From owner-p4-projects Mon Apr 8 9:58:34 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 07A4D37B426; Mon, 8 Apr 2002 09:56:49 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 1ABEF37B41E for ; Mon, 8 Apr 2002 09:56:38 -0700 (PDT) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g38Gubw78208 for perforce@freebsd.org; Mon, 8 Apr 2002 09:56:37 -0700 (PDT) (envelope-from peter@freebsd.org) Date: Mon, 8 Apr 2002 09:56:37 -0700 (PDT) Message-Id: <200204081656.g38Gubw78208@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to peter@freebsd.org using -f From: Peter Wemm Subject: PERFORCE change 9381 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=9381 Change 9381 by peter@peter_daintree on 2002/04/08 09:55:51 IFC @9380 Affected files ... ... //depot/projects/ia64/Makefile.inc1#17 integrate ... //depot/projects/ia64/contrib/openpam/CREDITS#1 branch ... //depot/projects/ia64/contrib/openpam/HISTORY#5 integrate ... //depot/projects/ia64/contrib/openpam/MANIFEST#5 integrate ... //depot/projects/ia64/contrib/openpam/README#5 integrate ... //depot/projects/ia64/contrib/openpam/RELNOTES#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/Makefile#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/openpam_borrow_cred.3#1 branch ... //depot/projects/ia64/contrib/openpam/doc/man/openpam_free_data.3#1 branch ... //depot/projects/ia64/contrib/openpam/doc/man/openpam_get_option.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/openpam_log.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/openpam_restore_cred.3#1 branch ... //depot/projects/ia64/contrib/openpam/doc/man/openpam_set_option.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/openpam_ttyconv.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_acct_mgmt.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_authenticate.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_chauthtok.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_close_session.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_end.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_error.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_get_authtok.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_get_data.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_get_item.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_get_user.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_getenv.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_getenvlist.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_info.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_open_session.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_prompt.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_putenv.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_set_data.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_set_item.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_setcred.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_setenv.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_acct_mgmt.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_authenticate.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_chauthtok.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_close_session.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_open_session.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_setcred.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_start.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_strerror.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_verror.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_vinfo.3#5 integrate ... //depot/projects/ia64/contrib/openpam/doc/man/pam_vprompt.3#5 integrate ... //depot/projects/ia64/contrib/openpam/include/security/openpam.h#6 integrate ... //depot/projects/ia64/contrib/openpam/lib/Makefile#5 integrate ... //depot/projects/ia64/contrib/openpam/lib/openpam_borrow_cred.c#1 branch ... //depot/projects/ia64/contrib/openpam/lib/openpam_free_data.c#1 branch ... //depot/projects/ia64/contrib/openpam/lib/openpam_impl.h#5 integrate ... //depot/projects/ia64/contrib/openpam/lib/openpam_restore_cred.c#1 branch ... //depot/projects/ia64/crypto/openssh/session.c#6 integrate ... //depot/projects/ia64/etc/pam.d/login#3 integrate ... //depot/projects/ia64/gnu/usr.bin/groff/tmac/mdoc.local#6 integrate ... //depot/projects/ia64/gnu/usr.bin/sort/COPYING#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/Makefile#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/config.h#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/error.c#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/error.h#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/getopt.c#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/getopt.h#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/getopt1.c#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/long-options.c#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/long-options.h#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/sort.1#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/sort.c#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/system.h#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/version.c#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/version.h#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/xstrtod.c#3 branch ... //depot/projects/ia64/gnu/usr.bin/sort/xstrtod.h#3 branch ... //depot/projects/ia64/lib/libc/gen/disklabel.c#4 integrate ... //depot/projects/ia64/lib/libc/net/ether_addr.c#4 integrate ... //depot/projects/ia64/lib/libpam/Makefile.inc#3 integrate ... //depot/projects/ia64/lib/libpam/libpam/Makefile#7 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_ssh/pam_ssh.c#9 integrate ... //depot/projects/ia64/lib/libpam/modules/pam_unix/pam_unix.c#7 integrate ... //depot/projects/ia64/lib/libutil/login_auth.c#2 integrate ... //depot/projects/ia64/lib/libutil/login_cap.3#2 integrate ... //depot/projects/ia64/lib/libutil/login_cap.c#3 integrate ... //depot/projects/ia64/lib/libutil/login_cap.h#3 integrate ... //depot/projects/ia64/lib/libutil/login_class.c#2 integrate ... //depot/projects/ia64/lib/libutil/login_crypt.c#2 integrate ... //depot/projects/ia64/release/picobsd/tinyware/login/pico-login.c#2 integrate ... //depot/projects/ia64/sbin/dumpon/dumpon.c#4 integrate ... //depot/projects/ia64/sbin/savecore/savecore.c#8 integrate ... //depot/projects/ia64/share/colldef/README#2 integrate ... //depot/projects/ia64/share/colldef/cs_CZ.ISO8859-2.src#3 integrate ... //depot/projects/ia64/sys/dev/acpica/acpi.c#8 integrate ... //depot/projects/ia64/sys/dev/ccd/ccd.c#7 integrate ... //depot/projects/ia64/sys/dev/null/null.c#3 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs#11 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs.h#10 integrate ... //depot/projects/ia64/sys/dev/usb/usbdevs_data.h#10 integrate ... //depot/projects/ia64/sys/dev/vinum/vinumhdr.h#2 integrate ... //depot/projects/ia64/sys/fs/hpfs/hpfs_vnops.c#8 integrate ... //depot/projects/ia64/sys/fs/smbfs/smbfs_vfsops.c#6 integrate ... //depot/projects/ia64/sys/fs/smbfs/smbfs_vnops.c#4 integrate ... //depot/projects/ia64/sys/fs/unionfs/union_subr.c#4 integrate ... //depot/projects/ia64/sys/geom/geom_dev.c#7 integrate ... //depot/projects/ia64/sys/geom/geom_disk.c#6 integrate ... //depot/projects/ia64/sys/i386/i386/machdep.c#13 integrate ... //depot/projects/ia64/sys/kern/kern_shutdown.c#6 integrate ... //depot/projects/ia64/sys/kern/subr_diskslice.c#6 integrate ... //depot/projects/ia64/sys/sys/disk.h#5 integrate ... //depot/projects/ia64/sys/sys/disklabel.h#11 integrate ... //depot/projects/ia64/sys/sys/malloc.h#6 integrate ... //depot/projects/ia64/sys/ufs/ffs/ffs_vfsops.c#11 integrate ... //depot/projects/ia64/usr.bin/login/login.c#7 integrate ... //depot/projects/ia64/usr.bin/tail/forward.c#5 integrate ... //depot/projects/ia64/usr.bin/tail/reverse.c#4 integrate ... //depot/projects/ia64/usr.bin/vmstat/vmstat.c#5 integrate ... //depot/projects/ia64/usr.sbin/mergemaster/mergemaster.8#3 integrate ... //depot/projects/ia64/usr.sbin/mergemaster/mergemaster.sh#3 integrate Differences ... ==== //depot/projects/ia64/Makefile.inc1#17 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $FreeBSD: src/Makefile.inc1,v 1.249 2002/04/04 06:49:46 ru Exp $ +# $FreeBSD: src/Makefile.inc1,v 1.251 2002/04/08 15:11:29 ru Exp $ # # Make command line options: # -DMAKE_KERBEROS4 to build KerberosIV @@ -428,12 +428,11 @@ ${KERNCONFDIR}/${_kernel} .endif .if !defined(NOCLEAN) && !defined(NO_KERNELCLEAN) -.if defined(MODULES_WITH_WORLD) || defined(NO_MODULES) || !exists(${KRNLSRCDIR}/modules) cd ${KRNLOBJDIR}/${_kernel}; \ - ${KMAKEENV} ${MAKE} KERNEL=${INSTKERNNAME} clean -.else + ${KMAKEENV} ${MAKE} KERNEL=${INSTKERNNAME} -DNO_MODULES clean +.if !defined(MODULES_WITH_WORLD) && !defined(NO_MODULES) && exists(${KRNLSRCDIR}/modules) cd ${KRNLOBJDIR}/${_kernel}; \ - ${KMAKEENV} ${MAKE} KERNEL=${INSTKERNNAME} clean cleandir + ${KMAKEENV} ${MAKE} KERNEL=${INSTKERNNAME} cleandir .endif .endif cd ${KRNLOBJDIR}/${_kernel}; \ @@ -557,7 +556,8 @@ .endif bootstrap-tools: -.for _tool in ${_strfile} usr.bin/yacc usr.bin/colldef usr.bin/xinstall \ +.for _tool in ${_strfile} usr.bin/yacc usr.bin/colldef \ + usr.bin/xargs usr.bin/xinstall \ usr.sbin/config usr.sbin/kbdcontrol \ gnu/usr.bin/gperf gnu/usr.bin/groff gnu/usr.bin/texinfo cd ${.CURDIR}/${_tool}; \ ==== //depot/projects/ia64/contrib/openpam/HISTORY#5 (text+ko) ==== @@ -1,4 +1,35 @@ ============================================================================ +OpenPAM Cinchona 2002-04-08 + + - ENHANCE: Improved documentation for several API functions. + + - BUGFIX: Fix bug in pam_set_data() that would result in corruption + of the module data list. + + - BUGFIX: Allocate the correct amount of memory for the environment + list in pam_putenv(). + + - ENHANCE: Change pam_get_authtok()'s prototype so the caller can + specify what token it wants. Also introduce PAM_OLDAUTHTOK_PROMPT. + + - BUGFIX: Plug memory leak in pam_get_user() / pam_get_authtok(), and + reduce differences between these very similar functions. + + - ENHANCE: Check flags carefully in pam_authenticate() and + pam_chauthtok(). + + - BUGFIX: Fix bugs in portability code; libpam now builds on NetBSD. + + - ENHANCE: In pam_get_authtok(), if PAM_OLDAUTHTOK is set, we're + asked for PAM_AUTHTOK, and we have to prompt the user, prompt her + twice and compare the responses. + + - ENHANCE: Add openpam_{borrow,restore}_cred(), for temporarily + switching to user credentials. + + - ENHANCE: Add openpam_free_data(), a generic cleanup function for + pam_set_data() consumers. +============================================================================ OpenPAM Centaury 2002-03-14 - BUGFIX: Add missing #include to openpam_log.c. @@ -16,7 +47,7 @@ - ENHANCE: Suppress debugging logs, unless compiled with -DDEBUG. ============================================================================ -OpenPAM Celandine 2002-03-05 +OpenPAM Celandine 2002-03-05 - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). @@ -83,4 +114,4 @@ First (beta) release. ============================================================================ -$P4: //depot/projects/ia64/contrib/openpam/HISTORY#4 $ +$P4: //depot/projects/ia64/contrib/openpam/HISTORY#5 $ ==== //depot/projects/ia64/contrib/openpam/MANIFEST#5 (text+ko) ==== @@ -1,6 +1,7 @@ # -# $P4: //depot/projects/ia64/contrib/openpam/MANIFEST#4 $ +# $P4: //depot/projects/ia64/contrib/openpam/MANIFEST#5 $ # +CREDITS HISTORY INSTALL LICENSE @@ -13,8 +14,11 @@ bin/su/su.c doc/Makefile doc/man/Makefile +doc/man/openpam_borrow_cred.3 +doc/man/openpam_free_data.3 doc/man/openpam_get_option.3 doc/man/openpam_log.3 +doc/man/openpam_restore_cred.3 doc/man/openpam_set_option.3 doc/man/openpam_ttyconv.3 doc/man/pam.3 @@ -55,13 +59,16 @@ include/security/pam_modules.h include/security/pam_types.h lib/Makefile +lib/openpam_borrow_cred.c lib/openpam_dispatch.c lib/openpam_dynamic.c lib/openpam_findenv.c +lib/openpam_free_data.c lib/openpam_get_option.c lib/openpam_impl.h lib/openpam_load.c lib/openpam_log.c +lib/openpam_restore_cred.c lib/openpam_set_option.c lib/openpam_static.c lib/openpam_ttyconv.c ==== //depot/projects/ia64/contrib/openpam/README#5 (text+ko) ==== @@ -13,18 +13,14 @@ paper and in OSF-RFC 86.0; this corresponds to the full XSSO API except for mappings and secondary authentication. - - Extends the API with several useful and time-saving functions: - pam_error(), pam_get_authtok(), pam_info(), pam_prompt(), - pam_setenv(), pam_verror(), pam_vinfo(), pam_vprompt() - - - Offers a number of time-saving convenience functions: - openpam_log(), openpam_ttyconv(). + - Extends the API with several useful and time-saving functions. - Performs strict checking of return values from service modules. - Reads configuration from /etc/pam.d/, /usr/local/etc/pam.d/ and /etc/pam.conf, in that order; this will be made configurable in a - future release.Please direct bug reports and inquiries to - openpam@thinksec.com. + future release. + +Please direct bug reports and inquiries to openpam@thinksec.com. -$P4: //depot/projects/ia64/contrib/openpam/README#4 $ +$P4: //depot/projects/ia64/contrib/openpam/README#5 $ ==== //depot/projects/ia64/contrib/openpam/RELNOTES#5 (text+ko) ==== @@ -1,19 +1,25 @@ - Release notes for OpenPAM Centaury + Release notes for OpenPAM Cinchona ================================== This is a beta release. The library itself is complete. Documentation exists in the form of -man pages for the library functions, though some pages are still +man pages for the library functions, though a few pages are still incomplete. -This release is incorporated into FreeBSD-CURRENT as of 2002-03-14. -It has not been tested on