diff options
Diffstat (limited to 'contrib/openpam/doc')
57 files changed, 5897 insertions, 0 deletions
diff --git a/contrib/openpam/doc/Makefile.am b/contrib/openpam/doc/Makefile.am new file mode 100644 index 000000000000..62b1f3518d44 --- /dev/null +++ b/contrib/openpam/doc/Makefile.am @@ -0,0 +1,3 @@ +# $OpenPAM: Makefile.am 938 2017-04-30 21:34:42Z des $ + +SUBDIRS = man diff --git a/contrib/openpam/doc/Makefile.in b/contrib/openpam/doc/Makefile.in new file mode 100644 index 000000000000..8086e9931380 --- /dev/null +++ b/contrib/openpam/doc/Makefile.in @@ -0,0 +1,631 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $OpenPAM: Makefile.am 938 2017-04-30 21:34:42Z des $ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pkg_config.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir distdir-am +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYB_TEST_CFLAGS = @CRYB_TEST_CFLAGS@ +CRYB_TEST_LIBS = @CRYB_TEST_LIBS@ +CRYB_TEST_VERSION = @CRYB_TEST_VERSION@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DL_LIBS = @DL_LIBS@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_MAJ = @LIB_MAJ@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEM_LIBPAM = @SYSTEM_LIBPAM@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgconfigdir = @pkgconfigdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = man +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/contrib/openpam/doc/man/Makefile.am b/contrib/openpam/doc/man/Makefile.am new file mode 100644 index 000000000000..a5431bcd1979 --- /dev/null +++ b/contrib/openpam/doc/man/Makefile.am @@ -0,0 +1,97 @@ +# $OpenPAM: Makefile.am 938 2017-04-30 21:34:42Z des $ + +NULL = + +# Standard PAM API +PAM_MAN = \ + pam_acct_mgmt.3 \ + pam_authenticate.3 \ + pam_chauthtok.3 \ + pam_close_session.3 \ + pam_end.3 \ + pam_get_data.3 \ + pam_get_item.3 \ + pam_get_user.3 \ + pam_getenv.3 \ + pam_getenvlist.3 \ + pam_open_session.3 \ + pam_putenv.3 \ + pam_set_data.3 \ + pam_set_item.3 \ + pam_setcred.3 \ + pam_start.3 \ + pam_strerror.3 \ + $(NULL) + +# Standard module API +MOD_MAN = \ + pam_sm_acct_mgmt.3 \ + pam_sm_authenticate.3 \ + pam_sm_chauthtok.3 \ + pam_sm_close_session.3 \ + pam_sm_open_session.3 \ + pam_sm_setcred.3 \ + $(NULL) + +# OpenPAM extensions +OPENPAM_MAN = \ + openpam_borrow_cred.3 \ + openpam_free_data.3 \ + openpam_free_envlist.3 \ + openpam_get_feature.3 \ + openpam_get_option.3 \ + openpam_log.3 \ + openpam_nullconv.3 \ + openpam_readline.3 \ + openpam_readlinev.3 \ + openpam_readword.3 \ + openpam_restore_cred.3 \ + openpam_set_feature.3 \ + openpam_set_option.3 \ + openpam_straddch.3 \ + openpam_subst.3 \ + openpam_ttyconv.3 \ + pam_error.3 \ + pam_get_authtok.3 \ + pam_info.3 \ + pam_prompt.3 \ + pam_setenv.3 \ + pam_verror.3 \ + pam_vinfo.3 \ + pam_vprompt.3 \ + $(NULL) + +EXTRA_DIST = openpam.man pam.man + +if !WITH_SYSTEM_LIBPAM +PAMCMAN = $(PAM_MAN) $(MOD_MAN) $(OPENPAM_MAN) +PAMXMAN = openpam.3 pam.3 +endif + +ALLCMAN = $(PAMCMAN) +GENMAN = $(ALLCMAN) $(PAMXMAN) + +dist_man3_MANS = $(GENMAN) pam_conv.3 + +dist_man5_MANS = pam.conf.5 + +CLEANFILES = $(GENMAN) + +GENDOC = $(top_srcdir)/misc/gendoc.pl + +LIBPAMSRCDIR = $(top_srcdir)/lib/libpam + +VPATH = $(LIBPAMSRCDIR) $(srcdir) + +SUFFIXES = .3 + +.c.3: $(GENDOC) + perl -w $(GENDOC) $< || rm $@ + +openpam.3: $(OPENPAM_MAN) $(GENDOC) $(srcdir)/openpam.man + perl -w $(GENDOC) -o $(OPENPAM_MAN) <$(srcdir)/openpam.man || rm $@ + +pam.3: $(PAM_MAN) $(GENDOC) $(srcdir)/pam.man + perl -w $(GENDOC) -p $(PAM_MAN) <$(srcdir)/pam.man || rm $@ + +$(GENMAN): $(GENDOC) diff --git a/contrib/openpam/doc/man/Makefile.in b/contrib/openpam/doc/man/Makefile.in new file mode 100644 index 000000000000..069cb38a6a76 --- /dev/null +++ b/contrib/openpam/doc/man/Makefile.in @@ -0,0 +1,658 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# $OpenPAM: Makefile.am 938 2017-04-30 21:34:42Z des $ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc/man +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pkg_config.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man3dir = $(mandir)/man3 +am__installdirs = "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" +man5dir = $(mandir)/man5 +NROFF = nroff +MANS = $(dist_man3_MANS) $(dist_man5_MANS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(dist_man3_MANS) $(dist_man5_MANS) \ + $(srcdir)/Makefile.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +VPATH = $(LIBPAMSRCDIR) $(srcdir) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYB_TEST_CFLAGS = @CRYB_TEST_CFLAGS@ +CRYB_TEST_LIBS = @CRYB_TEST_LIBS@ +CRYB_TEST_VERSION = @CRYB_TEST_VERSION@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DL_LIBS = @DL_LIBS@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_MAJ = @LIB_MAJ@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENPAM_MODULES_DIR = @OPENPAM_MODULES_DIR@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEM_LIBPAM = @SYSTEM_LIBPAM@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgconfigdir = @pkgconfigdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = + +# Standard PAM API +PAM_MAN = \ + pam_acct_mgmt.3 \ + pam_authenticate.3 \ + pam_chauthtok.3 \ + pam_close_session.3 \ + pam_end.3 \ + pam_get_data.3 \ + pam_get_item.3 \ + pam_get_user.3 \ + pam_getenv.3 \ + pam_getenvlist.3 \ + pam_open_session.3 \ + pam_putenv.3 \ + pam_set_data.3 \ + pam_set_item.3 \ + pam_setcred.3 \ + pam_start.3 \ + pam_strerror.3 \ + $(NULL) + + +# Standard module API +MOD_MAN = \ + pam_sm_acct_mgmt.3 \ + pam_sm_authenticate.3 \ + pam_sm_chauthtok.3 \ + pam_sm_close_session.3 \ + pam_sm_open_session.3 \ + pam_sm_setcred.3 \ + $(NULL) + + +# OpenPAM extensions +OPENPAM_MAN = \ + openpam_borrow_cred.3 \ + openpam_free_data.3 \ + openpam_free_envlist.3 \ + openpam_get_feature.3 \ + openpam_get_option.3 \ + openpam_log.3 \ + openpam_nullconv.3 \ + openpam_readline.3 \ + openpam_readlinev.3 \ + openpam_readword.3 \ + openpam_restore_cred.3 \ + openpam_set_feature.3 \ + openpam_set_option.3 \ + openpam_straddch.3 \ + openpam_subst.3 \ + openpam_ttyconv.3 \ + pam_error.3 \ + pam_get_authtok.3 \ + pam_info.3 \ + pam_prompt.3 \ + pam_setenv.3 \ + pam_verror.3 \ + pam_vinfo.3 \ + pam_vprompt.3 \ + $(NULL) + +EXTRA_DIST = openpam.man pam.man +@WITH_SYSTEM_LIBPAM_FALSE@PAMCMAN = $(PAM_MAN) $(MOD_MAN) $(OPENPAM_MAN) +@WITH_SYSTEM_LIBPAM_FALSE@PAMXMAN = openpam.3 pam.3 +ALLCMAN = $(PAMCMAN) +GENMAN = $(ALLCMAN) $(PAMXMAN) +dist_man3_MANS = $(GENMAN) pam_conv.3 +dist_man5_MANS = pam.conf.5 +CLEANFILES = $(GENMAN) +GENDOC = $(top_srcdir)/misc/gendoc.pl +LIBPAMSRCDIR = $(top_srcdir)/lib/libpam +SUFFIXES = .3 +all: all-am + +.SUFFIXES: +.SUFFIXES: .3 .c +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/man/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/man/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man3: $(dist_man3_MANS) + @$(NORMAL_INSTALL) + @list1='$(dist_man3_MANS)'; \ + list2=''; \ + test -n "$(man3dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.3[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + +uninstall-man3: + @$(NORMAL_UNINSTALL) + @list='$(dist_man3_MANS)'; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir) +install-man5: $(dist_man5_MANS) + @$(NORMAL_INSTALL) + @list1='$(dist_man5_MANS)'; \ + list2=''; \ + test -n "$(man5dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.5[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list='$(dist_man5_MANS)'; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man3 install-man5 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man3 uninstall-man5 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man3 install-man5 install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am uninstall-man uninstall-man3 uninstall-man5 + +.PRECIOUS: Makefile + + +.c.3: $(GENDOC) + perl -w $(GENDOC) $< || rm $@ + +openpam.3: $(OPENPAM_MAN) $(GENDOC) $(srcdir)/openpam.man + perl -w $(GENDOC) -o $(OPENPAM_MAN) <$(srcdir)/openpam.man || rm $@ + +pam.3: $(PAM_MAN) $(GENDOC) $(srcdir)/pam.man + perl -w $(GENDOC) -p $(PAM_MAN) <$(srcdir)/pam.man || rm $@ + +$(GENMAN): $(GENDOC) + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/contrib/openpam/doc/man/openpam.3 b/contrib/openpam/doc/man/openpam.3 new file mode 100644 index 000000000000..8e860aa69027 --- /dev/null +++ b/contrib/openpam/doc/man/openpam.3 @@ -0,0 +1,136 @@ +.\" Generated by gendoc.pl +.Dd February 24, 2019 +.Dt OPENPAM 3 +.Os +.Sh NAME +.Nm openpam_borrow_cred , +.Nm openpam_free_data , +.Nm openpam_free_envlist , +.Nm openpam_get_feature , +.Nm openpam_get_option , +.Nm openpam_log , +.Nm openpam_nullconv , +.Nm openpam_readline , +.Nm openpam_readlinev , +.Nm openpam_readword , +.Nm openpam_restore_cred , +.Nm openpam_set_feature , +.Nm openpam_set_option , +.Nm openpam_straddch , +.Nm openpam_subst , +.Nm openpam_ttyconv , +.Nm pam_error , +.Nm pam_get_authtok , +.Nm pam_info , +.Nm pam_prompt , +.Nm pam_setenv , +.Nm pam_verror , +.Nm pam_vinfo , +.Nm pam_vprompt +.Nd Pluggable Authentication Modules Library +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/openpam.h +.Ft "int" +.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd" +.Ft "void" +.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" +.Ft "void" +.Fn openpam_free_envlist "char **envlist" +.Ft "int" +.Fn openpam_get_feature "int feature" "int *onoff" +.Ft "const char *" +.Fn openpam_get_option "pam_handle_t *pamh" "const char *option" +.Ft "void" +.Fn openpam_log "int level" "const char *fmt" "..." +.Ft "int" +.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Ft "char *" +.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" +.Ft "char **" +.Fn openpam_readlinev "FILE *f" "int *lineno" "int *lenp" +.Ft "char *" +.Fn openpam_readword "FILE *f" "int *lineno" "size_t *lenp" +.Ft "int" +.Fn openpam_restore_cred "pam_handle_t *pamh" +.Ft "int" +.Fn openpam_set_feature "int feature" "int onoff" +.Ft "int" +.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value" +.Ft "int" +.Fn openpam_straddch "char **str" "size_t *size" "size_t *len" "int ch" +.Ft "int" +.Fn openpam_subst "const pam_handle_t *pamh" "char *buf" "size_t *bufsize" "const char *template" +.Ft "int" +.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Ft "int" +.Fn pam_error "const pam_handle_t *pamh" "const char *fmt" "..." +.Ft "int" +.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" +.Ft "int" +.Fn pam_info "const pam_handle_t *pamh" "const char *fmt" "..." +.Ft "int" +.Fn pam_prompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." +.Ft "int" +.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" +.Ft "int" +.Fn pam_verror "const pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Ft "int" +.Fn pam_vinfo "const pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Ft "int" +.Fn pam_vprompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" +.\" +.\" $OpenPAM: openpam.man 938 2017-04-30 21:34:42Z des $ +.\" +.Sh DESCRIPTION +These functions are OpenPAM extensions to the PAM API. +Those named +.Fn pam_* +are, in the author's opinion, logical and necessary extensions to the +standard API, while those named +.Fn openpam_* +are either simple convenience functions, or functions intimately tied +to OpenPAM implementation details, and therefore not well suited to +standardization. +.Sh SEE ALSO +.Xr openpam_borrow_cred 3 , +.Xr openpam_free_data 3 , +.Xr openpam_free_envlist 3 , +.Xr openpam_get_feature 3 , +.Xr openpam_get_option 3 , +.Xr openpam_log 3 , +.Xr openpam_nullconv 3 , +.Xr openpam_readline 3 , +.Xr openpam_readlinev 3 , +.Xr openpam_readword 3 , +.Xr openpam_restore_cred 3 , +.Xr openpam_set_feature 3 , +.Xr openpam_set_option 3 , +.Xr openpam_straddch 3 , +.Xr openpam_subst 3 , +.Xr openpam_ttyconv 3 , +.Xr pam_error 3 , +.Xr pam_get_authtok 3 , +.Xr pam_info 3 , +.Xr pam_prompt 3 , +.Xr pam_setenv 3 , +.Xr pam_verror 3 , +.Xr pam_vinfo 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam.man b/contrib/openpam/doc/man/openpam.man new file mode 100644 index 000000000000..251d41a97422 --- /dev/null +++ b/contrib/openpam/doc/man/openpam.man @@ -0,0 +1,13 @@ +.\" +.\" $OpenPAM: openpam.man 938 2017-04-30 21:34:42Z des $ +.\" +.Sh DESCRIPTION +These functions are OpenPAM extensions to the PAM API. +Those named +.Fn pam_* +are, in the author's opinion, logical and necessary extensions to the +standard API, while those named +.Fn openpam_* +are either simple convenience functions, or functions intimately tied +to OpenPAM implementation details, and therefore not well suited to +standardization. diff --git a/contrib/openpam/doc/man/openpam_borrow_cred.3 b/contrib/openpam/doc/man/openpam_borrow_cred.3 new file mode 100644 index 000000000000..f5684e596d04 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_borrow_cred.3 @@ -0,0 +1,65 @@ +.