diff --git a/contrib/openpam/CREDITS b/contrib/openpam/CREDITS index 43f05597abce..b794299b3228 100644 --- a/contrib/openpam/CREDITS +++ b/contrib/openpam/CREDITS @@ -1,28 +1,30 @@ The OpenPAM library was developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program. Principal design and development by: Dag-Erling Smørgrav The following persons (in no particular order) have contributed, directly or indirectly, with patches, criticism, suggestions, or ideas: Andrew Morgan Brian Fundakowski Feldman Darren J. Moffat + Dmitry V. Levin Eric Melville Gary Winiger Joe Marcus Clarke Juli Mallett Mark Murray + Mike Petullo Mikko Työläjärvi Robert Watson Ruslan Ermilov Solar Designer Takanori Saneto -$P4: //depot/projects/openpam/CREDITS#6 $ +$P4: //depot/projects/openpam/CREDITS#8 $ diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY index 119e0726102c..c1db7e72bb98 100644 --- a/contrib/openpam/HISTORY +++ b/contrib/openpam/HISTORY @@ -1,226 +1,245 @@ +OpenPAM Digitalis 2003-06-01 + + - ENHANCE: Completely rewrite the configuration parser and add + support for the "include" control flag. + + - ENHANCE: Improve portability to NetBSD, OpenBSD and Linux. + + - ENHANCE: Lots of additional paranoia. + + - BUGFIX: The sample su(1) application dropped privileges before + forking instead of after. + + - ENHANCE: Document openpam_log(3). + + - ENHANCE: Other minor documentation fixes. + +Thanks to Dmitry V. Levin for considerable +assistance with this release. +============================================================================ OpenPAM Dianthus 2003-05-02 - BUGFIX: Initialize some potentially uninitialized variables. - BUGFIX: Silence some warnings emitted by gcc -std=iso9899:1999. - BUGFIX: In pam_getenv(), return a pointer to the stored variable instead of a freshly allocated copy. - ENHANCE: Detect recursion in openpam_borrow_cred() - ENHANCE: Make borrowing one's own credentials a no-op. - ENHANCE: Further improve debugging support. - ENHANCE: Clean up some variable names. ============================================================================ OpenPAM Daffodil 2003-01-06 - ENHANCE: Document dependency on (for size_t) - ENHANCE: Slightly improve error detection in openpam_ttyconv(). - BUGFIX: Fix several typos in debugging macros. ============================================================================ OpenPAM Cyclamen 2002-12-12 - ENHANCE: Improve recursion detection in openpam_dispatch(). - ENHANCE: Add debugging messages at entry and exit points of most functions. - ENHANCE: Fix some minor style issues. - BUGFIX: Add default cases to the switches in openpam_log.c. - ENHANCE: Add /usr/local/etc/pam.conf to policy search path. - BUGFIX: In openpam_ttyconv(3), print the prompt to stdout rather than stderr. ============================================================================ OpenPAM Citronella 2002-06-30 - ENHANCE: Add the "binding" control flag (from Solaris 9). - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from Solaris 9). - ENHANCE: Flesh out the pam(3) man page. - ENHANCE: Add an openpam(3) page with cross-references to all the documented OpenPAM API extensions. - ENHANCE: Add a pam_conv(3) man page describing the conversation system. - ENHANCE: Improved sample application. - ENHANCE: Added sample pam_unix module. - BUGFIX: Various documentation nits. ============================================================================ OpenPAM Cinquefoil 2002-05-24 - BUGFIX: Various warnings uncovered by gcc 3.1. - ENHANCE: Add a null conversation function, openpam_nullconv(3). - BUGFIX: Initialize the "other" chain to all zeroes. - ENHANCE: Document openpam_ttyconv(3). ============================================================================ OpenPAM Cinnamon 2002-05-02 - ENHANCE: Add a null conversation function, openpam_nullconv(). - BUGFIX: Various markup bugs in the documentation. - BUGFIX: Document . - BUGFIX: Duplicate expansion of openpam_log() macro arguments. - ENHANCE: Restructure the policy-loading code and align our use of the "other" policy with Solaris and Linux-PAM. - ENHANCE: Log dlopen() and dlsym() failures. - ENHANCE: In openpam_ttyconv(), emit a newline after error and info messages unless the message contains one already. - BUGFIX: In pam_vprompt(), initialize the response pointer to NULL so we can detect whether the conversation function touched it. ============================================================================ OpenPAM Cineraria 2002-04-14 - BUGFIX: Fix confusion between token and prompt in pam_get_authtok(3). - ENHANCE: Improved documentation. - ENHANCE: Adopt the same preprocessor tricks that were used in FreeBSD's version of Linux-PAM to simplify static linking without requiring dummy primitives. - ENHANCE: Move the policy-loading code out of pam_start.c. - BUGFIX: Fix typo in one of the versions of the openpam_log macro. - ENHANCE: Add versioning macros. ============================================================================ OpenPAM Cinchona 2002-04-08 - ENHANCE: Improved documentation for several API functions. - BUGFIX: Fix bug in pam_set_data() that would result in corruption of the module data list. - BUGFIX: Allocate the correct amount of memory for the environment list in pam_putenv(). - ENHANCE: Change pam_get_authtok()'s prototype so the caller can specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and reduce differences between these very similar functions. - ENHANCE: Check flags carefully in pam_authenticate() and pam_chauthtok(). - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're asked for PAM_AUTHTOK, and we have to prompt the user, prompt her twice and compare the responses. - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily switching to user credentials. - ENHANCE: Add openpam_free_data(), a generic cleanup function for pam_set_data() consumers. ============================================================================ OpenPAM Centaury 2002-03-14 - BUGFIX: Add missing #include to openpam_log.c. - BUGFIX: s/PAM_REINITIALISE_CRED/PAM_REINITIALIZE_CRED/. XSSO uses the former, but Solaris and Linux-PAM use the latter. - BUGFIX: The dynamic loader and the module cache contained a number of bugs which would cause a segmentation fault if pam_start(3) was called again after pam_end(3), as happens in login(1), xdm(1) etc. after a failed login. - BUGFIX: Refer to a module by the name used in the policy file, even if the module that was actually loaded was versioned. - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. ============================================================================ OpenPAM Celandine 2002-03-05 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK flag set, then with the PAM_UPDATE_AUTHTOK flag set. - BUGFIX: Failure of a "sufficient" module should not terminate the passwd chain if the PAM_PRELIM_CHECK flag is set. - BUGFIX: Clear PAM_AUTHTOK after running the service modules. - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK flags themselves. - BUGFIX: openpam_set_option() did not support changing the value of an existing option. - ENHANCE: Add support for module versioning. OpenPAM will prefer a module with the same version number as the library itself to one with no version number at all. ============================================================================ OpenPAM Cantaloupe 2002-02-22 - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. - ENHANCE: Add in-line documentation in most source files, and a Perl script that generates mdoc code from that. - BUGFIX: The environment list was not properly NULL-terminated. - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt specified by the module. - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to pam_constants.h to avoid it going stale again. - ENHANCE: Move all code related to static modules into a separate file. - ENHANCE: openpam_ttyconv() now masks most signals while prompting the user, and supports setting a timeout (which defaults to off). - BUGFIX: Some manual pages referenced XSSO even though they documented OpenPAM-specific functions. - ENHANCE: Added openpam_get_option() and openpam_set_option(). - ENHANCE: openpam_get_authtok() now respects the echo_pass, try_first_pass, and use_first_pass options. ============================================================================ OpenPAM Caliopsis 2002-02-13 Fixed a number of bugs in the previous release, including: - a number of bugs in and related to pam_[gs]et_item(3) - off-by-one bug in pam_start.c would trim last character off certain configuration lines - incorrect ordering of an array in openpam_load.c would cause service module functions to get mixed up - missing 'continue' in openpam_dispatch.c caused successes to be counted as failures ============================================================================ OpenPAM Calamite 2002-02-09 First (beta) release. ============================================================================ -$P4: //depot/projects/openpam/HISTORY#18 $ +$P4: //depot/projects/openpam/HISTORY#19 $ diff --git a/contrib/openpam/LICENSE b/contrib/openpam/LICENSE index cb4a292215cf..19a96878542a 100644 --- a/contrib/openpam/LICENSE +++ b/contrib/openpam/LICENSE @@ -1,34 +1,34 @@ -Copyright (c) 2002 Networks Associates Technology, Inc. +Copyright (c) 2002-2003 Networks Associates Technology, Inc. All rights reserved. This software was developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -$P4: //depot/projects/openpam/LICENSE#5 $ +$P4: //depot/projects/openpam/LICENSE#6 $ diff --git a/contrib/openpam/MANIFEST b/contrib/openpam/MANIFEST index 79ac0b20c113..dcfd0d2a7687 100644 --- a/contrib/openpam/MANIFEST +++ b/contrib/openpam/MANIFEST @@ -1,131 +1,135 @@ # -# $P4: //depot/projects/openpam/MANIFEST#13 $ +# $P4: //depot/projects/openpam/MANIFEST#16 $ # CREDITS HISTORY INSTALL LICENSE MANIFEST Makefile +Makefile.inc README RELNOTES bin/Makefile +bin/Makefile.inc bin/su/Makefile bin/su/su.c doc/Makefile doc/man/Makefile doc/man/openpam.3 doc/man/openpam.man doc/man/openpam_borrow_cred.3 doc/man/openpam_free_data.3 doc/man/openpam_get_option.3 doc/man/openpam_log.3 doc/man/openpam_nullconv.3 +doc/man/openpam_readline.3 doc/man/openpam_restore_cred.3 doc/man/openpam_set_option.3 doc/man/openpam_ttyconv.3 doc/man/pam.3 doc/man/pam.man doc/man/pam_acct_mgmt.3 doc/man/pam_authenticate.3 doc/man/pam_chauthtok.3 doc/man/pam_close_session.3 doc/man/pam_conv.3 doc/man/pam_end.3 doc/man/pam_error.3 doc/man/pam_get_authtok.3 doc/man/pam_get_data.3 doc/man/pam_get_item.3 doc/man/pam_get_user.3 doc/man/pam_getenv.3 doc/man/pam_getenvlist.3 doc/man/pam_info.3 doc/man/pam_open_session.3 doc/man/pam_prompt.3 doc/man/pam_putenv.3 doc/man/pam_set_data.3 doc/man/pam_set_item.3 doc/man/pam_setcred.3 doc/man/pam_setenv.3 doc/man/pam_sm_acct_mgmt.3 doc/man/pam_sm_authenticate.3 doc/man/pam_sm_chauthtok.3 doc/man/pam_sm_close_session.3 doc/man/pam_sm_open_session.3 doc/man/pam_sm_setcred.3 doc/man/pam_start.3 doc/man/pam_strerror.3 doc/man/pam_verror.3 doc/man/pam_vinfo.3 doc/man/pam_vprompt.3 include/security/openpam.h include/security/openpam_version.h include/security/pam_appl.h include/security/pam_constants.h include/security/pam_modules.h include/security/pam_types.h lib/Makefile lib/openpam_borrow_cred.c lib/openpam_configure.c lib/openpam_dispatch.c lib/openpam_dynamic.c lib/openpam_findenv.c lib/openpam_free_data.c lib/openpam_get_option.c lib/openpam_impl.h lib/openpam_load.c lib/openpam_log.c lib/openpam_nullconv.c +lib/openpam_readline.c lib/openpam_restore_cred.c lib/openpam_set_option.c lib/openpam_static.c lib/openpam_ttyconv.c lib/pam_acct_mgmt.c lib/pam_authenticate.c lib/pam_authenticate_secondary.c lib/pam_chauthtok.c lib/pam_close_session.c lib/pam_end.c lib/pam_error.c lib/pam_get_authtok.c lib/pam_get_data.c lib/pam_get_item.c lib/pam_get_mapped_authtok.c lib/pam_get_mapped_username.c lib/pam_get_user.c lib/pam_getenv.c lib/pam_getenvlist.c lib/pam_info.c lib/pam_open_session.c lib/pam_prompt.c lib/pam_putenv.c lib/pam_set_data.c lib/pam_set_item.c lib/pam_set_mapped_authtok.c lib/pam_set_mapped_username.c lib/pam_setcred.c lib/pam_setenv.c lib/pam_sm_acct_mgmt.c lib/pam_sm_authenticate.c lib/pam_sm_authenticate_secondary.c lib/pam_sm_chauthtok.c lib/pam_sm_close_session.c lib/pam_sm_get_mapped_authtok.c lib/pam_sm_get_mapped_username.c lib/pam_sm_open_session.c lib/pam_sm_set_mapped_authtok.c lib/pam_sm_set_mapped_username.c lib/pam_sm_setcred.c lib/pam_start.c lib/pam_strerror.c lib/pam_verror.c lib/pam_vinfo.c lib/pam_vprompt.c misc/gendoc.pl modules/Makefile modules/pam_deny/Makefile modules/pam_deny/pam_deny.c modules/pam_permit/Makefile modules/pam_permit/pam_permit.c modules/pam_unix/Makefile modules/pam_unix/pam_unix.c diff --git a/contrib/openpam/Makefile b/contrib/openpam/Makefile index bba174dcbcef..1e29452081fe 100644 --- a/contrib/openpam/Makefile +++ b/contrib/openpam/Makefile @@ -1,44 +1,44 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS # and Network Associates Laboratories, the Security Research Division # of Network Associates, Inc. under DARPA/SPAWAR contract # N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research # program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/Makefile#7 $ +# $P4: //depot/projects/openpam/Makefile#8 $ # SUBDIR = SUBDIR += modules SUBDIR += lib SUBDIR += bin SUBDIR += doc .include diff --git a/contrib/openpam/Makefile.inc b/contrib/openpam/Makefile.inc new file mode 100644 index 000000000000..3b95c597ad7f --- /dev/null +++ b/contrib/openpam/Makefile.inc @@ -0,0 +1,8 @@ +# $P4: //depot/projects/openpam/Makefile.inc#2 $ + +DESTDIR ?= /usr +BINDIR = /bin +LIBDIR = /lib + +SHLIB_MAJOR = 2 +SHLIB_MINOR = 0 diff --git a/contrib/openpam/RELNOTES b/contrib/openpam/RELNOTES index 02353138ff9e..a2eedcd8afb8 100644 --- a/contrib/openpam/RELNOTES +++ b/contrib/openpam/RELNOTES @@ -1,29 +1,34 @@ - Release notes for OpenPAM Dianthus - ================================== + Release notes for OpenPAM Digitalis + =================================== -This is a maintenance release incorporating a number of minor patches -accumulated since the previous release. +This release incorporates several major changes and improvements and +should be considered BETA QUALITY. This release corresponds to the code used in FreeBSD-CURRENT as of the -release date. It may or may not build on other platforms; previous -releases have been built on NetBSD and (with partial success) MacOS X. +release date. It is also known to build cleanly on NetBSD 1.6, +OpenBSD 3.1, and a number of glibc-based Linux platforms (with BSD +make installed). It may or may not build on other platforms; you will +need a BSD-compatible make(1) (NetBSD's make(1) is easy to port to +most POSIX platforms). Previous versions were successfully built on +MacOS X 10.1, but there seem to be issues with the heavily modified +version of GCC 3.1 that ships with MacOS X 10.2. The library itself is complete. Documentation exists in the form of man pages for the library functions. These man pages are generated by a Perl script from specially marked-up comments in the source files themselves, which minimizes the chance that any of them should be out of date. The distribution also includes three sample modules (pam_deny, pam_permit and pam_unix) and a sample application (su). These are not intended for actual use, but rather to serve as examples for module or application developers. NOTE: to the person who sent me MacOS patches in July 2002: I have lost your name and email address. Please contact me so I can give you proper credit for your contribution. Please direct bug reports and inquiries to des@freebsd.org. -$P4: //depot/projects/openpam/RELNOTES#15 $ +$P4: //depot/projects/openpam/RELNOTES#18 $ diff --git a/contrib/openpam/bin/Makefile b/contrib/openpam/bin/Makefile index 57cc1bebd44b..75bb5ad3710f 100644 --- a/contrib/openpam/bin/Makefile +++ b/contrib/openpam/bin/Makefile @@ -1,41 +1,41 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS # and Network Associates Laboratories, the Security Research Division # of Network Associates, Inc. under DARPA/SPAWAR contract # N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research # program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/bin/Makefile#6 $ +# $P4: //depot/projects/openpam/bin/Makefile#7 $ # SUBDIR = SUBDIR += su .include diff --git a/contrib/openpam/bin/Makefile.inc b/contrib/openpam/bin/Makefile.inc new file mode 100644 index 000000000000..a368da3fa300 --- /dev/null +++ b/contrib/openpam/bin/Makefile.inc @@ -0,0 +1,3 @@ +# $P4: //depot/projects/openpam/bin/Makefile.inc#1 $ + +.include "../Makefile.inc" diff --git a/contrib/openpam/bin/su/Makefile b/contrib/openpam/bin/su/Makefile index c37e880ecf30..17a78a8dcbeb 100644 --- a/contrib/openpam/bin/su/Makefile +++ b/contrib/openpam/bin/su/Makefile @@ -1,45 +1,45 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS # and Network Associates Laboratories, the Security Research Division # of Network Associates, Inc. under DARPA/SPAWAR contract # N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research # program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/bin/su/Makefile#5 $ +# $P4: //depot/projects/openpam/bin/su/Makefile#8 $ # PROG = su WARNS ?= 4 CFLAGS += -I${.CURDIR}/../../include -DPADD = ${.OBJDIR}/../../lib/libpam.so +DPADD = ${.OBJDIR}/../../lib/libpam.a LDADD = -L${.OBJDIR}/../../lib -R${.OBJDIR}/../../lib -lpam NOMAN = YES .include diff --git a/contrib/openpam/bin/su/su.c b/contrib/openpam/bin/su/su.c index 0c8c45db8632..345d601e868d 100644 --- a/contrib/openpam/bin/su/su.c +++ b/contrib/openpam/bin/su/su.c @@ -1,179 +1,186 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/bin/su/su.c#8 $ + * $P4: //depot/projects/openpam/bin/su/su.c#12 $ */ #include #include #include +#include #include #include #include #include #include #include #include #include /* for openpam_ttyconv() */ extern char **environ; static pam_handle_t *pamh; static struct pam_conv pamc; static void usage(void) { fprintf(stderr, "Usage: su [login [args]]\n"); exit(1); } int main(int argc, char *argv[]) { char hostname[MAXHOSTNAMELEN]; const char *user, *tty; char **args, **pam_envlist, **pam_env; struct passwd *pwd; int o, pam_err, status; pid_t pid; while ((o = getopt(argc, argv, "h")) != -1) switch (o) { case 'h': default: usage(); } argc -= optind; argv += optind; + if (argc > 0) { + user = *argv; + --argc; + ++argv; + } else { + user = "root"; + } + /* initialize PAM */ pamc.conv = &openpam_ttyconv; - pam_start("su", argc ? *argv : "root", &pamc, &pamh); + pam_start("su", user, &pamc, &pamh); /* set some items */ gethostname(hostname, sizeof(hostname)); if ((pam_err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) goto pamerr; user = getlogin(); if ((pam_err = pam_set_item(pamh, PAM_RUSER, user)) != PAM_SUCCESS) goto pamerr; tty = ttyname(STDERR_FILENO); if ((pam_err = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS) goto pamerr; /* authenticate the applicant */ if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS) goto pamerr; if ((pam_err = pam_acct_mgmt(pamh, 0)) == PAM_NEW_AUTHTOK_REQD) pam_err = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_err != PAM_SUCCESS) goto pamerr; /* establish the requested credentials */ if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) goto pamerr; /* authentication succeeded; open a session */ if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) goto pamerr; /* get mapped user name; PAM may have changed it */ pam_err = pam_get_item(pamh, PAM_USER, (const void **)&user); if (pam_err != PAM_SUCCESS || (pwd = getpwnam(user)) == NULL) goto pamerr; - /* set uid and groups */ - if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { - warn("initgroups()"); - goto err; - } - if (setgid(pwd->pw_gid) == -1) { - warn("setgid()"); - goto err; - } - if (setuid(pwd->pw_uid) == -1) { - warn("setuid()"); - goto err; - } - /* export PAM environment */ if ((pam_envlist = pam_getenvlist(pamh)) != NULL) { for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env) { putenv(*pam_env); free(*pam_env); } free(pam_envlist); } /* build argument list */ if ((args = calloc(argc + 2, sizeof *args)) == NULL) { warn("calloc()"); goto err; } *args = pwd->pw_shell; memcpy(args + 1, argv, argc * sizeof *args); /* fork and exec */ switch ((pid = fork())) { case -1: warn("fork()"); goto err; case 0: - /* child: start a shell */ + /* child: give up privs and start a shell */ + + /* set uid and groups */ + if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { + warn("initgroups()"); + _exit(1); + } + if (setgid(pwd->pw_gid) == -1) { + warn("setgid()"); + _exit(1); + } + if (setuid(pwd->pw_uid) == -1) { + warn("setuid()"); + _exit(1); + } execve(*args, args, environ); warn("execve()"); _exit(1); default: /* parent: wait for child to exit */ waitpid(pid, &status, 0); /* close the session and release PAM resources */ pam_err = pam_close_session(pamh, 0); pam_end(pamh, pam_err); exit(WEXITSTATUS(status)); } pamerr: - pam_end(pamh, pam_err); fprintf(stderr, "Sorry\n"); - exit(1); err: pam_end(pamh, pam_err); exit(1); } diff --git a/contrib/openpam/doc/Makefile b/contrib/openpam/doc/Makefile index 02ad7af2cab8..18ff33e9fe4f 100644 --- a/contrib/openpam/doc/Makefile +++ b/contrib/openpam/doc/Makefile @@ -1,41 +1,41 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS # and Network Associates Laboratories, the Security Research Division # of Network Associates, Inc. under DARPA/SPAWAR contract # N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research # program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/doc/Makefile#4 $ +# $P4: //depot/projects/openpam/doc/Makefile#5 $ # SUBDIR = SUBDIR += man .include diff --git a/contrib/openpam/doc/man/Makefile b/contrib/openpam/doc/man/Makefile index 4d8b39485036..32c9e4601b66 100644 --- a/contrib/openpam/doc/man/Makefile +++ b/contrib/openpam/doc/man/Makefile @@ -1,106 +1,107 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS # and Network Associates Laboratories, the Security Research Division # of Network Associates, Inc. under DARPA/SPAWAR contract # N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research # program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/doc/man/Makefile#11 $ +# $P4: //depot/projects/openpam/doc/man/Makefile#13 $ # GENDOC = ${.CURDIR}/../../misc/gendoc.pl # Standard PAM API PMAN = PMAN += pam_acct_mgmt.3 PMAN += pam_authenticate.3 PMAN += pam_chauthtok.3 PMAN += pam_close_session.3 PMAN += pam_end.3 PMAN += pam_get_data.3 PMAN += pam_get_item.3 PMAN += pam_get_user.3 PMAN += pam_getenv.3 PMAN += pam_getenvlist.3 PMAN += pam_open_session.3 PMAN += pam_putenv.3 PMAN += pam_set_data.3 PMAN += pam_set_item.3 PMAN += pam_setcred.3 PMAN += pam_start.3 PMAN += pam_strerror.3 # Standard module API MMAN = MMAN += pam_sm_acct_mgmt.3 MMAN += pam_sm_authenticate.3 MMAN += pam_sm_chauthtok.3 MMAN += pam_sm_close_session.3 MMAN += pam_sm_open_session.3 MMAN += pam_sm_setcred.3 # OpenPAM extensions OMAN = OMAN += openpam_borrow_cred.3 OMAN += openpam_free_data.3 OMAN += openpam_get_option.3 OMAN += openpam_log.3 OMAN += openpam_nullconv.3 +OMAN += openpam_readline.3 OMAN += openpam_restore_cred.3 OMAN += openpam_set_option.3 OMAN += openpam_ttyconv.3 OMAN += pam_error.3 OMAN += pam_get_authtok.3 OMAN += pam_info.3 OMAN += pam_prompt.3 OMAN += pam_setenv.3 OMAN += pam_verror.3 OMAN += pam_vinfo.3 OMAN += pam_vprompt.3 MAN = ${PMAN} ${OMAN} ${MMAN} MAN += openpam.3 MAN += pam.3 MAN += pam_conv.3 CLEANFILES += ${PMAN} ${OMAN} ${MMAN} openpam.3 pam.3 .for man in ${PMAN} ${OMAN} ${MMAN} ${man}: ${.CURDIR}/../../lib/${man:R}.c ${GENDOC} perl -w ${GENDOC} ${.CURDIR}/../../lib/${man:R}.c .endfor openpam.3: ${OMAN} ${GENDOC} openpam.man perl -w ${GENDOC} -o ${OMAN} <${.CURDIR}/openpam.man pam.3: ${PMAN} ${GENDOC} pam.man perl -w ${GENDOC} -p ${PMAN} <${.CURDIR}/pam.man .include diff --git a/contrib/openpam/doc/man/openpam.3 b/contrib/openpam/doc/man/openpam.3 index 705218f9f17e..8bb9a4736297 100644 --- a/contrib/openpam/doc/man/openpam.3 +++ b/contrib/openpam/doc/man/openpam.3 @@ -1,133 +1,137 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM 3 .Os .Sh NAME .Nm openpam_borrow_cred , .Nm openpam_free_data , .Nm openpam_get_option , .Nm openpam_log , .Nm openpam_nullconv , +.Nm openpam_readline , .Nm openpam_restore_cred , .Nm openpam_set_option , .Nm openpam_ttyconv , .Nm pam_error , .Nm pam_get_authtok , .Nm pam_info , .Nm pam_prompt , .Nm pam_setenv , .Nm pam_verror , .Nm pam_vinfo , .Nm pam_vprompt .Nd Pluggable Authentication Modules Library .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In security/openpam.h .Ft int .Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd" .Ft void .Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" .Ft const char * .Fn openpam_get_option "pam_handle_t *pamh" "const char *option" .Ft void .Fn openpam_log "int level" "const char *fmt" "..." .Ft int .Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Ft char * +.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" .Ft int .Fn openpam_restore_cred "pam_handle_t *pamh" .Ft int .Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value" .Ft int .Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" .Ft int .Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..." .Ft int .Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" .Ft int .Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..." .Ft int .Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." .Ft int .Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" .Ft int .Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap" .Ft int .Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap" .Ft int .Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" .\" .\" $P4: //depot/projects/openpam/doc/man/openpam.man#1 $ .\" .Sh DESCRIPTION These functions are OpenPAM extensions to the PAM API. Those named .Fn pam_* are, in the author's opinion, logical and necessary extensions to the standard API, while those named .Fn openpam_* are either simple convenience functions, or functions intimately tied to OpenPAM implementation details, and therefore not well suited to standardization. .Sh SEE ALSO .Xr openpam_borrow_cred 3 , .Xr openpam_free_data 3 , .Xr openpam_get_option 3 , .Xr openpam_log 3 , .Xr openpam_nullconv 3 , +.Xr openpam_readline 3 , .Xr openpam_restore_cred 3 , .Xr openpam_set_option 3 , .Xr openpam_ttyconv 3 , .Xr pam_error 3 , .Xr pam_get_authtok 3 , .Xr pam_info 3 , .Xr pam_prompt 3 , .Xr pam_setenv 3 , .Xr pam_verror 3 , .Xr pam_vinfo 3 , .Xr pam_vprompt 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The OpenPAM library and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_borrow_cred.3 b/contrib/openpam/doc/man/openpam_borrow_cred.3 index be643b268c0e..338c383d5b9d 100644 --- a/contrib/openpam/doc/man/openpam_borrow_cred.3 +++ b/contrib/openpam/doc/man/openpam_borrow_cred.3 @@ -1,92 +1,92 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_BORROW_CRED 3 .Os .Sh NAME .Nm openpam_borrow_cred .Nd temporarily borrow user credentials .