, it retains its pre-call value. One should take
care to initialize this value prior to calling
<tt/pam_get_item()/. Since, if its value - despite the
<tt/pam_get_item()/ function failing - is to be used the consequences
are undefined.
<sect2>Understanding errors
<label id="pam-strerror-section">
@ -395,6 +433,7 @@ error associated with the argument <tt/errnum/. If the error is not
recognized ``<tt/Unknown Linux-PAM error/'' is returned.
<sect2>Planning for delays
<label id="the-failure-delay-function">
<p>
<tscreen>
@ -410,9 +449,9 @@ is returned to the application. When using this function the
application programmer should check if it is available with,
<tscreen>
<verb>
#ifdef HAVE_PAM_FAIL_DELAY
#ifdef PAM_FAIL_DELAY
....
#endif /* HAVE_PAM_FAIL_DELAY */
#endif /* PAM_FAIL_DELAY */
</verb>
</tscreen>
@ -420,14 +459,14 @@ application programmer should check if it is available with,
<p>
Generally, an application requests that a user is authenticated by
<bf/Linux-PAM/ through a call to <tt/pam_authenticate()/ or
<tt/pam_chauthtok()/. These functions calls each of the <em/stacked/
authentication modules listed in the <tt>/etc/pam.conf</tt> file. As
directed by this file, one of more of the modules may fail causing the
<tt/pam_...()/ call to return an error. It is desirable for there to
also be a pause before the application continues. The principal reason
for such a delay is security: a delay acts to discourage <em/brute
force/ dictionary attacks primarily, but also helps hinder
<em/timed/ (covert channel) attacks.
<tt/pam_chauthtok()/. These functions call each of the <em/stacked/
authentication modules listed in the relevant <bf/Linux-PAM/
configuration file. As directed by this file, one of more of the
modules may fail causing the <tt/pam_...()/ call to return an error.
It is desirable for there to also be a pause before the application
continues. The principal reason for such a delay is security: a delay
acts to discourage <em/brute force/ dictionary attacks primarily, but
also helps hinder <em/timed/ (covert channel) attacks.
<p>
The <tt/pam_fail_delay()/ function provides the mechanism by which an
@ -441,6 +480,34 @@ randomly distributed (by up to 25%) about this longest value.
Independent of success, the delay time is reset to its zero default
value when <bf/Linux-PAM/ returns control to the application.
<p>
For applications written with a single thread that are event driven in
nature, <tt/libpam/ generating this delay may be undesirable. Instead,
the application may want to register the delay in some other way. For
example, in a single threaded server that serves multiple
authentication requests from a single event loop, the application
might want to simply mark a given connection as blocked until an
application timer expires. For this reason, <bf/Linux-PAM/ supplies
the <tt/PAM_FAIL_DELAY/ item. It can be queried and set with
<tt/pam_get_item()/ and <tt/pam_set_item()/ respectively. The value
used to set it should be a function pointer of the following
prototype:
<tscreen>
<verb>
void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr);
</verb>
</tscreen>
The arguments being the <tt/retval/ return code of the module stack,
the <tt/usec_delay/ micro-second delay that libpam is requesting and
the <tt/appdata_ptr/ that the application has associated with the
current <tt/pamh/ (<tt/pam_handle_t/). This last value was set by the
application when it called <tt/pam_start/ or explicitly with
<tt/pam_set_item(... , PAM_CONV, ...)/. Note, if <tt/PAM_FAIL_DELAY/
is unset (or set to <tt/NULL/), then <tt/libpam/ will perform any
delay.
<sect2>Authenticating the user
<p>
@ -502,7 +569,7 @@ extern int pam_setcred(pam_handle_t *pamh, int flags);
<p>
This function is used to set the module-specific credentials of the
user. It is usually called after the user has been authenticated,
after the account management function has been called and after a
after the account management function has been called but before a
session has been opened for the user.
<p>
@ -583,7 +650,7 @@ this. In such cases, the user should be denied access until such time
as they can update their password.
<tag><tt/PAM_ACCT_EXPIRED/</tag>
The user is no longer permitted access to the system.
The user is no longer permitted to access the system.
<tag><tt/PAM_AUTH_ERR/</tag>
There was an authentication error.
@ -667,7 +734,7 @@ extern int pam_open_session(pam_handle_t *pamh, int flags);
<p>
This function is used to indicate that an authenticated session has
begun. It is used to inform the module that the user is currently in
begun. It is used to inform the modules that the user is currently in
a session. It should be possible for the <bf>Linux-PAM</bf> library
to open a session and close the same session (see section <ref
id="pam-close-session-section" name="below">) from different
@ -694,14 +761,15 @@ extern int pam_close_session(pam_handle_t *pamh, int flags);
<p>
This function is used to indicate that an authenticated session has
ended. It is used to inform the module that the user is exiting a
ended. It is used to inform the modules that the user is exiting a
session. It should be possible for the <bf>Linux-PAM</bf> library to
open a session and close the same session from different applications.
<p>
Currently, this function simply calls each of the corresponding
functions of the loaded modules. The only valid flag is
<tt/PAM_SILENT/ and this is, of course, <em/optional/.
This function simply calls each of the corresponding functions of the
loaded modules in the same order that they were invoked with
<tt/pam_open_session()/. The only valid flag is <tt/PAM_SILENT/ and
this is, of course, <em/optional/.
<p>
If any of the <em/required/ loaded modules are unable to close a
@ -717,14 +785,6 @@ extern int pam_putenv(pam_handle_t *pamh, const char *name_value);
</verb>
</tscreen>
<p>
<em>
Warning, the environment support in <bf/Linux-PAM/ is based solely
on a six line email from the developers at Sun. Its interface is
likely to be generally correct, however, the details are likely to be
changed as more information becomes available.
</em>
<p>
This function attempts to (re)set a <bf/Linux-PAM/ environment
variable. The <tt/name_value/ argument is a single <tt/NUL/ terminated
@ -746,7 +806,7 @@ setting.
<tag>``<tt/NAME/''</tag>
Without an `<tt/=/' the <tt/pam_putenv()/ function will delete the
correspoding variable from the <bf/Linux-PAM/ environment.
corresponding variable from the <bf/Linux-PAM/ environment.
</descrip>
@ -927,7 +987,7 @@ to display some text.
<p>
Post Linux-PAM-0.59 (and in the interests of compatibility with
Sunsoft). The number of resposes is always equal to the <tt/num_msg/
Sunsoft). The number of responses is always equal to the <tt/num_msg/
conversation function argument. This is slightly easier to program
but does require that the response array is <tt/free(3)/'d after every
call to the conversation function. The index of the responses
@ -968,6 +1028,13 @@ generated.
<sect>Security issues of <bf>Linux-PAM</bf>
<p>
PAM, from the perspective of an application, is a convenient API for
authenticating users. PAM modules generally have no increased
privilege over that possessed by the application that is making use of
it. For this reason, the application must take ultimate responsibility
for protecting the environment in which PAM operates.
<p>
A poorly (or maliciously) written application can defeat any
<bf/Linux-PAM/ module's authentication mechanisms by simply ignoring
@ -994,17 +1061,17 @@ library, or copy the structure contents to some safe area of memory
before passing control to the <bf/Linux-PAM/ library.
<p>
Two function classes that fall into this category are
Two important function classes that fall into this category are
<tt>getpwnam(3)</tt> and <tt>syslog(3)</tt>.
<sect1>Choice of a service name
<p>
When picking the <em/service-name/ that corresponds to the first entry
in the <tt>/etc/pam.conf</tt> file, the application programmer should
<bf/avoid/ the temptation of choosing something related to
in the <bf/Linux-PAM/ configuration file, the application programmer
should <bf/avoid/ the temptation of choosing something related to
<tt/argv[0]/. It is a trivial matter for any user to invoke any
application on a system under a different name -- this should not be
application on a system under a different name and this should not be
permitted to cause a security breach.
<p>
@ -1019,14 +1086,14 @@ ln -s /target/application ./preferred_name
and then <em/run/ <tt>./preferred_name</tt>
<p>
By studying the <bf/Linux-PAM/ configuration file,
<tt>/etc/pam.conf</tt>, an attacker can choose the <tt/preferred_name/
to be that of a service enjoying minimal protection; for example a
game which uses <bf/Linux-PAM/ to restrict access to certain hours of
the day. If the service-name were to be linked to the filename under
which the service was invoked, it is clear that the user is
effectively in the position of dictating which authentication scheme
the service uses. Needless to say, this is not a secure situation.
By studying the <bf/Linux-PAM/ configuration file(s), an attacker can
choose the <tt/preferred_name/ to be that of a service enjoying
minimal protection; for example a game which uses <bf/Linux-PAM/ to
restrict access to certain hours of the day. If the service-name were
to be linked to the filename under which the service was invoked, it
is clear that the user is effectively in the position of dictating
which authentication scheme the service uses. Needless to say, this
is not a secure situation.
<p>
The conclusion is that the application developer should carefully
@ -1051,16 +1118,40 @@ identity of the user once the service is granted.
<p>
The need for keeping tabs on these identities is clearly an issue of
security. Basically, the identity of the user requesting a service
should be the current <tt/uid/ (userid) of the running process; the
identity of the privilege granting user is the <tt/euid/ (effective
userid) of the running process; the identity of the user, under whose
name the service will be executed, is given by the contents of the
<tt/PAM_USER/ <tt/pam_get_item(2)/.
security. One convention that is actively used by some modules is
that the identity of the user requesting a service should be the
current <tt/uid/ (userid) of the running process; the identity of the
privilege granting user is the <tt/euid/ (effective userid) of the
running process; the identity of the user, under whose name the
service will be executed, is given by the contents of the
<tt/PAM_USER/ <tt/pam_get_item(3)/.
<p>
In addition the identity of a remote user, requesting the service from
a distant location, will be placed in the <tt/PAM_RUSER/ item.
For network-serving databases and other applications that provide
their own security model (independent of the OS kernel) the above
scheme is insufficient to identify the requesting user.
<p>
A more portable solution to storing the identity of the requesting
user is to use the <tt/PAM_RUSER/ <tt/pam_get_item(3)/. The
application should supply this value before attempting to authenticate
the user with <tt/pam_authenticate()/. How well this name can be
trusted will ultimately be at the discretion of the local
administrator (who configures PAM for your application) and a selected
module may attempt to override the value where it can obtain more
reliable data. If an application is unable to determine the identity
of the requesting entity/user, it should not call <tt/pam_set_item(3)/
to set <tt/PAM_RUSER/.
<p>
In addition to the <tt/PAM_RUSER/ item, the application should supply
the <tt/PAM_RHOST/ (<em/requesting host/) item. As a general rule, the
following convention for its value can be assumed: <tt/&lt;unset&gt;/
= unknown; <tt/localhost/ = invoked directly from the local system;
<em/other.place.xyz/ = some component of the user's connection
originates from this remote/requesting host. At present, PAM has no
established convention for indicating whether the application supports
a trusted path to communication from this host.
<sect1>Sufficient resources
@ -1072,6 +1163,13 @@ it should fail gracefully, or request additional resources.
Specifically, the quantities manipulated by the <tt/setrlimit(2)/
family of commands should be taken into consideration.
<p>
This is also true of conversation prompts. The application should not
accept prompts of arbitrary length with out checking for resource
allocation failure and dealing with such extreme conditions gracefully
and in a mannor that preserves the PAM API. Such tolerance may be
especially important when attempting to track a malicious adversary.
<sect>A library of miscellaneous helper functions
<label id="libpam-misc-section">
@ -1242,7 +1340,7 @@ The following is extracted from an email. I'll tidy it up later.
<p>
The point of PAM is that the application is not supposed to have any
idea how the attatched authentication modules will choose to
idea how the attached authentication modules will choose to
authenticate the user. So all they can do is provide a conversation
function that will talk directly to the user(client) on the modules'
behalf.
@ -1256,10 +1354,10 @@ point is that the retinal scanner is an ideal task for a "module".
<p>
While it is true that a pop-daemon program is designed with the POP
protocol in mind and no-one ever considered attatching a retinal
protocol in mind and no-one ever considered attaching a retinal
scanner to it, it is also the case that the "clean" PAM'ification of
such a daemon would allow for the possibility of a scanner module
being be attatched to it. The point being that the "standard"
being be attached to it. The point being that the "standard"
pop-authentication protocol(s) [which will be needed to satisfy
inflexible/legacy clients] would be supported by inserting an
appropriate pam_qpopper module(s). However, having rewritten popd
@ -1280,7 +1378,7 @@ of the authentication procedure (how many passwords etc..) the
exchange protocol (prefixes to prompts etc., numbers like 331 in the
case of ftpd) and what is part of the service that the application
delivers. PAM really needs to have total control in the
authentication "proceedure", the conversation function should only
authentication "procedure", the conversation function should only
deal with reformatting user prompts and extracting responses from raw
input.
@ -1459,30 +1557,41 @@ This document was written by Andrew G. Morgan
<!-- insert credits here -->
<!--
an sgml list of people to credit for their contributions to Linux-PAM
$Id: CREDITS,v 1.4 1997/04/05 06:47:26 morgan Exp morgan $
$Id: pam_appl.sgml,v 1.5 2001/03/19 01:46:41 agmorgan Exp $
-->
Chris Adams,
Peter Allgeyer,
Tim Baverstock,
Tim Berger,
Craig S. Bell,
Derrick J. Brashear,
Ben Buxton,
Seth Chaiklin,
Oliver Crow,
Chris Dent,
Marc Ewing,
Cristian Gafton,
Emmanuel Galanos,
Brad M. Garcia,
Eric Hester,
Roger Hu,
Eric Jacksch,
Michael K. Johnson,
David Kinchlea,
Olaf Kirch,
Marcin Korzonek,
Stephen Langasek,
Nicolai Langfeldt,
Elliot Lee,
Luke Kenneth Casson Leighton,
Al Longyear,
Ingo Luetkebohle,
Marek Michalkiewicz,
Robert Milkowski,
Aleph One,
Martin Pool,
Sean Reifschneider,
Jan Rekorajski,
Erik Troan,
Theodore Ts'o,
Jeff Uphoff,
@ -1495,7 +1604,6 @@ Joseph S. D. Yao
and
Alex O. Yuriev.
<p>
Thanks are also due to Sun Microsystems, especially to Vipin Samar and
Charlie Lai for their advice. At an early stage in the development of
@ -1512,7 +1620,7 @@ credited for all the good work they have done.
<sect>Copyright information for this document
<p>
Copyright (c) Andrew G. Morgan 1996, 1997. All rights reserved.
Copyright (c) Andrew G. Morgan 1996-9. All rights reserved.
<newline>
Email: <tt>&lt;morgan@transmeta.com&gt;</tt>
@ -1562,6 +1670,6 @@ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
<p>
<tt>$Id: pam_appl.sgml,v 1.16 1997/04/05 06:49:14 morgan Exp morgan $</tt>
<tt>$Id: pam_appl.sgml,v 1.5 2001/03/19 01:46:41 agmorgan Exp $</tt>
</article>

