diff options
author | des <des@FreeBSD.org> | 2002-02-23 01:22:51 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2002-02-23 01:22:51 +0000 |
commit | 8e998796e70b51bb93d361dfbb025152bd686894 (patch) | |
tree | 243aca60563786e2294665fe43625ee63617ca3c | |
download | FreeBSD-src-8e998796e70b51bb93d361dfbb025152bd686894.zip FreeBSD-src-8e998796e70b51bb93d361dfbb025152bd686894.tar.gz |
Vendor import of OpenPAM Calamite
87 files changed, 6867 insertions, 0 deletions
diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY new file mode 100644 index 0000000..58ba3c8 --- /dev/null +++ b/contrib/openpam/HISTORY @@ -0,0 +1,6 @@ +============================================================================ +OpenPAM Calamite 2002-02-09 + +First (beta) release. +============================================================================ +$Id$ diff --git a/contrib/openpam/INSTALL b/contrib/openpam/INSTALL new file mode 100644 index 0000000..96d8067 --- /dev/null +++ b/contrib/openpam/INSTALL @@ -0,0 +1,25 @@ + + Installing OpenPAM + ================== + +1. REQUIREMENTS + + This release of OpenPAM is targeted at FreeBSD-CURRENT, and has not + been tested on other platforms. It should, however, build with + little or no trouble other BSDs such as BSDI, Darwin, NetBSD or + OpenBSD, and should not prove much of a challenge to port to other + platforms, except for the static linking support. + +2. CONFIGURATION + + No configuration is necessary or possible at this time. + +3. COMPILATION + + Change into the top-level OpenPAM directory and run 'make'. + +4. INSTALLATION + + Change into the top-level OpenPAM directory and run 'make install'. + +$Id$ diff --git a/contrib/openpam/LICENSE b/contrib/openpam/LICENSE new file mode 100644 index 0000000..c8076d1 --- /dev/null +++ b/contrib/openpam/LICENSE @@ -0,0 +1,34 @@ + +Copyright (c) 2002 Networks Associates Technologies, Inc. +All rights reserved. + +This software was developed for the FreeBSD Project by ThinkSec AS and +NAI Labs, the Security Research Division of Network Associates, Inc. +under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +DARPA CHATS research program. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior written + permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +$Id$ diff --git a/contrib/openpam/MANIFEST b/contrib/openpam/MANIFEST new file mode 100644 index 0000000..9f973dd --- /dev/null +++ b/contrib/openpam/MANIFEST @@ -0,0 +1,87 @@ +HISTORY +INSTALL +LICENSE +MANIFEST +Makefile +README +RELNOTES +bin/Makefile +bin/su/Makefile +bin/su/su.c +doc/Makefile +doc/man/Makefile +doc/man/pam.3 +doc/man/pam_acct_mgmt.3 +doc/man/pam_authenticate.3 +doc/man/pam_chauthtok.3 +doc/man/pam_close_session.3 +doc/man/pam_end.3 +doc/man/pam_error.3 +doc/man/pam_get_authtok.3 +doc/man/pam_get_data.3 +doc/man/pam_get_item.3 +doc/man/pam_get_user.3 +doc/man/pam_getenv.3 +doc/man/pam_getenvlist.3 +doc/man/pam_info.3 +doc/man/pam_open_session.3 +doc/man/pam_prompt.3 +doc/man/pam_putenv.3 +doc/man/pam_set_data.3 +doc/man/pam_set_item.3 +doc/man/pam_setcred.3 +doc/man/pam_setenv.3 +doc/man/pam_start.3 +doc/man/pam_strerror.3 +doc/man/pam_verror.3 +doc/man/pam_vinfo.3 +doc/man/pam_vprompt.3 +include/security/openpam.h +include/security/pam_appl.h +include/security/pam_constants.h +include/security/pam_modules.h +include/security/pam_types.h +lib/Makefile +lib/openpam_dispatch.c +lib/openpam_findenv.c +lib/openpam_impl.h +lib/openpam_load.c +lib/openpam_log.c +lib/openpam_ttyconv.c +lib/pam_acct_mgmt.c +lib/pam_authenticate.c +lib/pam_authenticate_secondary.c +lib/pam_chauthtok.c +lib/pam_close_session.c +lib/pam_end.c +lib/pam_error.c +lib/pam_get_authtok.c +lib/pam_get_data.c +lib/pam_get_item.c +lib/pam_get_mapped_authtok.c +lib/pam_get_mapped_username.c +lib/pam_get_user.c +lib/pam_getenv.c +lib/pam_getenvlist.c +lib/pam_info.c +lib/pam_open_session.c +lib/pam_prompt.c +lib/pam_putenv.c +lib/pam_set_data.c +lib/pam_set_item.c +lib/pam_set_mapped_authtok.c +lib/pam_set_mapped_username.c +lib/pam_setcred.c +lib/pam_setenv.c +lib/pam_start.c +lib/pam_strerror.c +lib/pam_verror.c +lib/pam_vinfo.c +lib/pam_vprompt.c +modules/Makefile +modules/pam_deny/Makefile +modules/pam_deny/pam_deny.c +modules/pam_dummy/Makefile +modules/pam_dummy/pam_dummy.c +modules/pam_permit/Makefile +modules/pam_permit/pam_permit.c diff --git a/contrib/openpam/Makefile b/contrib/openpam/Makefile new file mode 100644 index 0000000..7fa0b88 --- /dev/null +++ b/contrib/openpam/Makefile @@ -0,0 +1,43 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +SUBDIR = +SUBDIR += modules +SUBDIR += lib +SUBDIR += bin +SUBDIR += doc + +.include <bsd.subdir.mk> diff --git a/contrib/openpam/README b/contrib/openpam/README new file mode 100644 index 0000000..f32c8db --- /dev/null +++ b/contrib/openpam/README @@ -0,0 +1,30 @@ +OpenPAM is an open source PAM library that focuses on simplicity, +correctness, and cleanliness. + +OpenPAM aims to gather the best features of Solaris PAM, XSSO and +Linux-PAM, plus some innovations of its own. In areas where these +implementations disagree, OpenPAM tries to remain compatible with +Solaris, at the expense of XSSO conformance and Linux-PAM +compatibility. + +These are some of OpenPAM's features: + + - Implements the complete PAM API as described in the original PAM + paper and in OSF-RFC 86.0; this corresponds to the full XSSO API + except for mappings and secondary authentication. + + - Extends the API with several useful and time-saving functions: + pam_error(), pam_get_authtok(), pam_info(), pam_prompt(), + pam_setenv(), pam_verror(), pam_vinfo(), pam_vprompt() + + - Offers a number of time-saving convenience functions: + openpam_log(), openpam_ttyconv(). + + - Performs strict checking of return values from service modules. + + - Reads configuration from /etc/pam.d/, /usr/local/etc/pam.d/ and + /etc/pam.conf, in that order; this will be made configurable in a + future release.Please direct bug reports and inquiries to + openpam@thinksec.com. + +$Id$ diff --git a/contrib/openpam/RELNOTES b/contrib/openpam/RELNOTES new file mode 100644 index 0000000..9309bc6 --- /dev/null +++ b/contrib/openpam/RELNOTES @@ -0,0 +1,16 @@ + + Release notes for OpenPAM Calamite + ================================== + +This is a beta release. + +The library itself is mostly complete. Documentation exists in the +form of skeletal man pages for the library itself, but no detailed +documentation is provided in this release. + +This release is primarily intended for reviewers and developers +interested in testing OpenPAM on FreeBSD. It has not been tested on +any other OS, though it should build and run with minimal tweaks on +NetBSD and OpenBSD. + +$Id$ diff --git a/contrib/openpam/bin/Makefile b/contrib/openpam/bin/Makefile new file mode 100644 index 0000000..e12368d --- /dev/null +++ b/contrib/openpam/bin/Makefile @@ -0,0 +1,40 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +SUBDIR = +SUBDIR += su + +.include <bsd.subdir.mk> diff --git a/contrib/openpam/bin/su/Makefile b/contrib/openpam/bin/su/Makefile new file mode 100644 index 0000000..40533bb --- /dev/null +++ b/contrib/openpam/bin/su/Makefile @@ -0,0 +1,44 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +PROG = su +WARNS ?= 4 +CFLAGS += -I${.CURDIR}/../../include +DPADD = ${.OBJDIR}/../../lib/libpam.so +LDADD = -L${.OBJDIR}/../../lib -R${.OBJDIR}/../../lib -lpam +NOMAN = YES + +.include <bsd.prog.mk> diff --git a/contrib/openpam/bin/su/su.c b/contrib/openpam/bin/su/su.c new file mode 100644 index 0000000..27b6002 --- /dev/null +++ b/contrib/openpam/bin/su/su.c @@ -0,0 +1,144 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> +#include <sys/wait.h> + +#include <err.h> +#include <pwd.h> +#include <stdio.h> +#include <syslog.h> +#include <unistd.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +static pam_handle_t *pamh; +static struct pam_conv pamc; + +static void +usage(void) +{ + + fprintf(stderr, "Usage: su [login [args]]\n"); + exit(1); +} + +static int +check(const char *func, int pam_err) +{ + + if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD) + return pam_err; + openlog("su", LOG_CONS, LOG_AUTH); + syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err)); + errx(1, "Sorry."); +} + +int +main(int argc, char *argv[]) +{ + char hostname[MAXHOSTNAMELEN]; + const char *user, *tty; + struct passwd *pwd; + int o, status; + pid_t pid; + + while ((o = getopt(argc, argv, "h")) != -1) + switch (o) { + case 'h': + default: + usage(); + } + + argc -= optind; + argv += optind; + + /* initialize PAM */ + pamc.conv = &openpam_ttyconv; + pam_start("su", argc ? *argv : "root", &pamc, &pamh); + + /* set some items */ + gethostname(hostname, sizeof(hostname)); + check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname)); + user = getlogin(); + check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user)); + tty = ttyname(STDERR_FILENO); + check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty)); + + /* authenticate the applicant */ + check("pam_authenticate", pam_authenticate(pamh, 0)); + if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) == + PAM_NEW_AUTHTOK_REQD) + check("pam_chauthtok", + pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK)); + + /* establish the requested credentials */ + check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED)); + + /* authentication succeeded; open a session */ + check("pam_open_session", pam_open_session(pamh, 0)); + + if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) + err(1, "initgroups()"); + if (setuid(pwd->pw_uid) == -1) + err(1, "setuid()"); + + /* XXX export environment variables */ + + switch ((pid = fork())) { + case -1: + err(1, "fork()"); + case 0: + /* child: start a shell */ + *argv = pwd->pw_shell; + execvp(*argv, argv); + err(1, "execvp()"); + default: + /* parent: wait for child to exit */ + waitpid(pid, &status, 0); + if (WIFEXITED(status)) + status = WEXITSTATUS(status); + else + status = 1; + } + + /* close the session and release PAM resources */ + check("pam_close_session", pam_close_session(pamh, 0)); + check("pam_end", pam_end(pamh, 0)); + + exit(status); +} diff --git a/contrib/openpam/doc/Makefile b/contrib/openpam/doc/Makefile new file mode 100644 index 0000000..2e2b09b --- /dev/null +++ b/contrib/openpam/doc/Makefile @@ -0,0 +1,40 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +SUBDIR = +SUBDIR += man + +.include <bsd.subdir.mk> diff --git a/contrib/openpam/doc/man/Makefile b/contrib/openpam/doc/man/Makefile new file mode 100644 index 0000000..f63e248 --- /dev/null +++ b/contrib/openpam/doc/man/Makefile @@ -0,0 +1,65 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +MAN = +MAN += pam.3 +MAN += pam_acct_mgmt.3 +MAN += pam_authenticate.3 +MAN += pam_chauthtok.3 +MAN += pam_close_session.3 +MAN += pam_end.3 +MAN += pam_error.3 +MAN += pam_get_authtok.3 +MAN += pam_get_data.3 +MAN += pam_get_item.3 +MAN += pam_get_user.3 +MAN += pam_getenv.3 +MAN += pam_getenvlist.3 +MAN += pam_info.3 +MAN += pam_open_session.3 +MAN += pam_prompt.3 +MAN += pam_putenv.3 +MAN += pam_set_data.3 +MAN += pam_set_item.3 +MAN += pam_setcred.3 +MAN += pam_setenv.3 +MAN += pam_start.3 +MAN += pam_strerror.3 +MAN += pam_verror.3 +MAN += pam_vinfo.3 +MAN += pam_vprompt.3 + +.include <bsd.prog.mk> diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3 new file mode 100644 index 0000000..02141b1 --- /dev/null +++ b/contrib/openpam/doc/man/pam.3 @@ -0,0 +1,160 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM 3 +.Os +.Sh NAME +.Nm pam_acct_mgmt , +.Nm pam_authenticate , +.Nm pam_chauthtok , +.Nm pam_close_session , +.Nm pam_end , +.Nm pam_error , +.Nm pam_get_authtok , +.Nm pam_get_data , +.Nm pam_get_item , +.Nm pam_get_user , +.Nm pam_getenv , +.Nm pam_getenvlist , +.Nm pam_info , +.Nm pam_open_session , +.Nm pam_prompt , +.Nm pam_putenv , +.Nm pam_set_data , +.Nm pam_set_item , +.Nm pam_setcred , +.Nm pam_setenv , +.Nm pam_start , +.Nm pam_strerror , +.Nm pam_verror , +.Nm pam_vinfo , +.Nm pam_vprompt +.Nd Pluggable Authentication Modules Library +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" +.Ft int +.Fn pam_authenticate "pam_handle_t *pamh" "int flags" +.Ft int +.Fn pam_chauthtok "pam_handle_t *pamh" "int flags" +.Ft int +.Fn pam_close_session "pam_handle_t *pamh" "int flags" +.Ft int +.Fn pam_end "pam_handle_t *pamh" "int status" +.Ft int +.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..." +.Ft int +.Fn pam_get_authtok "pam_handle_t *pamh" "const char **authtok" "const char *prompt" +.Ft int +.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "void **data" +.Ft int +.Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item" +.Ft int +.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" +.Ft char * +.Fn pam_getenv "pam_handle_t *pamh" "const char *name" +.Ft char ** +.Fn pam_getenvlist "pam_handle_t *pamh" +.Ft int +.Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..." +.Ft int +.Fn pam_open_session "pam_handle_t *pamh" "int flags" +.Ft int +.Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." +.Ft int +.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" +.Ft int +.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" +.Ft int +.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" +.Ft int +.Fn pam_setcred "pam_handle_t *pamh" "int flags" +.Ft int +.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" +.Ft int +.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" +.Ft const char * +.Fn pam_strerror "pam_handle_t *pamh" "int error_number" +.Ft int +.Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Ft int +.Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Ft int +.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +.Sh RETURN VALUES +.Sh SEE ALSO +.Xr pam_acct_mgmt 3 , +.Xr pam_authenticate 3 , +.Xr pam_chauthtok 3 , +.Xr pam_close_session 3 , +.Xr pam_end 3 , +.Xr pam_error 3 , +.Xr pam_get_authtok 3 , +.Xr pam_get_data 3 , +.Xr pam_get_item 3 , +.Xr pam_get_user 3 , +.Xr pam_getenv 3 , +.Xr pam_getenvlist 3 , +.Xr pam_info 3 , +.Xr pam_open_session 3 , +.Xr pam_prompt 3 , +.Xr pam_putenv 3 , +.Xr pam_set_data 3 , +.Xr pam_set_item 3 , +.Xr pam_setcred 3 , +.Xr pam_setenv 3 , +.Xr pam_start 3 , +.Xr pam_strerror 3 , +.Xr pam_verror 3 , +.Xr pam_vinfo 3 , +.Xr pam_vprompt 3 , +.Xr pam.conf 5 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library and this manual page were developed for the +FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research +Division of Network Associates, Inc. under DARPA/SPAWAR contract +N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3 new file mode 100644 index 0000000..88b54f6 --- /dev/null +++ b/contrib/openpam/doc/man/pam_acct_mgmt.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_ACCT_MGMT 3 +.Os +.Sh NAME +.Nm pam_acct_mgmt +.Nd perform PAM account validation procedures +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3 new file mode 100644 index 0000000..1885376 --- /dev/null +++ b/contrib/openpam/doc/man/pam_authenticate.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_AUTHENTICATE 3 +.Os +.Sh NAME +.Nm pam_authenticate +.Nd perform authentication within the PAM framework +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_authenticate "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3 new file mode 100644 index 0000000..a287f38 --- /dev/null +++ b/contrib/openpam/doc/man/pam_chauthtok.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_CHAUTHTOK 3 +.Os +.Sh NAME +.Nm pam_chauthtok +.Nd perform password related functions within the PAM framework +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_chauthtok "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3 new file mode 100644 index 0000000..ba91ab3 --- /dev/null +++ b/contrib/openpam/doc/man/pam_close_session.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_CLOSE_SESSION 3 +.Os +.Sh NAME +.Nm pam_close_session +.Nd close an existing user session +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_close_session "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3 new file mode 100644 index 0000000..141aa83 --- /dev/null +++ b/contrib/openpam/doc/man/pam_end.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_END 3 +.Os +.Sh NAME +.Nm pam_end +.Nd terminate the PAM transaction +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_end "pam_handle_t *pamh" "int status" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3 new file mode 100644 index 0000000..f0216f1 --- /dev/null +++ b/contrib/openpam/doc/man/pam_error.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_ERROR 3 +.Os +.Sh NAME +.Nm pam_error +.Nd display an error message +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3 new file mode 100644 index 0000000..3bfb70d --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_authtok.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_GET_AUTHTOK 3 +.Os +.Sh NAME +.Nm pam_get_authtok +.Nd retrieve authentication token +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_get_authtok "pam_handle_t *pamh" "const char **authtok" "const char *prompt" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3 new file mode 100644 index 0000000..b622f38 --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_data.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_GET_DATA 3 +.Os +.Sh NAME +.Nm pam_get_data +.Nd get module information +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "void **data" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3 new file mode 100644 index 0000000..3f337fd --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_item.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_GET_ITEM 3 +.Os +.Sh NAME +.Nm pam_get_item +.Nd get PAM information +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3 new file mode 100644 index 0000000..8d8fa30 --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_user.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_GET_USER 3 +.Os +.Sh NAME +.Nm pam_get_user +.Nd retrieve user name +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3 new file mode 100644 index 0000000..dd0359d --- /dev/null +++ b/contrib/openpam/doc/man/pam_getenv.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_GETENV 3 +.Os +.Sh NAME +.Nm pam_getenv +.Nd retrieve the value of a PAM environment variable +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft char * +.Fn pam_getenv "pam_handle_t *pamh" "const char *name" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3 new file mode 100644 index 0000000..2fc85e2 --- /dev/null +++ b/contrib/openpam/doc/man/pam_getenvlist.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_GETENVLIST 3 +.Os +.Sh NAME +.Nm pam_getenvlist +.Nd returns a list of all the PAM environment variables +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft char ** +.Fn pam_getenvlist "pam_handle_t *pamh" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3 new file mode 100644 index 0000000..573a8a1 --- /dev/null +++ b/contrib/openpam/doc/man/pam_info.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_INFO 3 +.Os +.Sh NAME +.Nm pam_info +.Nd display an information message +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3 new file mode 100644 index 0000000..3db2b16 --- /dev/null +++ b/contrib/openpam/doc/man/pam_open_session.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_OPEN_SESSION 3 +.Os +.Sh NAME +.Nm pam_open_session +.Nd open a user session +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_open_session "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3 new file mode 100644 index 0000000..e3ebef8 --- /dev/null +++ b/contrib/openpam/doc/man/pam_prompt.