OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import OpenPAM. 

The basics (pam_start(), pam_end(), pam_strerror(), item-,
data- and environment-related functions and the six PAM
primitives) are implemented.  A stub is provided for
pam_get_user(), which is not yet implemented.  Stubs are also
provided for XSSO mapping and secondary authentication, though
they are not built and will probably not be implemented for
quite some time.

Sponsored by:	DARPA, NAI Labs


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@1 185d5e19-27fe-0310-9dcf-9bff6b9f3609
remotes/origin/tags/openpam-20050616
Dag-Erling Smørgrav 2002-02-01 17:16:12 +00:00
commit 5d027b0909
36 changed files with 3009 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
LICENSE 100644
View File

@ -0,0 +1,34 @@
Copyright (c) 2002 Networks Associates Technologies, Inc.
All rights reserved.
This software was developed for the FreeBSD Project by ThinkSec AS and
NAI Labs, the Security Research Division of Network Associates, Inc.
under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
DARPA CHATS research program.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
$Id$

41
Makefile 100644
View File

@ -0,0 +1,41 @@
#-
# Copyright (c) 2002 Networks Associates Technologies, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS and
# NAI Labs, the Security Research Division of Network Associates, Inc.
# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
# DARPA CHATS research program.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote
# products derived from this software without specific prior written
# permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Id$
#
SUBDIR =
SUBDIR += lib
SUBDIR += bin
.include <bsd.subdir.mk>

39
bin/Makefile 100644
View File

@ -0,0 +1,39 @@
#-
# Copyright (c) 2002 Networks Associates Technologies, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS and
# NAI Labs, the Security Research Division of Network Associates, Inc.
# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
# DARPA CHATS research program.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote
# products derived from this software without specific prior written
# permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Id$
#
SUBDIR =
.include <bsd.subdir.mk>

64
doc/xsso_errata.txt 100644
View File

@ -0,0 +1,64 @@
$Id$
Errata in XSSO, chapter 5:
p. 25: the first member of struct pam_response is named "resp", not
"response".
Errata in XSSO, chapter 6:
p. 32: "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
sections should be "PAM_NEW_AUTHTOK_REQD".
p. 32: pam_acct_mgmt() must be allowed to return PAM_AUTH_ERR.
p. 46: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
should be "PAM_AUTHTOK" and "PAM_OLDAUTHTOK", respectively.
p. 60: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
should be "PAM_AUTHTOK" and "PAM_OLDAUTHTOK", respectively.
p. 62: the target_authtok_len argument to pam_set_mapped_authtok() is
of type size_t, not a size_t *.
p. 59: the last argument pam_set_data() should be written void
(*cleanup)(...), not void *(cleanup)(...).
p. 66: the first occurrence of "pam_acct_mgmt" in the NAME section
should be "pam_sm_acct_mgmt".
p. 66: pam_sm_acct_mgmt() must be allowed to return PAM_AUTH_ERR.
p. 70: "pam_authenticate_secondary" in the SYNOPSIS section should be
"pam_sm_authenticate_secondary".
pam_sm_authenticate_secondary() takes argc and argv arguments
like the rest of the pam_sm_*() functions.
p. 72: the flags argument to pam_sm_chauthtok() is of type int, not
const int.
p. 77: the names of several arguments to pam_sm_get_mapped_authtok()
are missing the initial "t" in "target".
p. 83: the target_authtok_len argument to pam_sm_set_mapped_authtok()
is of type size_t, not a size_t *.
p. 85: the names of several arguments to pam_sm_set_mapped_username()
are missing the initial "t" in "target".
p. 89: the user argument to pam_start() is of type const char *.
p. 89: the correct definition for struct pam_conv is as follows:
struct pam_conv {
int (*conv)(int, struct pam_message **,
struct pam_response **, void *);
void *appdata_ptr;
};
p. 90: the correct definition for struct pam_response is as follows:
struct pam_response {
char *resp;
int resp_retcode;
};