185
contrib/libpam/doc/pam_modules.sgml
View File

@ -2,9 +2,9 @@
<!--
$Id: pam_modules.sgml,v 1.19 1997/04/05 06:49:14 morgan Exp morgan $
$Id: pam_modules.sgml,v 1.6 2001/02/22 04:58:51 agmorgan Exp $
Copyright (c) Andrew G. Morgan 1996, 1997. All rights reserved.
Copyright (c) Andrew G. Morgan 1996-2001. All rights reserved.
** some sections, in this document, were contributed by other
** authors. They carry individual copyrights.
@ -48,8 +48,8 @@ DAMAGE.
<article>
<title>The Linux-PAM Module Writers' Guide
<author>Andrew G. Morgan, <tt>morgan@transmeta.com</tt>
<date>DRAFT v0.59 1997/10/17
<author>Andrew G. Morgan, <tt>morgan@kernel.org</tt>
<date>DRAFT v0.75 2001/02/21
<abstract>
This manual documents what a programmer needs to know in order to
write a module that conforms to the <bf/Linux-PAM/ standard. It also
@ -68,7 +68,7 @@ programmer.
#include <security/pam_modules.h>
gcc -fPIC -c pam_module-name.c
ld -x --shared -o pam_module-name.so pam_module-name.o -lpam
ld -x --shared -o pam_module-name.so pam_module-name.o
</verb>
</tscreen>
@ -122,13 +122,11 @@ Setting data
Synopsis:
<tscreen>
<verb>
extern int pam_set_data(pam_handle_t *pamh
, const char *module_data_name
, void *data
, void (*cleanup)(pam_handle_t *pamh
, void *data
, int error_status)
);
extern int pam_set_data(pam_handle_t *pamh,
const char *module_data_name,
void *data,
void (*cleanup)(pam_handle_t *pamh,
void *data, int error_status) );
</verb>
</tscreen>
@ -159,16 +157,15 @@ module may choose to delete the ticket file (<em/authentication
failure/) or leave it in place.
<p>
(*This paragraph is currently under advisement with Sun*) The
<tt/error_status/ may have been logically OR'd with either of the
The <tt/error_status/ may have been logically OR'd with either of the
following two values:
<p>
<descrip>
<tag><tt/PAM_DATA_REPLACE/</tag>
When a data item is being replaced (through a second call to
<tt/pam_set_data()/) this mask is used is used. Otherwise, the call is
assumed to be from <tt/pam_end()/.
<tt/pam_set_data()/) this mask is used. Otherwise, the call is assumed
to be from <tt/pam_end()/.
<tag><tt/PAM_DATA_SILENT/</tag>
Which indicates that the process would prefer to perform the
@ -185,10 +182,9 @@ Getting data
Synopsis:
<tscreen>
<verb>
extern int pam_get_data(const pam_handle_t *pamh
, const char *module_data_name
, const void **data
);
extern int pam_get_data(const pam_handle_t *pamh,
const char *module_data_name,
const void **data);
</verb>
</tscreen>
@ -211,10 +207,9 @@ Setting items
Synopsis:
<tscreen>
<verb>
extern int pam_set_item(pam_handle_t *pamh
, int item_type
, const void *item
);
extern int pam_set_item(pam_handle_t *pamh,
int item_type,
const void *item);
</verb>
</tscreen>
@ -231,8 +226,8 @@ following two <tt/item_type/s:
<descrip>
<tag><tt/PAM_AUTHTOK/</tag>
The authentication token (password). This token should be ignored by
all module functions besides <tt/pam_sm_authenticate()/ and
The authentication token (often a password). This token should be
ignored by all module functions besides <tt/pam_sm_authenticate()/ and
<tt/pam_sm_chauthtok()/. In the former function it is used to pass the
most recent authentication token from one stacked module to
another. In the latter function the token is used for another
@ -262,10 +257,9 @@ Getting items
Synopsis:
<tscreen>
<verb>
extern int pam_get_item(const pam_handle_t *pamh
, int item_type
, const void **item
);
extern int pam_get_item(const pam_handle_t *pamh,
int item_type,
const void **item);
</verb>
</tscreen>
@ -346,10 +340,9 @@ The return values for this function are listed in the
Synopsis:
<tscreen>
<verb>
extern int pam_get_user(pam_handle_t *pamh
, const char **user
, const char *prompt
);
extern int pam_get_user(pam_handle_t *pamh,
const char **user,
const char *prompt);
</verb>
</tscreen>
@ -386,6 +379,27 @@ Also, in addition, it should be noted that this function sets the
<tt/PAM_USER/ item that is associated with the <tt/pam_[gs]et_item()/
function.
<p>
The return value of this function is one of the following:
<itemize>
<item> <tt/PAM_SUCCESS/ - username obtained.
<item> <tt/PAM_CONV_AGAIN/ - converstation did not complete and the
caller is required to return control to the application, until such
time as the application has completed the conversation process. A
module calling <tt/pam_get_user()/ that obtains this return code,
should return <tt/PAM_INCOMPLETE/ and be prepared (when invoked the
next time) to recall <tt/pam_get_user()/ to fill in the user's name,
and then pick up where it left off as if nothing had happened. This
procedure is needed to support an event-driven application programming
model.
<item> <tt/PAM_CONV_ERR/ - the conversation method supplied by the
application failed to obtain the username.
</itemize>
<sect2>Setting a Linux-PAM environment variable
<p>
@ -397,7 +411,7 @@ extern int pam_putenv(pam_handle_t *pamh, const char *name_value);
</tscreen>
<p>
<bf/Linux-PAM/ (0.54+) comes equipped with a series of functions for
<bf/Linux-PAM/ comes equipped with a series of functions for
maintaining a set of <em/environment/ variables. The environment is
initialized by the call to <tt/pam_start()/ and is <bf/erased/ with a
call to <tt/pam_end()/. This <em/environment/ is associated with the
@ -515,23 +529,23 @@ is returned to the application. When using this function the module
programmer should check if it is available with,
<tscreen>
<verb>
#ifdef HAVE_PAM_FAIL_DELAY
#ifdef PAM_FAIL_DELAY
....
#endif /* HAVE_PAM_FAIL_DELAY */
#endif /* PAM_FAIL_DELAY */
</verb>
</tscreen>
<p>
Generally, an application requests that a user is authenticated by
<bf/Linux-PAM/ through a call to <tt/pam_authenticate()/ or
<tt/pam_chauthtok()/. These functions calls each of the <em/stacked/
authentication modules listed in the <tt>/etc/pam.conf</tt> file. As
directed by this file, one of more of the modules may fail causing the
<tt/pam_...()/ call to return an error. It is desirable for there to
also be a pause before the application continues. The principal reason
for such a delay is security: a delay acts to discourage <em/brute
force/ dictionary attacks primarily, but also helps hinder
<em/timed/ (covert channel) attacks.
<tt/pam_chauthtok()/. These functions call each of the <em/stacked/
authentication modules listed in the <bf/Linux-PAM/ configuration
file. As directed by this file, one of more of the modules may fail
causing the <tt/pam_...()/ call to return an error. It is desirable
for there to also be a pause before the application continues. The
principal reason for such a delay is security: a delay acts to
discourage <em/brute force/ dictionary attacks primarily, but also
helps hinder <em/timed/ (cf. covert channel) attacks.
<p>
The <tt/pam_fail_delay()/ function provides the mechanism by which an
@ -677,8 +691,9 @@ This function performs the task of altering the credentials of the
user with respect to the corresponding authorization
scheme. Generally, an authentication module may have access to more
information about a user than their authentication token. This
function is used to append such information to the application. It
should only be called <em/after/ the user has been authenticated.
function is used to make such information available to the
application. It should only be called <em/after/ the user has been
authenticated but before a session has been established.
<p>
Permitted flags, one of which, may be logically OR'd with
@ -695,6 +710,28 @@ Permitted flags, one of which, may be logically OR'd with
Extend the lifetime of the user credentials.
</descrip>
<p>
Prior to <bf/Linux-PAM-0.75/, and due to a deficiency with the way the
<tt/auth/ stack was handled in the case of the setcred stack being
processed, the module was required to attempt to return the same error
code as <tt/pam_sm_authenticate/ did. This was necessary to preserve
the logic followed by libpam as it executes the stack of
<em/authentication/ modules, when the application called either
<tt/pam_authenticate()/ or <tt/pam_setcred()/. Failing to do this,
led to confusion on the part of the System Administrator.
<p>
For <bf/Linux-PAM-0.75/ and later, libpam handles the credential stack
much more sanely. The way the <tt/auth/ stack is navigated in order to
evaluate the <tt/pam_setcred()/ function call, independent of the
<tt/pam_sm_setcred()/ return codes, is exactly the same way that it
was navigated when evaluating the <tt/pam_authenticate()/ library
call. Typically, if a stack entry was ignored in evaluating
<tt/pam_authenticate()/, it will be ignored when libpam evaluates the
<tt/pam_setcred()/ function call. Otherwise, the return codes from
each module specific <tt/pam_sm_setcred()/ call are treated as
<tt/required/.
<p>
Besides <tt/PAM_SUCCESS/, the module may return one of the following
errors:
@ -710,6 +747,11 @@ errors:
This module was unable to set the credentials of the user.
</descrip>
<p>
these, non-<tt/PAM_SUCCESS/, return values will typically lead to the
credential stack <em/failing/. The first such error will dominate in
the return value of <tt/pam_setcred()/.
</itemize>
<sect1> Account management
@ -953,6 +995,20 @@ executed module). Then, with logical-exclusive-or, use the result as a
<em/key/ to safely store/retrieve the authentication token for this
module in/from a local file <em/etc/. .
<tag><tt/expose_account/</tag>
<p>
In general the leakage of some information about user accounts is not
a secure policy for modules to adopt. Sometimes information such as
users names or home directories, or preferred shell, can be used to
attack a user's account. In some circumstances, however, this sort of
information is not deemed a threat: displaying a user's full name when
asking them for a password in a secured environment could also be
called being 'friendly'. The <tt/expose_account/ argument is a
standard module argument to encourage a module to be less discrete
about account information as it is deemed appropriate by the local
administrator.
</descrip>
<sect>Programming notes
@ -1238,13 +1294,22 @@ endif
For some further examples, see the <tt>modules</tt> subdirectory of
the current <bf/Linux-PAM/ distribution.
<p>
<sect>An example module file
<p>
<em>
perhaps this should point to a place in the file structure!?
</em>
At some point, we may include a fully commented example of a module in
this document. For now, we point the reader to these two locations in
the public CVS repository:
<itemize>
<item> A module that always succeeds: <tt><htmlurl
url="http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/Linux-PAM/modules/pam_permit/?cvsroot=pam"
name="http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/Linux-PAM/modules/pam_permit/?cvsroot=pam"
></tt>
<item> A module that always fails: <tt><htmlurl
url="http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/Linux-PAM/modules/pam_deny/?cvsroot=pam"
name="http://cvs.sourceforge.net/cgi-bin/cvsweb.cgi/Linux-PAM/modules/pam_deny/?cvsroot=pam"
></tt>
</itemize>
<sect>Files
@ -1314,33 +1379,41 @@ This document was written by Andrew G. Morgan
<!-- insert credits here -->
<!--
an sgml list of people to credit for their contributions to Linux-PAM
$Id: pam_modules.sgml,v 1.6 2001/02/22 04:58:51 agmorgan Exp $
-->
<!--
an sgml list of people to credit for their contributions to Linux-PAM
$Id: CREDITS,v 1.4 1997/04/05 06:47:26 morgan Exp morgan $
-->
Chris Adams,
Peter Allgeyer,
Tim Baverstock,
Tim Berger,
Craig S. Bell,
Derrick J. Brashear,
Ben Buxton,
Seth Chaiklin,
Oliver Crow,
Chris Dent,
Marc Ewing,
Cristian Gafton,
Emmanuel Galanos,
Brad M. Garcia,
Eric Hester,
Roger Hu,
Eric Jacksch,
Michael K. Johnson,
David Kinchlea,
Olaf Kirch,
Marcin Korzonek,
Stephen Langasek,
Nicolai Langfeldt,
Elliot Lee,
Luke Kenneth Casson Leighton,
Al Longyear,
Ingo Luetkebohle,
Marek Michalkiewicz,
Robert Milkowski,
Aleph One,
Martin Pool,
Sean Reifschneider,
Jan Rekorajski,
Erik Troan,
Theodore Ts'o,
Jeff Uphoff,
@ -1420,6 +1493,6 @@ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
<p>
<tt>$Id: pam_modules.sgml,v 1.19 1997/04/05 06:49:14 morgan Exp morgan $</tt>
<tt>$Id: pam_modules.sgml,v 1.6 2001/02/22 04:58:51 agmorgan Exp $</tt>
</article>

280
contrib/libpam/doc/pam_source.sgml
View File

@ -2,9 +2,9 @@
<!--
$Id: pam_source.sgml,v 1.5 1997/04/05 06:49:14 morgan Exp morgan $
$Id: pam_source.sgml,v 1.5 2001/03/19 01:46:41 agmorgan Exp $
Copyright (c) Andrew G. Morgan 1996,1997. All rights reserved.
Copyright (c) Andrew G. Morgan 1996-2001. All rights reserved.
Redistribution and use in source (sgml) and binary (derived) forms,
with or without modification, are permitted provided that the
@ -45,8 +45,8 @@ DAMAGE.
<article>
<title>The Linux-PAM System Administrators' Guide
<author>Andrew G. Morgan, <tt>morgan@linux.kernel.org</tt>
<date>DRAFT v0.59 1998/1/7
<author>Andrew G. Morgan, <tt>morgan@kernel.org</tt>
<date>DRAFT v0.75 2001/03/18
<abstract>
This manual documents what a system-administrator needs to know about
the <bf>Linux-PAM</bf> library. It covers the correct syntax of the
@ -140,10 +140,10 @@ command shell (<em>bash, tcsh, zsh, etc.</em>) running with the
identity of the user.
<p>
Traditinally, the former step is achieved by the <em/login/
Traditionally, the former step is achieved by the <em/login/
application prompting the user for a password and then verifying that
it agrees with that located on the system; hence verifying that the
so far as the system is concerned the user is who they claim to be.
it agrees with that located on the system; hence verifying that
as far as the system is concerned the user is who they claim to be.
This is the task that is delegated to <bf/Linux-PAM/.
<p>
@ -215,12 +215,122 @@ configured authentication method. The <bf/Linux-PAM/ library (in the
center) consults the contents of the PAM configuration file and loads
the modules that are appropriate for application-X. These modules fall
into one of four management groups (lower-center) and are stacked in
the order they appear in the configuaration file. These modules, when
the order they appear in the configuration file. These modules, when
called by <bf/Linux-PAM/, perform the various authentication tasks for
the application. Textual information, required from/or offered to the
user, can be exchanged through the use of the application-supplied
<em/conversation/ function.
<sect1>Getting started
<p>
The following text was contributed by Seth Chaiklin:
<tscreen>
<verb>
To this point, we have described how PAM should work in an
ideal world, in which all applications are coded properly.
However, at the present time (October 1998), this is far
from the case. Therefore, here are some practical considerations
in trying to use PAM in your system.
Why bother, is it really worth all the trouble?
If you running Linux as a single user system, or in an
environment where all the users are trusted, then there
is no real advantage for using PAM.
</verb>
</tscreen>
<p>
<BF>Ed:</BF> there is actually an advantage since you can <em/dummy
down/ the authentication to the point where you don't have
any... Almost like Win95.
<p>
In a networked environment, it is clear that you need to think a
little more about how users etc., are authenticated:]
<p>
<tscreen>
<verb>
If you are running Linux as a server, where several different
services are being provided (e.g., WWW with areas restricted by
password control, PPP), then there can be some real and interesting
value for PAM. In particular, through the use of modules, PAM can
enable a program to search through several different password
databases, even if that program is not explicitly coded for
that particular database. Here are some examples of the possibilities
that this enables.
o Apache has a module that provides PAM services. Now
authentication
to use particular directories can be conducted by PAM, which
means that the range of modules that are available to PAM can
be used, including RADIUS, NIS, NCP (which means that Novell
password databases can be used).
o pppd has a PAMified version (available from RedHat) Now it is
possible to use a series of databases to authenticate ppp users.
In addition to the normal Linux-based password databases (such
as /etc/passwd and /etc/shadow), you can use PAM modules to
authenticate against Novell password databases or NT-based
password databases.
o The preceding two examples can be combined. Imagaine that the
persons in your office/department are already registered with a
username and password in a Novell or NT LAN. If you wanted to
use this database on your Linux server (for PPP access, for
web access, or even for normal shell access), you can use PAM
to authenticate against this existing database, rather than
maintain a separate database on both Linux and the LAN server.
Can I use PAM for any program that requires authentication?
Yes and no. Yes, if you have access to the source code, and can
add the appropriate PAM functions. No, if you do not have access
to the source code, and the binary does not have the PAM functions
included.
In other words, if a program is going to use PAM, then it has to
have PAM functions explicitly coded into the program. If they
are not, then it is not possible to use PAM.
How can I tell whether a program has PAM coded into it or not?
A quick-and-dirty (but not always reliable) method is to ldd
<programname>
If libpam and libpam_misc are not among the libraries that the program
uses, then it is not going to work with PAM. However, it is possible
that the libraries are included, but there are still problems, because
the PAM coding in the program does not work as it should. So a
more reliable method is to make the follow tests.
In the /etc/pam.d directory, one needs to make a configuration file
for the program that one wants to run. The exact name of the
configuration
file is hard-coded into the program. Usually, it is the same name as
the
program, but not always. For sake of illustration, let's assume that
the program is named "pamprog" and the name of the configuration file
is /etc/pam.d/pamprog.
In the /etc/pam.d/pamprog but the following two lines:
auth required pam_permit.so
auth required pam_warn.so
Now try to use pamprog. The first line in the configuration file
says that all users are permitted. The second line will write a
warning to your syslog file (or whether you syslog is writing
messages). If this test succeeds, then you know that you have
a program that can understand pam, and you can start the more
interesting work of deciding how to stack modules in your
/etc/pam.d/pamprog file.
</verb>
</tscreen>
<sect>The Linux-PAM configuration file
<label id="configuration">
@ -363,9 +473,13 @@ is not deemed as fatal to satisfying the application that this
<item> <tt/optional/; as its name suggests, this <tt/control-flag/
marks the module as not being critical to the success or failure of
the user's application for service. However, in the absence of any
successes of previous or subsequent stacked modules this module will
determine the nature of the response to the application.
the user's application for service. In general, <bf/Linux-PAM/
ignores such a module when determining if the module stack will
succeed or fail. However, in the absence of any definite successes or
failures of previous or subsequent stacked modules this module will
determine the nature of the response to the application. One example
of this latter case, is when the other modules return something like
<tt/PAM_IGNORE/.
</itemize>
@ -392,12 +506,12 @@ Here, <tt/valueI/ is one of the following <em/return values/:
<tt/authtok_disable_aging/; <tt/try_again/; <tt/ignore/; <tt/abort/;
<tt/authtok_expired/; <tt/module_unknown/; <tt/bad_item/; and
<tt/default/. The last of these (<tt/default/) can be used to set the
action for those return values that are not set explicitly.
action for those return values that are not explicitly defined.
<p>
The <tt/actionI/ can be a positive integer or one of the following
tokens: <tt/ignore/; <tt/ok/; <tt/done/; <tt/bad/; <tt/die/; and
<tt/reset/. A positive integer, <tt/J/, when specified as the action
<tt/reset/. A positive integer, <tt/J/, when specified as the action,
can be used to indicate that the next <em/J/ modules of the current
type will be skipped. In this way, the administrator can develop a
moderately sophisticated stack of modules with a number of different
@ -405,9 +519,41 @@ paths of execution. Which path is taken can be determined by the
reactions of individual modules.
<p>
<bf>Note, at time of writing, this newer syntax is so new that I don't
want to write too much about it. Please play with this. Report all
the bugs and make suggestions for new actions (etc.).</bf>
<itemize>
<item><tt/ignore/ - when used with a stack of modules, the module's
return status will not contribute to the return code the application
obtains.
<item><tt/bad/ - this action indicates that the return code should be
thought of as indicative of the module failing. If this module is
the first in the stack to fail, its status value will be used for
that of the whole stack.
<item><tt/die/ - equivalent to <tt/bad/ with the side effect of
terminating the module stack and PAM immediately returning to the
application.
<item><tt/ok/ - this tells <bf/PAM/ that the administrator thinks this
return code should contribute directly to the return code of the full
stack of modules. In other words, if the former state of the stack
would lead to a return of <tt/PAM_SUCCESS/, the module's return code
will override this value. Note, if the former state of the stack
holds some value that is indicative of a modules failure, this 'ok'
value will not be used to override that value.
<item><tt/done/ - equivalent to <tt/ok/ with the side effect of
terminating the module stack and PAM immediately returning to the
application.
<item><tt/reset/ - clear all memory of the state of the module stack and
start again with the next stacked module.
</itemize>
<p>
Just to get a feel for the power of this new syntax, here is a taste
of what you can do with it. With <bf/Linux-PAM-0.63/, the notion of
client plug-in agents was introduced. This is something that makes it
possible for PAM to support machine-machine authentication using the
transport protocol inherent to the client/server application. With
the ``<tt/[ ... value=action ... ]/'' control syntax, it is possible
for an application to be configured to support binary prompts with
compliant clients, but to gracefully fall over into an alternative
authentication mode for older, legacy, applications. Flexible eh?
<tag> <tt/module-path/</tag>
@ -431,7 +577,7 @@ next section.
</descrip>
<p>
Any line in (one of) the confiuration file(s), that is not formatted
Any line in (one of) the configuration file(s), that is not formatted
correctly, will generally tend (erring on the side of caution) to make
the authentication process fail. A corresponding error is written to
the system log files with a call to <tt/syslog(3)/.
@ -453,10 +599,10 @@ configuration but not both. That is to say, if there is a
<tt>/etc/pam.d/</tt> directory then libpam only uses the files
contained in this directory. However, in the absence of the
<tt>/etc/pam.d/</tt> directory the <tt>/etc/pam.conf</tt> file is
used. The other mode (and the one currently supported by Red Hat 4.2)
is to use both <tt>/etc/pam.d/</tt> and <tt>/etc/pam.conf</tt> in
sequence. In this mode, entries in <tt>/etc/pam.d/</tt> override
those of <tt>/etc/pam.conf</tt>.
used. The other mode (and the one currently supported by Red Hat 4.2
and higher) is to use both <tt>/etc/pam.d/</tt> and
<tt>/etc/pam.conf</tt> in sequence. In this mode, entries in
<tt>/etc/pam.d/</tt> override those of <tt>/etc/pam.conf</tt>.
The syntax of each file in <tt>/etc/pam.d/</tt> is similar to that of
the <tt>/etc/pam.conf</tt> file and is made up of lines of the
@ -560,6 +706,20 @@ requires some reliably strong encryption to make it secure.
This argument is intended for the <tt/auth/ and <tt/password/ module
types only.
<tag><tt/expose_account/</tag>
<p>
In general the leakage of some information about user accounts is not
a secure policy for modules to adopt. Sometimes information such as
users names or home directories, or preferred shell, can be used to
attack a user's account. In some circumstances, however, this sort of
information is not deemed a threat: displaying a user's full name when
asking them for a password in a secured environment could also be
called being 'friendly'. The <tt/expose_account/ argument is a
standard module argument to encourage a module to be less discrete
about account information as it is deemed appropriate by the local
administrator.
</descrip>
<sect1>Example configuration file entries
@ -681,17 +841,6 @@ module-argument, this instructs the UNIX authentication module that it
is not to prompt for a password but rely one already having been
obtained by the ftp module.
<p>
The standard UNIX modules, used above, are strongly tied to using the
default `<tt/libc/' user database functions (see for example, <tt/man
getpwent/). It is the opinion of the author that these functions are
not sufficently flexible to make full use of the power of
<bf/Linux-PAM/. For this reason, and as a small plug, I mention in
passing that there is a pluggable replacement for the <tt/pam_unix_../
modules; <tt/pam_pwdb/. See the section below for a more complete
description.
<sect>Security issues of Linux-PAM
<p>
@ -801,6 +950,28 @@ This service is the default configuration for all PAM aware
applications and if it is weak, your system is likely to be vulnerable
to attack.
<p>
Here is a sample "other" configuration file. The <em/pam_deny/ module will
deny access and the <em/pam_warn/ module will send a syslog message to
<tt/auth.notice/:
<p>
<tscreen>
<verb>
#
# The PAM configuration file for the `other' service
#
auth required pam_deny.so
auth required pam_warn.so
account required pam_deny.so
account required pam_warn.so
password required pam_deny.so
password required pam_warn.so
session required pam_deny.so
session required pam_warn.so
</verb>
</tscreen>
<sect>A reference guide for available modules
<p>
@ -847,8 +1018,8 @@ files; the modules.
PLUGGABLE AUTHENTICATION MODULES'', Open Software Foundation Request
For Comments 86.0, October 1995. See this url:
<tt><htmlurl
url="http://www.pilgrim.umass.edu/pub/osf_dce/RFC/rfc86.0.txt"
name="http://www.pilgrim.umass.edu/pub/osf&lowbar;dce/RFC/rfc86.0.txt"></tt>
url="http://www.kernel.org/pub/linux/libs/pam/pre/doc/rfc86.0.txt.gz"
name="http://www.kernel.org/pub/linux/libs/pam/pre/doc/rfc86.0.txt.gz"></tt>
</itemize>
@ -875,37 +1046,9 @@ and in such a way that they need not be distributed with Linux-PAM.
<sect>Author/acknowledgments
<p>
This document was written by Andrew G. Morgan (morgan@parc.power.net)
This document was written by Andrew G. Morgan (morgan@kernel.org)
with many contributions from
<!-- insert credits here -->
<!--
an sgml list of people to credit for their contributions to Linux-PAM
$Id: pam_source.sgml,v 1.5 1997/04/05 06:49:14 morgan Exp morgan $
-->
Craig S. Bell,
Derrick J. Brashear,
Ben Buxton,
Oliver Crow,
Marc Ewing,
Cristian Gafton,
Eric Hester,
Eric Jacksch,
Michael K. Johnson,
David Kinchlea,
Elliot Lee,
Al Longyear,
Marek Michalkiewicz,
Aleph One,
Sean Reifschneider,
Eric Troan,
Theodore Ts'o,
Jeff Uphoff,
Ronald Wahl,
John Wilmes,
Joseph S. D. Yao
and
Alex O. Yuriev.
<!-- insert-file CREDITS -->
<p>
Thanks are also due to Sun Microsystems, especially to Vipin Samar and
@ -920,9 +1063,6 @@ development of <bf/Linux-PAM/.
More PAM modules are being developed all the time. It is unlikely that
this document will ever be truely up to date!
<p>
Currently there is no documentation for PAM-aware applications.
<p>
This manual is unfinished. Only a partial list of people is credited
for all the good work they have done.
@ -930,9 +1070,9 @@ for all the good work they have done.
<sect>Copyright information for this document
<p>
Copyright (c) Andrew G. Morgan 1996. All rights reserved.
Copyright (c) Andrew G. Morgan 1996-9. All rights reserved.
<newline>
Email: <tt>&lt;morgan@parc.power.net&gt;</tt>
Email: <tt>&lt;morgan@linux.kernel.org&gt;</tt>
<p>
Redistribution and use in source and binary forms, with or without
@ -980,6 +1120,6 @@ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
<p>
<tt>$Id: pam_source.sgml,v 1.5 1997/04/05 06:49:14 morgan Exp morgan $</tt>
<tt>$Id: pam_source.sgml,v 1.5 2001/03/19 01:46:41 agmorgan Exp $</tt>
</article>