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_PROMPT 3 +.Os +.Sh NAME +.Nm pam_prompt +.Nd call the conversation function +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3 new file mode 100644 index 0000000..7193b96 --- /dev/null +++ b/contrib/openpam/doc/man/pam_putenv.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_PUTENV 3 +.Os +.Sh NAME +.Nm pam_putenv +.Nd set the value of an environment variable +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3 new file mode 100644 index 0000000..b179cb9 --- /dev/null +++ b/contrib/openpam/doc/man/pam_set_data.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_SET_DATA 3 +.Os +.Sh NAME +.Nm pam_set_data +.Nd set module information +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3 new file mode 100644 index 0000000..eb45705 --- /dev/null +++ b/contrib/openpam/doc/man/pam_set_item.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_SET_ITEM 3 +.Os +.Sh NAME +.Nm pam_set_item +.Nd set authentication information +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3 new file mode 100644 index 0000000..65913c5 --- /dev/null +++ b/contrib/openpam/doc/man/pam_setcred.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_SETCRED 3 +.Os +.Sh NAME +.Nm pam_setcred +.Nd modify / delete user credentials for an authentication service +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_setcred "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3 new file mode 100644 index 0000000..c2425e3 --- /dev/null +++ b/contrib/openpam/doc/man/pam_setenv.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_SETENV 3 +.Os +.Sh NAME +.Nm pam_setenv +.Nd mirrors setenv(3) +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3 new file mode 100644 index 0000000..3eb5212 --- /dev/null +++ b/contrib/openpam/doc/man/pam_start.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_START 3 +.Os +.Sh NAME +.Nm pam_start +.Nd initiate a PAM transaction +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3 new file mode 100644 index 0000000..55e1e82 --- /dev/null +++ b/contrib/openpam/doc/man/pam_strerror.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_STRERROR 3 +.Os +.Sh NAME +.Nm pam_strerror +.Nd get PAM standard error message string +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft const char * +.Fn pam_strerror "pam_handle_t *pamh" "int error_number" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3 new file mode 100644 index 0000000..eb74d4d --- /dev/null +++ b/contrib/openpam/doc/man/pam_verror.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_VERROR 3 +.Os +.Sh NAME +.Nm pam_verror +.Nd display an error message +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3 new file mode 100644 index 0000000..bbd7efb --- /dev/null +++ b/contrib/openpam/doc/man/pam_vinfo.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_VINFO 3 +.Os +.Sh NAME +.Nm pam_vinfo +.Nd display an information message +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3 new file mode 100644 index 0000000..e6e29a3 --- /dev/null +++ b/contrib/openpam/doc/man/pam_vprompt.3 @@ -0,0 +1,73 @@ +.\"- +.\" Copyright (c) 2002 Networks Associates Technologies, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" NAI Labs, the Security Research Division of Network Associates, Inc. +.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd February 9, 2002 +.Dt PAM_VPROMPT 3 +.Os +.Sh NAME +.Nm pam_vprompt +.Nd call the conversation function +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft int +.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Nm +function is not yet documented. +.Sh RETURN VALUES +The +.Fn +function returns one of the following values: +.Bl -tag -width PAM_AUTHTOK_DISABLE_AGING +.El +.Sh SEE ALSO +.Xr pam_strerror 3 , +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Nm +function and this manual page were developed for the FreeBSD Project +by ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. diff --git a/contrib/openpam/include/security/openpam.h b/contrib/openpam/include/security/openpam.h new file mode 100644 index 0000000..5b5497f --- /dev/null +++ b/contrib/openpam/include/security/openpam.h @@ -0,0 +1,210 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef _SECURITY_OPENPAM_H_INCLUDED +#define _SECURITY_OPENPAM_H_INCLUDED + +/* + * Annoying but necessary header pollution + */ +#include <stdarg.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * API extensions + */ +int +pam_error(pam_handle_t *_pamh, + const char *_fmt, + ...); + +int +pam_get_authtok(pam_handle_t *_pamh, + const char **_authtok, + const char *_prompt); + +int +pam_info(pam_handle_t *_pamh, + const char *_fmt, + ...); + +int +pam_prompt(pam_handle_t *_pamh, + int _style, + char **_resp, + const char *_fmt, + ...); + +int +pam_setenv(pam_handle_t *_pamh, + const char *_name, + const char *_value, + int _overwrite); + +int +pam_vinfo(pam_handle_t *_pamh, + const char *_fmt, + va_list _ap); + +int +pam_verror(pam_handle_t *_pamh, + const char *_fmt, + va_list _ap); + +int +pam_vprompt(pam_handle_t *_pamh, + int _style, + char **_resp, + const char *_fmt, + va_list _ap); + +/* + * Log levels + */ +enum { + PAM_LOG_DEBUG, + PAM_LOG_VERBOSE, + PAM_LOG_NOTICE, + PAM_LOG_ERROR +}; + +/* + * Log to syslog + */ +void _openpam_log(int _level, + const char *_func, + const char *_fmt, + ...); + +#if defined(__STDC__) && (__STDC_VERSION__ > 199901L) +#define openpam_log(lvl, fmt, ...) \ + _openpam_log((lvl), __func__, fmt, __VA_ARGS__) +#elif defined(__GNUC__) +#define openpam_log(lvl, fmt...) \ + _openpam_log((lvl), __func__, ##fmt) +#else +extern openpam_log(int _level, const char *_format, ...); +#endif + +/* + * Generic conversation function + */ +struct pam_message; +struct pam_response; +int openpam_ttyconv(int _n, + const struct pam_message **_msg, + struct pam_response **_resp, + void *_data); + +/* + * PAM primitives + */ +enum { + PAM_SM_AUTHENTICATE, + PAM_SM_SETCRED, + PAM_SM_ACCT_MGMT, + PAM_SM_OPEN_SESSION, + PAM_SM_CLOSE_SESSION, + PAM_SM_CHAUTHTOK, + /* keep this last */ + PAM_NUM_PRIMITIVES +}; + +/* + * Dummy service module function + */ +#define PAM_SM_DUMMY(type) \ +PAM_EXTERN int \ +pam_sm_##type(pam_handle_t *pamh, int flags, \ + int argc, const char *argv[]) \ +{ \ + return (PAM_IGNORE); \ +} + +/* + * PAM service module functions match this typedef + */ +struct pam_handle; +typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); + +/* + * A struct that describes a module. + */ +typedef struct pam_module pam_module_t; +struct pam_module { + const char *path; + pam_func_t func[PAM_NUM_PRIMITIVES]; + void *dlh; + int refcount; + pam_module_t *prev; + pam_module_t *next; +}; + +/* + * Infrastructure for static modules using GCC linker sets. + * You are not expected to understand this. + */ +#if defined(__GNUC__) && !defined(__PIC__) +#if defined(__FreeBSD__) +#define PAM_SOEXT ".so" +#else +#error Static linking is not supported on your platform +#endif +/* gcc, static linking */ +#include <sys/cdefs.h> +#include <linker_set.h> +#define OPENPAM_STATIC_MODULES +#define PAM_EXTERN static +#define PAM_MODULE_ENTRY(name) \ +static struct pam_module _pam_module = { name PAM_SOEXT, { \ + pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, \ + pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }, \ + NULL, 0, NULL, NULL }; \ +DATA_SET(_openpam_modules, _pam_module) +#else +/* normal case */ +#define PAM_EXTERN +#define PAM_MODULE_ENTRY(name) +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/include/security/pam_appl.h b/contrib/openpam/include/security/pam_appl.h new file mode 100644 index 0000000..f3e7e60 --- /dev/null +++ b/contrib/openpam/include/security/pam_appl.h @@ -0,0 +1,180 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef _PAM_APPL_H_INCLUDED +#define _PAM_APPL_H_INCLUDED + +#include <security/pam_types.h> +#include <security/pam_constants.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * XSSO 4.2.1, 6 + */ + +int +pam_acct_mgmt(pam_handle_t *_pamh, + int _flags); + +int +pam_authenticate(pam_handle_t *_pamh, + int _flags); + +int +pam_chauthtok(pam_handle_t *_pamh, + int _flags); + +int +pam_close_session(pam_handle_t *_pamh, + int _flags); + +int +pam_end(pam_handle_t *_pamh, + int _status); + +int +pam_get_data(pam_handle_t *_pamh, + const char *_module_data_name, + void **_data); + +int +pam_get_item(pam_handle_t *_pamh, + int _item_type, + const void **_item); + +int +pam_get_user(pam_handle_t *_pamh, + const char **_user, + const char *_prompt); + +char * +pam_getenv(pam_handle_t *_pamh, + const char *_name); + +char ** +pam_getenvlist(pam_handle_t *_pamh); + +int +pam_open_session(pam_handle_t *_pamh, + int _flags); + +int +pam_putenv(pam_handle_t *_pamh, + const char *_namevalue); + +int +pam_set_data(pam_handle_t *_pamh, + const char *_module_data_name, + void *_data, + void (*_cleanup)(pam_handle_t *_pamh, + void *_data, + int _pam_end_status)); + +int +pam_set_item(pam_handle_t *_pamh, + int _item_type, + const void *_item); + +int +pam_setcred(pam_handle_t *_pamh, + int _flags); + +int +pam_start(const char *_service, + const char *_user, + const struct pam_conv *_pam_conv, + pam_handle_t **_pamh); + +const char * +pam_strerror(pam_handle_t *_pamh, + int _error_number); + +/* + * Single Sign-On extensions + */ +#if 0 +int +pam_authenticate_secondary(pam_handle_t *_pamh, + char *_target_username, + char *_target_module_type, + char *_target_authn_domain, + char *_target_supp_data, + char *_target_module_authtok, + int _flags); + +int +pam_get_mapped_authtok(pam_handle_t *_pamh, + const char *_target_module_username, + const char *_target_module_type, + const char *_target_authn_domain, + size_t *_target_authtok_len, + unsigned char **_target_module_authtok); + +int +pam_get_mapped_username(pam_handle_t *_pamh, + const char *_src_username, + const