Add in-line documentation. Some functions still lack descriptions.

Sponsored by:	DARPA, NAI Labs


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@63 185d5e19-27fe-0310-9dcf-9bff6b9f3609

lib/openpam_dispatch.c

@@ -47,6 +47,8 @@ static void _openpam_check_error_code(int, int);
 #endif /* !defined(OPENPAM_RELAX_CHECKS) */
 
 /*
+ * OpenPAM internal
+ *
  * Execute a module chain
  */
 
@@ -210,3 +212,9 @@ _openpam_check_error_code(int primitive, int r)
 	    _pam_sm_func_name[primitive], r);
 }
 #endif /* !defined(OPENPAM_RELAX_CHECKS) */
+
+/*
+ * NODOC
+ *
+ * Error codes:
+ */

lib/openpam_findenv.c

@@ -41,6 +41,8 @@
 #include "openpam_impl.h"
 
 /*
+ * OpenPAM internal
+ *
  * Locate an environment variable
  */
 
@@ -60,3 +62,7 @@ openpam_findenv(pam_handle_t *pamh,
 			return (i);
 	return (-1);
 }
+
+/*
+ * NODOC
+ */

lib/openpam_load.c

@@ -225,3 +225,7 @@ openpam_clear_chains(pam_handle_t *pamh)
 	for (i = 0; i < PAM_NUM_CHAINS; ++i)
 		openpam_destroy_chain(pamh->chains[i]);
 }
+
+/*
+ * NOPARSE
+ */

lib/openpam_log.c

@@ -47,6 +47,8 @@
 #if defined(openpam_log)
 
 /*
+ * OpenPAM extension
+ *
  * Log a message through syslog(3)
  */
 
@@ -121,3 +123,7 @@ openpam_log(int level, const char *fmt, ...)
 }
 
 #endif
+
+/*
+ * NOLIST
+ */

lib/openpam_ttyconv.c

@@ -46,7 +46,9 @@
 #include <security/openpam.h>
 
 /*
- * Simple tty-based conversation function.
+ * OpenPAM extension
+ *
+ * Simple tty-based conversation function
  */
 
 int
@@ -129,3 +131,13 @@ openpam_ttyconv(int n,
 	*resp = NULL;
 	return (err);
 }
+
+/*
+ * NOLIST
+ *
+ * Error codes:
+ *
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ */

lib/pam_acct_mgmt.c

@@ -54,3 +54,11 @@ pam_acct_mgmt(pam_handle_t *pamh,
 
 	return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags));
 }
+
+/*
+ * Error codes:
+ *
+ *	=openpam_dispatch
+ *	=pam_sm_acct_mgmt
+ *	!PAM_IGNORE
+ */

lib/pam_authenticate.c

@@ -54,3 +54,11 @@ pam_authenticate(pam_handle_t *pamh,
 
 	return (openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags));
 }
+
+/*
+ * Error codes:
+ *
+ *	=openpam_dispatch
+ *	=pam_sm_authenticate
+ *	!PAM_IGNORE
+ */

lib/pam_authenticate_secondary.c

@@ -36,6 +36,13 @@
 
 #include <security/pam_appl.h>
 
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 36
+ *
+ * Perform authentication to a secondary domain within the PAM framework
+ */
+
 int
 pam_authenticate_secondary(pam_handle_t *pamh,
 	char *target_username,
@@ -48,3 +55,7 @@ pam_authenticate_secondary(pam_handle_t *pamh,
 
 	return (PAM_SYSTEM_ERR);
 }
+
+/*
+ * NODOC
+ */

lib/pam_chauthtok.c

@@ -54,3 +54,11 @@ pam_chauthtok(pam_handle_t *pamh,
 
 	return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags));
 }
+
+/*
+ * Error codes:
+ *
+ *	=openpam_dispatch
+ *	=pam_sm_chauthtok
+ *	!PAM_IGNORE
+ */

lib/pam_close_session.c

@@ -54,3 +54,11 @@ pam_close_session(pam_handle_t *pamh,
 
 	return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags));
 }
+
+/*
+ * Error codes:
+ *
+ *	=openpam_dispatch
+ *	=pam_sm_close_session
+ *	!PAM_IGNORE
+ */