2
contrib/libpam/doc/ps/README
View File

@ -1,3 +1,3 @@
$Id: README,v 1.1 1996/11/10 19:28:16 morgan Exp $
$Id: README,v 1.1.1.1 2000/06/20 22:11:05 agmorgan Exp $
this is the directory for the postscipt documentation

702
contrib/libpam/doc/specs/draft-morgan-pam.raw Normal file
View File

@ -0,0 +1,702 @@
PAM working group ## A.G. Morgan
Internet Draft: ## October 6, 1999
Document: draft-morgan-pam-07.txt ##
Expires: June 13, 2000 ##
Obsoletes: draft-morgan-pam-06.txt##
## Pluggable Authentication Modules ##
#$ Status of this memo
This document is an draft specification. The latest version of this
draft may be obtained from here:
http://linux.kernel.org/pub/linux/libs/pam/pre/doc/
As
Linux-PAM-'version'-docs.tar.gz
It is also contained in the Linux-PAM tar ball.
#$ Abstract
This document is concerned with the definition of a general
infrastructure for module based authentication. The infrastructure is
named Pluggable Authentication Modules (PAM for short).
#$ Introduction
Computers are tools. They provide services to people and other
computers (collectively we shall call these _users_ entities). In
order to provide convenient, reliable and individual service to
different entities, it is common for entities to be labelled. Having
defined a label as referring to a some specific entity, the label is
used for the purpose of protecting and allocating data resources.
All modern operating systems have a notion of labelled entities and
all modern operating systems face a common problem: how to
authenticate the association of a predefined label with applicant
entities.
There are as many authentication methods as one might care to count.
None of them are perfect and none of them are invulnerable. In
general, any given authentication method becomes weaker over time. It
is common then for new authentication methods to be developed in
response to newly discovered weaknesses in the old authentication
methods.
The problem with inventing new authentication methods is the fact that
old applications do not support them. This contributes to an inertia
that discourages the overhaul of weakly protected systems. Another
problem is that individuals (people) are frequently powerless to layer
the protective authentication around their systems. They are forced
to rely on single (lowest common denominator) authentication schemes
even in situations where this is far from appropriate.
PAM, as discussed in this document, is a generalization of the
approach first introduced in [#$R#{OSF_RFC_PAM}]. In short, it is a
general framework of interfaces that abstract the process of
authentication. With PAM, a service provider can custom protect
individual services to the level that they deem is appropriate.
PAM has nothing explicit to say about transport layer encryption.
Within the context of this document encryption and/or compression of
data exchanges are application specific (strictly between client and
server) and orthogonal to the process of authentication.
#$ Definitions
Here we pose the authentication problem as one of configuring defined
interfaces between two entities.
#$$#{players} Players in the authentication process
PAM reserves the following words to specify unique entities in the
authentication process:
applicant
the entity (user) initiating an application for service
[PAM associates the PAM_RUSER _item_ with this requesting user].
arbitrator
the entity (user) under whose identity the service application
is negotiated and with whose authority service is granted.
user
the entity (user) whose identity is being authenticated
[PAM associates the PAM_USER _item_ with this identity].
server
the application that provides service, or acts as an
authenticated gateway to the requested service. This
application is completely responsible for the server end of
the transport layer connecting the server to the client.
PAM makes no assumptions about how data is encapsulated for
exchanges between the server and the client, only that full
octet sequences can be freely exchanged without corruption.
client
application providing the direct/primary interface to
applicant. This application is completely responsible
for the client end of the transport layer connecting the
server to the client. PAM makes no assumptions about how data
is encapsulated for exchanges between the server and the
client, only that full octet sequences can be freely
exchanged without corruption.
module
authentication binary that provides server-side support for
some (arbitrary) authentication method.
agent
authentication binary that provides client-side support for
some (arbitrary) authentication method.
Here is a diagram to help orient the reader:
## +-------+ +--------+ ##
## . . . . .| agent | .| module | ##
## . +-------+ .+--------+ ##
## V | . | ##
## . | V | ##
## +---------+ +-------+ . +------+ ##
## | | |libpamc| . |libpam| ##
## | | +-------+ . +------+ ##
## |applicant| | . | ##
## | | +--------+ +----------+ ##
## | |---| client |-----------| server | ##
## +---------+ +--------+ +----------+ ##
Solid lines connecting the boxes represent two-way interaction. The
dotted-directed lines indicate an optional connection beteween the
plugin module (agent) and the server (applicant). In the case of the
module, this represents the module invoking the 'conversation'
callback function provided to libpam by the server application when it
inititializes the libpam library. In the case of the agent, this may
be some out-of-PAM API interaction (for example directly displaying a
dialog box under X).
#$$ Defined Data Types
In this draft, we define two composite data types, the text string and
the binary prompt. They are the data types used to communicate
authentication requests and responses.
#$$$#{text_string} text string
The text string is a simple sequence of non-NUL (NUL = 0x00)
octets. Terminated with a single NUL (0x00) octet. The character set
employed in the octet sequence may be negotiated out of band, but
defaults to utf-8.
## --------------------------- ##
## [ character data | NUL ] ##
## [ octet sequence | 0x00 ] ##
## --------------------------- ##
Within the rest of this text, PAM text strings are delimited with a
pair of double quotes. Example, "this" = {'t';'h';'i';'s';0x00}.
#$$$#{binary_prompt} binary prompt
A binary prompt consists of a stream of octets arranged as follows:
## ---------------------------------------- ##
## [ u32 | u8 | (length-5 octets) ] ##
## [ length | control | data ] ##
## ---------------------------------------- ##
That is, a 32-bit unsigned integer in network byte order, a single
unsigned byte of control information and a sequence of octets of
length (length-5). The composition of the _data_ is context dependent
but is generally not a concern for either the server or the client. It
is very much the concern of modules and agents.
For purposes of interoperability, we define the following control
characters as legal.
## value symbol description ##
## ------------------------------------------------- ##
## 0x01 PAM_BPC_OK - continuation packet ##
## 0x02 PAM_BPC_SELECT - initialization packet ##
## 0x03 PAM_BPC_DONE - termination packet ##
## 0x04 PAM_BPC_FAIL - unable to execute ##
The following control characters are only legal for exchanges between
an agent and a client (it is the responsibility of the client to
enforce this rule in the face of a rogue server):
## 0x41 PAM_BPC_GETENV - obtain client env.var ##
## 0x42 PAM_BPC_PUTENV - set client env.var ##
## 0x43 PAM_BPC_TEXT - display message ##
## 0x44 PAM_BPC_ERROR - display error message ##
## 0x45 PAM_BPC_PROMPT - echo'd text prompt ##
## 0x46 PAM_BPC_PASS - non-echo'd text prompt##
Note, length is always equal to the total length of the binary
prompt and represented by a network ordered unsigned 32 bit integer.
#$$$$#{agent_ids} PAM_BPC_SELECT binary prompts
Binary prompts of control type PAM_BPC_SELECT have a defined
data part. It is composed of three elements:
{agent_id;'/';data}
The agent_id is a sequence of characters satisfying the following
regexp:
/^[a-z0-9\_]+(@[a-z0-9\_.]+)?$/
and has a specific form for each independent agent.
o Agent_ids that do not contain an at-sign (@) are reserved to be
assigned by IANA (Internet Assigned Numbers Authority). Names of
this format MUST NOT be used without first registering with IANA.
Registered names MUST NOT contain an at-sign (@).
o Anyone can define additional agents by using names in the format
name@domainname, e.g. "ouragent@example.com". The part following
the at-sign MUST be a valid fully qualified internet domain name
[RFC-1034] controlled by the person or organization defining the
name. (Said another way, if you control the email address that
your agent has as an identifier, they you are entitled to use
this identifier.) It is up to each domain how it manages its local
namespace.
The '/' character is a mandatory delimiter, indicating the end of the
agent_id. The trailing data is of a format specific to the agent with
the given agent_id.
#$$ Special cases
In a previous section (#{players}) we identified the most general
selection of authentication participants. In the case of network
authentication, it is straightforward to ascribe identities to the
defined participants. However, there are also special (less general)
cases that we recognize here.
The primary authentication step, when a user is directly introduced
into a computer system (log's on to a workstation) is a special case.
In this situation, the client and the server are generally one
application. Before authenticating such a user, the applicant is
formally unknown: PAM_RUSER is NULL.
Some client-server implementations (telnet for example) provide
effective full tty connections. In these cases, the four simple text
string prompting cases (see below) can be handled as in the primary
login step. In other words, the server absorbs most of the overhead of
propagating authentication messages. In these cases, there is special
client/server support for handling binary prompts.
#$ Defined interfaces for information flow
Here, we discuss the information exchange interfaces between the
players in the authentication process. It should be understood that
the server side is responsible for driving the authentication of the
applicant. Notably, every request received by the client from the
server must be matched with a single response from the client to the
server.
#$$#{applicant_client} Applicant <-> client
Once the client is invoked, requests to the applicant entity are
initiated by the client application. General clients are able to make
the following requests directly to an applicant:
echo text string
echo error text string
prompt with text string for echo'd text string input
prompt with text string for concealed text string input
the nature of the interface provided by the client for the benefit of
the applicant entity is client specific and not defined by PAM.
#$$#{client_agent} Client <-> agent
In general, authentication schemes require more modes of exchange than
the four defined in the previous section (#{applicant_client}). This
provides a role for client-loadable agents. The client and agent
exchange binary-messages that can have one of the following forms:
client -> agent
binary prompt agent expecting binary prompt reply to client
agent -> client
binary prompt reply from agent to clients binary prompt
Following the acceptance of a binary prompt by the agent, the agent
may attempt to exchange information with the client before returning
its binary prompt reply. Permitted exchanges are binary prompts of the
following types:
agent -> client
set environment variable (A)
get environment variable (B)
echo text string (C)
echo error text string (D)
prompt for echo'd text string input (E)
prompt for concealed text string input (F)
In response to these prompts, the client must legitimately respond
with a corresponding binary prompt reply. We list a complete set of
example exchanges, including each type of legitimate response (passes
and a single fail):
## Type | Agent request | Client response ##
## --------------------------------------------------------------- ##
## (A) | {13;PAM_BPC_PUTENV;"FOO=BAR"} | {5;PAM_BPC_OK;} ##
## | {10;PAM_BPC_PUTENV;"FOO="} | {5;PAM_BPC_OK;} ##
## | {9;PAM_BPC_PUTENV;"FOO"} (*) | {5;PAM_BPC_OK;} ##
## | {9;PAM_BPC_PUTENV;"BAR"} (*) | {5;PAM_BPC_FAIL;} ##
## --------------------------------------------------------------- ##
## (B) | {10;PAM_BPC_GETENV;"TERM"} | {11;PAM_BPC_OK;"vt100"} ##
## | {9;PAM_BPC_GETENV;"FOO"} | {5;PAM_BPC_FAIL;} ##
## --------------------------------------------------------------- ##
## (C) | {12;PAM_BPC_TEXT;"hello!"} | {5;PAM_BPC_OK;} ##
## | {12;PAM_BPC_TEXT;"hello!"} | {5;PAM_BPC_FAIL;} ##
## --------------------------------------------------------------- ##
## (D) | {11;PAM_BPC_TEXT;"ouch!"} | {5;PAM_BPC_OK;} ##
## | {11;PAM_BPC_TEXT;"ouch!"} | {5;PAM_BPC_FAIL;} ##
## --------------------------------------------------------------- ##
## (E) | {13;PAM_BPC_PROMPT;"login: "} | {9;PAM_BPC_OK;"joe"} ##
## | {13;PAM_BPC_PROMPT;"login: "} | {6;PAM_BPC_OK;""} ##
## | {13;PAM_BPC_PROMPT;"login: "} | {5;PAM_BPC_FAIL;} ##
## --------------------------------------------------------------- ##
## (F) | {16;PAM_BPC_PASS;"password: "} | {9;PAM_BPC_OK;"XYZ"} ##
## | {16;PAM_BPC_PASS;"password: "} | {6;PAM_BPC_OK;""} ##
## | {16;PAM_BPC_PASS;"password: "} | {5;PAM_BPC_FAIL;} ##
(*) Used to attempt the removal of a pre-existing environment
variable.
#$$ Client <-> server
Once the client has established a connection with the server (the
nature of the transport protocol is not specified by PAM), the server
is responsible for driving the authentication process.
General servers can request the following from the client:
(to be forwarded by the client to the applicant)
echo text string
echo error text string
prompt for echo'd text string response
prompt for concealed text string response
(to be forwarded by the client to the appropriate agent)
binary prompt for a binary prompt response
Client side agents are required to process binary prompts. The
agents' binary prompt responses are returned to the server.
#$$ Server <-> module
Modules drive the authentication process. The server provides a
conversation function with which it encapsulates module-generated
requests and exchanges them with the client. Every message sent by a
module should be acknowledged.
General conversation functions can support the following five
conversation requests:
echo text string
echo error string
prompt for echo'd text string response
prompt for concealed text string response
binary prompt for binary prompt response
The server is responsible for redirecting these requests to the
client.
#$ C API for application interfaces (client and server)
#$$ Applicant <-> client
No API is defined for this interface. The interface is considered to
be specific to the client application. Example applications include
terminal login, (X)windows login, machine file transfer applications.
All that is important is that the client application is able to
present the applicant with textual output and to receive textual
input from the applicant. The forms of textual exchange are listed
in an earlier section (#{applicant_client}). Other methods of
data input/output are better suited to being handled via an
authentication agent.
#$$ Client <-> agent
The client makes use of a general API for communicating with
agents. The client is not required to communicate directly with
available agents, instead a layer of abstraction (in the form of a
library: libpamc) takes care of loading and maintaining communication
with all requested agents. This layer of abstraction will choose which
agents to interact with based on the content of binary prompts it
receives that have the control type PAM_BPC_SELECT.
#$$$ Client <-> libpamc
#$$$$ Compilation information
The C-header file provided for client-agent abstraction is included
with the following source line:
\#include <security/pam_client.h>
The library providing the corresponding client-agent abstraction
functions is, libpamc.
cc .... -lpamc
#$$$$ Initializing libpamc
The libpamc library is initialized with a call to the following
function:
pamc_handle_t pamc_start(void);
This function is responsible for configuring the library and
registering the location of available agents. The location of the
available agents on the system is implementation specific.
pamc_start() function returns NULL on failure. Otherwise, the return
value is a pointer to an opaque data type which provides a handle to
the libpamc library. On systems where threading is available, the
libpamc libraray is thread safe provided a single (pamc_handler_t *)
is used by each thread.
#$$$$ Client (Applicant) selection of agents
For the purpose of applicant and client review of available agents,
the following function is provided.
char **pamc_list_agents(pamc_handle_t pch);
This returns a list of pointers to the agent_id's of the agents which
are available on the system. The list is terminated by a NULL pointer.
It is the clients responsibility to free this memory area by calling
free() on each agent id and the block of agent_id pointers in the
result.
PAM represents a server-driven authentication model, so by default
any available agent may be invoked in the authentication process.
#$$$$$ Client demands agent
If the client requires that a specific authentication agent is
satisfied during the authentication process, then the client should
call the following function, immediately after obtaining a
pamc_handle_t from pamc_start().
int pamc_load(pamc_handle_t pch, const char *agent_id);
agent_id is a PAM text string (see section #{agent_ids}) and is not
suffixed with a '/' delimiter. The return value for this function is:
PAM_BPC_TRUE - agent located and loaded.
PAM_BPC_FALSE - agent is not available.
Note, although the agent is loaded, no data is fed to it. The agent's
opportunity to inform the client that it does not trust the server is
when the agent is shutdown.
#$$$$$ Client marks agent as unusable
The applicant might prefer that a named agent is marked as not
available. To do this, the client would invoke the following function
immediately after obtaining a pamc_handle_t from pam_start().
int pamc_disable(pamc_handle_t pch, const char *agent_id);
here agent_id is a PAM text string containing an agent_id (section
#{agent_ids}).
The return value for this function is:
PAM_BPC_TRUE - agent is disabled. This is the response
independent of whether the agent is locally
available.
PAM_BPC_FALSE - agent cannot be disabled (this may be because
it has already been invoked).
#$$$$ Allocating and manipulating binary prompts
All conversation between an client and an agent takes place with
respect to binary prompts. A binary prompt (see section #{binary_prompt}), is
obtained, resized and deleted via the following C-macro:
CREATION of a binary prompt with control X1 and data length Y1:
pamc_bp_t prompt = NULL;
PAM_BP_RENEW(&prompt, X1, Y1);
REPLACEMENT of a binary prompt with a control X2 and data length Y2:
PAM_BP_RENEW(&prompt, X2, Y2);
DELETION of a binary prompt (the referenced prompt is scrubbed):
PAM_BP_RENEW(&prompt, 0, 0);
Note, the PAM_BP_RENEW macro always overwrites any prompt that you
call it with, deleting and liberating the old contents in a secure
fashion. Also note that PAM_BP_RENEW, when returning a prompt of data
size Y1>0, will always append a '\0' byte to the end of the prompt (at
data offset Y1). It is thus, by definition, acceptable to treat the
data contents of a binary packet as a text string (see #{text_string}).
FILLING a binary prompt from a memory pointer U1 from offset O1 of
length L1:
PAM_BP_FILL(prompt, O1, L1, U1);
the CONTROL type for the packet can be obtained as follows:
control = PAM_PB_CONTROL(prompt);
the LENGTH of a data within the prompt (_excluding_ its header
information) can be obtained as follows:
length = PAM_BP_LENGTH(prompt);
the total SIZE of the prompt (_including_ its header information)
can be obtained as follows:
size = PAM_BP_SIZE(prompt);
EXTRACTING data from a binary prompt from offset O2 of length L2 to
a memory pointer U2:
PAM_BP_EXTRACT(prompt, O2, L2, U2);
If you require direct access to the raw prompt DATA, you should use
the following macro:
__u8 *raw_data = PAM_BP_DATA(prompt);
#$$$$ Client<->agent conversations
All exchanges of binary prompts with agents are handled with the
single function:
int pamc_converse(pamc_handle_t *pch, pamc_bp_t *prompt_p);
The return value for pamc_converse(...) is PAM_BPC_TRUE when there is
a response packet and PAM_BPC_FALSE when the client is unable to
handle the request represented by the original prompt. In this latter
case, *prompt_p is set to NULL.
This function takes a binary prompt and returns a replacement binary
prompt that is either a request from an agent to be acted upon by the
client or the 'result' which should be forwarded to the server. In the
former case, the following macro will return 1 (PAM_BPC_TRUE) and in
all other cases, 0 (PAM_BPC_FALSE):
PAM_BPC_FOR_CLIENT(/* pamc_bp_t */ prompt)
Note, all non-NULL binary prompts returned by pamc_converse(...), are
terminated with a '\0', even when the full length of the prompt (as
returned by the agent) does not contain this delimiter. This is a
defined property of the PAM_BP_RENEW macro, and can be relied upon.
Important security note: in certain implementations, agents are
implemented by executable binaries, which are transparently loaded and
managed by the PAM client library. To ensure there is never a leakage
of elevated privilege to an unprivileged agent, the client application
should go to some effort to lower its level of privilege. It remains
the responsibility of the applicant and the client to ensure that it
is not compromised by a rogue agent.
#$$$$ Termination of agents
When closing the authentication session and severing the connection
between a client and a selection of agents, the following function is
used:
int pamc_end(pamc_handle_t *pch);
Following a call to pamc_end, the pamc_handle_t will be invalid.
The return value for this function is one of the following:
PAM_BPC_TRUE - all invoked agents are content with
authentication (the server is _not_ judged
_un_trustworthy by any agent)
PAM_BPC_FALSE - one or more agents were unsatisfied at
being terminated. In general, the client
should terminate its connection to the
server and indicate to the applicant that
the server is untrusted.
#$$$ libpamc <-> agents
The agents are manipulated from within libpamc. Each agent is an
executable in its own right. This permits the agent to have access to
sensitive data not accessible directly from the client. The mode of
communication between libpamc and an agent is through a pair of
pipes. The agent reads binary prompts (section #{binary_prompt})
through its standard input file descriptor and writes response (to the
server) binary prompts and instruction binary prompts (instructions
for the client) through its standard output file descriptor.
#$$ Client <-> server
This interface is concerned with the exchange of text and binary
prompts between the client application and the server application. No
API is provided for this as it is considered specific to the transport
protocol shared by the client and the server.
#$$ Server <-> modules
The server makes use of a general API for communicating with
modules. The client is not required to communicate directly with
available modules. By abstracting the authentication interface, it
becomes possible for the local administrator to make a run time
decision about the authentication method adopted by the server.
#$$$ Functions and definitions available to servers and modules
[This section will document the following functions
pam_set_item()
pam_get_item()
pam_fail_delay(pam_handle_t *pamh, unsigned int micro_sec)
pam_get_env(pam_handle_t *pamh, const char *varname)
pam_strerror(pam_handle_t *pamh, int pam_errno)
]
#$$$ Server <-> libpam
[This section will document the following pam_ calls:
pam_start
pam_end
pam_authenticate (*)
pam_setcred
pam_acct_mgmt
pam_open_session
pam_close_session
pam_chauthtok (*)
The asterisked functions may return PAM_INCOMPLETE. In such cases, the
application should be aware that the conversation function was called
and that it returned PAM_CONV_AGAIN to a module. The correct action
for the application to take in response to receiving PAM_INCOMPLETE,
is to acquire the replies so that the next time the conversation
function is called it will be able to provide the desired
responses. And then recall pam_authenticate (pam_chauthtok) with the
same arguments. Libpam will arrange that the module stack is resumed
from the module that returned before. This functionality is required
for programs whose user interface is maintained by an event loop. ]
#$$$ libpam <-> modules
[This section will document the following pam_ and pam_sm_ calls:
functions provided by libpam
pam_set_data
pam_get_data
functions provided to libpam by each module
groups:
AUTHENTICATION
pam_sm_authenticate
pam_sm_setcred
ACCOUNT
pam_sm_acct_mgmt
SESSION
pam_sm_open_session
pam_sm_close_session
AUTHENTICATION TOKEN MANAGEMENT
pam_sm_chauthtok
]
#$ Security considerations
This document is devoted to standardizing authentication
infrastructure: everything in this document has implications for
security.
#$ Contact
The email list for discussing issues related to this document is
<pam-list@redhat.com>.
#$ References
[#{OSF_RFC_PAM}] OSF RFC 86.0, "Unified Login with Pluggable Authentication
Modules (PAM)", October 1995
#$ Author's Address
Andrew G. Morgan
Email: morgan@ftp.kernel.org
## $Id: draft-morgan-pam.raw,v 1.1.1.1 2000/06/20 22:11:07 agmorgan Exp $ ##