any other OS, though it should build and run -with minimal tweaks on NetBSD and OpenBSD. +This release is incorporated into FreeBSD-CURRENT as of 2002-04-08. +It has also been successfully built on NetBSD, and should build with +minimal or no changes on OpenBSD. It has not been tested on any other +OS. Known issues: - The documentation is still incomplete. -$P4: //depot/projects/ia64/contrib/openpam/RELNOTES#4 $ + - It should be possible to create incomplete modules without + recourse to placeholders or elaborate preprocessor tricks. This + is made difficult by the requirement that it should be possible to + link modules statically. + +$P4: //depot/projects/ia64/contrib/openpam/RELNOTES#5 $ ==== //depot/projects/ia64/contrib/openpam/doc/man/Makefile#5 (text+ko) ==== @@ -31,12 +31,15 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/ia64/contrib/openpam/doc/man/Makefile#4 $ +# $P4: //depot/projects/ia64/contrib/openpam/doc/man/Makefile#5 $ # MAN = +MAN += openpam_borrow_cred.3 +MAN += openpam_free_data.3 MAN += openpam_get_option.3 MAN += openpam_log.3 +MAN += openpam_restore_cred.3 MAN += openpam_set_option.3 MAN += openpam_ttyconv.3 MAN += pam.3 ==== //depot/projects/ia64/contrib/openpam/doc/man/openpam_get_option.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/openpam_get_option.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/openpam_get_option.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt OPENPAM_GET_OPTION 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/openpam_log.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/openpam_log.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/openpam_log.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt OPENPAM_LOG 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/openpam_set_option.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/openpam_set_option.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/openpam_set_option.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt OPENPAM_SET_OPTION 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/openpam_ttyconv.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/openpam_ttyconv.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/openpam_ttyconv.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt OPENPAM_TTYCONV 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam.3#5 (text+ko) ==== @@ -31,12 +31,15 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM 3 .Os .Sh NAME +.Nm openpam_borrow_cred , +.Nm openpam_free_data , +.Nm openpam_restore_cred , .Nm pam_acct_mgmt , .Nm pam_authenticate , .Nm pam_chauthtok , @@ -68,6 +71,12 @@ .Sh SYNOPSIS .In security/pam_appl.h .Ft int +.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd" +.Ft void +.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status" +.Ft int +.Fn openpam_restore_cred "pam_handle_t *pamh" +.Ft int .Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags" .Ft int .Fn pam_authenticate "pam_handle_t *pamh" "int flags" @@ -80,7 +89,7 @@ .Ft int .Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..." .Ft int -.Fn pam_get_authtok "pam_handle_t *pamh" "const char **authtok" "const char *prompt" +.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" .Ft int .Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "const void **data" .Ft int @@ -185,6 +194,9 @@ Unknown user. .El .Sh SEE ALSO +.Xr openpam_borrow_cred 3 , +.Xr openpam_free_data 3 , +.Xr openpam_restore_cred 3 , .Xr pam_acct_mgmt 3 , .Xr pam_authenticate 3 , .Xr pam_chauthtok 3 , ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_acct_mgmt.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_acct_mgmt.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_acct_mgmt.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_ACCT_MGMT 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_authenticate.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_authenticate.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_authenticate.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_AUTHENTICATE 3 .Os .Sh NAME @@ -46,7 +46,31 @@ .Ft int .Fn pam_authenticate "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION -No description available. +The +.Nm +function attempts to authenticate the user +associated with the pam context specified by the +.Va pamh +argument. +.Pp +The application is free to call +.Nm +as many times as it +wishes, but some modules may maintain an internal retry counter and +return +.Dv PAM_MAXTRIES +when it exceeds some preset or hardcoded limit. +.Pp +The +.Va flags +argument is the binary or of zero or more of the following +values: +.Pp +.Bd -literal + =PAM_SILENT + Do not emit any messages. + =PAM_DISALLOW_NULL_AUTHTOK + Fail if the user's authentication token is null. .Sh RETURN VALUES The .Nm ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_chauthtok.