char *_src_module_type, + const char *_src_authn_domain, + const char *_target_module_type, + const char *_target_authn_domain, + char **_target_module_username); + +int +pam_set_mapped_authtok(pam_handle_t *_pamh, + const char *_target_module_username, + size_t _target_authtok_len, + unsigned char *_target_module_authtok, + const char *_target_module_type, + const char *_target_authn_domain); + +int +pam_set_mapped_username(pam_handle_t *_pamh, + char *_src_username, + char *_src_module_type, + char *_src_authn_domain, + char *_target_module_username, + char *_target_module_type, + char *_target_authn_domain); +#endif /* 0 */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/include/security/pam_constants.h b/contrib/openpam/include/security/pam_constants.h new file mode 100644 index 0000000..71d6ba8 --- /dev/null +++ b/contrib/openpam/include/security/pam_constants.h @@ -0,0 +1,128 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef _PAM_CONSTANTS_H_INCLUDED +#define _PAM_CONSTANTS_H_INCLUDED + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * XSSO 5.2 + */ +enum { + PAM_SUCCESS = 0, + PAM_OPEN_ERR = 1, + PAM_SYMBOL_ERR = 2, + PAM_SERVICE_ERR = 3, + PAM_SYSTEM_ERR = 4, + PAM_BUF_ERR = 5, + PAM_CONV_ERR = 6, + PAM_PERM_DENIED = 7, + PAM_MAXTRIES = 8, + PAM_AUTH_ERR = 9, + PAM_NEW_AUTHTOK_REQD = 10, + PAM_CRED_INSUFFICIENT = 11, + PAM_AUTHINFO_UNAVAIL = 12, + PAM_USER_UNKNOWN = 13, + PAM_CRED_UNAVAIL = 14, + PAM_CRED_EXPIRED = 15, + PAM_CRED_ERR = 16, + PAM_ACCT_EXPIRED = 17, + PAM_AUTHTOK_EXPIRED = 18, + PAM_SESSION_ERR = 19, + PAM_AUTHTOK_ERR = 20, + PAM_AUTHTOK_RECOVERY_ERR = 21, + PAM_AUTHTOK_LOCK_BUSY = 22, + PAM_AUTHTOK_DISABLE_AGING = 23, + PAM_NO_MODULE_DATA = 24, + PAM_IGNORE = 25, + PAM_ABORT = 26, + PAM_TRY_AGAIN = 27, + PAM_MODULE_UNKNOWN = 28, + PAM_DOMAIN_UNKNOWN = 29 +}; + +/* + * XSSO 5.3 + */ +enum { + PAM_PROMPT_ECHO_OFF = 1, + PAM_PROMPT_ECHO_ON = 2, + PAM_ERROR_MSG = 3, + PAM_TEXT_INFO = 4, + PAM_MAX_NUM_MSG = 32, + PAM_MAX_MSG_SIZE = 512, + PAM_MAX_RESP_SIZE = 512 +}; + +/* + * XSSO 5.4 + */ +enum { + PAM_SILENT = 0x80000000, + PAM_DISALLOW_NULL_AUTHTOK = 0x1, + PAM_ESTABLISH_CRED = 0x1, + PAM_DELETE_CRED = 0x2, + PAM_REINITIALISE_CRED = 0x4, + PAM_REFRESH_CRED = 0x8, + PAM_PRELIM_CHECK = 0x1, + PAM_UPDATE_AUTHTOK = 0x2, + PAM_CHANGE_EXPIRED_AUTHTOK = 0x4 +}; + +/* + * XSSO 5.5 + */ +enum { + PAM_SERVICE = 1, + PAM_USER = 2, + PAM_TTY = 3, + PAM_RHOST = 4, + PAM_CONV = 5, + PAM_AUTHTOK = 6, + PAM_OLDAUTHTOK = 7, + PAM_RUSER = 8, + PAM_USER_PROMPT = 9, + PAM_AUTHTOK_PROMPT = 10 /* OpenPAM extension */ +}; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/include/security/pam_modules.h b/contrib/openpam/include/security/pam_modules.h new file mode 100644 index 0000000..35c8eb9 --- /dev/null +++ b/contrib/openpam/include/security/pam_modules.h @@ -0,0 +1,148 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef _PAM_MODULES_H_INCLUDED +#define _PAM_MODULES_H_INCLUDED + +#include <security/pam_types.h> +#include <security/pam_constants.h> +#include <security/openpam.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * XSSO 4.2.2, 6 + */ + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *_pamh, + int _flags, + int _args, + const char **_argv); + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *_pamh, + int _flags, + int _argc, + const char **_argv); + +/* + * Single Sign-On extensions + */ +#if 0 +PAM_EXTERN int +pam_sm_authenticate_secondary(pam_handle_t *_pamh, + char *_target_username, + char *_target_module_type, + char *_target_authn_domain, + char *_target_supp_data, + unsigned char *_target_module_authtok, + int _flags, + int _argc, + const char **_argv); + +PAM_EXTERN int +pam_sm_get_mapped_authtok(pam_handle_t *_pamh, + char *_target_module_username, + char *_target_module_type, + char *_target_authn_domain, + size_t *_target_authtok_len, + unsigned char **_target_module_authtok, + int _argc, + char *_argv); + +PAM_EXTERN int +pam_sm_get_mapped_username(pam_handle_t *_pamh, + char *_src_username, + char *_src_module_type, + char *_src_authn_domain, + char *_target_module_type, + char *_target_authn_domain, + char **_target_module_username, + int _argc, + const char **_argv); + +PAM_EXTERN int +pam_sm_set_mapped_authtok(pam_handle_t *_pamh, + char *_target_module_username, + size_t _target_authtok_len, + unsigned char *_target_module_authtok, + char *_target_module_type, + char *_target_authn_domain, + int _argc, + const char *_argv); + +PAM_EXTERN int +pam_sm_set_mapped_username(pam_handle_t *_pamh, + char *_target_module_username, + char *_target_module_type, + char *_target_authn_domain, + int _argc, + const char **_argv); + +#endif /* 0 */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/include/security/pam_types.h b/contrib/openpam/include/security/pam_types.h new file mode 100644 index 0000000..d8ba80b --- /dev/null +++ b/contrib/openpam/include/security/pam_types.h @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef _PAM_TYPES_H_INCLUDED +#define _PAM_TYPES_H_INCLUDED + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * XSSO 5.1.1 + */ +struct pam_message { + int msg_style; + char *msg; +}; + +struct pam_response { + char *resp; + int resp_retcode; +}; + +/* + * XSSO 5.1.2 + */ +struct pam_conv { + int (*conv)(int, const struct pam_message **, + struct pam_response **, void *); + void *appdata_ptr; +}; + +/* + * XSSO 5.1.3 + */ +struct pam_handle; +typedef struct pam_handle pam_handle_t; + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile new file mode 100644 index 0000000..1fd9041 --- /dev/null +++ b/contrib/openpam/lib/Makefile @@ -0,0 +1,85 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +LIB = pam +SHLIB_MAJOR = 2 +SHLIB_MINOR = 0 + +WARNS ?= 4 +NO_WERROR = yes +CFLAGS += -I${.CURDIR}/../include + +SRCS = +SRCS += openpam_dispatch.c +SRCS += openpam_findenv.c +SRCS += openpam_load.c +SRCS += openpam_log.c +SRCS += openpam_ttyconv.c +SRCS += pam_acct_mgmt.c +SRCS += pam_authenticate.c +SRCS += pam_chauthtok.c +SRCS += pam_close_session.c +SRCS += pam_end.c +SRCS += pam_error.c +SRCS += pam_get_authtok.c +SRCS += pam_get_data.c +SRCS += pam_get_item.c +SRCS += pam_get_user.c +SRCS += pam_getenv.c +SRCS += pam_getenvlist.c +SRCS += pam_info.c +SRCS += pam_open_session.c +SRCS += pam_prompt.c +SRCS += pam_putenv.c +SRCS += pam_set_data.c +SRCS += pam_set_item.c +SRCS += pam_setcred.c +SRCS += pam_setenv.c +SRCS += pam_start.c +SRCS += pam_strerror.c +SRCS += pam_verror.c +SRCS += pam_vinfo.c +SRCS += pam_vprompt.c + +.if 0 +SRCS += pam_authenticate_secondary.c +SRCS += pam_get_mapped_authtok.c +SRCS += pam_get_mapped_username.c +SRCS += pam_set_mapped_authtok.c +SRCS += pam_set_mapped_username.c +.endif + +.include <bsd.lib.mk> diff --git a/contrib/openpam/lib/openpam_dispatch.c b/contrib/openpam/lib/openpam_dispatch.c new file mode 100644 index 0000000..9c7c287 --- /dev/null +++ b/contrib/openpam/lib/openpam_dispatch.c @@ -0,0 +1,203 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#if !defined(OPENPAM_RELAX_CHECKS) +static void _openpam_check_error_code(int, int); +#else +#define _openpam_check_error_code(a, b) +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * Execute a module chain + */ + +int +openpam_dispatch(pam_handle_t *pamh, + int primitive, + int flags) +{ + pam_chain_t *chain; + int err, fail, r; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + /* prevent recursion */ + if (pamh->current != NULL) { + openpam_log(PAM_LOG_ERROR, "indirect recursion"); + return (PAM_ABORT); + } + + /* pick a chain */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + case PAM_SM_SETCRED: + chain = pamh->chains[PAM_AUTH]; + break; + case PAM_SM_ACCT_MGMT: + chain = pamh->chains[PAM_ACCOUNT]; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + chain = pamh->chains[PAM_SESSION]; + break; + case PAM_SM_CHAUTHTOK: + chain = pamh->chains[PAM_PASSWORD]; + break; + default: + return (PAM_SYSTEM_ERR); + } + + /* execute */ + for (err = fail = 0; chain != NULL; chain = chain->next) { + if (chain->module->func[primitive] == NULL) { + openpam_log(PAM_LOG_ERROR, "%s: no %s()", + chain->module->path, _pam_sm_func_name[primitive]); + continue; + } else { + pamh->current = chain; + r = (chain->module->func[primitive])(pamh, flags, + chain->optc, (const char **)chain->optv); + pamh->current = NULL; + openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s", + chain->module->path, _pam_sm_func_name[primitive], + pam_strerror(pamh, r)); + } + + if (r == PAM_IGNORE) + continue; + if (r == PAM_SUCCESS) { + /* + * For pam_setcred(), treat "sufficient" as + * "optional". + * + * Note that Solaris libpam does not terminate + * the chain here if a required module has + * previously failed. I'm not sure why. + */ + if (chain->flag == PAM_SUFFICIENT && + primitive != PAM_SM_SETCRED) + break; + } + + _openpam_check_error_code(primitive, r); + + /* + * Record the return code from the first module to + * fail. If a required module fails, record the + * return code from the first required module to fail. + */ + if (err == 0) + err = r; + if (chain->flag == PAM_REQUIRED && !fail) { + fail = 1; + err = r; + } + + /* + * If a requisite module fails, terminate the chain + * immediately. + */ + if (chain->flag == PAM_REQUISITE) { + fail = 1; + break; + } + } + + return (fail ? err : PAM_SUCCESS); +} + +#if !defined(OPENPAM_RELAX_CHECKS) +static void +_openpam_check_error_code(int primitive, int r) +{ + /* common error codes */ + if (r == PAM_SERVICE_ERR || + r == PAM_BUF_ERR || + r == PAM_BUF_ERR || + r == PAM_CONV_ERR || + r == PAM_PERM_DENIED) + return; + + /* specific error codes */ + switch (primitive) { + case PAM_SM_AUTHENTICATE: + if (r == PAM_AUTH_ERR || + r == PAM_CRED_INSUFFICIENT || + r == PAM_AUTHINFO_UNAVAIL || + r == PAM_USER_UNKNOWN || + r == PAM_MAXTRIES) + return; + break; + case PAM_SM_SETCRED: + if (r == PAM_CRED_UNAVAIL || + r == PAM_CRED_EXPIRED || + r == PAM_USER_UNKNOWN || + r == PAM_CRED_ERR) + return; + break; + case PAM_SM_ACCT_MGMT: + if (r == PAM_USER_UNKNOWN || + r == PAM_AUTH_ERR || + r == PAM_NEW_AUTHTOK_REQD || + r == PAM_ACCT_EXPIRED) + return; + break; + case PAM_SM_OPEN_SESSION: + case PAM_SM_CLOSE_SESSION: + if (r == PAM_SESSION_ERR) + return; + break; + case PAM_SM_CHAUTHTOK: + if (r == PAM_PERM_DENIED || + r == PAM_AUTHTOK_ERR || + r == PAM_AUTHTOK_RECOVERY_ERR || + r == PAM_AUTHTOK_LOCK_BUSY || + r == PAM_AUTHTOK_DISABLE_AGING) + return; + break; + } + + openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", + _pam_sm_func_name[primitive], r); +} +#endif /* !defined(OPENPAM_RELAX_CHECKS) */ diff --git a/contrib/openpam/lib/openpam_findenv.c b/contrib/openpam/lib/openpam_findenv.c new file mode 100644 index 0000000..c32dd27 --- /dev/null +++ b/contrib/openpam/lib/openpam_findenv.