2
contrib/libpam/doc/txts/README
View File

@ -1,3 +1,3 @@
$Id: README,v 1.1 1996/11/10 19:18:06 morgan Exp $
$Id: README,v 1.1.1.1 2000/06/20 22:11:12 agmorgan Exp $
This is a directory for text versions of the pam documentation

44
contrib/libpam/examples/Makefile
View File

@ -1,20 +1,31 @@
#
# $Id: Makefile,v 1.10 1996/11/10 19:50:59 morgan Exp $
# $Id: Makefile,v 1.4 2001/02/10 07:17:53 agmorgan Exp $
#
dummy:
@echo "*** This is not a top level Makefile!"
include ../Make.Rules
PROGS = blank xsh check_user
SRCS = blank.c xsh.c check_user.c
# have removed the following pair since they no longer conform to
# any recognized conventions: vpass test
# ditto: vpass.c test.c
PROGSUID =
ifeq ($(WITH_LIBDEBUG),yes)
LIBSUFFIX=d
else
LIBSUFFIX=
endif
CFLAGS += -I../libpam_misc/include -I../libpamc/include
LOADLIBES = -L../libpam -L../libpamc -L../libpam_misc \
-lpam$(LIBSUFFIX) -lpam_misc$(LIBSUFFIX)
ifeq ($(STATIC_LIBPAM),yes)
ifneq ($(DYNAMIC),)
CFLAGS += $(CC_STATIC)
LOADLIBES += $(LIBDL)
endif
endif
all: $(PROGS)
check_user: check_user.o
@ -26,17 +37,18 @@ blank: blank.o
xsh: xsh.o
$(CC) $(CFLAGS) -o $@ $< $(LOADLIBES)
clean:
rm -f *.a *.so *.o *~ $(PROGS) $(PROGSUID)
rm -f *.a *.out *.o *.so
# note, the programs are test programs, they should not be
# installed on your system!
install: all
if [ -n "$(PROGS)" ]; then cp $(PROGS) ../bin ; fi
if [ -n "$(PROGSUID)" ]; then \
$(INSTALL) -m 4555 -o root -g bin $(PROGSUID) ../bin ; fi
clean:
rm -f *.a *.so *.o *~ $(PROGS) $(PROGSUID)
$(INSTALL) -m 4555 $(PROGSUID) ../bin ; fi
remove:
cd ../bin ; rm -f $(PROGS) $(PROGSUID)
extraclean: clean
rm -f *.a *.out *.o *.so
for x in $(PROGS) $(PROGSUID) ; do rm -f ../bin/$$x ; done

19
contrib/libpam/examples/blank.c
View File

@ -1,20 +1,5 @@
/*
* $Id: blank.c,v 1.7 1996/12/01 03:16:53 morgan Exp morgan $
*
* $Log: blank.c,v $
* Revision 1.7 1996/12/01 03:16:53 morgan
* added setcred closing function
*
* Revision 1.6 1996/11/10 19:51:40 morgan
* minor change to avoid gcc warning
*
* Revision 1.5 1996/07/07 23:53:05 morgan
* added optional fail delay (non-standard Linux-PAM)
*
* Revision 1.4 1996/05/02 04:44:18 morgan
* moved conversation to a libmisc library routine.
*
*
* $Id: blank.c,v 1.2 2000/12/04 19:02:33 baggins Exp $
*/
/* Andrew Morgan (morgan@parc.power.net) -- a self contained `blank'
@ -53,7 +38,7 @@ static struct pam_conv conv = {
/* ------- the application itself -------- */
void main(int argc, char **argv)
int main(int argc, char **argv)
{
pam_handle_t *pamh=NULL;
char *username=NULL;

9
contrib/libpam/examples/check_user.c
View File

@ -1,5 +1,5 @@
/*
$Id: check_user.c,v 1.1 1996/11/10 21:19:30 morgan Exp morgan $
$Id: check_user.c,v 1.2 2000/12/04 19:02:33 baggins Exp $
This program was contributed by Shane Watts <shane@icarus.bofh.asn.au>
slight modifications by AGM.
@ -8,12 +8,7 @@
# check authorization
check auth required pam_unix_auth.so
check account required pam_unix_acct.so
$Log: check_user.c,v $
Revision 1.1 1996/11/10 21:19:30 morgan
Initial revision
*/
*/
#include <security/pam_appl.h>
#include <security/pam_misc.h>

13
contrib/libpam/examples/test.c
View File

@ -1,16 +1,5 @@
/*
* $Log: test.c,v $
* Revision 1.3 1996/03/10 00:14:20 morgan
* made lines less than 80 chars long.
*
* Revision 1.2 1996/03/09 09:16:26 morgan
* changed the header file that it includes.
*
* Revision 1.1 1996/03/09 09:13:34 morgan
* Initial revision
*/
/* Marc Ewing (marc@redhat.com) - original test code
* Marc Ewing (marc@redhat.com) - original test code
* Alexander O. Yuriev (alex@bach.cis.temple.edu)
* Andrew Morgan (morgan@physics.ucla.edu)
*/

2
contrib/libpam/examples/vpass.c
View File

@ -36,7 +36,7 @@ int main(void)
pam_start("vpass", user, &conv, &pamh);
pam_set_item(pamh, PAM_TTY, "/dev/tty");
if ((res = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
fprintf(stderr, "Oops: %s\n", pam_strerror(res));
fprintf(stderr, "Oops: %s\n", pam_strerror(pamh, res));
exit(1);
}

54
contrib/libpam/examples/xsh.c
View File

@ -1,22 +1,8 @@
/*
* $Id: xsh.c,v 1.4 1996/11/10 21:09:45 morgan Exp morgan $
*
* $Log: xsh.c,v $
* Revision 1.4 1996/11/10 21:09:45 morgan
* no gcc warnings
*
* Revision 1.3 1996/07/07 23:53:36 morgan
* added support for non standard pam_fail_delay
*
* Revision 1.2 1996/05/02 04:44:48 morgan
* moved conversaation to a libmisc routine.
*
* Revision 1.1 1996/04/07 08:18:55 morgan
* Initial revision
*
* $Id: xsh.c,v 1.3 2001/02/05 06:50:41 agmorgan Exp $
*/
/* Andrew Morgan (morgan@parc.power.net) -- an example application
/* Andrew Morgan (morgan@kernel.org) -- an example application
* that invokes a shell, based on blank.c */
#include <stdio.h>
@ -44,22 +30,28 @@ static struct pam_conv conv = {
/* ------- the application itself -------- */
void main(int argc, char **argv, char **envp)
int main(int argc, char **argv)
{
pam_handle_t *pamh=NULL;
char *username=NULL;
const char *username=NULL;
const char *service="xsh";
int retcode;
/* did the user call with a username as an argument ? */
/* did the user call with a username as an argument ?
* did they also */
if (argc > 2) {
fprintf(stderr,"usage: %s [username]\n",argv[0]);
} else if (argc == 2) {
if (argc > 3) {
fprintf(stderr,"usage: %s [username [service-name]]\n",argv[0]);
}
if (argc >= 2) {
username = argv[1];
}
}
if (argc == 3) {
service = argv[2];
}
/* initialize the Linux-PAM library */
retcode = pam_start("xsh", username, &conv, &pamh);
retcode = pam_start(service, username, &conv, &pamh);
bail_out(pamh,1,retcode,"pam_start");
/* to avoid using goto we abuse a loop here */
@ -111,7 +103,10 @@ void main(int argc, char **argv, char **envp)
break;
}
fprintf(stderr,"The user has been authenticated and `logged in'\n");
pam_get_item(pamh, PAM_USER, (const void **) &username);
fprintf(stderr,
"The user [%s] has been authenticated and `logged in'\n",
username);
/* this is always a really bad thing for security! */
system("/bin/sh");
@ -127,6 +122,15 @@ void main(int argc, char **argv, char **envp)
break;
}
/* `0' could be as above */
retcode = pam_setcred(pamh, PAM_DELETE_CRED);
bail_out(pamh,0,retcode,"pam_setcred");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem deleting user credentials\n"
,argv[0]);
break;
}
break; /* don't go on for ever! */
}