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_chauthtok.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_chauthtok.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_CHAUTHTOK 3 .Os .Sh NAME @@ -46,7 +46,23 @@ .Ft int .Fn pam_chauthtok "pam_handle_t *pamh" "int flags" .Sh DESCRIPTION -No description available. +The +.Nm +function attempts to change the authentication token +for the user associated with the pam context specified by the +.Va pamh +argument. +.Pp +The +.Va flags +argument is the binary or of zero or more of the following +values: +.Pp +.Bd -literal + =PAM_SILENT + Do not emit any messages. + =PAM_CHANGE_EXPIRED_AUTHTOK + Change only those authentication tokens that have expired. .Sh RETURN VALUES The .Nm ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_close_session.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_close_session.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_close_session.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_CLOSE_SESSION 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_end.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_end.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_end.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_END 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_error.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_error.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_error.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_ERROR 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_get_authtok.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_get_authtok.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_get_authtok.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_GET_AUTHTOK 3 .Os .Sh NAME @@ -44,9 +44,66 @@ .Sh SYNOPSIS .In security/pam_appl.h .Ft int -.Fn pam_get_authtok "pam_handle_t *pamh" "const char **authtok" "const char *prompt" +.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt" .Sh DESCRIPTION -No description available. +The +.Nm +function returns the cached authentication token, +or prompts the user if no token is currently cached. Either way, a +pointer to the authentication token is stored in the location pointed +to by the +.Va authtok +argument. +.Pp +The +.Va item +argument must have one of the following values: +.Pp +.Bd -literal + =PAM_AUTHTOK + Returns the current authentication token, or the new token + when changing authentication tokens. + =PAM_OLDAUTHTOK + Returns the previous authentication token when changing + authentication tokens. + +.Ed +The +.Va prompt +argument specifies a prompt to use if no token is cached. +.Ed +If it is +.Dv NULL , +the +.Dv PAM_AUTHTOK_PROMPT +or +.Dv PAM_OLDAUTHTOK_PROMPT +item, +.Ed +as appropriate, will be used. If that item is also +.Dv NULL , +a hardcoded +.Ed +default prompt will be used. + +.Ed +If +.Va item +is set to +.Dv PAM_AUTHTOK +and there is a non-null +.Dv PAM_OLDAUTHTOK +.Ed +item, +.Nm +will ask the user to confirm the new token by +.Ed +retyping it. If there is a mismatch, +.Nm +will return +.Ed +.Dv PAM_TRY_AGAIN . + .Sh RETURN VALUES The .Nm @@ -58,9 +115,13 @@ Conversation failure. .It Bq Er PAM_SYSTEM_ERR System error. +.It Bq Er PAM_TRY_AGAIN +Try again. .El .Sh SEE ALSO .Xr pam 3 , +.Xr pam_get_item 3 , +.Xr pam_get_user 3 , .Xr pam_strerror 3 .Sh STANDARDS The ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_get_data.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_get_data.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_get_data.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_GET_DATA 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_get_item.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_get_item.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_get_item.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_GET_ITEM 3 .Os .Sh NAME @@ -85,6 +85,9 @@ .It Dv PAM_AUTHTOK_PROMPT The prompt to use when asking the applicant for an authentication token. +.It Dv PAM_OLDAUTHTOK_PROMPT +The prompt to use when asking the applicant for an +expired authentication token prior to changing it. .El See .Xr pam_start 3 ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_get_user.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_get_user.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_get_user.