181
include/security/pam_appl.h 100644
View File

@ -0,0 +1,181 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#ifndef _PAM_APPL_H_INCLUDED
#define _PAM_APPL_H_INCLUDED
#include <security/pam_types.h>
#include <security/pam_constants.h>
/*
* XSSO 4.2.1, 6
*/
int
pam_acct_mgmt(pam_handle_t *_pamh,
int _flags);
int
pam_authenticate(pam_handle_t *_pamh,
int _flags);
int
pam_chauthtok(pam_handle_t *_pamh,
int _flags);
int
pam_close_session(pam_handle_t *_pamh,
int _flags);
int
pam_end(pam_handle_t *_pamh,
int _status);
int
pam_get_data(pam_handle_t *_pamh,
const char *_module_data_name,
void **_data);
int
pam_get_item(pam_handle_t *_pamh,
int _item_type,
void **_item);
int
pam_get_user(pam_handle_t *_pamh,
char **_user,
const char *_prompt);
char *
pam_getenv(pam_handle_t *_pamh,
const char *_name);
char **
pam_getenvlist(pam_handle_t *_pamh);
int
pam_open_session(pam_handle_t *_pamh,
int _flags);
int
pam_putenv(pam_handle_t *_pamh,
const char *_namevalue);
int
pam_set_data(pam_handle_t *_pamh,
const char *_module_data_name,
void *_data,
void (*_cleanup)(pam_handle_t *_pamh,
void *_data,
int _pam_end_status));
int
pam_set_item(pam_handle_t *_pamh,
int _item_type,
const void *_item);
int
pam_setcred(pam_handle_t *_pamh,
int _flags);
int
pam_start(const char *_service,
const char *_user,
const struct pam_conv *_pam_conv,
pam_handle_t **_pamh);
const char *
pam_strerror(pam_handle_t *_pamh,
int _error_number);
/*
* OpenPAM extensions
*/
int
pam_setenv(pam_handle_t *_pamh,
const char *_name,
const char *_value,
int overwrite);
/*
* Single Sign-On extensions
*/
#if 0
int
pam_authenticate_secondary(pam_handle_t *_pamh,
char *_target_username,
char *_target_module_type,
char *_target_authn_domain,
char *_target_supp_data,
char *_target_module_authtok,
int _flags);
int
pam_get_mapped_authtok(pam_handle_t *_pamh,
const char *_target_module_username,
const char *_target_module_type,
const char *_target_authn_domain,
size_t *_target_authtok_len,
unsigned char **_target_module_authtok);
int
pam_get_mapped_username(pam_handle_t *_pamh,
const char *_src_username,
const char *_src_module_type,
const char *_src_authn_domain,
const char *_target_module_type,
const char *_target_authn_domain,
char **_target_module_username);
int
pam_set_mapped_authtok(pam_handle_t *_pamh,
const char *_target_module_username,
size_t _target_authtok_len,
unsigned char *_target_module_authtok,
const char *_target_module_type,
const char *_target_authn_domain);
int
pam_set_mapped_username(pam_handle_t *_pamh,
char *_src_username,
char *_src_module_type,
char *_src_authn_domain,
char *_target_module_username,
char *_target_module_type,
char *_target_authn_domain);
#endif /* 0 */
#endif