108
contrib/libpam/libpam/Makefile
View File

@ -1,45 +1,14 @@
#
# $Id: Makefile,v 1.19 1997/04/05 06:58:43 morgan Exp morgan $
# $Id: Makefile,v 1.4 2001/02/10 07:17:53 agmorgan Exp $
#
# $Log: Makefile,v $
# Revision 1.19 1997/04/05 06:58:43 morgan
# fakeroot
#
# Revision 1.18 1997/02/15 15:56:09 morgan
# inherit major and minor numbers
#
# Revision 1.17 1997/01/04 20:03:09 morgan
# update for .55
#
# Revision 1.16 1996/12/01 03:14:13 morgan
# update for .54
#
# Revision 1.15 1996/11/10 20:07:51 morgan
# updated for .53
#
# Revision 1.14 1996/09/05 06:06:53 morgan
# added local flag for locking, slight reorganization too.
#
include ../Make.Rules
# need to tell libpam about the default directory for PAMs
MOREFLAGS=-D"DEFAULT_MODULE_PATH=\"$(SECUREDIR)/\""
# you may uncomment the following to build libpam in modified ways
# lots of debugging information goes to /tmp/pam-debug.log
#MOREFLAGS += -D"DEBUG"
# pay attention to locked /etc/pam.conf or /etc/pam.d/* files
#MOREFLAGS += -D"PAM_LOCKING"
# read both the /etc/pam.d/ and pam.conf files specific to the deisred service
#MOREFLAGS += -D"PAM_READ_BOTH_CONFS"
# make a kludge attempt to be compatible with the old pam_strerror
# calling convention
#MOREFLAGS += -D"UGLY_HACK_FOR_PRIOR_BEHAVIOR_SUPPORT"
ifeq ($(DEBUG_REL),yes)
ifeq ($(WITH_LIBDEBUG),yes)
LIBNAME=libpamd
else
LIBNAME=libpam
@ -49,12 +18,13 @@ MODIFICATION=.$(MINOR_REL)
# ---------------------------------------------
dummy:
@echo "*** This is not a top-level Makefile!"
dummy: ../Make.Rules all
# ---------------------------------------------
CFLAGS += $(DYNAMIC) $(STATIC) $(MOREFLAGS)
CFLAGS += $(DYNAMIC) $(STATIC) $(MOREFLAGS) \
-DLIBPAM_VERSION_MAJOR=$(MAJOR_REL) \
-DLIBPAM_VERSION_MINOR=$(MINOR_REL)
# dynamic library names
@ -67,8 +37,11 @@ LIBPAMFULL = $(LIBPAMNAME)$(MODIFICATION)
LIBPAMSTATIC = $(LIBNAME).a
ifdef STATIC
@echo Did you mean to set STATIC\?
MODULES = $(shell cat ../modules/_static_module_objects)
STATICOBJ = pam_static.o
else
MODULES =
endif
ifdef MEMORY_DEBUG
@ -80,15 +53,16 @@ LIBOBJECTS = pam_item.o pam_strerror.o pam_end.o pam_start.o pam_data.o \
pam_account.o pam_auth.o pam_session.o pam_password.o \
pam_env.o pam_log.o $(EXTRAS)
ifdef DYNAMIC_LIBPAM
ifeq ($(DYNAMIC_LIBPAM),yes)
# libpam.so needs -ldl, too.
DLIBOBJECTS = $(addprefix dynamic/,$(LIBOBJECTS) $(STATICOBJ))
ifdef STATICOBJ
ifeq ($(STATICOBJ),yes)
dynamic/pam_static.o: pam_static.c ../modules/_static_module_objects
$(CC) $(CFLAGS) -c pam_static.c -o $@
endif
endif
ifdef STATIC_LIBPAM
ifeq ($(STATIC_LIBPAM),yes)
SLIBOBJECTS = $(addprefix static/,$(LIBOBJECTS) $(STATICOBJ))
ifdef STATICOBJ
static/pam_static.o: pam_static.c ../modules/_static_module_objects
@ -99,45 +73,46 @@ endif
# ---------------------------------------------
## rules
all: dirs $(LIBPAM) $(LIBPAMSTATIC)
all: dirs $(LIBPAM) $(LIBPAMSTATIC) ../Make.Rules
dirs:
ifdef DYNAMIC_LIBPAM
mkdir -p dynamic
ifeq ($(DYNAMIC_LIBPAM),yes)
$(MKDIR) dynamic
endif
ifdef STATIC_LIBPAM
mkdir -p static
ifeq ($(STATIC_LIBPAM),yes)
$(MKDIR) static
endif
dynamic/%.o : %.c
$(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
$(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
static/%.o : %.c
$(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
$(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
$(LIBPAM): $(DLIBOBJECTS)
ifdef DYNAMIC_LIBPAM
ifeq ($(DYNAMIC_LIBPAM),yes)
ifeq ($(USESONAME),yes)
$(LD_L) $(SOSWITCH) $(LIBPAMNAME) -o $@ $(DLIBOBJECTS) $(MODULES)
$(LD_L) $(SOSWITCH) $(LIBPAMNAME) -o $@ $(DLIBOBJECTS) \
$(MODULES) $(LINKLIBS)
else
$(LD_L) -o $@ $(DLIBOBJECTS) $(MODULES)
$(LD_L) -o $@ $(DLIBOBJECTS) $(MODULES) $(LINKLIBS)
endif
ifeq ($(NEEDSONAME),yes)
rm -f $(LIBPAMFULL)
ln -s $(LIBPAM) $(LIBPAMFULL)
ln -sf $(LIBPAM) $(LIBPAMFULL)
rm -f $(LIBPAMNAME)
ln -s $(LIBPAM) $(LIBPAMNAME)
ln -sf $(LIBPAM) $(LIBPAMNAME)
endif
endif
$(LIBPAMSTATIC): $(SLIBOBJECTS)
ifdef STATIC_LIBPAM
$(AR) $@ $(SLIBOBJECTS) $(MODULES)
ifeq ($(STATIC_LIBPAM),yes)
ar cr $@ $(SLIBOBJECTS) $(MODULES)
$(RANLIB) $@
endif
install: all
$(MKDIR) $(FAKEROOT)$(INCLUDED)
$(MKDIR) $(FAKEROOT)$(INCLUDED) $(FAKEROOT)$(libdir)
$(INSTALL) -m 644 include/security/pam_appl.h $(FAKEROOT)$(INCLUDED)
$(INSTALL) -m 644 include/security/pam_modules.h $(FAKEROOT)$(INCLUDED)
$(INSTALL) -m 644 include/security/_pam_macros.h $(FAKEROOT)$(INCLUDED)
@ -146,15 +121,16 @@ install: all
ifdef MEMORY_DEBUG
$(INSTALL) -m 644 include/security/pam_malloc.h $(FAKEROOT)$(INCLUDED)
endif
ifdef DYNAMIC_LIBPAM
$(INSTALL) -m $(SHLIBMODE) $(LIBPAM) $(FAKEROOT)$(LIBDIR)/$(LIBPAMFULL)
ifeq ($(DYNAMIC_LIBPAM),yes)
$(INSTALL) -m $(SHLIBMODE) $(LIBPAM) $(FAKEROOT)$(libdir)/$(LIBPAMFULL)
$(LDCONFIG)
ifneq ($(DYNTYPE),"sl")
( cd $(FAKEROOT)$(LIBDIR) ; rm -f $(LIBPAM) ; ln -s $(LIBPAMNAME) $(LIBPAM) )
( cd $(FAKEROOT)$(libdir) ; rm -f $(LIBPAM) ; \
ln -sf $(LIBPAMNAME) $(LIBPAM) )
endif
endif
ifdef STATIC_LIBPAM
$(INSTALL) -m 644 $(LIBPAMSTATIC) $(FAKEROOT)$(LIBDIR)
ifeq ($(STATIC_LIBPAM),yes)
$(INSTALL) -m 644 $(LIBPAMSTATIC) $(FAKEROOT)$(libdir)
endif
remove:
@ -163,15 +139,13 @@ remove:
rm -f $(FAKEROOT)$(INCLUDED)/pam_appl.h
rm -f $(FAKEROOT)$(INCLUDED)/pam_modules.h
rm -f $(FAKEROOT)$(INCLUDED)/pam_malloc.h
rm -f $(FAKEROOT)$(LIBDIR)/$(LIBPAM).*
rm -f $(FAKEROOT)$(LIBDIR)/$(LIBPAM)
rm -f $(FAKEROOT)$(libdir)/$(LIBPAM).*
rm -f $(FAKEROOT)$(libdir)/$(LIBPAM)
$(LDCONFIG)
rm -f $(FAKEROOT)$(LIBDIR)/$(LIBPAMSTATIC)
rm -f $(FAKEROOT)$(libdir)/$(LIBPAMSTATIC)
clean:
rm -f a.out core *~ static/*.o dynamic/*.o
extraclean: clean
rm -f *.a *.out *.o *.so ./include/security/*~
rm -f *.a *.o *.so ./include/security/*~
if [ -d dynamic ]; then rmdir dynamic ; fi
if [ -d static ]; then rmdir static ; fi

29
contrib/libpam/libpam/include/security/_pam_compat.h
View File

@ -2,7 +2,10 @@
#define _PAM_COMPAT_H
/*
* $Id: _pam_compat.h,v 1.1.1.1 2000/06/20 22:11:21 agmorgan Exp $
*
* This file was contributed by Derrick J Brashear <shadow@dementia.org>
* slight modification by Brad M. Garcia <bgarcia@fore.com>
*
* A number of operating systems have started to implement PAM.
* unfortunately, they have a different set of numeric values for
@ -12,17 +15,25 @@
/* Solaris uses different constants. We redefine to those here */
#if defined(solaris) || (defined(__SVR4) && defined(sun))
#ifndef _SECURITY__PAM_TYPES_H
# ifdef _SECURITY_PAM_MODULES_H
/* flags for pam_chauthtok() */
# undef PAM_PRELIM_CHECK
# define PAM_PRELIM_CHECK 0x1
# undef PAM_UPDATE_AUTHTOK
# define PAM_UPDATE_AUTHTOK 0x2
# endif /* _SECURITY_PAM_MODULES_H */
#else /* _SECURITY__PAM_TYPES_H */
/* generic for pam_* functions */
# undef PAM_SILENT
# define PAM_SILENT 0x80000000
/* flags for pam_chauthtok() */
# undef PAM_PRELIM_CHECK
# define PAM_PRELIM_CHECK 0x1
# undef PAM_UPDATE_AUTHTOK
# define PAM_UPDATE_AUTHTOK 0x2
/* flags for pam_setcred() */
# undef PAM_ESTABLISH_CRED
# define PAM_ESTABLISH_CRED 0x1
@ -33,8 +44,8 @@
# undef PAM_REINITIALIZE_CRED
# define PAM_REINITIALIZE_CRED 0x4
# define PAM_REFRESH_CRED 0x8
# undef PAM_REFRESH_CRED
# define PAM_REFRESH_CRED 0x8
/* another binary incompatibility comes from the return codes! */
@ -104,6 +115,8 @@
# undef PAM_TRY_AGAIN
# define PAM_TRY_AGAIN 27
#endif /* _SECURITY__PAM_TYPES_H */
#endif /* defined(solaris) || (defined(__SVR4) && defined(sun)) */
#endif /* _PAM_COMPAT_H */

54
contrib/libpam/libpam/include/security/_pam_macros.h
View File

@ -9,7 +9,9 @@
/* a 'safe' version of strdup */
extern char *strdup(const char *s);
#include <string.h>
#include <stdlib.h>
#define x_strdup(s) ( (s) ? strdup(s):NULL )
/* Good policy to strike out passwords with some characters not just
@ -61,8 +63,10 @@ do { \
#include <stdio.h>
#include <sys/types.h>
#include <stdarg.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
/*
* This is for debugging purposes ONLY. DO NOT use on live systems !!!
@ -80,37 +84,55 @@ static void _pam_output_debug_info(const char *file, const char *fn
, const int line)
{
FILE *logfile;
int must_close = 1;
if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
int must_close = 1, fd;
#ifdef O_NOFOLLOW
if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
#else
if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
#endif
if (!(logfile = fdopen(fd,"a"))) {
logfile = stderr;
must_close = 0;
close(fd);
}
} else {
logfile = stderr;
must_close = 0;
must_close = 0;
}
fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
if (must_close) {
fflush(logfile);
fflush(logfile);
if (must_close)
fclose(logfile);
}
}
static void _pam_output_debug(const char *format, ...)
{
va_list args;
FILE *logfile;
int must_close = 1;
int must_close = 1, fd;
va_start(args, format);
if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
logfile = stderr;
must_close = 0;
#ifdef O_NOFOLLOW
if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
#else
if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
#endif
if (!(logfile = fdopen(fd,"a"))) {
logfile = stderr;
must_close = 0;
close(fd);
}
} else {
logfile = stderr;
must_close = 0;
}
vfprintf(logfile, format, args);
fprintf(logfile, "\n");
if (must_close) {
fflush(logfile);
fflush(logfile);
if (must_close)
fclose(logfile);
}
va_end(args);
}

74
contrib/libpam/libpam/include/security/_pam_types.h
View File

@ -1,7 +1,7 @@
/*
* <security/_pam_types.h>
*
* $Id: _pam_types.h,v 1.10 1997/04/05 06:52:50 morgan Exp morgan $
* $Id: _pam_types.h,v 1.4 2001/01/22 06:07:29 agmorgan Exp $
*
* This file defines all of the types common to the Linux-PAM library
* applications and modules.
@ -9,13 +9,16 @@
* Note, the copyright+license information is at end of file.
*
* Created: 1996/3/5 by AGM
*
* $Log$
*/
#ifndef _SECURITY__PAM_TYPES_H
#define _SECURITY__PAM_TYPES_H
#ifndef __LIBPAM_VERSION
# define __LIBPAM_VERSION __libpam_version
#endif
extern unsigned int __libpam_version;
/*
* include local definition for POSIX - NULL
*/
@ -88,7 +91,10 @@ typedef struct pam_handle pam_handle_t;
calling again, verify that conversation
is completed */
/* Add new #define's here */
/*
* Add new #define's here - take care to also extend the libpam code:
* pam_strerror() and "libpam/pam_tokens.h" .
*/
#define _PAM_RETURN_VALUES 32 /* this is the number of return values */
@ -141,7 +147,6 @@ typedef struct pam_handle pam_handle_t;
#define PAM_USER_PROMPT 9 /* the prompt for getting a username */
#define PAM_FAIL_DELAY 10 /* app supplied function to override failure
delays */
#define PAM_LOG_STATE 11 /* ident, facility etc. logging info */
/* ---------- Common Linux-PAM application/module PI ----------- */
@ -178,50 +183,18 @@ extern char **pam_getenvlist(pam_handle_t *pamh);
* This item was added to accommodate event driven programs that need to
* manage delays more carefully. The function prototype for this data
* item is
* void (*fail_delay)(int status, unsigned int delay);
* void (*fail_delay)(int status, unsigned int delay, void *appdata_ptr);
*/
#define HAVE_PAM_FAIL_DELAY
extern int pam_fail_delay(pam_handle_t *pamh, unsigned int musec_delay);
/*
* the standard libc interface for syslog suffers from some problems.
* The first is that it is not thread safe. It is also three functions
* where PAM only really needs a "log this" function. It also does
* not provide modules and applications with information about whether
* the log is currently open or not etc... All of these things mean
* that we need to centralize PAM's logging facility. These two functions
* provide this centralization. They are, however, just a gateway to
* libc's openlog/syslog/closelog functions. Please note, your apps/modules
* will likely start to segfault if you do not use this function for
* system logging.
*/
struct pam_log_state {
char *ident;
int option;
int facility;
};
#ifndef LOG_ERR
# include <syslog.h> /* this is a sad HACK. But we need LOG_CRIT etc.. */
#endif
#define PAM_LOG_STATE_IDENT "PAM"
#define PAM_LOG_STATE_OPTION LOG_PID
#define PAM_LOG_STATE_FACILITY LOG_AUTHPRIV
#ifndef va_start
# include <stdarg.h>
#endif
#define HAVE_PAM_SYSTEM_LOG
extern void pam_vsystem_log(const pam_handle_t *pamh,
const struct pam_log_state *log_state,
int priority, const char *format, va_list args);
extern void pam_system_log(const pam_handle_t *pamh,
const struct pam_log_state *log_state,
int priority, const char *format, ... );
#include <syslog.h>
#ifndef LOG_AUTHPRIV
# ifdef LOG_PRIV
# define LOG_AUTHPRIV LOG_PRIV
# endif /* LOG_PRIV */
#endif /* !LOG_AUTHPRIV */
#ifdef MEMORY_DEBUG
/*
@ -246,14 +219,8 @@ extern void pam_system_log(const pam_handle_t *pamh,
#define PAM_RADIO_TYPE 5 /* yes/no/maybe conditionals */
/* This is for server client non-human interaction.. these are NOT
part of the X/Open PAM specification (yet although Vipin has hinted
that they may well be 1997/7/8) but are currently included for
exploritory reasons. Basically, they are for the module to obtain a
binary chunk of data from the client (via the server). Such data
is intercepted by the server and unpacked in preparation for the
module */
part of the X/Open PAM specification. */
#define PAM_BINARY_MSG 6
#define PAM_BINARY_PROMPT 7
/* maximum size of messages/responses etc.. (these are mostly
@ -280,10 +247,11 @@ struct pam_message {
struct {
u32 length; # network byte order
unsigned char data[length];
unsigned char type;
unsigned char data[length-5];
};
The 'libpam_client' library is designed around this flavor of
The 'libpamc' library is designed around this flavor of
message and should be used to handle this flavor of msg_style.
*/

25
contrib/libpam/libpam/include/security/pam_appl.h
View File

@ -10,27 +10,16 @@
* Created: 15-Jan-96 by TYT
* Last modified: 1996/3/5 by AGM
*
* $Log: pam_appl.h,v $
* Revision 1.5 1996/11/10 19:56:11 morgan
* minor prototype change
*
* Revision 1.4 1996/03/16 22:38:17 morgan
* made all of the pam_start input arguments constant
*
* Revision 1.3 1996/03/16 20:22:59 morgan
* changed name comment at top of file.
*
* Revision 1.2 1996/03/09 20:39:06 morgan
* added RCS information
*
*
* $Id: pam_appl.h,v 1.5 1996/11/10 19:56:11 morgan Exp $
*
* $Id: pam_appl.h,v 1.3 2000/11/19 23:54:02 agmorgan Exp $
*/
#ifndef _SECURITY_PAM_APPL_H
#define _SECURITY_PAM_APPL_H
#ifdef __cplusplus
extern "C" {
#endif
#include <security/_pam_types.h> /* Linux-PAM common defined types */
/* -------------- The Linux-PAM Framework layer API ------------- */
@ -58,6 +47,10 @@ extern int pam_close_session(pam_handle_t *pamh, int flags);
extern int pam_chauthtok(pam_handle_t *pamh, int flags);
#ifdef __cplusplus
}
#endif
/* take care of any compatibility issues */
#include <security/_pam_compat.h>

8
contrib/libpam/libpam/include/security/pam_malloc.h
View File

@ -1,9 +1,5 @@
/* $Id: pam_malloc.h,v 1.1 1996/11/10 21:23:14 morgan Exp $
*
* $Log: pam_malloc.h,v $
* Revision 1.1 1996/11/10 21:23:14 morgan
* Initial revision
*
/*
* $Id: pam_malloc.h,v 1.2 2000/12/04 19:02:34 baggins Exp $
*/
/*

24
contrib/libpam/libpam/include/security/pam_modules.h
View File

@ -1,27 +1,7 @@
/*
* <security/pam_modules.h>
*
* $Id: pam_modules.h,v 1.8 1997/01/04 20:14:42 morgan Exp morgan $
*
* This header file documents the PAM SPI --- that is, interface
* between the PAM library and a PAM service library which is called
* by the PAM library.
*
* Note, the copyright information is at end of file.
*
* $Log: pam_modules.h,v $
* Revision 1.8 1997/01/04 20:14:42 morgan
* moved PAM_DATA_SILENT to _pam_types.h so applications can use it too
*
* Revision 1.7 1996/11/10 19:57:08 morgan
* pam_get_user prototype.
*
* Revision 1.6 1996/09/05 06:18:45 morgan
* added some data error_status masks, changed prototype for cleanup()
*
* Revision 1.5 1996/06/02 07:58:37 morgan
* altered the way in which modules obtain static prototypes for
* functions
* $Id: pam_modules.h,v 1.3 2001/02/05 06:50:41 agmorgan Exp $
*
*/
@ -132,7 +112,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
#define PAM_PRELIM_CHECK 0x4000
/* The password service should update passwords Note: PAM_PRELIM_CHECK
* and PAM_UPDATE_AUTHTOK can not both be set simultaneously! */
* and PAM_UPDATE_AUTHTOK cannot both be set simultaneously! */
#define PAM_UPDATE_AUTHTOK 0x2000

14
contrib/libpam/libpam/pam_account.c
View File

@ -6,8 +6,18 @@
int pam_acct_mgmt(pam_handle_t *pamh, int flags)
{
int retval;
D(("called"));
IF_NO_PAMH("pam_acct_mgmt",pamh,PAM_SYSTEM_ERR);
return _pam_dispatch(pamh, flags, PAM_ACCOUNT);
IF_NO_PAMH("pam_acct_mgmt", pamh, PAM_SYSTEM_ERR);
if (__PAM_FROM_MODULE(pamh)) {
D(("called from module!?"));
return PAM_SYSTEM_ERR;
}
retval = _pam_dispatch(pamh, flags, PAM_ACCOUNT);
return retval;
}