\" Generated from openpam_borrow_cred.c by gendoc.pl +.\" $OpenPAM: openpam_borrow_cred.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_BORROW_CRED 3 +.Os +.Sh NAME +.Nm openpam_borrow_cred +.Nd temporarily borrow user credentials +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd" +.Sh DESCRIPTION +The +.Fn openpam_borrow_cred +function saves the current credentials and +switches to those of the user specified by its +.Fa pwd +argument. +The affected credentials are the effective UID, the effective GID, and +the group access list. +The original credentials can be restored using +.Xr openpam_restore_cred 3 . +.Pp +.Sh RETURN VALUES +The +.Fn openpam_borrow_cred +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr setegid 2 , +.Xr seteuid 2 , +.Xr setgroups 2 , +.Xr openpam_restore_cred 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_borrow_cred +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_borrow_cred +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_free_data.3 b/contrib/openpam/doc/man/openpam_free_data.3 new file mode 100644 index 000000000000..a7ec62b8c03f --- /dev/null +++ b/contrib/openpam/doc/man/openpam_free_data.3 @@ -0,0 +1,46 @@ +.\" Generated from openpam_free_data.c by gendoc.pl +.\" $OpenPAM: openpam_free_data.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_FREE_DATA 3 +.Os +.Sh NAME +.Nm openpam_free_data +.Nd generic cleanup function +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "void" +.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" +.Sh DESCRIPTION +The +.Fn openpam_free_data +function is a cleanup function suitable for +passing to +.Xr pam_set_data 3 . +It simply releases the data by passing its +.Fa data +argument to +.Xr free 3 . +.Sh SEE ALSO +.Xr free 3 , +.Xr pam 3 , +.Xr pam_set_data 3 +.Sh STANDARDS +The +.Fn openpam_free_data +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_free_data +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_free_envlist.3 b/contrib/openpam/doc/man/openpam_free_envlist.3 new file mode 100644 index 000000000000..30295acb5117 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_free_envlist.3 @@ -0,0 +1,36 @@ +.\" Generated from openpam_free_envlist.c by gendoc.pl +.\" $OpenPAM: openpam_free_envlist.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_FREE_ENVLIST 3 +.Os +.Sh NAME +.Nm openpam_free_envlist +.Nd free an environment list +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "void" +.Fn openpam_free_envlist "char **envlist" +.Sh DESCRIPTION +The +.Fn openpam_free_envlist +function is a convenience function which +frees all the environment variables in an environment list, and the +list itself. +It is suitable for freeing the return value from +.Xr pam_getenvlist 3 . +.Pp +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_getenvlist 3 +.Sh STANDARDS +The +.Fn openpam_free_envlist +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_free_envlist +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_get_feature.3 b/contrib/openpam/doc/man/openpam_get_feature.3 new file mode 100644 index 000000000000..f114c7edb524 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_get_feature.3 @@ -0,0 +1,71 @@ +.\" Generated from openpam_get_feature.c by gendoc.pl +.\" $OpenPAM: openpam_get_feature.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_GET_FEATURE 3 +.Os +.Sh NAME +.Nm openpam_get_feature +.Nd query the state of an optional feature +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_get_feature "int feature" "int *onoff" +.Sh DESCRIPTION +.Bf Sy +This function is experimental and may be modified or removed in a future release without prior warning. +.Ef +.Pp +The +.Fn openpam_get_feature +function stores the current state of the +specified feature in the variable pointed to by its +.Fa onoff +argument. +.Pp +The following features are recognized: +.Bl -tag -width 18n +.It Dv OPENPAM_RESTRICT_SERVICE_NAME +Disallow path separators in service names. +This feature is enabled by default. +Disabling it allows the application to specify the path to +the desired policy file directly. +.It Dv OPENPAM_VERIFY_POLICY_FILE +Verify the ownership and permissions of the policy file +and the path leading up to it. +This feature is enabled by default. +.It Dv OPENPAM_RESTRICT_MODULE_NAME +Disallow path separators in module names. +This feature is disabled by default. +Enabling it prevents the use of modules in non-standard +locations. +.It Dv OPENPAM_VERIFY_MODULE_FILE +Verify the ownership and permissions of each loadable +module and the path leading up to it. +This feature is enabled by default. +.El +.Sh RETURN VALUES +The +.Fn openpam_get_feature +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_FEATURE +Unrecognized or restricted feature. +.El +.Sh SEE ALSO +.Xr openpam_set_feature 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_get_feature +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_get_feature +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_get_option.3 b/contrib/openpam/doc/man/openpam_get_option.3 new file mode 100644 index 000000000000..7bf718b85534 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_get_option.3 @@ -0,0 +1,49 @@ +.\" Generated from openpam_get_option.c by gendoc.pl +.\" $OpenPAM: openpam_get_option.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_GET_OPTION 3 +.Os +.Sh NAME +.Nm openpam_get_option +.Nd returns the value of a module option +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "const char *" +.Fn openpam_get_option "pam_handle_t *pamh" "const char *option" +.Sh DESCRIPTION +The +.Fn openpam_get_option +function returns the value of the specified +option in the context of the currently executing service module, or +.Dv NULL +if the option is not set or no module is currently executing. +.Pp +.Sh RETURN VALUES +The +.Fn openpam_get_option +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr openpam_set_option 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Fn openpam_get_option +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_get_option +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_log.3 b/contrib/openpam/doc/man/openpam_log.3 new file mode 100644 index 000000000000..203b77506a9b --- /dev/null +++ b/contrib/openpam/doc/man/openpam_log.3 @@ -0,0 +1,91 @@ +.\" Generated from openpam_log.c by gendoc.pl +.\" $OpenPAM: openpam_log.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_LOG 3 +.Os +.Sh NAME +.Nm openpam_log +.Nd log a message through syslog +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "void" +.Fn openpam_log "int level" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Fn openpam_log +function logs messages using +.Xr syslog 3 . +It is primarily intended for internal use by the library and modules. +.Pp +The +.Fa level +argument indicates the importance of the message. +The following levels are defined: +.Bl -tag -width 18n +.It Dv PAM_LOG_LIBDEBUG +Debugging messages. +For internal use only. +.It Dv PAM_LOG_DEBUG +Debugging messages. +These messages are normally not logged unless the global +integer variable +.Va openpam_debug +is set to a non-zero +value, in which case they are logged with a +.Xr syslog 3 +priority of +.Dv LOG_DEBUG . +.It Dv PAM_LOG_VERBOSE +Information about the progress of the authentication +process, or other non-essential messages. +These messages are logged with a +.Xr syslog 3 +priority of +.Dv LOG_INFO . +.It Dv PAM_LOG_NOTICE +Messages relating to non-fatal errors. +These messages are logged with a +.Xr syslog 3 +priority of +.Dv LOG_NOTICE . +.It Dv PAM_LOG_ERROR +Messages relating to serious errors. +These messages are logged with a +.Xr syslog 3 +priority of +.Dv LOG_ERR . +.El +.Pp +The remaining arguments are a +.Xr printf 3 +format string and the +corresponding arguments. +.Pp +The +.Fn openpam_log +function does not modify the value of +.Va errno . +.Sh SEE ALSO +.Xr pam 3 , +.Xr printf 3 , +.Xr syslog 3 +.Sh STANDARDS +The +.Fn openpam_log +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_log +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_nullconv.3 b/contrib/openpam/doc/man/openpam_nullconv.3 new file mode 100644 index 000000000000..3bbad28d15ae --- /dev/null +++ b/contrib/openpam/doc/man/openpam_nullconv.3 @@ -0,0 +1,72 @@ +.\" Generated from openpam_nullconv.c by gendoc.pl +.\" $OpenPAM: openpam_nullconv.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_NULLCONV 3 +.Os +.Sh NAME +.Nm openpam_nullconv +.Nd null conversation function +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Sh DESCRIPTION +The +.Fn openpam_nullconv +function is a null conversation function suitable +for applications that want to use PAM but don't support interactive +dialog with the user. +Such applications should set +.Dv PAM_AUTHTOK +to whatever authentication +token they've obtained on their own before calling +.Xr pam_authenticate 3 +and / or +.Xr pam_chauthtok 3 , +and their PAM configuration should specify the +.Dv use_first_pass +option for all modules that require access to the +authentication token, to make sure they use +.Dv PAM_AUTHTOK +rather than +try to query the user. +.Pp +.Sh RETURN VALUES +The +.Fn openpam_nullconv +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.El +.Sh SEE ALSO +.Xr openpam_ttyconv 3 , +.Xr pam 3 , +.Xr pam_authenticate 3 , +.Xr pam_chauthtok 3 , +.Xr pam_prompt 3 , +.Xr pam_set_item 3 , +.Xr pam_strerror 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Fn openpam_nullconv +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_nullconv +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_readline.3 b/contrib/openpam/doc/man/openpam_readline.3 new file mode 100644 index 000000000000..09164ac3c8fb --- /dev/null +++ b/contrib/openpam/doc/man/openpam_readline.3 @@ -0,0 +1,89 @@ +.\" Generated from openpam_readline.c by gendoc.pl +.\" $OpenPAM: openpam_readline.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_READLINE 3 +.Os +.Sh NAME +.Nm openpam_readline +.Nd read a line from a file +.Sh SYNOPSIS +.In sys/types.h +.In stdio.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "char *" +.Fn openpam_readline "FILE *f" "int *lineno" "size_t *lenp" +.Sh DESCRIPTION +.Bf Sy +This function is deprecated and may be removed in a future release without further warning. +The +.Fn openpam_readlinev +function may be used to achieve similar results. +.Ef +.Pp +The +.Fn openpam_readline +function reads a line from a file, and returns it +in a NUL-terminated buffer allocated with +.Xr malloc 3 . +.Pp +The +.Fn openpam_readline +function performs a certain amount of processing +on the data it reads: +.Bl -bullet +.It +Comments (introduced by a hash sign) are stripped. +.It +Blank lines are ignored. +.It +If a line ends in a backslash, the backslash is stripped and the +next line is appended. +.El +.Pp +If +.Fa lineno +is not +.Dv NULL , +the integer variable it points to is +incremented every time a newline character is read. +.Pp +If +.Fa lenp +is not +.Dv NULL , +the length of the line (not including the +terminating NUL character) is stored in the variable it points to. +.Pp +The caller is responsible for releasing the returned buffer by passing +it to +.Xr free 3 . +.Pp +.Sh RETURN VALUES +The +.Fn openpam_readline +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr openpam_readlinev 3 , +.Xr openpam_readword 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Fn openpam_readline +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_readline +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_readlinev.3 b/contrib/openpam/doc/man/openpam_readlinev.3 new file mode 100644 index 000000000000..351e7066d6d7 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_readlinev.3 @@ -0,0 +1,123 @@ +.\" Generated from openpam_readlinev.c by gendoc.pl +.\" $OpenPAM: openpam_readlinev.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_READLINEV 3 +.Os +.Sh NAME +.Nm openpam_readlinev +.Nd read a line from a file and split it into words +.Sh SYNOPSIS +.In sys/types.h +.In stdio.