111
include/security/pam_constants.h 100644
View File

@ -0,0 +1,111 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#ifndef _PAM_CONSTANTS_H_INCLUDED
#define _PAM_CONSTANTS_H_INCLUDED
/*
* XSSO 5.2
*/
#define PAM_SUCCESS 0
#define PAM_OPEN_ERR 1
#define PAM_SYMBOL_ERR 2
#define PAM_SERVICE_ERR 3
#define PAM_SYSTEM_ERR 4
#define PAM_BUF_ERR 5
#define PAM_CONV_ERR 6
#define PAM_PERM_DENIED 7
#define PAM_MAXTRIES 8
#define PAM_AUTH_ERR 9
#define PAM_NEW_AUTHTOK_REQD 10
#define PAM_CRED_INSUFFICIENT 11
#define PAM_AUTHINFO_UNAVAIL 12
#define PAM_USER_UNKNOWN 13
#define PAM_CRED_UNAVAIL 14
#define PAM_CRED_EXPIRED 15
#define PAM_CRED_ERR 16
#define PAM_ACCT_EXPIRED 17
#define PAM_AUTHTOK_EXPIRED 18
#define PAM_SESSION_ERR 19
#define PAM_AUTHTOK_ERR 20
#define PAM_AUTHTOK_RECOVERY_ERR 21
#define PAM_AUTHTOK_LOCK_BUSY 22
#define PAM_AUTHTOK_DISABLE_AGING 23
#define PAM_NO_MODULE_DATA 24
#define PAM_IGNORE 25
#define PAM_ABORT 26
#define PAM_TRY_AGAIN 27
#define PAM_MODULE_UNKNOWN 28
#define PAM_DOMAIN_UNKNOWN 29
/*
* XSSO 5.3
*/
#define PAM_PROMPT_ECHO_OFF 1
#define PAM_PROMPT_ECHO_ON 2
#define PAM_ERROR_MSG 3
#define PAM_TEXT_INFO 4
#define PAM_MAX_NUM_MSG 32
#define PAM_MAX_MSG_SIZE 512
#define PAM_MAX_RESP_SIZE 512
/*
* XSSO 5.4
*/
#define PAM_SILENT 0x80000000
#define PAM_DISALLOW_NULL_AUTHTOK 0x1
#define PAM_ESTABLISH_CRED 0x1
#define PAM_DELETE_CRED 0x2
#define PAM_REINITIALISE_CRED 0x4
#define PAM_REFRESH_CRED 0x8
#define PAM_CRED_PRELIM_CHECK 0x1
#define PAM_UPDATE_AUTHTOK 0x2
#define PAM_CHANGE_EXPIRED_AUTHTOK 0x4
/*
* XSSO 5.5
*/
#define PAM_SERVICE 1
#define PAM_USER 2
#define PAM_TTY 3
#define PAM_RHOST 4
#define PAM_CONV 5
#define PAM_AUTHTOK 6
#define PAM_OLDAUTHTOK 7
#define PAM_RUSER 8
#define PAM_USER_PROMPT 9
#endif

139
include/security/pam_modules.h 100644
View File

@ -0,0 +1,139 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#ifndef _PAM_MODULES_H_INCLUDED
#define _PAM_MODULES_H_INCLUDED
#include <security/pam_types.h>
#include <security/pam_constants.h>
/*
* XSSO 4.2.2, 6
*/
int
pam_sm_acct_mgmt(pam_handle_t *_pamh,
int _flags,
int _argc,
const char **_argv);
int
pam_sm_authenticate(pam_handle_t *_pamh,
int _flags,
int _argc,
const char **_argv);
int
pam_sm_chauthtok(pam_handle_t *_pamh,
int _flags,
int _argc,
const char **_argv);
int
pam_sm_close_session(pam_handle_t *_pamh,
int _flags,
int _args,
const char **_argv);
int
pam_sm_open_session(pam_handle_t *_pamh,
int _flags,
int _argc,
const char **_argv);
int
pam_sm_setcred(pam_handle_t *_pamh,
int _flags,
int _argc,
const char **_argv);
/*
* Single Sign-On extensions
*/
#if 0
int
pam_sm_authenticate_secondary(pam_handle_t *_pamh,
char *_target_username,
char *_target_module_type,
char *_target_authn_domain,
char *_target_supp_data,
unsigned char *_target_module_authtok,
int _flags,
int _argc,
const char **_argv);
int
pam_sm_get_mapped_authtok(pam_handle_t *_pamh,
char *_target_module_username,
char *_target_module_type,
char *_target_authn_domain,
size_t *_target_authtok_len,
unsigned char **_target_module_authtok,
int _argc,
char *_argv);
int
pam_sm_get_mapped_username(pam_handle_t *_pamh,
char *_src_username,
char *_src_module_type,
char *_src_authn_domain,
char *_target_module_type,
char *_target_authn_domain,
char **_target_module_username,
int _argc,
const char **_argv);
int
pam_sm_set_mapped_authtok(pam_handle_t *_pamh,
char *_target_module_username,
size_t _target_authtok_len,
unsigned char *_target_module_authtok,
char *_target_module_type,
char *_target_authn_domain,
int _argc,
const char *_argv);
int
pam_sm_set_mapped_username(pam_handle_t *_pamh,
char *_target_module_username,
char *_target_module_type,
char *_target_authn_domain,
int _argc,
const char **_argv);
#endif /* 0 */
#endif

