From ade90846ffbb7aead93829eaba21d490f1a7bc6c Mon Sep 17 00:00:00 2001 From: Joerg Sonnenberger Date: Fri, 8 Jul 2005 14:39:04 +0000 Subject: [PATCH] Import OpenPAM Figwort. --- contrib/openpam/CREDITS | 34 ++ contrib/openpam/HISTORY | 307 ++++++++++++++++ contrib/openpam/LICENSE | 34 ++ contrib/openpam/README | 27 ++ contrib/openpam/README.DELETED | 37 ++ contrib/openpam/README.DRAGONFLY | 5 + contrib/openpam/RELNOTES | 29 ++ contrib/openpam/doc/man/openpam.3 | 143 ++++++++ contrib/openpam/doc/man/openpam_borrow_cred.3 | 94 +++++ contrib/openpam/doc/man/openpam_free_data.3 | 77 ++++ .../openpam/doc/man/openpam_free_envlist.3 | 74 ++++ contrib/openpam/doc/man/openpam_get_option.3 | 80 +++++ contrib/openpam/doc/man/openpam_log.3 | 114 ++++++ contrib/openpam/doc/man/openpam_nullconv.3 | 101 ++++++ contrib/openpam/doc/man/openpam_readline.3 | 108 ++++++ .../openpam/doc/man/openpam_restore_cred.3 | 86 +++++ contrib/openpam/doc/man/openpam_set_option.3 | 83 +++++ contrib/openpam/doc/man/openpam_ttyconv.3 | 96 +++++ contrib/openpam/doc/man/pam.3 | 292 +++++++++++++++ contrib/openpam/doc/man/pam.conf.5 | 174 +++++++++ contrib/openpam/doc/man/pam_acct_mgmt.3 | 113 ++++++ contrib/openpam/doc/man/pam_authenticate.3 | 127 +++++++ contrib/openpam/doc/man/pam_chauthtok.3 | 119 ++++++ contrib/openpam/doc/man/pam_close_session.3 | 109 ++++++ contrib/openpam/doc/man/pam_conv.3 | 182 ++++++++++ contrib/openpam/doc/man/pam_end.3 | 86 +++++ contrib/openpam/doc/man/pam_error.3 | 86 +++++ contrib/openpam/doc/man/pam_get_authtok.3 | 133 +++++++ contrib/openpam/doc/man/pam_get_data.3 | 95 +++++ contrib/openpam/doc/man/pam_get_item.3 | 128 +++++++ contrib/openpam/doc/man/pam_get_user.3 | 110 ++++++ contrib/openpam/doc/man/pam_getenv.3 | 84 +++++ contrib/openpam/doc/man/pam_getenvlist.3 | 105 ++++++ contrib/openpam/doc/man/pam_info.3 | 86 +++++ contrib/openpam/doc/man/pam_open_session.3 | 110 ++++++ contrib/openpam/doc/man/pam_prompt.3 | 98 +++++ contrib/openpam/doc/man/pam_putenv.3 | 89 +++++ contrib/openpam/doc/man/pam_set_data.3 | 99 +++++ contrib/openpam/doc/man/pam_set_item.3 | 93 +++++ contrib/openpam/doc/man/pam_setcred.3 | 122 +++++++ contrib/openpam/doc/man/pam_setenv.3 | 88 +++++ contrib/openpam/doc/man/pam_sm_acct_mgmt.3 | 103 ++++++ contrib/openpam/doc/man/pam_sm_authenticate.3 | 105 ++++++ contrib/openpam/doc/man/pam_sm_chauthtok.3 | 105 ++++++ .../openpam/doc/man/pam_sm_close_session.3 | 97 +++++ contrib/openpam/doc/man/pam_sm_open_session.3 | 97 +++++ contrib/openpam/doc/man/pam_sm_setcred.3 | 103 ++++++ contrib/openpam/doc/man/pam_start.3 | 108 ++++++ contrib/openpam/doc/man/pam_strerror.3 | 80 +++++ contrib/openpam/doc/man/pam_verror.3 | 90 +++++ contrib/openpam/doc/man/pam_vinfo.3 | 90 +++++ contrib/openpam/doc/man/pam_vprompt.3 | 127 +++++++ contrib/openpam/include/security/openpam.h | 316 ++++++++++++++++ .../include/security/openpam_version.h | 44 +++ contrib/openpam/include/security/pam_appl.h | 180 ++++++++++ .../openpam/include/security/pam_constants.h | 135 +++++++ .../openpam/include/security/pam_modules.h | 160 +++++++++ contrib/openpam/include/security/pam_types.h | 87 +++++ contrib/openpam/lib/openpam_borrow_cred.c | 120 +++++++ contrib/openpam/lib/openpam_configure.c | 339 ++++++++++++++++++ contrib/openpam/lib/openpam_dispatch.c | 239 ++++++++++++ contrib/openpam/lib/openpam_dynamic.c | 108 ++++++ contrib/openpam/lib/openpam_findenv.c | 68 ++++ contrib/openpam/lib/openpam_free_data.c | 71 ++++ contrib/openpam/lib/openpam_free_envlist.c | 66 ++++ contrib/openpam/lib/openpam_get_option.c | 82 +++++ contrib/openpam/lib/openpam_impl.h | 199 ++++++++++ contrib/openpam/lib/openpam_load.c | 184 ++++++++++ contrib/openpam/lib/openpam_log.c | 153 ++++++++ contrib/openpam/lib/openpam_nullconv.c | 85 +++++ contrib/openpam/lib/openpam_readline.c | 154 ++++++++ contrib/openpam/lib/openpam_restore_cred.c | 93 +++++ contrib/openpam/lib/openpam_set_option.c | 118 ++++++ contrib/openpam/lib/openpam_static.c | 69 ++++ contrib/openpam/lib/openpam_ttyconv.c | 246 +++++++++++++ contrib/openpam/lib/pam_acct_mgmt.c | 83 +++++ contrib/openpam/lib/pam_authenticate.c | 91 +++++ .../openpam/lib/pam_authenticate_secondary.c | 62 ++++ contrib/openpam/lib/pam_chauthtok.c | 92 +++++ contrib/openpam/lib/pam_close_session.c | 84 +++++ contrib/openpam/lib/pam_end.c | 101 ++++++ contrib/openpam/lib/pam_error.c | 84 +++++ contrib/openpam/lib/pam_get_authtok.c | 170 +++++++++ contrib/openpam/lib/pam_get_data.c | 85 +++++ contrib/openpam/lib/pam_get_item.c | 141 ++++++++ contrib/openpam/lib/pam_get_mapped_authtok.c | 61 ++++ contrib/openpam/lib/pam_get_mapped_username.c | 62 ++++ contrib/openpam/lib/pam_get_user.c | 112 ++++++ contrib/openpam/lib/pam_getenv.c | 82 +++++ contrib/openpam/lib/pam_getenvlist.c | 105 ++++++ contrib/openpam/lib/pam_info.c | 84 +++++ contrib/openpam/lib/pam_open_session.c | 85 +++++ contrib/openpam/lib/pam_prompt.c | 89 +++++ contrib/openpam/lib/pam_putenv.c | 107 ++++++ contrib/openpam/lib/pam_set_data.c | 103 ++++++ contrib/openpam/lib/pam_set_item.c | 119 ++++++ contrib/openpam/lib/pam_set_mapped_authtok.c | 61 ++++ contrib/openpam/lib/pam_set_mapped_username.c | 62 ++++ contrib/openpam/lib/pam_setcred.c | 94 +++++ contrib/openpam/lib/pam_setenv.c | 97 +++++ contrib/openpam/lib/pam_sm_acct_mgmt.c | 80 +++++ contrib/openpam/lib/pam_sm_authenticate.c | 81 +++++ .../lib/pam_sm_authenticate_secondary.c | 67 ++++ contrib/openpam/lib/pam_sm_chauthtok.c | 82 +++++ contrib/openpam/lib/pam_sm_close_session.c | 77 ++++ .../openpam/lib/pam_sm_get_mapped_authtok.c | 66 ++++ .../openpam/lib/pam_sm_get_mapped_username.c | 67 ++++ contrib/openpam/lib/pam_sm_open_session.c | 77 ++++ .../openpam/lib/pam_sm_set_mapped_authtok.c | 66 ++++ .../openpam/lib/pam_sm_set_mapped_username.c | 64 ++++ contrib/openpam/lib/pam_sm_setcred.c | 81 +++++ contrib/openpam/lib/pam_start.c | 107 ++++++ contrib/openpam/lib/pam_strerror.c | 163 +++++++++ contrib/openpam/lib/pam_verror.c | 79 ++++ contrib/openpam/lib/pam_vinfo.c | 79 ++++ contrib/openpam/lib/pam_vprompt.c | 128 +++++++ contrib/openpam/modules/pam_deny/pam_deny.c | 93 +++++ .../openpam/modules/pam_permit/pam_permit.c | 93 +++++ contrib/openpam/modules/pam_unix/pam_unix.c | 172 +++++++++ 119 files changed, 12716 insertions(+) create mode 100644 contrib/openpam/CREDITS create mode 100644 contrib/openpam/HISTORY create mode 100644 contrib/openpam/LICENSE create mode 100644 contrib/openpam/README create mode 100644 contrib/openpam/README.DELETED create mode 100644 contrib/openpam/README.DRAGONFLY create mode 100644 contrib/openpam/RELNOTES create mode 100644 contrib/openpam/doc/man/openpam.3 create mode 100644 contrib/openpam/doc/man/openpam_borrow_cred.3 create mode 100644 contrib/openpam/doc/man/openpam_free_data.3 create mode 100644 contrib/openpam/doc/man/openpam_free_envlist.3 create mode 100644 contrib/openpam/doc/man/openpam_get_option.3 create mode 100644 contrib/openpam/doc/man/openpam_log.3 create mode 100644 contrib/openpam/doc/man/openpam_nullconv.3 create mode 100644 contrib/openpam/doc/man/openpam_readline.3 create mode 100644 contrib/openpam/doc/man/openpam_restore_cred.3 create mode 100644 contrib/openpam/doc/man/openpam_set_option.3 create mode 100644 contrib/openpam/doc/man/openpam_ttyconv.3 create mode 100644 contrib/openpam/doc/man/pam.3 create mode 100644 contrib/openpam/doc/man/pam.conf.5 create mode 100644 contrib/openpam/doc/man/pam_acct_mgmt.3 create mode 100644 contrib/openpam/doc/man/pam_authenticate.3 create mode 100644 contrib/openpam/doc/man/pam_chauthtok.3 create mode 100644 contrib/openpam/doc/man/pam_close_session.3 create mode 100644 contrib/openpam/doc/man/pam_conv.3 create mode 100644 contrib/openpam/doc/man/pam_end.3 create mode 100644 contrib/openpam/doc/man/pam_error.3 create mode 100644 contrib/openpam/doc/man/pam_get_authtok.3 create mode 100644 contrib/openpam/doc/man/pam_get_data.3 create mode 100644 contrib/openpam/doc/man/pam_get_item.3 create mode 100644 contrib/openpam/doc/man/pam_get_user.3 create mode 100644 contrib/openpam/doc/man/pam_getenv.3 create mode 100644 contrib/openpam/doc/man/pam_getenvlist.3 create mode 100644 contrib/openpam/doc/man/pam_info.3 create mode 100644 contrib/openpam/doc/man/pam_open_session.3 create mode 100644 contrib/openpam/doc/man/pam_prompt.3 create mode 100644 contrib/openpam/doc/man/pam_putenv.3 create mode 100644 contrib/openpam/doc/man/pam_set_data.3 create mode 100644 contrib/openpam/doc/man/pam_set_item.3 create mode 100644 contrib/openpam/doc/man/pam_setcred.3 create mode 100644 contrib/openpam/doc/man/pam_setenv.3 create mode 100644 contrib/openpam/doc/man/pam_sm_acct_mgmt.3 create mode 100644 contrib/openpam/doc/man/pam_sm_authenticate.3 create mode 100644 contrib/openpam/doc/man/pam_sm_chauthtok.3 create mode 100644 contrib/openpam/doc/man/pam_sm_close_session.3 create mode 100644 contrib/openpam/doc/man/pam_sm_open_session.3 create mode 100644 contrib/openpam/doc/man/pam_sm_setcred.3 create mode 100644 contrib/openpam/doc/man/pam_start.3 create mode 100644 contrib/openpam/doc/man/pam_strerror.3 create mode 100644 contrib/openpam/doc/man/pam_verror.3 create mode 100644 contrib/openpam/doc/man/pam_vinfo.3 create mode 100644 contrib/openpam/doc/man/pam_vprompt.3 create mode 100644 contrib/openpam/include/security/openpam.h create mode 100644 contrib/openpam/include/security/openpam_version.h create mode 100644 contrib/openpam/include/security/pam_appl.h create mode 100644 contrib/openpam/include/security/pam_constants.h create mode 100644 contrib/openpam/include/security/pam_modules.h create mode 100644 contrib/openpam/include/security/pam_types.h create mode 100644 contrib/openpam/lib/openpam_borrow_cred.c create mode 100644 contrib/openpam/lib/openpam_configure.c create mode 100644 contrib/openpam/lib/openpam_dispatch.c create mode 100644 contrib/openpam/lib/openpam_dynamic.c create mode 100644 contrib/openpam/lib/openpam_findenv.c create mode 100644 contrib/openpam/lib/openpam_free_data.c create mode 100644 contrib/openpam/lib/openpam_free_envlist.c create mode 100644 contrib/openpam/lib/openpam_get_option.c create mode 100644 contrib/openpam/lib/openpam_impl.h create mode 100644 contrib/openpam/lib/openpam_load.c create mode 100644 contrib/openpam/lib/openpam_log.c create mode 100644 contrib/openpam/lib/openpam_nullconv.c create mode 100644 contrib/openpam/lib/openpam_readline.c create mode 100644 contrib/openpam/lib/openpam_restore_cred.c create mode 100644 contrib/openpam/lib/openpam_set_option.c create mode 100644 contrib/openpam/lib/openpam_static.c create mode 100644 contrib/openpam/lib/openpam_ttyconv.c create mode 100644 contrib/openpam/lib/pam_acct_mgmt.c create mode 100644 contrib/openpam/lib/pam_authenticate.c create mode 100644 contrib/openpam/lib/pam_authenticate_secondary.c create mode 100644 contrib/openpam/lib/pam_chauthtok.c create mode 100644 contrib/openpam/lib/pam_close_session.c create mode 100644 contrib/openpam/lib/pam_end.c create mode 100644 contrib/openpam/lib/pam_error.c create mode 100644 contrib/openpam/lib/pam_get_authtok.c create mode 100644 contrib/openpam/lib/pam_get_data.c create mode 100644 contrib/openpam/lib/pam_get_item.c create mode 100644 contrib/openpam/lib/pam_get_mapped_authtok.c create mode 100644 contrib/openpam/lib/pam_get_mapped_username.c create mode 100644 contrib/openpam/lib/pam_get_user.c create mode 100644 contrib/openpam/lib/pam_getenv.c create mode 100644 contrib/openpam/lib/pam_getenvlist.c create mode 100644 contrib/openpam/lib/pam_info.c create mode 100644 contrib/openpam/lib/pam_open_session.c create mode 100644 contrib/openpam/lib/pam_prompt.c create mode 100644 contrib/openpam/lib/pam_putenv.c create mode 100644 contrib/openpam/lib/pam_set_data.c create mode 100644 contrib/openpam/lib/pam_set_item.c create mode 100644 contrib/openpam/lib/pam_set_mapped_authtok.c create mode 100644 contrib/openpam/lib/pam_set_mapped_username.c create mode 100644 contrib/openpam/lib/pam_setcred.c create mode 100644 contrib/openpam/lib/pam_setenv.c create mode 100644 contrib/openpam/lib/pam_sm_acct_mgmt.c create mode 100644 contrib/openpam/lib/pam_sm_authenticate.c create mode 100644 contrib/openpam/lib/pam_sm_authenticate_secondary.c create mode 100644 contrib/openpam/lib/pam_sm_chauthtok.c create mode 100644 contrib/openpam/lib/pam_sm_close_session.c create mode 100644 contrib/openpam/lib/pam_sm_get_mapped_authtok.c create mode 100644 contrib/openpam/lib/pam_sm_get_mapped_username.c create mode 100644 contrib/openpam/lib/pam_sm_open_session.c create mode 100644 contrib/openpam/lib/pam_sm_set_mapped_authtok.c create mode 100644 contrib/openpam/lib/pam_sm_set_mapped_username.c create mode 100644 contrib/openpam/lib/pam_sm_setcred.c create mode 100644 contrib/openpam/lib/pam_start.c create mode 100644 contrib/openpam/lib/pam_strerror.c create mode 100644 contrib/openpam/lib/pam_verror.c create mode 100644 contrib/openpam/lib/pam_vinfo.c create mode 100644 contrib/openpam/lib/pam_vprompt.c create mode 100644 contrib/openpam/modules/pam_deny/pam_deny.c create mode 100644 contrib/openpam/modules/pam_permit/pam_permit.c create mode 100644 contrib/openpam/modules/pam_unix/pam_unix.c diff --git a/contrib/openpam/CREDITS b/contrib/openpam/CREDITS new file mode 100644 index 0000000000..aa8bd57cae --- /dev/null +++ b/contrib/openpam/CREDITS @@ -0,0 +1,34 @@ + +The OpenPAM library was developed for the FreeBSD Project by ThinkSec AS +and Network Associates Laboratories, the Security Research Division of +Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +("CBOSS"), as part of the DARPA CHATS research program. + +Principal design and development by: + + Dag-Erling Smørgrav + +The following persons (in no particular order) have contributed, directly +or indirectly, with patches, criticism, suggestions, or ideas: + + Andrew Morgan + Brian Fundakowski Feldman + Christos Zoulas + Darren J. Moffat + Dmitry V. Levin + Emmanuel Dreyfus + Eric Melville + Gary Winiger + Joe Marcus Clarke + Juli Mallett + Hubert Feyrer + Mark Murray + Mike Petullo + Mikko Työläjärvi + Robert Watson + Ruslan Ermilov + Solar Designer + Takanori Saneto + Yar Tikhiy + +$P4: //depot/projects/openpam/CREDITS#12 $ diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY new file mode 100644 index 0000000000..fec20caa25 --- /dev/null +++ b/contrib/openpam/HISTORY @@ -0,0 +1,307 @@ +OpenPAM Figwort 2005-06-16 + + - BUGFIX: Correct several small signedness and initialization bugs + discovered during review by the NetBSD team. + + - BUGFIX: Modify gendoc.pl to sort cross-references in dictionary + order within each section. + + - ENHANCE: if a policy specifies a relative module path, prepend the + module directory so we never call dlopen(3) with a relative path. + + - ENHANCE: add a pam.conf(5) manual page. +============================================================================ +OpenPAM Feterita 2005-02-01 + + - BUGFIX: Correct numerous markup errors, invalid cross-references, + and other issues in the manual pages, with kind assistance from + Ruslan Ermilov . + + - BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX() + and RETURNX() macros. + + - BUGFIX: Remove an unnecessary and non-portable pointer cast in + pam_get_data(3). + + - BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in + pam_strerror(3) and gendoc.pl. + + - ENHANCE: Minor overhaul of the autoconf / build system. + + - ENHANCE: Add openpam_free_envlist(3). +============================================================================ +OpenPAM Eelgrass 2004-02-10 + + - BUGFIX: Correct array handling bugs in conversation code. + + - BUGFIX: In openpam_ttyconv(3), don't strip trailing linear + whitespace from the user's response. + + - BUGFIX: Many constness issues addressed. +============================================================================ +OpenPAM Dogwood 2003-07-15 + + - ENHANCE: Use the GNU autotools. + + - ENHANCE: Constify the msg field in struct pam_message. + + - BUGFIX: Remove left-over debugging output + + - BUGFIX: Avoid side effects in arguments to the FREE() macro + + - ENHANCE: Make openpam_ttyconv(3) use read(2) rather than fgets(3). + + - BUGFIX: Staticize some variables which shouldn't be global. + + - BUGFIX: Correcly anticipate a NULL user in pam_get_user(3). + + - ENHANCE: Various minor documentation improvements. + +Thanks to Dmitry V. Levin for considerable +assistance with this release. +============================================================================ +OpenPAM Digitalis 2003-06-01 + + - ENHANCE: Completely rewrite the configuration parser and add + support for the "include" control flag. + + - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. + + - ENHANCE: Lots of additional paranoia. + + - BUGFIX: The sample su(1) application dropped privileges before + forking instead of after. + + - ENHANCE: Document openpam_log(3). + + - ENHANCE: Other minor documentation fixes. + +Thanks to Dmitry V. Levin for considerable +assistance with this release. +============================================================================ +OpenPAM Dianthus 2003-05-02 + + - BUGFIX: Initialize some potentially uninitialized variables. + + - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. + + - BUGFIX: In pam_getenv(), return a pointer to the stored variable + instead of a freshly allocated copy. + + - ENHANCE: Detect recursion in openpam_borrow_cred() + + - ENHANCE: Make borrowing one's own credentials a no-op. + + - ENHANCE: Further improve debugging support. + + - ENHANCE: Clean up some variable names. +============================================================================ +OpenPAM Daffodil 2003-01-06 + + - ENHANCE: Document dependency on (for size_t) + + - ENHANCE: Slightly improve error detection in openpam_ttyconv(). + + - BUGFIX: Fix several typos in debugging macros. +============================================================================ +OpenPAM Cyclamen 2002-12-12 + + - ENHANCE: Improve recursion detection in openpam_dispatch(). + + - ENHANCE: Add debugging messages at entry and exit points of most + functions. + + - ENHANCE: Fix some minor style issues. + + - BUGFIX: Add default cases to the switches in openpam_log.c. + + - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. + + - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather + than stderr. +============================================================================ +OpenPAM Citronella 2002-06-30 + + - ENHANCE: Add the "binding" control flag (from Solaris 9). + + - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from + Solaris 9). + + - ENHANCE: Flesh out the pam(3) man page. + + - ENHANCE: Add an openpam(3) page with cross-references to all the + documented OpenPAM API extensions. + + - ENHANCE: Add a pam_conv(3) man page describing the conversation + system. + + - ENHANCE: Improved sample application. + + - ENHANCE: Added sample pam_unix module. + + - BUGFIX: Various documentation nits. +============================================================================ +OpenPAM Cinquefoil 2002-05-24 + + - BUGFIX: Various warnings uncovered by gcc 3.1. + + - ENHANCE: Add a null conversation function, openpam_nullconv(3). + + - BUGFIX: Initialize the "other" chain to all zeroes. + + - ENHANCE: Document openpam_ttyconv(3). +============================================================================ +OpenPAM Cinnamon 2002-05-02 + + - ENHANCE: Add a null conversation function, openpam_nullconv(). + + - BUGFIX: Various markup bugs in the documentation. + + - BUGFIX: Document . + + - BUGFIX: Duplicate expansion of openpam_log() macro arguments. + + - ENHANCE: Restructure the policy-loading code and align our use of + the "other" policy with Solaris and Linux-PAM. + + - ENHANCE: Log dlopen() and dlsym() failures. + + - ENHANCE: In openpam_ttyconv(), emit a newline after error and info + messages unless the message contains one already. + + - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL + so we can detect whether the conversation function touched it. +============================================================================ +OpenPAM Cineraria 2002-04-14 + + - BUGFIX: Fix confusion between token and prompt in + pam_get_authtok(3). + + - ENHANCE: Improved documentation. + + - ENHANCE: Adopt the same preprocessor tricks that were used in + FreeBSD's version of Linux-PAM to simplify static linking without + requiring dummy primitives. + + - ENHANCE: Move the policy-loading code out of pam_start.c. + + - BUGFIX: Fix typo in one of the versions of the openpam_log macro. + + - ENHANCE: Add versioning macros. +============================================================================ +OpenPAM Cinchona 2002-04-08 + + - ENHANCE: Improved documentation for several API functions. + + - BUGFIX: Fix bug in pam_set_data() that would result in corruption + of the module data list. + + - BUGFIX: Allocate the correct amount of memory for the environment + list in pam_putenv(). + + - ENHANCE: Change pam_get_authtok()'s prototype so the caller can + specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. + + - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and + reduce differences between these very similar functions. + + - ENHANCE: Check flags carefully in pam_authenticate() and + pam_chauthtok(). + + - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. + + - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're + asked for PAM_AUTHTOK, and we have to prompt the user, prompt her + twice and compare the responses. + + - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily + switching to user credentials. + + - ENHANCE: Add openpam_free_data(), a generic cleanup function for + pam_set_data() consumers. +============================================================================ +OpenPAM Centaury 2002-03-14 + + - BUGFIX: Add missing #include to openpam_log.c. + + - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses + the former, but Solaris and Linux-PAM use the latter. + + - BUGFIX: The dynamic loader and the module cache contained a number + of bugs which would cause a segmentation fault if pam_start(3) was + called again after pam_end(3), as happens in login(1), xdm(1) etc. + after a failed login. + + - BUGFIX: Refer to a module by the name used in the policy file, even + if the module that was actually loaded was versioned. + + - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. +============================================================================ +OpenPAM Celandine 2002-03-05 + + - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). + + - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK + flag set, then with the PAM_UPDATE_AUTHTOK flag set. + + - BUGFIX: Failure of a "sufficient" module should not terminate the + passwd chain if the PAM_PRELIM_CHECK flag is set. + + - BUGFIX: Clear PAM_AUTHTOK after running the service modules. + + - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK + or PAM_UPDATE_AUTHTOK flags themselves. + + - BUGFIX: openpam_set_option() did not support changing the value of + an existing option. + + - ENHANCE: Add support for module versioning. OpenPAM will prefer a + module with the same version number as the library itself to one + with no version number at all. +============================================================================ +OpenPAM Cantaloupe 2002-02-22 + + - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid + argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. + + - ENHANCE: Add in-line documentation in most source files, and a Perl + script that generates mdoc code from that. + + - BUGFIX: The environment list was not properly NULL-terminated. + + - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt + specified by the module. + + - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to + pam_constants.h to avoid it going stale again. + + - ENHANCE: Move all code related to static modules into a separate + file. + + - ENHANCE: openpam_ttyconv() now masks most signals while prompting the + user, and supports setting a timeout (which defaults to off). + + - BUGFIX: Some manual pages referenced XSSO even though they + documented OpenPAM-specific functions. + + - ENHANCE: Added openpam_get_option() and openpam_set_option(). + + - ENHANCE: openpam_get_authtok() now respects the echo_pass, + try_first_pass, and use_first_pass options. +============================================================================ +OpenPAM Caliopsis 2002-02-13 + +Fixed a number of bugs in the previous release, including: + - a number of bugs in and related to pam_[gs]et_item(3) + - off-by-one bug in pam_start.c would trim last character off certain + configuration lines + - incorrect ordering of an array in openpam_load.c would cause service + module functions to get mixed up + - missing 'continue' in openpam_dispatch.c caused successes to be + counted as failures +============================================================================ +OpenPAM Calamite 2002-02-09 + +First (beta) release. +============================================================================ +$P4: //depot/projects/openpam/HISTORY#24 $ diff --git a/contrib/openpam/LICENSE b/contrib/openpam/LICENSE new file mode 100644 index 0000000000..19a9687854 --- /dev/null +++ b/contrib/openpam/LICENSE @@ -0,0 +1,34 @@ + +Copyright (c) 2002-2003 Networks Associates Technology, Inc. +All rights reserved. + +This software was developed for the FreeBSD Project by ThinkSec AS and +Network Associates Laboratories, the Security Research Division of +Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +("CBOSS"), as part of the DARPA CHATS research program. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior written + permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +$P4: //depot/projects/openpam/LICENSE#6 $ diff --git a/contrib/openpam/README b/contrib/openpam/README new file mode 100644 index 0000000000..77c766cb19 --- /dev/null +++ b/contrib/openpam/README @@ -0,0 +1,27 @@ +OpenPAM is an open source PAM library that focuses on simplicity, +correctness, and cleanliness. + +OpenPAM aims to gather the best features of Solaris PAM, XSSO and +Linux-PAM, plus some innovations of its own. In areas where these +implementations disagree, OpenPAM tries to remain compatible with +Solaris, at the expense of XSSO conformance and Linux-PAM +compatibility. + +These are some of OpenPAM's features: + + - Implements the complete PAM API as described in the original PAM + paper and in OSF-RFC 86.0; this corresponds to the full XSSO API + except for mappings and secondary authentication. Also + implements some extensions found in Solaris 9. + + - Extends the API with several useful and time-saving functions. + + - Performs strict checking of return values from service modules. + + - Reads configuration from /etc/pam.d/, /etc/pam.conf, + /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order; + this will be made configurable in a future release. + +Please direct bug reports and inquiries to des@freebsd.org. + +$P4: //depot/projects/openpam/README#5 $ diff --git a/contrib/openpam/README.DELETED b/contrib/openpam/README.DELETED new file mode 100644 index 0000000000..1e45f2d060 --- /dev/null +++ b/contrib/openpam/README.DELETED @@ -0,0 +1,37 @@ +INSTALL +MANIFEST +Makefile.am +Makefile.in +aclocal.m4 +autogen.sh +bin +config.guess +config.h.in +config.sub +configure +configure.ac +depcomp +doc/Makefile.am +doc/Makefile.in +doc/man/Makefile.am +doc/man/Makefile.in +doc/man/openpam.man +doc/man/pam.man +include/Makefile.am +include/Makefile.in +include/security/Makefile.am +include/security/Makefile.in +install-sh +lib/Makefile.am +lib/Makefile.in +ltmain.sh +misc +missing +modules/pam_deny/Makefile.am +modules/pam_deny/Makefile.in +modules/pam_permit/Makefile.am +modules/pam_permit/Makefile.in +modules/pam_unix/Makefile.am +modules/pam_unix/Makefile.in +modules/Makefile.am +modules/Makefile.in diff --git a/contrib/openpam/README.DRAGONFLY b/contrib/openpam/README.DRAGONFLY new file mode 100644 index 0000000000..ca2a66ba0d --- /dev/null +++ b/contrib/openpam/README.DRAGONFLY @@ -0,0 +1,5 @@ +Original source can be obtained from: +http://www.openpam.org +MD5 (openpam-20050616.tar.gz) = e82a48944d7080e7a3fb343afd5d8b0a + +The file README.DELETED contains a list of deleted files. diff --git a/contrib/openpam/RELNOTES b/contrib/openpam/RELNOTES new file mode 100644 index 0000000000..a8aa9f1aea --- /dev/null +++ b/contrib/openpam/RELNOTES @@ -0,0 +1,29 @@ + + Release notes for OpenPAM Figwort + ================================= + +This release corresponds to the code used in FreeBSD-CURRENT as of the +release date. It has also been tested on several other platforms, and +is expected to work on almost any POSIX-like platform that has GNU +autotools, GNU make and the GNU compiler suite installed. One notable +exception is MacOS X, which ships with a very weird, heavily modified +version of GCC. + +The library itself is complete. Documentation exists in the form of +man pages for the library functions. These man pages are generated by +a Perl script from specially marked-up comments in the source files +themselves, which minimizes the chance that any of them should be out +of date. + +The distribution also includes three sample modules (pam_deny, +pam_permit and pam_unix) and a sample application (su). These are not +intended for actual use, but rather to serve as examples for module or +application developers. + +NOTE: to the person who sent me MacOS patches in July 2002: I have +lost your name and email address. Please contact me so I can give you +proper credit for your contribution. + +Please direct bug reports and inquiries to . + +$P4: //depot/projects/openpam/RELNOTES#22 $ diff --git a/contrib/openpam/doc/man/openpam.3 b/contrib/openpam/doc/man/openpam.3 new file mode 100644 index 0000000000..8e0957c46e --- /dev/null +++ b/contrib/openpam/doc/man/openpam.3 @@ -0,0 +1,143 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM 3 +.Os +.Sh NAME +.Nm openpam_borrow_cred , +.Nm openpam_free_data , +.Nm openpam_free_envlist , +.Nm openpam_get_option , +.Nm openpam_log , +.Nm openpam_nullconv , +.Nm openpam_readline , +.Nm openpam_restore_cred , +.Nm openpam_set_option , +.Nm openpam_ttyconv , +.Nm pam_error , +.Nm pam_get_authtok , +.Nm pam_info , +.Nm pam_prompt , +.Nm pam_setenv , +.Nm pam_verror , +.Nm pam_vinfo , +.Nm pam_vprompt +.Nd Pluggable Authentication Modules Library +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/openpam.h +.Ft "int" +.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd" +.Ft "void" +.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" +.Ft "void" +.Fn openpam_free_envlist "char **envlist" +.Ft "const char *" +.Fn openpam_get_option "pam_handle_t *pamh" "const char *option" +.Ft "void" +.Fn openpam_log "int level" "const char *fmt" "..." +.Ft "int" +.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Ft "char *" +.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" +.Ft "int" +.Fn openpam_restore_cred "pam_handle_t *pamh" +.Ft "int" +.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value" +.Ft "int" +.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Ft "int" +.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..." +.Ft "int" +.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" +.Ft "int" +.Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..." +.Ft "int" +.Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." +.Ft "int" +.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" +.Ft "int" +.Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Ft "int" +.Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Ft "int" +.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" +.\" +.\" $P4: //depot/projects/openpam/doc/man/openpam.man#2 $ +.\" +.Sh DESCRIPTION +These functions are OpenPAM extensions to the PAM API. +Those named +.Fn pam_* +are, in the author's opinion, logical and necessary extensions to the +standard API, while those named +.Fn openpam_* +are either simple convenience functions, or functions intimately tied +to OpenPAM implementation details, and therefore not well suited to +standardization. +.Sh SEE ALSO +.Xr openpam_borrow_cred 3 , +.Xr openpam_free_data 3 , +.Xr openpam_free_envlist 3 , +.Xr openpam_get_option 3 , +.Xr openpam_log 3 , +.Xr openpam_nullconv 3 , +.Xr openpam_readline 3 , +.Xr openpam_restore_cred 3 , +.Xr openpam_set_option 3 , +.Xr openpam_ttyconv 3 , +.Xr pam_error 3 , +.Xr pam_get_authtok 3 , +.Xr pam_info 3 , +.Xr pam_prompt 3 , +.Xr pam_setenv 3 , +.Xr pam_verror 3 , +.Xr pam_vinfo 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_borrow_cred.3 b/contrib/openpam/doc/man/openpam_borrow_cred.3 new file mode 100644 index 0000000000..632693bc4b --- /dev/null +++ b/contrib/openpam/doc/man/openpam_borrow_cred.3 @@ -0,0 +1,94 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_BORROW_CRED 3 +.Os +.Sh NAME +.Nm openpam_borrow_cred +.Nd temporarily borrow user credentials +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd" +.Sh DESCRIPTION +The +.Nm +function saves the current credentials and +switches to those of the user specified by its +.Fa pwd +argument. +The affected credentials are the effective UID, the effective GID, and +the group access list. +The original credentials can be restored using +.Xr openpam_restore_cred 3 . +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr setegid 2 , +.Xr seteuid 2 , +.Xr setgroups 2 , +.Xr openpam_restore_cred 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_free_data.3 b/contrib/openpam/doc/man/openpam_free_data.3 new file mode 100644 index 0000000000..0c9329f3c6 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_free_data.3 @@ -0,0 +1,77 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_FREE_DATA 3 +.Os +.Sh NAME +.Nm openpam_free_data +.Nd generic cleanup function +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "void" +.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" +.Sh DESCRIPTION +The +.Nm +function is a cleanup function suitable for +passing to +.Xr pam_set_data 3 . +It simply releases the data by passing its +.Fa data +argument to +.Xr free 3 . +.Sh SEE ALSO +.Xr free 3 , +.Xr pam 3 , +.Xr pam_set_data 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_free_envlist.3 b/contrib/openpam/doc/man/openpam_free_envlist.3 new file mode 100644 index 0000000000..08b993a160 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_free_envlist.3 @@ -0,0 +1,74 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_FREE_ENVLIST 3 +.Os +.Sh NAME +.Nm openpam_free_envlist +.Nd free an environment list +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "void" +.Fn openpam_free_envlist "char **envlist" +.Sh DESCRIPTION +The +.Nm +function is a convenience function which +frees all the environment variables in an environment list, and the +list itself. +It is suitable for freeing the return value from +.Xr pam_getenvlist 3 . +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_getenvlist 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_get_option.3 b/contrib/openpam/doc/man/openpam_get_option.3 new file mode 100644 index 0000000000..2bab2b407a --- /dev/null +++ b/contrib/openpam/doc/man/openpam_get_option.3 @@ -0,0 +1,80 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_GET_OPTION 3 +.Os +.Sh NAME +.Nm openpam_get_option +.Nd returns the value of a module option +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "const char *" +.Fn openpam_get_option "pam_handle_t *pamh" "const char *option" +.Sh DESCRIPTION +The +.Nm +function returns the value of the specified +option in the context of the currently executing service module, or +.Dv NULL +if the option is not set or no module is currently executing. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr openpam_set_option 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_log.3 b/contrib/openpam/doc/man/openpam_log.3 new file mode 100644 index 0000000000..b96cd1d8d6 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_log.3 @@ -0,0 +1,114 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_LOG 3 +.Os +.Sh NAME +.Nm openpam_log +.Nd log a message through syslog +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "void" +.Fn openpam_log "int level" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Nm +function logs messages using +.Xr syslog 3 . +It is primarily intended for internal use by the library and modules. +.Pp +The +.Fa level +argument indicates the importance of the message. +The following levels are defined: +.Bl -tag -width 18n +.It Dv PAM_LOG_DEBUG +Debugging messages. +These messages are normally not logged unless the global +integer variable +.Va _openpam_debug +is set to a non-zero +value, in which case they are logged with a +.Xr syslog 3 +priority of +.Dv LOG_DEBUG . +.It Dv PAM_LOG_VERBOSE +Information about the progress of the authentication +process, or other non-essential messages. +These messages are logged with a +.Xr syslog 3 +priority of +.Dv LOG_INFO . +.It Dv PAM_LOG_NOTICE +Messages relating to non-fatal errors. +These messages are logged with a +.Xr syslog 3 +priority of +.Dv LOG_NOTICE . +.It Dv PAM_LOG_ERROR +Messages relating to serious errors. +These messages are logged with a +.Xr syslog 3 +priority of +.Dv LOG_ERR . +.El +.Pp +The remaining arguments are a +.Xr printf 3 +format string and the +corresponding arguments. +.Sh SEE ALSO +.Xr pam 3 , +.Xr printf 3 , +.Xr syslog 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_nullconv.3 b/contrib/openpam/doc/man/openpam_nullconv.3 new file mode 100644 index 0000000000..a41a7d938a --- /dev/null +++ b/contrib/openpam/doc/man/openpam_nullconv.3 @@ -0,0 +1,101 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_NULLCONV 3 +.Os +.Sh NAME +.Nm openpam_nullconv +.Nd null conversation function +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Sh DESCRIPTION +The +.Nm +function is a null conversation function suitable +for applications that want to use PAM but don't support interactive +dialog with the user. +Such applications should set +.Dv PAM_AUTHTOK +to whatever authentication +token they've obtained on their own before calling +.Xr pam_authenticate 3 +and / or +.Xr pam_chauthtok 3 , +and their PAM configuration should specify the +.Dv use_first_pass +option for all modules that require access to the +authentication token, to make sure they use +.Dv PAM_AUTHTOK +rather than +try to query the user. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_CONV_ERR +Conversation failure. +.El +.Sh SEE ALSO +.Xr openpam_ttyconv 3 , +.Xr pam 3 , +.Xr pam_authenticate 3 , +.Xr pam_chauthtok 3 , +.Xr pam_prompt 3 , +.Xr pam_set_item 3 , +.Xr pam_strerror 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_readline.3 b/contrib/openpam/doc/man/openpam_readline.3 new file mode 100644 index 0000000000..c4cbb2fdc4 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_readline.3 @@ -0,0 +1,108 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_READLINE 3 +.Os +.Sh NAME +.Nm openpam_readline +.Nd read a line from a file +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "char *" +.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" +.Sh DESCRIPTION +The +.Nm +function reads a line from a file, and returns it +in a NUL-terminated buffer allocated with +.Xr malloc 3 . +.Pp +The +.Nm +function performs a certain amount of processing +on the data it reads. +Comments (introduced by a hash sign) are stripped, as is leading and +trailing whitespace. +Any amount of linear whitespace is collapsed to a single space. +Blank lines are ignored. +If a line ends in a backslash, the backslash is stripped and the next +line is appended. +.Pp +If +.Fa lineno +is not +.Dv NULL , +the integer variable it points to is +incremented every time a newline character is read. +.Pp +If +.Fa lenp +is not +.Dv NULL , +the length of the line (not including the +terminating NUL character) is stored in the variable it points to. +.Pp +The caller is responsible for releasing the returned buffer by passing +it to +.Xr free 3 . +.Sh RETURN VALUES +The +.Nm +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr free 3 , +.Xr malloc 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_restore_cred.3 b/contrib/openpam/doc/man/openpam_restore_cred.3 new file mode 100644 index 0000000000..70fa3d70df --- /dev/null +++ b/contrib/openpam/doc/man/openpam_restore_cred.3 @@ -0,0 +1,86 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_RESTORE_CRED 3 +.Os +.Sh NAME +.Nm openpam_restore_cred +.Nd restore credentials +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_restore_cred "pam_handle_t *pamh" +.Sh DESCRIPTION +The +.Nm +function restores the credentials saved by +.Xr openpam_borrow_cred 3 . +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_NO_MODULE_DATA +Module data not found. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr setegid 2 , +.Xr seteuid 2 , +.Xr setgroups 2 , +.Xr openpam_borrow_cred 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_set_option.3 b/contrib/openpam/doc/man/openpam_set_option.3 new file mode 100644 index 0000000000..105e19517f --- /dev/null +++ b/contrib/openpam/doc/man/openpam_set_option.3 @@ -0,0 +1,83 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_SET_OPTION 3 +.Os +.Sh NAME +.Nm openpam_set_option +.Nd sets the value of a module option +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value" +.Sh DESCRIPTION +The +.Nm +function sets the specified option in the +context of the currently executing service module. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr openpam_get_option 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_ttyconv.3 b/contrib/openpam/doc/man/openpam_ttyconv.3 new file mode 100644 index 0000000000..d2512c3ea8 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_ttyconv.3 @@ -0,0 +1,96 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt OPENPAM_TTYCONV 3 +.Os +.Sh NAME +.Nm openpam_ttyconv +.Nd simple tty-based conversation function +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Sh DESCRIPTION +The +.Nm +function is a standard conversation function +suitable for use on TTY devices. +It should be adequate for the needs of most text-based interactive +programs. +.Pp +The +.Nm +function allows the application to specify a +timeout for user input by setting the global integer variable +.Va openpam_ttyconv_timeout +to the length of the timeout in seconds. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr openpam_nullconv 3 , +.Xr pam 3 , +.Xr pam_prompt 3 , +.Xr pam_strerror 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3 new file mode 100644 index 0000000000..e8a664737d --- /dev/null +++ b/contrib/openpam/doc/man/pam.3 @@ -0,0 +1,292 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM 3 +.Os +.Sh NAME +.Nm pam_acct_mgmt , +.Nm pam_authenticate , +.Nm pam_chauthtok , +.Nm pam_close_session , +.Nm pam_end , +.Nm pam_get_data , +.Nm pam_get_item , +.Nm pam_get_user , +.Nm pam_getenv , +.Nm pam_getenvlist , +.Nm pam_open_session , +.Nm pam_putenv , +.Nm pam_set_data , +.Nm pam_set_item , +.Nm pam_setcred , +.Nm pam_start , +.Nm pam_strerror +.Nd Pluggable Authentication Modules Library +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft "int" +.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_authenticate "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_chauthtok "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_close_session "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_end "pam_handle_t *pamh" "int status" +.Ft "int" +.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "void **data" +.Ft "int" +.Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item" +.Ft "int" +.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" +.Ft "const char *" +.Fn pam_getenv "pam_handle_t *pamh" "const char *name" +.Ft "char **" +.Fn pam_getenvlist "pam_handle_t *pamh" +.Ft "int" +.Fn pam_open_session "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" +.Ft "int" +.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" +.Ft "int" +.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" +.Ft "int" +.Fn pam_setcred "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" +.Ft "const char *" +.Fn pam_strerror "pam_handle_t *pamh" "int error_number" +.\" +.\" $P4: //depot/projects/openpam/doc/man/pam.man#4 $ +.\" +.Sh DESCRIPTION +The Pluggable Authentication Modules (PAM) library abstracts a number +of common authentication-related operations and provides a framework +for dynamically loaded modules that implement these operations in +various ways. +.Ss Terminology +In PAM parlance, the application that uses PAM to authenticate a user +is the server, and is identified for configuration purposes by a +service name, which is often (but not necessarily) the program name. +.Pp +The user requesting authentication is called the applicant, while the +user (usually, root) charged with verifying his identity and granting +him the requested credentials is called the arbitrator. +.Pp +The sequence of operations the server goes through to authenticate a +user and perform whatever task he requested is a PAM transaction; the +context within which the server performs the requested task is called +a session. +.Pp +The functionality embodied by PAM is divided into six primitives +grouped into four facilities: authentication, account management, +session management and password management. +.Ss Conversation +The PAM library expects the application to provide a conversation +callback which it can use to communicate with the user. +Some modules may use specialized conversation functions to communicate +with special hardware such as cryptographic dongles or biometric +devices. +See +.Xr pam_conv 3 +for details. +.Ss Initialization and Cleanup +The +.Fn pam_start +function initializes the PAM library and returns a handle which must +be provided in all subsequent function calls. +The transaction state is contained entirely within the structure +identified by this handle, so it is possible to conduct multiple +transactions in parallel. +.Pp +The +.Fn pam_end +function releases all resources associated with the specified context, +and can be called at any time to terminate a PAM transaction. +.Ss Storage +The +.Fn pam_set_item +and +.Fn pam_get_item +functions set and retrieve a number of predefined items, including the +service name, the names of the requesting and target users, the +conversation function, and prompts. +.Pp +The +.Fn pam_set_data +and +.Fn pam_get_data +functions manage named chunks of free-form data, generally used by +modules to store state from one invocation to another. +.Ss Authentication +There are two authentication primitives: +.Fn pam_authenticate +and +.Fn pam_setcred . +The former authenticates the user, while the latter manages his +credentials. +.Ss Account Management +The +.Fn pam_acct_mgmt +function enforces policies such as password expiry, account expiry, +time-of-day restrictions, and so forth. +.Ss Session Management +The +.Fn pam_open_session +and +.Fn pam_close_session +functions handle session setup and teardown. +.Ss Password Management +The +.Fn pam_chauthtok +function allows the server to change the user's password, either at +the user's request or because the password has expired. +.Ss Miscellaneous +The +.Fn pam_putenv , +.Fn pam_getenv +and +.Fn pam_getenvlist +functions manage a private environment list in which modules can set +environment variables they want the server to export during the +session. +.Pp +The +.Fn pam_strerror +function returns a pointer to a string describing the specified PAM +error code. +.Sh RETURN VALUES +The following return codes are defined by +.In security/pam_constants.h : +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_ACCT_EXPIRED +User account has expired. +.It Bq Er PAM_AUTHINFO_UNAVAIL +Authentication information is unavailable. +.It Bq Er PAM_AUTHTOK_DISABLE_AGING +Authentication token aging disabled. +.It Bq Er PAM_AUTHTOK_ERR +Authentication token failure. +.It Bq Er PAM_AUTHTOK_EXPIRED +Password has expired. +.It Bq Er PAM_AUTHTOK_LOCK_BUSY +Authentication token lock busy. +.It Bq Er PAM_AUTHTOK_RECOVERY_ERR +Failed to recover old authentication token. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_ERR +Failed to set user credentials. +.It Bq Er PAM_CRED_EXPIRED +User credentials have expired. +.It Bq Er PAM_CRED_INSUFFICIENT +Insufficient credentials. +.It Bq Er PAM_CRED_UNAVAIL +Failed to retrieve user credentials. +.It Bq Er PAM_DOMAIN_UNKNOWN +Unknown authentication domain. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_MAXTRIES +Maximum number of tries exceeded. +.It Bq Er PAM_MODULE_UNKNOWN +Unknown module type. +.It Bq Er PAM_NEW_AUTHTOK_REQD +New authentication token required. +.It Bq Er PAM_NO_MODULE_DATA +Module data not found. +.It Bq Er PAM_OPEN_ERR +Failed to load module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_TRY_AGAIN +Try again. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr openpam 3 , +.Xr pam_acct_mgmt 3 , +.Xr pam_authenticate 3 , +.Xr pam_chauthtok 3 , +.Xr pam_close_session 3 , +.Xr pam_conv 3 , +.Xr pam_end 3 , +.Xr pam_get_data 3 , +.Xr pam_getenv 3 , +.Xr pam_getenvlist 3 , +.Xr pam_get_item 3 , +.Xr pam_get_user 3 , +.Xr pam_open_session 3 , +.Xr pam_putenv 3 , +.Xr pam_setcred 3 , +.Xr pam_set_data 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam.conf.5 b/contrib/openpam/doc/man/pam.conf.5 new file mode 100644 index 0000000000..51dd12e229 --- /dev/null +++ b/contrib/openpam/doc/man/pam.conf.5 @@ -0,0 +1,174 @@ +.\"- +.\" Copyright (c) 2005 Dag-Erling Coïdan Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/openpam/doc/man/pam.conf.5#2 $ +.\" +.Dd June 9, 2005 +.Dt PAM.CONF 5 +.Os +.Sh NAME +.Nm pam.conf +.Nd PAM policy file format +.Sh DESCRIPTION +The PAM library searches for policies in the following files, in +decreasing order of preference: +.Bl -enum +.It +.Pa /etc/pam.d/ Ns Ar service-name +.It +.Pa /etc/pam.conf +.It +.Pa /usr/local/etc/pam.d/ Ns Ar service-name +.It +.Pa /usr/local/etc/pam.conf +.El +.Pp +If none of these locations contains a policy for the given service, +the +.Dv default +policy is used instead, if it exists. +.Pp +Entries in per-service policy files must be of one of the two forms +below: +.Bd -unfilled -offset indent +.Ar function-class Ar control-flag Ar module-path Op Ar arguments ... +.Ar function-class Cm include Ar other-service-name +.Ed +.Pp +Entries in +.Pa pam.conf Ns -style +policy files are of the same form, but are prefixed by an additional +field specifying the name of the service they apply to. +.Pp +In both types of policy files, blank lines are ignored, as is anything +to the right of a `#' sign. +.Pp +The +.Ar function-class +field specifies the class of functions the entry applies to, and is +one of: +.Bl -tag -width "password" +.It Cm auth +Authentication functions +.Po +.Xr pam_authenticate 3 , +.Xr pam_setcred 3 +.Pc +.It Cm account +Account management functions +.Pq Xr pam_acct_mgmt 3 +.It Cm session +Session handling functions +.Po +.Xr pam_open_session 3 , +.Xr pam_close_session 3 +.Pc +.It Cm password +Password management functions +.Pq Xr pam_chauthtok 3 +.El +.Pp +The +.Ar control-flag +field determines how the result returned by the module affects the +flow of control through (and the final result of) the rest of the +chain, and is one of: +.Bl -tag -width "sufficient" +.It Cm required +If this module succeeds, the result of the chain will be success +unless a later module fails. +If it fails, the rest of the chain still runs, but the final result +will be failure regardless of the success of later modules. +.It Cm requisite +If this module succeeds, the result of the chain will be success +unless a later module fails. +If it module fails, the chain is broken and the result is failure. +.It Cm sufficient +If this module succeeds, the chain is broken and the result is +success. +If it fails, the rest of the chain still runs, but the final result +will be failure unless a later module succeeds. +.It Cm binding +If this module succeeds, the chain is broken and the result is +success. +If it fails, the rest of the chain still runs, but the final result +will be failure regardless of the success of later modules. +.It Cm optional +If this module succeeds, the result of the chain will be success +unless a later module fails. +If this module fails, the result of the chain will be failure unless a +later module succeeds. +.El +.Pp +There are two exceptions to the above: +.Cm sufficient +and +.Cm binding +modules are treated as +.Cm optional +by +.Xr pam_setcred 3 , +and in the +.Dv PAM_PRELIM_CHECK +phase of +.Xr pam_chauthtok 3 . +.Pp +The +.Ar module-path +field specifies the name, or optionally the full path, of the module +to call. +.Pp +The remaining fields are passed as arguments to the module if and when +it is invoked. +.Pp +The +.Cm include +form of entry causes entries from a different chain (specified by +.Ar other-system-name ) +to be included in the current one. +This allows one to define system-wide policies which are then included +into service-specific policies. +The system-wide policy can then be modified without having to also +modify each and every service-specific policy. +.Sh SEE ALSO +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library was developed for the FreeBSD Project by ThinkSec +AS and Network Associates Laboratories, the Security Research Division +of Network Associates, Inc. under DARPA/SPAWAR contract +N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +This manual page was written by +.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org . diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3 new file mode 100644 index 0000000000..5484bb74da --- /dev/null +++ b/contrib/openpam/doc/man/pam_acct_mgmt.3 @@ -0,0 +1,113 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_ACCT_MGMT 3 +.Os +.Sh NAME +.Nm pam_acct_mgmt +.Nd perform PAM account validation procedures +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function verifies and enforces account restrictions +after the user has been authenticated. +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.It Dv PAM_DISALLOW_NULL_AUTHTOK +Fail if the user's authentication token is null. +.El +.Pp +If any other bits are set, +.Nm +will return +.Dv PAM_SYMBOL_ERR . +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_ACCT_EXPIRED +User account has expired. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_NEW_AUTHTOK_REQD +New authentication token required. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3 new file mode 100644 index 0000000000..b5bead3049 --- /dev/null +++ b/contrib/openpam/doc/man/pam_authenticate.3 @@ -0,0 +1,127 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_AUTHENTICATE 3 +.Os +.Sh NAME +.Nm pam_authenticate +.Nd perform authentication within the PAM framework +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_authenticate "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function attempts to authenticate the user +associated with the pam context specified by the +.Fa pamh +argument. +.Pp +The application is free to call +.Nm +as many times as it +wishes, but some modules may maintain an internal retry counter and +return +.Dv PAM_MAXTRIES +when it exceeds some preset or hardcoded limit. +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.It Dv PAM_DISALLOW_NULL_AUTHTOK +Fail if the user's authentication token is null. +.El +.Pp +If any other bits are set, +.Nm +will return +.Dv PAM_SYMBOL_ERR . +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_AUTHINFO_UNAVAIL +Authentication information is unavailable. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_INSUFFICIENT +Insufficient credentials. +.It Bq Er PAM_MAXTRIES +Maximum number of tries exceeded. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3 new file mode 100644 index 0000000000..eb76c83d88 --- /dev/null +++ b/contrib/openpam/doc/man/pam_chauthtok.3 @@ -0,0 +1,119 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_CHAUTHTOK 3 +.Os +.Sh NAME +.Nm pam_chauthtok +.Nd perform password related functions within the PAM framework +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_chauthtok "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function attempts to change the authentication token +for the user associated with the pam context specified by the +.Fa pamh +argument. +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.It Dv PAM_CHANGE_EXPIRED_AUTHTOK +Change only those authentication tokens that have expired. +.El +.Pp +If any other bits are set, +.Nm +will return +.Dv PAM_SYMBOL_ERR . +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_AUTHTOK_DISABLE_AGING +Authentication token aging disabled. +.It Bq Er PAM_AUTHTOK_ERR +Authentication token failure. +.It Bq Er PAM_AUTHTOK_LOCK_BUSY +Authentication token lock busy. +.It Bq Er PAM_AUTHTOK_RECOVERY_ERR +Failed to recover old authentication token. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_TRY_AGAIN +Try again. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3 new file mode 100644 index 0000000000..8a3b07c8dd --- /dev/null +++ b/contrib/openpam/doc/man/pam_close_session.3 @@ -0,0 +1,109 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_CLOSE_SESSION 3 +.Os +.Sh NAME +.Nm pam_close_session +.Nd close an existing user session +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_close_session "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function tears down the user session previously +set up by +.Xr pam_open_session 3 . +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.El +.Pp +If any other bits are set, +.Nm +will return +.Dv PAM_SYMBOL_ERR . +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_open_session 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_conv.3 b/contrib/openpam/doc/man/pam_conv.3 new file mode 100644 index 0000000000..296275a91e --- /dev/null +++ b/contrib/openpam/doc/man/pam_conv.3 @@ -0,0 +1,182 @@ +.\"- +.\" Copyright (c) 2002-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#4 $ +.\" +.Dd May 27, 2002 +.Dt PAM_CONV 3 +.Os +.Sh NAME +.Nm pam_conv +.Nd PAM conversation system +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Bd -literal +struct pam_message { + int msg_style; + char *msg; +}; + +struct pam_response { + char *resp; + int resp_retcode; +}; + +struct pam_conv { + int (*conv)(int, const struct pam_message **, + struct pam_response **, void *); + void *appdata_ptr; +}; +.Ed +.Sh DESCRIPTION +The PAM library uses an application-defined callback to communicate +with the user. +This callback is specified by the +.Vt struct pam_conv +passed to +.Fn pam_start +at the start of the transaction. +It is also possible to set or change the conversation function at any +point during a PAM transaction by changing the value of the +.Dv PAM_CONV +item. +.Pp +The conversation function's first argument specifies the number of +messages (up to +.Dv PAM_NUM_MSG ) +to process. +The second argument is a pointer to an array of pointers to +.Vt pam_message +structures containing the actual messages. +.Pp +Each message can have one of four types, specified by the +.Va msg_style +member of +.Vt struct pam_message : +.Bl -tag -width 18n +.It Dv PAM_PROMPT_ECHO_OFF +Display a prompt and accept the user's response without echoing it to +the terminal. +This is commonly used for passwords. +.It Dv PAM_PROMPT_ECHO_ON +Display a prompt and accept the user's response, echoing it to the +terminal. +This is commonly used for login names and one-time passphrases. +.It Dv PAM_ERROR_MSG +Display an error message. +.It Dv PAM_TEXT_INFO +Display an informational message. +.El +.Pp +In each case, the prompt or message to display is pointed to by the +.Va msg +member of +.Vt struct pam_message . +It can be up to +.Dv PAM_MAX_MSG_SIZE +characters long, including the terminating NUL. +.Pp +On success, the conversation function should allocate and fill a +contiguous array of +.Vt struct pam_response , +one for each message that was passed in. +A pointer to the user's response to each message (or +.Dv NULL +in the case of informational or error messages) should be stored in +the +.Va resp +member of the corresponding +.Vt struct pam_response . +Each response can be up to +.Dv PAM_MAX_RESP_SIZE +characters long, including the terminating NUL. +.Pp +The +.Va resp_retcode +member of +.Vt struct pam_response +is unused and should be set to zero. +.Pp +The conversation function should store a pointer to this array in the +location pointed to by its third argument. +It is the caller's responsibility to release both this array and the +responses themselves, using +.Xr free 3 . +It is the conversation function's responsibility to ensure that it is +legal to do so. +.Pp +The +.Va appdata_ptr +member of +.Vt struct pam_conv +is passed unmodified to the conversation function as its fourth and +final argument. +.Pp +On failure, the conversation function should release any resources it +has allocated, and return one of the predefined PAM error codes. +.Sh RETURN VALUES +The conversation function should return one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr openpam_ttyconv 3 , +.Xr openpam_nullconv 3 , +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_get_item 3 , +.Xr pam_info 3 , +.Xr pam_prompt 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library and this manual page were developed for the +FreeBSD Project by ThinkSec AS and Network Associates Laboratories, +the Security Research Division of Network Associates, Inc. under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3 new file mode 100644 index 0000000000..a9196a005a --- /dev/null +++ b/contrib/openpam/doc/man/pam_end.3 @@ -0,0 +1,86 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_END 3 +.Os +.Sh NAME +.Nm pam_end +.Nd terminate the PAM transaction +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_end "pam_handle_t *pamh" "int status" +.Sh DESCRIPTION +The +.Nm +function terminates a PAM transaction and destroys the +corresponding PAM context, releasing all resources allocated to it. +.Pp +The +.Fa status +argument should be set to the error code returned by the +last API call before the call to +.Nm +. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3 new file mode 100644 index 0000000000..86f395c948 --- /dev/null +++ b/contrib/openpam/doc/man/pam_error.3 @@ -0,0 +1,86 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_ERROR 3 +.Os +.Sh NAME +.Nm pam_error +.Nd display an error message +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Nm +function displays an error message through the +intermediary of the given PAM context's conversation function. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_info 3 , +.Xr pam_prompt 3 , +.Xr pam_strerror 3 , +.Xr pam_verror 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3 new file mode 100644 index 0000000000..71fc11824a --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_authtok.3 @@ -0,0 +1,133 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_GET_AUTHTOK 3 +.Os +.Sh NAME +.Nm pam_get_authtok +.Nd retrieve authentication token +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" +.Sh DESCRIPTION +The +.Nm +function returns the cached authentication token, +or prompts the user if no token is currently cached. +Either way, a pointer to the authentication token is stored in the +location pointed to by the +.Fa authtok +argument. +.Pp +The +.Fa item +argument must have one of the following values: +.Bl -tag -width 18n +.It Dv PAM_AUTHTOK +Returns the current authentication token, or the new token +when changing authentication tokens. +.It Dv PAM_OLDAUTHTOK +Returns the previous authentication token when changing +authentication tokens. +.El +.Pp +The +.Fa prompt +argument specifies a prompt to use if no token is cached. +If it is +.Dv NULL , +the +.Dv PAM_AUTHTOK_PROMPT +or +.Dv PAM_OLDAUTHTOK_PROMPT +item, +as appropriate, will be used. +If that item is also +.Dv NULL , +a hardcoded default prompt will be used. +.Pp +If +.Fa item +is set to +.Dv PAM_AUTHTOK +and there is a non-null +.Dv PAM_OLDAUTHTOK +item, +.Nm +will ask the user to confirm the new token by +retyping it. +If there is a mismatch, +.Nm +will return +.Dv PAM_TRY_AGAIN . +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_TRY_AGAIN +Try again. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_get_item 3 , +.Xr pam_get_user 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3 new file mode 100644 index 0000000000..0b0b256584 --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_data.3 @@ -0,0 +1,95 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_GET_DATA 3 +.Os +.Sh NAME +.Nm pam_get_data +.Nd get module information +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "void **data" +.Sh DESCRIPTION +The +.Nm +function looks up the opaque object associated with +the string specified by the +.Fa module_data_name +argument, in the PAM +context specified by the +.Fa pamh +argument. +A pointer to the object is stored in the location pointed to by the +.Fa data +argument. +.Pp +This function and its counterpart +.Xr pam_set_data 3 +are useful for managing +data that are meaningful only to a particular service module. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_NO_MODULE_DATA +Module data not found. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_set_data 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3 new file mode 100644 index 0000000000..e5e3973d0f --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_item.3 @@ -0,0 +1,128 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_GET_ITEM 3 +.Os +.Sh NAME +.Nm pam_get_item +.Nd get PAM information +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item" +.Sh DESCRIPTION +The +.Nm +function stores a pointer to the item specified by +the +.Fa item_type +argument in the location specified by the +.Fa item +argument. +The item is retrieved from the PAM context specified by the +.Fa pamh +argument. +The following item types are recognized: +.Bl -tag -width 18n +.It Dv PAM_SERVICE +The name of the requesting service. +.It Dv PAM_USER +The name of the user the application is trying to +authenticate. +.It Dv PAM_TTY +The name of the current terminal. +.It Dv PAM_RHOST +The name of the applicant's host. +.It Dv PAM_CONV +A +.Vt struct pam_conv +describing the current conversation +function. +.It Dv PAM_AUTHTOK +The current authentication token. +.It Dv PAM_OLDAUTHTOK +The expired authentication token. +.It Dv PAM_RUSER +The name of the applicant. +.It Dv PAM_USER_PROMPT +The prompt to use when asking the applicant for a user +name to authenticate as. +.It Dv PAM_AUTHTOK_PROMPT +The prompt to use when asking the applicant for an +authentication token. +.It Dv PAM_OLDAUTHTOK_PROMPT +The prompt to use when asking the applicant for an +expired authentication token prior to changing it. +.El +.Pp +See +.Xr pam_start 3 +for a description of +.Vt struct pam_conv . +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3 new file mode 100644 index 0000000000..260bc7dd07 --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_user.3 @@ -0,0 +1,110 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_GET_USER 3 +.Os +.Sh NAME +.Nm pam_get_user +.Nd retrieve user name +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" +.Sh DESCRIPTION +The +.Nm +function returns the name of the target user, as +specified to +.Xr pam_start 3 . +If no user was specified, nor set using +.Xr pam_set_item 3 , +.Nm +will prompt for a user name. +Either way, a pointer to the user name is stored in the location +pointed to by the +.Fa user +argument. +.Pp +The +.Fa prompt +argument specifies a prompt to use if no user name is +cached. +If it is +.Dv NULL , +the +.Dv PAM_USER_PROMPT +will be used. +If that item is also +.Dv NULL , +a hardcoded default prompt will be used. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_get_authtok 3 , +.Xr pam_get_item 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3 new file mode 100644 index 0000000000..281459617c --- /dev/null +++ b/contrib/openpam/doc/man/pam_getenv.3 @@ -0,0 +1,84 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_GETENV 3 +.Os +.Sh NAME +.Nm pam_getenv +.Nd retrieve the value of a PAM environment variable +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "const char *" +.Fn pam_getenv "pam_handle_t *pamh" "const char *name" +.Sh DESCRIPTION +The +.Nm +function returns the value of an environment variable. +Its semantics are similar to those of +.Xr getenv 3 , +but it accesses the PAM +context's environment list instead of the application's. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr getenv 3 , +.Xr pam 3 , +.Xr pam_getenvlist 3 , +.Xr pam_putenv 3 , +.Xr pam_setenv 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3 new file mode 100644 index 0000000000..59e12a1176 --- /dev/null +++ b/contrib/openpam/doc/man/pam_getenvlist.3 @@ -0,0 +1,105 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_GETENVLIST 3 +.Os +.Sh NAME +.Nm pam_getenvlist +.Nd returns a list of all the PAM environment variables +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "char **" +.Fn pam_getenvlist "pam_handle_t *pamh" +.Sh DESCRIPTION +The +.Nm +function returns a copy of the given PAM context's +environment list as a pointer to an array of strings. +The last element in the array is +.Dv NULL . +The pointer is suitable for assignment to +.Va environ . +.Pp +The array and the strings it lists are allocated using +.Xr malloc 3 , +and +should be released using +.Xr free 3 +after use: +.Pp +.Bd -literal + char **envlist, **env; + + envlist = environ; + environ = pam_getenvlist(pamh); + /* do something nifty */ + for (env = environ; *env != NULL; env++) + free(*env); + free(environ); + environ = envlist; +.Ed +.Sh RETURN VALUES +The +.Nm +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr free 3 , +.Xr malloc 3 , +.Xr pam 3 , +.Xr pam_getenv 3 , +.Xr pam_putenv 3 , +.Xr pam_setenv 3 , +.Xr environ 7 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3 new file mode 100644 index 0000000000..ea89c31c38 --- /dev/null +++ b/contrib/openpam/doc/man/pam_info.3 @@ -0,0 +1,86 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_INFO 3 +.Os +.Sh NAME +.Nm pam_info +.Nd display an information message +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Nm +function displays an informational message through the +intermediary of the given PAM context's conversation function. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_prompt 3 , +.Xr pam_strerror 3 , +.Xr pam_vinfo 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3 new file mode 100644 index 0000000000..9e0edf0b21 --- /dev/null +++ b/contrib/openpam/doc/man/pam_open_session.3 @@ -0,0 +1,110 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_OPEN_SESSION 3 +.Os +.Sh NAME +.Nm pam_open_session +.Nd open a user session +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_open_session "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +sets up a user session for a previously +authenticated user. +The session should later be torn down by a call to +.Xr pam_close_session 3 . +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.El +.Pp +If any other bits are set, +.Nm +will return +.Dv PAM_SYMBOL_ERR . +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_close_session 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3 new file mode 100644 index 0000000000..604325038f --- /dev/null +++ b/contrib/openpam/doc/man/pam_prompt.3 @@ -0,0 +1,98 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_PROMPT 3 +.Os +.Sh NAME +.Nm pam_prompt +.Nd call the conversation function +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Nm +function constructs a message from the specified format +string and arguments and passes it to the given PAM context's +conversation function. +.Pp +A pointer to the response, or +.Dv NULL +if the conversation function did +not return one, is stored in the location pointed to by the +.Fa resp +argument. +.Pp +See +.Xr pam_vprompt 3 +for further details. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_info 3 , +.Xr pam_strerror 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3 new file mode 100644 index 0000000000..7937818fb9 --- /dev/null +++ b/contrib/openpam/doc/man/pam_putenv.3 @@ -0,0 +1,89 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_PUTENV 3 +.Os +.Sh NAME +.Nm pam_putenv +.Nd set the value of an environment variable +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" +.Sh DESCRIPTION +The +.Nm +function sets a environment variable. +Its semantics are similar to those of +.Xr putenv 3 , +but it modifies the PAM +context's environment list instead of the application's. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_getenv 3 , +.Xr pam_getenvlist 3 , +.Xr pam_setenv 3 , +.Xr pam_strerror 3 , +.Xr putenv 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3 new file mode 100644 index 0000000000..97f66c87e4 --- /dev/null +++ b/contrib/openpam/doc/man/pam_set_data.3 @@ -0,0 +1,99 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SET_DATA 3 +.Os +.Sh NAME +.Nm pam_set_data +.Nd set module information +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" +.Sh DESCRIPTION +The +.Nm +function associates a pointer to an opaque object +with an arbitrary string specified by the +.Fa module_data_name +argument, +in the PAM context specified by the +.Fa pamh +argument. +.Pp +If not +.Dv NULL , +the +.Fa cleanup +argument should point to a function +responsible for releasing the resources associated with the object. +.Pp +This function and its counterpart +.Xr pam_get_data 3 +are useful for managing +data that are meaningful only to a particular service module. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_get_data 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3 new file mode 100644 index 0000000000..18497ede28 --- /dev/null +++ b/contrib/openpam/doc/man/pam_set_item.3 @@ -0,0 +1,93 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SET_ITEM 3 +.Os +.Sh NAME +.Nm pam_set_item +.Nd set authentication information +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" +.Sh DESCRIPTION +The +.Nm +function sets the item specified by the +.Fa item_type +argument to a copy of the object pointed to by the +.Fa item +argument. +The item is stored in the PAM context specified by the +.Fa pamh +argument. +See +.Xr pam_get_item 3 +for a list of recognized item types. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_get_item 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3 new file mode 100644 index 0000000000..e435c9a686 --- /dev/null +++ b/contrib/openpam/doc/man/pam_setcred.3 @@ -0,0 +1,122 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SETCRED 3 +.Os +.Sh NAME +.Nm pam_setcred +.Nd modify / delete user credentials for an authentication service +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_setcred "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function manages the application's credentials. +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.It Dv PAM_ESTABLISH_CRED +Establish the credentials of the target user. +.It Dv PAM_DELETE_CRED +Revoke all established credentials. +.It Dv PAM_REINITIALIZE_CRED +Fully reinitialise credentials. +.It Dv PAM_REFRESH_CRED +Refresh credentials. +.El +.Pp +The latter four are mutually exclusive. +.Pp +If any other bits are set, +.Nm +will return +.Dv PAM_SYMBOL_ERR . +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_ERR +Failed to set user credentials. +.It Bq Er PAM_CRED_EXPIRED +User credentials have expired. +.It Bq Er PAM_CRED_UNAVAIL +Failed to retrieve user credentials. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3 new file mode 100644 index 0000000000..122b41e451 --- /dev/null +++ b/contrib/openpam/doc/man/pam_setenv.3 @@ -0,0 +1,88 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SETENV 3 +.Os +.Sh NAME +.Nm pam_setenv +.Nd mirrors setenv(3) +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" +.Sh DESCRIPTION +The +.Nm +function sets a environment variable. +Its semantics are similar to those of +.Xr setenv 3 , +but it modifies the PAM +context's environment list instead of the application's. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_getenv 3 , +.Xr pam_getenvlist 3 , +.Xr pam_putenv 3 , +.Xr pam_strerror 3 , +.Xr setenv 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 new file mode 100644 index 0000000000..b30435262c --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 @@ -0,0 +1,103 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SM_ACCT_MGMT 3 +.Os +.Sh NAME +.Nm pam_sm_acct_mgmt +.Nd service module implementation for pam_acct_mgmt +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_acct_mgmt "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Nm +function is the service module's implementation +of the +.Xr pam_acct_mgmt 3 +API function. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_ACCT_EXPIRED +User account has expired. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_NEW_AUTHTOK_REQD +New authentication token required. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_acct_mgmt 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_authenticate.3 b/contrib/openpam/doc/man/pam_sm_authenticate.3 new file mode 100644 index 0000000000..56bfcd8519 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_authenticate.3 @@ -0,0 +1,105 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SM_AUTHENTICATE 3 +.Os +.Sh NAME +.Nm pam_sm_authenticate +.Nd service module implementation for pam_authenticate +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_authenticate "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Nm +function is the service module's +implementation of the +.Xr pam_authenticate 3 +API function. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_AUTHINFO_UNAVAIL +Authentication information is unavailable. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_INSUFFICIENT +Insufficient credentials. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_MAXTRIES +Maximum number of tries exceeded. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_authenticate 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_chauthtok.3 b/contrib/openpam/doc/man/pam_sm_chauthtok.3 new file mode 100644 index 0000000000..9ce954f5b7 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_chauthtok.3 @@ -0,0 +1,105 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SM_CHAUTHTOK 3 +.Os +.Sh NAME +.Nm pam_sm_chauthtok +.Nd service module implementation for pam_chauthtok +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_chauthtok "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Nm +function is the service module's implementation +of the +.Xr pam_chauthtok 3 +API function. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_AUTHTOK_DISABLE_AGING +Authentication token aging disabled. +.It Bq Er PAM_AUTHTOK_ERR +Authentication token failure. +.It Bq Er PAM_AUTHTOK_LOCK_BUSY +Authentication token lock busy. +.It Bq Er PAM_AUTHTOK_RECOVERY_ERR +Failed to recover old authentication token. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_TRY_AGAIN +Try again. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_chauthtok 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_close_session.3 b/contrib/openpam/doc/man/pam_sm_close_session.3 new file mode 100644 index 0000000000..751a9d258b --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_close_session.3 @@ -0,0 +1,97 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SM_CLOSE_SESSION 3 +.Os +.Sh NAME +.Nm pam_sm_close_session +.Nd service module implementation for pam_close_session +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_close_session "pam_handle_t *pamh" "int flags" "int args" "const char **argv" +.Sh DESCRIPTION +The +.Nm +function is the service module's +implementation of the +.Xr pam_close_session 3 +API function. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_close_session 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_open_session.3 b/contrib/openpam/doc/man/pam_sm_open_session.3 new file mode 100644 index 0000000000..6ae3d32466 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_open_session.3 @@ -0,0 +1,97 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SM_OPEN_SESSION 3 +.Os +.Sh NAME +.Nm pam_sm_open_session +.Nd service module implementation for pam_open_session +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_open_session "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Nm +function is the service module's +implementation of the +.Xr pam_open_session 3 +API function. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_open_session 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_setcred.3 b/contrib/openpam/doc/man/pam_sm_setcred.3 new file mode 100644 index 0000000000..799e281d63 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_setcred.3 @@ -0,0 +1,103 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_SM_SETCRED 3 +.Os +.Sh NAME +.Nm pam_sm_setcred +.Nd service module implementation for pam_setcred +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_setcred "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Nm +function is the service module's implementation of +the +.Xr pam_setcred 3 +API function. +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_ERR +Failed to set user credentials. +.It Bq Er PAM_CRED_EXPIRED +User credentials have expired. +.It Bq Er PAM_CRED_UNAVAIL +Failed to retrieve user credentials. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_setcred 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3 new file mode 100644 index 0000000000..29f08d2af3 --- /dev/null +++ b/contrib/openpam/doc/man/pam_start.3 @@ -0,0 +1,108 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_START 3 +.Os +.Sh NAME +.Nm pam_start +.Nd initiate a PAM transaction +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" +.Sh DESCRIPTION +The +.Nm +function creates and initializes a PAM context. +.Pp +The +.Fa service +argument specifies the name of the policy to apply, and is +stored in the +.Dv PAM_SERVICE +item in the created context. +.Pp +The +.Fa user +argument specifies the name of the target user - the user the +created context will serve to authenticate. +It is stored in the +.Dv PAM_USER +item in the created context. +.Pp +The +.Fa pam_conv +argument points to a +.Vt struct pam_conv +describing the +conversation function to use; see +.Fa pam_conv +for details. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_end 3 , +.Xr pam_get_item 3 , +.Xr pam_set_item 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3 new file mode 100644 index 0000000000..de7e90f02b --- /dev/null +++ b/contrib/openpam/doc/man/pam_strerror.3 @@ -0,0 +1,80 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_STRERROR 3 +.Os +.Sh NAME +.Nm pam_strerror +.Nd get PAM standard error message string +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "const char *" +.Fn pam_strerror "pam_handle_t *pamh" "int error_number" +.Sh DESCRIPTION +The +.Nm +function returns a pointer to a string containing a +textual description of the error indicated by the +.Fa error_number +argument, in the context of the PAM transaction described by the +.Fa pamh +argument. +.Sh RETURN VALUES +The +.Nm +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3 new file mode 100644 index 0000000000..46f8e24349 --- /dev/null +++ b/contrib/openpam/doc/man/pam_verror.3 @@ -0,0 +1,90 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_VERROR 3 +.Os +.Sh NAME +.Nm pam_verror +.Nd display an error message +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Nm +function passes its arguments to +.Xr pam_vprompt 3 +with a +style argument of +.Dv PAM_ERROR_MSG , +and discards the response. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_strerror 3 , +.Xr pam_vinfo 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3 new file mode 100644 index 0000000000..13bc9e44f2 --- /dev/null +++ b/contrib/openpam/doc/man/pam_vinfo.3 @@ -0,0 +1,90 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_VINFO 3 +.Os +.Sh NAME +.Nm pam_vinfo +.Nd display an information message +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Nm +function passes its arguments to +.Xr pam_vprompt 3 +with a +style argument of +.Dv PAM_TEXT_INFO , +and discards the response. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_info 3 , +.Xr pam_strerror 3 , +.Xr pam_verror 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3 new file mode 100644 index 0000000000..1d24051846 --- /dev/null +++ b/contrib/openpam/doc/man/pam_vprompt.3 @@ -0,0 +1,127 @@ +.\"- +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4$ +.\" +.Dd June 16, 2005 +.Dt PAM_VPROMPT 3 +.Os +.Sh NAME +.Nm pam_vprompt +.Nd call the conversation function +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Nm +function constructs a string from the +.Fa fmt +and +.Fa ap +arguments using +.Xr vsnprintf 3 , +and passes it to the given PAM context's +conversation function. +.Pp +The +.Fa style +argument specifies the type of interaction requested, and +must be one of the following: +.Bl -tag -width 18n +.It Dv PAM_PROMPT_ECHO_OFF +Display the message and obtain the user's response without +displaying it. +.It Dv PAM_PROMPT_ECHO_ON +Display the message and obtain the user's response. +.It Dv PAM_ERROR_MSG +Display the message as an error message, and do not wait +for a response. +.It Dv PAM_TEXT_INFO +Display the message as an informational message, and do +not wait for a response. +.El +.Pp +A pointer to the response, or +.Dv NULL +if the conversation function did +not return one, is stored in the location pointed to by the +.Fa resp +argument. +.Pp +The message and response should not exceed +.Dv PAM_MAX_MSG_SIZE +or +.Dv PAM_MAX_RESP_SIZE , +respectively. +If they do, they may be truncated. +.Pp +.Sh RETURN VALUES +The +.Nm +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_info 3 , +.Xr pam_prompt 3 , +.Xr pam_strerror 3 , +.Xr pam_verror 3 , +.Xr pam_vinfo 3 , +.Xr vsnprintf 3 +.Sh STANDARDS +The +.Nm +function is an OpenPAM extension. +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/include/security/openpam.h b/contrib/openpam/include/security/openpam.h new file mode 100644 index 0000000000..55b237ecba --- /dev/null +++ b/contrib/openpam/include/security/openpam.h @@ -0,0 +1,316 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/include/security/openpam.h#28 $ + */ + +#ifndef _SECURITY_OPENPAM_H_INCLUDED +#define _SECURITY_OPENPAM_H_INCLUDED + +/* + * Annoying but necessary header pollution + */ +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct passwd; + +/* + * API extensions + */ +int +openpam_borrow_cred(pam_handle_t *_pamh, + const struct passwd *_pwd); + +void +openpam_free_data(pam_handle_t *_pamh, + void *_data, + int _status); + +void +openpam_free_envlist(char **_envlist); + +const char * +openpam_get_option(pam_handle_t *_pamh, + const char *_option); + +int +openpam_restore_cred(pam_handle_t *_pamh); + +int +openpam_set_option(pam_handle_t *_pamh, + const char *_option, + const char *_value); + +int +pam_error(pam_handle_t *_pamh, + const char *_fmt, + ...); + +int +pam_get_authtok(pam_handle_t *_pamh, + int _item, + const char **_authtok, + const char *_prompt); + +int +pam_info(pam_handle_t *_pamh, + const char *_fmt, + ...); + +int +pam_prompt(pam_handle_t *_pamh, + int _style, + char **_resp, + const char *_fmt, + ...); + +int +pam_setenv(pam_handle_t *_pamh, + const char *_name, + const char *_value, + int _overwrite); + +int +pam_vinfo(pam_handle_t *_pamh, + const char *_fmt, + va_list _ap); + +int +pam_verror(pam_handle_t *_pamh, + const char *_fmt, + va_list _ap); + +int +pam_vprompt(pam_handle_t *_pamh, + int _style, + char **_resp, + const char *_fmt, + va_list _ap); + +/* + * Read cooked lines. + * Checking for _IOFBF is a fairly reliable way to detect the presence + * of , as SUSv3 requires it to be defined there. + */ +#ifdef _IOFBF +char * +openpam_readline(FILE *_f, + int *_lineno, + size_t *_lenp); +#endif + +/* + * Log levels + */ +enum { + PAM_LOG_DEBUG, + PAM_LOG_VERBOSE, + PAM_LOG_NOTICE, + PAM_LOG_ERROR +}; + +/* + * Log to syslog + */ +void +_openpam_log(int _level, + const char *_func, + const char *_fmt, + ...) +#if defined(__GNUC__) + __attribute__((__format__(__printf__, 3, 4))) +#endif + ; + +#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) +#define openpam_log(lvl, ...) \ + _openpam_log((lvl), __func__, __VA_ARGS__) +#elif defined(__GNUC__) && (__GNUC__ >= 3) +#define openpam_log(lvl, ...) \ + _openpam_log((lvl), __func__, __VA_ARGS__) +#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) +#define openpam_log(lvl, fmt...) \ + _openpam_log((lvl), __func__, ##fmt) +#elif defined(__GNUC__) && defined(__FUNCTION__) +#define openpam_log(lvl, fmt...) \ + _openpam_log((lvl), __FUNCTION__, ##fmt) +#else +void +openpam_log(int _level, + const char *_format, + ...); +#endif + +/* + * Generic conversation function + */ +struct pam_message; +struct pam_response; +int openpam_ttyconv(int _n, + const struct pam_message **_msg, + struct pam_response **_resp, + void *_data); + +extern int openpam_ttyconv_timeout; + +/* + * Null conversation function + */ +int openpam_nullconv(int _n, + const struct pam_message **_msg, + struct pam_response **_resp, + void *_data); + +/* + * PAM primitives + */ +enum { + PAM_SM_AUTHENTICATE, + PAM_SM_SETCRED, + PAM_SM_ACCT_MGMT, + PAM_SM_OPEN_SESSION, + PAM_SM_CLOSE_SESSION, + PAM_SM_CHAUTHTOK, + /* keep this last */ + PAM_NUM_PRIMITIVES +}; + +/* + * Dummy service module function + */ +#define PAM_SM_DUMMY(type) \ +PAM_EXTERN int \ +pam_sm_##type(pam_handle_t *pamh, int flags, \ + int argc, const char *argv[]) \ +{ \ + return (PAM_IGNORE); \ +} + +/* + * PAM service module functions match this typedef + */ +struct pam_handle; +typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); + +/* + * A struct that describes a module. + */ +typedef struct pam_module pam_module_t; +struct pam_module { + char *path; + pam_func_t func[PAM_NUM_PRIMITIVES]; + void *dlh; + int refcount; + pam_module_t *prev; + pam_module_t *next; +}; + +/* + * Source-code compatibility with Linux-PAM modules + */ +#if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ + defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) +#define LINUX_PAM_MODULE +#endif +#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) +#define _PAM_SM_AUTHENTICATE 0 +#define _PAM_SM_SETCRED 0 +#else +#undef PAM_SM_AUTH +#define PAM_SM_AUTH +#define _PAM_SM_AUTHENTICATE pam_sm_authenticate +#define _PAM_SM_SETCRED pam_sm_setcred +#endif +#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) +#define _PAM_SM_ACCT_MGMT 0 +#else +#undef PAM_SM_ACCOUNT +#define PAM_SM_ACCOUNT +#define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt +#endif +#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) +#define _PAM_SM_OPEN_SESSION 0 +#define _PAM_SM_CLOSE_SESSION 0 +#else +#undef PAM_SM_SESSION +#define PAM_SM_SESSION +#define _PAM_SM_OPEN_SESSION pam_sm_open_session +#define _PAM_SM_CLOSE_SESSION pam_sm_close_session +#endif +#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) +#define _PAM_SM_CHAUTHTOK 0 +#else +#undef PAM_SM_PASSWORD +#define PAM_SM_PASSWORD +#define _PAM_SM_CHAUTHTOK pam_sm_chauthtok +#endif + +/* + * Infrastructure for static modules using GCC linker sets. + * You are not expected to understand this. + */ +#if defined(__FreeBSD__) +#define PAM_SOEXT ".so" +#else +#ifndef NO_STATIC_MODULES +#define NO_STATIC_MODULES +#endif +#endif +#if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) +/* gcc, static linking */ +#include +#include +#define OPENPAM_STATIC_MODULES +#define PAM_EXTERN static +#define PAM_MODULE_ENTRY(name) \ +static char _pam_name[] = name PAM_SOEXT; \ +static struct pam_module _pam_module = { _pam_name, { \ + _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \ + _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \ + NULL, 0, NULL, NULL }; \ +DATA_SET(_openpam_static_modules, _pam_module) +#else +/* normal case */ +#define PAM_EXTERN +#define PAM_MODULE_ENTRY(name) +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/include/security/openpam_version.h b/contrib/openpam/include/security/openpam_version.h new file mode 100644 index 0000000000..b7b3e8e85c --- /dev/null +++ b/contrib/openpam/include/security/openpam_version.h @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/include/security/openpam_version.h#14 $ + */ + +#ifndef _OPENPAM_VERSION_H_INCLUDED +#define _OPENPAM_VERSION_H_INCLUDED + +#define _OPENPAM +#define _OPENPAM_VERSION 20050616 +#define _OPENPAM_RELEASE "Figwort" + +#endif diff --git a/contrib/openpam/include/security/pam_appl.h b/contrib/openpam/include/security/pam_appl.h new file mode 100644 index 0000000000..d97022e2db --- /dev/null +++ b/contrib/openpam/include/security/pam_appl.h @@ -0,0 +1,180 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/include/security/pam_appl.h#14 $ + */ + +#ifndef _PAM_APPL_H_INCLUDED +#define _PAM_APPL_H_INCLUDED + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * XSSO 4.2.1, 6 + */ + +int +pam_acct_mgmt(pam_handle_t *_pamh, + int _flags); + +int +pam_authenticate(pam_handle_t *_pamh, + int _flags); + +int +pam_chauthtok(pam_handle_t *_pamh, + int _flags); + +int +pam_close_session(pam_handle_t *_pamh, + int _flags); + +int +pam_end(pam_handle_t *_pamh, + int _status); + +int +pam_get_data(pam_handle_t *_pamh, + const char *_module_data_name, + void **_data); + +int +pam_get_item(pam_handle_t *_pamh, + int _item_type, + const void **_item); + +int +pam_get_user(pam_handle_t *_pamh, + const char **_user, + const char *_prompt); + +const char * +pam_getenv(pam_handle_t *_pamh, + const char *_name); + +char ** +pam_getenvlist(pam_handle_t *_pamh); + +int +pam_open_session(pam_handle_t *_pamh, + int _flags); + +int +pam_putenv(pam_handle_t *_pamh, + const char *_namevalue); + +int +pam_set_data(pam_handle_t *_pamh, + const char *_module_data_name, + void *_data, + void (*_cleanup)(pam_handle_t *_pamh, + void *_data, + int _pam_end_status)); + +int +pam_set_item(pam_handle_t *_pamh, + int _item_type, + const void *_item); + +int +pam_setcred(pam_handle_t *_pamh, + int _flags); + +int +pam_start(const char *_service, + const char *_user, + const struct pam_conv *_pam_conv, + pam_handle_t **_pamh); + +const char * +pam_strerror(pam_handle_t *_pamh, + int _error_number); + +/* + * Single Sign-On extensions + */ +#if 0 +int +pam_authenticate_secondary(pam_handle_t *_pamh, + char *_target_username, + char *_target_module_type, + char *_target_authn_domain, + char *_target_supp_data, + char *_target_module_authtok, + int _flags); + +int +pam_get_mapped_authtok(pam_handle_t *_pamh, + const char *_target_module_username, + const char *_target_module_type, + const char *_target_authn_domain, + size_t *_target_authtok_len, + unsigned char **_target_module_authtok); + +int +pam_get_mapped_username(pam_handle_t *_pamh, + const char *_src_username, + const char *_src_module_type, + const char *_src_authn_domain, + const char *_target_module_type, + const char *_target_authn_domain, + char **_target_module_username); + +int +pam_set_mapped_authtok(pam_handle_t *_pamh, + const char *_target_module_username, + size_t _target_authtok_len, + unsigned char *_target_module_authtok, + const char *_target_module_type, + const char *_target_authn_domain); + +int +pam_set_mapped_username(pam_handle_t *_pamh, + char *_src_username, + char *_src_module_type, + char *_src_authn_domain, + char *_target_module_username, + char *_target_module_type, + char *_target_authn_domain); +#endif /* 0 */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/include/security/pam_constants.h b/contrib/openpam/include/security/pam_constants.h new file mode 100644 index 0000000000..f3f8d304be --- /dev/null +++ b/contrib/openpam/include/security/pam_constants.h @@ -0,0 +1,135 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/include/security/pam_constants.h#22 $ + */ + +#ifndef _PAM_CONSTANTS_H_INCLUDED +#define _PAM_CONSTANTS_H_INCLUDED + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * XSSO 5.2 + */ +enum { + PAM_SUCCESS = 0, + PAM_OPEN_ERR = 1, + PAM_SYMBOL_ERR = 2, + PAM_SERVICE_ERR = 3, + PAM_SYSTEM_ERR = 4, + PAM_BUF_ERR = 5, + PAM_CONV_ERR = 6, + PAM_PERM_DENIED = 7, + PAM_MAXTRIES = 8, + PAM_AUTH_ERR = 9, + PAM_NEW_AUTHTOK_REQD = 10, + PAM_CRED_INSUFFICIENT = 11, + PAM_AUTHINFO_UNAVAIL = 12, + PAM_USER_UNKNOWN = 13, + PAM_CRED_UNAVAIL = 14, + PAM_CRED_EXPIRED = 15, + PAM_CRED_ERR = 16, + PAM_ACCT_EXPIRED = 17, + PAM_AUTHTOK_EXPIRED = 18, + PAM_SESSION_ERR = 19, + PAM_AUTHTOK_ERR = 20, + PAM_AUTHTOK_RECOVERY_ERR = 21, + PAM_AUTHTOK_LOCK_BUSY = 22, + PAM_AUTHTOK_DISABLE_AGING = 23, + PAM_NO_MODULE_DATA = 24, + PAM_IGNORE = 25, + PAM_ABORT = 26, + PAM_TRY_AGAIN = 27, + PAM_MODULE_UNKNOWN = 28, + PAM_DOMAIN_UNKNOWN = 29, + PAM_NUM_ERRORS /* OpenPAM extension */ +}; + +/* + * XSSO 5.3 + */ +enum { + PAM_PROMPT_ECHO_OFF = 1, + PAM_PROMPT_ECHO_ON = 2, + PAM_ERROR_MSG = 3, + PAM_TEXT_INFO = 4, + PAM_MAX_NUM_MSG = 32, + PAM_MAX_MSG_SIZE = 512, + PAM_MAX_RESP_SIZE = 512 +}; + +/* + * XSSO 5.4 + */ +enum { + /* some compilers promote 0x8000000 to long */ + PAM_SILENT = (-0x7fffffff - 1), + PAM_DISALLOW_NULL_AUTHTOK = 0x1, + PAM_ESTABLISH_CRED = 0x1, + PAM_DELETE_CRED = 0x2, + PAM_REINITIALIZE_CRED = 0x4, + PAM_REFRESH_CRED = 0x8, + PAM_PRELIM_CHECK = 0x1, + PAM_UPDATE_AUTHTOK = 0x2, + PAM_CHANGE_EXPIRED_AUTHTOK = 0x4 +}; + +/* + * XSSO 5.5 + */ +enum { + PAM_SERVICE = 1, + PAM_USER = 2, + PAM_TTY = 3, + PAM_RHOST = 4, + PAM_CONV = 5, + PAM_AUTHTOK = 6, + PAM_OLDAUTHTOK = 7, + PAM_RUSER = 8, + PAM_USER_PROMPT = 9, + PAM_REPOSITORY = 10, + PAM_AUTHTOK_PROMPT = 11, /* OpenPAM extension */ + PAM_OLDAUTHTOK_PROMPT = 12, /* OpenPAM extension */ + PAM_NUM_ITEMS /* OpenPAM extension */ +}; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/include/security/pam_modules.h b/contrib/openpam/include/security/pam_modules.h new file mode 100644 index 0000000000..821b03d6c7 --- /dev/null +++ b/contrib/openpam/include/security/pam_modules.h @@ -0,0 +1,160 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/include/security/pam_modules.h#9 $ + */ + +#ifndef _PAM_MODULES_H_INCLUDED +#define _PAM_MODULES_H_INCLUDED + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * XSSO 4.2.2, 6 + */ + +#if defined(PAM_SM_ACCOUNT) +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); +#endif + +#if defined(PAM_SM_AUTH) +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); +#endif + +#if defined(PAM_SM_PASSWORD) +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); +#endif + +#if defined(PAM_SM_SESSION) +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *_pamh, + int _flags, + int _args, + const char **_argv); +#endif + +#if defined(PAM_SM_SESSION) +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); +#endif + +#if defined(PAM_SM_AUTH) +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); +#endif + +/* + * Single Sign-On extensions + */ +#if 0 +PAM_EXTERN int +pam_sm_authenticate_secondary(pam_handle_t *_pamh, + char *_target_username, + char *_target_module_type, + char *_target_authn_domain, + char *_target_supp_data, + unsigned char *_target_module_authtok, + int _flags, + int _argc, + const char **_argv); + +PAM_EXTERN int +pam_sm_get_mapped_authtok(pam_handle_t *_pamh, + char *_target_module_username, + char *_target_module_type, + char *_target_authn_domain, + size_t *_target_authtok_len, + unsigned char **_target_module_authtok, + int _argc, + char *_argv); + +PAM_EXTERN int +pam_sm_get_mapped_username(pam_handle_t *_pamh, + char *_src_username, + char *_src_module_type, + char *_src_authn_domain, + char *_target_module_type, + char *_target_authn_domain, + char **_target_module_username, + int _argc, + const char **_argv); + +PAM_EXTERN int +pam_sm_set_mapped_authtok(pam_handle_t *_pamh, + char *_target_module_username, + size_t _target_authtok_len, + unsigned char *_target_module_authtok, + char *_target_module_type, + char *_target_authn_domain, + int _argc, + const char *_argv); + +PAM_EXTERN int +pam_sm_set_mapped_username(pam_handle_t *_pamh, + char *_target_module_username, + char *_target_module_type, + char *_target_authn_domain, + int _argc, + const char **_argv); + +#endif /* 0 */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/include/security/pam_types.h b/contrib/openpam/include/security/pam_types.h new file mode 100644 index 0000000000..ebe2eec736 --- /dev/null +++ b/contrib/openpam/include/security/pam_types.h @@ -0,0 +1,87 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/include/security/pam_types.h#13 $ + */ + +#ifndef _PAM_TYPES_H_INCLUDED +#define _PAM_TYPES_H_INCLUDED + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * XSSO 5.1.1 + */ +struct pam_message { + int msg_style; + char *msg; +}; + +struct pam_response { + char *resp; + int resp_retcode; +}; + +/* + * XSSO 5.1.2 + */ +struct pam_conv { + int (*conv)(int, const struct pam_message **, + struct pam_response **, void *); + void *appdata_ptr; +}; + +/* + * XSSO 5.1.3 + */ +struct pam_handle; +typedef struct pam_handle pam_handle_t; + +/* + * Solaris 9 + */ +typedef struct pam_repository { + char *type; + void *scope; + size_t scope_len; +} pam_repository_t; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/lib/openpam_borrow_cred.c b/contrib/openpam/lib/openpam_borrow_cred.c new file mode 100644 index 0000000000..edf8889d26 --- /dev/null +++ b/contrib/openpam/lib/openpam_borrow_cred.c @@ -0,0 +1,120 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#13 $ + */ + +#include + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Temporarily borrow user credentials + */ + +int +openpam_borrow_cred(pam_handle_t *pamh, + const struct passwd *pwd) +{ + struct pam_saved_cred *scred; + void *scredp; + int r; + + ENTERI(pwd->pw_uid); + r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); + if (r == PAM_SUCCESS && scredp != NULL) { + openpam_log(PAM_LOG_DEBUG, + "already operating under borrowed credentials"); + RETURNC(PAM_SYSTEM_ERR); + } + if (geteuid() != 0 && geteuid() != pwd->pw_uid) { + openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d", + (int)geteuid()); + RETURNC(PAM_PERM_DENIED); + } + scred = calloc(1, sizeof *scred); + if (scred == NULL) + RETURNC(PAM_BUF_ERR); + scred->euid = geteuid(); + scred->egid = getegid(); + r = getgroups(NGROUPS_MAX, scred->groups); + if (r < 0) { + FREE(scred); + RETURNC(PAM_SYSTEM_ERR); + } + scred->ngroups = r; + r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); + if (r != PAM_SUCCESS) { + FREE(scred); + RETURNC(r); + } + if (geteuid() == pwd->pw_uid) + RETURNC(PAM_SUCCESS); + if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 || + setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) { + openpam_restore_cred(pamh); + RETURNC(PAM_SYSTEM_ERR); + } + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * =pam_set_data + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_PERM_DENIED + */ + +/** + * The =openpam_borrow_cred function saves the current credentials and + * switches to those of the user specified by its =pwd argument. + * The affected credentials are the effective UID, the effective GID, and + * the group access list. + * The original credentials can be restored using =openpam_restore_cred. + * + * >setegid 2 + * >seteuid 2 + * >setgroups 2 + */ diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c new file mode 100644 index 0000000000..348f224b1f --- /dev/null +++ b/contrib/openpam/lib/openpam_configure.c @@ -0,0 +1,339 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_configure.c#11 $ + */ + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_facility_name[PAM_NUM_FACILITIES] = { + [PAM_ACCOUNT] = "account", + [PAM_AUTH] = "auth", + [PAM_PASSWORD] = "password", + [PAM_SESSION] = "session", +}; + +const char *_pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { + [PAM_BINDING] = "binding", + [PAM_OPTIONAL] = "optional", + [PAM_REQUIRED] = "required", + [PAM_REQUISITE] = "requisite", + [PAM_SUFFICIENT] = "sufficient", +}; + +static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); + +/* + * Matches a word against the first one in a string. + * Returns non-zero if they match. + */ +static int +match_word(const char *str, const char *word) +{ + + while (*str && tolower(*str) == tolower(*word)) + ++str, ++word; + return (*str == ' ' && *word == '\0'); +} + +/* + * Return a pointer to the next word (or the final NUL) in a string. + */ +static const char * +next_word(const char *str) +{ + + /* skip current word */ + while (*str && *str != ' ') + ++str; + /* skip whitespace */ + while (*str == ' ') + ++str; + return (str); +} + +/* + * Return a malloc()ed copy of the first word in a string. + */ +static char * +dup_word(const char *str) +{ + const char *end; + char *word; + + for (end = str; *end && *end != ' '; ++end) + /* nothing */ ; + if (asprintf(&word, "%.*s", (int)(end - str), str) < 0) + return (NULL); + return (word); +} + +/* + * Return the length of the first word in a string. + */ +static int +wordlen(const char *str) +{ + int i; + + for (i = 0; str[i] && str[i] != ' '; ++i) + /* nothing */ ; + return (i); +} + +typedef enum { pam_conf_style, pam_d_style } openpam_style_t; + +/* + * Extracts given chains from a policy file. + */ +static int +openpam_read_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility, + const char *filename, + openpam_style_t style) +{ + pam_chain_t *this, **next; + const char *p, *q; + int count, i, lineno, ret; + pam_facility_t fclt; + pam_control_t ctlf; + char *line, *name; + FILE *f; + + if ((f = fopen(filename, "r")) == NULL) { + openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, + "%s: %m", filename); + return (0); + } + this = NULL; + count = lineno = 0; + while ((line = openpam_readline(f, &lineno, NULL)) != NULL) { + p = line; + + /* match service name */ + if (style == pam_conf_style) { + if (!match_word(p, service)) { + FREE(line); + continue; + } + p = next_word(p); + } + + /* match facility name */ + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) + if (match_word(p, _pam_facility_name[fclt])) + break; + if (fclt == PAM_NUM_FACILITIES) { + openpam_log(PAM_LOG_NOTICE, + "%s(%d): invalid facility '%.*s' (ignored)", + filename, lineno, wordlen(p), p); + goto fail; + } + if (facility != fclt && facility != PAM_FACILITY_ANY) { + FREE(line); + continue; + } + p = next_word(p); + + /* include other chain */ + if (match_word(p, "include")) { + p = next_word(p); + if (*next_word(p) != '\0') + openpam_log(PAM_LOG_NOTICE, + "%s(%d): garbage at end of 'include' line", + filename, lineno); + if ((name = dup_word(p)) == NULL) + goto syserr; + ret = openpam_load_chain(pamh, name, fclt); + FREE(name); + if (ret < 0) + goto fail; + count += ret; + FREE(line); + continue; + } + + /* allocate new entry */ + if ((this = calloc(1, sizeof *this)) == NULL) + goto syserr; + + /* control flag */ + for (ctlf = 0; ctlf < PAM_NUM_CONTROL_FLAGS; ++ctlf) + if (match_word(p, _pam_control_flag_name[ctlf])) + break; + if (ctlf == PAM_NUM_CONTROL_FLAGS) { + openpam_log(PAM_LOG_ERROR, + "%s(%d): invalid control flag '%.*s'", + filename, lineno, wordlen(p), p); + goto fail; + } + this->flag = ctlf; + + /* module name */ + p = next_word(p); + if (*p == '\0') { + openpam_log(PAM_LOG_ERROR, + "%s(%d): missing module name", + filename, lineno); + goto fail; + } + if ((name = dup_word(p)) == NULL) + goto syserr; + this->module = openpam_load_module(name); + FREE(name); + if (this->module == NULL) + goto fail; + + /* module options */ + p = q = next_word(p); + while (*q != '\0') { + ++this->optc; + q = next_word(q); + } + this->optv = calloc(this->optc + 1, sizeof(char *)); + if (this->optv == NULL) + goto syserr; + for (i = 0; i < this->optc; ++i) { + if ((this->optv[i] = dup_word(p)) == NULL) + goto syserr; + p = next_word(p); + } + + /* hook it up */ + for (next = &pamh->chains[fclt]; *next != NULL; + next = &(*next)->next) + /* nothing */ ; + *next = this; + this = NULL; + ++count; + + /* next please... */ + FREE(line); + } + if (!feof(f)) + goto syserr; + fclose(f); + return (count); + syserr: + openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + fail: + FREE(this); + FREE(line); + fclose(f); + return (-1); +} + +static const char *openpam_policy_path[] = { + "/etc/pam.d/", + "/etc/pam.conf", + "/usr/local/etc/pam.d/", + "/usr/local/etc/pam.conf", + NULL +}; + +/* + * Locates the policy file for a given service and reads the given chains + * from it. + */ +static int +openpam_load_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility) +{ + const char **path; + char *filename; + size_t len; + int r; + + for (path = openpam_policy_path; *path != NULL; ++path) { + len = strlen(*path); + if ((*path)[len - 1] == '/') { + if (asprintf(&filename, "%s%s", *path, service) < 0) { + openpam_log(PAM_LOG_ERROR, "asprintf(): %m"); + return (-PAM_BUF_ERR); + } + r = openpam_read_chain(pamh, service, facility, + filename, pam_d_style); + FREE(filename); + } else { + r = openpam_read_chain(pamh, service, facility, + *path, pam_conf_style); + } + if (r != 0) + return (r); + } + return (0); +} + +/* + * OpenPAM internal + * + * Configure a service + */ + +int +openpam_configure(pam_handle_t *pamh, + const char *service) +{ + pam_facility_t fclt; + + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) + goto load_err; + + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { + if (pamh->chains[fclt] != NULL) + continue; + if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) + goto load_err; + } + return (PAM_SUCCESS); + load_err: + openpam_clear_chains(pamh->chains); + return (PAM_SYSTEM_ERR); +} + +/* + * NODOC + * + * Error codes: + * PAM_SYSTEM_ERR + */ diff --git a/contrib/openpam/lib/openpam_dispatch.c b/contrib/openpam/lib/openpam_dispatch.c new file mode 100644 index 0000000000..d36b2bd974 --- /dev/null +++ b/contrib/openpam/lib/openpam_dispatch.c @@ -0,0 +1,239 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#21 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +#if !defined(OPENPAM_RELAX_CHECKS) +static void _openpam_check_error_code(int, int); +#else +#define _openpam_check_error_code(a, b) +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * OpenPAM internal + * + * Execute a module chain + */ + +int +openpam_dispatch(pam_handle_t *pamh, + int primitive, + int flags) +{ + pam_chain_t *chain; + int err, fail, r; +#ifdef DEBUG + int debug; +#endif + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* prevent recursion */ + if (pamh->current != NULL) { + openpam_log(PAM_LOG_ERROR, + "%s() called while %s::%s() is in progress", + _pam_func_name[primitive], + pamh->current->module->path, + _pam_sm_func_name[pamh->primitive]); + RETURNC(PAM_ABORT); + } + + /* pick a chain */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + case PAM_SM_SETCRED: + chain = pamh->chains[PAM_AUTH]; + break; + case PAM_SM_ACCT_MGMT: + chain = pamh->chains[PAM_ACCOUNT]; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + chain = pamh->chains[PAM_SESSION]; + break; + case PAM_SM_CHAUTHTOK: + chain = pamh->chains[PAM_PASSWORD]; + break; + default: + RETURNC(PAM_SYSTEM_ERR); + } + + /* execute */ + for (err = fail = 0; chain != NULL; chain = chain->next) { + if (chain->module->func[primitive] == NULL) { + openpam_log(PAM_LOG_ERROR, "%s: no %s()", + chain->module->path, _pam_sm_func_name[primitive]); + continue; + } else { + pamh->primitive = primitive; + pamh->current = chain; +#ifdef DEBUG + debug = (openpam_get_option(pamh, "debug") != NULL); + if (debug) + ++_openpam_debug; + openpam_log(PAM_LOG_DEBUG, "calling %s() in %s", + _pam_sm_func_name[primitive], chain->module->path); +#endif + r = (chain->module->func[primitive])(pamh, flags, + chain->optc, (const char **)chain->optv); + pamh->current = NULL; +#ifdef DEBUG + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + chain->module->path, _pam_sm_func_name[primitive], + pam_strerror(pamh, r)); + if (debug) + --_openpam_debug; +#endif + } + + if (r == PAM_IGNORE) + continue; + if (r == PAM_SUCCESS) { + /* + * For pam_setcred() and pam_chauthtok() with the + * PAM_PRELIM_CHECK flag, treat "sufficient" as + * "optional". + */ + if ((chain->flag == PAM_SUFFICIENT || + chain->flag == PAM_BINDING) && !fail && + primitive != PAM_SM_SETCRED && + !(primitive == PAM_SM_CHAUTHTOK && + (flags & PAM_PRELIM_CHECK))) + break; + continue; + } + + _openpam_check_error_code(primitive, r); + + /* + * Record the return code from the first module to + * fail. If a required module fails, record the + * return code from the first required module to fail. + */ + if (err == 0) + err = r; + if ((chain->flag == PAM_REQUIRED || + chain->flag == PAM_BINDING) && !fail) { + openpam_log(PAM_LOG_DEBUG, "required module failed"); + fail = 1; + err = r; + } + + /* + * If a requisite module fails, terminate the chain + * immediately. + */ + if (chain->flag == PAM_REQUISITE) { + openpam_log(PAM_LOG_DEBUG, "requisite module failed"); + fail = 1; + break; + } + } + + if (!fail && err != PAM_NEW_AUTHTOK_REQD) + err = PAM_SUCCESS; + RETURNC(err); +} + +#if !defined(OPENPAM_RELAX_CHECKS) +static void +_openpam_check_error_code(int primitive, int r) +{ + /* common error codes */ + if (r == PAM_SUCCESS || + r == PAM_SERVICE_ERR || + r == PAM_BUF_ERR || + r == PAM_CONV_ERR || + r == PAM_PERM_DENIED || + r == PAM_ABORT) + return; + + /* specific error codes */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + if (r == PAM_AUTH_ERR || + r == PAM_CRED_INSUFFICIENT || + r == PAM_AUTHINFO_UNAVAIL || + r == PAM_USER_UNKNOWN || + r == PAM_MAXTRIES) + return; + break; + case PAM_SM_SETCRED: + if (r == PAM_CRED_UNAVAIL || + r == PAM_CRED_EXPIRED || + r == PAM_USER_UNKNOWN || + r == PAM_CRED_ERR) + return; + break; + case PAM_SM_ACCT_MGMT: + if (r == PAM_USER_UNKNOWN || + r == PAM_AUTH_ERR || + r == PAM_NEW_AUTHTOK_REQD || + r == PAM_ACCT_EXPIRED) + return; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + if (r == PAM_SESSION_ERR) + return; + break; + case PAM_SM_CHAUTHTOK: + if (r == PAM_PERM_DENIED || + r == PAM_AUTHTOK_ERR || + r == PAM_AUTHTOK_RECOVERY_ERR || + r == PAM_AUTHTOK_LOCK_BUSY || + r == PAM_AUTHTOK_DISABLE_AGING || + r == PAM_TRY_AGAIN) + return; + break; + } + + openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", + _pam_sm_func_name[primitive], r); +} +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * NODOC + * + * Error codes: + */ diff --git a/contrib/openpam/lib/openpam_dynamic.c b/contrib/openpam/lib/openpam_dynamic.c new file mode 100644 index 0000000000..2e062fb735 --- /dev/null +++ b/contrib/openpam/lib/openpam_dynamic.c @@ -0,0 +1,108 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#14 $ + */ + +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +#ifndef RTLD_NOW +#define RTLD_NOW RTLD_LAZY +#endif + +/* + * OpenPAM internal + * + * Locate a dynamically linked module + */ + +pam_module_t * +openpam_dynamic(const char *path) +{ + pam_module_t *module; + const char *prefix; + char *vpath; + void *dlh; + int i; + + dlh = NULL; + if ((module = calloc(1, sizeof *module)) == NULL) + goto buf_err; + + /* Prepend the standard prefix if not an absolute pathname. */ + if (path[0] != '/') + prefix = OPENPAM_MODULES_DIR; + else + prefix = ""; + + /* try versioned module first, then unversioned module */ + if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0) + goto buf_err; + if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); + *strrchr(vpath, '.') = '\0'; + if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); + FREE(module); + return (NULL); + } + } + FREE(vpath); + if ((module->path = strdup(path)) == NULL) + goto buf_err; + module->dlh = dlh; + for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) { + module->func[i] = (pam_func_t)dlsym(dlh, _pam_sm_func_name[i]); + if (module->func[i] == NULL) + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + path, _pam_sm_func_name[i], dlerror()); + } + return (module); + buf_err: + openpam_log(PAM_LOG_ERROR, "%m"); + if (dlh != NULL) + dlclose(dlh); + FREE(module); + return (NULL); +} + +/* + * NOPARSE + */ diff --git a/contrib/openpam/lib/openpam_findenv.c b/contrib/openpam/lib/openpam_findenv.c new file mode 100644 index 0000000000..f6ddf61223 --- /dev/null +++ b/contrib/openpam/lib/openpam_findenv.c @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_findenv.c#12 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM internal + * + * Locate an environment variable + */ + +int +openpam_findenv(pam_handle_t *pamh, + const char *name, + size_t len) +{ + int i; + + ENTER(); + if (pamh == NULL) + RETURNN(-1); + for (i = 0; i < pamh->env_count; ++i) + if (strncmp(pamh->env[i], name, len) == 0 && + pamh->env[i][len] == '=') + RETURNN(i); + RETURNN(-1); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/openpam_free_data.c b/contrib/openpam/lib/openpam_free_data.c new file mode 100644 index 0000000000..6a6e5026ec --- /dev/null +++ b/contrib/openpam/lib/openpam_free_data.c @@ -0,0 +1,71 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_free_data.c#7 $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Generic cleanup function + */ + +void +openpam_free_data(pam_handle_t *pamh, + void *data, + int status) +{ + + ENTER(); + (void)pamh; + (void)status; + FREE(data); + RETURNV(); +} + +/* + * Error codes: + */ + +/** + * The =openpam_free_data function is a cleanup function suitable for + * passing to =pam_set_data. + * It simply releases the data by passing its =data argument to =free. + */ diff --git a/contrib/openpam/lib/openpam_free_envlist.c b/contrib/openpam/lib/openpam_free_envlist.c new file mode 100644 index 0000000000..42caddf9e8 --- /dev/null +++ b/contrib/openpam/lib/openpam_free_envlist.c @@ -0,0 +1,66 @@ +/*- + * Copyright (c) 2005 Dag-Erling Coïdan Smørgrav + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_free_envlist.c#2 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Free an environment list + */ + +void +openpam_free_envlist(char **envlist) +{ + char **env; + + ENTER(); + if (envlist == NULL) + RETURNV(); + for (env = envlist; *env != NULL; ++env) + FREE(*env); + FREE(envlist); + RETURNV(); +} + +/* + * Error codes: + */ + +/** + * The =openpam_free_envlist function is a convenience function which + * frees all the environment variables in an environment list, and the + * list itself. + * It is suitable for freeing the return value from =pam_getenvlist. + */ diff --git a/contrib/openpam/lib/openpam_get_option.c b/contrib/openpam/lib/openpam_get_option.c new file mode 100644 index 0000000000..bfdd8569ac --- /dev/null +++ b/contrib/openpam/lib/openpam_get_option.