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_GET_USER 3 .Os .Sh NAME @@ -46,7 +46,31 @@ .Ft int .Fn pam_get_user "pam_handle_t *pamh" "const char **user" "const char *prompt" .Sh DESCRIPTION -No description available. +The +.Nm +function returns the name of the target user, as +specified to +.Xr pam_start 3 . +If no user was specified, nor set using +.Xr pam_set_item 3 , +.Nm +will prompt for a user name. Either way, +a pointer to the user name is stored in the location pointed to by the +.Va user +argument. +.Pp +The +.Va prompt +argument specifies a prompt to use if no user name is +cached. If it is +.Dv NULL , +the +.Dv PAM_USER_PROMPT +will be used. If that +item is also +.Dv NULL , +a hardcoded default prompt will be used. +.Pp .Sh RETURN VALUES The .Nm @@ -61,6 +85,10 @@ .El .Sh SEE ALSO .Xr pam 3 , +.Xr pam_get_authtok 3 , +.Xr pam_get_item 3 , +.Xr pam_set_item 3 , +.Xr pam_start 3 , .Xr pam_strerror 3 .Sh STANDARDS .Rs ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_getenv.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_getenv.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_getenv.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_GETENV 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_getenvlist.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_getenvlist.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_getenvlist.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_GETENVLIST 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_info.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_info.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_info.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_INFO 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_open_session.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_open_session.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_open_session.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_OPEN_SESSION 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_prompt.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_prompt.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_prompt.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_PROMPT 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_putenv.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_putenv.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_putenv.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_PUTENV 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_set_data.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_set_data.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_set_data.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_SET_DATA 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_set_item.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_set_item.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_set_item.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_SET_ITEM 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_setcred.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_setcred.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_setcred.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_SETCRED 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_setenv.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_setenv.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_setenv.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_SETENV 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_acct_mgmt.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_acct_mgmt.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_acct_mgmt.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_SM_ACCT_MGMT 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_authenticate.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_authenticate.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_authenticate.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_SM_AUTHENTICATE 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_chauthtok.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_chauthtok.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_chauthtok.3#5 $ .\" -.Dd March 7, 2002 +.Dd April 8, 2002 .Dt PAM_SM_CHAUTHTOK 3 .Os .Sh NAME ==== //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_close_session.3#5 (text+ko) ==== @@ -31,9 +31,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_close_session.3#4 $ +.\" $P4: //depot/projects/ia64/contrib/openpam/doc/man/pam_sm_close_session.3#5 $ .\" -.Dd March 7, 2002 >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message