68
include/security/pam_types.h 100644
View File

@ -0,0 +1,68 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#ifndef _PAM_TYPES_H_INCLUDED
#define _PAM_TYPES_H_INCLUDED
/*
* XSSO 5.1.1
*/
struct pam_message {
int msg_style;
char *msg;
};
struct pam_response {
char *resp;
int resp_retcode;
};
/*
* XSSO 5.1.2
*/
struct pam_conv {
int (*conv)(int, const struct pam_message **,
struct pam_response **, void *);
void *appdata_ptr;
};
/*
* XSSO 5.1.3
*/
struct pam_handle;
typedef struct pam_handle pam_handle_t;
#endif

75
lib/Makefile 100644
View File

@ -0,0 +1,75 @@
#-
# Copyright (c) 2002 Networks Associates Technologies, Inc.
# All rights reserved.
#
# This software was developed for the FreeBSD Project by ThinkSec AS and
# NAI Labs, the Security Research Division of Network Associates, Inc.
# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
# DARPA CHATS research program.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. The name of the author may not be used to endorse or promote
# products derived from this software without specific prior written
# permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $Id$
#
LIB = pam
SHLIB_MAJOR = 2
SHLIB_MINOR = 0
WARNS ?= 4
NO_WERROR = yes
CFLAGS += -I${.CURDIR}/../include
SRCS =
SRCS += openpam_dispatch.c
SRCS += openpam_log.c
SRCS += pam_acct_mgmt.c
SRCS += pam_authenticate.c
SRCS += pam_chauthtok.c
SRCS += pam_close_session.c
SRCS += pam_end.c
SRCS += pam_get_data.c
SRCS += pam_get_item.c
SRCS += pam_get_user.c
SRCS += pam_getenv.c
SRCS += pam_getenvlist.c
SRCS += pam_open_session.c
SRCS += pam_putenv.c
SRCS += pam_set_data.c
SRCS += pam_set_item.c
SRCS += pam_setcred.c
SRCS += pam_setenv.c
SRCS += pam_start.c
SRCS += pam_strerror.c
.if 0
SRCS += pam_authenticate_secondary.c
SRCS += pam_get_mapped_authtok.c
SRCS += pam_get_mapped_username.c
SRCS += pam_set_mapped_authtok.c
SRCS += pam_set_mapped_username.c
.endif
.include <bsd.lib.mk>

119
lib/openpam.h 100644
View File

@ -0,0 +1,119 @@
/*-
* Copyright (c) 2001 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#ifndef _OPENPAM_H_INCLUDED
#define _OPENPAM_H_INCLUDED
/*
* Control flags
*/
#define PAM_REQUIRED 1
#define PAM_REQUISITE 2
#define PAM_SUFFICIENT 3
#define PAM_OPTIONAL 4
#define PAM_NUM_CONTROLFLAGS 5
/*
* Chains
*/
#define PAM_AUTH 0
#define PAM_ACCOUNT 1
#define PAM_SESSION 2
#define PAM_PASSWORD 3
#define PAM_NUM_CHAINS 4
#define PAM_ACCT_MGMT 0
#define PAM_AUTHENTICATE 1
#define PAM_CHAUTHTOK 2
#define PAM_CLOSE_SESSION 3
#define PAM_OPEN_SESSION 4
#define PAM_SETCRED 5
#define PAM_NUM_PRIMITIVES 6
extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
typedef int (*pam_func_t)(pam_handle_t *, int);
typedef struct pam_chain pam_chain_t;
struct pam_chain {
int flag;
char *modpath;
/* XXX options */
pam_chain_t *next;
void *dlh;
pam_func_t primitive[PAM_NUM_PRIMITIVES];
};
#define PAM_NUM_ITEMS 10
typedef struct pam_data pam_data_t;
struct pam_data {
char *name;
void *data;
void (*cleanup)(pam_handle_t *, void *, int);
pam_data_t *next;
};
struct pam_handle {
char *service;
/* chains */
pam_chain_t *chains[PAM_NUM_CHAINS];
/* items and data */
void *item[PAM_NUM_ITEMS];
pam_data_t *module_data;
/* environment list */
char **env;
int env_count;
int env_size;
};
#define PAM_OTHER "other"
int openpam_dispatch(pam_handle_t *, int, int);
#define PAM_LOG_DEBUG 0
#define PAM_LOG_VERBOSE 1
#define PAM_LOG_NOTICE 2
#define PAM_LOG_ERROR 3
void openpam_log(int, const char *, ...);
int openpam_findenv(pam_handle_t *, const char *, size_t);
#endif