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_get_option.c#10 $ + */ + +#include + +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Returns the value of a module option + */ + +const char * +openpam_get_option(pam_handle_t *pamh, + const char *option) +{ + pam_chain_t *cur; + size_t len; + int i; + + ENTERS(option); + if (pamh == NULL || pamh->current == NULL || option == NULL) + RETURNS(NULL); + cur = pamh->current; + len = strlen(option); + for (i = 0; i < cur->optc; ++i) { + if (strncmp(cur->optv[i], option, len) == 0) { + if (cur->optv[i][len] == '\0') + RETURNS(&cur->optv[i][len]); + else if (cur->optv[i][len] == '=') + RETURNS(&cur->optv[i][len + 1]); + } + } + RETURNS(NULL); +} + +/** + * The =openpam_get_option function returns the value of the specified + * option in the context of the currently executing service module, or + * =NULL if the option is not set or no module is currently executing. + * + * >openpam_set_option + */ diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h new file mode 100644 index 0000000000..f5ec65da37 --- /dev/null +++ b/contrib/openpam/lib/openpam_impl.h @@ -0,0 +1,199 @@ +/*- + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_impl.h#29 $ + */ + +#ifndef _OPENPAM_IMPL_H_INCLUDED +#define _OPENPAM_IMPL_H_INCLUDED + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include + +extern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; +extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; +extern const char *_pam_err_name[PAM_NUM_ERRORS]; +extern const char *_pam_item_name[PAM_NUM_ITEMS]; + +extern int _openpam_debug; + +/* + * Control flags + */ +typedef enum { + PAM_BINDING, + PAM_REQUIRED, + PAM_REQUISITE, + PAM_SUFFICIENT, + PAM_OPTIONAL, + PAM_NUM_CONTROL_FLAGS +} pam_control_t; + +/* + * Facilities + */ +typedef enum { + PAM_FACILITY_ANY = -1, + PAM_AUTH = 0, + PAM_ACCOUNT, + PAM_SESSION, + PAM_PASSWORD, + PAM_NUM_FACILITIES +} pam_facility_t; + +typedef struct pam_chain pam_chain_t; +struct pam_chain { + pam_module_t *module; + int flag; + int optc; + char **optv; + pam_chain_t *next; +}; + +typedef struct pam_data pam_data_t; +struct pam_data { + char *name; + void *data; + void (*cleanup)(pam_handle_t *, void *, int); + pam_data_t *next; +}; + +struct pam_handle { + char *service; + + /* chains */ + pam_chain_t *chains[PAM_NUM_FACILITIES]; + pam_chain_t *current; + int primitive; + + /* items and data */ + void *item[PAM_NUM_ITEMS]; + pam_data_t *module_data; + + /* environment list */ + char **env; + int env_count; + int env_size; +}; + +#ifdef NGROUPS_MAX +#define PAM_SAVED_CRED "pam_saved_cred" +struct pam_saved_cred { + uid_t euid; + gid_t egid; + gid_t groups[NGROUPS_MAX]; + int ngroups; +}; +#endif + +#define PAM_OTHER "other" + +int openpam_configure(pam_handle_t *, const char *); +int openpam_dispatch(pam_handle_t *, int, int); +int openpam_findenv(pam_handle_t *, const char *, size_t); +pam_module_t *openpam_load_module(const char *); +void openpam_clear_chains(pam_chain_t **); + +#ifdef OPENPAM_STATIC_MODULES +pam_module_t *openpam_static(const char *); +#endif +pam_module_t *openpam_dynamic(const char *); + +#define FREE(p) do { free((p)); (p) = NULL; } while (0) + +#ifdef DEBUG +#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") +#define ENTERI(i) do { \ + int _i = (i); \ + if (_i > 0 && _i < PAM_NUM_ITEMS) \ + openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[_i]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", _i); \ +} while (0) +#define ENTERN(n) do { \ + int _n = (n); \ + openpam_log(PAM_LOG_DEBUG, "entering: %d", _n); \ +} while (0) +#define ENTERS(s) do { \ + const char *_s = (s); \ + if (_s == NULL) \ + openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "entering: '%s'", _s); \ +} while (0) +#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") +#define RETURNC(c) do { \ + int _c = (c); \ + if (_c >= 0 && _c < PAM_NUM_ERRORS) \ + openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[_c]); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %d!", _c); \ + return (_c); \ +} while (0) +#define RETURNN(n) do { \ + int _n = (n); \ + openpam_log(PAM_LOG_DEBUG, "returning %d", _n); \ + return (_n); \ +} while (0) +#define RETURNP(p) do { \ + const void *_p = (p); \ + if (_p == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning %p", _p); \ + return (p); \ +} while (0) +#define RETURNS(s) do { \ + const char *_s = (s); \ + if (_s == NULL) \ + openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ + else \ + openpam_log(PAM_LOG_DEBUG, "returning '%s'", _s); \ + return (_s); \ +} while (0) +#else +#define ENTER() +#define ENTERI(i) +#define ENTERN(n) +#define ENTERS(s) +#define RETURNV() return +#define RETURNC(c) return (c) +#define RETURNN(n) return (n) +#define RETURNP(p) return (p) +#define RETURNS(s) return (s) +#endif + +#endif diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c new file mode 100644 index 0000000000..35d2b1770b --- /dev/null +++ b/contrib/openpam/lib/openpam_load.c @@ -0,0 +1,184 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_load.c#21 $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_func_name[PAM_NUM_PRIMITIVES] = { + "pam_authenticate", + "pam_setcred", + "pam_acct_mgmt", + "pam_open_session", + "pam_close_session", + "pam_chauthtok" +}; + +const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = { + "pam_sm_authenticate", + "pam_sm_setcred", + "pam_sm_acct_mgmt", + "pam_sm_open_session", + "pam_sm_close_session", + "pam_sm_chauthtok" +}; + +static pam_module_t *modules; + +/* + * Locate a matching dynamic or static module. Keep a list of previously + * found modules to speed up the process. + */ + +pam_module_t * +openpam_load_module(const char *path) +{ + pam_module_t *module; + + /* check cache first */ + for (module = modules; module != NULL; module = module->next) + if (strcmp(module->path, path) == 0) + goto found; + + /* nope; try to load */ + module = openpam_dynamic(path); + openpam_log(PAM_LOG_DEBUG, "%s dynamic %s", + (module == NULL) ? "no" : "using", path); + +#ifdef OPENPAM_STATIC_MODULES + /* look for a static module */ + if (module == NULL && strchr(path, '/') == NULL) { + module = openpam_static(path); + openpam_log(PAM_LOG_DEBUG, "%s static %s", + (module == NULL) ? "no" : "using", path); + } +#endif + if (module == NULL) { + openpam_log(PAM_LOG_ERROR, "no %s found", path); + return (NULL); + } + openpam_log(PAM_LOG_DEBUG, "adding %s to cache", module->path); + module->next = modules; + if (module->next != NULL) + module->next->prev = module; + module->prev = NULL; + modules = module; + found: + ++module->refcount; + return (module); +} + + +/* + * Release a module. + * XXX highly thread-unsafe + */ + +static void +openpam_release_module(pam_module_t *module) +{ + if (module == NULL) + return; + --module->refcount; + if (module->refcount > 0) + /* still in use */ + return; + if (module->refcount < 0) { + openpam_log(PAM_LOG_ERROR, "module %s has negative refcount", + module->path); + module->refcount = 0; + } + if (module->dlh == NULL) + /* static module */ + return; + dlclose(module->dlh); + if (module->prev != NULL) + module->prev->next = module->next; + if (module->next != NULL) + module->next->prev = module->prev; + if (module == modules) + modules = module->next; + openpam_log(PAM_LOG_DEBUG, "releasing %s", module->path); + FREE(module->path); + FREE(module); +} + + +/* + * Destroy a chain, freeing all its links and releasing the modules + * they point to. + */ + +static void +openpam_destroy_chain(pam_chain_t *chain) +{ + if (chain == NULL) + return; + openpam_destroy_chain(chain->next); + chain->next = NULL; + while (chain->optc) { + --chain->optc; + FREE(chain->optv[chain->optc]); + } + FREE(chain->optv); + openpam_release_module(chain->module); + chain->module = NULL; + FREE(chain); +} + + +/* + * Clear the chains and release the modules + */ + +void +openpam_clear_chains(pam_chain_t *policy[]) +{ + int i; + + for (i = 0; i < PAM_NUM_FACILITIES; ++i) { + openpam_destroy_chain(policy[i]); + policy[i] = NULL; + } +} + +/* + * NOPARSE + */ diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c new file mode 100644 index 0000000000..6d76474842 --- /dev/null +++ b/contrib/openpam/lib/openpam_log.c @@ -0,0 +1,153 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_log.c#24 $ + */ + +#include +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +int _openpam_debug = 0; + +#if !defined(openpam_log) + +/* + * OpenPAM extension + * + * Log a message through syslog + */ + +void +openpam_log(int level, const char *fmt, ...) +{ + va_list ap; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + if (!_openpam_debug) + return; + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + default: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + vsyslog(priority, fmt, ap); + va_end(ap); +} + +#else + +void +_openpam_log(int level, const char *func, const char *fmt, ...) +{ + va_list ap; + char *format; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + if (!_openpam_debug) + return; + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + default: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + if (asprintf(&format, "in %s(): %s", func, fmt) > 0) { + vsyslog(priority, format, ap); + FREE(format); + } else { + vsyslog(priority, fmt, ap); + } + va_end(ap); +} + +#endif + +/** + * The =openpam_log function logs messages using =syslog. + * It is primarily intended for internal use by the library and modules. + * + * The =level argument indicates the importance of the message. + * The following levels are defined: + * + * =PAM_LOG_DEBUG: + * Debugging messages. + * These messages are normally not logged unless the global + * integer variable :_openpam_debug is set to a non-zero + * value, in which case they are logged with a =syslog + * priority of =LOG_DEBUG. + * =PAM_LOG_VERBOSE: + * Information about the progress of the authentication + * process, or other non-essential messages. + * These messages are logged with a =syslog priority of + * =LOG_INFO. + * =PAM_LOG_NOTICE: + * Messages relating to non-fatal errors. + * These messages are logged with a =syslog priority of + * =LOG_NOTICE. + * =PAM_LOG_ERROR: + * Messages relating to serious errors. + * These messages are logged with a =syslog priority of + * =LOG_ERR. + * + * The remaining arguments are a =printf format string and the + * corresponding arguments. + */ diff --git a/contrib/openpam/lib/openpam_nullconv.c b/contrib/openpam/lib/openpam_nullconv.c new file mode 100644 index 0000000000..6668ce2f50 --- /dev/null +++ b/contrib/openpam/lib/openpam_nullconv.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#7 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Null conversation function + */ + +int +openpam_nullconv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + + ENTER(); + (void)n; + (void)msg; + (void)resp; + (void)data; + RETURNC(PAM_CONV_ERR); +} + +/* + * Error codes: + * + * PAM_CONV_ERR + */ + +/** + * The =openpam_nullconv function is a null conversation function suitable + * for applications that want to use PAM but don't support interactive + * dialog with the user. + * Such applications should set =PAM_AUTHTOK to whatever authentication + * token they've obtained on their own before calling =pam_authenticate + * and / or =pam_chauthtok, and their PAM configuration should specify the + * ;use_first_pass option for all modules that require access to the + * authentication token, to make sure they use =PAM_AUTHTOK rather than + * try to query the user. + * + * >openpam_ttyconv + * >pam_prompt + * >pam_set_item + * >pam_vprompt + */ diff --git a/contrib/openpam/lib/openpam_readline.c b/contrib/openpam/lib/openpam_readline.c new file mode 100644 index 0000000000..11dda5cb3a --- /dev/null +++ b/contrib/openpam/lib/openpam_readline.c @@ -0,0 +1,154 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_readline.c#3 $ + */ + +#include +#include +#include + +#include +#include "openpam_impl.h" + +#define MIN_LINE_LENGTH 128 + +/* + * OpenPAM extension + * + * Read a line from a file. + */ + +char * +openpam_readline(FILE *f, int *lineno, size_t *lenp) +{ + unsigned char *line; + size_t len, size; + int ch; + + if ((line = malloc(MIN_LINE_LENGTH)) == NULL) + return (NULL); + size = MIN_LINE_LENGTH; + len = 0; + +#define line_putch(ch) do { \ + if (len >= size - 1) { \ + unsigned char *tmp = realloc(line, size *= 2); \ + if (tmp == NULL) \ + goto fail; \ + line = tmp; \ + } \ + line[len++] = ch; \ + line[len] = '\0'; \ +} while (0) + + for (;;) { + ch = fgetc(f); + /* strip comment */ + if (ch == '#') { + do { + ch = fgetc(f); + } while (ch != EOF && ch != '\n'); + } + /* eof */ + if (ch == EOF) { + /* remove trailing whitespace */ + while (len > 0 && isspace(line[len - 1])) + --len; + line[len] = '\0'; + if (len == 0) + goto fail; + break; + } + /* eol */ + if (ch == '\n') { + if (lineno != NULL) + ++*lineno; + + /* remove trailing whitespace */ + while (len > 0 && isspace(line[len - 1])) + --len; + line[len] = '\0'; + /* skip blank lines */ + if (len == 0) + continue; + /* continuation */ + if (line[len - 1] == '\\') { + line[--len] = '\0'; + /* fall through to whitespace case */ + } else { + break; + } + } + /* whitespace */ + if (isspace(ch)) { + /* ignore leading whitespace */ + /* collapse linear whitespace */ + if (len > 0 && line[len - 1] != ' ') + line_putch(' '); + continue; + } + /* anything else */ + line_putch(ch); + } + + if (lenp != NULL) + *lenp = len; + return (line); + fail: + FREE(line); + return (NULL); +} + +/** + * The =openpam_readline function reads a line from a file, and returns it + * in a NUL-terminated buffer allocated with =malloc. + * + * The =openpam_readline function performs a certain amount of processing + * on the data it reads. + * Comments (introduced by a hash sign) are stripped, as is leading and + * trailing whitespace. + * Any amount of linear whitespace is collapsed to a single space. + * Blank lines are ignored. + * If a line ends in a backslash, the backslash is stripped and the next + * line is appended. + * + * If =lineno is not =NULL, the integer variable it points to is + * incremented every time a newline character is read. + * + * If =lenp is not =NULL, the length of the line (not including the + * terminating NUL character) is stored in the variable it points to. + * + * The caller is responsible for releasing the returned buffer by passing + * it to =free. + */ diff --git a/contrib/openpam/lib/openpam_restore_cred.c b/contrib/openpam/lib/openpam_restore_cred.c new file mode 100644 index 0000000000..9585e3f290 --- /dev/null +++ b/contrib/openpam/lib/openpam_restore_cred.c @@ -0,0 +1,93 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#11 $ + */ + +#include + +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Restore credentials + */ + +int +openpam_restore_cred(pam_handle_t *pamh) +{ + struct pam_saved_cred *scred; + void *scredp; + int r; + + ENTER(); + r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); + if (r != PAM_SUCCESS) + RETURNC(r); + if (scredp == NULL) + RETURNC(PAM_SYSTEM_ERR); + scred = scredp; + if (scred->euid != geteuid()) { + if (seteuid(scred->euid) < 0 || + setgroups(scred->ngroups, scred->groups) < 0 || + setegid(scred->egid) < 0) + RETURNC(PAM_SYSTEM_ERR); + } + pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * =pam_get_data + * PAM_SYSTEM_ERR + */ + +/** + * The =openpam_restore_cred function restores the credentials saved by + * =openpam_borrow_cred. + * + * >setegid 2 + * >seteuid 2 + * >setgroups 2 + */ diff --git a/contrib/openpam/lib/openpam_set_option.c b/contrib/openpam/lib/openpam_set_option.c new file mode 100644 index 0000000000..a955d2b14f --- /dev/null +++ b/contrib/openpam/lib/openpam_set_option.c @@ -0,0 +1,118 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_set_option.c#13 $ + */ + +#include + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Sets the value of a module option + */ + +int +openpam_set_option(pam_handle_t *pamh, + const char *option, + const char *value) +{ + pam_chain_t *cur; + char *opt, **optv; + size_t len; + int i; + + ENTERS(option); + if (pamh == NULL || pamh->current == NULL || option == NULL) + RETURNC(PAM_SYSTEM_ERR); + cur = pamh->current; + for (len = 0; option[len] != '\0'; ++len) + if (option[len] == '=') + break; + for (i = 0; i < cur->optc; ++i) { + if (strncmp(cur->optv[i], option, len) == 0 && + (cur->optv[i][len] == '\0' || cur->optv[i][len] == '=')) + break; + } + if (value == NULL) { + /* remove */ + if (i == cur->optc) + RETURNC(PAM_SUCCESS); + for (free(cur->optv[i]); i < cur->optc; ++i) + cur->optv[i] = cur->optv[i + 1]; + cur->optv[i] = NULL; + RETURNC(PAM_SUCCESS); + } + if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0) + RETURNC(PAM_BUF_ERR); + if (i == cur->optc) { + /* add */ + optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2)); + if (optv == NULL) { + FREE(opt); + RETURNC(PAM_BUF_ERR); + } + optv[i] = opt; + optv[i + 1] = NULL; + cur->optv = optv; + ++cur->optc; + } else { + /* replace */ + FREE(cur->optv[i]); + cur->optv[i] = opt; + } + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =openpam_set_option function sets the specified option in the + * context of the currently executing service module. + * + * >openpam_get_option + */ diff --git a/contrib/openpam/lib/openpam_static.c b/contrib/openpam/lib/openpam_static.c new file mode 100644 index 0000000000..1346c8b446 --- /dev/null +++ b/contrib/openpam/lib/openpam_static.c @@ -0,0 +1,69 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_static.c#6 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +#ifdef OPENPAM_STATIC_MODULES + +SET_DECLARE(_openpam_static_modules, pam_module_t); + +/* + * OpenPAM internal + * + * Locate a statically linked module + */ + +pam_module_t * +openpam_static(const char *path) +{ + pam_module_t **module; + + SET_FOREACH(module, _openpam_static_modules) { + if (strcmp((*module)->path, path) == 0) + return (*module); + } + return (NULL); +} + +#endif + +/* + * NOPARSE + */ diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c new file mode 100644 index 0000000000..cad2a1b99f --- /dev/null +++ b/contrib/openpam/lib/openpam_ttyconv.c @@ -0,0 +1,246 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#26 $ + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "openpam_impl.h" + +int openpam_ttyconv_timeout = 0; + +static void +timeout(int sig) +{ + + (void)sig; +} + +static char * +prompt(const char *msg) +{ + char buf[PAM_MAX_RESP_SIZE]; + struct sigaction action, saved_action; + sigset_t saved_sigset, sigset; + unsigned int saved_alarm; + int eof, error, fd; + size_t len; + char *retval; + char ch; + + sigemptyset(&sigset); + sigaddset(&sigset, SIGINT); + sigaddset(&sigset, SIGTSTP); + sigprocmask(SIG_SETMASK, &sigset, &saved_sigset); + action.sa_handler = &timeout; + action.sa_flags = 0; + sigemptyset(&action.sa_mask); + sigaction(SIGALRM, &action, &saved_action); + fputs(msg, stdout); + fflush(stdout); +#ifdef HAVE_FPURGE + fpurge(stdin); +#endif + fd = fileno(stdin); + buf[0] = '\0'; + eof = error = 0; + if (openpam_ttyconv_timeout >= 0) + saved_alarm = alarm(openpam_ttyconv_timeout); + ch = '\0'; + for (len = 0; ch != '\n' && !eof && !error; ++len) { + switch (read(fd, &ch, 1)) { + case 1: + if (len < PAM_MAX_RESP_SIZE - 1) { + buf[len + 1] = '\0'; + buf[len] = ch; + } + break; + case 0: + eof = 1; + break; + default: + error = errno; + break; + } + } + if (openpam_ttyconv_timeout >= 0) + alarm(0); + sigaction(SIGALRM, &saved_action, NULL); + sigprocmask(SIG_SETMASK, &saved_sigset, NULL); + if (openpam_ttyconv_timeout >= 0) + alarm(saved_alarm); + if (error == EINTR) + fputs(" timeout!", stderr); + if (error || eof) { + fputs("\n", stderr); + memset(buf, 0, sizeof(buf)); + return (NULL); + } + /* trim trailing whitespace */ + for (len = strlen(buf); len > 0; --len) + if (buf[len - 1] != '\r' && buf[len - 1] != '\n') + break; + buf[len] = '\0'; + retval = strdup(buf); + memset(buf, 0, sizeof(buf)); + return (retval); +} + +static char * +prompt_echo_off(const char *msg) +{ + struct termios tattr; + tcflag_t lflag; + char *ret; + int fd; + + fd = fileno(stdin); + if (tcgetattr(fd, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, "tcgetattr(): %m"); + return (NULL); + } + lflag = tattr.c_lflag; + tattr.c_lflag &= ~ECHO; + if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, "tcsetattr(): %m"); + return (NULL); + } + ret = prompt(msg); + tattr.c_lflag = lflag; + (void)tcsetattr(fd, TCSANOW, &tattr); + if (ret != NULL) + fputs("\n", stdout); + return (ret); +} + +/* + * OpenPAM extension + * + * Simple tty-based conversation function + */ + +int +openpam_ttyconv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + struct pam_response *aresp; + int i; + + ENTER(); + (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + RETURNC(PAM_CONV_ERR); + if ((aresp = calloc(n, sizeof *aresp)) == NULL) + RETURNC(PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + aresp[i].resp_retcode = 0; + aresp[i].resp = NULL; + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + aresp[i].resp = prompt_echo_off(msg[i]->msg); + if (aresp[i].resp == NULL) + goto fail; + break; + case PAM_PROMPT_ECHO_ON: + aresp[i].resp = prompt(msg[i]->msg); + if (aresp[i].resp == NULL) + goto fail; + break; + case PAM_ERROR_MSG: + fputs(msg[i]->msg, stderr); + if (strlen(msg[i]->msg) > 0 && + msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') + fputc('\n', stderr); + break; + case PAM_TEXT_INFO: + fputs(msg[i]->msg, stdout); + if (strlen(msg[i]->msg) > 0 && + msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') + fputc('\n', stdout); + break; + default: + goto fail; + } + } + *resp = aresp; + RETURNC(PAM_SUCCESS); + fail: + for (i = 0; i < n; ++i) { + if (aresp[i].resp != NULL) { + memset(aresp[i].resp, 0, strlen(aresp[i].resp)); + FREE(aresp[i].resp); + } + } + memset(aresp, 0, n * sizeof *aresp); + FREE(aresp); + *resp = NULL; + RETURNC(PAM_CONV_ERR); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =openpam_ttyconv function is a standard conversation function + * suitable for use on TTY devices. + * It should be adequate for the needs of most text-based interactive + * programs. + * + * The =openpam_ttyconv function allows the application to specify a + * timeout for user input by setting the global integer variable + * :openpam_ttyconv_timeout to the length of the timeout in seconds. + * + * >openpam_nullconv + * >pam_prompt + * >pam_vprompt + */ diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c new file mode 100644 index 0000000000..d5bdbfb703 --- /dev/null +++ b/contrib/openpam/lib/pam_acct_mgmt.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#14 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 32 + * + * Perform PAM account validation procedures + */ + +int +pam_acct_mgmt(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + r = openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_acct_mgmt + * !PAM_IGNORE + */ + +/** + * The =pam_acct_mgmt function verifies and enforces account restrictions + * after the user has been authenticated. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK: + * Fail if the user's authentication token is null. + * + * If any other bits are set, =pam_acct_mgmt will return + * =PAM_SYMBOL_ERR. + */ diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c new file mode 100644 index 0000000000..a37e32bf35 --- /dev/null +++ b/contrib/openpam/lib/pam_authenticate.c @@ -0,0 +1,91 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_authenticate.c#15 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 34 + * + * Perform authentication within the PAM framework + */ + +int +pam_authenticate(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags); + pam_set_item(pamh, PAM_AUTHTOK, NULL); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_authenticate + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_authenticate function attempts to authenticate the user + * associated with the pam context specified by the =pamh argument. + * + * The application is free to call =pam_authenticate as many times as it + * wishes, but some modules may maintain an internal retry counter and + * return =PAM_MAXTRIES when it exceeds some preset or hardcoded limit. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_DISALLOW_NULL_AUTHTOK: + * Fail if the user's authentication token is null. + * + * If any other bits are set, =pam_authenticate will return + * =PAM_SYMBOL_ERR. + */ diff --git a/contrib/openpam/lib/pam_authenticate_secondary.c b/contrib/openpam/lib/pam_authenticate_secondary.c new file mode 100644 index 0000000000..09e983904f --- /dev/null +++ b/contrib/openpam/lib/pam_authenticate_secondary.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#8 $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 36 + * + * Perform authentication to a secondary domain within the PAM framework + */ + +int +pam_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + char *target_module_authtok, + int flags) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c new file mode 100644 index 0000000000..224e8f27cc --- /dev/null +++ b/contrib/openpam/lib/pam_chauthtok.c @@ -0,0 +1,92 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#16 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 38 + * + * Perform password related functions within the PAM framework + */ + +int +pam_chauthtok(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, + flags | PAM_PRELIM_CHECK); + if (r == PAM_SUCCESS) + r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, + flags | PAM_UPDATE_AUTHTOK); + pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); + pam_set_item(pamh, PAM_AUTHTOK, NULL); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_chauthtok + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_chauthtok function attempts to change the authentication token + * for the user associated with the pam context specified by the =pamh + * argument. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_CHANGE_EXPIRED_AUTHTOK: + * Change only those authentication tokens that have expired. + * + * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR. + */ diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c new file mode 100644 index 0000000000..ee4945fbb0 --- /dev/null +++ b/contrib/openpam/lib/pam_close_session.c @@ -0,0 +1,84 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_close_session.c#13 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 40 + * + * Close an existing user session + */ + +int +pam_close_session(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_close_session + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_close_session function tears down the user session previously + * set up by =pam_open_session. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * + * If any other bits are set, =pam_close_session will return + * =PAM_SYMBOL_ERR. + */ diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c new file mode 100644 index 0000000000..0dd3ea75e6 --- /dev/null +++ b/contrib/openpam/lib/pam_end.c @@ -0,0 +1,101 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_end.c#14 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 42 + * + * Terminate the PAM transaction + */ + +int +pam_end(pam_handle_t *pamh, + int status) +{ + pam_data_t *dp; + int i; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* clear module data */ + while ((dp = pamh->module_data) != NULL) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, status); + pamh->module_data = dp->next; + FREE(dp->name); + FREE(dp); + } + + /* clear environment */ + while (pamh->env_count) { + --pamh->env_count; + FREE(pamh->env[pamh->env_count]); + } + FREE(pamh->env); + + /* clear chains */ + openpam_clear_chains(pamh->chains); + + /* clear items */ + for (i = 0; i < PAM_NUM_ITEMS; ++i) + pam_set_item(pamh, i, NULL); + + FREE(pamh); + + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + */ + +/** + * The =pam_end function terminates a PAM transaction and destroys the + * corresponding PAM context, releasing all resources allocated to it. + * + * The =status argument should be set to the error code returned by the + * last API call before the call to =pam_end. + */ diff --git a/contrib/openpam/lib/pam_error.c b/contrib/openpam/lib/pam_error.c new file mode 100644 index 0000000000..a2708bfa46 --- /dev/null +++ b/contrib/openpam/lib/pam_error.c @@ -0,0 +1,84 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_error.c#10 $ + */ + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_error(pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + va_end(ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_error function displays an error message through the + * intermediary of the given PAM context's conversation function. + * + * >pam_info + * >pam_prompt + * >pam_verror + */ diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c new file mode 100644 index 0000000000..b65430a508 --- /dev/null +++ b/contrib/openpam/lib/pam_get_authtok.c @@ -0,0 +1,170 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#28 $ + */ + +#include + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +static const char authtok_prompt[] = "Password:"; +static const char oldauthtok_prompt[] = "Old Password:"; +static const char newauthtok_prompt[] = "New Password:"; + +/* + * OpenPAM extension + * + * Retrieve authentication token + */ + +int +pam_get_authtok(pam_handle_t *pamh, + int item, + const char **authtok, + const char *prompt) +{ + const void *oldauthtok, *prevauthtok, *promptp; + const char *default_prompt; + char *resp, *resp2; + int pitem, r, style, twice; + + ENTER(); + if (pamh == NULL || authtok == NULL) + RETURNC(PAM_SYSTEM_ERR); + *authtok = NULL; + twice = 0; + switch (item) { + case PAM_AUTHTOK: + pitem = PAM_AUTHTOK_PROMPT; + default_prompt = authtok_prompt; + r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok); + if (r == PAM_SUCCESS && oldauthtok != NULL) { + default_prompt = newauthtok_prompt; + twice = 1; + } + break; + case PAM_OLDAUTHTOK: + pitem = PAM_OLDAUTHTOK_PROMPT; + default_prompt = oldauthtok_prompt; + twice = 0; + break; + default: + RETURNC(PAM_SYMBOL_ERR); + } + if (openpam_get_option(pamh, "try_first_pass") || + openpam_get_option(pamh, "use_first_pass")) { + r = pam_get_item(pamh, item, &prevauthtok); + if (r == PAM_SUCCESS && prevauthtok != NULL) { + *authtok = prevauthtok; + RETURNC(PAM_SUCCESS); + } + else if (openpam_get_option(pamh, "use_first_pass")) + RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r); + } + if (prompt == NULL) { + r = pam_get_item(pamh, pitem, &promptp); + if (r != PAM_SUCCESS || promptp == NULL) + prompt = default_prompt; + else + prompt = promptp; + } + style = openpam_get_option(pamh, "echo_pass") ? + PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; + r = pam_prompt(pamh, style, &resp, "%s", prompt); + if (r != PAM_SUCCESS) + RETURNC(r); + if (twice) { + r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); + if (r != PAM_SUCCESS) { + FREE(resp); + RETURNC(r); + } + if (strcmp(resp, resp2) != 0) + FREE(resp); + FREE(resp2); + } + if (resp == NULL) + RETURNC(PAM_TRY_AGAIN); + r = pam_set_item(pamh, item, resp); + FREE(resp); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_get_item(pamh, item, (const void **)authtok); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_get_item + * =pam_prompt + * =pam_set_item + * !PAM_SYMBOL_ERR + * PAM_TRY_AGAIN + */ + +/** + * The =pam_get_authtok function returns the cached authentication token, + * or prompts the user if no token is currently cached. + * Either way, a pointer to the authentication token is stored in the + * location pointed to by the =authtok argument. + * + * The =item argument must have one of the following values: + * + * =PAM_AUTHTOK: + * Returns the current authentication token, or the new token + * when changing authentication tokens. + * =PAM_OLDAUTHTOK: + * Returns the previous authentication token when changing + * authentication tokens. + * + * The =prompt argument specifies a prompt to use if no token is cached. + * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item, + * as appropriate, will be used. + * If that item is also =NULL, a hardcoded default prompt will be used. + * + * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK + * item, =pam_get_authtok will ask the user to confirm the new token by + * retyping it. + * If there is a mismatch, =pam_get_authtok will return =PAM_TRY_AGAIN. + * + * >pam_get_item + * >pam_get_user + */ diff --git a/contrib/openpam/lib/pam_get_data.c b/contrib/openpam/lib/pam_get_data.c new file mode 100644 index 0000000000..5b31064cec --- /dev/null +++ b/contrib/openpam/lib/pam_get_data.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_get_data.c#14 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 43 + * + * Get module information + */ + +int +pam_get_data(pam_handle_t *pamh, + const char *module_data_name, + void **data) +{ + pam_data_t *dp; + + ENTERS(module_data_name); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { + if (strcmp(dp->name, module_data_name) == 0) { + *data = (void *)dp->data; + RETURNC(PAM_SUCCESS); + } + } + RETURNC(PAM_NO_MODULE_DATA); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_NO_MODULE_DATA + */ + +/** + * The =pam_get_data function looks up the opaque object associated with + * the string specified by the =module_data_name argument, in the PAM + * context specified by the =pamh argument. + * A pointer to the object is stored in the location pointed to by the + * =data argument. + * + * This function and its counterpart =pam_set_data are useful for managing + * data that are meaningful only to a particular service module. + */ diff --git a/contrib/openpam/lib/pam_get_item.c b/contrib/openpam/lib/pam_get_item.c new file mode 100644 index 0000000000..16b20ed2b2 --- /dev/null +++ b/contrib/openpam/lib/pam_get_item.c @@ -0,0 +1,141 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_get_item.c#17 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_item_name[PAM_NUM_ITEMS] = { + "(NO ITEM)", + "PAM_SERVICE", + "PAM_USER", + "PAM_TTY", + "PAM_RHOST", + "PAM_CONV", + "PAM_AUTHTOK", + "PAM_OLDAUTHTOK", + "PAM_RUSER", + "PAM_USER_PROMPT", + "PAM_REPOSITORY", + "PAM_AUTHTOK_PROMPT", + "PAM_OLDAUTHTOK_PROMPT" +}; + +/* + * XSSO 4.2.1 + * XSSO 6 page 46 + * + * Get PAM information + */ + +int +pam_get_item(pam_handle_t *pamh, + int item_type, + const void **item) +{ + + ENTERI(item_type); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_CONV: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + case PAM_OLDAUTHTOK_PROMPT: + case PAM_REPOSITORY: + *item = pamh->item[item_type]; + RETURNC(PAM_SUCCESS); + default: + RETURNC(PAM_SYMBOL_ERR); + } +} + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + */ + +/** + * The =pam_get_item function stores a pointer to the item specified by + * the =item_type argument in the location specified by the =item + * argument. + * The item is retrieved from the PAM context specified by the =pamh + * argument. + * The following item types are recognized: + * + * =PAM_SERVICE: + * The name of the requesting service. + * =PAM_USER: + * The name of the user the application is trying to + * authenticate. + * =PAM_TTY: + * The name of the current terminal. + * =PAM_RHOST: + * The name of the applicant's host. + * =PAM_CONV: + * A =struct pam_conv describing the current conversation + * function. + * =PAM_AUTHTOK: + * The current authentication token. + * =PAM_OLDAUTHTOK: + * The expired authentication token. + * =PAM_RUSER: + * The name of the applicant. + * =PAM_USER_PROMPT: + * The prompt to use when asking the applicant for a user + * name to authenticate as. + * =PAM_AUTHTOK_PROMPT: + * The prompt to use when asking the applicant for an + * authentication token. + * =PAM_OLDAUTHTOK_PROMPT: + * The prompt to use when asking the applicant for an + * expired authentication token prior to changing it. + * + * See =pam_start for a description of =struct pam_conv. + * + * >pam_set_item + */ diff --git a/contrib/openpam/lib/pam_get_mapped_authtok.c b/contrib/openpam/lib/pam_get_mapped_authtok.c new file mode 100644 index 0000000000..7a5b3b1393 --- /dev/null +++ b/contrib/openpam/lib/pam_get_mapped_authtok.c @@ -0,0 +1,61 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#8 $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 48 + * + * Get mapped password for the user + */ + +int +pam_get_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + const char *target_module_type, + const char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_get_mapped_username.c b/contrib/openpam/lib/pam_get_mapped_username.c new file mode 100644 index 0000000000..cec8a252a2 --- /dev/null +++ b/contrib/openpam/lib/pam_get_mapped_username.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#8 $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 50 + * + * Get valid matched identity in new domain + */ + +int +pam_get_mapped_username(pam_handle_t *pamh, + const char *src_username, + const char *src_module_type, + const char *src_authn_domain, + const char *target_module_type, + const char *target_authn_domain, + char **target_module_username) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_get_user.c b/contrib/openpam/lib/pam_get_user.c new file mode 100644 index 0000000000..d59d33239d --- /dev/null +++ b/contrib/openpam/lib/pam_get_user.c @@ -0,0 +1,112 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_get_user.c#20 $ + */ + +#include + +#include + +#include +#include + +#include "openpam_impl.h" + +static const char user_prompt[] = "Login:"; + +/* + * XSSO 4.2.1 + * XSSO 6 page 52 + * + * Retrieve user name + */ + +int +pam_get_user(pam_handle_t *pamh, + const char **user, + const char *prompt) +{ + const void *promptp; + char *resp; + int r; + + ENTER(); + if (pamh == NULL || user == NULL) + RETURNC(PAM_SYSTEM_ERR); + r = pam_get_item(pamh, PAM_USER, (const void **)user); + if (r == PAM_SUCCESS && *user != NULL) + RETURNC(PAM_SUCCESS); + if (prompt == NULL) { + r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp); + if (r != PAM_SUCCESS || promptp == NULL) + prompt = user_prompt; + else + prompt = promptp; + } + r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_set_item(pamh, PAM_USER, resp); + FREE(resp); + if (r != PAM_SUCCESS) + RETURNC(r); + r = pam_get_item(pamh, PAM_USER, (const void **)user); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_get_item + * =pam_prompt + * =pam_set_item + * !PAM_SYMBOL_ERR + */ + +/** + * The =pam_get_user function returns the name of the target user, as + * specified to =pam_start. + * If no user was specified, nor set using =pam_set_item, =pam_get_user + * will prompt for a user name. + * Either way, a pointer to the user name is stored in the location + * pointed to by the =user argument. + * + * The =prompt argument specifies a prompt to use if no user name is + * cached. + * If it is =NULL, the =PAM_USER_PROMPT will be used. + * If that item is also =NULL, a hardcoded default prompt will be used. + * + * >pam_get_item + * >pam_get_authtok + */ diff --git a/contrib/openpam/lib/pam_getenv.c b/contrib/openpam/lib/pam_getenv.c new file mode 100644 index 0000000000..4faafdc375 --- /dev/null +++ b/contrib/openpam/lib/pam_getenv.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_getenv.c#16 $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 44 + * + * Retrieve the value of a PAM environment variable + */ + +const char * +pam_getenv(pam_handle_t *pamh, + const char *name) +{ + char *str; + int i; + + ENTERS(name); + if (pamh == NULL) + RETURNS(NULL); + if (name == NULL || strchr(name, '=') != NULL) + RETURNS(NULL); + if ((i = openpam_findenv(pamh, name, strlen(name))) < 0) + RETURNS(NULL); + for (str = pamh->env[i]; *str != '\0'; ++str) { + if (*str == '=') { + ++str; + break; + } + } + RETURNS(str); +} + +/** + * The =pam_getenv function returns the value of an environment variable. + * Its semantics are similar to those of =getenv, but it accesses the PAM + * context's environment list instead of the application's. + * + * >pam_getenvlist + * >pam_putenv + * >pam_setenv + */ diff --git a/contrib/openpam/lib/pam_getenvlist.c b/contrib/openpam/lib/pam_getenvlist.c new file mode 100644 index 0000000000..82f2320493 --- /dev/null +++ b/contrib/openpam/lib/pam_getenvlist.c @@ -0,0 +1,105 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#13 $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 45 + * + * Returns a list of all the PAM environment variables + */ + +char ** +pam_getenvlist(pam_handle_t *pamh) +{ + char **envlist; + int i; + + ENTER(); + if (pamh == NULL) + RETURNP(NULL); + envlist = malloc(sizeof(char *) * (pamh->env_count + 1)); + if (envlist == NULL) { + openpam_log(PAM_LOG_ERROR, "%s", + pam_strerror(pamh, PAM_BUF_ERR)); + RETURNP(NULL); + } + for (i = 0; i < pamh->env_count; ++i) { + if ((envlist[i] = strdup(pamh->env[i])) == NULL) { + while (i) { + --i; + FREE(envlist[i]); + } + FREE(envlist); + openpam_log(PAM_LOG_ERROR, "%s", + pam_strerror(pamh, PAM_BUF_ERR)); + RETURNP(NULL); + } + } + envlist[i] = NULL; + RETURNP(envlist); +} + +/** + * The =pam_getenvlist function returns a copy of the given PAM context's + * environment list as a pointer to an array of strings. + * The last element in the array is =NULL. + * The pointer is suitable for assignment to {Va environ}. + * + * The array and the strings it lists are allocated using =malloc, and + * should be released using =free after use: + * + * char **envlist, **env; + * + * envlist = environ; + * environ = pam_getenvlist(pamh); + * \/\* do something nifty \*\/ + * for (env = environ; *env != NULL; env++) + * free(*env); + * free(environ); + * environ = envlist; + * + * >environ 7 + * >pam_getenv + * >pam_putenv + * >pam_setenv + */ diff --git a/contrib/openpam/lib/pam_info.c b/contrib/openpam/lib/pam_info.c new file mode 100644 index 0000000000..7d3ab94986 --- /dev/null +++ b/contrib/openpam/lib/pam_info.c @@ -0,0 +1,84 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_info.c#9 $ + */ + +#include +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_info(pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + va_end(ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_info function displays an informational message through the + * intermediary of the given PAM context's conversation function. + * + * >pam_error + * >pam_prompt + * >pam_vinfo + */ diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c new file mode 100644 index 0000000000..c7ae8651e3 --- /dev/null +++ b/contrib/openpam/lib/pam_open_session.c @@ -0,0 +1,85 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_open_session.c#14 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 54 + * + * Open a user session + */ + +int +pam_open_session(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT)) + RETURNC(PAM_SYMBOL_ERR); + r = openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_open_session + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_open_session sets up a user session for a previously + * authenticated user. + * The session should later be torn down by a call to =pam_close_session. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * + * If any other bits are set, =pam_open_session will return + * =PAM_SYMBOL_ERR. + */ diff --git a/contrib/openpam/lib/pam_prompt.c b/contrib/openpam/lib/pam_prompt.c new file mode 100644 index 0000000000..61355d40fd --- /dev/null +++ b/contrib/openpam/lib/pam_prompt.c @@ -0,0 +1,89 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_prompt.c#9 $ + */ + +#include + +#include + +#include +#include + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_prompt(pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + ...) +{ + va_list ap; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, style, resp, fmt, ap); + va_end(ap); + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_prompt function constructs a message from the specified format + * string and arguments and passes it to the given PAM context's + * conversation function. + * + * A pointer to the response, or =NULL if the conversation function did + * not return one, is stored in the location pointed to by the =resp + * argument. + * + * See =pam_vprompt for further details. + * + * >pam_error + * >pam_info + * >pam_vprompt + */ diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c new file mode 100644 index 0000000000..41530e6596 --- /dev/null +++ b/contrib/openpam/lib/pam_putenv.c @@ -0,0 +1,107 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_putenv.c#12 $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 56 + * + * Set the value of an environment variable + */ + +int +pam_putenv(pam_handle_t *pamh, + const char *namevalue) +{ + char **env, *p; + int i; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* sanity checks */ + if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* see if the variable is already in the environment */ + if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) >= 0) { + if ((p = strdup(namevalue)) == NULL) + RETURNC(PAM_BUF_ERR); + FREE(pamh->env[i]); + pamh->env[i] = p; + RETURNC(PAM_SUCCESS); + } + + /* grow the environment list if necessary */ + if (pamh->env_count == pamh->env_size) { + env = realloc(pamh->env, + sizeof(char *) * (pamh->env_size * 2 + 1)); + if (env == NULL) + RETURNC(PAM_BUF_ERR); + pamh->env = env; + pamh->env_size = pamh->env_size * 2 + 1; + } + + /* add the variable at the end */ + if ((pamh->env[pamh->env_count] = strdup(namevalue)) == NULL) + RETURNC(PAM_BUF_ERR); + ++pamh->env_count; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_putenv function sets a environment variable. + * Its semantics are similar to those of =putenv, but it modifies the PAM + * context's environment list instead of the application's. + * + * >pam_getenv + * >pam_getenvlist + * >pam_setenv + */ diff --git a/contrib/openpam/lib/pam_set_data.c b/contrib/openpam/lib/pam_set_data.c new file mode 100644 index 0000000000..a17ea0fb92 --- /dev/null +++ b/contrib/openpam/lib/pam_set_data.c @@ -0,0 +1,103 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_set_data.c#15 $ + */ + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 59 + * + * Set module information + */ + +int +pam_set_data(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int pam_end_status)) +{ + pam_data_t *dp; + + ENTERS(module_data_name); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { + if (strcmp(dp->name, module_data_name) == 0) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, PAM_SUCCESS); + dp->data = data; + dp->cleanup = cleanup; + RETURNC(PAM_SUCCESS); + } + } + if ((dp = malloc(sizeof *dp)) == NULL) + RETURNC(PAM_BUF_ERR); + if ((dp->name = strdup(module_data_name)) == NULL) { + FREE(dp); + RETURNC(PAM_BUF_ERR); + } + dp->data = data; + dp->cleanup = cleanup; + dp->next = pamh->module_data; + pamh->module_data = dp; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_set_data function associates a pointer to an opaque object + * with an arbitrary string specified by the =module_data_name argument, + * in the PAM context specified by the =pamh argument. + * + * If not =NULL, the =cleanup argument should point to a function + * responsible for releasing the resources associated with the object. + * + * This function and its counterpart =pam_get_data are useful for managing + * data that are meaningful only to a particular service module. + */ diff --git a/contrib/openpam/lib/pam_set_item.c b/contrib/openpam/lib/pam_set_item.c new file mode 100644 index 0000000000..5b6efa6ca4 --- /dev/null +++ b/contrib/openpam/lib/pam_set_item.