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h .Ft int .Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd" .Sh DESCRIPTION The .Nm function saves the current credentials and switches to those of the user specified by its .Va pwd argument. The affected credentials are the effective UID, the effective GID, and the group access list. The original credentials can be restored using .Xr openpam_restore_cred 3 . .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr openpam_restore_cred 3 , .Xr pam 3 , .Xr pam_strerror 3 , .Xr setegid 3 , .Xr seteuid 3 , .Xr setgroups 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_free_data.3 b/contrib/openpam/doc/man/openpam_free_data.3 index 902b20c4addb..196247d5e200 100644 --- a/contrib/openpam/doc/man/openpam_free_data.3 +++ b/contrib/openpam/doc/man/openpam_free_data.3 @@ -1,75 +1,75 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_FREE_DATA 3 .Os .Sh NAME .Nm openpam_free_data .Nd generic cleanup function .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h .Ft void .Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" .Sh DESCRIPTION The .Nm is a cleanup function suitable for passing to .Xr pam_set_data 3 . It simply releases the data by passing its .Va data argument to .Xr free 3 . .Sh SEE ALSO .Xr free 3 , .Xr pam 3 , .Xr pam_set_data 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_get_option.3 b/contrib/openpam/doc/man/openpam_get_option.3 index 31f5e9e4e302..1e0afdc753e8 100644 --- a/contrib/openpam/doc/man/openpam_get_option.3 +++ b/contrib/openpam/doc/man/openpam_get_option.3 @@ -1,77 +1,79 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_GET_OPTION 3 .Os .Sh NAME .Nm openpam_get_option .Nd returns the value of a module option .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h .Ft const char * .Fn openpam_get_option "pam_handle_t *pamh" "const char *option" .Sh DESCRIPTION The .Nm function returns the value of the specified option in the context of the currently executing service module, or .Dv NULL if the option is not set or no module is currently executing. +.Pp .Sh RETURN VALUES The .Nm function returns .Dv NULL on failure. .Sh SEE ALSO +.Xr openpam_set_option 3 , .Xr pam 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_log.3 b/contrib/openpam/doc/man/openpam_log.3 index 78edf2f65e8c..f6e2c5956812 100644 --- a/contrib/openpam/doc/man/openpam_log.3 +++ b/contrib/openpam/doc/man/openpam_log.3 @@ -1,66 +1,113 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_LOG 3 .Os .Sh NAME .Nm openpam_log -.Nd it). Do the next best thing +.Nd log a message through syslog .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h .Ft void .Fn openpam_log "int level" "const char *fmt" "..." .Sh DESCRIPTION -No description available. +The +.Nm +function logs messages using +.Xr syslog 3 . +It is primarily +intended for internal use by the library and modules. +.Pp +The +.Va level +argument indicates the importance of the message. The +following levels are defined: +.Bl -tag -width 18n +.It Dv PAM_LOG_DEBUG +Debugging messages. These messages are normally not +logged unless the global integer variable +.Va _openpam_debug +is set to a non-zero value, in which case they are logged +with a +.Xr syslog 3 +priority of +.Dv LOG_DEBUG . +.It Dv PAM_LOG_VERBOSE +Information about the progress of the authentication +process, or other non-essential messages. These messages +are logged with a +.Xr syslog 3 +priority of +.Dv LOG_INFO . +.It Dv PAM_LOG_NOTICE +Messages relating to non-fatal errors. These messages are +logged with a +.Xr syslog 3 +priority of +.Dv LOG_NOTICE . +.It Dv PAM_LOG_ERROR +Messages relating to serious errors. These messages are +logged with a +.Xr syslog 3 +priority of +.Dv LOG_ERR . +.El +.Pp +The remaining arguments are a +.Xr printf 3 +format string and the +corresponding arguments. .Sh SEE ALSO -.Xr pam 3 +.Xr pam 3 , +.Xr printf 3 , +.Xr syslog 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_nullconv.3 b/contrib/openpam/doc/man/openpam_nullconv.3 index 7c1886a0fbb2..21b967f88ced 100644 --- a/contrib/openpam/doc/man/openpam_nullconv.3 +++ b/contrib/openpam/doc/man/openpam_nullconv.3 @@ -1,99 +1,100 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_NULLCONV 3 .Os .Sh NAME .Nm openpam_nullconv .Nd null conversation function .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h .Ft int .Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" .Sh DESCRIPTION The .Nm function is a null conversation function suitable for applications that want to use PAM but don't support interactive dialog with the user. Such applications should set .Dv PAM_AUTHTOK to whatever authentication token they've obtained on their own before calling .Xr pam_authenticate 3 and / or .Xr pam_chauthtok 3 , and their PAM configuration should specify the .Dv use_first_pass option for all modules that require access to the authentication token, to make sure they use .Dv PAM_AUTHTOK rather than try to query the user. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_CONV_ERR Conversation failure. .El .Sh SEE ALSO .Xr openpam_ttyconv 3 , .Xr pam 3 , +.Xr pam_authenticate 3 , .Xr pam_chauthtok 3 , .Xr pam_prompt 3 , .Xr pam_set_item 3 , .Xr pam_strerror 3 , .Xr pam_vprompt 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_get_option.3 b/contrib/openpam/doc/man/openpam_readline.3 similarity index 69% copy from contrib/openpam/doc/man/openpam_get_option.3 copy to contrib/openpam/doc/man/openpam_readline.3 index 31f5e9e4e302..d57d8a19636c 100644 --- a/contrib/openpam/doc/man/openpam_get_option.3 +++ b/contrib/openpam/doc/man/openpam_readline.3 @@ -1,77 +1,107 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 -.Dt OPENPAM_GET_OPTION 3 +.Dd June 1, 2003 +.Dt OPENPAM_READLINE 3 .Os .Sh NAME -.Nm openpam_get_option -.Nd returns the value of a module option +.Nm openpam_readline +.Nd read a line from a file .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h -.Ft const char * -.Fn openpam_get_option "pam_handle_t *pamh" "const char *option" +.Ft char * +.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" .Sh DESCRIPTION The .Nm -function returns the value of the specified -option in the context of the currently executing service module, or -.Dv NULL -if the option is not set or no module is currently executing. +function reads a line from a file, and returns it +in a NUL-terminated buffer allocated with +.Xr malloc 3 . +.Pp +The +.Nm +function performs a certain amount of processing +on the data it reads. +Comments (introduced by a hash sign) are stripped, as is leading and +trailing whitespace. +Any amount of linear whitespace is collapsed to a single space. +Blank lines are ignored. +If a line ends in a backslash, the backslash is stripped and the next +line is appended. +.Pp +If +.Va lineno +is not +.Dv NULL , +the integer variable it points to is +incremented every time a newline character is read. +.Pp +If +.Va lenp +is not +.Dv NULL , +the length of the line (not including the +terminating NUL character) is stored in the variable it points to. +.Pp +The caller is responsible for releasing the returned buffer by passing +it to +.Xr free 3 . .Sh RETURN VALUES The .Nm function returns .Dv NULL on failure. .Sh SEE ALSO +.Xr free 3 , +.Xr malloc 3 , .Xr pam 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_restore_cred.3 b/contrib/openpam/doc/man/openpam_restore_cred.3 index 0f0b3a6649e7..50a0a445a5fb 100644 --- a/contrib/openpam/doc/man/openpam_restore_cred.3 +++ b/contrib/openpam/doc/man/openpam_restore_cred.3 @@ -1,85 +1,85 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_RESTORE_CRED 3 .Os .Sh NAME .Nm openpam_restore_cred .Nd restore credentials .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h .Ft int .Fn openpam_restore_cred "pam_handle_t *pamh" .Sh DESCRIPTION The .Nm function restores the credentials saved by .Xr openpam_borrow_cred 3 . .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_NO_MODULE_DATA Module data not found. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr openpam_borrow_cred 3 , .Xr pam 3 , .Xr pam_strerror 3 , .Xr setegid 3 , .Xr seteuid 3 , .Xr setgroups 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_set_option.3 b/contrib/openpam/doc/man/openpam_set_option.3 index 8c57f85bb81b..da2914bd702e 100644 --- a/contrib/openpam/doc/man/openpam_set_option.3 +++ b/contrib/openpam/doc/man/openpam_set_option.3 @@ -1,80 +1,82 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_SET_OPTION 3 .Os .Sh NAME .Nm openpam_set_option .Nd sets the value of a module option .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h .Ft int .Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value" .Sh DESCRIPTION The .Nm function sets the specified option in the context of the currently executing service module. +.Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO +.Xr openpam_get_option 3 , .Xr pam 3 , .Xr pam_strerror 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/openpam_ttyconv.3 b/contrib/openpam/doc/man/openpam_ttyconv.3 index 02031ff03141..aed6c93c94c9 100644 --- a/contrib/openpam/doc/man/openpam_ttyconv.3 +++ b/contrib/openpam/doc/man/openpam_ttyconv.3 @@ -1,94 +1,94 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt OPENPAM_TTYCONV 3 .Os .Sh NAME .Nm openpam_ttyconv .Nd simple tty-based conversation function .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/openpam.h .Ft int .Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" .Sh DESCRIPTION The .Nm function is a standard conversation function suitable for use on TTY devices. It should be adequate for the needs of most text-based interactive programs. .Pp The .Nm function allows the application to specify a -timeout for user input by setting the global variable +timeout for user input by setting the global integer variable .Va openpam_ttyconv_timeout to the length of the timeout in seconds. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr openpam_nullconv 3 , .Xr pam 3 , .Xr pam_prompt 3 , .Xr pam_strerror 3 , .Xr pam_vprompt 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3 index cf706bc5f3ae..51c7e2ef8fc3 100644 --- a/contrib/openpam/doc/man/pam.3 +++ b/contrib/openpam/doc/man/pam.3 @@ -1,290 +1,290 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM 3 .Os .Sh NAME .Nm pam_acct_mgmt , .Nm pam_authenticate , .Nm pam_chauthtok , .Nm pam_close_session , .Nm pam_end , .Nm pam_get_data , .Nm pam_get_item , .Nm pam_get_user , .Nm pam_getenv , .Nm pam_getenvlist , .Nm pam_open_session , .Nm pam_putenv , .Nm pam_set_data , .Nm pam_set_item , .Nm pam_setcred , .Nm pam_start , .Nm pam_strerror .Nd Pluggable Authentication Modules Library .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In security/pam_appl.h .Ft int .Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" .Ft int .Fn pam_authenticate "pam_handle_t *pamh" "int flags" .Ft int .Fn pam_chauthtok "pam_handle_t *pamh" "int flags" .Ft int .Fn pam_close_session "pam_handle_t *pamh" "int flags" .Ft int .Fn pam_end "pam_handle_t *pamh" "int status" .Ft int .Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "const void **data" .Ft int .Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item" .Ft int .Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" .Ft const char * .Fn pam_getenv "pam_handle_t *pamh" "const char *name" .Ft char ** .Fn pam_getenvlist "pam_handle_t *pamh" .Ft int .Fn pam_open_session "pam_handle_t *pamh" "int flags" .Ft int .Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" .Ft int .Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" .Ft int .Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" .Ft int .Fn pam_setcred "pam_handle_t *pamh" "int flags" .Ft int .Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" .Ft const char * .Fn pam_strerror "pam_handle_t *pamh" "int error_number" .\" .\" $P4: //depot/projects/openpam/doc/man/pam.man#1 $ .\" .Sh DESCRIPTION The Pluggable Authentication Modules (PAM) library abstracts a number of common authentication-related operations and provides a framework for dynamically loaded modules that implement these operations in various ways. .Ss Terminology In PAM parlance, the application that uses PAM to authenticate a user is the server, and is identified for configuration purposes by a service name, which is often (but not necessarily) the program name. .Pp The user requesting authentication is called the applicant, while the user (usually, root) charged with verifying his identity and granting him the requested credentials is called the arbitrator. .Pp The sequence of operations the server goes through to authenticate a user and perform whatever task he requested is a PAM transaction; the context within which the server performs the requested task is called a session. .Pp The functionality embodied by PAM is divided into six primitives grouped into four facilities: authentication, account management, session management and password management. .Ss Conversation The PAM library expects the application to provide a conversation callback which it can use to communicate with the user. Some modules may use specialized conversation functions to communicate with special hardware such as cryptographic dongles or biometric devices. See .Xr pam_conv 3 for details. .Ss Initialization And Cleanup The .Fn pam_start function initializes the PAM library and returns a handle which must be provided in all subsequent function calls. The transaction state is contained entirely within the structure identified by this handle, so it is possible to conduct multiple transactions in parallel. .Pp The .Fn pam_end function releases all resources associated with the specified context, and can be called at any time to terminate a PAM transaction. .Ss Storage The .Fn pam_set_item and .Fn pam_get_item functions set and retrieve a number of predefined items, including the service name, the names of the requesting and target users, the conversation function, and prompts. .Pp The .Fn pam_set_data and .Fn pam_get_data manage named chunks of free-form data, generally used by modules to store state from one invocation to another. .Ss Authentication There are two authentication primitives: .Fn pam_authenticate and .Fn pam_setcred . The former authenticates the user, while the latter manages his credentials. .Ss Account Management The .Fn pam_acct_mgmt function enforces policies such as password expiry, account expiry, time-of-day restrictions, and so forth. .Ss Session Management The .Fn pam_open_session and .Fn pam_close_session handle session setup and teardown. .Ss Password Management The .Fn pam_chauthtok function allows the server to change the user's password, either at the user's request or because the password has expired. .Ss Miscellaneous The .Fn pam_putenv , .Fn pam_getenv and .Fn pam_getenvlist manage a private environment list in which modules can set environment variables they want the server to export during the session. .Pp The .Fn pam_strerror function returns a pointer to a string describing a the specified PAM error code. .Sh RETURN VALUES The following return codes are defined by .Aq Pa security/pam_constants.h : .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_ACCT_EXPIRED User accound has expired. .It Bq Er PAM_AUTHINFO_UNAVAIL Authentication information is unavailable. .It Bq Er PAM_AUTHTOK_DISABLE_AGING Authentication token aging disabled. .It Bq Er PAM_AUTHTOK_ERR Authentication token failure. .It Bq Er PAM_AUTHTOK_EXPIRED Password has expired. .It Bq Er PAM_AUTHTOK_LOCK_BUSY Authentication token lock busy. .It Bq Er PAM_AUTHTOK_RECOVERY_ERR Failed to recover old authentication token. .It Bq Er PAM_AUTH_ERR Authentication error. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_CRED_ERR Failed to set user credentials. .It Bq Er PAM_CRED_EXPIRED User credentials have expired. .It Bq Er PAM_CRED_INSUFFICIENT Insufficient credentials. .It Bq Er PAM_CRED_UNAVAIL Failed to retrieve user credentials. .It Bq Er PAM_DOMAIN_UNKNOWN Unknown authentication domain. .It Bq Er PAM_IGNORE Ignore this module. .It Bq Er PAM_MAXTRIES Maximum number of tries exceeded. .It Bq Er PAM_MODULE_UNKNOWN Unknown module type. .It Bq Er PAM_NEW_AUTHTOK_REQD New authentication token required. .It Bq Er PAM_NO_MODULE_DATA Module data not found. .It Bq Er PAM_OPEN_ERR Failed to load module. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SESSION_ERR Session failure. .It Bq Er PAM_SUCCESS Success. .It Bq Er PAM_SYMBOL_ERR Invalid symbol. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_TRY_AGAIN Try again. .It Bq Er PAM_USER_UNKNOWN Unknown user. .El .Sh SEE ALSO .Xr openpam 3 .Xr pam_acct_mgmt 3 , .Xr pam_authenticate 3 , .Xr pam_chauthtok 3 , .Xr pam_close_session 3 , .Xr pam_conv 3 , .Xr pam_end 3 , .Xr pam_get_data 3 , .Xr pam_get_item 3 , .Xr pam_get_user 3 , .Xr pam_getenv 3 , .Xr pam_getenvlist 3 , .Xr pam_open_session 3 , .Xr pam_putenv 3 , .Xr pam_set_data 3 , .Xr pam_set_item 3 , .Xr pam_setcred 3 , .Xr pam_start 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The OpenPAM library and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3 index 4737b0baf474..b82894f214a5 100644 --- a/contrib/openpam/doc/man/pam_acct_mgmt.3 +++ b/contrib/openpam/doc/man/pam_acct_mgmt.3 @@ -1,113 +1,112 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_ACCT_MGMT 3 .Os .Sh NAME .Nm pam_acct_mgmt .Nd perform PAM account validation procedures .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The .Nm function verifies and enforces account restrictions after the user has been authenticated. .Pp The .Va flags argument is the binary or of zero or more of the following values: .Bl -tag -width 18n .It Dv PAM_SILENT Do not emit any messages. .It Dv PAM_DISALLOW_NULL_AUTHTOK Fail if the user's authentication token is null. .El .Pp If any other bits are set, -.Xr pam_authenticate 3 +.Nm will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_ACCT_EXPIRED User accound has expired. .It Bq Er PAM_AUTH_ERR Authentication error. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_NEW_AUTHTOK_REQD New authentication token required. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_USER_UNKNOWN Unknown user. .El .Sh SEE ALSO .Xr pam 3 , -.Xr pam_authenticate 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3 index b76fc9d599d7..89768af1e771 100644 --- a/contrib/openpam/doc/man/pam_authenticate.3 +++ b/contrib/openpam/doc/man/pam_authenticate.3 @@ -1,126 +1,126 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_AUTHENTICATE 3 .Os .Sh NAME .Nm pam_authenticate .Nd perform authentication within the PAM framework .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_authenticate "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The .Nm function attempts to authenticate the user associated with the pam context specified by the .Va pamh argument. .Pp The application is free to call .Nm as many times as it wishes, but some modules may maintain an internal retry counter and return .Dv PAM_MAXTRIES when it exceeds some preset or hardcoded limit. .Pp The .Va flags argument is the binary or of zero or more of the following values: .Bl -tag -width 18n .It Dv PAM_SILENT Do not emit any messages. .It Dv PAM_DISALLOW_NULL_AUTHTOK Fail if the user's authentication token is null. .El .Pp If any other bits are set, .Nm will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_AUTHINFO_UNAVAIL Authentication information is unavailable. .It Bq Er PAM_AUTH_ERR Authentication error. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_CRED_INSUFFICIENT Insufficient credentials. .It Bq Er PAM_MAXTRIES Maximum number of tries exceeded. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SYMBOL_ERR Invalid symbol. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_USER_UNKNOWN Unknown user. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3 index 9fa59dd0098e..0856fa074810 100644 --- a/contrib/openpam/doc/man/pam_chauthtok.3 +++ b/contrib/openpam/doc/man/pam_chauthtok.3 @@ -1,118 +1,118 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_CHAUTHTOK 3 .Os .Sh NAME .Nm pam_chauthtok .Nd perform password related functions within the PAM framework .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_chauthtok "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The .Nm function attempts to change the authentication token for the user associated with the pam context specified by the .Va pamh argument. .Pp The .Va flags argument is the binary or of zero or more of the following values: .Bl -tag -width 18n .It Dv PAM_SILENT Do not emit any messages. .It Dv PAM_CHANGE_EXPIRED_AUTHTOK Change only those authentication tokens that have expired. .El .Pp If any other bits are set, .Nm will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_AUTHTOK_DISABLE_AGING Authentication token aging disabled. .It Bq Er PAM_AUTHTOK_ERR Authentication token failure. .It Bq Er PAM_AUTHTOK_LOCK_BUSY Authentication token lock busy. .It Bq Er PAM_AUTHTOK_RECOVERY_ERR Failed to recover old authentication token. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SYMBOL_ERR Invalid symbol. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_TRY_AGAIN Try again. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3 index 63097253265f..94e0720c8099 100644 --- a/contrib/openpam/doc/man/pam_close_session.3 +++ b/contrib/openpam/doc/man/pam_close_session.3 @@ -1,108 +1,108 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_CLOSE_SESSION 3 .Os .Sh NAME .Nm pam_close_session .Nd close an existing user session .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_close_session "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The .Nm function tears down the user session previously set up by .Xr pam_open_session 3 . .Pp The .Va flags argument is the binary or of zero or more of the following values: .Bl -tag -width 18n .It Dv PAM_SILENT Do not emit any messages. .El .Pp If any other bits are set, .Nm will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SESSION_ERR Session failure. .It Bq Er PAM_SYMBOL_ERR Invalid symbol. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_open_session 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_conv.3 b/contrib/openpam/doc/man/pam_conv.3 index 00dc572e83d5..cd19cbc0cfd8 100644 --- a/contrib/openpam/doc/man/pam_conv.3 +++ b/contrib/openpam/doc/man/pam_conv.3 @@ -1,182 +1,182 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2002-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#2 $ +.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#3 $ .\" .Dd May 27, 2002 .Dt PAM_CONV 3 .Os .Sh NAME .Nm pam_conv .Nd PAM conversation system .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In security/pam_appl.h .Bd -literal struct pam_message { int msg_style; char *msg; }; struct pam_response { char *resp; int resp_retcode; }; struct pam_conv { int (*conv)(int, const struct pam_message **, struct pam_response **, void *); void *appdata_ptr; }; .Ed .Sh DESCRIPTION The PAM library uses an application-defined callback to communicate with the user. This callback is specified by the .Vt struct pam_conv passed to .Fn pam_start at the start of the transaction. It is also possible to set or change the conversation function at any point during a PAM transaction by changing the value of the .Dv PAM_CONV item. .Pp The conversation function's first argument specifies the number of messages (up to .Dv PAM_NUM_MSG ) to process. The second argument is a pointer to a contiguous array of .Vt struct pam_message containing the actual messages. .Pp Each message can have one of four types, specified by the .Va msg_style member of .Vt struct pam_message : .Bl -tag -width 18n .It Dv PAM_PROMPT_ECHO_OFF Display a prompt and accept the user's response without echoing it to the terminal. This is commonly used for passwords. .It Dv PAM_PROMPT_ECHO_ON Display a prompt and accept the user's response, echoing it to the terminal. This is commonly used for login names and one-time passphrases. .It Dv PAM_ERROR_MSG Display an error message. .It Dv PAM_TEXT_INFO Display an informational message. .El .Pp In each case, the prompt or message to display is pointed to by the .Va msg member of .Vt struct pam_message . It can be up to .Dv PAM_MAX_MSG_SIZE characters long, including the terminating NUL. .Pp On success, the conversation function should allocate and fill a contiguous array of .Vt struct pam_response , one for each message that was passed in. A pointer to the user's response to each message (or .Dv NULL in the case of informational or error messages) should be stored in the .Va resp member of the corresponding .Vt struct pam_response . Each response can be up to .Dv PAM_MAX_RESP_SIZE characters long, including the terminating NUL. .Pp The .Va resp_retcode member of .Vt struct pam_response is unused and should be set to zero. .Pp The conversation function should store a pointer to this array in the location pointed to by its third argument. It is the caller's responsibility to release both this array and the responses themselves, using .Xr free 3 . It is the conversation function's responsibility to ensure that it is legal to do so. .Pp The .Va appdata_ptr member of .Vt struct pam_conv is passed unmodified to the conversation function as its fourth and final argument. .Pp On failure, the conversation function should release any resources it has allocated, and return one of the predefined PAM error codes. .Sh RETURN VALUES The conversation function should return one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SUCCESS Success. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr openpam_ttyconv 3 , .Xr openpam_nullconv 3 , .Xr pam 3 , .Xr pam_error 3 , .Xr pam_get_item 3 , .Xr pam_info 3 , .Xr pam_prompt 3 , .Xr pam_set_item 3 , .Xr pam_start 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The OpenPAM library and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3 index f9998110d470..d4bebc8e2029 100644 --- a/contrib/openpam/doc/man/pam_end.3 +++ b/contrib/openpam/doc/man/pam_end.3 @@ -1,85 +1,85 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_END 3 .Os .Sh NAME .Nm pam_end .Nd terminate the PAM transaction .