193
lib/openpam_dispatch.c 100644
View File

@ -0,0 +1,193 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include "openpam.h"
#if !defined(OPENPAM_RELAX_CHECKS)
static void _openpam_check_error_code(int, int);
#else
#define _openpam_check_error_code(a, b)
#endif /* !defined(OPENPAM_RELAX_CHECKS) */
/*
* Execute a module chain
*/
int
openpam_dispatch(pam_handle_t *pamh,
int primitive,
int flags)
{
pam_chain_t *module;
int err, fail, r;
if (pamh == NULL)
return (PAM_SYSTEM_ERR);
switch (primitive) {
case PAM_AUTHENTICATE:
case PAM_SETCRED:
module = pamh->chains[PAM_AUTH];
break;
case PAM_ACCT_MGMT:
module = pamh->chains[PAM_ACCOUNT];
break;
case PAM_OPEN_SESSION:
case PAM_CLOSE_SESSION:
module = pamh->chains[PAM_SESSION];
break;
case PAM_CHAUTHTOK:
module = pamh->chains[PAM_PASSWORD];
break;
default:
return (PAM_SYSTEM_ERR);
}
for (err = fail = 0; module != NULL; module = module->next) {
if (module->primitive[primitive] == NULL) {
openpam_log(PAM_LOG_ERROR, "%s: no %s()",
module->modpath, _pam_sm_func_name[primitive]);
return (PAM_SYMBOL_ERR);
}
r = (module->primitive[primitive])(pamh, flags);
openpam_log(PAM_LOG_DEBUG, "%s: %s(): %s",
module->modpath, _pam_sm_func_name[primitive],
pam_strerror(pamh, r));
if (r == PAM_IGNORE)
continue;
if (r == PAM_SUCCESS) {
/*
* For pam_setcred(), treat "sufficient" as
* "optional".
*
* Note that Solaris libpam does not terminate
* the chain here if a required module has
* previously failed. I'm not sure why.
*/
if (module->flag == PAM_SUFFICIENT &&
primitive != PAM_SETCRED)
break;
}
_openpam_check_error_code(primitive, r);
/*
* Record the return code from the first module to
* fail. If a required module fails, record the
* return code from the first required module to fail.
*/
if (err == 0)
err = r;
if (module->flag == PAM_REQUIRED && !fail) {
fail = 1;
err = r;
}
/*
* If a requisite module fails, terminate the chain
* immediately.
*/
if (module->flag == PAM_REQUISITE) {
fail = 1;
break;
}
}
if (fail)
return (err);
return (PAM_SUCCESS);
}
#if !defined(OPENPAM_RELAX_CHECKS)
static void
_openpam_check_error_code(int primitive, int r)
{
/* common error codes */
if (r == PAM_SERVICE_ERR ||
r == PAM_BUF_ERR ||
r == PAM_BUF_ERR ||
r == PAM_CONV_ERR ||
r == PAM_PERM_DENIED)
return;
/* specific error codes */
switch (primitive) {
case PAM_AUTHENTICATE:
if (r == PAM_AUTH_ERR ||
r == PAM_CRED_INSUFFICIENT ||
r == PAM_AUTHINFO_UNAVAIL ||
r == PAM_USER_UNKNOWN ||
r == PAM_MAXTRIES)
return;
break;
case PAM_SETCRED:
if (r == PAM_CRED_UNAVAIL ||
r == PAM_CRED_EXPIRED ||
r == PAM_USER_UNKNOWN ||
r == PAM_CRED_ERR)
return;
break;
case PAM_ACCT_MGMT:
if (r == PAM_USER_UNKNOWN ||
r == PAM_AUTH_ERR ||
r == PAM_NEW_AUTHTOK_REQD ||
r == PAM_ACCT_EXPIRED)
return;
break;
case PAM_OPEN_SESSION:
case PAM_CLOSE_SESSION:
if (r == PAM_SESSION_ERR)
return;
break;
case PAM_CHAUTHTOK:
if (r == PAM_PERM_DENIED ||
r == PAM_AUTHTOK_ERR ||
r == PAM_AUTHTOK_RECOVERY_ERR ||
r == PAM_AUTHTOK_LOCK_BUSY ||
r == PAM_AUTHTOK_DISABLE_AGING)
return;
break;
}
openpam_log(PAM_LOG_ERROR, "%s(): invalid return value %d",
_pam_sm_func_name[primitive], r);
}
#endif /* !defined(OPENPAM_RELAX_CHECKS) */