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * Locate an environment variable + */ + +int +openpam_findenv(pam_handle_t *pamh, + const char *name, + size_t len) +{ + int i; + + if (pamh == NULL) + return (-1); + + for (i = 0; i < pamh->env_count; ++i) + if (strncmp(pamh->env[i], name, len) == 0 && + pamh->env[i][len] == '=') + return (i); + return (-1); +} diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h new file mode 100644 index 0000000..5988628 --- /dev/null +++ b/contrib/openpam/lib/openpam_impl.h @@ -0,0 +1,106 @@ +/*- + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#ifndef _OPENPAM_IMPL_H_INCLUDED +#define _OPENPAM_IMPL_H_INCLUDED + +#include <security/openpam.h> + +extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; + +/* + * Control flags + */ +#define PAM_REQUIRED 1 +#define PAM_REQUISITE 2 +#define PAM_SUFFICIENT 3 +#define PAM_OPTIONAL 4 +#define PAM_NUM_CONTROLFLAGS 5 + +/* + * Chains + */ +#define PAM_AUTH 0 +#define PAM_ACCOUNT 1 +#define PAM_SESSION 2 +#define PAM_PASSWORD 3 +#define PAM_NUM_CHAINS 4 + +typedef struct pam_chain pam_chain_t; +struct pam_chain { + pam_module_t *module; + int flag; + int optc; + char **optv; + pam_chain_t *next; +}; + +#define PAM_NUM_ITEMS 10 + +typedef struct pam_data pam_data_t; +struct pam_data { + char *name; + void *data; + void (*cleanup)(pam_handle_t *, void *, int); + pam_data_t *next; +}; + +struct pam_handle { + char *service; + + /* chains */ + pam_chain_t *chains[PAM_NUM_CHAINS]; + pam_chain_t *current; + + /* items and data */ + void *item[PAM_NUM_ITEMS]; + pam_data_t *module_data; + + /* environment list */ + char **env; + int env_count; + int env_size; +}; + +#define PAM_OTHER "other" + +int openpam_dispatch(pam_handle_t *, int, int); +int openpam_findenv(pam_handle_t *, const char *, size_t); +int openpam_add_module(pam_handle_t *, int, int, + const char *, int, const char **); +void openpam_clear_chains(pam_handle_t *); + +#endif diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c new file mode 100644 index 0000000..d938959 --- /dev/null +++ b/contrib/openpam/lib/openpam_load.c @@ -0,0 +1,227 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <dlfcn.h> +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#ifdef OPENPAM_STATIC_MODULES +SET_DECLARE(_openpam_modules, pam_module_t); +#endif + +const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = { + "pam_sm_acct_mgmt", + "pam_sm_authenticate", + "pam_sm_chauthtok", + "pam_sm_close_session", + "pam_sm_open_session", + "pam_sm_setcred" +}; + +static pam_module_t *modules; + +/* + * Load a dynamic module, or locate a static one. Keep a list of + * previously found modules to speed up the process. + */ + +static pam_module_t * +openpam_load_module(const char *path) +{ + pam_module_t *module; + void *dlh; + int i; + + /* check cache first */ + for (module = modules; module != NULL; module = module->next) + if (strcmp(module->path, path) == 0) + goto found; + + /* nope; try to load */ + if ((dlh = dlopen(path, RTLD_NOW)) == NULL) { + openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror()); + } else { + if ((module = calloc(1, sizeof *module)) == NULL) + goto buf_err; + if ((module->path = strdup(path)) == NULL) + goto buf_err; + module->dlh = dlh; + for (i = 0; i < PAM_NUM_PRIMITIVES; ++i) + module->func[i] = dlsym(dlh, _pam_sm_func_name[i]); + } + openpam_log(PAM_LOG_DEBUG, "%s dynamic %s", + (module == NULL) ? "no" : "using", path); + +#ifdef OPENPAM_STATIC_MODULES + /* look for a static module */ + if (module == NULL && strchr(path, '/') == NULL) { + pam_module_t **modp; + + SET_FOREACH(modp, _openpam_modules) { + if (strcmp((*modp)->path, path) == 0) { + module = *modp; + break; + } + } + openpam_log(PAM_LOG_DEBUG, "%s static %s", + (module == NULL) ? "no" : "using", path); + } +#endif + if (module == NULL) + return (NULL); + module->next = modules; + module->prev = NULL; + modules = module; + found: + ++module->refcount; + return (module); + buf_err: + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + dlclose(dlh); + free(module); + return (NULL); +} + + +/* + * Release a module. + * XXX highly thread-unsafe + */ + +static void +openpam_release_module(pam_module_t *module) +{ + if (module == NULL) + return; + --module->refcount; + if (module->refcount > 0) + /* still in use */ + return; + if (module->refcount < 0) { + openpam_log(PAM_LOG_ERROR, "module %s has negative refcount", + module->path); + module->refcount = 0; + } + if (module->dlh == NULL) + /* static module */ + return; + dlclose(module->dlh); + if (module->prev != NULL) + module->prev->next = module->next; + if (module->next != NULL) + module->next->prev = module->prev; + free(module); +} + + +/* + * Destroy a chain, freeing all its links and releasing the modules + * they point to. + */ + +static void +openpam_destroy_chain(pam_chain_t *chain) +{ + if (chain == NULL) + return; + openpam_destroy_chain(chain->next); + chain->next = NULL; + while (chain->optc--) + free(chain->optv[chain->optc]); + free(chain->optv); + openpam_release_module(chain->module); + free(chain); +} + +/* + * Add a module to a chain. + */ + +int +openpam_add_module(pam_handle_t *pamh, + int chain, + int flag, + const char *modpath, + int optc, + const char *optv[]) +{ + pam_chain_t *new, *iterator; + + if ((new = calloc(1, sizeof *new)) == NULL) + goto buf_err; + if ((new->optv = malloc(sizeof(char *) * (optc + 1))) == NULL) + goto buf_err; + while (optc--) + if ((new->optv[new->optc++] = strdup(*optv++)) == NULL) + goto buf_err; + new->optv[new->optc] = NULL; + new->flag = flag; + if ((new->module = openpam_load_module(modpath)) == NULL) { + openpam_destroy_chain(new); + return (PAM_OPEN_ERR); + } + if ((iterator = pamh->chains[chain]) != NULL) { + while (iterator->next != NULL) + iterator = iterator->next; + iterator->next = new; + } else { + pamh->chains[chain] = new; + } + return (PAM_SUCCESS); + + buf_err: + openpam_log(PAM_LOG_ERROR, "%m"); + openpam_destroy_chain(new); + return (PAM_BUF_ERR); +} + + +/* + * Clear the chains and release the modules + */ + +void +openpam_clear_chains(pam_handle_t *pamh) +{ + int i; + + for (i = 0; i < PAM_NUM_CHAINS; ++i) + openpam_destroy_chain(pamh->chains[i]); +} diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c new file mode 100644 index 0000000..d733b69 --- /dev/null +++ b/contrib/openpam/lib/openpam_log.c @@ -0,0 +1,117 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <syslog.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +#if defined(openpam_log) + +/* + * Log a message through syslog(3) + */ + +void +_openpam_log(int level, const char *func, const char *fmt, ...) +{ + va_list ap; + char *format; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + if ((format = malloc(strlen(func) + strlen(fmt) + 8)) != NULL) { + sprintf(format, "in %s(): %s", func, fmt); + vsyslog(priority, format, ap); + free(format); + } else { + vsyslog(priority, fmt, ap); + } + va_end(ap); +} + +#else + +/* + * If openpam_log isn't defined as a macro, we're on a platform that + * doesn't support varadic macros (or it does but we aren't aware of + * it). Do the next best thing. + */ + +void +openpam_log(int level, const char *fmt, ...) +{ + va_list ap; + int priority; + + switch (level) { + case PAM_LOG_DEBUG: + priority = LOG_DEBUG; + break; + case PAM_LOG_VERBOSE: + priority = LOG_INFO; + break; + case PAM_LOG_NOTICE: + priority = LOG_NOTICE; + break; + case PAM_LOG_ERROR: + priority = LOG_ERR; + break; + } + va_start(ap, fmt); + vsyslog(priority, fmt, ap); + va_end(ap); +} + +#endif diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c new file mode 100644 index 0000000..ac7eecd --- /dev/null +++ b/contrib/openpam/lib/openpam_ttyconv.c @@ -0,0 +1,131 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/types.h> + +#include <ctype.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <termios.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * Simple tty-based conversation function. + */ + +int +openpam_ttyconv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + char buf[PAM_MAX_RESP_SIZE]; + struct termios tattr; + tcflag_t lflag; + int fd, err, i; + size_t len; + + data = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + if ((*resp = calloc(n, sizeof **resp)) == NULL) + return (PAM_BUF_ERR); + fd = fileno(stdin); + for (i = 0; i < n; ++i) { + resp[i]->resp_retcode = 0; + resp[i]->resp = NULL; + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + case PAM_PROMPT_ECHO_ON: + if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { + if (tcgetattr(fd, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, + "tcgetattr(): %m"); + err = PAM_CONV_ERR; + goto fail; + } + lflag = tattr.c_lflag; + tattr.c_lflag &= ~ECHO; + if (tcsetattr(fd, TCSAFLUSH, &tattr) != 0) { + openpam_log(PAM_LOG_ERROR, + "tcsetattr(): %m"); + err = PAM_CONV_ERR; + goto fail; + } + } + fputs(msg[i]->msg, stderr); + buf[0] = '\0'; + fgets(buf, sizeof buf, stdin); + if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { + tattr.c_lflag = lflag; + (void)tcsetattr(fd, TCSANOW, &tattr); + fputs("\n", stderr); + } + if (ferror(stdin)) { + err = PAM_CONV_ERR; + goto fail; + } + for (len = strlen(buf); len > 0; --len) + if (!isspace(buf[len - 1])) + break; + buf[len] = '\0'; + if ((resp[i]->resp = strdup(buf)) == NULL) { + err = PAM_BUF_ERR; + goto fail; + } + break; + case PAM_ERROR_MSG: + fputs(msg[i]->msg, stderr); + break; + case PAM_TEXT_INFO: + fputs(msg[i]->msg, stdout); + break; + default: + err = PAM_BUF_ERR; + goto fail; + } + } + return (PAM_SUCCESS); + fail: + while (i) + free(resp[--i]); + free(*resp); + *resp = NULL; + return (err); +} diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c new file mode 100644 index 0000000..d88a24e --- /dev/null +++ b/contrib/openpam/lib/pam_acct_mgmt.