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_end "pam_handle_t *pamh" "int status" .Sh DESCRIPTION The .Nm function terminates a PAM transaction and destroys the corresponding PAM context, releasing all resources allocated to it. .Pp The .Va status argument should be set to the error code returned by the last API call before the call to .Nm . .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3 index 48bcb991a799..583cd7ad489f 100644 --- a/contrib/openpam/doc/man/pam_error.3 +++ b/contrib/openpam/doc/man/pam_error.3 @@ -1,85 +1,85 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_ERROR 3 .Os .Sh NAME .Nm pam_error .Nd display an error message .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..." .Sh DESCRIPTION The .Nm function displays an error message through the intermediary of the given PAM context's conversation function. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_info 3 , .Xr pam_prompt 3 , .Xr pam_strerror 3 , .Xr pam_verror 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3 index 29764d1ead84..515b6d04c50d 100644 --- a/contrib/openpam/doc/man/pam_get_authtok.3 +++ b/contrib/openpam/doc/man/pam_get_authtok.3 @@ -1,131 +1,131 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GET_AUTHTOK 3 .Os .Sh NAME .Nm pam_get_authtok .Nd retrieve authentication token .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" .Sh DESCRIPTION The .Nm function returns the cached authentication token, or prompts the user if no token is currently cached. Either way, a pointer to the authentication token is stored in the location pointed to by the .Va authtok argument. .Pp The .Va item argument must have one of the following values: .Bl -tag -width 18n .It Dv PAM_AUTHTOK Returns the current authentication token, or the new token when changing authentication tokens. .It Dv PAM_OLDAUTHTOK Returns the previous authentication token when changing authentication tokens. .El .Pp The .Va prompt argument specifies a prompt to use if no token is cached. If it is .Dv NULL , the .Dv PAM_AUTHTOK_PROMPT or .Dv PAM_OLDAUTHTOK_PROMPT item, as appropriate, will be used. If that item is also .Dv NULL , a hardcoded default prompt will be used. .Pp If .Va item is set to .Dv PAM_AUTHTOK and there is a non-null .Dv PAM_OLDAUTHTOK item, .Nm will ask the user to confirm the new token by retyping it. If there is a mismatch, .Nm will return .Dv PAM_TRY_AGAIN . .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_TRY_AGAIN Try again. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_get_item 3 , .Xr pam_get_user 3 , .Xr pam_strerror 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3 index ec6f66afc5af..0e8eadd17bd4 100644 --- a/contrib/openpam/doc/man/pam_get_data.3 +++ b/contrib/openpam/doc/man/pam_get_data.3 @@ -1,94 +1,94 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GET_DATA 3 .Os .Sh NAME .Nm pam_get_data .Nd get module information .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "const void **data" .Sh DESCRIPTION The .Nm function looks up the opaque object associated with the string specified by the .Va module_data_name argument, in the PAM context specified by the .Va pamh argument. A pointer to the object is stored in the location pointed to by the .Va data argument. .Pp This function and its counterpart .Xr pam_set_data 3 are useful for managing data that are meaningful only to a particular service module. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_NO_MODULE_DATA Module data not found. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_set_data 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3 index 9e0c9a57759f..560603f5ae3e 100644 --- a/contrib/openpam/doc/man/pam_get_item.3 +++ b/contrib/openpam/doc/man/pam_get_item.3 @@ -1,127 +1,127 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GET_ITEM 3 .Os .Sh NAME .Nm pam_get_item .Nd get PAM information .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item" .Sh DESCRIPTION The .Nm function stores a pointer to the item specified by the .Va item_type argument in the location specified by the .Va item argument. The item is retrieved from the PAM context specified by the .Va pamh argument. The following item types are recognized: .Bl -tag -width 18n .It Dv PAM_SERVICE The name of the requesting service. .It Dv PAM_USER The name of the user the application is trying to authenticate. .It Dv PAM_TTY The name of the current terminal. .It Dv PAM_RHOST The name of the applicant's host. .It Dv PAM_CONV A .Vt struct pam_conv describing the current conversation function. .It Dv PAM_AUTHTOK The current authentication token. .It Dv PAM_OLDAUTHTOK The expired authentication token. .It Dv PAM_RUSER The name of the applicant. .It Dv PAM_USER_PROMPT The prompt to use when asking the applicant for a user name to authenticate as. .It Dv PAM_AUTHTOK_PROMPT The prompt to use when asking the applicant for an authentication token. .It Dv PAM_OLDAUTHTOK_PROMPT The prompt to use when asking the applicant for an expired authentication token prior to changing it. .El .Pp See .Xr pam_start 3 for a description of .Vt struct pam_conv . .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_SYMBOL_ERR Invalid symbol. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_set_item 3 , .Xr pam_start 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3 index 0f9beeb01a4d..756c1af49ca2 100644 --- a/contrib/openpam/doc/man/pam_get_user.3 +++ b/contrib/openpam/doc/man/pam_get_user.3 @@ -1,107 +1,107 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GET_USER 3 .Os .Sh NAME .Nm pam_get_user .Nd retrieve user name .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" .Sh DESCRIPTION The .Nm function returns the name of the target user, as specified to .Xr pam_start 3 . If no user was specified, nor set using .Xr pam_set_item 3 , .Nm will prompt for a user name. Either way, a pointer to the user name is stored in the location pointed to by the .Va user argument. .Pp The .Va prompt argument specifies a prompt to use if no user name is cached. If it is .Dv NULL , the .Dv PAM_USER_PROMPT will be used. If that item is also .Dv NULL , a hardcoded default prompt will be used. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_get_authtok 3 , .Xr pam_get_item 3 , .Xr pam_set_item 3 , .Xr pam_start 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3 index 50fa64dc3293..a0daa181b852 100644 --- a/contrib/openpam/doc/man/pam_getenv.3 +++ b/contrib/openpam/doc/man/pam_getenv.3 @@ -1,83 +1,83 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GETENV 3 .Os .Sh NAME .Nm pam_getenv .Nd retrieve the value of a PAM environment variable .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft const char * .Fn pam_getenv "pam_handle_t *pamh" "const char *name" .Sh DESCRIPTION The .Nm function returns the value of an environment variable. Its semantics are similar to those of .Xr getenv 3 , but it accesses the PAM context's environment list instead of the application's. .Pp .Sh RETURN VALUES The .Nm function returns .Dv NULL on failure. .Sh SEE ALSO .Xr getenv 3 , .Xr pam 3 , .Xr pam_getenvlist 3 , .Xr pam_putenv 3 , .Xr pam_setenv 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3 index cb790786f630..cd013e4e4d25 100644 --- a/contrib/openpam/doc/man/pam_getenvlist.3 +++ b/contrib/openpam/doc/man/pam_getenvlist.3 @@ -1,104 +1,104 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_GETENVLIST 3 .Os .Sh NAME .Nm pam_getenvlist .Nd returns a list of all the PAM environment variables .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft char ** .Fn pam_getenvlist "pam_handle_t *pamh" .Sh DESCRIPTION The .Nm function returns a copy of the given PAM context's environment list as a pointer to an array of strings. The last element in the array is .Dv NULL . The pointer is suitable for assignment to .Va environ . .Pp The array and the strings it lists are allocated using .Xr malloc 3 , and should be released using .Xr free 3 after use: .Pp .Bd -literal char **envlist, **env; envlist = environ; environ = pam_getenvlist(pamh); /* do something nifty */ for (env = environ; *env != NULL; env++) free(*env); free(environ); environ = envlist; .Ed .Sh RETURN VALUES The .Nm function returns .Dv NULL on failure. .Sh SEE ALSO .Xr environ 7 , .Xr free 3 , .Xr malloc 3 , .Xr pam 3 , .Xr pam_getenv 3 , .Xr pam_putenv 3 , .Xr pam_setenv 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3 index 60c7799a1e20..e6cffe0c8c8b 100644 --- a/contrib/openpam/doc/man/pam_info.3 +++ b/contrib/openpam/doc/man/pam_info.3 @@ -1,85 +1,85 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_INFO 3 .Os .Sh NAME .Nm pam_info .Nd display an information message .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..." .Sh DESCRIPTION The .Nm function displays an informational message through the intermediary of the given PAM context's conversation function. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_error 3 , .Xr pam_prompt 3 , .Xr pam_strerror 3 , .Xr pam_vinfo 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3 index ee3485957208..d00c9d2dc56e 100644 --- a/contrib/openpam/doc/man/pam_open_session.3 +++ b/contrib/openpam/doc/man/pam_open_session.3 @@ -1,108 +1,108 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_OPEN_SESSION 3 .Os .Sh NAME .Nm pam_open_session .Nd open a user session .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_open_session "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The .Nm sets up a user session for a previously authenticated user. The session should later be torn down by a call to .Xr pam_close_session 3 . .Pp The .Va flags argument is the binary or of zero or more of the following values: .Bl -tag -width 18n .It Dv PAM_SILENT Do not emit any messages. .El .Pp If any other bits are set, .Nm will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SESSION_ERR Session failure. .It Bq Er PAM_SYMBOL_ERR Invalid symbol. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_close_session 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3 index be2abf4c83e3..978730657ad7 100644 --- a/contrib/openpam/doc/man/pam_prompt.3 +++ b/contrib/openpam/doc/man/pam_prompt.3 @@ -1,97 +1,97 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_PROMPT 3 .Os .Sh NAME .Nm pam_prompt .Nd call the conversation function .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." .Sh DESCRIPTION The .Nm function constructs a message from the specified format string and arguments and passes it to the given PAM context's conversation function. .Pp A pointer to the response, or .Dv NULL if the conversation function did not return one, is stored in the location pointed to by the .Va resp argument. .Pp See .Xr pam_vprompt 3 for further details. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_error 3 , .Xr pam_info 3 , .Xr pam_strerror 3 , .Xr pam_vprompt 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3 index db571cd77ba3..544371d77593 100644 --- a/contrib/openpam/doc/man/pam_putenv.3 +++ b/contrib/openpam/doc/man/pam_putenv.3 @@ -1,88 +1,88 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_PUTENV 3 .Os .Sh NAME .Nm pam_putenv .Nd set the value of an environment variable .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" .Sh DESCRIPTION The .Nm function sets a environment variable. Its semantics are similar to those of .Xr putenv 3 , but it modifies the PAM context's environment list instead of the application's. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_getenv 3 , .Xr pam_getenvlist 3 , .Xr pam_setenv 3 , .Xr pam_strerror 3 , .Xr putenv 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3 index 61a2c78716a7..600cd7eac483 100644 --- a/contrib/openpam/doc/man/pam_set_data.3 +++ b/contrib/openpam/doc/man/pam_set_data.3 @@ -1,99 +1,99 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SET_DATA 3 .Os .Sh NAME .Nm pam_set_data .Nd set module information .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" .Sh DESCRIPTION The .Nm function associates a pointer to an opaque object with an arbitrary string specified by the .Va module_data_name argument, in the PAM context specified by the .Va pamh argument. .Pp If not .Dv NULL , the .Xr cleanup 3 argument should point to a function responsible for releasing the resources associated with the object. .Pp This function and its counterpart .Xr pam_get_data 3 are useful for managing data that are meaningful only to a particular service module. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr cleanup 3 , .Xr pam 3 , .Xr pam_get_data 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3 index 895a6a88e3a6..b37d9b93480a 100644 --- a/contrib/openpam/doc/man/pam_set_item.3 +++ b/contrib/openpam/doc/man/pam_set_item.3 @@ -1,92 +1,92 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SET_ITEM 3 .Os .Sh NAME .Nm pam_set_item .Nd set authentication information .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" .Sh DESCRIPTION The .Nm function sets the item specified by the .Va item_type argument to a copy of the object pointed to by the .Va item argument. The item is stored in the PAM context specified by the .Va pamh argument. See .Xr pam_get_item 3 for a list of recognized item types. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_SYMBOL_ERR Invalid symbol. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_get_item 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3 index 3ce4dee0868d..81277b5d47a0 100644 --- a/contrib/openpam/doc/man/pam_setcred.3 +++ b/contrib/openpam/doc/man/pam_setcred.3 @@ -1,121 +1,121 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SETCRED 3 .Os .Sh NAME .Nm pam_setcred .Nd modify / delete user credentials for an authentication service .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_setcred "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION The .Nm function manages the application's credentials. .Pp The .Va flags argument is the binary or of zero or more of the following values: .Bl -tag -width 18n .It Dv PAM_SILENT Do not emit any messages. .It Dv PAM_ESTABLISH_CRED Establish the credentials of the target user. .It Dv PAM_DELETE_CRED Revoke all established credentials. .It Dv PAM_REINITIALIZE_CRED Fully reinitialise credentials. .It Dv PAM_REFRESH_CRED Refresh credentials. .El .Pp The latter four are mutually exclusive. .Pp If any other bits are set, .Nm will return .Dv PAM_SYMBOL_ERR . .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_CRED_ERR Failed to set user credentials. .It Bq Er PAM_CRED_EXPIRED User credentials have expired. .It Bq Er PAM_CRED_UNAVAIL Failed to retrieve user credentials. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SYMBOL_ERR Invalid symbol. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_USER_UNKNOWN Unknown user. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3 index d06173da769c..bc51afa32500 100644 --- a/contrib/openpam/doc/man/pam_setenv.3 +++ b/contrib/openpam/doc/man/pam_setenv.3 @@ -1,87 +1,87 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SETENV 3 .Os .Sh NAME .Nm pam_setenv .Nd mirrors setenv(3) .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" .Sh DESCRIPTION The .Nm function sets a environment variable. Its semantics are similar to those of .Xr setenv 3 , but it modifies the PAM context's environment list instead of the application's. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_getenv 3 , .Xr pam_getenvlist 3 , .Xr pam_putenv 3 , .Xr pam_strerror 3 , .Xr setenv 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 index c8cdce267853..9d8c805fe496 100644 --- a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 +++ b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 @@ -1,102 +1,102 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_ACCT_MGMT 3 .Os .Sh NAME .Nm pam_sm_acct_mgmt .Nd service module implementation for pam_acct_mgmt .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/pam_modules.h .Ft int .Fn pam_sm_acct_mgmt "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The .Nm function is the service module's implementation of the .Xr pam_acct_mgmt 3 API function. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_ACCT_EXPIRED User accound has expired. .It Bq Er PAM_AUTH_ERR Authentication error. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_IGNORE Ignore this module. .It Bq Er PAM_NEW_AUTHTOK_REQD New authentication token required. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_USER_UNKNOWN Unknown user. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_acct_mgmt 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_authenticate.3 b/contrib/openpam/doc/man/pam_sm_authenticate.3 index 5c2ce1974fd4..e29b354b2931 100644 --- a/contrib/openpam/doc/man/pam_sm_authenticate.3 +++ b/contrib/openpam/doc/man/pam_sm_authenticate.3 @@ -1,104 +1,104 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_AUTHENTICATE 3 .Os .Sh NAME .Nm pam_sm_authenticate .Nd service module implementation for pam_authenticate .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/pam_modules.h .Ft int .Fn pam_sm_authenticate "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The .Nm function is the service module's implementation of the .Xr pam_authenticate 3 API function. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_AUTHINFO_UNAVAIL Authentication information is unavailable. .It Bq Er PAM_AUTH_ERR Authentication error. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_CRED_INSUFFICIENT Insufficient credentials. .It Bq Er PAM_IGNORE Ignore this module. .It Bq Er PAM_MAXTRIES Maximum number of tries exceeded. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_USER_UNKNOWN Unknown user. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_authenticate 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_chauthtok.3 b/contrib/openpam/doc/man/pam_sm_chauthtok.3 index 9ac8f4ad2fa0..44702b159cf0 100644 --- a/contrib/openpam/doc/man/pam_sm_chauthtok.3 +++ b/contrib/openpam/doc/man/pam_sm_chauthtok.3 @@ -1,104 +1,104 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_CHAUTHTOK 3 .Os .Sh NAME .Nm pam_sm_chauthtok .Nd service module implementation for pam_chauthtok .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/pam_modules.h .Ft int .Fn pam_sm_chauthtok "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The .Nm function is the service module's implementation of the .Xr pam_chauthtok 3 API function. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_AUTHTOK_DISABLE_AGING Authentication token aging disabled. .It Bq Er PAM_AUTHTOK_ERR Authentication token failure. .It Bq Er PAM_AUTHTOK_LOCK_BUSY Authentication token lock busy. .It Bq Er PAM_AUTHTOK_RECOVERY_ERR Failed to recover old authentication token. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_IGNORE Ignore this module. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_TRY_AGAIN Try again. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_chauthtok 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_close_session.3 b/contrib/openpam/doc/man/pam_sm_close_session.3 index 9645c4c85dc0..99fd18704518 100644 --- a/contrib/openpam/doc/man/pam_sm_close_session.3 +++ b/contrib/openpam/doc/man/pam_sm_close_session.3 @@ -1,96 +1,96 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_CLOSE_SESSION 3 .Os .Sh NAME .Nm pam_sm_close_session .Nd service module implementation for pam_close_session .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/pam_modules.h .Ft int .Fn pam_sm_close_session "pam_handle_t *pamh" "int flags" "int args" "const char **argv" .Sh DESCRIPTION The .Nm function is the service module's implementation of the .Xr pam_close_session 3 API function. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_IGNORE Ignore this module. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SESSION_ERR Session failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_close_session 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_open_session.3 b/contrib/openpam/doc/man/pam_sm_open_session.3 index aa72614cfb8f..cef70e529863 100644 --- a/contrib/openpam/doc/man/pam_sm_open_session.3 +++ b/contrib/openpam/doc/man/pam_sm_open_session.3 @@ -1,96 +1,96 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_OPEN_SESSION 3 .Os .Sh NAME .Nm pam_sm_open_session .Nd service module implementation for pam_open_session .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/pam_modules.h .Ft int .Fn pam_sm_open_session "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The .Nm function is the service module's implementation of the .Xr pam_open_session 3 API function. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_IGNORE Ignore this module. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SESSION_ERR Session failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_open_session 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_sm_setcred.3 b/contrib/openpam/doc/man/pam_sm_setcred.3 index 428a5aa538ac..5e297a33f2dc 100644 --- a/contrib/openpam/doc/man/pam_sm_setcred.3 +++ b/contrib/openpam/doc/man/pam_sm_setcred.3 @@ -1,102 +1,102 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_SM_SETCRED 3 .Os .Sh NAME .Nm pam_sm_setcred .Nd service module implementation for pam_setcred .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .In security/pam_modules.h .Ft int .Fn pam_sm_setcred "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" .Sh DESCRIPTION The .Nm function is the service module's implementation of the .Xr pam_setcred 3 API function. .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_ABORT General failure. .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_CRED_ERR Failed to set user credentials. .It Bq Er PAM_CRED_EXPIRED User credentials have expired. .It Bq Er PAM_CRED_UNAVAIL Failed to retrieve user credentials. .It Bq Er PAM_IGNORE Ignore this module. .It Bq Er PAM_PERM_DENIED Permission denied. .It Bq Er PAM_SERVICE_ERR Error in service module. .It Bq Er PAM_SYSTEM_ERR System error. .It Bq Er PAM_USER_UNKNOWN Unknown user. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_setcred 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3 index f86b798ef162..369d74dc5187 100644 --- a/contrib/openpam/doc/man/pam_start.3 +++ b/contrib/openpam/doc/man/pam_start.3 @@ -1,107 +1,107 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_START 3 .Os .Sh NAME .Nm pam_start .Nd initiate a PAM transaction .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" .Sh DESCRIPTION The .Nm function creates and initializes a PAM context. .Pp The .Va service argument specifies the name of the policy to apply, and is stored in the .Dv PAM_SERVICE item in the created context. .Pp The .Va user argument specifies the name of the target user - the user the created context will serve to authenticate. It is stored in the .Dv PAM_USER item in the created context. .Pp The .Va pam_conv argument points to a .Vt struct pam_conv describing the conversation function to use; see .Va pam_conv for details. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_end 3 , .Xr pam_get_item 3 , .Xr pam_set_item 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3 index 22deadf20901..53998af402c7 100644 --- a/contrib/openpam/doc/man/pam_strerror.3 +++ b/contrib/openpam/doc/man/pam_strerror.3 @@ -1,79 +1,79 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_STRERROR 3 .Os .Sh NAME .Nm pam_strerror .Nd get PAM standard error message string .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft const char * .Fn pam_strerror "pam_handle_t *pamh" "int error_number" .Sh DESCRIPTION The .Nm function returns a pointer to a string containing a textual description of the error indicated by the .Va error_number argument, in the context of the PAM transaction described by the .Va pamh argument. .Sh RETURN VALUES The .Nm function returns .Dv NULL on failure. .Sh SEE ALSO .Xr pam 3 .Sh STANDARDS .Rs .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" .%D "June 1997" .Re .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3 index 82ab71d886b2..419589bcbe91 100644 --- a/contrib/openpam/doc/man/pam_verror.3 +++ b/contrib/openpam/doc/man/pam_verror.3 @@ -1,89 +1,89 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_VERROR 3 .Os .Sh NAME .Nm pam_verror .Nd display an error message .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap" .Sh DESCRIPTION The .Nm function passes its arguments to .Xr pam_vprompt 3 with a style argument of .Dv PAM_ERROR_MSG , and discards the response. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_error 3 , .Xr pam_strerror 3 , .Xr pam_vinfo 3 , .Xr pam_vprompt 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3 index 8bd819e64b9e..e80225ccfc73 100644 --- a/contrib/openpam/doc/man/pam_vinfo.3 +++ b/contrib/openpam/doc/man/pam_vinfo.3 @@ -1,89 +1,89 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_VINFO 3 .Os .Sh NAME .Nm pam_vinfo .Nd display an information message .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap" .Sh DESCRIPTION The .Nm function passes its arguments to .Xr pam_vprompt 3 with a style argument of .Dv PAM_TEXT_INFO , and discards the response. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_info 3 , .Xr pam_strerror 3 , .Xr pam_verror 3 , .Xr pam_vprompt 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3 index 57794a1b0533..7e90fbaf1417 100644 --- a/contrib/openpam/doc/man/pam_vprompt.3 +++ b/contrib/openpam/doc/man/pam_vprompt.3 @@ -1,126 +1,126 @@ .\"- -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and .\" Network Associates Laboratories, the Security Research Division of .\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\" ("CBOSS"), as part of the DARPA CHATS research program. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. The name of the author may not be used to endorse or promote .\" products derived from this software without specific prior written .\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $P4$ .\" -.Dd May 2, 2003 +.Dd June 1, 2003 .Dt PAM_VPROMPT 3 .Os .Sh NAME .Nm pam_vprompt .Nd call the conversation function .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h .Ft int .Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" .Sh DESCRIPTION The .Nm function constructs a string from the .Va fmt and .Va ap arguments using .Xr vsnprintf 3 , and passes it to the given PAM context's conversation function. .Pp The .Va style argument specifies the type of interaction requested, and must be one of the following: .Bl -tag -width 18n .It Dv PAM_PROMPT_ECHO_OFF Display the message and obtain the user's response without displaying it. .It Dv PAM_PROMPT_ECHO_ON Display the message and obtain the user's response. .It Dv PAM_ERROR_MSG Display the message as an error message, and do not wait for a response. .It Dv PAM_TEXT_INFO Display the message as an informational message, and do not wait for a response. .El .Pp A pointer to the response, or .Dv NULL if the conversation function did not return one, is stored in the location pointed to by the .Va resp argument. .Pp The message and response should not exceed .Dv PAM_MAX_MSG_SIZE or .Dv PAM_MAX_RESP_SIZE , respectively. If they do, they may be truncated. .Pp .Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n .It Bq Er PAM_BUF_ERR Memory buffer error. .It Bq Er PAM_CONV_ERR Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. .El .Sh SEE ALSO .Xr pam 3 , .Xr pam_error 3 , .Xr pam_info 3 , .Xr pam_prompt 3 , .Xr pam_strerror 3 , .Xr pam_verror 3 , .Xr pam_vinfo 3 , .Xr vsnprintf 3 .Sh STANDARDS The .Nm function is an OpenPAM extension. .Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/contrib/openpam/include/security/openpam.h b/contrib/openpam/include/security/openpam.h index 57dab04cbf7e..3a0a6f9dcd26 100644 --- a/contrib/openpam/include/security/openpam.h +++ b/contrib/openpam/include/security/openpam.h @@ -1,295 +1,307 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/openpam.h#21 $ + * $P4: //depot/projects/openpam/include/security/openpam.h#24 $ */ #ifndef _SECURITY_OPENPAM_H_INCLUDED #define _SECURITY_OPENPAM_H_INCLUDED /* * Annoying but necessary header pollution */ #include #ifdef __cplusplus extern "C" { #endif struct passwd; /* * API extensions */ int openpam_borrow_cred(pam_handle_t *_pamh, const struct passwd *_pwd); void openpam_free_data(pam_handle_t *_pamh, void *_data, int _status); const char * openpam_get_option(pam_handle_t *_pamh, const char *_option); int openpam_restore_cred(pam_handle_t *_pamh); int openpam_set_option(pam_handle_t *_pamh, const char *_option, const char *_value); int pam_error(pam_handle_t *_pamh, const char *_fmt, ...); int pam_get_authtok(pam_handle_t *_pamh, int _item, const char **_authtok, const char *_prompt); int pam_info(pam_handle_t *_pamh, const char *_fmt, ...); int pam_prompt(pam_handle_t *_pamh, int _style, char **_resp, const char *_fmt, ...); int pam_setenv(pam_handle_t *_pamh, const char *_name, const char *_value, int _overwrite); int pam_vinfo(pam_handle_t *_pamh, const char *_fmt, va_list _ap); int pam_verror(pam_handle_t *_pamh, const char *_fmt, va_list _ap); int pam_vprompt(pam_handle_t *_pamh, int _style, char **_resp, const char *_fmt, va_list _ap); +/* + * Read cooked lines. + * Checking for FOPEN_MAX is a fairly reliable way to detect the presence + * of + */ +#ifdef FOPEN_MAX +char * +openpam_readline(FILE *_f, + int *_lineno, + size_t *_lenp); +#endif + /* * Log levels */ enum { PAM_LOG_DEBUG, PAM_LOG_VERBOSE, PAM_LOG_NOTICE, PAM_LOG_ERROR }; /* * Log to syslog */ void _openpam_log(int _level, const char *_func, const char *_fmt, ...); #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) #define openpam_log(lvl, ...) \ _openpam_log((lvl), __func__, __VA_ARGS__) #elif defined(__GNUC__) && (__GNUC__ >= 3) #define openpam_log(lvl, ...) \ _openpam_log((lvl), __func__, __VA_ARGS__) #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) #define openpam_log(lvl, fmt...) \ _openpam_log((lvl), __func__, ##fmt) #elif defined(__GNUC__) && defined(__FUNCTION__) #define openpam_log(lvl, fmt...) \ _openpam_log((lvl), __FUNCTION__, ##fmt) #else void openpam_log(int _level, const char *_format, ...); #endif /* * Generic conversation function */ struct pam_message; struct pam_response; int openpam_ttyconv(int _n, const struct pam_message **_msg, struct pam_response **_resp, void *_data); /* * Null conversation function */ int openpam_nullconv(int _n, const struct pam_message **_msg, struct pam_response **_resp, void *_data); /* * PAM primitives */ enum { PAM_SM_AUTHENTICATE, PAM_SM_SETCRED, PAM_SM_ACCT_MGMT, PAM_SM_OPEN_SESSION, PAM_SM_CLOSE_SESSION, PAM_SM_CHAUTHTOK, /* keep this last */ PAM_NUM_PRIMITIVES }; /* * Dummy service module function */ #define PAM_SM_DUMMY(type) \ PAM_EXTERN int \ pam_sm_##type(pam_handle_t *pamh, int flags, \ int argc, const char *argv[]) \ { \ return (PAM_IGNORE); \ } /* * PAM service module functions match this typedef */ struct pam_handle; typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); /* * A struct that describes a module. */ typedef struct pam_module pam_module_t; struct pam_module { char *path; pam_func_t func[PAM_NUM_PRIMITIVES]; void *dlh; int refcount; pam_module_t *prev; pam_module_t *next; }; /* * Source-code compatibility with Linux-PAM modules */ #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) #define LINUX_PAM_MODULE #endif #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) #define _PAM_SM_AUTHENTICATE 0 #define _PAM_SM_SETCRED 0 #else #undef PAM_SM_AUTH #define PAM_SM_AUTH #define _PAM_SM_AUTHENTICATE pam_sm_authenticate #define _PAM_SM_SETCRED pam_sm_setcred #endif #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) #define _PAM_SM_ACCT_MGMT 0 #else #undef PAM_SM_ACCOUNT #define PAM_SM_ACCOUNT #define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt #endif #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) #define _PAM_SM_OPEN_SESSION 0 #define _PAM_SM_CLOSE_SESSION 0 #else #undef PAM_SM_SESSION #define PAM_SM_SESSION #define _PAM_SM_OPEN_SESSION pam_sm_open_session #define _PAM_SM_CLOSE_SESSION pam_sm_close_session #endif #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) #define _PAM_SM_CHAUTHTOK 0 #else #undef PAM_SM_PASSWORD #define PAM_SM_PASSWORD #define _PAM_SM_CHAUTHTOK pam_sm_chauthtok #endif /* * Infrastructure for static modules using GCC linker sets. * You are not expected to understand this. */ #if defined(__FreeBSD__) #define PAM_SOEXT ".so" #else #ifndef NO_STATIC_MODULES #define NO_STATIC_MODULES #endif #endif #if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) /* gcc, static linking */ #include #include #define OPENPAM_STATIC_MODULES #define PAM_EXTERN static #define PAM_MODULE_ENTRY(name) \ static char _pam_name[] = name PAM_SOEXT; \ static struct pam_module _pam_module = { _pam_name, { \ _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \ _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \ NULL, 0, NULL, NULL }; \ DATA_SET(_openpam_static_modules, _pam_module) #else /* normal case */ #define PAM_EXTERN #define PAM_MODULE_ENTRY(name) #endif #ifdef __cplusplus } #endif #endif diff --git a/contrib/openpam/include/security/openpam_version.h b/contrib/openpam/include/security/openpam_version.h index 8afc646da0af..7646070645ad 100644 --- a/contrib/openpam/include/security/openpam_version.h +++ b/contrib/openpam/include/security/openpam_version.h @@ -1,44 +1,44 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/openpam_version.h#7 $ + * $P4: //depot/projects/openpam/include/security/openpam_version.h#9 $ */ #ifndef _OPENPAM_VERSION_H_INCLUDED #define _OPENPAM_VERSION_H_INCLUDED #define _OPENPAM -#define _OPENPAM_VERSION 20030502 -#define _OPENPAM_RELEASE "Dianthus" +#define _OPENPAM_VERSION 20030601 +#define _OPENPAM_RELEASE "Digitalis" #endif diff --git a/contrib/openpam/include/security/pam_appl.h b/contrib/openpam/include/security/pam_appl.h index 44922449a60c..5f91c64b7f53 100644 --- a/contrib/openpam/include/security/pam_appl.h +++ b/contrib/openpam/include/security/pam_appl.h @@ -1,180 +1,180 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_appl.h#11 $ + * $P4: //depot/projects/openpam/include/security/pam_appl.h#13 $ */ #ifndef _PAM_APPL_H_INCLUDED #define _PAM_APPL_H_INCLUDED #include #include #ifdef __cplusplus extern "C" { #endif /* * XSSO 4.2.1, 6 */ int pam_acct_mgmt(pam_handle_t *_pamh, int _flags); int pam_authenticate(pam_handle_t *_pamh, int _flags); int pam_chauthtok(pam_handle_t *_pamh, int _flags); int pam_close_session(pam_handle_t *_pamh, int _flags); int pam_end(pam_handle_t *_pamh, int _status); int pam_get_data(pam_handle_t *_pamh, const char *_module_data_name, const void **_data); int pam_get_item(pam_handle_t *_pamh, int _item_type, const void **_item); int pam_get_user(pam_handle_t *_pamh, const char **_user, const char *_prompt); const char * pam_getenv(pam_handle_t *_pamh, const char *_name); char ** pam_getenvlist(pam_handle_t *_pamh); int pam_open_session(pam_handle_t *_pamh, int _flags); int pam_putenv(pam_handle_t *_pamh, const char *_namevalue); int pam_set_data(pam_handle_t *_pamh, const char *_module_data_name, void *_data, void (*_cleanup)(pam_handle_t *_pamh, void *_data, int _pam_end_status)); int pam_set_item(pam_handle_t *_pamh, int _item_type, const void *_item); int pam_setcred(pam_handle_t *_pamh, int _flags); int pam_start(const char *_service, const char *_user, const struct pam_conv *_pam_conv, pam_handle_t **_pamh); const char * pam_strerror(pam_handle_t *_pamh, int _error_number); /* * Single Sign-On extensions */ #if 0 int pam_authenticate_secondary(pam_handle_t *_pamh, char *_target_username, char *_target_module_type, char *_target_authn_domain, char *_target_supp_data, char *_target_module_authtok, int _flags); int pam_get_mapped_authtok(pam_handle_t *_pamh, const char *_target_module_username, const char *_target_module_type, const char *_target_authn_domain, size_t *_target_authtok_len, unsigned char **_target_module_authtok); int pam_get_mapped_username(pam_handle_t *_pamh, const char *_src_username, const char *_src_module_type, const char *_src_authn_domain, const char *_target_module_type, const char *_target_authn_domain, char **_target_module_username); int pam_set_mapped_authtok(pam_handle_t *_pamh, const char *_target_module_username, size_t _target_authtok_len, unsigned char *_target_module_authtok, const char *_target_module_type, const char *_target_authn_domain); int pam_set_mapped_username(pam_handle_t *_pamh, char *_src_username, char *_src_module_type, char *_src_authn_domain, char *_target_module_username, char *_target_module_type, char *_target_authn_domain); #endif /* 0 */ #ifdef __cplusplus } #endif #endif diff --git a/contrib/openpam/include/security/pam_constants.h b/contrib/openpam/include/security/pam_constants.h index c6c4ed3ed631..f3f8d304be12 100644 --- a/contrib/openpam/include/security/pam_constants.h +++ b/contrib/openpam/include/security/pam_constants.h @@ -1,135 +1,135 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_constants.h#20 $ + * $P4: //depot/projects/openpam/include/security/pam_constants.h#22 $ */ #ifndef _PAM_CONSTANTS_H_INCLUDED #define _PAM_CONSTANTS_H_INCLUDED #include #ifdef __cplusplus extern "C" { #endif /* * XSSO 5.2 */ enum { PAM_SUCCESS = 0, PAM_OPEN_ERR = 1, PAM_SYMBOL_ERR = 2, PAM_SERVICE_ERR = 3, PAM_SYSTEM_ERR = 4, PAM_BUF_ERR = 5, PAM_CONV_ERR = 6, PAM_PERM_DENIED = 7, PAM_MAXTRIES = 8, PAM_AUTH_ERR = 9, PAM_NEW_AUTHTOK_REQD = 10, PAM_CRED_INSUFFICIENT = 11, PAM_AUTHINFO_UNAVAIL = 12, PAM_USER_UNKNOWN = 13, PAM_CRED_UNAVAIL = 14, PAM_CRED_EXPIRED = 15, PAM_CRED_ERR = 16, PAM_ACCT_EXPIRED = 17, PAM_AUTHTOK_EXPIRED = 18, PAM_SESSION_ERR = 19, PAM_AUTHTOK_ERR = 20, PAM_AUTHTOK_RECOVERY_ERR = 21, PAM_AUTHTOK_LOCK_BUSY = 22, PAM_AUTHTOK_DISABLE_AGING = 23, PAM_NO_MODULE_DATA = 24, PAM_IGNORE = 25, PAM_ABORT = 26, PAM_TRY_AGAIN = 27, PAM_MODULE_UNKNOWN = 28, PAM_DOMAIN_UNKNOWN = 29, PAM_NUM_ERRORS /* OpenPAM extension */ }; /* * XSSO 5.3 */ enum { PAM_PROMPT_ECHO_OFF = 1, PAM_PROMPT_ECHO_ON = 2, PAM_ERROR_MSG = 3, PAM_TEXT_INFO = 4, PAM_MAX_NUM_MSG = 32, PAM_MAX_MSG_SIZE = 512, PAM_MAX_RESP_SIZE = 512 }; /* * XSSO 5.4 */ enum { /* some compilers promote 0x8000000 to long */ PAM_SILENT = (-0x7fffffff - 1), PAM_DISALLOW_NULL_AUTHTOK = 0x1, PAM_ESTABLISH_CRED = 0x1, PAM_DELETE_CRED = 0x2, PAM_REINITIALIZE_CRED = 0x4, PAM_REFRESH_CRED = 0x8, PAM_PRELIM_CHECK = 0x1, PAM_UPDATE_AUTHTOK = 0x2, PAM_CHANGE_EXPIRED_AUTHTOK = 0x4 }; /* * XSSO 5.5 */ enum { PAM_SERVICE = 1, PAM_USER = 2, PAM_TTY = 3, PAM_RHOST = 4, PAM_CONV = 5, PAM_AUTHTOK = 6, PAM_OLDAUTHTOK = 7, PAM_RUSER = 8, PAM_USER_PROMPT = 9, PAM_REPOSITORY = 10, PAM_AUTHTOK_PROMPT = 11, /* OpenPAM extension */ PAM_OLDAUTHTOK_PROMPT = 12, /* OpenPAM extension */ PAM_NUM_ITEMS /* OpenPAM extension */ }; #ifdef __cplusplus } #endif #endif diff --git a/contrib/openpam/include/security/pam_modules.h b/contrib/openpam/include/security/pam_modules.h index 02beab25dd40..821b03d6c704 100644 --- a/contrib/openpam/include/security/pam_modules.h +++ b/contrib/openpam/include/security/pam_modules.h @@ -1,160 +1,160 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_modules.h#8 $ + * $P4: //depot/projects/openpam/include/security/pam_modules.h#9 $ */ #ifndef _PAM_MODULES_H_INCLUDED #define _PAM_MODULES_H_INCLUDED #include #include #include #ifdef __cplusplus extern "C" { #endif /* * XSSO 4.2.2, 6 */ #if defined(PAM_SM_ACCOUNT) PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *_pamh, int _flags, int _argc, const char **_argv); #endif #if defined(PAM_SM_AUTH) PAM_EXTERN int pam_sm_authenticate(pam_handle_t *_pamh, int _flags, int _argc, const char **_argv); #endif #if defined(PAM_SM_PASSWORD) PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *_pamh, int _flags, int _argc, const char **_argv); #endif #if defined(PAM_SM_SESSION) PAM_EXTERN int pam_sm_close_session(pam_handle_t *_pamh, int _flags, int _args, const char **_argv); #endif #if defined(PAM_SM_SESSION) PAM_EXTERN int pam_sm_open_session(pam_handle_t *_pamh, int _flags, int _argc, const char **_argv); #endif #if defined(PAM_SM_AUTH) PAM_EXTERN int pam_sm_setcred(pam_handle_t *_pamh, int _flags, int _argc, const char **_argv); #endif /* * Single Sign-On extensions */ #if 0 PAM_EXTERN int pam_sm_authenticate_secondary(pam_handle_t *_pamh, char *_target_username, char *_target_module_type, char *_target_authn_domain, char *_target_supp_data, unsigned char *_target_module_authtok, int _flags, int _argc, const char **_argv); PAM_EXTERN int pam_sm_get_mapped_authtok(pam_handle_t *_pamh, char *_target_module_username, char *_target_module_type, char *_target_authn_domain, size_t *_target_authtok_len, unsigned char **_target_module_authtok, int _argc, char *_argv); PAM_EXTERN int pam_sm_get_mapped_username(pam_handle_t *_pamh, char *_src_username, char *_src_module_type, char *_src_authn_domain, char *_target_module_type, char *_target_authn_domain, char **_target_module_username, int _argc, const char **_argv); PAM_EXTERN int pam_sm_set_mapped_authtok(pam_handle_t *_pamh, char *_target_module_username, size_t _target_authtok_len, unsigned char *_target_module_authtok, char *_target_module_type, char *_target_authn_domain, int _argc, const char *_argv); PAM_EXTERN int pam_sm_set_mapped_username(pam_handle_t *_pamh, char *_target_module_username, char *_target_module_type, char *_target_authn_domain, int _argc, const char **_argv); #endif /* 0 */ #ifdef __cplusplus } #endif #endif diff --git a/contrib/openpam/include/security/pam_types.h b/contrib/openpam/include/security/pam_types.h index bbea5c8401f0..d2d83b353579 100644 --- a/contrib/openpam/include/security/pam_types.h +++ b/contrib/openpam/include/security/pam_types.h @@ -1,87 +1,87 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_types.h#9 $ + * $P4: //depot/projects/openpam/include/security/pam_types.h#11 $ */ #ifndef _PAM_TYPES_H_INCLUDED #define _PAM_TYPES_H_INCLUDED #include #ifdef __cplusplus extern "C" { #endif /* * XSSO 5.1.1 */ struct pam_message { int msg_style; char *msg; }; struct pam_response { char *resp; int resp_retcode; }; /* * XSSO 5.1.2 */ struct pam_conv { int (*conv)(int, const struct pam_message **, struct pam_response **, void *); void *appdata_ptr; }; /* * XSSO 5.1.3 */ struct pam_handle; typedef struct pam_handle pam_handle_t; /* * Solaris 9 */ typedef struct pam_repository { char *type; void *scope; size_t scope_len; } pam_repository_t; #ifdef __cplusplus } #endif #endif diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile index 95aa856fd437..da3aecd8d37e 100644 --- a/contrib/openpam/lib/Makefile +++ b/contrib/openpam/lib/Makefile @@ -1,95 +1,99 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and # Network Associates Laboratories, the Security Research Division of # Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 # ("CBOSS"), as part of the DARPA CHATS research program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/lib/Makefile#16 $ +# $P4: //depot/projects/openpam/lib/Makefile#21 $ # LIB = pam -SHLIB_MAJOR = 2 -SHLIB_MINOR = 0 WARNS ?= 4 NO_WERROR = yes CFLAGS += -I${.CURDIR}/../include CFLAGS += -DLIB_MAJ=${SHLIB_MAJOR} +OSNAME != uname -s +.if ${OSNAME} == "Linux" +LDADD += -ldl +.endif + SRCS = SRCS += openpam_borrow_cred.c SRCS += openpam_configure.c SRCS += openpam_dispatch.c SRCS += openpam_dynamic.c SRCS += openpam_findenv.c SRCS += openpam_free_data.c SRCS += openpam_get_option.c SRCS += openpam_load.c SRCS += openpam_log.c SRCS += openpam_nullconv.c +SRCS += openpam_readline.c SRCS += openpam_restore_cred.c SRCS += openpam_set_option.c SRCS += openpam_static.c SRCS += openpam_ttyconv.c SRCS += pam_acct_mgmt.c SRCS += pam_authenticate.c SRCS += pam_chauthtok.c SRCS += pam_close_session.c SRCS += pam_end.c SRCS += pam_error.c SRCS += pam_get_authtok.c SRCS += pam_get_data.c SRCS += pam_get_item.c SRCS += pam_get_user.c SRCS += pam_getenv.c SRCS += pam_getenvlist.c SRCS += pam_info.c SRCS += pam_open_session.c SRCS += pam_prompt.c SRCS += pam_putenv.c SRCS += pam_set_data.c SRCS += pam_set_item.c SRCS += pam_setcred.c SRCS += pam_setenv.c SRCS += pam_start.c SRCS += pam_strerror.c SRCS += pam_verror.c SRCS += pam_vinfo.c SRCS += pam_vprompt.c .if 0 SRCS += pam_authenticate_secondary.c SRCS += pam_get_mapped_authtok.c SRCS += pam_get_mapped_username.c SRCS += pam_set_mapped_authtok.c SRCS += pam_set_mapped_username.c .endif .include diff --git a/contrib/openpam/lib/openpam_borrow_cred.c b/contrib/openpam/lib/openpam_borrow_cred.c index 8a8c4580db0d..dfd25c29f6dc 100644 --- a/contrib/openpam/lib/openpam_borrow_cred.c +++ b/contrib/openpam/lib/openpam_borrow_cred.c @@ -1,117 +1,118 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#9 $ */ #include +#include #include #include #include #include #include "openpam_impl.h" /* * OpenPAM extension * * Temporarily borrow user credentials */ int openpam_borrow_cred(pam_handle_t *pamh, const struct passwd *pwd) { struct pam_saved_cred *scred; int r; ENTERI(pwd->pw_uid); r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred); if (r == PAM_SUCCESS && scred != NULL) { openpam_log(PAM_LOG_DEBUG, "already operating under borrowed credentials"); RETURNC(PAM_SYSTEM_ERR); } if (geteuid() != 0 && geteuid() != pwd->pw_uid) { openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d", (int)geteuid()); RETURNC(PAM_PERM_DENIED); } scred = calloc(1, sizeof *scred); if (scred == NULL) RETURNC(PAM_BUF_ERR); scred->euid = geteuid(); scred->egid = getegid(); r = getgroups(NGROUPS_MAX, scred->groups); - if (r == -1) { - free(scred); + if (r < 0) { + FREE(scred); RETURNC(PAM_SYSTEM_ERR); } scred->ngroups = r; r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data); if (r != PAM_SUCCESS) { - free(scred); + FREE(scred); RETURNC(r); } if (geteuid() == pwd->pw_uid) RETURNC(PAM_SUCCESS); - if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 || - setegid(pwd->pw_gid) == -1 || seteuid(pwd->pw_uid) == -1) { + if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 || + setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) { openpam_restore_cred(pamh); RETURNC(PAM_SYSTEM_ERR); } RETURNC(PAM_SUCCESS); } /* * Error codes: * * =pam_set_data * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_PERM_DENIED */ /** * The =openpam_borrow_cred function saves the current credentials and * switches to those of the user specified by its =pwd argument. The * affected credentials are the effective UID, the effective GID, and the * group access list. The original credentials can be restored using * =openpam_restore_cred. * * >setegid * >seteuid * >setgroups */ diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c index 65844de9cf8f..e542fe61d788 100644 --- a/contrib/openpam/lib/openpam_configure.c +++ b/contrib/openpam/lib/openpam_configure.c @@ -1,299 +1,340 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_configure.c#6 $ + * $P4: //depot/projects/openpam/lib/openpam_configure.c#10 $ */ #include #include #include #include #include #include #include "openpam_impl.h" -#define PAM_CONF_STYLE 0 -#define PAM_D_STYLE 1 -#define MAX_LINE_LEN 1024 -#define MAX_OPTIONS 256 +const char *_pam_facility_name[PAM_NUM_FACILITIES] = { + [PAM_ACCOUNT] = "account", + [PAM_AUTH] = "auth", + [PAM_PASSWORD] = "password", + [PAM_SESSION] = "session", +}; + +const char *_pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { + [PAM_BINDING] = "binding", + [PAM_OPTIONAL] = "optional", + [PAM_REQUIRED] = "required", + [PAM_REQUISITE] = "requisite", + [PAM_SUFFICIENT] = "sufficient", +}; + +static int openpam_load_chain(pam_handle_t *, const char *, pam_facility_t); + +/* + * Matches a word against the first one in a string. + * Returns non-zero if they match. + */ +static int +match_word(const char *str, const char *word) +{ + + while (*str && tolower(*str) == tolower(*word)) + ++str, ++word; + return (*str == ' ' && *word == '\0'); +} + +/* + * Return a pointer to the next word (or the final NUL) in a string. + */ +static const char * +next_word(const char *str) +{ + + /* skip current word */ + while (*str && *str != ' ') + ++str; + /* skip whitespace */ + while (*str == ' ') + ++str; + return (str); +} + +/* + * Return a malloc()ed copy of the first word in a string. + */ +static char * +dup_word(const char *str) +{ + const char *end; + char *word; + + for (end = str; *end && *end != ' '; ++end) + /* nothing */ ; + if (asprintf(&word, "%.*s", (int)(end - str), str) < 0) + return (NULL); + return (word); +} + +/* + * Return the length of the first word in a string. + */ +static int +wordlen(const char *str) +{ + int i; + + for (i = 0; str[i] && str[i] != ' '; ++i) + /* nothing */ ; + return (i); +} +typedef enum { pam_conf_style, pam_d_style } openpam_style_t; + +/* + * Extracts given chains from a policy file. + */ static int -openpam_read_policy_file(pam_chain_t *policy[], +openpam_read_chain(pam_handle_t *pamh, const char *service, + pam_facility_t facility, const char *filename, - int style) + openpam_style_t style) { - char buf[MAX_LINE_LEN], *p, *q; - const char *optv[MAX_OPTIONS + 1]; - int ch, chain, flag, line, optc, n, r; - size_t len; + pam_chain_t *this, **next; + const char *p, *q; + int count, i, lineno, ret; + pam_facility_t fclt; + pam_control_t ctlf; + char *line, *name; FILE *f; - n = 0; - if ((f = fopen(filename, "r")) == NULL) { openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, "%s: %m", filename); return (0); } - openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s", - service, filename); + this = NULL; + count = lineno = 0; + while ((line = openpam_readline(f, &lineno, NULL)) != NULL) { + p = line; - for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) { - if ((len = strlen(buf)) == 0) - continue; + /* match service name */ + if (style == pam_conf_style) { + if (!match_word(p, service)) { + FREE(line); + continue; + } + p = next_word(p); + } - /* check for overflow */ - if (buf[--len] != '\n' && !feof(f)) { - openpam_log(PAM_LOG_ERROR, "%s: line %d too long", - filename, line); - openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", - filename, line); - while ((ch = fgetc(f)) != EOF) - if (ch == '\n') - break; + /* match facility name */ + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) + if (match_word(p, _pam_facility_name[fclt])) + break; + if (fclt == PAM_NUM_FACILITIES) { + openpam_log(PAM_LOG_NOTICE, + "%s(%d): invalid facility '%.*s' (ignored)", + filename, lineno, wordlen(p), p); + goto fail; + } + if (facility != fclt && facility != PAM_FACILITY_ANY) { + FREE(line); continue; } + p = next_word(p); - /* strip comments and trailing whitespace */ - if ((p = strchr(buf, '#')) != NULL) - len = p - buf ? p - buf - 1 : p - buf; - while (len > 0 && isspace(buf[len - 1])) - --len; - if (len == 0) + /* include other chain */ + if (match_word(p, "include")) { + p = next_word(p); + if (*next_word(p) != '\0') + openpam_log(PAM_LOG_NOTICE, + "%s(%d): garbage at end of 'include' line", + filename, lineno); + if ((name = dup_word(p)) == NULL) + goto syserr; + ret = openpam_load_chain(pamh, name, fclt); + fprintf(stderr, "include %s returned %d\n", name, ret); + FREE(name); + if (ret < 0) + goto fail; + count += ret; + FREE(line); continue; - buf[len] = '\0'; - p = q = buf; - - /* check service name */ - if (style == PAM_CONF_STYLE) { - for (q = p = buf; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (*q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, service) != 0) - continue; - openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'", - filename, line, service); } + /* allocate new entry */ + if ((this = calloc(1, sizeof *this)) == NULL) + goto syserr; - /* get module type */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p || *q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, "auth") == 0) { - chain = PAM_AUTH; - } else if (strcmp(p, "account") == 0) { - chain = PAM_ACCOUNT; - } else if (strcmp(p, "session") == 0) { - chain = PAM_SESSION; - } else if (strcmp(p, "password") == 0) { - chain = PAM_PASSWORD; - } else { + /* control flag */ + for (ctlf = 0; ctlf < PAM_NUM_CONTROL_FLAGS; ++ctlf) + if (match_word(p, _pam_control_flag_name[ctlf])) + break; + if (ctlf == PAM_NUM_CONTROL_FLAGS) { openpam_log(PAM_LOG_ERROR, - "%s: invalid module type on line %d: '%s'", - filename, line, p); - continue; + "%s(%d): invalid control flag '%.