21
contrib/libpam/libpam/pam_auth.c
View File

@ -1,11 +1,7 @@
/*
* pam_auth.c -- PAM authentication
*
* $Id: pam_auth.c,v 1.7 1997/04/05 06:53:52 morgan Exp morgan $
*
* $Log: pam_auth.c,v $
* Revision 1.7 1997/04/05 06:53:52 morgan
* fail-delay changes
* $Id: pam_auth.c,v 1.3 2001/01/22 06:07:28 agmorgan Exp $
*
*/
@ -20,6 +16,13 @@ int pam_authenticate(pam_handle_t *pamh, int flags)
D(("pam_authenticate called"));
IF_NO_PAMH("pam_authenticate", pamh, PAM_SYSTEM_ERR);
if (__PAM_FROM_MODULE(pamh)) {
D(("called from module!?"));
return PAM_SYSTEM_ERR;
}
if (pamh->former.choice == PAM_NOT_STACKED) {
_pam_sanitize(pamh);
_pam_start_timer(pamh); /* we try to make the time for a failure
@ -27,7 +30,6 @@ int pam_authenticate(pam_handle_t *pamh, int flags)
fail */
}
IF_NO_PAMH("pam_authenticate",pamh,PAM_SYSTEM_ERR);
retval = _pam_dispatch(pamh, flags, PAM_AUTHENTICATE);
if (retval != PAM_INCOMPLETE) {
@ -45,9 +47,14 @@ int pam_setcred(pam_handle_t *pamh, int flags)
{
int retval;
D(("pam_setcred called"));
IF_NO_PAMH("pam_setcred", pamh, PAM_SYSTEM_ERR);
D(("pam_setcred called"));
if (__PAM_FROM_MODULE(pamh)) {
D(("called from module!?"));
return PAM_SYSTEM_ERR;
}
if (! flags) {
flags = PAM_ESTABLISH_CRED;

88
contrib/libpam/libpam/pam_data.c
View File

@ -1,23 +1,7 @@
/* pam_data.c */
/*
* $Id: pam_data.c,v 1.5 1996/12/01 03:14:13 morgan Exp $
*
* $Log: pam_data.c,v $
* Revision 1.5 1996/12/01 03:14:13 morgan
* use _pam_macros.h
*
* Revision 1.4 1996/11/10 19:59:56 morgan
* internalized strdup for malloc debugging
*
* Revision 1.3 1996/09/05 06:10:31 morgan
* changed type of cleanup(), added PAM_DATA_REPLACE to replacement
* cleanup() call.
*
* Revision 1.2 1996/03/16 21:33:05 morgan
* removed const from cleanup argument, also deleted comment about SUN stuff
*
*
* $Id: pam_data.c,v 1.2 2001/01/22 06:07:28 agmorgan Exp $
*/
#include <stdlib.h>
@ -25,7 +9,26 @@
#include "pam_private.h"
struct pam_data *_pam_locate_data(const pam_handle_t *pamh, const char *name);
static struct pam_data *_pam_locate_data(const pam_handle_t *pamh,
const char *name)
{
struct pam_data *data;
D(("called"));
IF_NO_PAMH("_pam_locate_data", pamh, NULL);
data = pamh->data;
while (data) {
if (!strcmp(data->name, name)) {
return data;
}
data = data->next;
}
return NULL;
}
int pam_set_data(
pam_handle_t *pamh,
@ -35,21 +38,27 @@ int pam_set_data(
{
struct pam_data *data_entry;
IF_NO_PAMH("pam_set_data",pamh,PAM_SYSTEM_ERR);
D(("called"));
IF_NO_PAMH("pam_set_data", pamh, PAM_SYSTEM_ERR);
if (__PAM_FROM_APP(pamh)) {
D(("called from application!?"));
return PAM_SYSTEM_ERR;
}
/* first check if there is some data already. If so clean it up */
if ((data_entry = _pam_locate_data(pamh, module_data_name))) {
if (data_entry->cleanup) {
data_entry->cleanup(pamh, data_entry->data
, PAM_DATA_REPLACE | PAM_SUCCESS );
data_entry->cleanup(pamh, data_entry->data,
PAM_DATA_REPLACE | PAM_SUCCESS );
}
} else if ((data_entry = malloc(sizeof(*data_entry)))) {
char *tname;
if ((tname = _pam_strdup(module_data_name)) == NULL) {
pam_system_log(pamh, NULL, LOG_CRIT,
"pam_set_data: no memory for data name");
_pam_system_log(LOG_CRIT, "pam_set_data: no memory for data name");
_pam_drop(data_entry);
return PAM_BUF_ERR;
}
@ -57,8 +66,7 @@ int pam_set_data(
pamh->data = data_entry;
data_entry->name = tname;
} else {
pam_system_log(pamh, NULL, LOG_CRIT,
"pam_set_data: cannot allocate data entry");
_pam_system_log(LOG_CRIT, "pam_set_data: cannot allocate data entry");
return PAM_BUF_ERR;
}
@ -75,7 +83,14 @@ int pam_get_data(
{
struct pam_data *data;
IF_NO_PAMH("pam_get_data",pamh,PAM_SYSTEM_ERR);
D(("called"));
IF_NO_PAMH("pam_get_data", pamh, PAM_SYSTEM_ERR);
if (__PAM_FROM_APP(pamh)) {
D(("called from application!?"));
return PAM_SYSTEM_ERR;
}
data = _pam_locate_data(pamh, module_data_name);
if (data) {
@ -86,29 +101,14 @@ int pam_get_data(
return PAM_NO_MODULE_DATA;
}
struct pam_data *_pam_locate_data(const pam_handle_t *pamh, const char *name)
{
struct pam_data *data;
IF_NO_PAMH("_pam_locate_data",pamh,NULL);
data = pamh->data;
while (data) {
if (!strcmp(data->name, name)) {
return data;
}
data = data->next;
}
return NULL;
}
void _pam_free_data(pam_handle_t *pamh, int status)
{
struct pam_data *last;
struct pam_data *data;
IF_NO_PAMH("_pam_free_data",pamh,/* no return value for void fn */);
D(("called"));
IF_NO_PAMH("_pam_free_data", pamh, /* no return value for void fn */);
data = pamh->data;
while (data) {

16
contrib/libpam/libpam/pam_delay.c
View File

@ -1,12 +1,11 @@
/*
* pam_delay.c
*
* Copyright (c) Andrew G. Morgan <morgan@linux.kernel.org> 1996-8
* Copyright (c) Andrew G. Morgan <morgan@kernel.org> 1996-9
* All rights reserved.
*
* $Id: pam_delay.c,v 1.5 1997/04/05 06:54:19 morgan Exp $
* $Id: pam_delay.c,v 1.3 2001/01/22 06:07:28 agmorgan Exp $
*
* $Log: pam_delay.c,v $
*/
/*
@ -94,13 +93,20 @@ void _pam_await_timer(pam_handle_t *pamh, int status)
if (pamh->fail_delay.delay_fn_ptr) {
union {
const void *value;
void (*fn)(int, unsigned);
void (*fn)(int, unsigned, void *);
} hack_fn_u;
void *appdata_ptr;
if (pamh->pam_conversation) {
appdata_ptr = pamh->pam_conversation->appdata_ptr;
} else {
appdata_ptr = NULL;
}
/* always call the applications delay function, even if
the delay is zero - indicate status */
hack_fn_u.value = pamh->fail_delay.delay_fn_ptr;
hack_fn_u.fn(status, delay);
hack_fn_u.fn(status, delay, appdata_ptr);
} else if (status != PAM_SUCCESS && pamh->fail_delay.set) {

109
contrib/libpam/libpam/pam_dispatch.c
View File

@ -1,9 +1,9 @@
/* pam_dispatch.c - handles module function dispatch */
/*
* $Id: pam_dispatch.c,v 1.8 1997/01/04 20:04:09 morgan Exp morgan $
* Copyright (c) 1998 Andrew G. Morgan <morgan@kernel.org>
*
* last modified by AGM
* $Id: pam_dispatch.c,v 1.3 2001/02/05 06:50:41 agmorgan Exp $
*/
#include <stdlib.h>
@ -28,7 +28,7 @@
*/
static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
_pam_boolean resumed)
_pam_boolean resumed, int use_cached_chain)
{
int depth, impression, status, skip_depth;
@ -38,9 +38,8 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
const char *service=NULL;
(void) pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
pam_system_log(pamh, NULL, LOG_ERR,
"no modules loaded for `%s' service",
service ? service:"<unknown>" );
_pam_system_log(LOG_ERR, "no modules loaded for `%s' service",
service ? service:"<unknown>" );
service = NULL;
return PAM_MUST_FAIL_CODE;
}
@ -63,7 +62,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
/* Loop through module logic stack */
for (depth=0 ; h != NULL ; h = h->next, ++depth) {
int retval, action;
int retval, cached_retval, action;
/* skip leading modules if they have already returned */
if (depth < skip_depth) {
@ -79,7 +78,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
retval = h->func(pamh, flags, h->argc, h->argv);
D(("module returned: %s", pam_strerror(pamh, retval)));
if (h->must_fail) {
D(("module poorly listed in pam.conf; forcing failure"));
D(("module poorly listed in PAM config; forcing failure"));
retval = PAM_MUST_FAIL_CODE;
}
}
@ -100,23 +99,57 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
return retval;
}
if (use_cached_chain) {
/* a former stack execution has frozen the chain */
cached_retval = *(h->cached_retval_p);
} else {
/* this stack execution is defining the frozen chain */
cached_retval = h->cached_retval = retval;
}
/* verify that the return value is a valid one */
if (retval < PAM_SUCCESS || retval >= _PAM_RETURN_VALUES) {
if ((cached_retval < PAM_SUCCESS)
|| (cached_retval >= _PAM_RETURN_VALUES)) {
retval = PAM_MUST_FAIL_CODE;
action = _PAM_ACTION_BAD;
} else {
action = h->actions[retval];
/* We treat the current retval with some respect. It may
(for example, in the case of setcred) have a value that
needs to be propagated to the user. We want to use the
cached_retval to determine the modules to be executed
in the stacked chain, but we want to treat each
non-ignored module in the cached chain as now being
'required'. We only need to treat the,
_PAM_ACTION_IGNORE, _PAM_ACTION_IS_JUMP and
_PAM_ACTION_RESET actions specially. */
action = h->actions[cached_retval];
}
D((stderr,
"use_cached_chain=%d action=%d cached_retval=%d retval=%d\n",
use_cached_chain, action, cached_retval, retval));
/* decide what to do */
switch (action) {
case _PAM_ACTION_RESET:
/* if (use_cached_chain) {
XXX - we need to consider the use_cached_chain case
do we want to trash accumulated info here..?
} */
impression = _PAM_UNDEF;
status = PAM_MUST_FAIL_CODE;
break;
case _PAM_ACTION_OK:
case _PAM_ACTION_DONE:
/* XXX - should we maintain cached_status and status in
the case of use_cached_chain? The same with BAD&DIE
below */
if ( impression == _PAM_UNDEF
|| (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) {
impression = _PAM_POSITIVE;
@ -130,7 +163,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
case _PAM_ACTION_BAD:
case _PAM_ACTION_DIE:
#ifdef PAM_FAIL_NOW_ON
if ( retval == PAM_ABORT ) {
if ( cached_retval == PAM_ABORT ) {
impression = _PAM_NEGATIVE;
status = PAM_PERM_DENIED;
goto decision_made;
@ -146,6 +179,11 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
break;
case _PAM_ACTION_IGNORE:
/* if (use_cached_chain) {
XXX - when evaluating a cached
chain, do we still want to ignore the module's
return value?
} */
break;
/* if we get here, we expect action is a positive number --
@ -153,6 +191,20 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
default:
if ( _PAM_ACTION_IS_JUMP(action) ) {
/* If we are evaluating a cached chain, we treat this
module as required (aka _PAM_ACTION_OK) as well as
executing the jump. */
if (use_cached_chain) {
if (impression == _PAM_UNDEF
|| (impression == _PAM_POSITIVE
&& status == PAM_SUCCESS) ) {
impression = _PAM_POSITIVE;
status = retval;
}
}
/* this means that we need to skip #action stacked modules */
do {
h = h->next;
@ -193,24 +245,32 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
{
struct handler *h = NULL;
int retval;
int retval, use_cached_chain;
_pam_boolean resumed;
IF_NO_PAMH("_pam_dispatch",pamh,PAM_SYSTEM_ERR);
IF_NO_PAMH("_pam_dispatch", pamh, PAM_SYSTEM_ERR);
if (__PAM_FROM_MODULE(pamh)) {
D(("called from a module!?"));
return PAM_SYSTEM_ERR;
}
/* Load all modules, resolve all symbols */
if ((retval = _pam_init_handlers(pamh)) != PAM_SUCCESS) {
pam_system_log(pamh, NULL, LOG_ERR, "unable to dispatch function");
_pam_system_log(LOG_ERR, "unable to dispatch function");
return retval;
}
use_cached_chain = 0; /* default to setting h->cached_retval */
switch (choice) {
case PAM_AUTHENTICATE:
h = pamh->handlers.conf.authenticate;
break;
case PAM_SETCRED:
h = pamh->handlers.conf.setcred;
use_cached_chain = 1;
break;
case PAM_ACCOUNT:
h = pamh->handlers.conf.acct_mgmt;
@ -220,12 +280,16 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
break;
case PAM_CLOSE_SESSION:
h = pamh->handlers.conf.close_session;
use_cached_chain = 1;
break;
case PAM_CHAUTHTOK:
h = pamh->handlers.conf.chauthtok;
if (flags & PAM_UPDATE_AUTHTOK) {
use_cached_chain = 1;
}
break;
default:
pam_system_log(pamh, NULL, LOG_ERR, "undefined fn choice; %d", choice);
_pam_system_log(LOG_ERR, "undefined fn choice; %d", choice);
return PAM_ABORT;
}
@ -256,9 +320,9 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
/* Did a module return an "incomplete state" last time? */
if (pamh->former.choice != PAM_NOT_STACKED) {
if (pamh->former.choice != choice) {
pam_system_log(pamh, NULL, LOG_ERR,
"application failed to re-exec stack [%d:%d]",
pamh->former.choice, choice);
_pam_system_log(LOG_ERR,
"application failed to re-exec stack [%d:%d]",
pamh->former.choice, choice);
return PAM_ABORT;
}
resumed = PAM_TRUE;
@ -266,10 +330,14 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
resumed = PAM_FALSE;
}
__PAM_TO_MODULE(pamh);
/* call the list of module functions */
retval = _pam_dispatch_aux(pamh, flags, h, resumed);
retval = _pam_dispatch_aux(pamh, flags, h, resumed, use_cached_chain);
resumed = PAM_FALSE;
__PAM_TO_APP(pamh);
/* Should we recall where to resume next time? */
if (retval == PAM_INCOMPLETE) {
D(("module [%d] returned PAM_INCOMPLETE"));
@ -281,6 +349,3 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice)
return retval;
}
/*
* $Log: pam_dispatch.c,v $
*/

14
contrib/libpam/libpam/pam_end.c
View File

@ -1,9 +1,7 @@
/* pam_end.c */
/*
* $Id: pam_end.c,v 1.5 1996/12/01 03:14:13 morgan Exp $
*
* $Log: pam_end.c,v $
* $Id: pam_end.c,v 1.2 2001/01/22 06:07:28 agmorgan Exp $
*/
#include <stdlib.h>
@ -14,9 +12,14 @@ int pam_end(pam_handle_t *pamh, int pam_status)
{
int ret;
D(("entering pam_end()"));
IF_NO_PAMH("pam_end", pamh, PAM_SYSTEM_ERR);
D(("entering pam_end()"));
if (__PAM_FROM_MODULE(pamh)) {
D(("called from module!?"));
return PAM_SYSTEM_ERR;
}
/* first liberate the modules (it is not inconcevible that the
modules may need to use the service_name etc. to clean up) */
@ -64,9 +67,6 @@ int pam_end(pam_handle_t *pamh, int pam_status)
_pam_drop(pamh->pam_conversation);
pamh->fail_delay.delay_fn_ptr = NULL;
_pam_overwrite(pamh->pam_default_log.ident);
_pam_drop(pamh->pam_default_log.ident);
/* and finally liberate the memory for the pam_handle structure */
_pam_drop(pamh);