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "char **" +.Fn openpam_readlinev "FILE *f" "int *lineno" "int *lenp" +.Sh DESCRIPTION +The +.Fn openpam_readlinev +function reads a line from a file, splits it +into words according to the rules described in the +.Xr openpam_readword 3 +manual page, and returns a list of those words. +.Pp +If +.Fa lineno +is not +.Dv NULL , +the integer variable it points to is +incremented every time a newline character is read. +This includes quoted or escaped newline characters and the newline +character at the end of the line. +.Pp +If +.Fa lenp +is not +.Dv NULL , +the number of words on the line is stored in the +variable to which it points. +.Sh RETURN VALUES +If successful, the +.Fn openpam_readlinev +function returns a pointer to a +dynamically allocated array of pointers to individual dynamically +allocated NUL-terminated strings, each containing a single word, in the +order in which they were encountered on the line. +The array is terminated by a +.Dv NULL +pointer. +.Pp +The caller is responsible for freeing both the array and the individual +strings by passing each of them to +.Xr free 3 . +.Pp +If the end of the line was reached before any words were read, +.Fn openpam_readlinev +returns a pointer to a dynamically allocated array +containing a single +.Dv NULL +pointer. +.Pp +The +.Fn openpam_readlinev +function can fail and return +.Dv NULL +for one of +four reasons: +.Bl -bullet +.It +The end of the file was reached before any words were read; +.Va errno +is +zero, +.Xr ferror 3 +returns zero, and +.Xr feof 3 +returns a non-zero value. +.It +The end of the file was reached while a quote or backslash escape +was in effect; +.Va errno +is set to +.Dv EINVAL , +.Xr ferror 3 +returns zero, and +.Xr feof 3 +returns a non-zero value. +.It +An error occurred while reading from the file; +.Va errno +is non-zero, +.Xr ferror 3 +returns a non-zero value and +.Xr feof 3 +returns zero. +.It +A +.Xr malloc 3 +or +.Xr realloc 3 +call failed; +.Va errno +is set to +.Dv ENOMEM , +.Xr ferror 3 +returns a non-zero value, and +.Xr feof 3 +may or may not return +a non-zero value. +.El +.Sh SEE ALSO +.Xr openpam_readline 3 , +.Xr openpam_readword 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Fn openpam_readlinev +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_readlinev +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_readword.3 b/contrib/openpam/doc/man/openpam_readword.3 new file mode 100644 index 000000000000..6393a80a21a2 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_readword.3 @@ -0,0 +1,116 @@ +.\" Generated from openpam_readword.c by gendoc.pl +.\" $OpenPAM: openpam_readword.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_READWORD 3 +.Os +.Sh NAME +.Nm openpam_readword +.Nd read a word from a file, respecting shell quoting rules +.Sh SYNOPSIS +.In sys/types.h +.In stdio.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "char *" +.Fn openpam_readword "FILE *f" "int *lineno" "size_t *lenp" +.Sh DESCRIPTION +The +.Fn openpam_readword +function reads the next word from a file, and +returns it in a NUL-terminated buffer allocated with +.Xr malloc 3 . +.Pp +A word is a sequence of non-whitespace characters. +However, whitespace characters can be included in a word if quoted or +escaped according to the following rules: +.Bl -bullet +.It +An unescaped single or double quote introduces a quoted string, +which ends when the same quote character is encountered a second +time. +The quotes themselves are stripped. +.It +Within a single- or double-quoted string, all whitespace characters, +including the newline character, are preserved as-is. +.It +Outside a quoted string, a backslash escapes the next character, +which is preserved as-is, unless that character is a newline, in +which case it is discarded and reading continues at the beginning of +the next line as if the backslash and newline had not been there. +In all cases, the backslash itself is discarded. +.It +Within a single-quoted string, double quotes and backslashes are +preserved as-is. +.It +Within a double-quoted string, a single quote is preserved as-is, +and a backslash is preserved as-is unless used to escape a double +quote. +.El +.Pp +In addition, if the first non-whitespace character on the line is a +hash character (#), the rest of the line is discarded. +If a hash character occurs within a word, however, it is preserved +as-is. +A backslash at the end of a comment does cause line continuation. +.Pp +If +.Fa lineno +is not +.Dv NULL , +the integer variable it points to is +incremented every time a quoted or escaped newline character is read. +.Pp +If +.Fa lenp +is not +.Dv NULL , +the length of the word (after quotes and +backslashes have been removed) is stored in the variable it points to. +.Sh RETURN VALUES +If successful, the +.Fn openpam_readword +function returns a pointer to a +dynamically allocated NUL-terminated string containing the first word +encountered on the line. +.Pp +The caller is responsible for releasing the returned buffer by passing +it to +.Xr free 3 . +.Pp +If +.Fn openpam_readword +reaches the end of the line or file before any +characters are copied to the word, it returns +.Dv NULL . +In the former +case, the newline is pushed back to the file. +.Pp +If +.Fn openpam_readword +reaches the end of the file while a quote or +backslash escape is in effect, it sets +.Va errno +to +.Dv EINVAL +and returns +.Dv NULL . +.Sh IMPLEMENTATION NOTES +The parsing rules are intended to be equivalent to the normal POSIX +shell quoting rules. +Any discrepancy is a bug and should be reported to the author along +with sample input that can be used to reproduce the error. +.Pp +.Sh SEE ALSO +.Xr openpam_readline 3 , +.Xr openpam_readlinev 3 , +.Xr pam 3 +.Sh STANDARDS +The +.Fn openpam_readword +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_readword +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_restore_cred.3 b/contrib/openpam/doc/man/openpam_restore_cred.3 new file mode 100644 index 000000000000..38782738c5e3 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_restore_cred.3 @@ -0,0 +1,57 @@ +.\" Generated from openpam_restore_cred.c by gendoc.pl +.\" $OpenPAM: openpam_restore_cred.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_RESTORE_CRED 3 +.Os +.Sh NAME +.Nm openpam_restore_cred +.Nd restore credentials +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_restore_cred "pam_handle_t *pamh" +.Sh DESCRIPTION +The +.Fn openpam_restore_cred +function restores the credentials saved by +.Xr openpam_borrow_cred 3 . +.Pp +.Sh RETURN VALUES +The +.Fn openpam_restore_cred +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_NO_MODULE_DATA +Module data not found. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr setegid 2 , +.Xr seteuid 2 , +.Xr setgroups 2 , +.Xr openpam_borrow_cred 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_restore_cred +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_restore_cred +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_set_feature.3 b/contrib/openpam/doc/man/openpam_set_feature.3 new file mode 100644 index 000000000000..4d05de052852 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_set_feature.3 @@ -0,0 +1,53 @@ +.\" Generated from openpam_set_feature.c by gendoc.pl +.\" $OpenPAM: openpam_set_feature.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_SET_FEATURE 3 +.Os +.Sh NAME +.Nm openpam_set_feature +.Nd enable or disable an optional feature +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_set_feature "int feature" "int onoff" +.Sh DESCRIPTION +.Bf Sy +This function is experimental and may be modified or removed in a future release without prior warning. +.Ef +.Pp +The +.Fn openpam_set_feature +function sets the state of the specified +feature to the value specified by the +.Fa onoff +argument. +See +.Xr openpam_get_feature 3 +for a list of recognized features. +.Pp +.Sh RETURN VALUES +The +.Fn openpam_set_feature +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_FEATURE +Unrecognized or restricted feature. +.El +.Sh SEE ALSO +.Xr openpam_get_feature 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_set_feature +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_set_feature +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_set_option.3 b/contrib/openpam/doc/man/openpam_set_option.3 new file mode 100644 index 000000000000..5104c13f5682 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_set_option.3 @@ -0,0 +1,54 @@ +.\" Generated from openpam_set_option.c by gendoc.pl +.\" $OpenPAM: openpam_set_option.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_SET_OPTION 3 +.Os +.Sh NAME +.Nm openpam_set_option +.Nd sets the value of a module option +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value" +.Sh DESCRIPTION +The +.Fn openpam_set_option +function sets the specified option in the +context of the currently executing service module. +.Pp +.Sh RETURN VALUES +The +.Fn openpam_set_option +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr openpam_get_option 3 , +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_set_option +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_set_option +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_straddch.3 b/contrib/openpam/doc/man/openpam_straddch.3 new file mode 100644 index 000000000000..573b79e1289b --- /dev/null +++ b/contrib/openpam/doc/man/openpam_straddch.3 @@ -0,0 +1,103 @@ +.\" Generated from openpam_straddch.c by gendoc.pl +.\" $OpenPAM: openpam_straddch.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_STRADDCH 3 +.Os +.Sh NAME +.Nm openpam_straddch +.Nd add a character to a string, expanding the buffer if needed +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_straddch "char **str" "size_t *size" "size_t *len" "int ch" +.Sh DESCRIPTION +The +.Fn openpam_straddch +function appends a character to a dynamically +allocated NUL-terminated buffer, reallocating the buffer as needed. +.Pp +The +.Fa str +argument points to a variable containing either a pointer to +an existing buffer or +.Dv NULL . +If the value of the variable pointed to by +.Fa str +is +.Dv NULL , +a new buffer +is allocated. +.Pp +The +.Fa size +and +.Fa len +argument point to variables used to hold the size +of the buffer and the length of the string it contains, respectively. +.Pp +The final argument, +.Fa ch , +is the character that should be appended to +the string. If +.Fa ch +is 0, nothing is appended, but a new buffer is +still allocated if +.Fa str +is NULL. This can be used to +.Do +bootstrap +.Dc +the +string. +.Pp +If a new buffer is allocated or an existing buffer is reallocated to +make room for the additional character, +.Fa str +and +.Fa size +are updated +accordingly. +.Pp +The +.Fn openpam_straddch +function ensures that the buffer is always +NUL-terminated. +.Pp +If the +.Fn openpam_straddch +function is successful, it increments the +integer variable pointed to by +.Fa len +(unless +.Fa ch +was 0) and returns 0. +Otherwise, it leaves the variables pointed to by +.Fa str , +.Fa size +and +.Fa len +unmodified, sets +.Va errno +to +.Dv ENOMEM +and returns -1. +.Pp +.Sh RETURN VALUES +The +.Fn openpam_straddch +function returns 0 on success and -1 on failure. +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_straddch +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_straddch +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_subst.3 b/contrib/openpam/doc/man/openpam_subst.3 new file mode 100644 index 000000000000..f98530a13062 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_subst.3 @@ -0,0 +1,106 @@ +.\" Generated from openpam_subst.c by gendoc.pl +.\" $OpenPAM: openpam_subst.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_SUBST 3 +.Os +.Sh NAME +.Nm openpam_subst +.Nd substitute PAM item values in a string +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_subst "const pam_handle_t *pamh" "char *buf" "size_t *bufsize" "const char *template" +.Sh DESCRIPTION +The +.Fn openpam_subst +function expands a string, substituting PAM item +values for all occurrences of specific substitution codes. +The +.Fa template +argument points to the initial string. +The result is stored in the buffer pointed to by the +.Fa buf +argument; the +.Fa bufsize +argument specifies the size of that buffer. +The actual size of the resulting string, including the terminating NUL +character, is stored in the location pointed to by the +.Fa bufsize +argument. +.Pp +If +.Fa buf +is NULL, or if the buffer is too small to hold the expanded +string, +.Fa bufsize +is updated to reflect the amount of space required to +hold the entire string, and +.Fn openpam_subst +returns +.Dv PAM_TRY_AGAIN . +.Pp +If +.Fn openpam_subst +fails for any other reason, the +.Fa bufsize +argument is +untouched, but part of the buffer may still have been overwritten. +.Pp +Substitution codes are introduced by a percent character and correspond +to PAM items: +.Bl -tag -width 18n +.It \&%H +Replaced by the current value of the +.Dv PAM_RHOST +item. +.It \&%h +Replaced by the current value of the +.Dv PAM_HOST +item. +.It \&%s +Replaced by the current value of the +.Dv PAM_SERVICE +item. +.It \&%t +Replaced by the current value of the +.Dv PAM_TTY +item. +.It \&%U +Replaced by the current value of the +.Dv PAM_RUSER +item. +.It \&%u +Replaced by the current value of the +.Dv PAM_USER +item. +.El +.Sh RETURN VALUES +The +.Fn openpam_subst +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_ITEM +Unrecognized or restricted item. +.It Bq Er PAM_TRY_AGAIN +Try again. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_get_authtok 3 , +.Xr pam_get_item 3 , +.Xr pam_get_user 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn openpam_subst +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_subst +function and this manual page were +developed by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/openpam_ttyconv.3 b/contrib/openpam/doc/man/openpam_ttyconv.3 new file mode 100644 index 000000000000..144026ba5ad4 --- /dev/null +++ b/contrib/openpam/doc/man/openpam_ttyconv.3 @@ -0,0 +1,67 @@ +.\" Generated from openpam_ttyconv.c by gendoc.pl +.\" $OpenPAM: openpam_ttyconv.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt OPENPAM_TTYCONV 3 +.Os +.Sh NAME +.Nm openpam_ttyconv +.Nd simple tty-based conversation function +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/openpam.h +.Ft "int" +.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data" +.Sh DESCRIPTION +The +.Fn openpam_ttyconv +function is a standard conversation function +suitable for use on TTY devices. +It should be adequate for the needs of most text-based interactive +programs. +.Pp +The +.Fn openpam_ttyconv +function allows the application to specify a +timeout for user input by setting the global integer variable +.Va openpam_ttyconv_timeout +to the length of the timeout in seconds. +.Pp +.Sh RETURN VALUES +The +.Fn openpam_ttyconv +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr openpam_nullconv 3 , +.Xr pam 3 , +.Xr pam_prompt 3 , +.Xr pam_strerror 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Fn openpam_ttyconv +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn openpam_ttyconv +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3 new file mode 100644 index 000000000000..64b7c17abda1 --- /dev/null +++ b/contrib/openpam/doc/man/pam.3 @@ -0,0 +1,269 @@ +.\" Generated by gendoc.pl +.Dd February 24, 2019 +.Dt PAM 3 +.Os +.Sh NAME +.Nm pam_acct_mgmt , +.Nm pam_authenticate , +.Nm pam_chauthtok , +.Nm pam_close_session , +.Nm pam_end , +.Nm pam_get_data , +.Nm pam_get_item , +.Nm pam_get_user , +.Nm pam_getenv , +.Nm pam_getenvlist , +.Nm pam_open_session , +.Nm pam_putenv , +.Nm pam_set_data , +.Nm pam_set_item , +.Nm pam_setcred , +.Nm pam_start , +.Nm pam_strerror +.Nd Pluggable Authentication Modules Library +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Ft "int" +.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_authenticate "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_chauthtok "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_close_session "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_end "pam_handle_t *pamh" "int status" +.Ft "int" +.Fn pam_get_data "const pam_handle_t *pamh" "const char *module_data_name" "const void **data" +.Ft "int" +.Fn pam_get_item "const pam_handle_t *pamh" "int item_type" "const void **item" +.Ft "int" +.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" +.Ft "const char *" +.Fn pam_getenv "pam_handle_t *pamh" "const char *name" +.Ft "char **" +.Fn pam_getenvlist "pam_handle_t *pamh" +.Ft "int" +.Fn pam_open_session "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" +.Ft "int" +.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" +.Ft "int" +.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" +.Ft "int" +.Fn pam_setcred "pam_handle_t *pamh" "int flags" +.Ft "int" +.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" +.Ft "const char *" +.Fn pam_strerror "const pam_handle_t *pamh" "int error_number" +.\" +.\" $OpenPAM: pam.man 938 2017-04-30 21:34:42Z des $ +.\" +.Sh DESCRIPTION +The Pluggable Authentication Modules (PAM) library abstracts a number +of common authentication-related operations and provides a framework +for dynamically loaded modules that implement these operations in +various ways. +.Ss Terminology +In PAM parlance, the application that uses PAM to authenticate a user +is the server, and is identified for configuration purposes by a +service name, which is often (but not necessarily) the program name. +.Pp +The user requesting authentication is called the applicant, while the +user (usually, root) charged with verifying his identity and granting +him the requested credentials is called the arbitrator. +.Pp +The sequence of operations the server goes through to authenticate a +user and perform whatever task he requested is a PAM transaction; the +context within which the server performs the requested task is called +a session. +.Pp +The functionality embodied by PAM is divided into six primitives +grouped into four facilities: authentication, account management, +session management and password management. +.Ss Conversation +The PAM library expects the application to provide a conversation +callback which it can use to communicate with the user. +Some modules may use specialized conversation functions to communicate +with special hardware such as cryptographic dongles or biometric +devices. +See +.Xr pam_conv 3 +for details. +.Ss Initialization and Cleanup +The +.Fn pam_start +function initializes the PAM library and returns a handle which must +be provided in all subsequent function calls. +The transaction state is contained entirely within the structure +identified by this handle, so it is possible to conduct multiple +transactions in parallel. +.Pp +The +.Fn pam_end +function releases all resources associated with the specified context, +and can be called at any time to terminate a PAM transaction. +.Ss Storage +The +.Fn pam_set_item +and +.Fn pam_get_item +functions set and retrieve a number of predefined items, including the +service name, the names of the requesting and target users, the +conversation function, and prompts. +.Pp +The +.Fn pam_set_data +and +.Fn pam_get_data +functions manage named chunks of free-form data, generally used by +modules to store state from one invocation to another. +.Ss Authentication +There are two authentication primitives: +.Fn pam_authenticate +and +.Fn pam_setcred . +The former authenticates the user, while the latter manages his +credentials. +.Ss Account Management +The +.Fn pam_acct_mgmt +function enforces policies such as password expiry, account expiry, +time-of-day restrictions, and so forth. +.Ss Session Management +The +.Fn pam_open_session +and +.Fn pam_close_session +functions handle session setup and teardown. +.Ss Password Management +The +.Fn pam_chauthtok +function allows the server to change the user's password, either at +the user's request or because the password has expired. +.Ss Miscellaneous +The +.Fn pam_putenv , +.Fn pam_getenv +and +.Fn pam_getenvlist +functions manage a private environment list in which modules can set +environment variables they want the server to export during the +session. +.Pp +The +.Fn pam_strerror +function returns a pointer to a string describing the specified PAM +error code. +.Sh RETURN VALUES +The following return codes are defined by +.In security/pam_constants.h : +.Bl -tag -width 18n +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_ACCT_EXPIRED +User account has expired. +.It Bq Er PAM_AUTHINFO_UNAVAIL +Authentication information is unavailable. +.It Bq Er PAM_AUTHTOK_DISABLE_AGING +Authentication token aging disabled. +.It Bq Er PAM_AUTHTOK_ERR +Authentication token failure. +.It Bq Er PAM_AUTHTOK_EXPIRED +Password has expired. +.It Bq Er PAM_AUTHTOK_LOCK_BUSY +Authentication token lock busy. +.It Bq Er PAM_AUTHTOK_RECOVERY_ERR +Failed to recover old authentication token. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BAD_CONSTANT +Bad constant. +.It Bq Er PAM_BAD_FEATURE +Unrecognized or restricted feature. +.It Bq Er PAM_BAD_HANDLE +Invalid PAM handle. +.It Bq Er PAM_BAD_ITEM +Unrecognized or restricted item. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_ERR +Failed to set user credentials. +.It Bq Er PAM_CRED_EXPIRED +User credentials have expired. +.It Bq Er PAM_CRED_INSUFFICIENT +Insufficient credentials. +.It Bq Er PAM_CRED_UNAVAIL +Failed to retrieve user credentials. +.It Bq Er PAM_DOMAIN_UNKNOWN +Unknown authentication domain. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_MAXTRIES +Maximum number of tries exceeded. +.It Bq Er PAM_MODULE_UNKNOWN +Unknown module type. +.It Bq Er PAM_NEW_AUTHTOK_REQD +New authentication token required. +.It Bq Er PAM_NO_MODULE_DATA +Module data not found. +.It Bq Er PAM_OPEN_ERR +Failed to load module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_SYMBOL_ERR +Invalid symbol. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_TRY_AGAIN +Try again. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr openpam 3 , +.Xr pam_acct_mgmt 3 , +.Xr pam_authenticate 3 , +.Xr pam_chauthtok 3 , +.Xr pam_close_session 3 , +.Xr pam_conv 3 , +.Xr pam_end 3 , +.Xr pam_get_data 3 , +.Xr pam_getenv 3 , +.Xr pam_getenvlist 3 , +.Xr pam_get_item 3 , +.Xr pam_get_user 3 , +.Xr pam_open_session 3 , +.Xr pam_putenv 3 , +.Xr pam_setcred 3 , +.Xr pam_set_data 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library and this manual page were developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam.conf.5 b/contrib/openpam/doc/man/pam.conf.5 new file mode 100644 index 000000000000..39f16782067d --- /dev/null +++ b/contrib/openpam/doc/man/pam.conf.5 @@ -0,0 +1,215 @@ +.\"- +.\" Copyright (c) 2005-2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $OpenPAM: pam.conf.5 947 2019-02-24 20:18:17Z des $ +.\" +.Dd February 24, 2019 +.Dt PAM.CONF 5 +.Os +.Sh NAME +.Nm pam.conf +.Nd PAM policy file format +.Sh DESCRIPTION +The PAM library searches for policies in the following files, in +decreasing order of preference: +.Bl -enum +.It +.Pa /etc/pam.d/ Ns Ar service-name +.It +.Pa /etc/pam.conf +.It +.Pa /usr/local/etc/pam.d/ Ns Ar service-name +.It +.Pa /usr/local/etc/pam.conf +.El +.Pp +If none of these locations contains a policy for the given service, +the +.Dq Dv other +policy is used instead, if it exists. +.Pp +Entries in per-service policy files must be of one of the two forms +below: +.Bd -unfilled -offset indent +.Ar facility control-flag module-path Op Ar arguments ... +.Ar facility Cm include Ar other-service-name +.Ed +.Pp +Entries in +.Pa pam.conf Ns -style +policy files are of the same form, but are prefixed by an additional +field specifying the name of the service they apply to. +.Pp +In both cases, blank lines and comments introduced by a +.Ql # +sign are ignored, and the normal shell quoting rules apply. +The precise details of how the file is tokenized are described in +.Xr openpam_readword 3 . +.Pp +The +.Ar facility +field specifies the facility the entry applies to, and is one of: +.Bl -tag -width 12n +.It Cm auth +Authentication functions +.Po +.Xr pam_authenticate 3 , +.Xr pam_setcred 3 +.Pc +.It Cm account +Account management functions +.Pq Xr pam_acct_mgmt 3 +.It Cm session +Session handling functions +.Po +.Xr pam_open_session 3 , +.Xr pam_close_session 3 +.Pc +.It Cm password +Password management functions +.Pq Xr pam_chauthtok 3 +.El +.Pp +The +.Ar control-flag +field determines how the result returned by the module affects the +flow of control through (and the final result of) the rest of the +chain, and is one of: +.Bl -tag -width 12n +.It Cm required +If this module succeeds, the result of the chain will be success +unless a later module fails. +If it fails, the rest of the chain still runs, but the final result +will be failure regardless of the success of later modules. +.It Cm requisite +If this module succeeds, the result of the chain will be success +unless a later module fails. +If the module fails, the chain is broken and the result is failure. +.It Cm sufficient +If this module succeeds, the chain is broken and the result is +success. +If it fails, the rest of the chain still runs, but the final result +will be failure unless a later module succeeds. +.It Cm binding +If this module succeeds, the chain is broken and the result is +success. +If it fails, the rest of the chain still runs, but the final result +will be failure regardless of the success of later modules. +.It Cm optional +If this module succeeds, the result of the chain will be success +unless a later module fails. +If this module fails, the result of the chain will be failure unless a +later module succeeds. +.El +.Pp +There are two exceptions to the above: +.Cm sufficient +and +.Cm binding +modules are treated as +.Cm optional +by +.Xr pam_setcred 3 , +and in the +.Dv PAM_PRELIM_CHECK +phase of +.Xr pam_chauthtok 3 . +.Pp +The +.Ar module-path +field specifies the name or full path of the module to call. +If only the name is