*s'", + filename, lineno, wordlen(p), p); + goto fail; } + this->flag = ctlf; - /* get control flag */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p || *q == '\0') - goto syntax_error; - *q++ = '\0'; - if (strcmp(p, "required") == 0) { - flag = PAM_REQUIRED; - } else if (strcmp(p, "requisite") == 0) { - flag = PAM_REQUISITE; - } else if (strcmp(p, "sufficient") == 0) { - flag = PAM_SUFFICIENT; - } else if (strcmp(p, "optional") == 0) { - flag = PAM_OPTIONAL; - } else if (strcmp(p, "binding") == 0) { - flag = PAM_BINDING; - } else { + /* module name */ + p = next_word(p); + if (*p == '\0') { openpam_log(PAM_LOG_ERROR, - "%s: invalid control flag on line %d: '%s'", - filename, line, p); - continue; + "%s(%d): missing module name", + filename, lineno); + goto fail; } + if ((name = dup_word(p)) == NULL) + goto syserr; + this->module = openpam_load_module(name); + FREE(name); + if (this->module == NULL) + goto fail; - /* get module name */ - for (p = q; isspace(*p); ++p) - /* nothing */; - for (q = p; *q != '\0' && !isspace(*q); ++q) - /* nothing */; - if (q == p) - goto syntax_error; - - /* get options */ - for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) { - *q++ = '\0'; - while (isspace(*q)) - ++q; - optv[optc] = q; - while (*q != '\0' && !isspace(*q)) - ++q; + /* module options */ + p = q = next_word(p); + while (*q != '\0') { + ++this->optc; + q = next_word(q); } - optv[optc] = NULL; - if (*q != '\0') { - *q = '\0'; - openpam_log(PAM_LOG_ERROR, - "%s: too many options on line %d", - filename, line); + this->optv = calloc(this->optc + 1, sizeof(char *)); + if (this->optv == NULL) + goto syserr; + for (i = 0; i < this->optc; ++i) { + if ((this->optv[i] = dup_word(p)) == NULL) + goto syserr; + p = next_word(p); } - /* - * Finally, add the module at the end of the - * appropriate chain and bump the counter. - */ - r = openpam_add_module(policy, chain, flag, p, optc, optv); - if (r != PAM_SUCCESS) - return (-r); - ++n; - continue; - syntax_error: - openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d", - filename, line); - openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]", - filename, line, q); - openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", - filename, line); - } - - if (ferror(f)) - openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + /* hook it up */ + for (next = &pamh->chains[fclt]; *next != NULL; + next = &(*next)->next) + /* nothing */ ; + *next = this; + this = NULL; + ++count; + /* next please... */ + FREE(line); + } + if (!feof(f)) + goto syserr; fclose(f); - return (n); + return (count); + syserr: + openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + fail: + FREE(this); + FREE(line); + fclose(f); + return (-1); } static const char *openpam_policy_path[] = { "/etc/pam.d/", "/etc/pam.conf", "/usr/local/etc/pam.d/", "/usr/local/etc/pam.conf", NULL }; +/* + * Locates the policy file for a given service and reads the given chains + * from it. + */ static int -openpam_load_policy(pam_chain_t *policy[], - const char *service) +openpam_load_chain(pam_handle_t *pamh, + const char *service, + pam_facility_t facility) { const char **path; char *filename; size_t len; int r; for (path = openpam_policy_path; *path != NULL; ++path) { len = strlen(*path); if ((*path)[len - 1] == '/') { - filename = malloc(len + strlen(service) + 1); - if (filename == NULL) { - openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + if (asprintf(&filename, "%s%s", *path, service) < 0) { + openpam_log(PAM_LOG_ERROR, "asprintf(): %m"); return (-PAM_BUF_ERR); } - strcpy(filename, *path); - strcat(filename, service); - r = openpam_read_policy_file(policy, - service, filename, PAM_D_STYLE); - free(filename); + r = openpam_read_chain(pamh, service, facility, + filename, pam_d_style); + FREE(filename); } else { - r = openpam_read_policy_file(policy, - service, *path, PAM_CONF_STYLE); + r = openpam_read_chain(pamh, service, facility, + *path, pam_conf_style); } if (r != 0) return (r); } - return (0); } /* * OpenPAM internal * * Configure a service */ int openpam_configure(pam_handle_t *pamh, const char *service) { - pam_chain_t *other[PAM_NUM_CHAINS] = { 0 }; - int i, n, r; - - /* try own configuration first */ - r = openpam_load_policy(pamh->chains, service); - if (r < 0) - return (-r); - for (i = n = 0; i < PAM_NUM_CHAINS; ++i) { - if (pamh->chains[i] != NULL) - ++n; - } - if (n == PAM_NUM_CHAINS) - return (PAM_SUCCESS); - - /* fill in the blanks with "other" */ - openpam_load_policy(other, PAM_OTHER); - if (r < 0) - return (-r); - for (i = n = 0; i < PAM_NUM_CHAINS; ++i) { - if (pamh->chains[i] == NULL) { - pamh->chains[i] = other[i]; - other[i] = NULL; - } - if (pamh->chains[i] != NULL) - ++n; + pam_facility_t fclt; + + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) + goto load_err; + + for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { + if (pamh->chains[fclt] != NULL) + continue; + if (openpam_load_chain(pamh, PAM_OTHER, fclt) < 0) + goto load_err; } - openpam_clear_chains(other); - return (n > 0 ? PAM_SUCCESS : PAM_SYSTEM_ERR); + return (PAM_SUCCESS); + load_err: + openpam_clear_chains(pamh->chains); + return (PAM_SYSTEM_ERR); } /* * NODOC * * Error codes: * PAM_SYSTEM_ERR - * PAM_BUF_ERR */ diff --git a/contrib/openpam/lib/openpam_dispatch.c b/contrib/openpam/lib/openpam_dispatch.c index 29f9138ee04f..d36b2bd974a7 100644 --- a/contrib/openpam/lib/openpam_dispatch.c +++ b/contrib/openpam/lib/openpam_dispatch.c @@ -1,239 +1,239 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#19 $ + * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#21 $ */ #include #include #include "openpam_impl.h" #if !defined(OPENPAM_RELAX_CHECKS) static void _openpam_check_error_code(int, int); #else #define _openpam_check_error_code(a, b) #endif /* !defined(OPENPAM_RELAX_CHECKS) */ /* * OpenPAM internal * * Execute a module chain */ int openpam_dispatch(pam_handle_t *pamh, int primitive, int flags) { pam_chain_t *chain; int err, fail, r; #ifdef DEBUG int debug; #endif ENTER(); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); /* prevent recursion */ if (pamh->current != NULL) { openpam_log(PAM_LOG_ERROR, "%s() called while %s::%s() is in progress", _pam_func_name[primitive], pamh->current->module->path, _pam_sm_func_name[pamh->primitive]); RETURNC(PAM_ABORT); } /* pick a chain */ switch (primitive) { case PAM_SM_AUTHENTICATE: case PAM_SM_SETCRED: chain = pamh->chains[PAM_AUTH]; break; case PAM_SM_ACCT_MGMT: chain = pamh->chains[PAM_ACCOUNT]; break; case PAM_SM_OPEN_SESSION: case PAM_SM_CLOSE_SESSION: chain = pamh->chains[PAM_SESSION]; break; case PAM_SM_CHAUTHTOK: chain = pamh->chains[PAM_PASSWORD]; break; default: RETURNC(PAM_SYSTEM_ERR); } /* execute */ for (err = fail = 0; chain != NULL; chain = chain->next) { if (chain->module->func[primitive] == NULL) { openpam_log(PAM_LOG_ERROR, "%s: no %s()", chain->module->path, _pam_sm_func_name[primitive]); continue; } else { pamh->primitive = primitive; pamh->current = chain; #ifdef DEBUG debug = (openpam_get_option(pamh, "debug") != NULL); if (debug) ++_openpam_debug; openpam_log(PAM_LOG_DEBUG, "calling %s() in %s", _pam_sm_func_name[primitive], chain->module->path); #endif r = (chain->module->func[primitive])(pamh, flags, chain->optc, (const char **)chain->optv); pamh->current = NULL; #ifdef DEBUG openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", chain->module->path, _pam_sm_func_name[primitive], pam_strerror(pamh, r)); if (debug) --_openpam_debug; #endif } if (r == PAM_IGNORE) continue; if (r == PAM_SUCCESS) { /* * For pam_setcred() and pam_chauthtok() with the * PAM_PRELIM_CHECK flag, treat "sufficient" as * "optional". */ if ((chain->flag == PAM_SUFFICIENT || chain->flag == PAM_BINDING) && !fail && primitive != PAM_SM_SETCRED && !(primitive == PAM_SM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK))) break; continue; } _openpam_check_error_code(primitive, r); /* * Record the return code from the first module to * fail. If a required module fails, record the * return code from the first required module to fail. */ if (err == 0) err = r; if ((chain->flag == PAM_REQUIRED || chain->flag == PAM_BINDING) && !fail) { openpam_log(PAM_LOG_DEBUG, "required module failed"); fail = 1; err = r; } /* * If a requisite module fails, terminate the chain * immediately. */ if (chain->flag == PAM_REQUISITE) { openpam_log(PAM_LOG_DEBUG, "requisite module failed"); fail = 1; break; } } if (!fail && err != PAM_NEW_AUTHTOK_REQD) err = PAM_SUCCESS; RETURNC(err); } #if !defined(OPENPAM_RELAX_CHECKS) static void _openpam_check_error_code(int primitive, int r) { /* common error codes */ if (r == PAM_SUCCESS || r == PAM_SERVICE_ERR || r == PAM_BUF_ERR || r == PAM_CONV_ERR || r == PAM_PERM_DENIED || r == PAM_ABORT) return; /* specific error codes */ switch (primitive) { case PAM_SM_AUTHENTICATE: if (r == PAM_AUTH_ERR || r == PAM_CRED_INSUFFICIENT || r == PAM_AUTHINFO_UNAVAIL || r == PAM_USER_UNKNOWN || r == PAM_MAXTRIES) return; break; case PAM_SM_SETCRED: if (r == PAM_CRED_UNAVAIL || r == PAM_CRED_EXPIRED || r == PAM_USER_UNKNOWN || r == PAM_CRED_ERR) return; break; case PAM_SM_ACCT_MGMT: if (r == PAM_USER_UNKNOWN || r == PAM_AUTH_ERR || r == PAM_NEW_AUTHTOK_REQD || r == PAM_ACCT_EXPIRED) return; break; case PAM_SM_OPEN_SESSION: case PAM_SM_CLOSE_SESSION: if (r == PAM_SESSION_ERR) return; break; case PAM_SM_CHAUTHTOK: if (r == PAM_PERM_DENIED || r == PAM_AUTHTOK_ERR || r == PAM_AUTHTOK_RECOVERY_ERR || r == PAM_AUTHTOK_LOCK_BUSY || r == PAM_AUTHTOK_DISABLE_AGING || r == PAM_TRY_AGAIN) return; break; } openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", _pam_sm_func_name[primitive], r); } #endif /* !defined(OPENPAM_RELAX_CHECKS) */ /* * NODOC * * Error codes: */ diff --git a/contrib/openpam/lib/openpam_dynamic.c b/contrib/openpam/lib/openpam_dynamic.c index db5fe4825e19..6f00c8622919 100644 --- a/contrib/openpam/lib/openpam_dynamic.c +++ b/contrib/openpam/lib/openpam_dynamic.c @@ -1,97 +1,101 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#7 $ + * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#13 $ */ #include #include #include #include #include #include "openpam_impl.h" +#ifndef RTLD_NOW +#define RTLD_NOW RTLD_LAZY +#endif + /* * OpenPAM internal * * Locate a dynamically linked module */ pam_module_t * openpam_dynamic(const char *path) { pam_module_t *module; char *vpath; void *dlh; int i; dlh = NULL; if ((module = calloc(1, sizeof *module)) == NULL) goto buf_err; /* try versioned module first, then unversioned module */ - if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) == -1) + if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) < 0) goto buf_err; if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); *strrchr(vpath, '.') = '\0'; if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) { openpam_log(PAM_LOG_DEBUG, "%s: %s", vpath, dlerror()); - free(module); + FREE(module); return (NULL); } } - free(vpath); + FREE(vpath); if ((module->path = strdup(path)) == NULL) goto buf_err; module->dlh = dlh; for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) { module->func[i] = (pam_func_t)dlsym(dlh, _pam_sm_func_name[i]); if (module->func[i] == NULL) openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", path, _pam_sm_func_name[i], dlerror()); } return (module); buf_err: openpam_log(PAM_LOG_ERROR, "%m"); if (dlh != NULL) dlclose(dlh); - free(module); + FREE(module); return (NULL); } /* * NOPARSE */ diff --git a/contrib/openpam/lib/openpam_findenv.c b/contrib/openpam/lib/openpam_findenv.c index 63d81dd2ca96..f6ddf61223c0 100644 --- a/contrib/openpam/lib/openpam_findenv.c +++ b/contrib/openpam/lib/openpam_findenv.c @@ -1,68 +1,68 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_findenv.c#10 $ + * $P4: //depot/projects/openpam/lib/openpam_findenv.c#12 $ */ #include #include #include "openpam_impl.h" /* * OpenPAM internal * * Locate an environment variable */ int openpam_findenv(pam_handle_t *pamh, const char *name, size_t len) { int i; ENTER(); if (pamh == NULL) RETURNN(-1); for (i = 0; i < pamh->env_count; ++i) if (strncmp(pamh->env[i], name, len) == 0 && pamh->env[i][len] == '=') RETURNN(i); RETURNN(-1); } /* * NODOC */ diff --git a/contrib/openpam/lib/openpam_free_data.c b/contrib/openpam/lib/openpam_free_data.c index 03766b9f410d..48b11beec0c1 100644 --- a/contrib/openpam/lib/openpam_free_data.c +++ b/contrib/openpam/lib/openpam_free_data.c @@ -1,69 +1,69 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_free_data.c#3 $ + * $P4: //depot/projects/openpam/lib/openpam_free_data.c#5 $ */ #include #include #include #include "openpam_impl.h" /* * OpenPAM extension * * Generic cleanup function */ void openpam_free_data(pam_handle_t *pamh, void *data, int status) { ENTER(); (void)pamh; (void)status; - free(data); + FREE(data); RETURNV(); } /* * Error codes: */ /** * The =openpam_free_data is a cleanup function suitable for passing to * =pam_set_data. It simply releases the data by passing its =data * argument to =free. */ diff --git a/contrib/openpam/lib/openpam_get_option.c b/contrib/openpam/lib/openpam_get_option.c index 90020d269069..bfdd8569acd3 100644 --- a/contrib/openpam/lib/openpam_get_option.c +++ b/contrib/openpam/lib/openpam_get_option.c @@ -1,84 +1,82 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_get_option.c#6 $ + * $P4: //depot/projects/openpam/lib/openpam_get_option.c#10 $ */ #include #include #include #include #include "openpam_impl.h" /* * OpenPAM extension * * Returns the value of a module option */ const char * openpam_get_option(pam_handle_t *pamh, const char *option) { pam_chain_t *cur; size_t len; int i; ENTERS(option); if (pamh == NULL || pamh->current == NULL || option == NULL) RETURNS(NULL); cur = pamh->current; len = strlen(option); for (i = 0; i < cur->optc; ++i) { if (strncmp(cur->optv[i], option, len) == 0) { if (cur->optv[i][len] == '\0') RETURNS(&cur->optv[i][len]); else if (cur->optv[i][len] == '=') RETURNS(&cur->optv[i][len + 1]); } } RETURNS(NULL); } -/* - * NOLIST - */ - /** * The =openpam_get_option function returns the value of the specified * option in the context of the currently executing service module, or * =NULL if the option is not set or no module is currently executing. + * + * >openpam_set_option */ diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h index 8921cfa76f0d..3786ad231d1b 100644 --- a/contrib/openpam/lib/openpam_impl.h +++ b/contrib/openpam/lib/openpam_impl.h @@ -1,182 +1,188 @@ /*- - * Copyright (c) 2001 Networks Associates Technology, Inc. + * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_impl.h#21 $ + * $P4: //depot/projects/openpam/lib/openpam_impl.h#27 $ */ #ifndef _OPENPAM_IMPL_H_INCLUDED #define _OPENPAM_IMPL_H_INCLUDED #include extern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; extern const char *_pam_err_name[PAM_NUM_ERRORS]; extern const char *_pam_item_name[PAM_NUM_ITEMS]; extern int _openpam_debug; /* * Control flags */ -#define PAM_REQUIRED 1 -#define PAM_REQUISITE 2 -#define PAM_SUFFICIENT 3 -#define PAM_OPTIONAL 4 -#define PAM_BINDING 5 -#define PAM_NUM_CONTROLFLAGS 6 +typedef enum { + PAM_BINDING, + PAM_REQUIRED, + PAM_REQUISITE, + PAM_SUFFICIENT, + PAM_OPTIONAL, + PAM_NUM_CONTROL_FLAGS +} pam_control_t; /* - * Chains + * Facilities */ -#define PAM_AUTH 0 -#define PAM_ACCOUNT 1 -#define PAM_SESSION 2 -#define PAM_PASSWORD 3 -#define PAM_NUM_CHAINS 4 +typedef enum { + PAM_FACILITY_ANY = -1, + PAM_AUTH = 0, + PAM_ACCOUNT, + PAM_SESSION, + PAM_PASSWORD, + PAM_NUM_FACILITIES +} pam_facility_t; typedef struct pam_chain pam_chain_t; struct pam_chain { pam_module_t *module; int flag; int optc; char **optv; pam_chain_t *next; }; typedef struct pam_data pam_data_t; struct pam_data { char *name; void *data; void (*cleanup)(pam_handle_t *, void *, int); pam_data_t *next; }; struct pam_handle { char *service; /* chains */ - pam_chain_t *chains[PAM_NUM_CHAINS]; + pam_chain_t *chains[PAM_NUM_FACILITIES]; pam_chain_t *current; int primitive; /* items and data */ void *item[PAM_NUM_ITEMS]; pam_data_t *module_data; /* environment list */ char **env; int env_count; int env_size; }; #ifdef NGROUPS_MAX #define PAM_SAVED_CRED "pam_saved_cred" struct pam_saved_cred { uid_t euid; gid_t egid; gid_t groups[NGROUPS_MAX]; int ngroups; }; #endif #define PAM_OTHER "other" -int openpam_configure(pam_handle_t *, const char *); -int openpam_dispatch(pam_handle_t *, int, int); -int openpam_findenv(pam_handle_t *, const char *, size_t); -int openpam_add_module(pam_chain_t **, int, int, - const char *, int, const char **); -void openpam_clear_chains(pam_chain_t **); +int openpam_configure(pam_handle_t *, const char *); +int openpam_dispatch(pam_handle_t *, int, int); +int openpam_findenv(pam_handle_t *, const char *, size_t); +pam_module_t *openpam_load_module(const char *); +void openpam_clear_chains(pam_chain_t **); #ifdef OPENPAM_STATIC_MODULES -pam_module_t *openpam_static(const char *); +pam_module_t *openpam_static(const char *); #endif -pam_module_t *openpam_dynamic(const char *); +pam_module_t *openpam_dynamic(const char *); + +#define FREE(p) do { free((p)); (p) = NULL; } while (0) #ifdef DEBUG #define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") #define ENTERI(i) do { \ if ((i) > 0 && (i) < PAM_NUM_ITEMS) \ openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[i]); \ else \ openpam_log(PAM_LOG_DEBUG, "entering: %d", (i)); \ -} while (0); +} while (0) #define ENTERN(n) do { \ openpam_log(PAM_LOG_DEBUG, "entering: %d", (n)); \ -} while (0); +} while (0) #define ENTERS(s) do { \ if ((s) == NULL) \ openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ else \ openpam_log(PAM_LOG_DEBUG, "entering: '%s'", (s)); \ -} while (0); +} while (0) #define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") #define RETURNC(c) do { \ if ((c) >= 0 && (c) < PAM_NUM_ERRORS) \ openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[c]); \ else \ openpam_log(PAM_LOG_DEBUG, "returning %d!", (c)); \ return (c); \ } while (0) #define RETURNN(n) do { \ openpam_log(PAM_LOG_DEBUG, "returning %d", (n)); \ return (n); \ } while (0) #define RETURNP(p) do { \ if ((p) == NULL) \ openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ else \ openpam_log(PAM_LOG_DEBUG, "returning %p", (p)); \ return (p); \ } while (0) #define RETURNS(s) do { \ if ((s) == NULL) \ openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ else \ openpam_log(PAM_LOG_DEBUG, "returning '%s'", (s)); \ return (s); \ } while (0) #else #define ENTER() #define ENTERI(i) #define ENTERN(n) #define ENTERS(s) #define RETURNV() return #define RETURNC(c) return (c) #define RETURNN(n) return (n) #define RETURNP(p) return (p) #define RETURNS(s) return (s) #endif #endif diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c index ef683099cad5..a1057f39a233 100644 --- a/contrib/openpam/lib/openpam_load.c +++ b/contrib/openpam/lib/openpam_load.c @@ -1,221 +1,179 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_load.c#15 $ + * $P4: //depot/projects/openpam/lib/openpam_load.c#19 $ */ #include #include #include #include #include "openpam_impl.h" const char *_pam_func_name[PAM_NUM_PRIMITIVES] = { "pam_authenticate", "pam_setcred", "pam_acct_mgmt", "pam_open_session", "pam_close_session", "pam_chauthtok" }; const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = { "pam_sm_authenticate", "pam_sm_setcred", "pam_sm_acct_mgmt", "pam_sm_open_session", "pam_sm_close_session", "pam_sm_chauthtok" }; static pam_module_t *modules; /* * Locate a matching dynamic or static module. Keep a list of previously * found modules to speed up the process. */ -static pam_module_t * +pam_module_t * openpam_load_module(const char *path) { pam_module_t *module; /* check cache first */ for (module = modules; module != NULL; module = module->next) if (strcmp(module->path, path) == 0) goto found; /* nope; try to load */ module = openpam_dynamic(path); openpam_log(PAM_LOG_DEBUG, "%s dynamic %s", (module == NULL) ? "no" : "using", path); #ifdef OPENPAM_STATIC_MODULES /* look for a static module */ if (module == NULL && strchr(path, '/') == NULL) { module = openpam_static(path); openpam_log(PAM_LOG_DEBUG, "%s static %s", (module == NULL) ? "no" : "using", path); } #endif if (module == NULL) { openpam_log(PAM_LOG_ERROR, "no %s found", path); return (NULL); } openpam_log(PAM_LOG_DEBUG, "adding %s to cache", module->path); module->next = modules; if (module->next != NULL) module->next->prev = module; module->prev = NULL; modules = module; found: ++module->refcount; return (module); } /* * Release a module. * XXX highly thread-unsafe */ static void openpam_release_module(pam_module_t *module) { if (module == NULL) return; --module->refcount; if (module->refcount > 0) /* still in use */ return; if (module->refcount < 0) { openpam_log(PAM_LOG_ERROR, "module %s has negative refcount", module->path); module->refcount = 0; } if (module->dlh == NULL) /* static module */ return; dlclose(module->dlh); if (module->prev != NULL) module->prev->next = module->next; if (module->next != NULL) module->next->prev = module->prev; if (module == modules) modules = module->next; openpam_log(PAM_LOG_DEBUG, "releasing %s", module->path); - free(module->path); - free(module); + FREE(module->path); + FREE(module); } /* * Destroy a chain, freeing all its links and releasing the modules * they point to. */ static void openpam_destroy_chain(pam_chain_t *chain) { if (chain == NULL) return; openpam_destroy_chain(chain->next); chain->next = NULL; while (chain->optc--) - free(chain->optv[chain->optc]); - free(chain->optv); + FREE(chain->optv[chain->optc]); + FREE(chain->optv); openpam_release_module(chain->module); - free(chain); -} - -/* - * Add a module to a chain. - */ - -int -openpam_add_module(pam_chain_t *policy[], - int chain, - int flag, - const char *modpath, - int optc, - const char *optv[]) -{ - pam_chain_t *new, *iterator; - - if ((new = calloc(1, sizeof *new)) == NULL) - goto buf_err; - if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL) - goto buf_err; - while (optc--) - if ((new->optv[new->optc++] = strdup(*optv++)) == NULL) - goto buf_err; - new->optv[new->optc] = NULL; - new->flag = flag; - if ((new->module = openpam_load_module(modpath)) == NULL) { - openpam_destroy_chain(new); - return (PAM_OPEN_ERR); - } - if ((iterator = policy[chain]) != NULL) { - while (iterator->next != NULL) - iterator = iterator->next; - iterator->next = new; - } else { - policy[chain] = new; - } - return (PAM_SUCCESS); - - buf_err: - openpam_log(PAM_LOG_ERROR, "%m"); - openpam_destroy_chain(new); - return (PAM_BUF_ERR); + FREE(chain); } /* * Clear the chains and release the modules */ void openpam_clear_chains(pam_chain_t *policy[]) { int i; - for (i = 0; i < PAM_NUM_CHAINS; ++i) + for (i = 0; i < PAM_NUM_FACILITIES; ++i) openpam_destroy_chain(policy[i]); } /* * NOPARSE */ diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c index 0758580e600a..d03ec25ec61c 100644 --- a/contrib/openpam/lib/openpam_log.c +++ b/contrib/openpam/lib/openpam_log.c @@ -1,135 +1,149 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_log.c#18 $ + * $P4: //depot/projects/openpam/lib/openpam_log.c#23 $ */ #include #include #include #include #include #include #include #include "openpam_impl.h" int _openpam_debug = 0; -#if defined(openpam_log) +#if !defined(openpam_log) /* * OpenPAM extension * - * Log a message through syslog(3) + * Log a message through syslog */ void -_openpam_log(int level, const char *func, const char *fmt, ...) +openpam_log(int level, const char *fmt, ...) { va_list ap; - char *format; - int len, priority; + int priority; switch (level) { case PAM_LOG_DEBUG: if (!_openpam_debug) return; priority = LOG_DEBUG; break; case PAM_LOG_VERBOSE: priority = LOG_INFO; break; case PAM_LOG_NOTICE: priority = LOG_NOTICE; break; case PAM_LOG_ERROR: default: priority = LOG_ERR; break; } va_start(ap, fmt); - for (len = strlen(fmt); len > 0 && isspace(fmt[len]); len--) - /* nothing */; - if ((format = malloc(strlen(func) + len + 16)) != NULL) { - sprintf(format, "in %s(): %.*s\n", func, len, fmt); - vsyslog(priority, format, ap); - free(format); - } else { - vsyslog(priority, fmt, ap); - } + vsyslog(priority, fmt, ap); va_end(ap); } #else -/* - * If openpam_log isn't defined as a macro, we're on a platform that - * doesn't support varadic macros (or it does but we aren't aware of - * it). Do the next best thing. - */ - void -openpam_log(int level, const char *fmt, ...) +_openpam_log(int level, const char *func, const char *fmt, ...) { va_list ap; + char *format; int priority; switch (level) { case PAM_LOG_DEBUG: if (!