49
contrib/libpam/libpam/pam_env.c
View File

@ -7,14 +7,7 @@
* This file was written from a "hint" provided by the people at SUN.
* and the X/Open XSSO draft of March 1997.
*
* $Id: pam_env.c,v 1.2 1997/02/15 15:56:48 morgan Exp morgan $
*
* $Log: pam_env.c,v $
* Revision 1.2 1997/02/15 15:56:48 morgan
* liberate pamh->env structure too!
*
* Revision 1.1 1996/12/01 03:14:13 morgan
* Initial revision
* $Id: pam_env.c,v 1.2 2001/01/22 06:07:28 agmorgan Exp $
*/
#include <string.h>
@ -54,6 +47,7 @@ static void _pam_dump_env(pam_handle_t *pamh)
int _pam_make_env(pam_handle_t *pamh)
{
D(("called."));
IF_NO_PAMH("_pam_make_env", pamh, PAM_ABORT);
/*
@ -62,7 +56,7 @@ int _pam_make_env(pam_handle_t *pamh)
pamh->env = (struct pam_environ *) malloc(sizeof(struct pam_environ));
if (pamh->env == NULL) {
pam_system_log(pamh, NULL, LOG_CRIT, "_pam_make_env: out of memory");
_pam_system_log(LOG_CRIT, "_pam_make_env: out of memory");
return PAM_BUF_ERR;
}
@ -72,8 +66,7 @@ int _pam_make_env(pam_handle_t *pamh)
pamh->env->list = (char **)calloc( PAM_ENV_CHUNK, sizeof(char *) );
if (pamh->env->list == NULL) {
pam_system_log(pamh, NULL, LOG_CRIT,
"_pam_make_env: no memory for list");
_pam_system_log(LOG_CRIT, "_pam_make_env: no memory for list");
_pam_drop(pamh->env);
return PAM_BUF_ERR;
}
@ -163,8 +156,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value)
IF_NO_PAMH("pam_putenv", pamh, PAM_ABORT);
if (name_value == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_putenv: no variable indicated");
_pam_system_log(LOG_ERR, "pam_putenv: no variable indicated");
return PAM_PERM_DENIED;
}
@ -174,7 +166,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value)
for (l2eq=0; name_value[l2eq] && name_value[l2eq] != '='; ++l2eq);
if (l2eq <= 0) {
pam_system_log(pamh, NULL, LOG_ERR, "pam_putenv: bad variable");
_pam_system_log(LOG_ERR, "pam_putenv: bad variable");
return PAM_BAD_ITEM;
}
@ -183,8 +175,8 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value)
*/
if (pamh->env == NULL || pamh->env->list == NULL) {
pam_system_log(pamh, NULL, LOG_ERR, "pam_putenv: no env%s found"
, pamh->env == NULL ? "":"-list");
_pam_system_log(LOG_ERR, "pam_putenv: no env%s found",
pamh->env == NULL ? "":"-list");
return PAM_ABORT;
}
@ -206,8 +198,8 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value)
, sizeof(char *) );
if (tmp == NULL) {
/* nothing has changed - old env intact */
pam_system_log(pamh, NULL, LOG_CRIT,
"pam_putenv: cannot grow environment");
_pam_system_log(LOG_CRIT,
"pam_putenv: cannot grow environment");
return PAM_BUF_ERR;
}
@ -258,8 +250,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value)
/* getting to here implies we are deleting an item */
if (item < 0) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_putenv: delete non-existent entry; %s",
_pam_system_log(LOG_ERR, "pam_putenv: delete non-existent entry; %s",
name_value);
return PAM_BAD_ITEM;
}
@ -298,14 +289,13 @@ const char *pam_getenv(pam_handle_t *pamh, const char *name)
IF_NO_PAMH("pam_getenv", pamh, NULL);
if (name == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_getenv: no variable indicated");
_pam_system_log(LOG_ERR, "pam_getenv: no variable indicated");
return NULL;
}
if (pamh->env == NULL || pamh->env->list == NULL) {
pam_system_log(pamh, NULL, LOG_ERR, "pam_getenv: no env%s found",
pamh->env == NULL ? "":"-list" );
_pam_system_log(LOG_ERR, "pam_getenv: no env%s found",
pamh->env == NULL ? "":"-list" );
return NULL;
}
@ -371,25 +361,22 @@ char **pam_getenvlist(pam_handle_t *pamh)
IF_NO_PAMH("pam_getenvlist", pamh, NULL);
if (pamh->env == NULL || pamh->env->list == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_getenvlist: no env%s found",
pamh->env == NULL ? "":"-list" );
_pam_system_log(LOG_ERR, "pam_getenvlist: no env%s found",
pamh->env == NULL ? "":"-list" );
return NULL;
}
/* some quick checks */
if (pamh->env->requested > pamh->env->entries) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_getenvlist: environment corruption");
_pam_system_log(LOG_ERR, "pam_getenvlist: environment corruption");
_pam_dump_env(pamh); /* only active when debugging */
return NULL;
}
for (i=pamh->env->requested-1; i-- > 0; ) {
if (pamh->env->list[i] == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_getenvlist: environment broken");
_pam_system_log(LOG_ERR, "pam_getenvlist: environment broken");
_pam_dump_env(pamh); /* only active when debugging */
return NULL; /* somehow we've broken the environment!? */
}

162
contrib/libpam/libpam/pam_handlers.c
View File

@ -4,7 +4,7 @@
* created by Marc Ewing.
* Currently maintained by Andrew G. Morgan <morgan@linux.kernel.org>
*
* $Id: pam_handlers.c,v 1.17 1997/04/05 06:55:24 morgan Exp morgan $
* $Id: pam_handlers.c,v 1.3 2001/02/05 06:50:41 agmorgan Exp $
*
*/
@ -13,11 +13,13 @@
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#ifdef PAM_SHL
# include <dl.h>
#else
# include <dlfcn.h>
#endif
#ifdef PAM_DYNAMIC
# ifdef PAM_SHL
# include <dl.h>
# else /* PAM_SHL */
# include <dlfcn.h>
# endif /* PAM_SHL */
#endif /* PAM_DYNAMIC */
#include <fcntl.h>
#include <unistd.h>
@ -33,8 +35,9 @@
# define SHLIB_SYM_PREFIX ""
#endif
#define BUF_SIZE 1024
#define MODULE_CHUNK 4
#define BUF_SIZE 1024
#define MODULE_CHUNK 4
#define UNKNOWN_MODULE_PATH "<*unknown module path*>"
static int _pam_assemble_line(FILE *f, char *buf, int buf_len);
@ -110,9 +113,8 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
} else {
/* Illegal module type */
D(("_pam_init_handlers: bad module type: %s", tok));
pam_system_log(pamh, NULL, LOG_ERR,
"(%s) illegal module type: %s"
, this_service, tok);
_pam_system_log(LOG_ERR, "(%s) illegal module type: %s",
this_service, tok);
module_type = PAM_T_AUTH; /* most sensitive */
must_fail = 1; /* install as normal but fail when dispatched */
}
@ -162,8 +164,8 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
} else {
/* no module name given */
D(("_pam_init_handlers: no module name supplied"));
pam_system_log(pamh, NULL, LOG_ERR,
"(%s) no module name supplied", this_service);
_pam_system_log(LOG_ERR,
"(%s) no module name supplied", this_service);
mod_path = NULL;
must_fail = 1;
}
@ -198,8 +200,6 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
actions[y]>0 ? "jump":
_pam_token_actions[-actions[y]]));
}
fprintf(stderr, "pause to look at debugging: ");
getchar();
}
#endif
@ -207,8 +207,7 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f
, module_type, actions, mod_path
, argc, argv, argvlen);
if (res != PAM_SUCCESS) {
pam_system_log(pamh, NULL, LOG_ERR,
"error loading %s", mod_path);
_pam_system_log(LOG_ERR, "error loading %s", mod_path);
D(("failed to load module - aborting"));
return PAM_ABORT;
}
@ -240,8 +239,8 @@ int _pam_init_handlers(pam_handle_t *pamh)
if (! pamh->handlers.module) {
if ((pamh->handlers.module =
malloc(MODULE_CHUNK * sizeof(struct loaded_module))) == NULL) {
pam_system_log(pamh, NULL, LOG_CRIT,
"_pam_init_handlers: no memory loading module");
_pam_system_log(LOG_CRIT,
"_pam_init_handlers: no memory loading module");
return PAM_BUF_ERR;
}
pamh->handlers.modules_allocated = MODULE_CHUNK;
@ -258,9 +257,8 @@ int _pam_init_handlers(pam_handle_t *pamh)
int fd_tmp;
if ((fd_tmp = open( PAM_LOCK_FILE, O_RDONLY )) != -1) {
pam_system_log(pamh, NULL, LOG_ERR,
"_pam_init_handlers: PAM lockfile ("
PAM_LOCK_FILE ") exists - aborting");
_pam_system_log(LOG_ERR, "_pam_init_handlers: PAM lockfile ("
PAM_LOCK_FILE ") exists - aborting");
(void) close(fd_tmp);
/*
* to avoid swamping the system with requests
@ -289,9 +287,9 @@ int _pam_init_handlers(pam_handle_t *pamh)
filename = malloc(sizeof(PAM_CONFIG_DF)
+strlen(pamh->service_name));
if (filename == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"_pam_init_handlers: no memory; service %s",
pamh->service_name);
_pam_system_log(LOG_ERR,
"_pam_init_handlers: no memory; service %s",
pamh->service_name);
return PAM_BUF_ERR;
}
sprintf(filename, PAM_CONFIG_DF, pamh->service_name);
@ -306,12 +304,11 @@ int _pam_init_handlers(pam_handle_t *pamh)
);
fclose(f);
if (retval != PAM_SUCCESS) {
pam_system_log(pamh, NULL, LOG_ERR,
"_pam_init_handlers: error reading %s",
filename);
pam_system_log(pamh, NULL, LOG_ERR,
"_pam_init_handlers: [%s]",
pam_strerror(pamh, retval));
_pam_system_log(LOG_ERR,
"_pam_init_handlers: error reading %s",
filename);
_pam_system_log(LOG_ERR, "_pam_init_handlers: [%s]",
pam_strerror(pamh, retval));
} else {
read_something = 1;
}
@ -348,20 +345,20 @@ int _pam_init_handlers(pam_handle_t *pamh)
);
fclose(f);
if (retval != PAM_SUCCESS) {
pam_system_log(pamh, NULL, LOG_ERR,
"_pam_init_handlers: error reading %s",
PAM_DEFAULT_SERVICE_FILE);
pam_system_log(pamh, NULL, LOG_ERR,
"_pam_init_handlers: [%s]",
pam_strerror(pamh, retval));
_pam_system_log(LOG_ERR,
"_pam_init_handlers: error reading %s",
PAM_DEFAULT_SERVICE_FILE);
_pam_system_log(LOG_ERR,
"_pam_init_handlers: [%s]",
pam_strerror(pamh, retval));
} else {
read_something = 1;
}
} else {
D(("unable to open %s", PAM_DEFAULT_SERVICE_FILE));
pam_system_log(pamh, NULL, LOG_ERR,
"_pam_init_handlers: no default config %s",
PAM_DEFAULT_SERVICE_FILE);
_pam_system_log(LOG_ERR,
"_pam_init_handlers: no default config %s",
PAM_DEFAULT_SERVICE_FILE);
}
if (!read_something) { /* nothing read successfully */
retval = PAM_ABORT;
@ -369,9 +366,8 @@ int _pam_init_handlers(pam_handle_t *pamh)
}
} else {
if ((f = fopen(PAM_CONFIG, "r")) == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"_pam_init_handlers: could not open "
PAM_CONFIG );
_pam_system_log(LOG_ERR, "_pam_init_handlers: could not open "
PAM_CONFIG );
return PAM_ABORT;
}
@ -388,8 +384,7 @@ int _pam_init_handlers(pam_handle_t *pamh)
if (retval != PAM_SUCCESS) {
/* Read error */
pam_system_log(pamh, NULL, LOG_ERR,
"error reading PAM configuration file");
_pam_system_log(LOG_ERR, "error reading PAM configuration file");
return PAM_ABORT;
}
@ -404,7 +399,7 @@ int _pam_init_handlers(pam_handle_t *pamh)
* preceeded by lines of comments and also extended with "\\\n"
*/
int _pam_assemble_line(FILE *f, char *buffer, int buf_len)
static int _pam_assemble_line(FILE *f, char *buffer, int buf_len)
{
char *p = buffer;
char *s, *os;
@ -506,12 +501,20 @@ int _pam_add_handler(pam_handle_t *pamh
IF_NO_PAMH("_pam_add_handler",pamh,PAM_SYSTEM_ERR);
/* if NULL set to something that can be searched for */
if (mod_path == NULL) {
mod_path = "<*unknown module path*>";
} else if (mod_path[0] != '/') {
switch (mod_path != NULL) {
default:
if (mod_path[0] == '/') {
break;
}
mod_full_path = malloc(sizeof(DEFAULT_MODULE_PATH)+strlen(mod_path));
sprintf(mod_full_path, DEFAULT_MODULE_PATH "%s", mod_path);
mod_path = mod_full_path;
if (mod_full_path) {
sprintf(mod_full_path, DEFAULT_MODULE_PATH "%s", mod_path);
mod_path = mod_full_path;
break;
}
_pam_system_log(LOG_CRIT, "cannot malloc full mod path");
case 0:
mod_path = UNKNOWN_MODULE_PATH;
}
D(("_pam_add_handler: adding type %d, module `%s'",type,mod_path));
@ -533,8 +536,8 @@ int _pam_add_handler(pam_handle_t *pamh
*sizeof(struct loaded_module));
if (tmp == NULL) {
D(("cannot enlarge module pointer memory"));
pam_system_log(pamh, NULL, LOG_ERR,
"realloc returned NULL in _pam_add_handler");
_pam_system_log(LOG_ERR,
"realloc returned NULL in _pam_add_handler");
_pam_drop(mod_full_path);
return PAM_ABORT;
}
@ -556,10 +559,9 @@ int _pam_add_handler(pam_handle_t *pamh
D(("_pam_add_handler: dlopen'ed"));
if (mod->dl_handle == NULL) {
D(("_pam_add_handler: dlopen(%s) failed", mod_path));
pam_system_log(pamh, NULL, LOG_ERR, "unable to dlopen(%s)",
mod_path);
_pam_system_log(LOG_ERR, "unable to dlopen(%s)", mod_path);
# ifndef PAM_SHL
pam_system_log(pamh, NULL, LOG_ERR, "[dlerror: %s]", dlerror());
_pam_system_log(LOG_ERR, "[dlerror: %s]", dlerror());
# endif /* PAM_SHL */
/* Don't abort yet; static code may be able to find function.
* But defaults to abort if nothing found below... */
@ -579,8 +581,8 @@ int _pam_add_handler(pam_handle_t *pamh
if (mod->dl_handle == NULL) {
D(("_pam_add_handler: unable to find static handler %s",
mod_path));
pam_system_log(pamh, NULL, LOG_ERR,
"unable to open static handler %s", mod_path);
_pam_system_log(LOG_ERR,
"unable to open static handler %s", mod_path);
/* Didn't find module in dynamic or static..will mark bad */
} else {
D(("static module added successfully"));
@ -595,16 +597,14 @@ int _pam_add_handler(pam_handle_t *pamh
mod->dl_handle = NULL;
mod->type = PAM_MT_FAULTY_MOD;
pamh->handlers.modules_used++;
pam_system_log(pamh, NULL, LOG_ERR,
"adding faulty module: %s", mod_path);
_pam_system_log(LOG_ERR, "adding faulty module: %s", mod_path);
success = PAM_SUCCESS; /* We have successfully added a module */
}
/* indicate its name - later we will search for it by this */
if ((mod->name = _pam_strdup(mod_path)) == NULL) {
D(("_pam_handler: couldn't get memory for mod_path"));
pam_system_log(pamh, NULL, LOG_ERR,
"no memory for module path", mod_path);
_pam_system_log(LOG_ERR, "no memory for module path", mod_path);
success = PAM_ABORT;
}
@ -693,9 +693,9 @@ int _pam_add_handler(pam_handle_t *pamh
mod->type != PAM_MT_FAULTY_MOD
) {
D(("_pam_add_handlers: illegal module library type; %d", mod->type));
pam_system_log(pamh, NULL, LOG_ERR,
"internal error: module library type not known: %s;%d",
sym, mod->type);
_pam_system_log(LOG_ERR,
"internal error: module library type not known: %s;%d",
sym, mod->type);
return PAM_ABORT;
}
@ -710,15 +710,13 @@ int _pam_add_handler(pam_handle_t *pamh
(func = (servicefn) dlsym(mod->dl_handle, sym)) == NULL
# endif /* PAM_SHL */
) {
pam_system_log(pamh, NULL, LOG_ERR, "unable to resolve symbol: %s",
sym);
_pam_system_log(LOG_ERR, "unable to resolve symbol: %s", sym);
}
#endif
#ifdef PAM_STATIC
if ((mod->type == PAM_MT_STATIC_MOD) &&
(func = (servicefn)_pam_get_static_sym(mod->dl_handle, sym)) == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"unable to resolve static symbol: %s", sym);
_pam_system_log(LOG_ERR, "unable to resolve static symbol: %s", sym);
}
#endif
if (sym2) {
@ -731,16 +729,14 @@ int _pam_add_handler(pam_handle_t *pamh
(func2 = (servicefn) dlsym(mod->dl_handle, sym2)) == NULL
# endif /* PAM_SHL */
) {
pam_system_log(pamh, NULL, LOG_ERR, "unable to resolve symbol: %s",
sym2);
_pam_system_log(LOG_ERR, "unable to resolve symbol: %s", sym2);
}
#endif
#ifdef PAM_STATIC
if ((mod->type == PAM_MT_STATIC_MOD) &&
(func2 = (servicefn)_pam_get_static_sym(mod->dl_handle, sym2))
== NULL) {
pam_system_log(pamh, NULL, LOG_ERR, "unable to resolve symbol: %s",
sym2);
_pam_system_log(LOG_ERR, "unable to resolve symbol: %s", sym2);
}
#endif
}
@ -753,14 +749,15 @@ int _pam_add_handler(pam_handle_t *pamh
}
if ((*handler_p = malloc(sizeof(struct handler))) == NULL) {
pam_system_log(pamh, NULL, LOG_CRIT,
"cannot malloc struct handler #1");
_pam_system_log(LOG_CRIT, "cannot malloc struct handler #1");
return (PAM_ABORT);
}
(*handler_p)->must_fail = must_fail; /* failure forced? */
(*handler_p)->func = func;
memcpy((*handler_p)->actions,actions,sizeof((*handler_p)->actions));
(*handler_p)->cached_retval = -1; /* error */
(*handler_p)->cached_retval_p = &((*handler_p)->cached_retval);
(*handler_p)->argc = argc;
(*handler_p)->argv = argv; /* not a copy */
(*handler_p)->next = NULL;
@ -773,19 +770,20 @@ int _pam_add_handler(pam_handle_t *pamh
}
if ((*handler_p2 = malloc(sizeof(struct handler))) == NULL) {
pam_system_log(pamh, NULL, LOG_CRIT,
"cannot malloc struct handler #2");
_pam_system_log(LOG_CRIT, "cannot malloc struct handler #2");
return (PAM_ABORT);
}
(*handler_p2)->must_fail = must_fail; /* failure forced? */
(*handler_p2)->func = func2;
memcpy((*handler_p2)->actions,actions,sizeof((*handler_p2)->actions));
(*handler_p2)->cached_retval = -1; /* ignored */
/* Note, this next entry points to the handler_p value! */
(*handler_p2)->cached_retval_p = &((*handler_p)->cached_retval);
(*handler_p2)->argc = argc;
if (argv) {
if (((*handler_p2)->argv = malloc(argvlen)) == NULL) {
pam_system_log(pamh, NULL, LOG_CRIT,
"cannot malloc argv for handler #2");
_pam_system_log(LOG_CRIT, "cannot malloc argv for handler #2");
return (PAM_ABORT);
}
memcpy((*handler_p2)->argv, argv, argvlen);
@ -816,11 +814,13 @@ int _pam_free_handlers(pam_handle_t *pamh)
D(("_pam_free_handlers: dlclose(%s)", mod->name));
free(mod->name);
#ifdef PAM_DYNAMIC
if (mod->type == PAM_MT_DYNAMIC_MOD) {
# ifdef PAM_SHL
if (mod->type == PAM_MT_DYNAMIC_MOD) shl_unload(mod->dl_handle);
shl_unload(mod->dl_handle);
# else
if (mod->type == PAM_MT_DYNAMIC_MOD) dlclose(mod->dl_handle);
dlclose(mod->dl_handle);
# endif
}
#endif
mod++;
pamh->handlers.modules_used--;