lib/pam_end.c

@@ -82,3 +82,17 @@ pam_end(pam_handle_t *pamh,
 
 	return (PAM_SUCCESS);
 }
+
+/*
+ * Error codes:
+ *
+ *	PAM_SYSTEM_ERR
+ */
+
+/**
+ * The =pam_end function terminates a PAM transaction and destroys the
+ * corresponding PAM context, releasing all resources allocated to it.
+ *
+ * The =status argument should be set to the error code returned by the
+ * last API call before the call to =pam_end.
+ */

lib/pam_error.c

@@ -62,3 +62,21 @@ pam_error(pam_handle_t *pamh,
 	free(rsp); /* ignore response */
 	return (r);
 }
+
+/*
+ * Error codes:
+ *
+ *     !PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ */
+
+/**
+ * The =pam_info function displays an error message through the
+ * intermediary of the given PAM context's conversation function.
+ *
+ * >pam_info
+ * >pam_prompt
+ * >pam_verror
+ */

lib/pam_get_authtok.c

@@ -73,3 +73,12 @@ pam_get_authtok(pam_handle_t *pamh,
 	*authtok = resp;
 	return (pam_set_item(pamh, PAM_AUTHTOK, *authtok));
 }
+
+/*
+ * Error codes:
+ *
+ *	=pam_get_item
+ *	=pam_prompt
+ *	=pam_set_item
+ *	!PAM_SYMBOL_ERR
+ */

lib/pam_get_data.c

@@ -65,3 +65,21 @@ pam_get_data(pam_handle_t *pamh,
 
 	return (PAM_NO_MODULE_DATA);
 }
+
+/*
+ * Error codes:
+ *
+ *	PAM_SYSTEM_ERR
+ *	PAM_NO_MODULE_DATA
+ */
+
+/**
+ * The =pam_get_data function looks up the opaque object associated with
+ * the string specified by the =module_data_name argument, in the PAM
+ * context specified by the =pamh argument.
+ * A pointer to the object is stored in the location pointed to by the
+ * =data argument.
+ *
+ * This function and its counterpart =pam_set_data are useful for managing
+ * data that are meaningful only to a particular service module.
+ */

lib/pam_get_item.c

@@ -72,3 +72,48 @@ pam_get_item(pam_handle_t *pamh,
 		return (PAM_SYMBOL_ERR);
 	}
 }
+
+/*
+ * Error codes:
+ *
+ *	PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ */
+
+/**
+ * The =pam_get_item function stores a pointer to the item specified by
+ * the =item_type argument in the location specified by the =item
+ * argument.
+ * The item is retrieved from the PAM context specified by the =pamh
+ * argument.
+ * The following item types are recognized:
+ *
+ *	=PAM_SERVICE:
+ *		The name of the requesting service.
+ *	=PAM_USER:
+ *		The name of the user the application is trying to
+ *		authenticate.
+ *	=PAM_TTY:
+ *		The name of the current terminal.
+ *	=PAM_RHOST:
+ *		The name of the applicant's host.
+ *	=PAM_CONV:
+ *		A =struct pam_conv describing the current conversation
+ *		function.
+ *	=PAM_AUTHTOK:
+ *		The current authentication token.
+ *	=PAM_OLDAUTHTOK:
+ *		The expired authentication token.
+ *	=PAM_RUSER:
+ *		The name of the applicant.
+ *	=PAM_USER_PROMPT:
+ *		The prompt to use when asking the applicant for a user
+ *		name to authenticate as.
+ *	=PAM_AUTHTOK_PROMPT:
+ *		The prompt to use when asking the applicant for an
+ *		authentication token.
+ *
+ * See =pam_start for a description of =struct pam_conv.
+ *
+ * >pam_set_item
+ */

lib/pam_get_mapped_authtok.c

@@ -36,6 +36,13 @@
 
 #include <security/pam_appl.h>
 
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 48
+ *
+ * Get mapped password for the user
+ */
+
 int
 pam_get_mapped_authtok(pam_handle_t *pamh,
 	const char *target_module_username,
@@ -47,3 +54,7 @@ pam_get_mapped_authtok(pam_handle_t *pamh,
 
 	return (PAM_SYSTEM_ERR);
 }
+
+/*
+ * NODOC
+ */

lib/pam_get_mapped_username.c

@@ -36,6 +36,13 @@
 
 #include <security/pam_appl.h>
 
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 50
+ *
+ * Get valid matched identity in new domain
+ */
+
 int
 pam_get_mapped_username(pam_handle_t *pamh,
 	const char *src_username,
@@ -48,3 +55,7 @@ pam_get_mapped_username(pam_handle_t *pamh,
 