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 32 + * + * Perform PAM account validation procedures + */ + +int +pam_acct_mgmt(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags)); +} diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c new file mode 100644 index 0000000..d98d1df --- /dev/null +++ b/contrib/openpam/lib/pam_authenticate.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 34 + * + * Perform authentication within the PAM framework + */ + +int +pam_authenticate(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags)); +} diff --git a/contrib/openpam/lib/pam_authenticate_secondary.c b/contrib/openpam/lib/pam_authenticate_secondary.c new file mode 100644 index 0000000..37a57fe --- /dev/null +++ b/contrib/openpam/lib/pam_authenticate_secondary.c @@ -0,0 +1,50 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + char *target_module_authtok, + int flags) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c new file mode 100644 index 0000000..c35ed49 --- /dev/null +++ b/contrib/openpam/lib/pam_chauthtok.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 38 + * + * Perform password related functions within the PAM framework + */ + +int +pam_chauthtok(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags)); +} diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c new file mode 100644 index 0000000..9b2a1ae --- /dev/null +++ b/contrib/openpam/lib/pam_close_session.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 40 + * + * Close an existing user session + */ + +int +pam_close_session(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags)); +} diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c new file mode 100644 index 0000000..0fbfdf8 --- /dev/null +++ b/contrib/openpam/lib/pam_end.c @@ -0,0 +1,84 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 42 + * + * Terminate the PAM transaction + */ + +int +pam_end(pam_handle_t *pamh, + int status) +{ + pam_data_t *dp; + int i; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + /* clear module data */ + while ((dp = pamh->module_data) != NULL) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, status); + pamh->module_data = dp->next; + free(dp->name); + free(dp); + } + + /* clear environment */ + while (pamh->env_count) + free(pamh->env[--pamh->env_count]); + free(pamh->env); + + /* clear chains */ + openpam_clear_chains(pamh); + + /* clear items */ + for (i = 0; i < PAM_NUM_ITEMS; ++i) + pam_set_item(pamh, i, NULL); + + free(pamh); + + return (PAM_SUCCESS); +} diff --git a/contrib/openpam/lib/pam_error.c b/contrib/openpam/lib/pam_error.c new file mode 100644 index 0000000..aded8f1 --- /dev/null +++ b/contrib/openpam/lib/pam_error.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_error(pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + va_end(ap); + free(rsp); /* ignore response */ + return (r); +} diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c new file mode 100644 index 0000000..741b02d --- /dev/null +++ b/contrib/openpam/lib/pam_get_authtok.c @@ -0,0 +1,75 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Retrieve authentication token + */ + +int +pam_get_authtok(pam_handle_t *pamh, + const char **authtok, + const char *prompt) +{ + char *p, *resp; + int r; + + if (pamh == NULL || authtok == NULL) + return (PAM_SYSTEM_ERR); + + r = pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok); + if (r == PAM_SUCCESS) + return (PAM_SUCCESS); + if (prompt == NULL) { + if (pam_get_item(pamh, PAM_AUTHTOK_PROMPT, + (const void **)&p) != PAM_SUCCESS || p == NULL) + prompt = "Password:"; + } + r = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp, + "%s", prompt ? prompt : p); + if (r != PAM_SUCCESS) + return (r); + *authtok = resp; + return (pam_set_item(pamh, PAM_AUTHTOK, *authtok)); +} diff --git a/contrib/openpam/lib/pam_get_data.c b/contrib/openpam/lib/pam_get_data.c new file mode 100644 index 0000000..8b2b090 --- /dev/null +++ b/contrib/openpam/lib/pam_get_data.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 43 + * + * Get module information + */ + +int +pam_get_data(pam_handle_t *pamh, + const char *module_data_name, + void **data) +{ + pam_data_t *dp; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + for (dp = pamh->module_data; dp != NULL; dp = dp->next) + if (strcmp(dp->name, module_data_name) == 0) { + *data = dp->data; + return (PAM_SUCCESS); + } + + return (PAM_NO_MODULE_DATA); +} diff --git a/contrib/openpam/lib/pam_get_item.c b/contrib/openpam/lib/pam_get_item.c new file mode 100644 index 0000000..7369c48 --- /dev/null +++ b/contrib/openpam/lib/pam_get_item.c @@ -0,0 +1,74 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 46 + * + * Get PAM information + */ + +int +pam_get_item(pam_handle_t *pamh, + int item_type, + const void **item) +{ + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_CONV: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + *item = pamh->item[item_type]; + return (PAM_SUCCESS); + default: + return (PAM_SYSTEM_ERR); + } +} diff --git a/contrib/openpam/lib/pam_get_mapped_authtok.c b/contrib/openpam/lib/pam_get_mapped_authtok.c new file mode 100644 index 0000000..0050c0e --- /dev/null +++ b/contrib/openpam/lib/pam_get_mapped_authtok.c @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_get_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + const char *target_module_type, + const char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_get_mapped_username.c b/contrib/openpam/lib/pam_get_mapped_username.c new file mode 100644 index 0000000..faa78bb --- /dev/null +++ b/contrib/openpam/lib/pam_get_mapped_username.c @@ -0,0 +1,50 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_get_mapped_username(pam_handle_t *pamh, + const char *src_username, + const char *src_module_type, + const char *src_authn_domain, + const char *target_module_type, + const char *target_authn_domain, + char **target_module_username) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_get_user.c b/contrib/openpam/lib/pam_get_user.c new file mode 100644 index 0000000..17572c4 --- /dev/null +++ b/contrib/openpam/lib/pam_get_user.c @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 52 + * + * Retrieve user name + */ + +int +pam_get_user(pam_handle_t *pamh, + const char **user, + const char *prompt) +{ + char *p, *resp; + int r; + + if (pamh == NULL || user == NULL) + return (PAM_SYSTEM_ERR); + + r = pam_get_item(pamh, PAM_USER, (const void **)user); + if (r == PAM_SUCCESS) + return (PAM_SUCCESS); + if (prompt == NULL) { + if (pam_get_item(pamh, PAM_USER_PROMPT, + (const void **)&p) != PAM_SUCCESS || p == NULL) + prompt = "Login: "; + } + r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, + "%s", prompt ? prompt : p); + if (r != PAM_SUCCESS) + return (r); + *user = resp; + return (pam_set_item(pamh, PAM_USER, *user)); +} diff --git a/contrib/openpam/lib/pam_getenv.c b/contrib/openpam/lib/pam_getenv.c new file mode 100644 index 0000000..d6bf219 --- /dev/null +++ b/contrib/openpam/lib/pam_getenv.c @@ -0,0 +1,67 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 44 + * + * Retrieve the value of a PAM environment variable + */ + +char * +pam_getenv(pam_handle_t *pamh, + const char *name) +{ + int i; + + if (pamh == NULL) + return (NULL); + + /* sanity checks */ + if (name == NULL || strchr(name, '=') != NULL) + return (NULL); + + if ((i = openpam_findenv(pamh, name, strlen(name))) == -1) + return (NULL); + return (strdup(pamh->env[i])); +} diff --git a/contrib/openpam/lib/pam_getenvlist.c b/contrib/openpam/lib/pam_getenvlist.c new file mode 100644 index 0000000..4409a89 --- /dev/null +++ b/contrib/openpam/lib/pam_getenvlist.c @@ -0,0 +1,70 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" +/* + * XSSO 4.2.1 + * XSSO 6 page 45 + * + * Returns a list of all the PAM environment variables + */ + +char ** +pam_getenvlist(pam_handle_t *pamh) +{ + char **envlist; + int i; + + if (pamh == NULL) + return (NULL); + + if ((envlist = malloc(sizeof(char *) * (pamh->env_count + 1))) == NULL) + return (NULL); + for (i = 0; i < pamh->env_count; ++i) { + if ((envlist[i] = strdup(pamh->env[i])) == NULL) { + while (i) + free(envlist[--i]); + free(envlist); + return (NULL); + } + } + return (envlist); +} diff --git a/contrib/openpam/lib/pam_info.c b/contrib/openpam/lib/pam_info.c new file mode 100644 index 0000000..ce1d2b8 --- /dev/null +++ b/contrib/openpam/lib/pam_info.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_info(pam_handle_t *pamh, + const char *fmt, + ...) +{ + va_list ap; + char *rsp; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + va_end(ap); + free(rsp); /* ignore response */ + return (r); +} diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c new file mode 100644 index 0000000..dcbf2b8 --- /dev/null +++ b/contrib/openpam/lib/pam_open_session.