_openpam_debug) return; priority = LOG_DEBUG; break; case PAM_LOG_VERBOSE: priority = LOG_INFO; break; case PAM_LOG_NOTICE: priority = LOG_NOTICE; break; case PAM_LOG_ERROR: default: priority = LOG_ERR; break; } va_start(ap, fmt); - vsyslog(priority, fmt, ap); + if (asprintf(&format, "in %s(): %s", func, fmt) > 0) { + vsyslog(priority, format, ap); + FREE(format); + } else { + vsyslog(priority, fmt, ap); + } va_end(ap); } #endif -/* - * NOLIST +/** + * The =openpam_log function logs messages using =syslog. It is primarily + * intended for internal use by the library and modules. + * + * The =level argument indicates the importance of the message. The + * following levels are defined: + * + * =PAM_LOG_DEBUG: + * Debugging messages. These messages are normally not + * logged unless the global integer variable :_openpam_debug + * is set to a non-zero value, in which case they are logged + * with a =syslog priority of =LOG_DEBUG. + * =PAM_LOG_VERBOSE: + * Information about the progress of the authentication + * process, or other non-essential messages. These messages + * are logged with a =syslog priority of =LOG_INFO. + * =PAM_LOG_NOTICE: + * Messages relating to non-fatal errors. These messages are + * logged with a =syslog priority of =LOG_NOTICE. + * =PAM_LOG_ERROR: + * Messages relating to serious errors. These messages are + * logged with a =syslog priority of =LOG_ERR. + * + * The remaining arguments are a =printf format string and the + * corresponding arguments. */ diff --git a/contrib/openpam/lib/openpam_nullconv.c b/contrib/openpam/lib/openpam_nullconv.c index 94a99361bf8d..99ca9cd13f8d 100644 --- a/contrib/openpam/lib/openpam_nullconv.c +++ b/contrib/openpam/lib/openpam_nullconv.c @@ -1,86 +1,84 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#6 $ */ #include #include #include "openpam_impl.h" /* * OpenPAM extension * * Null conversation function */ int openpam_nullconv(int n, const struct pam_message **msg, struct pam_response **resp, void *data) { ENTER(); (void)n; (void)msg; (void)resp; (void)data; RETURNC(PAM_CONV_ERR); } /* - * NOLIST - * * Error codes: * * PAM_CONV_ERR */ /** * The =openpam_nullconv function is a null conversation function suitable * for applications that want to use PAM but don't support interactive * dialog with the user. Such applications should set =PAM_AUTHTOK to * whatever authentication token they've obtained on their own before * calling =pam_authenticate and / or =pam_chauthtok, and their PAM * configuration should specify the ;use_first_pass option for all modules * that require access to the authentication token, to make sure they use * =PAM_AUTHTOK rather than try to query the user. * * >openpam_ttyconv * >pam_prompt * >pam_set_item * >pam_vprompt */ diff --git a/contrib/openpam/lib/openpam_readline.c b/contrib/openpam/lib/openpam_readline.c new file mode 100644 index 000000000000..31428bf61a7f --- /dev/null +++ b/contrib/openpam/lib/openpam_readline.c @@ -0,0 +1,154 @@ +/*- + * Copyright (c) 2003 Networks Associates Technology, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * Network Associates Laboratories, the Security Research Division of + * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $P4: //depot/projects/openpam/lib/openpam_readline.c#2 $ + */ + +#include +#include +#include + +#include +#include "openpam_impl.h" + +#define MIN_LINE_LENGTH 128 + +/* + * OpenPAM extension + * + * Read a line from a file. + */ + +char * +openpam_readline(FILE *f, int *lineno, size_t *lenp) +{ + char *line; + size_t len, size; + int ch; + + if ((line = malloc(MIN_LINE_LENGTH)) == NULL) + return (NULL); + size = MIN_LINE_LENGTH; + len = 0; + +#define line_putch(ch) do { \ + if (len >= size - 1) { \ + char *tmp = realloc(line, size *= 2); \ + if (tmp == NULL) \ + goto fail; \ + line = tmp; \ + } \ + line[len++] = ch; \ + line[len] = '\0'; \ +} while (0) + + for (;;) { + ch = fgetc(f); + /* strip comment */ + if (ch == '#') { + do { + ch = fgetc(f); + } while (ch != EOF && ch != '\n'); + } + /* eof */ + if (ch == EOF) { + /* remove trailing whitespace */ + while (len > 0 && isspace(line[len - 1])) + --len; + line[len] = '\0'; + if (len == 0) + goto fail; + break; + } + /* eol */ + if (ch == '\n') { + if (lineno != NULL) + ++*lineno; + + /* remove trailing whitespace */ + while (len > 0 && isspace(line[len - 1])) + --len; + line[len] = '\0'; + /* skip blank lines */ + if (len == 0) + continue; + /* continuation */ + if (line[len - 1] == '\\') { + line[--len] = '\0'; + /* fall through to whitespace case */ + } else { + break; + } + } + /* whitespace */ + if (isspace(ch)) { + /* ignore leading whitespace */ + /* collapse linear whitespace */ + if (len > 0 && line[len - 1] != ' ') + line_putch(' '); + continue; + } + /* anything else */ + line_putch(ch); + } + + if (lenp != NULL) + *lenp = len; + return (line); + fail: + FREE(line); + return (NULL); +} + +/** + * The =openpam_readline function reads a line from a file, and returns it + * in a NUL-terminated buffer allocated with =malloc. + * + * The =openpam_readline function performs a certain amount of processing + * on the data it reads. + * Comments (introduced by a hash sign) are stripped, as is leading and + * trailing whitespace. + * Any amount of linear whitespace is collapsed to a single space. + * Blank lines are ignored. + * If a line ends in a backslash, the backslash is stripped and the next + * line is appended. + * + * If =lineno is not =NULL, the integer variable it points to is + * incremented every time a newline character is read. + * + * If =lenp is not =NULL, the length of the line (not including the + * terminating NUL character) is stored in the variable it points to. + * + * The caller is responsible for releasing the returned buffer by passing + * it to =free. + */ diff --git a/contrib/openpam/lib/openpam_restore_cred.c b/contrib/openpam/lib/openpam_restore_cred.c index d18f78f59aab..afa468adbdb8 100644 --- a/contrib/openpam/lib/openpam_restore_cred.c +++ b/contrib/openpam/lib/openpam_restore_cred.c @@ -1,89 +1,90 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#4 $ + * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#8 $ */ #include +#include #include #include #include #include #include "openpam_impl.h" /* * OpenPAM extension * * Restore credentials */ int openpam_restore_cred(pam_handle_t *pamh) { struct pam_saved_cred *scred; int r; ENTER(); r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred); if (r != PAM_SUCCESS) RETURNC(r); if (scred == NULL) RETURNC(PAM_SYSTEM_ERR); if (scred->euid != geteuid()) { - if (seteuid(scred->euid) == -1 || - setgroups(scred->ngroups, scred->groups) == -1 || - setegid(scred->egid) == -1) + if (seteuid(scred->euid) < 0 || + setgroups(scred->ngroups, scred->groups) < 0 || + setegid(scred->egid) < 0) RETURNC(PAM_SYSTEM_ERR); } pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL); RETURNC(PAM_SUCCESS); } /* * Error codes: * * =pam_get_data * PAM_SYSTEM_ERR */ /** * The =openpam_restore_cred function restores the credentials saved by * =openpam_borrow_cred. * * >setegid * >seteuid * >setgroups */ diff --git a/contrib/openpam/lib/openpam_set_option.c b/contrib/openpam/lib/openpam_set_option.c index d981398b5b6b..a955d2b14fc9 100644 --- a/contrib/openpam/lib/openpam_set_option.c +++ b/contrib/openpam/lib/openpam_set_option.c @@ -1,119 +1,118 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_set_option.c#7 $ + * $P4: //depot/projects/openpam/lib/openpam_set_option.c#13 $ */ #include #include #include #include #include #include #include "openpam_impl.h" /* * OpenPAM extension * * Sets the value of a module option */ int openpam_set_option(pam_handle_t *pamh, const char *option, const char *value) { pam_chain_t *cur; char *opt, **optv; size_t len; int i; ENTERS(option); if (pamh == NULL || pamh->current == NULL || option == NULL) RETURNC(PAM_SYSTEM_ERR); cur = pamh->current; for (len = 0; option[len] != '\0'; ++len) if (option[len] == '=') break; for (i = 0; i < cur->optc; ++i) { if (strncmp(cur->optv[i], option, len) == 0 && (cur->optv[i][len] == '\0' || cur->optv[i][len] == '=')) break; } if (value == NULL) { /* remove */ if (i == cur->optc) RETURNC(PAM_SUCCESS); for (free(cur->optv[i]); i < cur->optc; ++i) cur->optv[i] = cur->optv[i + 1]; cur->optv[i] = NULL; RETURNC(PAM_SUCCESS); } - if ((opt = malloc(len + strlen(value) + 2)) == NULL) + if (asprintf(&opt, "%.*s=%s", (int)len, option, value) < 0) RETURNC(PAM_BUF_ERR); - sprintf(opt, "%.*s=%s", (int)len, option, value); if (i == cur->optc) { /* add */ optv = realloc(cur->optv, sizeof(char *) * (cur->optc + 2)); if (optv == NULL) { - free(opt); + FREE(opt); RETURNC(PAM_BUF_ERR); } optv[i] = opt; optv[i + 1] = NULL; cur->optv = optv; ++cur->optc; } else { /* replace */ - free(cur->optv[i]); + FREE(cur->optv[i]); cur->optv[i] = opt; } RETURNC(PAM_SUCCESS); } /* - * NOLIST - * * Error codes: * * PAM_SYSTEM_ERR * PAM_BUF_ERR */ /** * The =openpam_set_option function sets the specified option in the * context of the currently executing service module. + * + * >openpam_get_option */ diff --git a/contrib/openpam/lib/openpam_static.c b/contrib/openpam/lib/openpam_static.c index 59ec25517c07..1346c8b446ec 100644 --- a/contrib/openpam/lib/openpam_static.c +++ b/contrib/openpam/lib/openpam_static.c @@ -1,69 +1,69 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_static.c#5 $ + * $P4: //depot/projects/openpam/lib/openpam_static.c#6 $ */ #include #include #include "openpam_impl.h" #ifdef OPENPAM_STATIC_MODULES SET_DECLARE(_openpam_static_modules, pam_module_t); /* * OpenPAM internal * * Locate a statically linked module */ pam_module_t * openpam_static(const char *path) { pam_module_t **module; SET_FOREACH(module, _openpam_static_modules) { if (strcmp((*module)->path, path) == 0) return (*module); } return (NULL); } #endif /* * NOPARSE */ diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c index 828f359950dd..64deba9d7830 100644 --- a/contrib/openpam/lib/openpam_ttyconv.c +++ b/contrib/openpam/lib/openpam_ttyconv.c @@ -1,210 +1,207 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#15 $ + * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#20 $ */ #include #include #include #include #include #include #include #include #include #include #include "openpam_impl.h" int openpam_ttyconv_timeout = 0; static jmp_buf jmpenv; static int timed_out; static void timeout(int sig) { timed_out = 1; longjmp(jmpenv, sig); } static char * prompt(const char *msg) { char buf[PAM_MAX_RESP_SIZE]; struct sigaction action, saved_action; sigset_t saved_sigset, sigset; unsigned int saved_alarm; size_t len; sigemptyset(&sigset); sigaddset(&sigset, SIGINT); sigaddset(&sigset, SIGTSTP); sigprocmask(SIG_SETMASK, &sigset, &saved_sigset); action.sa_handler = &timeout; action.sa_flags = 0; sigemptyset(&action.sa_mask); sigaction(SIGALRM, &action, &saved_action); fputs(msg, stdout); buf[0] = '\0'; timed_out = 0; saved_alarm = alarm(openpam_ttyconv_timeout); if (setjmp(jmpenv) == 0) fgets(buf, sizeof buf, stdin); else fputs(" timeout!\n", stderr); alarm(0); sigaction(SIGALRM, &saved_action, NULL); sigprocmask(SIG_SETMASK, &saved_sigset, NULL); alarm(saved_alarm); if (timed_out || ferror(stdin) || feof(stdin)) return (NULL); /* trim trailing whitespace */ for (len = strlen(buf); len > 0; --len) if (!isspace(buf[len - 1])) break; buf[len] = '\0'; return (strdup(buf)); } static char * prompt_echo_off(const char *msg) { struct termios tattr; tcflag_t lflag; char *ret; int fd; fd = fileno(stdin); if (tcgetattr(fd, &tattr) != 0) { openpam_log(PAM_LOG_ERROR, "tcgetattr(): %m"); return (NULL); } lflag = tattr.c_lflag; tattr.c_lflag &= ~ECHO; if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) { openpam_log(PAM_LOG_ERROR, "tcsetattr(): %m"); return (NULL); } ret = prompt(msg); tattr.c_lflag = lflag; (void)tcsetattr(fd, TCSANOW, &tattr); if (ret != NULL) fputs("\n", stdout); return (ret); } /* * OpenPAM extension * * Simple tty-based conversation function */ int openpam_ttyconv(int n, const struct pam_message **msg, struct pam_response **resp, void *data) { int i; ENTER(); (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) RETURNC(PAM_CONV_ERR); if ((*resp = calloc(n, sizeof **resp)) == NULL) RETURNC(PAM_BUF_ERR); for (i = 0; i < n; ++i) { resp[i]->resp_retcode = 0; resp[i]->resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: resp[i]->resp = prompt_echo_off(msg[i]->msg); if (resp[i]->resp == NULL) goto fail; break; case PAM_PROMPT_ECHO_ON: resp[i]->resp = prompt(msg[i]->msg); if (resp[i]->resp == NULL) goto fail; break; case PAM_ERROR_MSG: fputs(msg[i]->msg, stderr); if (strlen(msg[i]->msg) > 0 && msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') fputc('\n', stderr); break; case PAM_TEXT_INFO: fputs(msg[i]->msg, stdout); if (strlen(msg[i]->msg) > 0 && msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') fputc('\n', stdout); break; default: goto fail; } } RETURNC(PAM_SUCCESS); fail: while (i) - free(resp[--i]); - free(*resp); - *resp = NULL; + FREE(resp[--i]); + FREE(*resp); RETURNC(PAM_CONV_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR */ /** * The =openpam_ttyconv function is a standard conversation function * suitable for use on TTY devices. It should be adequate for the needs * of most text-based interactive programs. * * The =openpam_ttyconv function allows the application to specify a - * timeout for user input by setting the global variable + * timeout for user input by setting the global integer variable * :openpam_ttyconv_timeout to the length of the timeout in seconds. * * >openpam_nullconv * >pam_prompt * >pam_vprompt */ diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c index 6dbd29a78711..d5bdbfb703f4 100644 --- a/contrib/openpam/lib/pam_acct_mgmt.c +++ b/contrib/openpam/lib/pam_acct_mgmt.c @@ -1,83 +1,83 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#14 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 32 * * Perform PAM account validation procedures */ int pam_acct_mgmt(pam_handle_t *pamh, int flags) { int r; ENTER(); r = openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags); RETURNC(r); } /* * Error codes: * * =openpam_dispatch * =pam_sm_acct_mgmt * !PAM_IGNORE */ /** * The =pam_acct_mgmt function verifies and enforces account restrictions * after the user has been authenticated. * * The =flags argument is the binary or of zero or more of the following * values: * * =PAM_SILENT: * Do not emit any messages. * =PAM_DISALLOW_NULL_AUTHTOK: * Fail if the user's authentication token is null. * - * If any other bits are set, =pam_authenticate will return + * If any other bits are set, =pam_acct_mgmt will return * =PAM_SYMBOL_ERR. */ diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c index 6d319b994521..a37e32bf358c 100644 --- a/contrib/openpam/lib/pam_authenticate.c +++ b/contrib/openpam/lib/pam_authenticate.c @@ -1,91 +1,91 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_authenticate.c#13 $ + * $P4: //depot/projects/openpam/lib/pam_authenticate.c#15 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 34 * * Perform authentication within the PAM framework */ int pam_authenticate(pam_handle_t *pamh, int flags) { int r; ENTER(); if (flags & ~(PAM_SILENT|PAM_DISALLOW_NULL_AUTHTOK)) RETURNC(PAM_SYMBOL_ERR); r = openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags); pam_set_item(pamh, PAM_AUTHTOK, NULL); RETURNC(r); } /* * Error codes: * * =openpam_dispatch * =pam_sm_authenticate * !PAM_IGNORE * PAM_SYMBOL_ERR */ /** * The =pam_authenticate function attempts to authenticate the user * associated with the pam context specified by the =pamh argument. * * The application is free to call =pam_authenticate as many times as it * wishes, but some modules may maintain an internal retry counter and * return =PAM_MAXTRIES when it exceeds some preset or hardcoded limit. * * The =flags argument is the binary or of zero or more of the following * values: * * =PAM_SILENT: * Do not emit any messages. * =PAM_DISALLOW_NULL_AUTHTOK: * Fail if the user's authentication token is null. * * If any other bits are set, =pam_authenticate will return * =PAM_SYMBOL_ERR. */ diff --git a/contrib/openpam/lib/pam_authenticate_secondary.c b/contrib/openpam/lib/pam_authenticate_secondary.c index b266f196449b..09e983904f9f 100644 --- a/contrib/openpam/lib/pam_authenticate_secondary.c +++ b/contrib/openpam/lib/pam_authenticate_secondary.c @@ -1,62 +1,62 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#8 $ */ #include /* * XSSO 4.2.1 * XSSO 6 page 36 * * Perform authentication to a secondary domain within the PAM framework */ int pam_authenticate_secondary(pam_handle_t *pamh, char *target_username, char *target_module_type, char *target_authn_domain, char *target_supp_data, char *target_module_authtok, int flags) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c index 74f2af3b1099..224e8f27cc05 100644 --- a/contrib/openpam/lib/pam_chauthtok.c +++ b/contrib/openpam/lib/pam_chauthtok.c @@ -1,92 +1,92 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#14 $ + * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#16 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 38 * * Perform password related functions within the PAM framework */ int pam_chauthtok(pam_handle_t *pamh, int flags) { int r; ENTER(); if (flags & ~(PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK)) RETURNC(PAM_SYMBOL_ERR); r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags | PAM_PRELIM_CHECK); if (r == PAM_SUCCESS) r = openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags | PAM_UPDATE_AUTHTOK); pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); pam_set_item(pamh, PAM_AUTHTOK, NULL); RETURNC(r); } /* * Error codes: * * =openpam_dispatch * =pam_sm_chauthtok * !PAM_IGNORE * PAM_SYMBOL_ERR */ /** * The =pam_chauthtok function attempts to change the authentication token * for the user associated with the pam context specified by the =pamh * argument. * * The =flags argument is the binary or of zero or more of the following * values: * * =PAM_SILENT: * Do not emit any messages. * =PAM_CHANGE_EXPIRED_AUTHTOK: * Change only those authentication tokens that have expired. * * If any other bits are set, =pam_chauthtok will return =PAM_SYMBOL_ERR. */ diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c index 5fd14ad50f88..ee4945fbb03f 100644 --- a/contrib/openpam/lib/pam_close_session.c +++ b/contrib/openpam/lib/pam_close_session.c @@ -1,84 +1,84 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_close_session.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_close_session.c#13 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 40 * * Close an existing user session */ int pam_close_session(pam_handle_t *pamh, int flags) { int r; ENTER(); if (flags & ~(PAM_SILENT)) RETURNC(PAM_SYMBOL_ERR); r = openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags); RETURNC(r); } /* * Error codes: * * =openpam_dispatch * =pam_sm_close_session * !PAM_IGNORE * PAM_SYMBOL_ERR */ /** * The =pam_close_session function tears down the user session previously * set up by =pam_open_session. * * The =flags argument is the binary or of zero or more of the following * values: * * =PAM_SILENT: * Do not emit any messages. * * If any other bits are set, =pam_close_session will return * =PAM_SYMBOL_ERR. */ diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c index 5fb1fb68611f..e1762c6c20c2 100644 --- a/contrib/openpam/lib/pam_end.c +++ b/contrib/openpam/lib/pam_end.c @@ -1,99 +1,99 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_end.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_end.c#13 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 42 * * Terminate the PAM transaction */ int pam_end(pam_handle_t *pamh, int status) { pam_data_t *dp; int i; ENTER(); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); /* clear module data */ while ((dp = pamh->module_data) != NULL) { if (dp->cleanup) (dp->cleanup)(pamh, dp->data, status); pamh->module_data = dp->next; - free(dp->name); - free(dp); + FREE(dp->name); + FREE(dp); } /* clear environment */ while (pamh->env_count) - free(pamh->env[--pamh->env_count]); - free(pamh->env); + FREE(pamh->env[--pamh->env_count]); + FREE(pamh->env); /* clear chains */ openpam_clear_chains(pamh->chains); /* clear items */ for (i = 0; i < PAM_NUM_ITEMS; ++i) pam_set_item(pamh, i, NULL); - free(pamh); + FREE(pamh); RETURNC(PAM_SUCCESS); } /* * Error codes: * * PAM_SYSTEM_ERR */ /** * The =pam_end function terminates a PAM transaction and destroys the * corresponding PAM context, releasing all resources allocated to it. * * The =status argument should be set to the error code returned by the * last API call before the call to =pam_end. */ diff --git a/contrib/openpam/lib/pam_error.c b/contrib/openpam/lib/pam_error.c index 4aac633116a5..a2708bfa466e 100644 --- a/contrib/openpam/lib/pam_error.c +++ b/contrib/openpam/lib/pam_error.c @@ -1,82 +1,84 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_error.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_error.c#10 $ */ #include #include #include #include #include +#include "openpam_impl.h" + /* * OpenPAM extension * * Display an error message */ int pam_error(pam_handle_t *pamh, const char *fmt, ...) { va_list ap; char *rsp; int r; va_start(ap, fmt); r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); va_end(ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } /* * Error codes: * * !PAM_SYMBOL_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR */ /** * The =pam_error function displays an error message through the * intermediary of the given PAM context's conversation function. * * >pam_info * >pam_prompt * >pam_verror */ diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c index c1ecb3c26553..fba1e76b1659 100644 --- a/contrib/openpam/lib/pam_get_authtok.c +++ b/contrib/openpam/lib/pam_get_authtok.c @@ -1,168 +1,166 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#21 $ + * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#25 $ */ #include #include #include #include #include #include "openpam_impl.h" const char authtok_prompt[] = "Password:"; const char oldauthtok_prompt[] = "Old Password:"; const char newauthtok_prompt[] = "New Password:"; /* * OpenPAM extension * * Retrieve authentication token */ int pam_get_authtok(pam_handle_t *pamh, int item, const char **authtok, const char *prompt) { const void *oldauthtok; const char *default_prompt; char *resp, *resp2; int pitem, r, style, twice; ENTER(); if (pamh == NULL || authtok == NULL) RETURNC(PAM_SYSTEM_ERR); *authtok = NULL; twice = 0; switch (item) { case PAM_AUTHTOK: pitem = PAM_AUTHTOK_PROMPT; default_prompt = authtok_prompt; r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok); if (r == PAM_SUCCESS && oldauthtok != NULL) { default_prompt = newauthtok_prompt; twice = 1; } break; case PAM_OLDAUTHTOK: pitem = PAM_OLDAUTHTOK_PROMPT; default_prompt = oldauthtok_prompt; twice = 0; break; default: RETURNC(PAM_SYMBOL_ERR); } if (openpam_get_option(pamh, "try_first_pass") || openpam_get_option(pamh, "use_first_pass")) { r = pam_get_item(pamh, item, (const void **)authtok); if (r == PAM_SUCCESS && *authtok != NULL) RETURNC(PAM_SUCCESS); else if (openpam_get_option(pamh, "use_first_pass")) RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r); } if (prompt == NULL) { r = pam_get_item(pamh, pitem, (const void **)&prompt); if (r != PAM_SUCCESS || prompt == NULL) prompt = default_prompt; } style = openpam_get_option(pamh, "echo_pass") ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; r = pam_prompt(pamh, style, &resp, "%s", prompt); if (r != PAM_SUCCESS) RETURNC(r); if (twice) { r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt); if (r != PAM_SUCCESS) { - free(resp); + FREE(resp); RETURNC(r); } - if (strcmp(resp, resp2) != 0) { - free(resp); - resp = NULL; - } - free(resp2); + if (strcmp(resp, resp2) != 0) + FREE(resp); + FREE(resp2); } if (resp == NULL) RETURNC(PAM_TRY_AGAIN); r = pam_set_item(pamh, item, resp); - free(resp); + FREE(resp); if (r != PAM_SUCCESS) RETURNC(r); r = pam_get_item(pamh, item, (const void **)authtok); RETURNC(r); } /* * Error codes: * * =pam_get_item * =pam_prompt * =pam_set_item * !PAM_SYMBOL_ERR * PAM_TRY_AGAIN */ /** * The =pam_get_authtok function returns the cached authentication token, * or prompts the user if no token is currently cached. Either way, a * pointer to the authentication token is stored in the location pointed * to by the =authtok argument. * * The =item argument must have one of the following values: * * =PAM_AUTHTOK: * Returns the current authentication token, or the new token * when changing authentication tokens. * =PAM_OLDAUTHTOK: * Returns the previous authentication token when changing * authentication tokens. * * The =prompt argument specifies a prompt to use if no token is cached. * If it is =NULL, the =PAM_AUTHTOK_PROMPT or =PAM_OLDAUTHTOK_PROMPT item, * as appropriate, will be used. If that item is also =NULL, a hardcoded * default prompt will be used. * * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK * item, =pam_get_authtok will ask the user to confirm the new token by * retyping it. If there is a mismatch, =pam_get_authtok will return * =PAM_TRY_AGAIN. * * >pam_get_item * >pam_get_user */ diff --git a/contrib/openpam/lib/pam_get_data.c b/contrib/openpam/lib/pam_get_data.c index 63de926a7467..9fcb33a79af1 100644 --- a/contrib/openpam/lib/pam_get_data.c +++ b/contrib/openpam/lib/pam_get_data.c @@ -1,84 +1,84 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_data.c#10 $ + * $P4: //depot/projects/openpam/lib/pam_get_data.c#12 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 43 * * Get module information */ int pam_get_data(pam_handle_t *pamh, const char *module_data_name, const void **data) { pam_data_t *dp; ENTERS(module_data_name); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); for (dp = pamh->module_data; dp != NULL; dp = dp->next) if (strcmp(dp->name, module_data_name) == 0) { *data = dp->data; RETURNC(PAM_SUCCESS); } RETURNC(PAM_NO_MODULE_DATA); } /* * Error codes: * * PAM_SYSTEM_ERR * PAM_NO_MODULE_DATA */ /** * The =pam_get_data function looks up the opaque object associated with * the string specified by the =module_data_name argument, in the PAM * context specified by the =pamh argument. * A pointer to the object is stored in the location pointed to by the * =data argument. * * This function and its counterpart =pam_set_data are useful for managing * data that are meaningful only to a particular service module. */ diff --git a/contrib/openpam/lib/pam_get_item.c b/contrib/openpam/lib/pam_get_item.c index fa63d3e526a7..16b20ed2b2d4 100644 --- a/contrib/openpam/lib/pam_get_item.c +++ b/contrib/openpam/lib/pam_get_item.c @@ -1,141 +1,141 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_item.c#15 $ + * $P4: //depot/projects/openpam/lib/pam_get_item.c#17 $ */ #include #include #include "openpam_impl.h" const char *_pam_item_name[PAM_NUM_ITEMS] = { "(NO ITEM)", "PAM_SERVICE", "PAM_USER", "PAM_TTY", "PAM_RHOST", "PAM_CONV", "PAM_AUTHTOK", "PAM_OLDAUTHTOK", "PAM_RUSER", "PAM_USER_PROMPT", "PAM_REPOSITORY", "PAM_AUTHTOK_PROMPT", "PAM_OLDAUTHTOK_PROMPT" }; /* * XSSO 4.2.1 * XSSO 6 page 46 * * Get PAM information */ int pam_get_item(pam_handle_t *pamh, int item_type, const void **item) { ENTERI(item_type); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); switch (item_type) { case PAM_SERVICE: case PAM_USER: case PAM_AUTHTOK: case PAM_OLDAUTHTOK: case PAM_TTY: case PAM_RHOST: case PAM_RUSER: case PAM_CONV: case PAM_USER_PROMPT: case PAM_AUTHTOK_PROMPT: case PAM_OLDAUTHTOK_PROMPT: case PAM_REPOSITORY: *item = pamh->item[item_type]; RETURNC(PAM_SUCCESS); default: RETURNC(PAM_SYMBOL_ERR); } } /* * Error codes: * * PAM_SYMBOL_ERR * PAM_SYSTEM_ERR */ /** * The =pam_get_item function stores a pointer to the item specified by * the =item_type argument in the location specified by the =item * argument. * The item is retrieved from the PAM context specified by the =pamh * argument. * The following item types are recognized: * * =PAM_SERVICE: * The name of the requesting service. * =PAM_USER: * The name of the user the application is trying to * authenticate. * =PAM_TTY: * The name of the current terminal. * =PAM_RHOST: * The name of the applicant's host. * =PAM_CONV: * A =struct pam_conv describing the current conversation * function. * =PAM_AUTHTOK: * The current authentication token. * =PAM_OLDAUTHTOK: * The expired authentication token. * =PAM_RUSER: * The name of the applicant. * =PAM_USER_PROMPT: * The prompt to use when asking the applicant for a user * name to authenticate as. * =PAM_AUTHTOK_PROMPT: * The prompt to use when asking the applicant for an * authentication token. * =PAM_OLDAUTHTOK_PROMPT: * The prompt to use when asking the applicant for an * expired authentication token prior to changing it. * * See =pam_start for a description of =struct pam_conv. * * >pam_set_item */ diff --git a/contrib/openpam/lib/pam_get_mapped_authtok.c b/contrib/openpam/lib/pam_get_mapped_authtok.c index e42954f251ec..7a5b3b1393fb 100644 --- a/contrib/openpam/lib/pam_get_mapped_authtok.c +++ b/contrib/openpam/lib/pam_get_mapped_authtok.c @@ -1,61 +1,61 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#8 $ */ #include /* * XSSO 4.2.1 * XSSO 6 page 48 * * Get mapped password for the user */ int pam_get_mapped_authtok(pam_handle_t *pamh, const char *target_module_username, const char *target_module_type, const char *target_authn_domain, size_t *target_authtok_len, unsigned char **target_module_authtok) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_get_mapped_username.c b/contrib/openpam/lib/pam_get_mapped_username.c index dc63aa0524e0..cec8a252a26e 100644 --- a/contrib/openpam/lib/pam_get_mapped_username.c +++ b/contrib/openpam/lib/pam_get_mapped_username.c @@ -1,62 +1,62 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#8 $ */ #include /* * XSSO 4.2.1 * XSSO 6 page 50 * * Get valid matched identity in new domain */ int pam_get_mapped_username(pam_handle_t *pamh, const char *src_username, const char *src_module_type, const char *src_authn_domain, const char *target_module_type, const char *target_authn_domain, char **target_module_username) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_get_user.c b/contrib/openpam/lib/pam_get_user.c index 5681c53b688c..3c30f5f4386d 100644 --- a/contrib/openpam/lib/pam_get_user.c +++ b/contrib/openpam/lib/pam_get_user.c @@ -1,107 +1,107 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_user.c#14 $ + * $P4: //depot/projects/openpam/lib/pam_get_user.c#17 $ */ #include #include #include #include #include "openpam_impl.h" const char user_prompt[] = "Login:"; /* * XSSO 4.2.1 * XSSO 6 page 52 * * Retrieve user name */ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) { char *resp; int r; ENTER(); if (pamh == NULL || user == NULL) RETURNC(PAM_SYSTEM_ERR); r = pam_get_item(pamh, PAM_USER, (const void **)user); if (r == PAM_SUCCESS) RETURNC(PAM_SUCCESS); if (prompt == NULL) { r = pam_get_item(pamh, PAM_USER_PROMPT, (const void **)&prompt); if (r != PAM_SUCCESS || prompt == NULL) prompt = user_prompt; } r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt); if (r != PAM_SUCCESS) RETURNC(r); r = pam_set_item(pamh, PAM_USER, resp); - free(resp); + FREE(resp); if (r != PAM_SUCCESS) RETURNC(r); r = pam_get_item(pamh, PAM_USER, (const void **)user); RETURNC(r); } /* * Error codes: * * =pam_get_item * =pam_prompt * =pam_set_item * !PAM_SYMBOL_ERR */ /** * The =pam_get_user function returns the name of the target user, as * specified to =pam_start. If no user was specified, nor set using * =pam_set_item, =pam_get_user will prompt for a user name. Either way, * a pointer to the user name is stored in the location pointed to by the * =user argument. * The =prompt argument specifies a prompt to use if no user name is * cached. If it is =NULL, the =PAM_USER_PROMPT will be used. If that * item is also =NULL, a hardcoded default prompt will be used. * * >pam_get_item * >pam_get_authtok */ diff --git a/contrib/openpam/lib/pam_getenv.c b/contrib/openpam/lib/pam_getenv.c index 098e1ef1fe73..4faafdc375af 100644 --- a/contrib/openpam/lib/pam_getenv.c +++ b/contrib/openpam/lib/pam_getenv.c @@ -1,82 +1,82 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_getenv.c#13 $ + * $P4: //depot/projects/openpam/lib/pam_getenv.c#16 $ */ #include #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 44 * * Retrieve the value of a PAM environment variable */ const char * pam_getenv(pam_handle_t *pamh, const char *name) { char *str; int i; ENTERS(name); if (pamh == NULL) RETURNS(NULL); if (name == NULL || strchr(name, '=') != NULL) RETURNS(NULL); - if ((i = openpam_findenv(pamh, name, strlen(name))) == -1) + if ((i = openpam_findenv(pamh, name, strlen(name))) < 0) RETURNS(NULL); for (str = pamh->env[i]; *str != '\0'; ++str) { if (*str == '=') { ++str; break; } } RETURNS(str); } /** * The =pam_getenv function returns the value of an environment variable. * Its semantics are similar to those of =getenv, but it accesses the PAM * context's environment list instead of the application's. * * >pam_getenvlist * >pam_putenv * >pam_setenv */ diff --git a/contrib/openpam/lib/pam_getenvlist.c b/contrib/openpam/lib/pam_getenvlist.c index 7c63bcee8065..2ba1bdf26667 100644 --- a/contrib/openpam/lib/pam_getenvlist.c +++ b/contrib/openpam/lib/pam_getenvlist.c @@ -1,103 +1,103 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#10 $ + * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#12 $ */ #include #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 45 * * Returns a list of all the PAM environment variables */ char ** pam_getenvlist(pam_handle_t *pamh) { char **envlist; int i; ENTER(); if (pamh == NULL) RETURNP(NULL); envlist = malloc(sizeof(char *) * (pamh->env_count + 1)); if (envlist == NULL) { openpam_log(PAM_LOG_ERROR, "%s", pam_strerror(pamh, PAM_BUF_ERR)); RETURNP(NULL); } for (i = 0; i < pamh->env_count; ++i) { if ((envlist[i] = strdup(pamh->env[i])) == NULL) { while (i) - free(envlist[--i]); - free(envlist); + FREE(envlist[--i]); + FREE(envlist); openpam_log(PAM_LOG_ERROR, "%s", pam_strerror(pamh, PAM_BUF_ERR)); RETURNP(NULL); } } envlist[i] = NULL; RETURNP(envlist); } /** * The =pam_getenvlist function returns a copy of the given PAM context's * environment list as a pointer to an array of strings. * The last element in the array is =NULL. * The pointer is suitable for assignment to {Va environ}. * * The array and the strings it lists are allocated using =malloc, and * should be released using =free after use: * * char **envlist, **env; * * envlist = environ; * environ = pam_getenvlist(pamh); * \/\* do something nifty \*\/ * for (env = environ; *env != NULL; env++) * free(*env); * free(environ); * environ = envlist; * * >environ 7 * >pam_getenv * >pam_putenv * >pam_setenv */ diff --git a/contrib/openpam/lib/pam_info.c b/contrib/openpam/lib/pam_info.c index 6102e84d400e..7d3ab949869f 100644 --- a/contrib/openpam/lib/pam_info.c +++ b/contrib/openpam/lib/pam_info.c @@ -1,82 +1,84 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_info.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_info.c#9 $ */ #include #include #include #include #include +#include "openpam_impl.h" + /* * OpenPAM extension * * Display an information message */ int pam_info(pam_handle_t *pamh, const char *fmt, ...) { va_list ap; char *rsp; int r; va_start(ap, fmt); r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); va_end(ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } /* * Error codes: * * !PAM_SYMBOL_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR */ /** * The =pam_info function displays an informational message through the * intermediary of the given PAM context's conversation function. * * >pam_error * >pam_prompt * >pam_vinfo */ diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c index 02c94445d21b..1db7a486424e 100644 --- a/contrib/openpam/lib/pam_open_session.c +++ b/contrib/openpam/lib/pam_open_session.c @@ -1,85 +1,85 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_open_session.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_open_session.c#13 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 54 * * Open a user session */ int pam_open_session(pam_handle_t *pamh, int flags) { int r; ENTER(); if (flags & ~(PAM_SILENT)) RETURNC(PAM_SYMBOL_ERR); r = openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags); RETURNC(r); } /* * Error codes: * * =openpam_dispatch * =pam_sm_open_session * !PAM_IGNORE * PAM_SYMBOL_ERR */ /** * The =pam_open_session sets up a user session for a previously * authenticated user. The session should later be torn down by a call to * =pam_close_session. * * The =flags argument is the binary or of zero or more of the following * values: * * =PAM_SILENT: * Do not emit any messages. * * If any other bits are set, =pam_open_session will return * =PAM_SYMBOL_ERR. */ diff --git a/contrib/openpam/lib/pam_prompt.c b/contrib/openpam/lib/pam_prompt.c index 6f63c16c40ee..61355d40fdb8 100644 --- a/contrib/openpam/lib/pam_prompt.c +++ b/contrib/openpam/lib/pam_prompt.c @@ -1,89 +1,89 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_prompt.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_prompt.c#9 $ */ #include #include #include #include /* * OpenPAM extension * * Call the conversation function */ int pam_prompt(pam_handle_t *pamh, int style, char **resp, const char *fmt, ...) { va_list ap; int r; va_start(ap, fmt); r = pam_vprompt(pamh, style, resp, fmt, ap); va_end(ap); return (r); } /* * Error codes: * * !PAM_SYMBOL_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR */ /** * The =pam_prompt function constructs a message from the specified format * string and arguments and passes it to the given PAM context's * conversation function. * * A pointer to the response, or =NULL if the conversation function did * not return one, is stored in the location pointed to by the =resp * argument. * * See =pam_vprompt for further details. * * >pam_error * >pam_info * >pam_vprompt */ diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c index d3c220f1f56e..41530e6596bd 100644 --- a/contrib/openpam/lib/pam_putenv.c +++ b/contrib/openpam/lib/pam_putenv.c @@ -1,107 +1,107 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_putenv.c#9 $ + * $P4: //depot/projects/openpam/lib/pam_putenv.c#12 $ */ #include #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 56 * * Set the value of an environment variable */ int pam_putenv(pam_handle_t *pamh, const char *namevalue) { char **env, *p; int i; ENTER(); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); /* sanity checks */ if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL) RETURNC(PAM_SYSTEM_ERR); /* see if the variable is already in the environment */ - if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) != -1) { + if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) >= 0) { if ((p = strdup(namevalue)) == NULL) RETURNC(PAM_BUF_ERR); - free(pamh->env[i]); + FREE(pamh->env[i]); pamh->env[i] = p; RETURNC(PAM_SUCCESS); } /* grow the environment list if necessary */ if (pamh->env_count == pamh->env_size) { env = realloc(pamh->env, sizeof(char *) * (pamh->env_size * 2 + 1)); if (env == NULL) RETURNC(PAM_BUF_ERR); pamh->env = env; pamh->env_size = pamh->env_size * 2 + 1; } /* add the variable at the end */ if ((pamh->env[pamh->env_count] = strdup(namevalue)) == NULL) RETURNC(PAM_BUF_ERR); ++pamh->env_count; RETURNC(PAM_SUCCESS); } /* * Error codes: * * PAM_SYSTEM_ERR * PAM_BUF_ERR */ /** * The =pam_putenv function sets a environment variable. * Its semantics are similar to those of =putenv, but it modifies the PAM * context's environment list instead of the application's. * * >pam_getenv * >pam_getenvlist * >pam_setenv */ diff --git a/contrib/openpam/lib/pam_set_data.c b/contrib/openpam/lib/pam_set_data.c index 5428bb120c47..a17ea0fb925b 100644 --- a/contrib/openpam/lib/pam_set_data.c +++ b/contrib/openpam/lib/pam_set_data.c @@ -1,103 +1,103 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_data.c#12 $ + * $P4: //depot/projects/openpam/lib/pam_set_data.c#15 $ */ #include #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 59 * * Set module information */ int pam_set_data(pam_handle_t *pamh, const char *module_data_name, void *data, void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)) { pam_data_t *dp; ENTERS(module_data_name); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); for (dp = pamh->module_data; dp != NULL; dp = dp->next) { if (strcmp(dp->name, module_data_name) == 0) { if (dp->cleanup) (dp->cleanup)(pamh, dp->data, PAM_SUCCESS); dp->data = data; dp->cleanup = cleanup; RETURNC(PAM_SUCCESS); } } if ((dp = malloc(sizeof *dp)) == NULL) RETURNC(PAM_BUF_ERR); if ((dp->name = strdup(module_data_name)) == NULL) { - free(dp); + FREE(dp); RETURNC(PAM_BUF_ERR); } dp->data = data; dp->cleanup = cleanup; dp->next = pamh->module_data; pamh->module_data = dp; RETURNC(PAM_SUCCESS); } /* * Error codes: * * PAM_SYSTEM_ERR * PAM_BUF_ERR */ /** * The =pam_set_data function associates a pointer to an opaque object * with an arbitrary string specified by the =module_data_name argument, * in the PAM context specified by the =pamh argument. * * If not =NULL, the =cleanup argument should point to a function * responsible for releasing the resources associated with the object. * * This function and its counterpart =pam_get_data are useful for managing * data that are meaningful only to a particular service module. */ diff --git a/contrib/openpam/lib/pam_set_item.c b/contrib/openpam/lib/pam_set_item.c index aba99fb1e009..5b6efa6ca4e7 100644 --- a/contrib/openpam/lib/pam_set_item.c +++ b/contrib/openpam/lib/pam_set_item.c @@ -1,119 +1,119 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_item.c#18 $ + * $P4: //depot/projects/openpam/lib/pam_set_item.c#21 $ */ #include #include #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 60 * * Set authentication information */ int pam_set_item(pam_handle_t *pamh, int item_type, const void *item) { void **slot, *tmp; size_t nsize, osize; ENTERI(item_type); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); slot = &pamh->item[item_type]; osize = nsize = 0; switch (item_type) { case PAM_SERVICE: case PAM_USER: case PAM_AUTHTOK: case PAM_OLDAUTHTOK: case PAM_TTY: case PAM_RHOST: case PAM_RUSER: case PAM_USER_PROMPT: case PAM_AUTHTOK_PROMPT: case PAM_OLDAUTHTOK_PROMPT: if (*slot != NULL) osize = strlen(*slot) + 1; if (item != NULL) nsize = strlen(item) + 1; break; case PAM_REPOSITORY: osize = nsize = sizeof(struct pam_repository); break; case PAM_CONV: osize = nsize = sizeof(struct pam_conv); break; default: RETURNC(PAM_SYMBOL_ERR); } if (*slot != NULL) { memset(*slot, 0xd0, osize); - free(*slot); + FREE(*slot); } if (item != NULL) { if ((tmp = malloc(nsize)) == NULL) RETURNC(PAM_BUF_ERR); memcpy(tmp, item, nsize); } else { tmp = NULL; } *slot = tmp; RETURNC(PAM_SUCCESS); } /* * Error codes: * * PAM_SYMBOL_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR */ /** * The =pam_set_item function sets the item specified by the =item_type * argument to a copy of the object pointed to by the =item argument. * The item is stored in the PAM context specified by the =pamh argument. * See =pam_get_item for a list of recognized item types. */ diff --git a/contrib/openpam/lib/pam_set_mapped_authtok.c b/contrib/openpam/lib/pam_set_mapped_authtok.c index 5ea3aa083b98..0b59d5e6b2f6 100644 --- a/contrib/openpam/lib/pam_set_mapped_authtok.c +++ b/contrib/openpam/lib/pam_set_mapped_authtok.c @@ -1,61 +1,61 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#8 $ */ #include /* * XSSO 4.2.1 * XSSO 6 page 62 * * Store the password for the username supplied */ int pam_set_mapped_authtok(pam_handle_t *pamh, const char *target_module_username, size_t target_authtok_len, unsigned char *target_module_authtok, const char *target_module_type, const char *target_authn_domain) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_set_mapped_username.c b/contrib/openpam/lib/pam_set_mapped_username.c index 51394ac5d832..41f0a0681798 100644 --- a/contrib/openpam/lib/pam_set_mapped_username.c +++ b/contrib/openpam/lib/pam_set_mapped_username.c @@ -1,62 +1,62 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#7 $ + * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#8 $ */ #include /* * XSSO 4.2.1 * XSSO 6 page 64 * * Set a username */ int pam_set_mapped_username(pam_handle_t *pamh, char *src_username, char *src_module_type, char *src_authn_domain, char *target_module_username, char *target_module_type, char *target_authn_domain) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c index b895e6ada2da..625a07c7a349 100644 --- a/contrib/openpam/lib/pam_setcred.c +++ b/contrib/openpam/lib/pam_setcred.c @@ -1,94 +1,94 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_setcred.c#12 $ + * $P4: //depot/projects/openpam/lib/pam_setcred.c#14 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 57 * * Modify / delete user credentials for an authentication service */ int pam_setcred(pam_handle_t *pamh, int flags) { int r; ENTER(); if (flags & ~(PAM_SILENT|PAM_ESTABLISH_CRED|PAM_DELETE_CRED| PAM_REINITIALIZE_CRED|PAM_REFRESH_CRED)) RETURNC(PAM_SYMBOL_ERR); /* XXX enforce exclusivity */ r = openpam_dispatch(pamh, PAM_SM_SETCRED, flags); RETURNC(r); } /* * Error codes: * * =openpam_dispatch * =pam_sm_setcred * !PAM_IGNORE * PAM_SYMBOL_ERR */ /** * The =pam_setcred function manages the application's credentials. * * The =flags argument is the binary or of zero or more of the following * values: * * =PAM_SILENT: * Do not emit any messages. * =PAM_ESTABLISH_CRED: * Establish the credentials of the target user. * =PAM_DELETE_CRED: * Revoke all established credentials. * =PAM_REINITIALIZE_CRED: * Fully reinitialise credentials. * =PAM_REFRESH_CRED: * Refresh credentials. * * The latter four are mutually exclusive. * * If any other bits are set, =pam_setcred will return =PAM_SYMBOL_ERR. */ diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c index f516a1b6c6aa..1c1603970e51 100644 --- a/contrib/openpam/lib/pam_setenv.c +++ b/contrib/openpam/lib/pam_setenv.c @@ -1,98 +1,97 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_setenv.c#8 $ + * $P4: //depot/projects/openpam/lib/pam_setenv.c#12 $ */ #include #include #include #include #include "openpam_impl.h" /* * OpenPAM extension * * Set the value of an environment variable * Mirrors setenv(3) */ int pam_setenv(pam_handle_t *pamh, const char *name, const char *value, int overwrite) { char *env; int r; ENTER(); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); /* sanity checks */ if (name == NULL || value == NULL || strchr(name, '=') != NULL) RETURNC(PAM_SYSTEM_ERR); /* is it already there? */ - if (!overwrite && openpam_findenv(pamh, name, strlen(name)) != -1) + if (!overwrite && openpam_findenv(pamh, name, strlen(name)) >= 0) RETURNC(PAM_SUCCESS); /* set it... */ - if ((env = malloc(strlen(name) + strlen(value) + 2)) == NULL) + if (asprintf(&env, "%s=%s", name, value) < 0) RETURNC(PAM_BUF_ERR); - sprintf(env, "%s=%s", name, value); r = pam_putenv(pamh, env); - free(env); + FREE(env); RETURNC(r); } /* * Error codes: * * =pam_putenv * PAM_SYSTEM_ERR * PAM_BUF_ERR */ /** * The =pam_setenv function sets a environment variable. * Its semantics are similar to those of =setenv, but it modifies the PAM * context's environment list instead of the application's. * * >pam_getenv * >pam_getenvlist * >pam_putenv */ diff --git a/contrib/openpam/lib/pam_sm_acct_mgmt.c b/contrib/openpam/lib/pam_sm_acct_mgmt.c index 8351fcae15e1..e5d65c234054 100644 --- a/contrib/openpam/lib/pam_sm_acct_mgmt.c +++ b/contrib/openpam/lib/pam_sm_acct_mgmt.c @@ -1,82 +1,80 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#7 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 66 * * Service module implementation for pam_acct_mgmt */ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR * PAM_PERM_DENIED * PAM_IGNORE * PAM_ABORT * * PAM_USER_UNKNOWN * PAM_AUTH_ERR * PAM_NEW_AUTHTOK_REQD * PAM_ACCT_EXPIRED */ /** * The =pam_sm_acct_mgmt function is the service module's implementation * of the =pam_acct_mgmt API function. */ diff --git a/contrib/openpam/lib/pam_sm_authenticate.c b/contrib/openpam/lib/pam_sm_authenticate.c index 50cceef96891..25446b2cc978 100644 --- a/contrib/openpam/lib/pam_sm_authenticate.c +++ b/contrib/openpam/lib/pam_sm_authenticate.c @@ -1,83 +1,81 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#7 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 68 * * Service module implementation for pam_authenticate */ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR * PAM_PERM_DENIED * PAM_IGNORE * PAM_ABORT * * PAM_AUTH_ERR * PAM_CRED_INSUFFICIENT * PAM_AUTHINFO_UNAVAIL * PAM_USER_UNKNOWN * PAM_MAXTRIES */ /** * The =pam_sm_authenticate function is the service module's * implementation of the =pam_authenticate API function. */ diff --git a/contrib/openpam/lib/pam_sm_authenticate_secondary.c b/contrib/openpam/lib/pam_sm_authenticate_secondary.c index b25e02802f81..b163baaf8b45 100644 --- a/contrib/openpam/lib/pam_sm_authenticate_secondary.c +++ b/contrib/openpam/lib/pam_sm_authenticate_secondary.c @@ -1,67 +1,67 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#6 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 70 * * Service module implementation for pam_authenticate_secondary */ int pam_sm_authenticate_secondary(pam_handle_t *pamh, char *target_username, char *target_module_type, char *target_authn_domain, char *target_supp_data, unsigned char *target_module_authtok, int flags, int argc, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_sm_chauthtok.c b/contrib/openpam/lib/pam_sm_chauthtok.c index b4ede724ce1b..dc53be9bc159 100644 --- a/contrib/openpam/lib/pam_sm_chauthtok.c +++ b/contrib/openpam/lib/pam_sm_chauthtok.c @@ -1,84 +1,82 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#8 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 72 * * Service module implementation for pam_chauthtok */ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR * PAM_PERM_DENIED * PAM_IGNORE * PAM_ABORT * * PAM_PERM_DENIED * PAM_AUTHTOK_ERR * PAM_AUTHTOK_RECOVERY_ERR * PAM_AUTHTOK_LOCK_BUSY * PAM_AUTHTOK_DISABLE_AGING * PAM_TRY_AGAIN */ /** * The =pam_sm_chauthtok function is the service module's implementation * of the =pam_chauthtok API function. */ diff --git a/contrib/openpam/lib/pam_sm_close_session.c b/contrib/openpam/lib/pam_sm_close_session.c index e27274f3d8f1..428ac655d8f7 100644 --- a/contrib/openpam/lib/pam_sm_close_session.c +++ b/contrib/openpam/lib/pam_sm_close_session.c @@ -1,79 +1,77 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#7 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 75 * * Service module implementation for pam_close_session */ int pam_sm_close_session(pam_handle_t *pamh, int flags, int args, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR * PAM_PERM_DENIED * PAM_IGNORE * PAM_ABORT * * PAM_SESSION_ERR */ /** * The =pam_sm_close_session function is the service module's * implementation of the =pam_close_session API function. */ diff --git a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c index 2f35e549dd89..38f7c665abd4 100644 --- a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c +++ b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c @@ -1,66 +1,66 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#6 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 77 * * Service module implementation for pam_get_mapped_authtok */ int pam_sm_get_mapped_authtok(pam_handle_t *pamh, char *target_module_username, char *target_module_type, char *target_authn_domain, size_t *target_authtok_len, unsigned char **target_module_authtok, int argc, char *argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_sm_get_mapped_username.c b/contrib/openpam/lib/pam_sm_get_mapped_username.c index 1956acf6b6fd..c00a7de48b92 100644 --- a/contrib/openpam/lib/pam_sm_get_mapped_username.c +++ b/contrib/openpam/lib/pam_sm_get_mapped_username.c @@ -1,67 +1,67 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#6 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 79 * * Service module implementation for pam_get_mapped_username */ int pam_sm_get_mapped_username(pam_handle_t *pamh, char *src_username, char *src_module_type, char *src_authn_domain, char *target_module_type, char *target_authn_domain, char **target_module_username, int argc, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_sm_open_session.c b/contrib/openpam/lib/pam_sm_open_session.c index 161344f4aa10..54040395ef76 100644 --- a/contrib/openpam/lib/pam_sm_open_session.c +++ b/contrib/openpam/lib/pam_sm_open_session.c @@ -1,79 +1,77 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#7 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 81 * * Service module implementation for pam_open_session */ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR * PAM_PERM_DENIED * PAM_IGNORE * PAM_ABORT * * PAM_SESSION_ERR */ /** * The =pam_sm_open_session function is the service module's * implementation of the =pam_open_session API function. */ diff --git a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c index a875e1af24d0..d16c265f30f5 100644 --- a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c +++ b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c @@ -1,66 +1,66 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#6 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 83 * * Service module implementation for pam_set_mapped_authtok */ int pam_sm_set_mapped_authtok(pam_handle_t *pamh, char *target_module_username, size_t target_authtok_len, unsigned char *target_module_authtok, char *target_module_type, char *target_authn_domain, int argc, const char *argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_sm_set_mapped_username.c b/contrib/openpam/lib/pam_sm_set_mapped_username.c index 8c0774d24307..54bed9146be1 100644 --- a/contrib/openpam/lib/pam_sm_set_mapped_username.c +++ b/contrib/openpam/lib/pam_sm_set_mapped_username.c @@ -1,64 +1,64 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#6 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 85 * * Service module implementation for pam_set_mapped_username */ int pam_sm_set_mapped_username(pam_handle_t *pamh, char *target_module_username, char *target_module_type, char *target_authn_domain, int argc, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* * NODOC */ diff --git a/contrib/openpam/lib/pam_sm_setcred.c b/contrib/openpam/lib/pam_sm_setcred.c index 90e571c59431..919256d893fd 100644 --- a/contrib/openpam/lib/pam_sm_setcred.c +++ b/contrib/openpam/lib/pam_sm_setcred.c @@ -1,83 +1,81 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#5 $ + * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#7 $ */ #include #include #include /* * XSSO 4.2.2 * XSSO 6 page 87 * * Service module implementation for pam_setcred */ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { ENTER(); RETURNC(PAM_SYSTEM_ERR); } /* - * NOLIST - * * Error codes: * * PAM_SERVICE_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR * PAM_PERM_DENIED * PAM_IGNORE * PAM_ABORT * * PAM_CRED_UNAVAIL * PAM_CRED_EXPIRED * PAM_USER_UNKNOWN * PAM_CRED_ERR */ /** * The =pam_sm_setcred function is the service module's implementation of * the =pam_setcred API function. */ diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c index c43b19273cf7..e180fe84bc06 100644 --- a/contrib/openpam/lib/pam_start.c +++ b/contrib/openpam/lib/pam_start.c @@ -1,107 +1,107 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_start.c#17 $ + * $P4: //depot/projects/openpam/lib/pam_start.c#18 $ */ #include #include #include "openpam_impl.h" /* * XSSO 4.2.1 * XSSO 6 page 89 * * Initiate a PAM transaction */ int pam_start(const char *service, const char *user, const struct pam_conv *pam_conv, pam_handle_t **pamh) { struct pam_handle *ph; int r; ENTER(); if ((ph = calloc(1, sizeof *ph)) == NULL) RETURNC(PAM_BUF_ERR); if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS) goto fail; if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS) goto fail; if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS) goto fail; r = openpam_configure(ph, service); if (r != PAM_SUCCESS) goto fail; *pamh = ph; openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); RETURNC(PAM_SUCCESS); fail: pam_end(ph, r); RETURNC(r); } /* * Error codes: * * =openpam_configure * =pam_set_item * !PAM_SYMBOL_ERR * PAM_BUF_ERR */ /** * The =pam_start function creates and initializes a PAM context. * * The =service argument specifies the name of the policy to apply, and is * stored in the =PAM_SERVICE item in the created context. * * The =user argument specifies the name of the target user - the user the * created context will serve to authenticate. * It is stored in the =PAM_USER item in the created context. * * The =pam_conv argument points to a =struct pam_conv describing the * conversation function to use; see =pam_conv for details. * * >pam_get_item * >pam_set_item * >pam_end */ diff --git a/contrib/openpam/lib/pam_strerror.c b/contrib/openpam/lib/pam_strerror.c index 2e875139091c..c4eb1eb68be2 100644 --- a/contrib/openpam/lib/pam_strerror.c +++ b/contrib/openpam/lib/pam_strerror.c @@ -1,163 +1,163 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_strerror.c#11 $ + * $P4: //depot/projects/openpam/lib/pam_strerror.c#12 $ */ #include #include #include "openpam_impl.h" const char *_pam_err_name[PAM_NUM_ERRORS] = { "PAM_SUCCESS", "PAM_OPEN_ERR", "PAM_SYMBOL_ERR", "PAM_SERVICE_ERR", "PAM_SYSTEM_ERR", "PAM_BUF_ERR", "PAM_CONV_ERR", "PAM_PERM_DENIED", "PAM_MAXTRIES", "PAM_AUTH_ERR", "PAM_NEW_AUTHTOK_REQD", "PAM_CRED_INSUFFICIENT", "PAM_AUTHINFO_UNAVAIL", "PAM_USER_UNKNOWN", "PAM_CRED_UNAVAIL", "PAM_CRED_EXPIRED", "PAM_CRED_ERR", "PAM_ACCT_EXPIRED", "PAM_AUTHTOK_EXPIRED", "PAM_SESSION_ERR", "PAM_AUTHTOK_ERR", "PAM_AUTHTOK_RECOVERY_ERR", "PAM_AUTHTOK_LOCK_BUSY", "PAM_AUTHTOK_DISABLE_AGING", "PAM_NO_MODULE_DATA", "PAM_IGNORE", "PAM_ABORT", "PAM_TRY_AGAIN", "PAM_MODULE_UNKNOWN", "PAM_DOMAIN_UNKNOWN" }; /* * XSSO 4.2.1 * XSSO 6 page 92 * * Get PAM standard error message string */ const char * pam_strerror(pam_handle_t *pamh, int error_number) { static char unknown[16]; (void)pamh; switch (error_number) { case PAM_SUCCESS: return ("success"); case PAM_OPEN_ERR: return ("failed to load module"); case PAM_SYMBOL_ERR: return ("invalid symbol"); case PAM_SERVICE_ERR: return ("error in service module"); case PAM_SYSTEM_ERR: return ("system error"); case PAM_BUF_ERR: return ("memory buffer error"); case PAM_CONV_ERR: return ("conversation failure"); case PAM_PERM_DENIED: return ("permission denied"); case PAM_MAXTRIES: return ("maximum number of tries exceeded"); case PAM_AUTH_ERR: return ("authentication error"); case PAM_NEW_AUTHTOK_REQD: return ("new authentication token required"); case PAM_CRED_INSUFFICIENT: return ("insufficient credentials"); case PAM_AUTHINFO_UNAVAIL: return ("authentication information is unavailable"); case PAM_USER_UNKNOWN: return ("unknown user"); case PAM_CRED_UNAVAIL: return ("failed to retrieve user credentials"); case PAM_CRED_EXPIRED: return ("user credentials have expired"); case PAM_CRED_ERR: return ("failed to set user credentials"); case PAM_ACCT_EXPIRED: return ("user accound has expired"); case PAM_AUTHTOK_EXPIRED: return ("password has expired"); case PAM_SESSION_ERR: return ("session failure"); case PAM_AUTHTOK_ERR: return ("authentication token failure"); case PAM_AUTHTOK_RECOVERY_ERR: return ("failed to recover old authentication token"); case PAM_AUTHTOK_LOCK_BUSY: return ("authentication token lock busy"); case PAM_AUTHTOK_DISABLE_AGING: return ("authentication token aging disabled"); case PAM_NO_MODULE_DATA: return ("module data not found"); case PAM_IGNORE: return ("ignore this module"); case PAM_ABORT: return ("general failure"); case PAM_TRY_AGAIN: return ("try again"); case PAM_MODULE_UNKNOWN: return ("unknown module type"); case PAM_DOMAIN_UNKNOWN: return ("unknown authentication domain"); default: snprintf(unknown, sizeof unknown, "#%d", error_number); return (unknown); } } /** * The =pam_strerror function returns a pointer to a string containing a * textual description of the error indicated by the =error_number * argument, in the context of the PAM transaction described by the =pamh * argument. */ diff --git a/contrib/openpam/lib/pam_verror.c b/contrib/openpam/lib/pam_verror.c index cfb6e0f89b98..292cadf7bd0b 100644 --- a/contrib/openpam/lib/pam_verror.c +++ b/contrib/openpam/lib/pam_verror.c @@ -1,77 +1,79 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_verror.