specified, the PAM library will search for it in +the following locations: +.Bl -enum +.It +.Pa /usr/lib +.It +.Pa /usr/local/lib +.El +.Pp +The remaining fields, if any, are passed unmodified to the module if +and when it is invoked. +.Pp +The +.Cm include +form of entry causes entries from a different chain (specified by +.Ar other-system-name ) +to be included in the current one. +This allows one to define system-wide policies which are then included +into service-specific policies. +The system-wide policy can then be modified without having to also +modify each and every service-specific policy. +.Pp +.Bf -symbolic +Take care not to introduce loops when using +.Cm include +rules, as there is currently no loop detection in place. +.Ef +.Sh MODULE OPTIONS +Some PAM library functions may alter their behavior when called by a +service module if certain module options were specified, regardless of +whether the module itself accords them any importance. +One such option is +.Cm debug , +which causes the dispatcher to enable debugging messages before +calling each service function, and disable them afterwards (unless +they were already enabled). +Other special options include: +.Bl -tag -width 12n +.It Cm authtok_prompt Ns = Ns Ar prompt , Cm oldauthtok_prompt Ns = Ns Ar prompt , Cm user_prompt Ns = Ns Ar prompt +These options can be used to override the prompts used by +.Xr pam_get_authtok 3 +and +.Xr pam_get_user 3 . +.It Cm echo_pass +This option controls whether +.Xr pam_get_authtok 3 +will allow the user to see what they are typing. +.It Cm try_first_pass , Cm use_first_pass +These options control +.Xr pam_get_authtok 3 Ns 's +use of cached authentication tokens. +.El +.Sh SEE ALSO +.Xr pam 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library was developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam.man b/contrib/openpam/doc/man/pam.man new file mode 100644 index 000000000000..16873f57de64 --- /dev/null +++ b/contrib/openpam/doc/man/pam.man @@ -0,0 +1,99 @@ +.\" +.\" $OpenPAM: pam.man 938 2017-04-30 21:34:42Z des $ +.\" +.Sh DESCRIPTION +The Pluggable Authentication Modules (PAM) library abstracts a number +of common authentication-related operations and provides a framework +for dynamically loaded modules that implement these operations in +various ways. +.Ss Terminology +In PAM parlance, the application that uses PAM to authenticate a user +is the server, and is identified for configuration purposes by a +service name, which is often (but not necessarily) the program name. +.Pp +The user requesting authentication is called the applicant, while the +user (usually, root) charged with verifying his identity and granting +him the requested credentials is called the arbitrator. +.Pp +The sequence of operations the server goes through to authenticate a +user and perform whatever task he requested is a PAM transaction; the +context within which the server performs the requested task is called +a session. +.Pp +The functionality embodied by PAM is divided into six primitives +grouped into four facilities: authentication, account management, +session management and password management. +.Ss Conversation +The PAM library expects the application to provide a conversation +callback which it can use to communicate with the user. +Some modules may use specialized conversation functions to communicate +with special hardware such as cryptographic dongles or biometric +devices. +See +.Xr pam_conv 3 +for details. +.Ss Initialization and Cleanup +The +.Fn pam_start +function initializes the PAM library and returns a handle which must +be provided in all subsequent function calls. +The transaction state is contained entirely within the structure +identified by this handle, so it is possible to conduct multiple +transactions in parallel. +.Pp +The +.Fn pam_end +function releases all resources associated with the specified context, +and can be called at any time to terminate a PAM transaction. +.Ss Storage +The +.Fn pam_set_item +and +.Fn pam_get_item +functions set and retrieve a number of predefined items, including the +service name, the names of the requesting and target users, the +conversation function, and prompts. +.Pp +The +.Fn pam_set_data +and +.Fn pam_get_data +functions manage named chunks of free-form data, generally used by +modules to store state from one invocation to another. +.Ss Authentication +There are two authentication primitives: +.Fn pam_authenticate +and +.Fn pam_setcred . +The former authenticates the user, while the latter manages his +credentials. +.Ss Account Management +The +.Fn pam_acct_mgmt +function enforces policies such as password expiry, account expiry, +time-of-day restrictions, and so forth. +.Ss Session Management +The +.Fn pam_open_session +and +.Fn pam_close_session +functions handle session setup and teardown. +.Ss Password Management +The +.Fn pam_chauthtok +function allows the server to change the user's password, either at +the user's request or because the password has expired. +.Ss Miscellaneous +The +.Fn pam_putenv , +.Fn pam_getenv +and +.Fn pam_getenvlist +functions manage a private environment list in which modules can set +environment variables they want the server to export during the +session. +.Pp +The +.Fn pam_strerror +function returns a pointer to a string describing the specified PAM +error code. diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3 new file mode 100644 index 000000000000..ce4a276fcab5 --- /dev/null +++ b/contrib/openpam/doc/man/pam_acct_mgmt.3 @@ -0,0 +1,84 @@ +.\" Generated from pam_acct_mgmt.c by gendoc.pl +.\" $OpenPAM: pam_acct_mgmt.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_ACCT_MGMT 3 +.Os +.Sh NAME +.Nm pam_acct_mgmt +.Nd perform PAM account validation procedures +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Fn pam_acct_mgmt +function verifies and enforces account restrictions +after the user has been authenticated. +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.It Dv PAM_DISALLOW_NULL_AUTHTOK +Fail if the user's authentication token is null. +.El +.Pp +If any other bits are set, +.Fn pam_acct_mgmt +will return +.Dv PAM_SYMBOL_ERR . +.Sh RETURN VALUES +The +.Fn pam_acct_mgmt +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_ACCT_EXPIRED +User account has expired. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_NEW_AUTHTOK_REQD +New authentication token required. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_acct_mgmt +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3 new file mode 100644 index 000000000000..2c6b908d83bb --- /dev/null +++ b/contrib/openpam/doc/man/pam_authenticate.3 @@ -0,0 +1,98 @@ +.\" Generated from pam_authenticate.c by gendoc.pl +.\" $OpenPAM: pam_authenticate.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_AUTHENTICATE 3 +.Os +.Sh NAME +.Nm pam_authenticate +.Nd perform authentication within the PAM framework +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_authenticate "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Fn pam_authenticate +function attempts to authenticate the user +associated with the pam context specified by the +.Fa pamh +argument. +.Pp +The application is free to call +.Fn pam_authenticate +as many times as it +wishes, but some modules may maintain an internal retry counter and +return +.Dv PAM_MAXTRIES +when it exceeds some preset or hardcoded limit. +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.It Dv PAM_DISALLOW_NULL_AUTHTOK +Fail if the user's authentication token is null. +.El +.Pp +If any other bits are set, +.Fn pam_authenticate +will return +.Dv PAM_BAD_CONSTANT . +.Sh RETURN VALUES +The +.Fn pam_authenticate +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_AUTHINFO_UNAVAIL +Authentication information is unavailable. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BAD_CONSTANT +Bad constant. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_INSUFFICIENT +Insufficient credentials. +.It Bq Er PAM_MAXTRIES +Maximum number of tries exceeded. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_authenticate +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3 new file mode 100644 index 000000000000..3bd0fc8c9619 --- /dev/null +++ b/contrib/openpam/doc/man/pam_chauthtok.3 @@ -0,0 +1,90 @@ +.\" Generated from pam_chauthtok.c by gendoc.pl +.\" $OpenPAM: pam_chauthtok.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_CHAUTHTOK 3 +.Os +.Sh NAME +.Nm pam_chauthtok +.Nd perform password related functions within the PAM framework +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_chauthtok "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Fn pam_chauthtok +function attempts to change the authentication token +for the user associated with the pam context specified by the +.Fa pamh +argument. +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.It Dv PAM_CHANGE_EXPIRED_AUTHTOK +Change only those authentication tokens that have expired. +.El +.Pp +If any other bits are set, +.Fn pam_chauthtok +will return +.Dv PAM_BAD_CONSTANT . +.Sh RETURN VALUES +The +.Fn pam_chauthtok +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_AUTHTOK_DISABLE_AGING +Authentication token aging disabled. +.It Bq Er PAM_AUTHTOK_ERR +Authentication token failure. +.It Bq Er PAM_AUTHTOK_LOCK_BUSY +Authentication token lock busy. +.It Bq Er PAM_AUTHTOK_RECOVERY_ERR +Failed to recover old authentication token. +.It Bq Er PAM_BAD_CONSTANT +Bad constant. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_TRY_AGAIN +Try again. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_chauthtok +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3 new file mode 100644 index 000000000000..70e5c5bcace0 --- /dev/null +++ b/contrib/openpam/doc/man/pam_close_session.3 @@ -0,0 +1,80 @@ +.\" Generated from pam_close_session.c by gendoc.pl +.\" $OpenPAM: pam_close_session.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_CLOSE_SESSION 3 +.Os +.Sh NAME +.Nm pam_close_session +.Nd close an existing user session +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_close_session "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Fn pam_close_session +function tears down the user session previously +set up by +.Xr pam_open_session 3 . +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.El +.Pp +If any other bits are set, +.Fn pam_close_session +will return +.Dv PAM_BAD_CONSTANT . +.Sh RETURN VALUES +The +.Fn pam_close_session +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BAD_CONSTANT +Bad constant. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_open_session 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_close_session +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_conv.3 b/contrib/openpam/doc/man/pam_conv.3 new file mode 100644 index 000000000000..f596f2638839 --- /dev/null +++ b/contrib/openpam/doc/man/pam_conv.3 @@ -0,0 +1,186 @@ +.\"- +.\" Copyright (c) 2002-2003 Networks Associates Technology, Inc. +.\" Copyright (c) 2004-2017 Dag-Erling Smørgrav +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by ThinkSec AS and +.\" Network Associates Laboratories, the Security Research Division of +.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.\" ("CBOSS"), as part of the DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $OpenPAM: pam_conv.3 947 2019-02-24 20:18:17Z des $ +.