 	return (PAM_SYSTEM_ERR);
 }
+
+/*
+ * NODOC
+ */

lib/pam_get_user.c

@@ -74,3 +74,12 @@ pam_get_user(pam_handle_t *pamh,
 	*user = resp;
 	return (pam_set_item(pamh, PAM_USER, *user));
 }
+
+/*
+ * Error codes:
+ *
+ *	=pam_get_item
+ *	=pam_prompt
+ *	=pam_set_item
+ *	!PAM_SYMBOL_ERR
+ */

lib/pam_getenv.c

@@ -65,3 +65,13 @@ pam_getenv(pam_handle_t *pamh,
 		return (NULL);
 	return (strdup(pamh->env[i]));
 }
+
+/**
+ * The =pam_getenv function returns the value of an environment variable.
+ * Its semantics are similar to those of =getenv, but it accesses the PAM
+ * context's environment list instead of the application's.
+ *
+ * >pam_getenvlist
+ * >pam_putenv
+ * >pam_setenv
+ */

lib/pam_getenvlist.c

@@ -75,3 +75,28 @@ pam_getenvlist(pam_handle_t *pamh)
 	}
 	return (envlist);
 }
+
+/**
+ * The =pam_getenvlist function returns a copy of the given PAM context's
+ * environment list as a pointer to an array of strings.
+ * The last element in the array is =NULL.
+ * The pointer is suitable for assignment to {Va environ}.
+ *
+ * The array and the strings it lists are allocated using =malloc, and
+ * should be released using =free after use:
+ *
+ *     char **envlist, **env;
+ *     
+ *     envlist = environ;
+ *     environ = pam_getenvlist(pamh);
+ *     \/\* do something nifty \*\/
+ *     for (env = environ; *env != NULL; env++)
+ *         free(*env);
+ *     free(environ);
+ *     environ = envlist;
+ *
+ * >environ 7
+ * >pam_getenv
+ * >pam_putenv
+ * >pam_setenv
+ */

lib/pam_info.c

@@ -62,3 +62,21 @@ pam_info(pam_handle_t *pamh,
 	free(rsp); /* ignore response */
 	return (r);
 }
+
+/*
+ * Error codes:
+ *
+ *     !PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ */
+
+/**
+ * The =pam_info function displays an informational message through the
+ * intermediary of the given PAM context's conversation function.
+ *
+ * >pam_error
+ * >pam_prompt
+ * >pam_vinfo
+ */

lib/pam_open_session.c

@@ -54,3 +54,11 @@ pam_open_session(pam_handle_t *pamh,
 
 	return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags));
 }
+
+/*
+ * Error codes:
+ *
+ *	=openpam_dispatch
+ *	=pam_sm_open_session
+ *	!PAM_IGNORE
+ */

lib/pam_prompt.c

@@ -60,3 +60,28 @@ pam_prompt(pam_handle_t *pamh,
 	va_end(ap);
 	return (r);
 }
+
+/*
+ * Error codes:
+ *
+ *     !PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ */
+
+/**
+ * The =pam_prompt function constructs a message from the specified format
+ * string and arguments and passes it to the given PAM context's
+ * conversation function.
+ *
+ * A pointer to the response, or =NULL if the conversation function did
+ * not return one, is stored in the location pointed to by the =resp
+ * argument.
+ *
+ * See =pam_vprompt for further details.
+ *
+ * >pam_error
+ * >pam_info
+ * >pam_vprompt
+ */

lib/pam_putenv.c

@@ -86,3 +86,20 @@ pam_putenv(pam_handle_t *pamh,
 	++pamh->env_count;
 	return (PAM_SUCCESS);
 }
+
+/*
+ * Error codes:
+ *
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ */
+
+/**
+ * The =pam_putenv function sets a environment variable.
+ * Its semantics are similar to those of =putenv, but it modifies the PAM
+ * context's environment list instead of the application's.
+ *
+ * >pam_getenv
+ * >pam_getenvlist
+ * >pam_setenv
+ */