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_set_item.c#21 $ + */ + +#include + +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 60 + * + * Set authentication information + */ + +int +pam_set_item(pam_handle_t *pamh, + int item_type, + const void *item) +{ + void **slot, *tmp; + size_t nsize, osize; + + ENTERI(item_type); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + slot = &pamh->item[item_type]; + osize = nsize = 0; + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + case PAM_OLDAUTHTOK_PROMPT: + if (*slot != NULL) + osize = strlen(*slot) + 1; + if (item != NULL) + nsize = strlen(item) + 1; + break; + case PAM_REPOSITORY: + osize = nsize = sizeof(struct pam_repository); + break; + case PAM_CONV: + osize = nsize = sizeof(struct pam_conv); + break; + default: + RETURNC(PAM_SYMBOL_ERR); + } + if (*slot != NULL) { + memset(*slot, 0xd0, osize); + FREE(*slot); + } + if (item != NULL) { + if ((tmp = malloc(nsize)) == NULL) + RETURNC(PAM_BUF_ERR); + memcpy(tmp, item, nsize); + } else { + tmp = NULL; + } + *slot = tmp; + RETURNC(PAM_SUCCESS); +} + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_set_item function sets the item specified by the =item_type + * argument to a copy of the object pointed to by the =item argument. + * The item is stored in the PAM context specified by the =pamh argument. + * See =pam_get_item for a list of recognized item types. + */ diff --git a/contrib/openpam/lib/pam_set_mapped_authtok.c b/contrib/openpam/lib/pam_set_mapped_authtok.c new file mode 100644 index 0000000000..0b59d5e6b2 --- /dev/null +++ b/contrib/openpam/lib/pam_set_mapped_authtok.c @@ -0,0 +1,61 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#8 $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 62 + * + * Store the password for the username supplied + */ + +int +pam_set_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + const char *target_module_type, + const char *target_authn_domain) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_set_mapped_username.c b/contrib/openpam/lib/pam_set_mapped_username.c new file mode 100644 index 0000000000..41f0a06817 --- /dev/null +++ b/contrib/openpam/lib/pam_set_mapped_username.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#8 $ + */ + +#include + +/* + * XSSO 4.2.1 + * XSSO 6 page 64 + * + * Set a username + */ + +int +pam_set_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_username, + char *target_module_type, + char *target_authn_domain) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c new file mode 100644 index 0000000000..625a07c7a3 --- /dev/null +++ b/contrib/openpam/lib/pam_setcred.c @@ -0,0 +1,94 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_setcred.c#14 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 57 + * + * Modify / delete user credentials for an authentication service + */ + +int +pam_setcred(pam_handle_t *pamh, + int flags) +{ + int r; + + ENTER(); + if (flags & ~(PAM_SILENT|PAM_ESTABLISH_CRED|PAM_DELETE_CRED| + PAM_REINITIALIZE_CRED|PAM_REFRESH_CRED)) + RETURNC(PAM_SYMBOL_ERR); + /* XXX enforce exclusivity */ + r = openpam_dispatch(pamh, PAM_SM_SETCRED, flags); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_setcred + * !PAM_IGNORE + * PAM_SYMBOL_ERR + */ + +/** + * The =pam_setcred function manages the application's credentials. + * + * The =flags argument is the binary or of zero or more of the following + * values: + * + * =PAM_SILENT: + * Do not emit any messages. + * =PAM_ESTABLISH_CRED: + * Establish the credentials of the target user. + * =PAM_DELETE_CRED: + * Revoke all established credentials. + * =PAM_REINITIALIZE_CRED: + * Fully reinitialise credentials. + * =PAM_REFRESH_CRED: + * Refresh credentials. + * + * The latter four are mutually exclusive. + * + * If any other bits are set, =pam_setcred will return =PAM_SYMBOL_ERR. + */ diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c new file mode 100644 index 0000000000..1c1603970e --- /dev/null +++ b/contrib/openpam/lib/pam_setenv.c @@ -0,0 +1,97 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_setenv.c#12 $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Set the value of an environment variable + * Mirrors setenv(3) + */ + +int +pam_setenv(pam_handle_t *pamh, + const char *name, + const char *value, + int overwrite) +{ + char *env; + int r; + + ENTER(); + if (pamh == NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* sanity checks */ + if (name == NULL || value == NULL || strchr(name, '=') != NULL) + RETURNC(PAM_SYSTEM_ERR); + + /* is it already there? */ + if (!overwrite && openpam_findenv(pamh, name, strlen(name)) >= 0) + RETURNC(PAM_SUCCESS); + + /* set it... */ + if (asprintf(&env, "%s=%s", name, value) < 0) + RETURNC(PAM_BUF_ERR); + r = pam_putenv(pamh, env); + FREE(env); + RETURNC(r); +} + +/* + * Error codes: + * + * =pam_putenv + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_setenv function sets a environment variable. + * Its semantics are similar to those of =setenv, but it modifies the PAM + * context's environment list instead of the application's. + * + * >pam_getenv + * >pam_getenvlist + * >pam_putenv + */ diff --git a/contrib/openpam/lib/pam_sm_acct_mgmt.c b/contrib/openpam/lib/pam_sm_acct_mgmt.c new file mode 100644 index 0000000000..e5d65c2340 --- /dev/null +++ b/contrib/openpam/lib/pam_sm_acct_mgmt.c @@ -0,0 +1,80 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#7 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 66 + * + * Service module implementation for pam_acct_mgmt + */ + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_USER_UNKNOWN + * PAM_AUTH_ERR + * PAM_NEW_AUTHTOK_REQD + * PAM_ACCT_EXPIRED + */ + +/** + * The =pam_sm_acct_mgmt function is the service module's implementation + * of the =pam_acct_mgmt API function. + */ diff --git a/contrib/openpam/lib/pam_sm_authenticate.c b/contrib/openpam/lib/pam_sm_authenticate.c new file mode 100644 index 0000000000..25446b2cc9 --- /dev/null +++ b/contrib/openpam/lib/pam_sm_authenticate.c @@ -0,0 +1,81 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#7 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 68 + * + * Service module implementation for pam_authenticate + */ + +int +pam_sm_authenticate(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_AUTH_ERR + * PAM_CRED_INSUFFICIENT + * PAM_AUTHINFO_UNAVAIL + * PAM_USER_UNKNOWN + * PAM_MAXTRIES + */ + +/** + * The =pam_sm_authenticate function is the service module's + * implementation of the =pam_authenticate API function. + */ diff --git a/contrib/openpam/lib/pam_sm_authenticate_secondary.c b/contrib/openpam/lib/pam_sm_authenticate_secondary.c new file mode 100644 index 0000000000..b163baaf8b --- /dev/null +++ b/contrib/openpam/lib/pam_sm_authenticate_secondary.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#6 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 70 + * + * Service module implementation for pam_authenticate_secondary + */ + +int +pam_sm_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + unsigned char *target_module_authtok, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_sm_chauthtok.c b/contrib/openpam/lib/pam_sm_chauthtok.c new file mode 100644 index 0000000000..dc53be9bc1 --- /dev/null +++ b/contrib/openpam/lib/pam_sm_chauthtok.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#8 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 72 + * + * Service module implementation for pam_chauthtok + */ + +int +pam_sm_chauthtok(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_PERM_DENIED + * PAM_AUTHTOK_ERR + * PAM_AUTHTOK_RECOVERY_ERR + * PAM_AUTHTOK_LOCK_BUSY + * PAM_AUTHTOK_DISABLE_AGING + * PAM_TRY_AGAIN + */ + +/** + * The =pam_sm_chauthtok function is the service module's implementation + * of the =pam_chauthtok API function. + */ diff --git a/contrib/openpam/lib/pam_sm_close_session.c b/contrib/openpam/lib/pam_sm_close_session.c new file mode 100644 index 0000000000..428ac655d8 --- /dev/null +++ b/contrib/openpam/lib/pam_sm_close_session.c @@ -0,0 +1,77 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#7 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 75 + * + * Service module implementation for pam_close_session + */ + +int +pam_sm_close_session(pam_handle_t *pamh, + int flags, + int args, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_SESSION_ERR + */ + +/** + * The =pam_sm_close_session function is the service module's + * implementation of the =pam_close_session API function. + */ diff --git a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c new file mode 100644 index 0000000000..38f7c665ab --- /dev/null +++ b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c @@ -0,0 +1,66 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#6 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 77 + * + * Service module implementation for pam_get_mapped_authtok + */ + +int +pam_sm_get_mapped_authtok(pam_handle_t *pamh, + char *target_module_username, + char *target_module_type, + char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok, + int argc, + char *argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_sm_get_mapped_username.c b/contrib/openpam/lib/pam_sm_get_mapped_username.c new file mode 100644 index 0000000000..c00a7de48b --- /dev/null +++ b/contrib/openpam/lib/pam_sm_get_mapped_username.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#6 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 79 + * + * Service module implementation for pam_get_mapped_username + */ + +int +pam_sm_get_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_type, + char *target_authn_domain, + char **target_module_username, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_sm_open_session.c b/contrib/openpam/lib/pam_sm_open_session.c new file mode 100644 index 0000000000..54040395ef --- /dev/null +++ b/contrib/openpam/lib/pam_sm_open_session.c @@ -0,0 +1,77 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#7 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 81 + * + * Service module implementation for pam_open_session + */ + +int +pam_sm_open_session(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_SESSION_ERR + */ + +/** + * The =pam_sm_open_session function is the service module's + * implementation of the =pam_open_session API function. + */ diff --git a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c new file mode 100644 index 0000000000..d16c265f30 --- /dev/null +++ b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c @@ -0,0 +1,66 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#6 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 83 + * + * Service module implementation for pam_set_mapped_authtok + */ + +int +pam_sm_set_mapped_authtok(pam_handle_t *pamh, + char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + char *target_module_type, + char *target_authn_domain, + int argc, + const char *argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_sm_set_mapped_username.c b/contrib/openpam/lib/pam_sm_set_mapped_username.c new file mode 100644 index 0000000000..54bed9146b --- /dev/null +++ b/contrib/openpam/lib/pam_sm_set_mapped_username.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#6 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 85 + * + * Service module implementation for pam_set_mapped_username + */ + +int +pam_sm_set_mapped_username(pam_handle_t *pamh, + char *target_module_username, + char *target_module_type, + char *target_authn_domain, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/contrib/openpam/lib/pam_sm_setcred.c b/contrib/openpam/lib/pam_sm_setcred.c new file mode 100644 index 0000000000..919256d893 --- /dev/null +++ b/contrib/openpam/lib/pam_sm_setcred.c @@ -0,0 +1,81 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#7 $ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 87 + * + * Service module implementation for pam_setcred + */ + +int +pam_sm_setcred(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + ENTER(); + RETURNC(PAM_SYSTEM_ERR); +} + + +/* + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_CRED_UNAVAIL + * PAM_CRED_EXPIRED + * PAM_USER_UNKNOWN + * PAM_CRED_ERR + */ + +/** + * The =pam_sm_setcred function is the service module's implementation of + * the =pam_setcred API function. + */ diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c new file mode 100644 index 0000000000..e180fe84bc --- /dev/null +++ b/contrib/openpam/lib/pam_start.c @@ -0,0 +1,107 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_start.c#18 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 89 + * + * Initiate a PAM transaction + */ + +int +pam_start(const char *service, + const char *user, + const struct pam_conv *pam_conv, + pam_handle_t **pamh) +{ + struct pam_handle *ph; + int r; + + ENTER(); + if ((ph = calloc(1, sizeof *ph)) == NULL) + RETURNC(PAM_BUF_ERR); + if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS) + goto fail; + + r = openpam_configure(ph, service); + if (r != PAM_SUCCESS) + goto fail; + + *pamh = ph; + openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); + RETURNC(PAM_SUCCESS); + + fail: + pam_end(ph, r); + RETURNC(r); +} + +/* + * Error codes: + * + * =openpam_configure + * =pam_set_item + * !PAM_SYMBOL_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_start function creates and initializes a PAM context. + * + * The =service argument specifies the name of the policy to apply, and is + * stored in the =PAM_SERVICE item in the created context. + * + * The =user argument specifies the name of the target user - the user the + * created context will serve to authenticate. + * It is stored in the =PAM_USER item in the created context. + * + * The =pam_conv argument points to a =struct pam_conv describing the + * conversation function to use; see =pam_conv for details. + * + * >pam_get_item + * >pam_set_item + * >pam_end + */ diff --git a/contrib/openpam/lib/pam_strerror.c b/contrib/openpam/lib/pam_strerror.c new file mode 100644 index 0000000000..4c7915f378 --- /dev/null +++ b/contrib/openpam/lib/pam_strerror.c @@ -0,0 +1,163 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_strerror.c#13 $ + */ + +#include + +#include + +#include "openpam_impl.h" + +const char *_pam_err_name[PAM_NUM_ERRORS] = { + "PAM_SUCCESS", + "PAM_OPEN_ERR", + "PAM_SYMBOL_ERR", + "PAM_SERVICE_ERR", + "PAM_SYSTEM_ERR", + "PAM_BUF_ERR", + "PAM_CONV_ERR", + "PAM_PERM_DENIED", + "PAM_MAXTRIES", + "PAM_AUTH_ERR", + "PAM_NEW_AUTHTOK_REQD", + "PAM_CRED_INSUFFICIENT", + "PAM_AUTHINFO_UNAVAIL", + "PAM_USER_UNKNOWN", + "PAM_CRED_UNAVAIL", + "PAM_CRED_EXPIRED", + "PAM_CRED_ERR", + "PAM_ACCT_EXPIRED", + "PAM_AUTHTOK_EXPIRED", + "PAM_SESSION_ERR", + "PAM_AUTHTOK_ERR", + "PAM_AUTHTOK_RECOVERY_ERR", + "PAM_AUTHTOK_LOCK_BUSY", + "PAM_AUTHTOK_DISABLE_AGING", + "PAM_NO_MODULE_DATA", + "PAM_IGNORE", + "PAM_ABORT", + "PAM_TRY_AGAIN", + "PAM_MODULE_UNKNOWN", + "PAM_DOMAIN_UNKNOWN" +}; + +/* + * XSSO 4.2.1 + * XSSO 6 page 92 + * + * Get PAM standard error message string + */ + +const char * +pam_strerror(pam_handle_t *pamh, + int error_number) +{ + static char unknown[16]; + + (void)pamh; + + switch (error_number) { + case PAM_SUCCESS: + return ("success"); + case PAM_OPEN_ERR: + return ("failed to load module"); + case PAM_SYMBOL_ERR: + return ("invalid symbol"); + case PAM_SERVICE_ERR: + return ("error in service module"); + case PAM_SYSTEM_ERR: + return ("system error"); + case PAM_BUF_ERR: + return ("memory buffer error"); + case PAM_CONV_ERR: + return ("conversation failure"); + case PAM_PERM_DENIED: + return ("permission denied"); + case PAM_MAXTRIES: + return ("maximum number of tries exceeded"); + case PAM_AUTH_ERR: + return ("authentication error"); + case PAM_NEW_AUTHTOK_REQD: + return ("new authentication token required"); + case PAM_CRED_INSUFFICIENT: + return ("insufficient credentials"); + case PAM_AUTHINFO_UNAVAIL: + return ("authentication information is unavailable"); + case PAM_USER_UNKNOWN: + return ("unknown user"); + case PAM_CRED_UNAVAIL: + return ("failed to retrieve user credentials"); + case PAM_CRED_EXPIRED: + return ("user credentials have expired"); + case PAM_CRED_ERR: + return ("failed to set user credentials"); + case PAM_ACCT_EXPIRED: + return ("user account has expired"); + case PAM_AUTHTOK_EXPIRED: + return ("password has expired"); + case PAM_SESSION_ERR: + return ("session failure"); + case PAM_AUTHTOK_ERR: + return ("authentication token failure"); + case PAM_AUTHTOK_RECOVERY_ERR: + return ("failed to recover old authentication token"); + case PAM_AUTHTOK_LOCK_BUSY: + return ("authentication token lock busy"); + case PAM_AUTHTOK_DISABLE_AGING: + return ("authentication token aging disabled"); + case PAM_NO_MODULE_DATA: + return ("module data not found"); + case PAM_IGNORE: + return ("ignore this module"); + case PAM_ABORT: + return ("general failure"); + case PAM_TRY_AGAIN: + return ("try again"); + case PAM_MODULE_UNKNOWN: + return ("unknown module type"); + case PAM_DOMAIN_UNKNOWN: + return ("unknown authentication domain"); + default: + snprintf(unknown, sizeof unknown, "#%d", error_number); + return (unknown); + } +} + +/** + * The =pam_strerror function returns a pointer to a string containing a + * textual description of the error indicated by the =error_number + * argument, in the context of the PAM transaction described by the =pamh + * argument. + */ diff --git a/contrib/openpam/lib/pam_verror.c b/contrib/openpam/lib/pam_verror.c new file mode 100644 index 0000000000..292cadf7bd --- /dev/null +++ b/contrib/openpam/lib/pam_verror.c @@ -0,0 +1,79 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_verror.c#8 $ + */ + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_verror(pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_verror function passes its arguments to =pam_vprompt with a + * style argument of =PAM_ERROR_MSG, and discards the response. + * + * >pam_error + * >pam_vinfo + */ diff --git a/contrib/openpam/lib/pam_vinfo.c b/contrib/openpam/lib/pam_vinfo.c new file mode 100644 index 0000000000..3d02c0a525 --- /dev/null +++ b/contrib/openpam/lib/pam_vinfo.c @@ -0,0 +1,79 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_vinfo.c#8 $ + */ + +#include +#include + +#include +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_vinfo(pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + FREE(rsp); /* ignore response */ + return (r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_vinfo function passes its arguments to =pam_vprompt with a + * style argument of =PAM_TEXT_INFO, and discards the response. + * + * >pam_info + * >pam_verror + */ diff --git a/contrib/openpam/lib/pam_vprompt.c b/contrib/openpam/lib/pam_vprompt.c new file mode 100644 index 0000000000..99215dfa0b --- /dev/null +++ b/contrib/openpam/lib/pam_vprompt.c @@ -0,0 +1,128 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/pam_vprompt.c#13 $ + */ + +#include +#include +#include + +#include + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_vprompt(pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + va_list ap) +{ + char msgbuf[PAM_MAX_MSG_SIZE]; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *rsp; + const struct pam_conv *conv; + const void *convp; + int r; + + ENTER(); + r = pam_get_item(pamh, PAM_CONV, &convp); + if (r != PAM_SUCCESS) + RETURNC(r); + conv = convp; + if (conv == NULL || conv->conv == NULL) { + openpam_log(PAM_LOG_ERROR, "no conversation function"); + RETURNC(PAM_SYSTEM_ERR); + } + vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap); + msg.msg_style = style; + msg.msg = msgbuf; + msgp = &msg; + rsp = NULL; + r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr); + *resp = rsp == NULL ? NULL : rsp->resp; + FREE(rsp); + RETURNC(r); +} + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_vprompt function constructs a string from the =fmt and =ap + * arguments using =vsnprintf, and passes it to the given PAM context's + * conversation function. + * + * The =style argument specifies the type of interaction requested, and + * must be one of the following: + * + * =PAM_PROMPT_ECHO_OFF: + * Display the message and obtain the user's response without + * displaying it. + * =PAM_PROMPT_ECHO_ON: + * Display the message and obtain the user's response. + * =PAM_ERROR_MSG: + * Display the message as an error message, and do not wait + * for a response. + * =PAM_TEXT_INFO: + * Display the message as an informational message, and do + * not wait for a response. + * + * A pointer to the response, or =NULL if the conversation function did + * not return one, is stored in the location pointed to by the =resp + * argument. + * + * The message and response should not exceed =PAM_MAX_MSG_SIZE or + * =PAM_MAX_RESP_SIZE, respectively. + * If they do, they may be truncated. + * + * >pam_error + * >pam_info + * >pam_prompt + * >pam_verror + * >pam_vinfo + */ diff --git a/contrib/openpam/modules/pam_deny/pam_deny.c b/contrib/openpam/modules/pam_deny/pam_deny.c new file mode 100644 index 0000000000..e2d9a8030f --- /dev/null +++ b/contrib/openpam/modules/pam_deny/pam_deny.c @@ -0,0 +1,93 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/modules/pam_deny/pam_deny.c#10 $ + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include + +#include + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_CRED_ERR); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SESSION_ERR); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SESSION_ERR); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_AUTHTOK_ERR); +} + +PAM_MODULE_ENTRY("pam_deny"); diff --git a/contrib/openpam/modules/pam_permit/pam_permit.c b/contrib/openpam/modules/pam_permit/pam_permit.c new file mode 100644 index 0000000000..802450ed09 --- /dev/null +++ b/contrib/openpam/modules/pam_permit/pam_permit.c @@ -0,0 +1,93 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/modules/pam_permit/pam_permit.c#9 $ + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include + +#include + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_permit"); diff --git a/contrib/openpam/modules/pam_unix/pam_unix.c b/contrib/openpam/modules/pam_unix/pam_unix.c new file mode 100644 index 0000000000..259aa60082 --- /dev/null +++ b/contrib/openpam/modules/pam_unix/pam_unix.c @@ -0,0 +1,172 @@ +/*- + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#6 $ + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include + +#include +#include +#include +#include +#include + +#ifdef HAVE_CRYPT_H +# include +#endif + +#include +#include + +#ifndef _OPENPAM +static char password_prompt[] = "Password:"; +#endif + +#ifndef PAM_EXTERN +#define PAM_EXTERN +#endif + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ +#ifndef _OPENPAM + struct pam_conv *conv; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *resp; +#endif + struct passwd *pwd; + const char *user; + char *crypt_password, *password; + int pam_err, retry; + + /* identify user */ + if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) + return (pam_err); + if ((pwd = getpwnam(user)) == NULL) + return (PAM_USER_UNKNOWN); + + /* get password */ +#ifndef _OPENPAM + pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv); + if (pam_err != PAM_SUCCESS) + return (PAM_SYSTEM_ERR); + msg.msg_style = PAM_PROMPT_ECHO_OFF; + msg.msg = password_prompt; + msgp = &msg; +#endif + for (retry = 0; retry < 3; ++retry) { +#ifdef _OPENPAM + pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, + (const char **)&password, NULL); +#else + resp = NULL; + pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr); + if (resp != NULL) { + if (pam_err == PAM_SUCCESS) + password = resp->resp; + else + free(resp->resp); + free(resp); + } +#endif + if (pam_err == PAM_SUCCESS) + break; + } + if (pam_err == PAM_CONV_ERR) + return (pam_err); + if (pam_err != PAM_SUCCESS) + return (PAM_AUTH_ERR); + + /* compare passwords */ + if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) || + (crypt_password = crypt(password, pwd->pw_passwd)) == NULL || + strcmp(crypt_password, pwd->pw_passwd) != 0) + pam_err = PAM_AUTH_ERR; + else + pam_err = PAM_SUCCESS; +#ifndef _OPENPAM + free(password); +#endif + return (pam_err); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SERVICE_ERR); +} + +#ifdef PAM_MODULE_ENTRY +PAM_MODULE_ENTRY("pam_unix"); +#endif -- 2.41.0