\" +.Dd February 24, 2019 +.Dt PAM_CONV 3 +.Os +.Sh NAME +.Nm pam_conv +.Nd PAM conversation system +.Sh LIBRARY +.Lb libpam +.Sh SYNOPSIS +.In security/pam_appl.h +.Bd -literal +struct pam_message { + int msg_style; + char *msg; +}; + +struct pam_response { + char *resp; + int resp_retcode; +}; + +struct pam_conv { + int (*conv)(int, const struct pam_message **, + struct pam_response **, void *); + void *appdata_ptr; +}; +.Ed +.Sh DESCRIPTION +The PAM library uses an application-defined callback to communicate +with the user. +This callback is specified by the +.Vt struct pam_conv +passed to +.Fn pam_start +at the start of the transaction. +It is also possible to set or change the conversation function at any +point during a PAM transaction by changing the value of the +.Dv PAM_CONV +item. +.Pp +The conversation function's first argument specifies the number of +messages (up to +.Dv PAM_MAX_NUM_MSG ) +to process. +The second argument is a pointer to an array of pointers to +.Vt pam_message +structures containing the actual messages. +.Pp +Each message can have one of four types, specified by the +.Va msg_style +member of +.Vt struct pam_message : +.Bl -tag -width 18n +.It Dv PAM_PROMPT_ECHO_OFF +Display a prompt and accept the user's response without echoing it to +the terminal. +This is commonly used for passwords. +.It Dv PAM_PROMPT_ECHO_ON +Display a prompt and accept the user's response, echoing it to the +terminal. +This is commonly used for login names and one-time passphrases. +.It Dv PAM_ERROR_MSG +Display an error message. +.It Dv PAM_TEXT_INFO +Display an informational message. +.El +.Pp +In each case, the prompt or message to display is pointed to by the +.Va msg +member of +.Vt struct pam_message . +It can be up to +.Dv PAM_MAX_MSG_SIZE +characters long, including the terminating NUL. +.Pp +On success, the conversation function should allocate and fill a +contiguous array of +.Vt struct pam_response , +one for each message that was passed in. +A pointer to the user's response to each message (or +.Dv NULL +in the case of informational or error messages) should be stored in +the +.Va resp +member of the corresponding +.Vt struct pam_response . +Each response can be up to +.Dv PAM_MAX_RESP_SIZE +characters long, including the terminating NUL. +.Pp +The +.Va resp_retcode +member of +.Vt struct pam_response +is unused and should be set to zero. +.Pp +The conversation function should store a pointer to this array in the +location pointed to by its third argument. +It is the caller's responsibility to release both this array and the +responses themselves, using +.Xr free 3 . +It is the conversation function's responsibility to ensure that it is +legal to do so. +.Pp +The +.Va appdata_ptr +member of +.Vt struct pam_conv +is passed unmodified to the conversation function as its fourth and +final argument. +.Pp +On failure, the conversation function should release any resources it +has allocated, and return one of the predefined PAM error codes. +.Sh RETURN VALUES +The conversation function should return one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr openpam_nullconv 3 , +.Xr openpam_ttyconv 3 , +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_get_item 3 , +.Xr pam_info 3 , +.Xr pam_prompt 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The OpenPAM library and this manual page were developed for the +FreeBSD Project by ThinkSec AS and Network Associates Laboratories, +the Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3 new file mode 100644 index 000000000000..ff9542dcfd86 --- /dev/null +++ b/contrib/openpam/doc/man/pam_end.3 @@ -0,0 +1,56 @@ +.\" Generated from pam_end.c by gendoc.pl +.\" $OpenPAM: pam_end.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_END 3 +.Os +.Sh NAME +.Nm pam_end +.Nd terminate the PAM transaction +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_end "pam_handle_t *pamh" "int status" +.Sh DESCRIPTION +The +.Fn pam_end +function terminates a PAM transaction and destroys the +corresponding PAM context, releasing all resources allocated to it. +.Pp +The +.Fa status +argument should be set to the error code returned by the +last API call before the call to +.Fn pam_end . +.Sh RETURN VALUES +The +.Fn pam_end +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_HANDLE +Invalid PAM handle. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_end +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3 new file mode 100644 index 000000000000..484dbab9bc12 --- /dev/null +++ b/contrib/openpam/doc/man/pam_error.3 @@ -0,0 +1,57 @@ +.\" Generated from pam_error.c by gendoc.pl +.\" $OpenPAM: pam_error.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_ERROR 3 +.Os +.Sh NAME +.Nm pam_error +.Nd display an error message +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_error "const pam_handle_t *pamh" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Fn pam_error +function displays an error message through the +intermediary of the given PAM context's conversation function. +.Pp +.Sh RETURN VALUES +The +.Fn pam_error +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_info 3 , +.Xr pam_prompt 3 , +.Xr pam_strerror 3 , +.Xr pam_verror 3 +.Sh STANDARDS +The +.Fn pam_error +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn pam_error +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3 new file mode 100644 index 000000000000..08b20fbd55ae --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_authtok.3 @@ -0,0 +1,164 @@ +.\" Generated from pam_get_authtok.c by gendoc.pl +.\" $OpenPAM: pam_get_authtok.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_GET_AUTHTOK 3 +.Os +.Sh NAME +.Nm pam_get_authtok +.Nd retrieve authentication token +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" +.Sh DESCRIPTION +The +.Fn pam_get_authtok +function either prompts the user for an +authentication token or retrieves a cached authentication token, +depending on circumstances. +Either way, a pointer to the authentication token is stored in the +location pointed to by the +.Fa authtok +argument, and the corresponding PAM +item is updated. +.Pp +The +.Fa item +argument must have one of the following values: +.Bl -tag -width 18n +.It Dv PAM_AUTHTOK +Returns the current authentication token, or the new token +when changing authentication tokens. +.It Dv PAM_OLDAUTHTOK +Returns the previous authentication token when changing +authentication tokens. +.El +.Pp +The +.Fa prompt +argument specifies a prompt to use if no token is cached. +If it is +.Dv NULL , +the +.Dv PAM_AUTHTOK_PROMPT +or +.Dv PAM_OLDAUTHTOK_PROMPT +item, +as appropriate, will be used. +If that item is also +.Dv NULL , +a hardcoded default prompt will be used. +Additionally, when +.Fn pam_get_authtok +is called from a service module, +the prompt may be affected by module options as described below. +The prompt is then expanded using +.Xr openpam_subst 3 +before it is passed to +the conversation function. +.Pp +If +.Fa item +is set to +.Dv PAM_AUTHTOK +and there is a non-null +.Dv PAM_OLDAUTHTOK +item, +.Fn pam_get_authtok +will ask the user to confirm the new token by +retyping it. +If there is a mismatch, +.Fn pam_get_authtok +will return +.Dv PAM_TRY_AGAIN . +.Sh MODULE OPTIONS +When called by a service module, +.Fn pam_get_authtok +will recognize the +following module options: +.Bl -tag -width 18n +.It Dv authtok_prompt +Prompt to use when +.Fa item +is set to +.Dv PAM_AUTHTOK . +This option overrides both the +.Fa prompt +argument and the +.Dv PAM_AUTHTOK_PROMPT +item. +.It Dv echo_pass +If the application's conversation function allows it, this +lets the user see what they are typing. +This should only be used for non-reusable authentication +tokens. +.It Dv oldauthtok_prompt +Prompt to use when +.Fa item +is set to +.Dv PAM_OLDAUTHTOK . +This option overrides both the +.Fa prompt +argument and the +.Dv PAM_OLDAUTHTOK_PROMPT +item. +.It Dv try_first_pass +If the requested item is non-null, return it without +prompting the user. +Typically, the service module will verify the token, and +if it does not match, clear the item before calling +.Fn pam_get_authtok +a second time. +.It Dv use_first_pass +Do not prompt the user at all; just return the cached +value, or +.Dv PAM_AUTH_ERR +if there is none. +.El +.Sh RETURN VALUES +The +.Fn pam_get_authtok +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_CONSTANT +Bad constant. +.It Bq Er PAM_BAD_ITEM +Unrecognized or restricted item. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_TRY_AGAIN +Try again. +.El +.Sh SEE ALSO +.Xr openpam_get_option 3 , +.Xr openpam_subst 3 , +.Xr pam 3 , +.Xr pam_conv 3 , +.Xr pam_get_item 3 , +.Xr pam_get_user 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +The +.Fn pam_get_authtok +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn pam_get_authtok +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3 new file mode 100644 index 000000000000..e838be24eae9 --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_data.3 @@ -0,0 +1,69 @@ +.\" Generated from pam_get_data.c by gendoc.pl +.\" $OpenPAM: pam_get_data.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_GET_DATA 3 +.Os +.Sh NAME +.Nm pam_get_data +.Nd get module information +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_get_data "const pam_handle_t *pamh" "const char *module_data_name" "const void **data" +.Sh DESCRIPTION +The +.Fn pam_get_data +function looks up the opaque object associated with +the string specified by the +.Fa module_data_name +argument, in the PAM +context specified by the +.Fa pamh +argument. +A pointer to the object is stored in the location pointed to by the +.Fa data +argument. +If +.Fn pam_get_data +fails, the +.Fa data +argument is untouched. +.Pp +This function and its counterpart +.Xr pam_set_data 3 +are useful for managing +data that are meaningful only to a particular service module. +.Sh RETURN VALUES +The +.Fn pam_get_data +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_NO_MODULE_DATA +Module data not found. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_set_data 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_get_data +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3 new file mode 100644 index 000000000000..278bb2f4d8c2 --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_item.3 @@ -0,0 +1,105 @@ +.\" Generated from pam_get_item.c by gendoc.pl +.\" $OpenPAM: pam_get_item.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_GET_ITEM 3 +.Os +.Sh NAME +.Nm pam_get_item +.Nd get PAM information +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_get_item "const pam_handle_t *pamh" "int item_type" "const void **item" +.Sh DESCRIPTION +The +.Fn pam_get_item +function stores a pointer to the item specified by +the +.Fa item_type +argument in the location pointed to by the +.Fa item +argument. +The item is retrieved from the PAM context specified by the +.Fa pamh +argument. +If +.Fn pam_get_item +fails, the +.Fa item +argument is untouched. +.Pp +The following item types are recognized: +.Bl -tag -width 18n +.It Dv PAM_SERVICE +The name of the requesting service. +.It Dv PAM_USER +The name of the user the application is trying to +authenticate. +.It Dv PAM_TTY +The name of the current terminal. +.It Dv PAM_RHOST +The name of the applicant's host. +.It Dv PAM_CONV +A +.Vt struct pam_conv +describing the current conversation +function. +.It Dv PAM_AUTHTOK +The current authentication token. +.It Dv PAM_OLDAUTHTOK +The expired authentication token. +.It Dv PAM_RUSER +The name of the applicant. +.It Dv PAM_USER_PROMPT +The prompt to use when asking the applicant for a user +name to authenticate as. +.It Dv PAM_AUTHTOK_PROMPT +The prompt to use when asking the applicant for an +authentication token. +.It Dv PAM_OLDAUTHTOK_PROMPT +The prompt to use when asking the applicant for an +expired authentication token prior to changing it. +.It Dv PAM_HOST +The name of the host the application runs on. +.El +.Pp +See +.Xr pam_start 3 +for a description of +.Vt struct pam_conv . +.Pp +.Sh RETURN VALUES +The +.Fn pam_get_item +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_ITEM +Unrecognized or restricted item. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_get_item +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3 new file mode 100644 index 000000000000..2c21dd744023 --- /dev/null +++ b/contrib/openpam/doc/man/pam_get_user.3 @@ -0,0 +1,108 @@ +.\" Generated from pam_get_user.c by gendoc.pl +.\" $OpenPAM: pam_get_user.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_GET_USER 3 +.Os +.Sh NAME +.Nm pam_get_user +.Nd retrieve user name +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" +.Sh DESCRIPTION +The +.Fn pam_get_user +function returns the name of the target user, as +specified to +.Xr pam_start 3 . +If no user was specified, nor set using +.Xr pam_set_item 3 , +.Fn pam_get_user +will prompt for a user name. +Either way, a pointer to the user name is stored in the location +pointed to by the +.Fa user +argument, and the corresponding PAM item is +updated. +.Pp +The +.Fa prompt +argument specifies a prompt to use if no user name is +cached. +If it is +.Dv NULL , +the +.Dv PAM_USER_PROMPT +item will be used. +If that item is also +.Dv NULL , +a hardcoded default prompt will be used. +Additionally, when +.Fn pam_get_user +is called from a service module, the +prompt may be affected by module options as described below. +The prompt is then expanded using +.Xr openpam_subst 3 +before it is passed to +the conversation function. +.Sh MODULE OPTIONS +When called by a service module, +.Fn pam_get_user +will recognize the +following module options: +.Bl -tag -width 18n +.It Dv user_prompt +Prompt to use when asking for the user name. +This option overrides both the +.Fa prompt +argument and the +.Dv PAM_USER_PROMPT +item. +.El +.Sh RETURN VALUES +The +.Fn pam_get_user +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_ITEM +Unrecognized or restricted item. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr openpam_get_option 3 , +.Xr openpam_subst 3 , +.Xr pam 3 , +.Xr pam_conv 3 , +.Xr pam_get_authtok 3 , +.Xr pam_get_item 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_get_user +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3 new file mode 100644 index 000000000000..aa830488cff3 --- /dev/null +++ b/contrib/openpam/doc/man/pam_getenv.3 @@ -0,0 +1,53 @@ +.\" Generated from pam_getenv.c by gendoc.pl +.\" $OpenPAM: pam_getenv.c 944 2019-02-22 09:49:12Z des $ +.Dd February 24, 2019 +.Dt PAM_GETENV 3 +.Os +.Sh NAME +.Nm pam_getenv +.Nd retrieve the value of a PAM environment variable +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "const char *" +.Fn pam_getenv "pam_handle_t *pamh" "const char *name" +.Sh DESCRIPTION +The +.Fn pam_getenv +function returns the value of an environment variable. +Its semantics are similar to those of +.Xr getenv 3 , +but it accesses the PAM +context's environment list instead of the application's. +.Pp +.Sh RETURN VALUES +The +.Fn pam_getenv +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr getenv 3 , +.Xr pam 3 , +.Xr pam_getenvlist 3 , +.Xr pam_putenv 3 , +.Xr pam_setenv 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_getenv +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3 new file mode 100644 index 000000000000..e6bad00a1ccb --- /dev/null +++ b/contrib/openpam/doc/man/pam_getenvlist.3 @@ -0,0 +1,74 @@ +.\" Generated from pam_getenvlist.c by gendoc.pl +.\" $OpenPAM: pam_getenvlist.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_GETENVLIST 3 +.Os +.Sh NAME +.Nm pam_getenvlist +.Nd returns a list of all the PAM environment variables +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "char **" +.Fn pam_getenvlist "pam_handle_t *pamh" +.Sh DESCRIPTION +The +.Fn pam_getenvlist +function returns a copy of the given PAM context's +environment list as a pointer to an array of strings. +The last element in the array is +.Dv NULL . +The pointer is suitable for assignment to +.Va environ . +.Pp +The array and the strings it lists are allocated using +.Xr malloc 3 , +and +should be released using +.Xr free 3 +after use: +.Pp +.Bd -literal + char **envlist, **env; + + envlist = environ; + environ = pam_getenvlist(pamh); + /* do something nifty */ + for (env = environ; *env != NULL; env++) + free(*env); + free(environ); + environ = envlist; +.Ed +.Sh RETURN VALUES +The +.Fn pam_getenvlist +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr free 3 , +.Xr malloc 3 , +.Xr pam 3 , +.Xr pam_getenv 3 , +.Xr pam_putenv 3 , +.Xr pam_setenv 3 , +.Xr environ 7 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_getenvlist +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3 new file mode 100644 index 000000000000..4104cb86b858 --- /dev/null +++ b/contrib/openpam/doc/man/pam_info.3 @@ -0,0 +1,57 @@ +.\" Generated from pam_info.c by gendoc.pl +.\" $OpenPAM: pam_info.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_INFO 3 +.Os +.Sh NAME +.Nm pam_info +.Nd display an information message +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_info "const pam_handle_t *pamh" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Fn pam_info +function displays an informational message through the +intermediary of the given PAM context's conversation function. +.Pp +.Sh RETURN VALUES +The +.Fn pam_info +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_prompt 3 , +.Xr pam_strerror 3 , +.Xr pam_vinfo 3 +.Sh STANDARDS +The +.Fn pam_info +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn pam_info +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3 new file mode 100644 index 000000000000..46f6b5ed8141 --- /dev/null +++ b/contrib/openpam/doc/man/pam_open_session.3 @@ -0,0 +1,81 @@ +.\" Generated from pam_open_session.c by gendoc.pl +.\" $OpenPAM: pam_open_session.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_OPEN_SESSION 3 +.Os +.Sh NAME +.Nm pam_open_session +.Nd open a user session +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_open_session "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Fn pam_open_session +sets up a user session for a previously +authenticated user. +The session should later be torn down by a call to +.Xr pam_close_session 3 . +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.El +.Pp +If any other bits are set, +.Fn pam_open_session +will return +.Dv PAM_BAD_CONSTANT . +.Sh RETURN VALUES +The +.Fn pam_open_session +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BAD_CONSTANT +Bad constant. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_close_session 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_open_session +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3 new file mode 100644 index 000000000000..1c26ea930f33 --- /dev/null +++ b/contrib/openpam/doc/man/pam_prompt.3 @@ -0,0 +1,69 @@ +.\" Generated from pam_prompt.c by gendoc.pl +.\" $OpenPAM: pam_prompt.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_PROMPT 3 +.Os +.Sh NAME +.Nm pam_prompt +.Nd call the conversation function +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_prompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..." +.Sh DESCRIPTION +The +.Fn pam_prompt +function constructs a message from the specified format +string and arguments and passes it to the given PAM context's +conversation function. +.Pp +A pointer to the response, or +.Dv NULL +if the conversation function did +not return one, is stored in the location pointed to by the +.Fa resp +argument. +.Pp +See +.Xr pam_vprompt 3 +for further details. +.Pp +.Sh RETURN VALUES +The +.Fn pam_prompt +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_info 3 , +.Xr pam_strerror 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Fn pam_prompt +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn pam_prompt +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3 new file mode 100644 index 000000000000..cd92e2665429 --- /dev/null +++ b/contrib/openpam/doc/man/pam_putenv.3 @@ -0,0 +1,60 @@ +.\" Generated from pam_putenv.c by gendoc.pl +.\" $OpenPAM: pam_putenv.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_PUTENV 3 +.Os +.Sh NAME +.Nm pam_putenv +.Nd set the value of an environment variable +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue" +.Sh DESCRIPTION +The +.Fn pam_putenv +function sets an environment variable. +Its semantics are similar to those of +.Xr putenv 3 , +but it modifies the PAM +context's environment list instead of the application's. +.Pp +.Sh RETURN VALUES +The +.Fn pam_putenv +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_getenv 3 , +.Xr pam_getenvlist 3 , +.Xr pam_setenv 3 , +.Xr pam_strerror 3 , +.Xr putenv 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_putenv +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3 new file mode 100644 index 000000000000..51eeaaf8288a --- /dev/null +++ b/contrib/openpam/doc/man/pam_set_data.3 @@ -0,0 +1,70 @@ +.\" Generated from pam_set_data.c by gendoc.pl +.\" $OpenPAM: pam_set_data.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SET_DATA 3 +.Os +.Sh NAME +.Nm pam_set_data +.Nd set module information +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)" +.Sh DESCRIPTION +The +.Fn pam_set_data +function associates a pointer to an opaque object +with an arbitrary string specified by the +.Fa module_data_name +argument, +in the PAM context specified by the +.Fa pamh +argument. +.Pp +If not +.Dv NULL , +the +.Fa cleanup +argument should point to a function +responsible for releasing the resources associated with the object. +.Pp +This function and its counterpart +.Xr pam_get_data 3 +are useful for managing +data that are meaningful only to a particular service module. +.Sh RETURN VALUES +The +.Fn pam_set_data +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_get_data 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_set_data +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3 new file mode 100644 index 000000000000..7538a27542e4 --- /dev/null +++ b/contrib/openpam/doc/man/pam_set_item.3 @@ -0,0 +1,62 @@ +.\" Generated from pam_set_item.c by gendoc.pl +.\" $OpenPAM: pam_set_item.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SET_ITEM 3 +.Os +.Sh NAME +.Nm pam_set_item +.Nd set authentication information +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_set_item "pam_handle_t *pamh" "int item_type" "const void *item" +.Sh DESCRIPTION +The +.Fn pam_set_item +function sets the item specified by the +.Fa item_type +argument to a copy of the object pointed to by the +.Fa item +argument. +The item is stored in the PAM context specified by the +.Fa pamh +argument. +See +.Xr pam_get_item 3 +for a list of recognized item types. +.Sh RETURN VALUES +The +.Fn pam_set_item +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_ITEM +Unrecognized or restricted item. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_get_item 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_set_item +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3 new file mode 100644 index 000000000000..166becc688d1 --- /dev/null +++ b/contrib/openpam/doc/man/pam_setcred.3 @@ -0,0 +1,93 @@ +.\" Generated from pam_setcred.c by gendoc.pl +.\" $OpenPAM: pam_setcred.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SETCRED 3 +.Os +.Sh NAME +.Nm pam_setcred +.Nd modify / delete user credentials for an authentication service +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_setcred "pam_handle_t *pamh" "int flags" +.Sh DESCRIPTION +The +.Fn pam_setcred +function manages the application's credentials. +.Pp +The +.Fa flags +argument is the binary or of zero or more of the following +values: +.Bl -tag -width 18n +.It Dv PAM_SILENT +Do not emit any messages. +.It Dv PAM_ESTABLISH_CRED +Establish the credentials of the target user. +.It Dv PAM_DELETE_CRED +Revoke all established credentials. +.It Dv PAM_REINITIALIZE_CRED +Fully reinitialise credentials. +.It Dv PAM_REFRESH_CRED +Refresh credentials. +.El +.Pp +The latter four are mutually exclusive. +.Pp +If any other bits are set, +.Fn pam_setcred +will return +.Dv PAM_BAD_CONSTANT . +.Sh RETURN VALUES +The +.Fn pam_setcred +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BAD_CONSTANT +Bad constant. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_ERR +Failed to set user credentials. +.It Bq Er PAM_CRED_EXPIRED +User credentials have expired. +.It Bq Er PAM_CRED_UNAVAIL +Failed to retrieve user credentials. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_setcred +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3 new file mode 100644 index 000000000000..783a2eb38a4e --- /dev/null +++ b/contrib/openpam/doc/man/pam_setenv.3 @@ -0,0 +1,59 @@ +.\" Generated from pam_setenv.c by gendoc.pl +.\" $OpenPAM: pam_setenv.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SETENV 3 +.Os +.Sh NAME +.Nm pam_setenv +.Nd mirrors setenv(3) +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite" +.Sh DESCRIPTION +The +.Fn pam_setenv +function sets an environment variable. +Its semantics are similar to those of +.Xr setenv 3 , +but it modifies the PAM +context's environment list instead of the application's. +.Pp +.Sh RETURN VALUES +The +.Fn pam_setenv +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_getenv 3 , +.Xr pam_getenvlist 3 , +.Xr pam_putenv 3 , +.Xr pam_strerror 3 , +.Xr setenv 3 +.Sh STANDARDS +The +.Fn pam_setenv +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn pam_setenv +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 new file mode 100644 index 000000000000..73e91aecd973 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 @@ -0,0 +1,74 @@ +.\" Generated from pam_sm_acct_mgmt.c by gendoc.pl +.\" $OpenPAM: pam_sm_acct_mgmt.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SM_ACCT_MGMT 3 +.Os +.Sh NAME +.Nm pam_sm_acct_mgmt +.Nd service module implementation for pam_acct_mgmt +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_acct_mgmt "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Fn pam_sm_acct_mgmt +function is the service module's implementation +of the +.Xr pam_acct_mgmt 3 +API function. +.Sh RETURN VALUES +The +.Fn pam_sm_acct_mgmt +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_ACCT_EXPIRED +User account has expired. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_NEW_AUTHTOK_REQD +New authentication token required. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_acct_mgmt 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_sm_acct_mgmt +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_sm_authenticate.3 b/contrib/openpam/doc/man/pam_sm_authenticate.3 new file mode 100644 index 000000000000..33da29207a54 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_authenticate.3 @@ -0,0 +1,76 @@ +.\" Generated from pam_sm_authenticate.c by gendoc.pl +.\" $OpenPAM: pam_sm_authenticate.