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_verror.c#8 $ */ #include #include #include #include +#include "openpam_impl.h" + /* * OpenPAM extension * * Display an error message */ int pam_verror(pam_handle_t *pamh, const char *fmt, va_list ap) { char *rsp; int r; r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } /* * Error codes: * * !PAM_SYMBOL_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR */ /** * The =pam_verror function passes its arguments to =pam_vprompt with a * style argument of =PAM_ERROR_MSG, and discards the response. * * >pam_error * >pam_vinfo */ diff --git a/contrib/openpam/lib/pam_vinfo.c b/contrib/openpam/lib/pam_vinfo.c index 0c57ec5e2cb9..3d02c0a5259a 100644 --- a/contrib/openpam/lib/pam_vinfo.c +++ b/contrib/openpam/lib/pam_vinfo.c @@ -1,77 +1,79 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_vinfo.c#6 $ + * $P4: //depot/projects/openpam/lib/pam_vinfo.c#8 $ */ #include #include #include #include +#include "openpam_impl.h" + /* * OpenPAM extension * * Display an information message */ int pam_vinfo(pam_handle_t *pamh, const char *fmt, va_list ap) { char *rsp; int r; r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); - free(rsp); /* ignore response */ + FREE(rsp); /* ignore response */ return (r); } /* * Error codes: * * !PAM_SYMBOL_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR */ /** * The =pam_vinfo function passes its arguments to =pam_vprompt with a * style argument of =PAM_TEXT_INFO, and discards the response. * * >pam_info * >pam_verror */ diff --git a/contrib/openpam/lib/pam_vprompt.c b/contrib/openpam/lib/pam_vprompt.c index 83262c472c14..ef6ca24a6e69 100644 --- a/contrib/openpam/lib/pam_vprompt.c +++ b/contrib/openpam/lib/pam_vprompt.c @@ -1,126 +1,126 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_vprompt.c#9 $ + * $P4: //depot/projects/openpam/lib/pam_vprompt.c#12 $ */ #include #include #include #include #include "openpam_impl.h" /* * OpenPAM extension * * Call the conversation function */ int pam_vprompt(pam_handle_t *pamh, int style, char **resp, const char *fmt, va_list ap) { char msgbuf[PAM_MAX_MSG_SIZE]; struct pam_message msg; const struct pam_message *msgp; struct pam_response *rsp; struct pam_conv *conv; int r; ENTER(); r = pam_get_item(pamh, PAM_CONV, (const void **)&conv); if (r != PAM_SUCCESS) RETURNC(r); if (conv == NULL || conv->conv == NULL) { openpam_log(PAM_LOG_ERROR, "no conversation function"); RETURNC(PAM_SYSTEM_ERR); } vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap); msg.msg_style = style; msg.msg = msgbuf; msgp = &msg; rsp = NULL; r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr); *resp = rsp == NULL ? NULL : rsp->resp; - free(rsp); + FREE(rsp); RETURNC(r); } /* * Error codes: * * !PAM_SYMBOL_ERR * PAM_SYSTEM_ERR * PAM_BUF_ERR * PAM_CONV_ERR */ /** * The =pam_vprompt function constructs a string from the =fmt and =ap * arguments using =vsnprintf, and passes it to the given PAM context's * conversation function. * * The =style argument specifies the type of interaction requested, and * must be one of the following: * * =PAM_PROMPT_ECHO_OFF: * Display the message and obtain the user's response without * displaying it. * =PAM_PROMPT_ECHO_ON: * Display the message and obtain the user's response. * =PAM_ERROR_MSG: * Display the message as an error message, and do not wait * for a response. * =PAM_TEXT_INFO: * Display the message as an informational message, and do * not wait for a response. * * A pointer to the response, or =NULL if the conversation function did * not return one, is stored in the location pointed to by the =resp * argument. * * The message and response should not exceed =PAM_MAX_MSG_SIZE or * =PAM_MAX_RESP_SIZE, respectively. * If they do, they may be truncated. * * >pam_error * >pam_info * >pam_prompt * >pam_verror * >pam_vinfo */ diff --git a/contrib/openpam/misc/gendoc.pl b/contrib/openpam/misc/gendoc.pl index 3d29f0e875db..945c224422c9 100644 --- a/contrib/openpam/misc/gendoc.pl +++ b/contrib/openpam/misc/gendoc.pl @@ -1,575 +1,571 @@ #!/usr/bin/perl -w #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and # Network Associates Laboratories, the Security Research Division of # Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 # ("CBOSS"), as part of the DARPA CHATS research program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/misc/gendoc.pl#19 $ +# $P4: //depot/projects/openpam/misc/gendoc.pl#25 $ # use strict; use Fcntl; use Getopt::Std; use POSIX qw(strftime); use vars qw($COPYRIGHT $TODAY %FUNCTIONS %PAMERR); $COPYRIGHT = ".\\\"- -.\\\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\\\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\\\" All rights reserved. .\\\" .\\\" This software was developed for the FreeBSD Project by ThinkSec AS and .\\\" Network Associates Laboratories, the Security Research Division of .\\\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .\\\" (\"CBOSS\"), as part of the DARPA CHATS research program. .\\\" .\\\" Redistribution and use in source and binary forms, with or without .\\\" modification, are permitted provided that the following conditions .\\\" are met: .\\\" 1. Redistributions of source code must retain the above copyright .\\\" notice, this list of conditions and the following disclaimer. .\\\" 2. Redistributions in binary form must reproduce the above copyright .\\\" notice, this list of conditions and the following disclaimer in the .\\\" documentation and/or other materials provided with the distribution. .\\\" 3. The name of the author may not be used to endorse or promote .\\\" products derived from this software without specific prior written .\\\" permission. .\\\" .\\\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\\\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\\\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\\\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\\\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\\\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\\\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\\\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\\\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\\\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\\\" SUCH DAMAGE. .\\\" .\\\" \$" . "P4" . "\$ .\\\""; %PAMERR = ( PAM_SUCCESS => "Success", PAM_OPEN_ERR => "Failed to load module", PAM_SYMBOL_ERR => "Invalid symbol", PAM_SERVICE_ERR => "Error in service module", PAM_SYSTEM_ERR => "System error", PAM_BUF_ERR => "Memory buffer error", PAM_CONV_ERR => "Conversation failure", PAM_PERM_DENIED => "Permission denied", PAM_MAXTRIES => "Maximum number of tries exceeded", PAM_AUTH_ERR => "Authentication error", PAM_NEW_AUTHTOK_REQD => "New authentication token required", PAM_CRED_INSUFFICIENT => "Insufficient credentials", PAM_AUTHINFO_UNAVAIL => "Authentication information is unavailable", PAM_USER_UNKNOWN => "Unknown user", PAM_CRED_UNAVAIL => "Failed to retrieve user credentials", PAM_CRED_EXPIRED => "User credentials have expired", PAM_CRED_ERR => "Failed to set user credentials", PAM_ACCT_EXPIRED => "User accound has expired", PAM_AUTHTOK_EXPIRED => "Password has expired", PAM_SESSION_ERR => "Session failure", PAM_AUTHTOK_ERR => "Authentication token failure", PAM_AUTHTOK_RECOVERY_ERR => "Failed to recover old authentication token", PAM_AUTHTOK_LOCK_BUSY => "Authentication token lock busy", PAM_AUTHTOK_DISABLE_AGING => "Authentication token aging disabled", PAM_NO_MODULE_DATA => "Module data not found", PAM_IGNORE => "Ignore this module", PAM_ABORT => "General failure", PAM_TRY_AGAIN => "Try again", PAM_MODULE_UNKNOWN => "Unknown module type", PAM_DOMAIN_UNKNOWN => "Unknown authentication domain", ); sub parse_source($) { my $fn = shift; local *FILE; my $source; my $func; my $descr; my $type; my $args; my $argnames; my $man; my $inlist; my $inliteral; my %xref; my @errors; if ($fn !~ m,\.c$,) { warn("$fn: not C source, ignoring\n"); return undef; } sysopen(FILE, $fn, O_RDONLY) or die("$fn: open(): $!\n"); $source = join('', ); close(FILE); return undef if ($source =~ m/^ \* NOPARSE\s*$/m); $func = $fn; $func =~ s,^(?:.*/)?([^/]+)\.c$,$1,; if ($source !~ m,\n \* ([\S ]+)\n \*/\n\n([\S ]+)\n$func\((.*?)\)\n\{,s) { warn("$fn: can't find $func\n"); return undef; } ($descr, $type, $args) = ($1, $2, $3); $descr =~ s,^([A-Z][a-z]),lc($1),e; $descr =~ s,[\.\s]*$,,; while ($args =~ s/^((?:[^\(]|\([^\)]*\))*),\s*/$1\" \"/g) { # nothing } $args =~ s/,\s+/, /gs; $args = "\"$args\""; %xref = ( "pam 3" => 1 ); if ($type eq "int") { foreach (split("\n", $source)) { next unless (m/^ \*\s+(!?PAM_[A-Z_]+|=[a-z_]+)\s*$/); push(@errors, $1); } $xref{"pam_strerror 3"} = 1; } $argnames = $args; $argnames =~ s/\"[^\"]+\*?\b(\w+)\"/\"$1\"/g; $argnames =~ s/([\|\[\]\(\)\.\*\+\?])/\\$1/g; $argnames =~ s/\" \"/|/g; $argnames =~ s/^\"(.*)\"$/($1)/; $inliteral = $inlist = 0; foreach (split("\n", $source)) { s/\s*$//; if (!defined($man)) { if (m/^\/\*\*$/) { $man = ""; } next; } last if (m/^ \*\/$/); s/^ \* ?//; s/\\(.)/$1/gs; if (m/^$/) { if ($man ne "" && $man !~ m/\.Pp\n$/s) { if ($inliteral) { $man .= "\0\n"; } elsif ($inlist) { $man .= ".El\n.Pp\n"; $inlist = 0; } else { $man .= ".Pp\n"; } } next; } if (m/^>(\w+)(?:\s+(\d))?$/) { ++$xref{$2 ? "$1 $2" : "$1 3"}; next; } if (s/^\s+(=?\w+):\s*/.It $1/) { if ($inliteral) { $man .= ".Ed\n"; $inliteral = 0; } if (!$inlist) { $man =~ s/\.Pp\n$//s; $man .= ".Bl -tag -width 18n\n"; $inlist = 1; } s/^\.It =([A-Z][A-Z_]+)$/.It Dv $1/gs; $man .= "$_\n"; next; } elsif ($inlist && m/^\S/) { $man .= ".El\n.Pp\n"; $inlist = 0; } elsif ($inliteral && m/^\S/) { $man .= ".Ed\n"; $inliteral = 0; } elsif ($inliteral) { $man .= "$_\n"; next; } elsif ($inlist) { s/^\s+//; } elsif (m/^\s+/) { $man .= ".Bd -literal\n"; $inliteral = 1; $man .= "$_\n"; next; } s/\s*=$func\b\s*/\n.Nm\n/gs; s/\s*=$argnames\b\s*/\n.Va $1\n/gs; s/\s*=(struct \w+(?: \*)?)\b\s*/\n.Vt $1\n/gs; s/\s*:([a-z_]+)\b\s*/\n.Va $1\n/gs; s/\s*;([a-z_]+)\b\s*/\n.Dv $1\n/gs; - if (s/\s*=([a-z_]+)\b\s*/\n.Xr $1 3\n/gs) { + while (s/\s*=([a-z_]+)\b\s*/\n.Xr $1 3\n/s) { ++$xref{"$1 3"}; } s/\s*\"(?=\w)/\n.Do\n/gs; s/\"(?!\w)\s*/\n.Dc\n/gs; s/\s*=([A-Z][A-Z_]+)\b\s*(?![\.,:;])/\n.Dv $1\n/gs; s/\s*=([A-Z][A-Z_]+)\b([\.,:;]+)\s*/\n.Dv $1 $2\n/gs; s/\s*{([A-Z][a-z] .*?)}\s*/\n.$1\n/gs; $man .= "$_\n"; } if (defined($man)) { if ($inlist) { $man .= ".El\n"; } if ($inliteral) { $man .= ".Ed\n"; } $man =~ s/(\n\.[A-Z][a-z] [\w ]+)\n([\.,:;-]\S*)\s*/$1 $2\n/gs; $man =~ s/\s*$/\n/gm; $man =~ s/\n+/\n/gs; $man =~ s/\0//gs; $man =~ s/\n\n\./\n\./gs; chomp($man); } else { $man = "No description available."; } $FUNCTIONS{$func} = { 'source' => $fn, 'name' => $func, 'descr' => $descr, 'type' => $type, 'args' => $args, 'man' => $man, 'xref' => \%xref, 'errors' => \@errors, }; if ($source =~ m/^ \* NODOC\s*$/m) { $FUNCTIONS{$func}->{'nodoc'} = 1; - $FUNCTIONS{$func}->{'nolist'} = 1; - } - if ($source =~ m/^ \* NOLIST\s*$/m) { - $FUNCTIONS{$func}->{'nolist'} = 1; } if ($source !~ m/^ \* XSSO \d/m) { $FUNCTIONS{$func}->{'openpam'} = 1; } expand_errors($FUNCTIONS{$func}); return $FUNCTIONS{$func}; } sub expand_errors($); sub expand_errors($) { my $func = shift; # Ref to function hash my %errors; my $ref; my $fn; if (defined($func->{'recursed'})) { warn("$func->{'name'}(): loop in error spec\n"); return qw(); } $func->{'recursed'} = 1; foreach (@{$func->{'errors'}}) { if (m/^(PAM_[A-Z_]+)$/) { if (!defined($PAMERR{$1})) { warn("$func->{'name'}(): unrecognized error: $1\n"); next; } $errors{$1} = 1; } elsif (m/^!(PAM_[A-Z_]+)$/) { # treat negations separately } elsif (m/^=([a-z_]+)$/) { $ref = $1; if (!defined($FUNCTIONS{$ref})) { $fn = $func->{'source'}; $fn =~ s/$func->{'name'}/$ref/; parse_source($fn); } if (!defined($FUNCTIONS{$ref})) { warn("$func->{'name'}(): reference to unknown $ref()\n"); next; } foreach (@{$FUNCTIONS{$ref}->{'errors'}}) { $errors{$_} = 1; } } else { warn("$func->{'name'}(): invalid error specification: $_\n"); } } foreach (@{$func->{'errors'}}) { if (m/^!(PAM_[A-Z_]+)$/) { delete($errors{$1}); } } delete($func->{'recursed'}); $func->{'errors'} = [ sort(keys(%errors)) ]; } sub gendoc($) { my $func = shift; # Ref to function hash local *FILE; my $mdoc; my $fn; return if defined($func->{'nodoc'}); $mdoc = "$COPYRIGHT .Dd $TODAY .Dt " . uc($func->{'name'}) . " 3 .Os .Sh NAME .Nm $func->{'name'} .Nd $func->{'descr'} .Sh LIBRARY .Lb libpam .Sh SYNOPSIS .In sys/types.h .In security/pam_appl.h "; if ($func->{'name'} =~ m/_sm_/) { $mdoc .= ".In security/pam_modules.h\n" } if ($func->{'name'} =~ m/openpam/) { $mdoc .= ".In security/openpam.h\n" } $mdoc .= ".Ft $func->{'type'} .Fn $func->{'name'} $func->{'args'} .Sh DESCRIPTION $func->{'man'} "; if ($func->{'type'} eq "int") { $mdoc .= ".Sh RETURN VALUES The .Nm function returns one of the following values: .Bl -tag -width 18n "; my @errors = @{$func->{'errors'}}; warn("$func->{'name'}(): no error specification\n") unless(@errors); foreach (@errors) { $mdoc .= ".It Bq Er $_\n$PAMERR{$_}.\n"; } $mdoc .= ".El\n"; } else { if ($func->{'type'} =~ m/\*$/) { $mdoc .= ".Sh RETURN VALUES The .Nm function returns .Dv NULL on failure. "; } } $mdoc .= ".Sh SEE ALSO\n"; my @xref = sort(keys(%{$func->{'xref'}})); while (@xref) { $mdoc .= ".Xr " . shift(@xref) . (@xref ? " ,\n" : "\n"); } $mdoc .= ".Sh STANDARDS\n"; if ($func->{'openpam'}) { $mdoc .= "The .Nm function is an OpenPAM extension. "; } else { $mdoc .= ".Rs .%T \"X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules\" .%D \"June 1997\" .Re "; } $mdoc .= ".Sh AUTHORS The .Nm function and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. "; $fn = "$func->{'name'}.3"; if (sysopen(FILE, $fn, O_RDWR|O_CREAT|O_TRUNC)) { print(FILE $mdoc); close(FILE); } else { warn("$fn: open(): $!\n"); } } sub readproto($) { my $fn = shift; # File name local *FILE; my %func; sysopen(FILE, $fn, O_RDONLY) or die("$fn: open(): $!\n"); while () { if (m/^\.Nm ((?:open)?pam_.*?)\s*$/) { $func{'Nm'} = $func{'Nm'} || $1; } elsif (m/^\.Ft (\S.*?)\s*$/) { $func{'Ft'} = $func{'Ft'} || $1; } elsif (m/^\.Fn (\S.*?)\s*$/) { $func{'Fn'} = $func{'Fn'} || $1; } } close(FILE); if ($func{'Nm'}) { $FUNCTIONS{$func{'Nm'}} = \%func; } else { warn("No function found\n"); } } sub gensummary($) { my $page = shift; # Which page to produce local *FILE; my $upage; my $func; my %xref; sysopen(FILE, "$page.3", O_RDWR|O_CREAT|O_TRUNC) or die("$page.3: $!\n"); $upage = uc($page); print FILE "$COPYRIGHT .Dd $TODAY .Dt $upage 3 .Os .Sh NAME "; my @funcs = sort(keys(%FUNCTIONS)); while ($func = shift(@funcs)) { print FILE ".Nm $FUNCTIONS{$func}->{'Nm'}"; print FILE " ," if (@funcs); print FILE "\n"; } print FILE ".Nd Pluggable Authentication Modules Library .Sh LIBRARY .Lb libpam .Sh SYNOPSIS\n"; if ($page eq 'pam') { print FILE ".In security/pam_appl.h\n"; } else { print FILE ".In security/openpam.h\n"; } foreach $func (sort(keys(%FUNCTIONS))) { print FILE ".Ft $FUNCTIONS{$func}->{'Ft'}\n"; print FILE ".Fn $FUNCTIONS{$func}->{'Fn'}\n"; } while () { if (m/^\.Xr (\S+)\s*(\d)\s*$/) { $xref{$1} = $2; - } + } print FILE $_; } if ($page eq 'pam') { print FILE ".Sh RETURN VALUES The following return codes are defined by .Aq Pa security/pam_constants.h : .Bl -tag -width 18n "; foreach (sort(keys(%PAMERR))) { print FILE ".It Bq Er $_\n$PAMERR{$_}.\n"; } print FILE ".El\n"; } print FILE ".Sh SEE ALSO "; print FILE ".Xr openpam 3\n" if ($page eq 'pam'); foreach $func (keys(%FUNCTIONS)) { - $xref{$func} = 3; + $xref{$func} = 3; } my @refs = sort(keys(%xref)); while ($_ = shift(@refs)) { print FILE ".Xr $_ $xref{$_}"; - print FILE " ," + print FILE " ," if (@refs); - print FILE "\n"; + print FILE "\n"; } print FILE ".Sh STANDARDS .Rs .%T \"X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules\" .%D \"June 1997\" .Re .Sh AUTHORS The OpenPAM library and this manual page were developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. "; close(FILE); } sub usage() { print(STDERR "usage: gendoc [-s] source [...]\n"); exit(1); } MAIN:{ my %opts; usage() unless (@ARGV && getopts("op", \%opts)); $TODAY = strftime("%B %e, %Y", localtime(time())); $TODAY =~ s,\s+, ,g; if ($opts{'o'} || $opts{'p'}) { foreach my $fn (@ARGV) { readproto($fn); } gensummary('openpam') if ($opts{'o'}); gensummary('pam') if ($opts{'p'}); } else { foreach my $fn (@ARGV) { my $func = parse_source($fn); gendoc($func) if (defined($func)); } } exit(0); } diff --git a/contrib/openpam/modules/Makefile b/contrib/openpam/modules/Makefile index 9b17f2fe1081..0818653ad6c1 100644 --- a/contrib/openpam/modules/Makefile +++ b/contrib/openpam/modules/Makefile @@ -1,42 +1,42 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and # Network Associates Laboratories, the Security Research Division of # Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 # ("CBOSS"), as part of the DARPA CHATS research program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/modules/Makefile#8 $ +# $P4: //depot/projects/openpam/modules/Makefile#9 $ # SUBDIR = SUBDIR += pam_deny SUBDIR += pam_permit SUBDIR += pam_unix .include diff --git a/contrib/openpam/modules/pam_deny/Makefile b/contrib/openpam/modules/pam_deny/Makefile index 502fc8bddea0..98a7ce37c301 100644 --- a/contrib/openpam/modules/pam_deny/Makefile +++ b/contrib/openpam/modules/pam_deny/Makefile @@ -1,42 +1,42 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and # Network Associates Laboratories, the Security Research Division of # Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 # ("CBOSS"), as part of the DARPA CHATS research program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/modules/pam_deny/Makefile#5 $ +# $P4: //depot/projects/openpam/modules/pam_deny/Makefile#6 $ # LIB = pam_deny SHLIB_NAME = pam_deny.so SRCS = pam_deny.c CFLAGS += -I${.CURDIR}/../../include .include diff --git a/contrib/openpam/modules/pam_deny/pam_deny.c b/contrib/openpam/modules/pam_deny/pam_deny.c index 1f83ca5c0b75..0c796187432e 100644 --- a/contrib/openpam/modules/pam_deny/pam_deny.c +++ b/contrib/openpam/modules/pam_deny/pam_deny.c @@ -1,89 +1,89 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/modules/pam_deny/pam_deny.c#7 $ + * $P4: //depot/projects/openpam/modules/pam_deny/pam_deny.c#8 $ */ #include #include PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_AUTH_ERR); } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_PERM_DENIED); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_AUTH_ERR); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SESSION_ERR); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SESSION_ERR); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_PERM_DENIED); } PAM_MODULE_ENTRY("pam_deny"); diff --git a/contrib/openpam/modules/pam_permit/Makefile b/contrib/openpam/modules/pam_permit/Makefile index 08038c4f3c1a..b443a6cacd57 100644 --- a/contrib/openpam/modules/pam_permit/Makefile +++ b/contrib/openpam/modules/pam_permit/Makefile @@ -1,42 +1,42 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and # Network Associates Laboratories, the Security Research Division of # Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 # ("CBOSS"), as part of the DARPA CHATS research program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/modules/pam_permit/Makefile#5 $ +# $P4: //depot/projects/openpam/modules/pam_permit/Makefile#6 $ # LIB = pam_permit SHLIB_NAME = pam_permit.so SRCS = pam_permit.c CFLAGS += -I${.CURDIR}/../../include .include diff --git a/contrib/openpam/modules/pam_permit/pam_permit.c b/contrib/openpam/modules/pam_permit/pam_permit.c index 2a974e73d678..33c709318cbf 100644 --- a/contrib/openpam/modules/pam_permit/pam_permit.c +++ b/contrib/openpam/modules/pam_permit/pam_permit.c @@ -1,89 +1,89 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/modules/pam_permit/pam_permit.c#7 $ + * $P4: //depot/projects/openpam/modules/pam_permit/pam_permit.c#8 $ */ #include #include PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_MODULE_ENTRY("pam_permit"); diff --git a/contrib/openpam/modules/pam_unix/Makefile b/contrib/openpam/modules/pam_unix/Makefile index 0352b320ad8a..2e4be4619c9b 100644 --- a/contrib/openpam/modules/pam_unix/Makefile +++ b/contrib/openpam/modules/pam_unix/Makefile @@ -1,44 +1,44 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS and # Network Associates Laboratories, the Security Research Division of # Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 # ("CBOSS"), as part of the DARPA CHATS research program. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/modules/pam_unix/Makefile#2 $ +# $P4: //depot/projects/openpam/modules/pam_unix/Makefile#3 $ # LIB = pam_unix SHLIB_NAME = pam_unix.so SRCS = pam_unix.c CFLAGS += -I${.CURDIR}/../../include DPADD = ${LIBCRYPT} LDADD = -lcrypt .include diff --git a/contrib/openpam/modules/pam_unix/pam_unix.c b/contrib/openpam/modules/pam_unix/pam_unix.c index ddcd81bf8022..2283915496b5 100644 --- a/contrib/openpam/modules/pam_unix/pam_unix.c +++ b/contrib/openpam/modules/pam_unix/pam_unix.c @@ -1,164 +1,168 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#3 $ + * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#5 $ */ #include #include #include #include #include #include +#ifdef __GLIBC__ +#include +#endif + #include #include #ifndef _OPENPAM static char password_prompt[] = "Password:"; #endif #ifndef PAM_EXTERN #define PAM_EXTERN #endif PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { #ifndef _OPENPAM struct pam_conv *conv; struct pam_message msg; const struct pam_message *msgp; struct pam_response *resp; #endif struct passwd *pwd; const char *user; char *crypt_password, *password; int pam_err, retry; /* identify user */ if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return (pam_err); if ((pwd = getpwnam(user)) == NULL) return (PAM_USER_UNKNOWN); /* get password */ #ifndef _OPENPAM pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv); if (pam_err != PAM_SUCCESS) return (PAM_SYSTEM_ERR); msg.msg_style = PAM_PROMPT_ECHO_OFF; msg.msg = password_prompt; msgp = &msg; #endif for (retry = 0; retry < 3; ++retry) { #ifdef _OPENPAM pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char **)&password, NULL); #else resp = NULL; pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr); if (resp != NULL) { if (pam_err == PAM_SUCCESS) password = resp->resp; else free(resp->resp); free(resp); } #endif if (pam_err == PAM_SUCCESS) break; } if (pam_err == PAM_CONV_ERR) return (pam_err); if (pam_err != PAM_SUCCESS) return (PAM_AUTH_ERR); /* compare passwords */ if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) || (crypt_password = crypt(password, pwd->pw_passwd)) == NULL || strcmp(crypt_password, pwd->pw_passwd) != 0) pam_err = PAM_AUTH_ERR; else pam_err = PAM_SUCCESS; #ifndef _OPENPAM free(password); #endif return (pam_err); } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SERVICE_ERR); } #ifdef PAM_MODULE_ENTRY PAM_MODULE_ENTRY("pam_unix"); #endif