180
contrib/libpam/libpam/pam_item.c
View File

@ -1,9 +1,7 @@
/* pam_item.c */
/*
* $Id: pam_item.c,v 1.8 1997/02/15 15:58:49 morgan Exp morgan $
*
* $Log: pam_item.c,v $
* $Id: pam_item.c,v 1.3 2001/01/22 06:07:28 agmorgan Exp $
*/
#include <ctype.h>
@ -23,12 +21,13 @@
} \
}
/* handy version id */
unsigned int __libpam_version = LIBPAM_VERSION;
/* functions */
int pam_set_item (
pam_handle_t *pamh,
int item_type,
const void *item)
int pam_set_item (pam_handle_t *pamh, int item_type, const void *item)
{
int retval;
@ -39,6 +38,7 @@ int pam_set_item (
retval = PAM_SUCCESS;
switch (item_type) {
case PAM_SERVICE:
/* Setting handlers_loaded to 0 will cause the handlers
* to be reloaded on the next call to a service module.
@ -51,57 +51,72 @@ int pam_set_item (
*tmp = tolower(*tmp); /* require lower case */
}
break;
case PAM_USER:
RESET(pamh->user, item);
break;
case PAM_USER_PROMPT:
RESET(pamh->prompt, item);
break;
case PAM_TTY:
D(("setting tty to %s", item));
RESET(pamh->tty, item);
break;
case PAM_RUSER:
RESET(pamh->ruser, item);
break;
case PAM_RHOST:
RESET(pamh->rhost, item);
break;
case PAM_AUTHTOK:
/*
* The man page says this is only supposed to be available to
* the module providers. In order to use this item the app
* has to #include <security/pam_modules.h>. This is something
* it is *not* supposed to do with "Linux-"PAM! - AGM.
*/
{
char *_TMP_ = pamh->authtok;
if (_TMP_ == item) /* not changed so leave alone */
break;
pamh->authtok = (item) ? _pam_strdup(item) : NULL;
if (_TMP_) {
_pam_overwrite(_TMP_);
free(_TMP_);
/*
* PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from
* modules.
*/
if (__PAM_FROM_MODULE(pamh)) {
char *_TMP_ = pamh->authtok;
if (_TMP_ == item) /* not changed so leave alone */
break;
pamh->authtok = (item) ? _pam_strdup(item) : NULL;
if (_TMP_) {
_pam_overwrite(_TMP_);
free(_TMP_);
}
} else {
retval = PAM_BAD_ITEM;
}
break;
}
case PAM_OLDAUTHTOK:
/* See note above. */
{
char *_TMP_ = pamh->oldauthtok;
if (_TMP_ == item) /* not changed so leave alone */
break;
pamh->oldauthtok = (item) ? _pam_strdup(item) : NULL;
if (_TMP_) {
_pam_overwrite(_TMP_);
free(_TMP_);
/*
* PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from
* modules.
*/
if (__PAM_FROM_MODULE(pamh)) {
char *_TMP_ = pamh->oldauthtok;
if (_TMP_ == item) /* not changed so leave alone */
break;
pamh->oldauthtok = (item) ? _pam_strdup(item) : NULL;
if (_TMP_) {
_pam_overwrite(_TMP_);
free(_TMP_);
}
} else {
retval = PAM_BAD_ITEM;
}
break;
}
case PAM_CONV: /* want to change the conversation function */
if (item == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_set_item: attempt to set conv() to NULL");
_pam_system_log(LOG_ERR,
"pam_set_item: attempt to set conv() to NULL");
retval = PAM_PERM_DENIED;
} else {
struct pam_conv *tconv;
@ -109,8 +124,8 @@ int pam_set_item (
if ((tconv=
(struct pam_conv *) malloc(sizeof(struct pam_conv))
) == NULL) {
pam_system_log(pamh, NULL, LOG_CRIT,
"pam_set_item: malloc failed for pam_conv");
_pam_system_log(LOG_CRIT,
"pam_set_item: malloc failed for pam_conv");
retval = PAM_BUF_ERR;
} else {
memcpy(tconv, item, sizeof(struct pam_conv));
@ -119,48 +134,28 @@ int pam_set_item (
}
}
break;
case PAM_FAIL_DELAY:
pamh->fail_delay.delay_fn_ptr = item;
break;
case PAM_LOG_STATE:
{
char *old_ident = pamh->pam_default_log.ident;
if (item == NULL) {
/* reset the default state */
pamh->pam_default_log.ident = x_strdup(PAM_LOG_STATE_IDENT);
pamh->pam_default_log.option = PAM_LOG_STATE_OPTION;
pamh->pam_default_log.facility = PAM_LOG_STATE_FACILITY;
} else {
const struct pam_log_state *state = item;
pamh->pam_default_log.ident = x_strdup(state->ident);
pamh->pam_default_log.option = state->option;
pamh->pam_default_log.facility = state->facility;
}
_pam_overwrite(old_ident);
_pam_drop(old_ident);
break;
}
default:
retval = PAM_BAD_ITEM;
}
return (retval);
return retval;
}
int pam_get_item (
const pam_handle_t *pamh,
int item_type,
const void **item)
int pam_get_item (const pam_handle_t *pamh, int item_type, const void **item)
{
int retval = PAM_SUCCESS;
D(("called."));
IF_NO_PAMH("pam_get_item",pamh,PAM_SYSTEM_ERR);
IF_NO_PAMH("pam_get_item", pamh, PAM_SYSTEM_ERR);
if (item == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_get_item: nowhere to place requested item");
_pam_system_log(LOG_ERR,
"pam_get_item: nowhere to place requested item");
return PAM_PERM_DENIED;
}
@ -168,46 +163,72 @@ int pam_get_item (
case PAM_SERVICE:
*item = pamh->service_name;
break;
case PAM_USER:
D(("returning user=%s", pamh->user));
*item = pamh->user;
break;
case PAM_USER_PROMPT:
D(("returning userprompt=%s", pamh->user));
*item = pamh->prompt;
break;
case PAM_TTY:
D(("returning tty=%s", pamh->tty));
*item = pamh->tty;
break;
case PAM_RUSER:
*item = pamh->ruser;
break;
case PAM_RHOST:
*item = pamh->rhost;
break;
case PAM_AUTHTOK:
*item = pamh->authtok;
/*
* PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from
* modules.
*/
if (__PAM_FROM_MODULE(pamh)) {
*item = pamh->authtok;
} else {
retval = PAM_BAD_ITEM;
}
break;
case PAM_OLDAUTHTOK:
*item = pamh->oldauthtok;
/*
* PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from
* modules.
*/
if (__PAM_FROM_MODULE(pamh)) {
*item = pamh->oldauthtok;
} else {
retval = PAM_BAD_ITEM;
}
break;
case PAM_CONV:
*item = pamh->pam_conversation;
break;
case PAM_FAIL_DELAY:
*item = pamh->fail_delay.delay_fn_ptr;
break;
case PAM_LOG_STATE:
*item = &(pamh->pam_default_log);
break;
default:
/* XXX - I made this up */
return PAM_BAD_ITEM;
retval = PAM_BAD_ITEM;
}
return PAM_SUCCESS;
return retval;
}
/* added by AGM 1996/3/2 */
/*
* This function is the 'preferred method to obtain the username'.
*/
int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
{
@ -220,14 +241,12 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
IF_NO_PAMH("pam_get_user", pamh, PAM_SYSTEM_ERR);
if (pamh->pam_conversation == NULL) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_get_user: no conv element in pamh");
_pam_system_log(LOG_ERR, "pam_get_user: no conv element in pamh");
return PAM_SERVICE_ERR;
}
if (user == NULL) { /* ensure the the module has suplied a destination */
pam_system_log(pamh, NULL, LOG_ERR,
"pam_get_user: nowhere to record username");
_pam_system_log(LOG_ERR, "pam_get_user: nowhere to record username");
return PAM_PERM_DENIED;
} else
*user = NULL;
@ -251,7 +270,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
if (pamh->former.want_user) {
/* must have a prompt to resume with */
if (! pamh->former.prompt) {
pam_system_log(pamh, NULL, LOG_ERR,
_pam_system_log(LOG_ERR,
"pam_get_user: failed to resume with prompt"
);
return PAM_ABORT;
@ -259,8 +278,8 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
/* must be the same prompt as last time */
if (strcmp(pamh->former.prompt, use_prompt)) {
pam_system_log(pamh, NULL, LOG_ERR,
"pam_get_user: resumed with different prompt");
_pam_system_log(LOG_ERR,
"pam_get_user: resumed with different prompt");
return PAM_ABORT;
}
@ -309,5 +328,6 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
_pam_drop_reply(resp, 1);
}
D(("completed"));
return retval; /* pass on any error from conversation */
}

94
contrib/libpam/libpam/pam_log.c
View File

@ -1,17 +1,16 @@
/*
* pam_log.c -- PAM system logging
*
* $Id$
* $Id: pam_log.c,v 1.2 2000/11/19 23:54:02 agmorgan Exp $
*
* $Log$
*/
#include "pam_private.h"
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include "pam_private.h"
#ifdef __hpux
# include <stdio.h>
# include <syslog.h>
@ -342,84 +341,35 @@ vsyslog(priority, fmt, va_alist)
}
#endif /* __hpux */
void pam_vsystem_log(const pam_handle_t *pamh,
const struct pam_log_state *log_state,
int priority, const char *format, va_list args)
/* internal logging function */
void _pam_system_log(int priority, const char *format, ... )
{
const char *ident;
int option, facility;
D(("pam_vsystem_log called"));
/* make sure we have a log state to use */
if (NULL == log_state) {
if (NULL != pamh && NULL != pamh->pam_default_log.ident) {
ident = pamh->pam_default_log.ident;
option = pamh->pam_default_log.option;
facility = pamh->pam_default_log.facility;
} else {
ident = PAM_LOG_STATE_IDENT;
option = PAM_LOG_STATE_OPTION;
facility = PAM_LOG_STATE_FACILITY;
}
openlog(ident, option, facility);
} else {
openlog(log_state->ident, log_state->option, log_state->facility);
}
vsyslog(priority, format, args);
closelog();
D(("done."));
}
void pam_system_log(const pam_handle_t *pamh,
const struct pam_log_state *log_state,
int priority, const char *format, ... )
{
const char *ident;
int option, facility;
va_list args;
char *eformat;
D(("pam_system_log called"));
/* make sure we have a log state to use */
if (NULL == log_state) {
if (NULL != pamh && NULL != pamh->pam_default_log.ident) {
ident = pamh->pam_default_log.ident;
option = pamh->pam_default_log.option;
facility = pamh->pam_default_log.facility;
} else {
ident = PAM_LOG_STATE_IDENT;
option = PAM_LOG_STATE_OPTION;
facility = PAM_LOG_STATE_FACILITY;
}
openlog(ident, option, facility);
} else {
openlog(log_state->ident, log_state->option, log_state->facility);
if (format == NULL) {
D(("NULL format to _pam_system_log() call"));
return;
}
va_start(args, format);
vsyslog(priority, format, args);
eformat = malloc(sizeof(_PAM_SYSTEM_LOG_PREFIX)+strlen(format));
if (eformat != NULL) {
strcpy(eformat, _PAM_SYSTEM_LOG_PREFIX);
strcpy(eformat + sizeof(_PAM_SYSTEM_LOG_PREFIX) - 1, format);
vsyslog(priority, eformat, args);
_pam_overwrite(eformat);
_pam_drop(eformat);
} else {
vsyslog(priority, format, args);
}
va_end(args);
closelog();
D(("done."));
}
/*
* Recommended #defines to make porting legacy apps easier [Ed. at this
* point, the syslog() #define is breoken -- suggestions?]
*
* #ifdef PAM_LOG_STATE
* # define openlog(ident, option, facility) { \
* struct pam_log_state tmp_state; \
* tmp_state.ident = ident; \
* tmp_state.option = option; \
* tmp_state.facility = facility; \
* (void) pam_set_item(pamh, PAM_LOG_STATE, &tmp_state); \
* }
* # define syslog pam_system_log
* # define closelog()
* #endif
*/

37
contrib/libpam/libpam/pam_malloc.c
View File

@ -1,13 +1,5 @@
/*
* $Id: pam_malloc.c,v 1.2 1996/12/01 03:14:13 morgan Exp $
*
* $Log: pam_malloc.c,v $
* Revision 1.2 1996/12/01 03:14:13 morgan
* use _pam_macros.h
*
* Revision 1.1 1996/11/10 21:26:11 morgan
* Initial revision
*
* $Id: pam_malloc.c,v 1.3 2000/12/04 19:02:34 baggins Exp $
*/
/*
@ -52,7 +44,7 @@
* default debugging level
*/
int pam_malloc_flags = PAM_MALLOC_DEFAULT;
int pam_malloc_flags = PAM_MALLOC_ALL;
int pam_malloc_delay_length = 4;
#define on(x) ((pam_malloc_flags&(x))==(x))
@ -80,18 +72,27 @@ static void set_last_(const char *x, const char *f
static void _pam_output_xdebug_info(void)
{
FILE *logfile;
int must_close = 1;
if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
logfile = stderr;
must_close = 0;
int must_close = 1, fd;
#ifdef O_NOFOLLOW
if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
#else
if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
#endif
if (!(logfile = fdopen(fd,"a"))) {
logfile = stderr;
must_close = 0;
close(fd);
}
} else {
logfile = stderr;
must_close = 0;
}
fprintf(logfile, "[%s:%s(%d)->%s()] ",
last_file, last_call, last_line, last_fn);
if (must_close) {
fflush(logfile);
fflush(logfile);
if (must_close)
fclose(logfile);
}
}
static void hinder(void)

3
contrib/libpam/libpam/pam_map.c
View File

@ -1,11 +1,10 @@
/* pam_map.c - PAM mapping interface
*
* $Id$
* $Id: pam_map.c,v 1.2 2000/12/04 19:02:34 baggins Exp $
*
* This is based on the X/Open XSSO specification of March 1997.
* It is not implemented as it is going to change... after 1997/9/25.
*
* $Log$
*/
#include <stdio.h>

65
contrib/libpam/libpam/pam_misc.c
View File

@ -1,35 +1,7 @@
/* pam_misc.c -- This is random stuff */
/* $Id: pam_misc.c,v 1.9 1997/04/05 06:56:19 morgan Exp $
*
* $Log: pam_misc.c,v $
* Revision 1.9 1997/04/05 06:56:19 morgan
* enforce AUTHTOK restrictions
*
* Revision 1.8 1997/02/15 15:59:46 morgan
* modified ..strCMP comment
*
* Revision 1.7 1996/12/01 03:14:13 morgan
* use _pam_macros.h
*
* Revision 1.6 1996/11/10 20:05:52 morgan
* name convention _pam_ enforced. Also modified _pam_strdup()
*
* Revision 1.5 1996/07/07 23:57:14 morgan
* deleted debuggin function and replaced it with a static function
* defined in pam_private.h
*
* Revision 1.4 1996/06/02 08:00:56 morgan
* added StrTok function
*
* Revision 1.3 1996/05/21 04:36:58 morgan
* added debugging information
* replaced the _pam_log need for a local buffer with a call to vsyslog()
* [Al Longyear had some segfaulting problems related to this]
*
* Revision 1.2 1996/03/16 21:55:13 morgan
* changed pam_mkargv to _pam_mkargv
*
/*
* $Id: pam_misc.c,v 1.2 2001/01/22 06:07:29 agmorgan Exp $
*/
#include <stdarg.h>
@ -125,8 +97,7 @@ char *_pam_strdup(const char *x)
for (i=0; x[i]; ++i); /* length of string */
if ((new = malloc(++i)) == NULL) {
i = 0;
pam_system_log(NULL, NULL, LOG_CRIT,
"_pam_strdup: failed to get memory");
_pam_system_log(LOG_CRIT, "_pam_strdup: failed to get memory");
} else {
while (i-- > 0) {
new[i] = x[i];
@ -160,15 +131,15 @@ int _pam_mkargv(char *s, char ***argv, int *argc)
l = strlen(s);
if (l) {
if ((sbuf = sbuf_start = _pam_strdup(s)) == NULL) {
pam_system_log(NULL, NULL, LOG_CRIT,
"pam_mkargv: null returned by _pam_strdup");
_pam_system_log(LOG_CRIT,
"pam_mkargv: null returned by _pam_strdup");
D(("arg NULL"));
} else {
/* Overkill on the malloc, but not large */
argvlen = (l + 1) * ((sizeof(char)) + sizeof(char *));
if ((our_argv = argvbuf = malloc(argvlen)) == NULL) {
pam_system_log(NULL, NULL, LOG_CRIT,
"pam_mkargv: null returned by malloc");
_pam_system_log(LOG_CRIT,
"pam_mkargv: null returned by malloc");
} else {
char *tmp=NULL;
@ -206,11 +177,15 @@ int _pam_mkargv(char *s, char ***argv, int *argc)
void _pam_sanitize(pam_handle_t *pamh)
{
int old_caller_is = pamh->caller_is;
/*
* this is for security. We reset the auth-tokens here.
*/
pam_set_item(pamh,PAM_AUTHTOK,NULL);
pam_set_item(pamh,PAM_OLDAUTHTOK,NULL);
__PAM_TO_MODULE(pamh);
pam_set_item(pamh, PAM_AUTHTOK, NULL);
pam_set_item(pamh, PAM_OLDAUTHTOK, NULL);
pamh->caller_is = old_caller_is;
}
/*
@ -247,7 +222,7 @@ void _pam_parse_control(int *control_array, char *tok)
int act, len;
/* skip leading space */
while (isspace(*tok) && *++tok);
while (isspace((int)*tok) && *++tok);
if (!*tok)
break;
@ -264,21 +239,21 @@ void _pam_parse_control(int *control_array, char *tok)
}
/* observe '=' */
while (isspace(*tok) && *++tok);
while (isspace((int)*tok) && *++tok);
if (!*tok || *tok++ != '=') {
error = "expecting '='";
goto parse_error;
}
/* skip leading space */
while (isspace(*tok) && *++tok);
while (isspace((int)*tok) && *++tok);
if (!*tok) {
error = "expecting action";
goto parse_error;
}
/* observe action type */
for (act=0; act<=-_PAM_ACTION_UNDEF; ++act) {
for (act=0; act < (-(_PAM_ACTION_UNDEF)); ++act) {
len = strlen(_pam_token_actions[act]);
if (!strncmp(_pam_token_actions[act], tok, len)) {
act *= -1;
@ -296,7 +271,7 @@ void _pam_parse_control(int *control_array, char *tok)
* cause looping problems. So, for now, we will just
* allow forward jumps. (AGM 1998/1/7)
*/
if (!isdigit(*tok)) {
if (!isdigit((int)*tok)) {
error = "expecting jump number";
goto parse_error;
}
@ -305,7 +280,7 @@ void _pam_parse_control(int *control_array, char *tok)
do {
act *= 10;
act += *tok - '0'; /* XXX - this assumes ascii behavior */
} while (*++tok && isdigit(*tok));
} while (*++tok && isdigit((int)*tok));
if (! act) {
/* we do not allow 0 jumps. There is a token ('ignore')
for that */
@ -328,7 +303,7 @@ void _pam_parse_control(int *control_array, char *tok)
parse_error:
/* treat everything as bad */
pam_system_log(NULL, NULL, LOG_ERR, "pam_parse: %s; [...%s]", error, tok);
_pam_system_log(LOG_ERR, "pam_parse: %s; [...%s]", error, tok);
for (ret=0; ret<_PAM_RETURN_VALUES; control_array[ret++]=_PAM_ACTION_BAD);
}

Some files were not shown because too many files have changed in this diff Show More