lib/pam_set_data.c

@@ -81,3 +81,22 @@ pam_set_data(pam_handle_t *pamh,
 	pamh->module_data = data;
 	return (PAM_SUCCESS);
 }
+
+/*
+ * Error codes:
+ *
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ */
+
+/**
+ * The =pam_set_data function associates a pointer to an opaque object
+ * with an arbitrary string specified by the =module_data_name argument,
+ * in the PAM context specified by the =pamh argument.
+ *
+ * If not =NULL, the =cleanup argument should point to a function
+ * responsible for releasing the resources associated with the object.
+ *
+ * This function and its counterpart =pam_get_data are useful for managing
+ * data that are meaningful only to a particular service module.
+ */

lib/pam_set_item.c

@@ -97,3 +97,18 @@ pam_set_item(pam_handle_t *pamh,
 	*slot = tmp;
 	return (PAM_SUCCESS);
 }
+
+/*
+ * Error codes:
+ *
+ *	PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ */
+
+/**
+ * The =pam_set_item function sets the item specified by the =item_type
+ * argument to a copy of the object pointed to by the =item argument.
+ * The item is stored in the PAM context specified by the =pamh argument.
+ * See =pam_get_item for a list of recognized item types.
+ */

lib/pam_set_mapped_authtok.c

@@ -36,6 +36,13 @@
 
 #include <security/pam_appl.h>
 
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 62
+ *
+ * Store the password for the username supplied
+ */
+
 int
 pam_set_mapped_authtok(pam_handle_t *pamh,
 	const char *target_module_username,
@@ -47,3 +54,7 @@ pam_set_mapped_authtok(pam_handle_t *pamh,
 
 	return (PAM_SYSTEM_ERR);
 }
+
+/*
+ * NODOC
+ */

lib/pam_set_mapped_username.c

@@ -36,6 +36,13 @@
 
 #include <security/pam_appl.h>
 
+/*
+ * XSSO 4.2.1
+ * XSSO 6 page 64
+ *
+ * Set a username
+ */
+
 int
 pam_set_mapped_username(pam_handle_t *pamh,
 	char *src_username,
@@ -48,3 +55,7 @@ pam_set_mapped_username(pam_handle_t *pamh,
 
 	return (PAM_SYSTEM_ERR);
 }
+
+/*
+ * NODOC
+ */

lib/pam_setcred.c

@@ -54,3 +54,25 @@ pam_setcred(pam_handle_t *pamh,
 
 	return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags));
 }
+
+/*
+ * Error codes:
+ *
+ *	=openpam_dispatch
+ *	=pam_sm_setcred
+ *	!PAM_IGNORE
+ */
+
+/**
+ * The =pam_setcred function manages the application's credentials.
+ * The operation to perform is specified by the =flags argument:
+ *
+ *	PAM_ESTABLISH_CRED:
+ *		Establish the credentials of the target user.
+ *	PAM_DELETE_CRED:
+ *		Revoke all established credentials.
+ *	PAM_REINITIALISE_CRED:
+ *		Fully reinitialise credentials.
+ *	PAM_REFRESH_CRED:
+ *		Refresh credentials.
+ */

lib/pam_setenv.c

@@ -77,3 +77,21 @@ pam_setenv(pam_handle_t *pamh,
 	free(env);
 	return (r);
 }
+
+/*
+ * Error codes:
+ *
+ *	=pam_putenv
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ */
+
+/**
+ * The =pam_setenv function sets a environment variable.
+ * Its semantics are similar to those of =setenv, but it modifies the PAM
+ * context's environment list instead of the application's.
+ *
+ * >pam_getenv
+ * >pam_getenvlist
+ * >pam_putenv
+ */

lib/pam_sm_acct_mgmt.c

@@ -0,0 +1,81 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 66
+ *
+ * Service module implementation for pam_acct_mgmt
+ */
+
+int
+pam_sm_acct_mgmt(pam_handle_t *pamh,
+	int flags,
+	int argc,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NOLIST
+ *
+ * Error codes:
+ *
+ *	PAM_SERVICE_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ *	PAM_PERM_DENIED
+ *	PAM_IGNORE
+ *	PAM_ABORT
+ *
+ *	PAM_USER_UNKNOWN
+ *	PAM_AUTH_ERR
+ *	PAM_NEW_AUTHTOK_REQD
+ *	PAM_ACCT_EXPIRED
+ */
+
+/**
+ * The =pam_sm_acct_mgmt function is the service module's implementation
+ * of the =pam_acct_mgmt API function.
+ */