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 54 + * + * Open a user session + */ + +int +pam_open_session(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags)); +} diff --git a/contrib/openpam/lib/pam_prompt.c b/contrib/openpam/lib/pam_prompt.c new file mode 100644 index 0000000..afc4169 --- /dev/null +++ b/contrib/openpam/lib/pam_prompt.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_prompt(pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + ...) +{ + va_list ap; + int r; + + va_start(ap, fmt); + r = pam_vprompt(pamh, style, resp, fmt, ap); + va_end(ap); + return (r); +} diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c new file mode 100644 index 0000000..c8701f3 --- /dev/null +++ b/contrib/openpam/lib/pam_putenv.c @@ -0,0 +1,88 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 56 + * + * Set the value of an environment variable + */ + +int +pam_putenv(pam_handle_t *pamh, + const char *namevalue) +{ + char **env, *p; + int i; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + /* sanity checks */ + if (namevalue == NULL || (p = strchr(namevalue, '=')) == NULL) + return (PAM_SYSTEM_ERR); + + /* see if the variable is already in the environment */ + if ((i = openpam_findenv(pamh, namevalue, p - namevalue)) != -1) { + if ((p = strdup(namevalue)) == NULL) + return (PAM_BUF_ERR); + free(pamh->env[i]); + pamh->env[i] = p; + return (PAM_SUCCESS); + } + + /* grow the environment list if necessary */ + if (pamh->env_count == pamh->env_size) { + env = realloc(pamh->env, pamh->env_size * 2 + 1); + if (env == NULL) + return (PAM_BUF_ERR); + pamh->env = env; + pamh->env_size = pamh->env_size * 2 + 1; + } + + /* add the variable at the end */ + if ((pamh->env[pamh->env_count] = strdup(namevalue)) == NULL) + return (PAM_BUF_ERR); + ++pamh->env_count; + return (PAM_SUCCESS); +} diff --git a/contrib/openpam/lib/pam_set_data.c b/contrib/openpam/lib/pam_set_data.c new file mode 100644 index 0000000..59d5751 --- /dev/null +++ b/contrib/openpam/lib/pam_set_data.c @@ -0,0 +1,83 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 59 + * + * Set module information + */ + +int +pam_set_data(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int pam_end_status)) +{ + pam_data_t *dp; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { + if (strcmp(dp->name, module_data_name) == 0) { + if (dp->cleanup) + (dp->cleanup)(pamh, dp->data, PAM_SUCCESS); + dp->data = data; + dp->cleanup = cleanup; + return (PAM_SUCCESS); + } + } + + if ((dp = malloc(sizeof *dp)) == NULL) + return (PAM_BUF_ERR); + if ((dp->name = strdup(module_data_name)) == NULL) { + free(data); + return (PAM_BUF_ERR); + } + dp->next = pamh->module_data; + pamh->module_data = data; + return (PAM_SUCCESS); +} diff --git a/contrib/openpam/lib/pam_set_item.c b/contrib/openpam/lib/pam_set_item.c new file mode 100644 index 0000000..1cebfd5 --- /dev/null +++ b/contrib/openpam/lib/pam_set_item.c @@ -0,0 +1,95 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 60 + * + * Set authentication information + */ + +int +pam_set_item(pam_handle_t *pamh, + int item_type, + const void *item) +{ + void **slot, *tmp; + size_t size; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + slot = &pamh->item[item_type]; + switch (item_type) { + case PAM_SERVICE: + case PAM_USER: + case PAM_AUTHTOK: + case PAM_OLDAUTHTOK: + case PAM_TTY: + case PAM_RHOST: + case PAM_RUSER: + case PAM_USER_PROMPT: + case PAM_AUTHTOK_PROMPT: + size = strlen(*slot) + 1; + if (item != NULL) + tmp = strdup(item); + break; + case PAM_CONV: + size = sizeof(struct pam_conv); + if (item != NULL) + tmp = malloc(size); + break; + default: + return (PAM_SYSTEM_ERR); + } + if (item != NULL && tmp == NULL) + return (PAM_BUF_ERR); + if (*slot != NULL) { + memset(*slot, 0xd0, size); + free(*slot); + } + *slot = tmp; + return (PAM_SUCCESS); +} diff --git a/contrib/openpam/lib/pam_set_mapped_authtok.c b/contrib/openpam/lib/pam_set_mapped_authtok.c new file mode 100644 index 0000000..ad066df --- /dev/null +++ b/contrib/openpam/lib/pam_set_mapped_authtok.c @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_set_mapped_authtok(pam_handle_t *pamh, + const char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + const char *target_module_type, + const char *target_authn_domain) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_set_mapped_username.c b/contrib/openpam/lib/pam_set_mapped_username.c new file mode 100644 index 0000000..fc12989 --- /dev/null +++ b/contrib/openpam/lib/pam_set_mapped_username.c @@ -0,0 +1,50 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <security/pam_appl.h> + +int +pam_set_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_username, + char *target_module_type, + char *target_authn_domain) +{ + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c new file mode 100644 index 0000000..0ea10ff --- /dev/null +++ b/contrib/openpam/lib/pam_setcred.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <sys/param.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 57 + * + * Modify / delete user credentials for an authentication service + */ + +int +pam_setcred(pam_handle_t *pamh, + int flags) +{ + + return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags)); +} diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c new file mode 100644 index 0000000..6165b7c --- /dev/null +++ b/contrib/openpam/lib/pam_setenv.c @@ -0,0 +1,79 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * OpenPAM extension + * + * Set the value of an environment variable + * Mirrors setenv(3) + */ + +int +pam_setenv(pam_handle_t *pamh, + const char *name, + const char *value, + int overwrite) +{ + char *env; + int r; + + if (pamh == NULL) + return (PAM_SYSTEM_ERR); + + /* sanity checks */ + if (name == NULL || value == NULL || strchr(name, '=') != NULL) + return (PAM_SYSTEM_ERR); + + /* is it already there? */ + if (!overwrite && openpam_findenv(pamh, name, strlen(name)) != -1) + return (PAM_SUCCESS); + + /* set it... */ + if ((env = malloc(strlen(name) + strlen(value) + 2)) == NULL) + return (PAM_BUF_ERR); + sprintf(env, "%s=%s", name, value); + r = pam_putenv(pamh, env); + free(env); + return (r); +} diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c new file mode 100644 index 0000000..ff9cc32 --- /dev/null +++ b/contrib/openpam/lib/pam_start.c @@ -0,0 +1,292 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <ctype.h> +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +static int _pam_configure_service(pam_handle_t *pamh, const char *service); + +/* + * XSSO 4.2.1 + * XSSO 6 page 89 + * + * Initiate a PAM transaction + */ + +int +pam_start(const char *service, + const char *user, + const struct pam_conv *pam_conv, + pam_handle_t **pamh) +{ + struct pam_handle *ph; + int r; + + if ((ph = calloc(1, sizeof *ph)) == NULL) + return (PAM_BUF_ERR); + if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS) + goto fail; + if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS) + goto fail; + + if ((r = _pam_configure_service(ph, service)) != PAM_SUCCESS && + r != PAM_BUF_ERR) + r = _pam_configure_service(ph, PAM_OTHER); + if (r != PAM_SUCCESS) + goto fail; + + *pamh = ph; + openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service); + return (PAM_SUCCESS); + + fail: + pam_end(ph, r); + return (r); +} + +#define PAM_CONF_STYLE 0 +#define PAM_D_STYLE 1 +#define MAX_LINE_LEN 1024 +#define MAX_OPTIONS 256 + +static int +_pam_read_policy_file(pam_handle_t *pamh, + const char *service, + const char *filename, + int style) +{ + char buf[MAX_LINE_LEN], *p, *q; + const char *optv[MAX_OPTIONS + 1]; + int ch, chain, flag, line, optc, n, r; + size_t len; + FILE *f; + + n = 0; + + if ((f = fopen(filename, "r")) == NULL) { + openpam_log(errno == ENOENT ? PAM_LOG_DEBUG : PAM_LOG_NOTICE, + "%s: %m", filename); + return (0); + } + openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s", + service, filename); + + for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) { + if ((len = strlen(buf)) == 0) + continue; + + /* check for overflow */ + if (buf[--len] != '\n' && !feof(f)) { + openpam_log(PAM_LOG_ERROR, "%s: line %d too long", + filename, line); + openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", + filename, line); + while ((ch = fgetc(f)) != EOF) + if (ch == '\n') + break; + continue; + } + + /* strip comments and trailing whitespace */ + if ((p = strchr(buf, '#')) != NULL) + len = p - buf ? p - buf - 1 : p - buf; + while (len > 0 && isspace(buf[len])) + --len; + if (len == 0) + continue; + buf[len] = '\0'; + p = q = buf; + + /* check service name */ + if (style == PAM_CONF_STYLE) { + for (q = p = buf; *q != '\0' && !isspace(*q); ++q) + /* nothing */; + if (*q == '\0') + goto syntax_error; + *q++ = '\0'; + if (strcmp(p, service) != 0) + continue; + openpam_log(PAM_LOG_DEBUG, "%s: line %d matches '%s'", + filename, line, service); + } + + + /* get module type */ + for (p = q; isspace(*p); ++p) + /* nothing */; + for (q = p; *q != '\0' && !isspace(*q); ++q) + /* nothing */; + if (q == p || *q == '\0') + goto syntax_error; + *q++ = '\0'; + if (strcmp(p, "auth") == 0) { + chain = PAM_AUTH; + } else if (strcmp(p, "account") == 0) { + chain = PAM_ACCOUNT; + } else if (strcmp(p, "session") == 0) { + chain = PAM_SESSION; + } else if (strcmp(p, "password") == 0) { + chain = PAM_PASSWORD; + } else { + openpam_log(PAM_LOG_ERROR, + "%s: invalid module type on line %d: '%s'", + filename, line, p); + continue; + } + + /* get control flag */ + for (p = q; isspace(*p); ++p) + /* nothing */; + for (q = p; *q != '\0' && !isspace(*q); ++q) + /* nothing */; + if (q == p || *q == '\0') + goto syntax_error; + *q++ = '\0'; + if (strcmp(p, "required") == 0) { + flag = PAM_REQUIRED; + } else if (strcmp(p, "requisite") == 0) { + flag = PAM_REQUISITE; + } else if (strcmp(p, "sufficient") == 0) { + flag = PAM_SUFFICIENT; + } else if (strcmp(p, "optional") == 0) { + flag = PAM_OPTIONAL; + } else { + openpam_log(PAM_LOG_ERROR, + "%s: invalid control flag on line %d: '%s'", + filename, line, p); + continue; + } + + /* get module name */ + for (p = q; isspace(*p); ++p) + /* nothing */; + for (q = p; *q != '\0' && !isspace(*q); ++q) + /* nothing */; + if (q == p) + goto syntax_error; + + /* get options */ + for (optc = 0; *q != '\0' && optc < MAX_OPTIONS; ++optc) { + *q++ = '\0'; + while (isspace(*q)) + ++q; + optv[optc] = q; + while (*q != '\0' && !isspace(*q)) + ++q; + } + optv[optc] = NULL; + if (*q != '\0') { + *q = '\0'; + openpam_log(PAM_LOG_ERROR, + "%s: too many options on line %d", + filename, line); + } + + /* + * Finally, add the module at the end of the + * appropriate chain and bump the counter. + */ + r = openpam_add_module(pamh, chain, flag, p, optc, optv); + if (r != PAM_SUCCESS) + return (-r); + ++n; + continue; + syntax_error: + openpam_log(PAM_LOG_ERROR, "%s: syntax error on line %d", + filename, line); + openpam_log(PAM_LOG_DEBUG, "%s: line %d: [%s]", + filename, line, q); + openpam_log(PAM_LOG_ERROR, "%s: ignoring line %d", + filename, line); + } + + if (ferror(f)) + openpam_log(PAM_LOG_ERROR, "%s: %m", filename); + + fclose(f); + return (n); +} + +static const char *_pam_policy_path[] = { + "/etc/pam.d/", + "/etc/pam.conf", + "/usr/local/etc/pam.d/", + NULL +}; + +static int +_pam_configure_service(pam_handle_t *pamh, + const char *service) +{ + const char **path; + char *filename; + size_t len; + int r; + + for (path = _pam_policy_path; *path != NULL; ++path) { + len = strlen(*path); + if ((*path)[len - 1] == '/') { + filename = malloc(len + strlen(service) + 1); + if (filename == NULL) { + openpam_log(PAM_LOG_ERROR, "malloc(): %m"); + return (PAM_BUF_ERR); + } + strcpy(filename, *path); + strcat(filename, service); + r = _pam_read_policy_file(pamh, + service, filename, PAM_D_STYLE); + free(filename); + } else { + r = _pam_read_policy_file(pamh, + service, *path, PAM_CONF_STYLE); + } + if (r < 0) + return (-r); + if (r > 0) + return (PAM_SUCCESS); + } + + return (PAM_SYSTEM_ERR); +} diff --git a/contrib/openpam/lib/pam_strerror.c b/contrib/openpam/lib/pam_strerror.c new file mode 100644 index 0000000..516374c --- /dev/null +++ b/contrib/openpam/lib/pam_strerror.c @@ -0,0 +1,123 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdio.h> + +#include <security/pam_appl.h> + +#include "openpam_impl.h" + +/* + * XSSO 4.2.1 + * XSSO 6 page 92 + * + * Get PAM standard error message string + */ + +const char * +pam_strerror(pam_handle_t *pamh, + int error_number) +{ + static char unknown[16]; + + pamh = pamh; + + switch (error_number) { + case PAM_SUCCESS: + return ("success"); + case PAM_OPEN_ERR: + return ("failed to load module"); + case PAM_SYMBOL_ERR: + return ("symbol not found in module"); + case PAM_SERVICE_ERR: + return ("error in service module"); + case PAM_SYSTEM_ERR: + return ("system error"); + case PAM_BUF_ERR: + return ("memory buffer error"); + case PAM_CONV_ERR: + return ("conversation failure"); + case PAM_PERM_DENIED: + return ("permission denied"); + case PAM_MAXTRIES: + return ("maximum number of tries exceeded"); + case PAM_AUTH_ERR: + return ("authentication error"); + case PAM_NEW_AUTHTOK_REQD: + return ("new authentication token required"); + case PAM_CRED_INSUFFICIENT: + return ("insufficient credentials"); + case PAM_AUTHINFO_UNAVAIL: + return ("authentication information is unavailable"); + case PAM_USER_UNKNOWN: + return ("unknown user"); + case PAM_CRED_UNAVAIL: + return ("failed to retrieve user credentials"); + case PAM_CRED_EXPIRED: + return ("user credentials have expired"); + case PAM_CRED_ERR: + return ("failed to set user credentials"); + case PAM_ACCT_EXPIRED: + return ("user accound has expired"); + case PAM_AUTHTOK_EXPIRED: + return ("password has expired"); + case PAM_SESSION_ERR: + return ("session failure"); + case PAM_AUTHTOK_ERR: + return ("authentication token failure"); + case PAM_AUTHTOK_RECOVERY_ERR: + return ("failed to recover old authentication token"); + case PAM_AUTHTOK_LOCK_BUSY: + return ("authentication token lock busy"); + case PAM_AUTHTOK_DISABLE_AGING: + return ("authentication token ageing disabled"); + case PAM_NO_MODULE_DATA: + return ("module data not found"); + case PAM_IGNORE: + return ("ignore this module"); + case PAM_ABORT: + return ("general failure"); + case PAM_TRY_AGAIN: + return ("try again"); + case PAM_MODULE_UNKNOWN: + return ("unknown module type"); + case PAM_DOMAIN_UNKNOWN: + return ("unknown authentication domain"); + default: + snprintf(unknown, sizeof unknown, "#%d", error_number); + return (unknown); + } +} diff --git a/contrib/openpam/lib/pam_verror.c b/contrib/openpam/lib/pam_verror.c new file mode 100644 index 0000000..feeaa6e --- /dev/null +++ b/contrib/openpam/lib/pam_verror.c @@ -0,0 +1,60 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Display an error message + */ + +int +pam_verror(pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_ERROR_MSG, &rsp, fmt, ap); + free(rsp); /* ignore response */ + return (r); +} diff --git a/contrib/openpam/lib/pam_vinfo.c b/contrib/openpam/lib/pam_vinfo.c new file mode 100644 index 0000000..2484998 --- /dev/null +++ b/contrib/openpam/lib/pam_vinfo.c @@ -0,0 +1,60 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Display an information message + */ + +int +pam_vinfo(pam_handle_t *pamh, + const char *fmt, + va_list ap) +{ + char *rsp; + int r; + + r = pam_vprompt(pamh, PAM_TEXT_INFO, &rsp, fmt, ap); + free(rsp); /* ignore response */ + return (r); +} diff --git a/contrib/openpam/lib/pam_vprompt.c b/contrib/openpam/lib/pam_vprompt.c new file mode 100644 index 0000000..f090b23 --- /dev/null +++ b/contrib/openpam/lib/pam_vprompt.c @@ -0,0 +1,74 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> + +#include <security/pam_appl.h> +#include <security/openpam.h> + +/* + * OpenPAM extension + * + * Call the conversation function + */ + +int +pam_vprompt(pam_handle_t *pamh, + int style, + char **resp, + const char *fmt, + va_list ap) +{ + char msgbuf[PAM_MAX_MSG_SIZE]; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *rsp; + struct pam_conv conv; + int r; + + if ((r = pam_get_item(pamh, PAM_CONV, (void *)&conv)) != PAM_SUCCESS) + return (r); + vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap); + msg.msg_style = style; + msg.msg = msgbuf; + msgp = &msg; + r = (conv.conv)(1, &msgp, &rsp, conv.appdata_ptr); + *resp = rsp == NULL ? NULL : rsp->resp; + free(rsp); + return (r); +} diff --git a/contrib/openpam/modules/Makefile b/contrib/openpam/modules/Makefile new file mode 100644 index 0000000..006a229 --- /dev/null +++ b/contrib/openpam/modules/Makefile @@ -0,0 +1,42 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +SUBDIR = +SUBDIR += pam_deny +SUBDIR += pam_dummy +SUBDIR += pam_permit + +.include <bsd.subdir.mk> diff --git a/contrib/openpam/modules/pam_deny/Makefile b/contrib/openpam/modules/pam_deny/Makefile new file mode 100644 index 0000000..acbd994 --- /dev/null +++ b/contrib/openpam/modules/pam_deny/Makefile @@ -0,0 +1,42 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +LIB = pam_deny +SHLIB_NAME = pam_deny.so +SRCS = pam_deny.c +CFLAGS += -I${.CURDIR}/../../include + +.include <bsd.lib.mk> diff --git a/contrib/openpam/modules/pam_deny/pam_deny.c b/contrib/openpam/modules/pam_deny/pam_deny.c new file mode 100644 index 0000000..2a219de --- /dev/null +++ b/contrib/openpam/modules/pam_deny/pam_deny.c @@ -0,0 +1,89 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <sys/param.h> + +#include <security/pam_modules.h> + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_PERM_DENIED); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_AUTH_ERR); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SESSION_ERR); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SESSION_ERR); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_PERM_DENIED); +} + +PAM_MODULE_ENTRY("pam_deny"); diff --git a/contrib/openpam/modules/pam_dummy/Makefile b/contrib/openpam/modules/pam_dummy/Makefile new file mode 100644 index 0000000..144828c --- /dev/null +++ b/contrib/openpam/modules/pam_dummy/Makefile @@ -0,0 +1,42 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +LIB = pam_dummy +SHLIB_NAME = pam_dummy.so +SRCS = pam_dummy.c +CFLAGS += -I${.CURDIR}/../../include + +.include <bsd.lib.mk> diff --git a/contrib/openpam/modules/pam_dummy/pam_dummy.c b/contrib/openpam/modules/pam_dummy/pam_dummy.c new file mode 100644 index 0000000..9d98f37 --- /dev/null +++ b/contrib/openpam/modules/pam_dummy/pam_dummy.c @@ -0,0 +1,48 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <sys/param.h> + +#include <security/pam_modules.h> + +PAM_SM_DUMMY(authenticate); +PAM_SM_DUMMY(setcred); +PAM_SM_DUMMY(acct_mgmt); +PAM_SM_DUMMY(open_session); +PAM_SM_DUMMY(close_session); +PAM_SM_DUMMY(chauthtok); + +PAM_MODULE_ENTRY("pam_deny"); diff --git a/contrib/openpam/modules/pam_permit/Makefile b/contrib/openpam/modules/pam_permit/Makefile new file mode 100644 index 0000000..93ae3d9 --- /dev/null +++ b/contrib/openpam/modules/pam_permit/Makefile @@ -0,0 +1,42 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +LIB = pam_permit +SHLIB_NAME = pam_permit.so +SRCS = pam_permit.c +CFLAGS += -I${.CURDIR}/../../include + +.include <bsd.lib.mk> diff --git a/contrib/openpam/modules/pam_permit/pam_permit.c b/contrib/openpam/modules/pam_permit/pam_permit.c new file mode 100644 index 0000000..856fb45 --- /dev/null +++ b/contrib/openpam/modules/pam_permit/pam_permit.c @@ -0,0 +1,89 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <sys/param.h> + +#include <security/pam_modules.h> + +PAM_EXTERN int +pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_EXTERN int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char *argv[]) +{ + + return (PAM_SUCCESS); +} + +PAM_MODULE_ENTRY("pam_permit"); |