60
lib/openpam_findenv.c 100644
View File

@ -0,0 +1,60 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <security/pam_appl.h>
#include "openpam.h"
/*
* Locate an environment variable
*/
int
openpam_findenv(pam_handle_t *pamh,
const char *name,
size_t len)
{
int i;
if (pamh == NULL)
return (-1);
for (i = 0; i < pamh->env_count; ++i)
if (strncmp(pamh->env[i], name, len) == 0 &&
pamh->env[i][len] == '=')
return (i);
return (-1);
}

73
lib/openpam_log.c 100644
View File

@ -0,0 +1,73 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <stdarg.h>
#include <stdio.h>
#include <syslog.h>
#include <security/pam_appl.h>
#include "openpam.h"
/*
* Log a message through syslog(3)
*/
void
openpam_log(int level, const char *fmt, ...)
{
va_list ap;
int priority;
switch (level) {
case PAM_LOG_DEBUG:
priority = LOG_DEBUG;
break;
case PAM_LOG_VERBOSE:
priority = LOG_INFO;
break;
case PAM_LOG_NOTICE:
priority = LOG_NOTICE;
break;
case PAM_LOG_ERROR:
priority = LOG_ERR;
break;
}
va_start(ap, fmt);
vsyslog(priority, fmt, ap);
va_end(ap);
}

56
lib/pam_acct_mgmt.c 100644
View File

@ -0,0 +1,56 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include "openpam.h"
/*
* XSSO 4.2.1
* XSSO 6 page 32
*
* Perform PAM account validation procedures
*/
int
pam_acct_mgmt(pam_handle_t *pamh,
int flags)
{
return (openpam_dispatch(pamh, PAM_ACCT_MGMT, flags));
}

56
lib/pam_authenticate.c 100644
View File

@ -0,0 +1,56 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include "openpam.h"
/*
* XSSO 4.2.1
* XSSO 6 page 34
*
* Perform authentication within the PAM framework
*/
int
pam_authenticate(pam_handle_t *pamh,
int flags)
{
return (openpam_dispatch(pamh, PAM_AUTHENTICATE, flags));
}

50
lib/pam_authenticate_secondary.c 100644
View File

@ -0,0 +1,50 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <security/pam_appl.h>
int
pam_authenticate_secondary(pam_handle_t *pamh,
char *target_username,
char *target_module_type,
char *target_authn_domain,
char *target_supp_data,
char *target_module_authtok,
int flags)
{
return (PAM_SYSTEM_ERR);
}

56
lib/pam_chauthtok.c 100644
View File

@ -0,0 +1,56 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include "openpam.h"
/*
* XSSO 4.2.1
* XSSO 6 page 38
*
* Perform password related functions within the PAM framework
*/
int
pam_chauthtok(pam_handle_t *pamh,
int flags)
{
return (openpam_dispatch(pamh, PAM_CHAUTHTOK, flags));
}

56
lib/pam_close_session.c 100644
View File

@ -0,0 +1,56 @@
/*-
* Copyright (c) 2002 Networks Associates Technologies, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by ThinkSec AS and
* NAI Labs, the Security Research Division of Network Associates, Inc.
* under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
* DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id$
*/
#include <sys/param.h>
#include <security/pam_appl.h>
#include "openpam.h"
/*
* XSSO 4.2.1
* XSSO 6 page 40
*
* Close an existing user session
*/
int
pam_close_session(pam_handle_t *pamh,
int flags)
{
return (openpam_dispatch(pamh, PAM_CLOSE_SESSION, flags));
}

80
lib/pam_end.c 100644
View File

@ -0,0 +1,80 @@