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SM_AUTHENTICATE 3 +.Os +.Sh NAME +.Nm pam_sm_authenticate +.Nd service module implementation for pam_authenticate +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_authenticate "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Fn pam_sm_authenticate +function is the service module's +implementation of the +.Xr pam_authenticate 3 +API function. +.Sh RETURN VALUES +The +.Fn pam_sm_authenticate +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_AUTHINFO_UNAVAIL +Authentication information is unavailable. +.It Bq Er PAM_AUTH_ERR +Authentication error. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_INSUFFICIENT +Insufficient credentials. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_MAXTRIES +Maximum number of tries exceeded. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_authenticate 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_sm_authenticate +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_sm_chauthtok.3 b/contrib/openpam/doc/man/pam_sm_chauthtok.3 new file mode 100644 index 000000000000..2483eab76aa7 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_chauthtok.3 @@ -0,0 +1,86 @@ +.\" Generated from pam_sm_chauthtok.c by gendoc.pl +.\" $OpenPAM: pam_sm_chauthtok.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SM_CHAUTHTOK 3 +.Os +.Sh NAME +.Nm pam_sm_chauthtok +.Nd service module implementation for pam_chauthtok +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_chauthtok "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Fn pam_sm_chauthtok +function is the service module's implementation +of the +.Xr pam_chauthtok 3 +API function. +.Pp +When the application calls +.Xr pam_chauthtok 3 , +the service function is +called twice, first with the +.Dv PAM_PRELIM_CHECK +flag set and then again +with the +.Dv PAM_UPDATE_AUTHTOK +flag set. +.Sh RETURN VALUES +The +.Fn pam_sm_chauthtok +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_AUTHTOK_DISABLE_AGING +Authentication token aging disabled. +.It Bq Er PAM_AUTHTOK_ERR +Authentication token failure. +.It Bq Er PAM_AUTHTOK_LOCK_BUSY +Authentication token lock busy. +.It Bq Er PAM_AUTHTOK_RECOVERY_ERR +Failed to recover old authentication token. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_TRY_AGAIN +Try again. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_chauthtok 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_sm_chauthtok +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_sm_close_session.3 b/contrib/openpam/doc/man/pam_sm_close_session.3 new file mode 100644 index 000000000000..501f7c634e83 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_close_session.3 @@ -0,0 +1,68 @@ +.\" Generated from pam_sm_close_session.c by gendoc.pl +.\" $OpenPAM: pam_sm_close_session.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SM_CLOSE_SESSION 3 +.Os +.Sh NAME +.Nm pam_sm_close_session +.Nd service module implementation for pam_close_session +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_close_session "pam_handle_t *pamh" "int flags" "int args" "const char **argv" +.Sh DESCRIPTION +The +.Fn pam_sm_close_session +function is the service module's +implementation of the +.Xr pam_close_session 3 +API function. +.Sh RETURN VALUES +The +.Fn pam_sm_close_session +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_close_session 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_sm_close_session +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_sm_open_session.3 b/contrib/openpam/doc/man/pam_sm_open_session.3 new file mode 100644 index 000000000000..76f2a0b23142 --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_open_session.3 @@ -0,0 +1,68 @@ +.\" Generated from pam_sm_open_session.c by gendoc.pl +.\" $OpenPAM: pam_sm_open_session.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SM_OPEN_SESSION 3 +.Os +.Sh NAME +.Nm pam_sm_open_session +.Nd service module implementation for pam_open_session +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_open_session "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Fn pam_sm_open_session +function is the service module's +implementation of the +.Xr pam_open_session 3 +API function. +.Sh RETURN VALUES +The +.Fn pam_sm_open_session +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SESSION_ERR +Session failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_open_session 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_sm_open_session +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_sm_setcred.3 b/contrib/openpam/doc/man/pam_sm_setcred.3 new file mode 100644 index 000000000000..9cc8cd55774b --- /dev/null +++ b/contrib/openpam/doc/man/pam_sm_setcred.3 @@ -0,0 +1,74 @@ +.\" Generated from pam_sm_setcred.c by gendoc.pl +.\" $OpenPAM: pam_sm_setcred.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_SM_SETCRED 3 +.Os +.Sh NAME +.Nm pam_sm_setcred +.Nd service module implementation for pam_setcred +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.In security/pam_modules.h +.Ft "int" +.Fn pam_sm_setcred "pam_handle_t *pamh" "int flags" "int argc" "const char **argv" +.Sh DESCRIPTION +The +.Fn pam_sm_setcred +function is the service module's implementation of +the +.Xr pam_setcred 3 +API function. +.Sh RETURN VALUES +The +.Fn pam_sm_setcred +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_ABORT +General failure. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_CRED_ERR +Failed to set user credentials. +.It Bq Er PAM_CRED_EXPIRED +User credentials have expired. +.It Bq Er PAM_CRED_UNAVAIL +Failed to retrieve user credentials. +.It Bq Er PAM_IGNORE +Ignore this module. +.It Bq Er PAM_PERM_DENIED +Permission denied. +.It Bq Er PAM_SERVICE_ERR +Error in service module. +.It Bq Er PAM_SYSTEM_ERR +System error. +.It Bq Er PAM_USER_UNKNOWN +Unknown user. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_setcred 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_sm_setcred +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3 new file mode 100644 index 000000000000..a280ebabaef9 --- /dev/null +++ b/contrib/openpam/doc/man/pam_start.3 @@ -0,0 +1,81 @@ +.\" Generated from pam_start.c by gendoc.pl +.\" $OpenPAM: pam_start.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_START 3 +.Os +.Sh NAME +.Nm pam_start +.Nd initiate a PAM transaction +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh" +.Sh DESCRIPTION +The +.Fn pam_start +function creates and initializes a PAM context. +.Pp +The +.Fa service +argument specifies the name of the policy to apply, and is +stored in the +.Dv PAM_SERVICE +item in the created context. +.Pp +The +.Fa user +argument specifies the name of the target user - the user the +created context will serve to authenticate. +It is stored in the +.Dv PAM_USER +item in the created context. +.Pp +The +.Fa pam_conv +argument points to a +.Vt struct pam_conv +describing the +conversation function to use; see +.Fa pam_conv +for details. +.Pp +.Sh RETURN VALUES +The +.Fn pam_start +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BAD_ITEM +Unrecognized or restricted item. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_end 3 , +.Xr pam_get_item 3 , +.Xr pam_set_item 3 , +.Xr pam_strerror 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_start +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3 new file mode 100644 index 000000000000..50b2550e8b60 --- /dev/null +++ b/contrib/openpam/doc/man/pam_strerror.3 @@ -0,0 +1,56 @@ +.\" Generated from pam_strerror.c by gendoc.pl +.\" $OpenPAM: pam_strerror.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_STRERROR 3 +.Os +.Sh NAME +.Nm pam_strerror +.Nd get PAM standard error message string +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "const char *" +.Fn pam_strerror "const pam_handle_t *pamh" "int error_number" +.Sh DESCRIPTION +The +.Fn pam_strerror +function returns a pointer to a string containing a +textual description of the error indicated by the +.Fa error_number +argument. +The +.Fa pamh +argument is ignored. +For compatibility with other implementations, it should be either a +valid PAM handle returned by a previous call to +.Xr pam_start 3 , +or +.Dv NULL . +.Sh RETURN VALUES +The +.Fn pam_strerror +function returns +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_start 3 +.Sh STANDARDS +.Rs +.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules" +.%D "June 1997" +.Re +.Sh AUTHORS +The +.Fn pam_strerror +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3 new file mode 100644 index 000000000000..e78ea070a30a --- /dev/null +++ b/contrib/openpam/doc/man/pam_verror.3 @@ -0,0 +1,61 @@ +.\" Generated from pam_verror.c by gendoc.pl +.\" $OpenPAM: pam_verror.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_VERROR 3 +.Os +.Sh NAME +.Nm pam_verror +.Nd display an error message +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_verror "const pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Fn pam_verror +function passes its arguments to +.Xr pam_vprompt 3 +with a +style argument of +.Dv PAM_ERROR_MSG , +and discards the response. +.Pp +.Sh RETURN VALUES +The +.Fn pam_verror +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_strerror 3 , +.Xr pam_vinfo 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Fn pam_verror +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn pam_verror +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3 new file mode 100644 index 000000000000..da73f34ccf1c --- /dev/null +++ b/contrib/openpam/doc/man/pam_vinfo.3 @@ -0,0 +1,61 @@ +.\" Generated from pam_vinfo.c by gendoc.pl +.\" $OpenPAM: pam_vinfo.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_VINFO 3 +.Os +.Sh NAME +.Nm pam_vinfo +.Nd display an information message +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_vinfo "const pam_handle_t *pamh" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Fn pam_vinfo +function passes its arguments to +.Xr pam_vprompt 3 +with a +style argument of +.Dv PAM_TEXT_INFO , +and discards the response. +.Pp +.Sh RETURN VALUES +The +.Fn pam_vinfo +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_info 3 , +.Xr pam_strerror 3 , +.Xr pam_verror 3 , +.Xr pam_vprompt 3 +.Sh STANDARDS +The +.Fn pam_vinfo +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn pam_vinfo +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3 new file mode 100644 index 000000000000..ff21c261f044 --- /dev/null +++ b/contrib/openpam/doc/man/pam_vprompt.3 @@ -0,0 +1,98 @@ +.\" Generated from pam_vprompt.c by gendoc.pl +.\" $OpenPAM: pam_vprompt.c 938 2017-04-30 21:34:42Z des $ +.Dd February 24, 2019 +.Dt PAM_VPROMPT 3 +.Os +.Sh NAME +.Nm pam_vprompt +.Nd call the conversation function +.Sh SYNOPSIS +.In sys/types.h +.In security/pam_appl.h +.Ft "int" +.Fn pam_vprompt "const pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap" +.Sh DESCRIPTION +The +.Fn pam_vprompt +function constructs a string from the +.Fa fmt +and +.Fa ap +arguments using +.Xr vsnprintf 3 , +and passes it to the given PAM context's +conversation function. +.Pp +The +.Fa style +argument specifies the type of interaction requested, and +must be one of the following: +.Bl -tag -width 18n +.It Dv PAM_PROMPT_ECHO_OFF +Display the message and obtain the user's response without +displaying it. +.It Dv PAM_PROMPT_ECHO_ON +Display the message and obtain the user's response. +.It Dv PAM_ERROR_MSG +Display the message as an error message, and do not wait +for a response. +.It Dv PAM_TEXT_INFO +Display the message as an informational message, and do +not wait for a response. +.El +.Pp +A pointer to the response, or +.Dv NULL +if the conversation function did +not return one, is stored in the location pointed to by the +.Fa resp +argument. +.Pp +The message and response should not exceed +.Dv PAM_MAX_MSG_SIZE +or +.Dv PAM_MAX_RESP_SIZE , +respectively. +If they do, they may be truncated. +.Pp +.Sh RETURN VALUES +The +.Fn pam_vprompt +function returns one of the following values: +.Bl -tag -width 18n +.It Bq Er PAM_SUCCESS +Success. +.It Bq Er PAM_BUF_ERR +Memory buffer error. +.It Bq Er PAM_CONV_ERR +Conversation failure. +.It Bq Er PAM_SYSTEM_ERR +System error. +.El +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam_error 3 , +.Xr pam_info 3 , +.Xr pam_prompt 3 , +.Xr pam_strerror 3 , +.Xr pam_verror 3 , +.Xr pam_vinfo 3 , +.Xr vsnprintf 3 +.Sh STANDARDS +The +.Fn pam_vprompt +function is an OpenPAM extension. +.Sh AUTHORS +The +.Fn pam_vprompt +function and this manual page were +developed for the +.Fx +Project by ThinkSec AS and Network Associates Laboratories, the +Security Research Division of Network Associates, Inc.\& under +DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +.Pp +The OpenPAM library is maintained by +.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no . |