lib/pam_sm_authenticate.c

@@ -0,0 +1,82 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 68
+ *
+ * Service module implementation for pam_authenticate
+ */
+
+int
+pam_sm_authenticate(pam_handle_t *pamh,
+	int flags,
+	int argc,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NOLIST
+ *
+ * Error codes:
+ *
+ *	PAM_SERVICE_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ *	PAM_PERM_DENIED
+ *	PAM_IGNORE
+ *	PAM_ABORT
+ *
+ *	PAM_AUTH_ERR
+ *	PAM_CRED_INSUFFICIENT
+ *	PAM_AUTHINFO_UNAVAIL
+ *	PAM_USER_UNKNOWN
+ *	PAM_MAXTRIES
+ */
+
+/**
+ * The =pam_sm_authenticate function is the service module's
+ * implementation of the =pam_authenticate API function.
+ */

lib/pam_sm_authenticate_secondary.c

@@ -0,0 +1,66 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 70
+ *
+ * Service module implementation for pam_authenticate_secondary
+ */
+
+int
+pam_sm_authenticate_secondary(pam_handle_t *pamh,
+	char *target_username,
+	char *target_module_type,
+	char *target_authn_domain,
+	char *target_supp_data,
+	unsigned char *target_module_authtok,
+	int flags,
+	int argc,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NODOC
+ */

lib/pam_sm_chauthtok.c

@@ -0,0 +1,82 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 72
+ *
+ * Service module implementation for pam_chauthtok
+ */
+
+int
+pam_sm_chauthtok(pam_handle_t *pamh,
+	int flags,
+	int argc,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NOLIST
+ *
+ * Error codes:
+ *
+ *	PAM_SERVICE_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ *	PAM_PERM_DENIED
+ *	PAM_IGNORE
+ *	PAM_ABORT
+ *
+ *	PAM_PERM_DENIED
+ *	PAM_AUTHTOK_ERR
+ *	PAM_AUTHTOK_RECOVERY_ERR
+ *	PAM_AUTHTOK_LOCK_BUSY
+ *	PAM_AUTHTOK_DISABLE_AGING
+ */
+
+/**
+ * The =pam_sm_chauthtok function is the service module's implementation
+ * of the =pam_chauthtok API function.
+ */

lib/pam_sm_close_session.c

@@ -0,0 +1,78 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 75
+ *
+ * Service module implementation for pam_close_session
+ */
+
+int
+pam_sm_close_session(pam_handle_t *pamh,
+	int flags,
+	int args,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NOLIST
+ *
+ * Error codes:
+ *
+ *	PAM_SERVICE_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ *	PAM_PERM_DENIED
+ *	PAM_IGNORE
+ *	PAM_ABORT
+ *
+ *	PAM_SESSION_ERR
+ */
+
+/**
+ * The =pam_sm_close_session function is the service module's
+ * implementation of the =pam_close_session API function.
+ */

lib/pam_sm_get_mapped_authtok.c

@@ -0,0 +1,65 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 77
+ *
+ * Service module implementation for pam_get_mapped_authtok
+ */
+
+int
+pam_sm_get_mapped_authtok(pam_handle_t *pamh,
+	char *target_module_username,
+	char *target_module_type,
+	char *target_authn_domain,
+	size_t *target_authtok_len,
+	unsigned char **target_module_authtok,
+	int argc,
+	char *argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NODOC
+ */

lib/pam_sm_get_mapped_username.c

@@ -0,0 +1,66 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 79
+ *
+ * Service module implementation for pam_get_mapped_username
+ */
+
+int
+pam_sm_get_mapped_username(pam_handle_t *pamh,
+	char *src_username,
+	char *src_module_type,
+	char *src_authn_domain,
+	char *target_module_type,
+	char *target_authn_domain,
+	char **target_module_username,
+	int argc,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NODOC
+ */

lib/pam_sm_open_session.c

@@ -0,0 +1,78 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 81
+ *
+ * Service module implementation for pam_open_session
+ */
+
+int
+pam_sm_open_session(pam_handle_t *pamh,
+	int flags,
+	int argc,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NOLIST
+ *
+ * Error codes:
+ *
+ *	PAM_SERVICE_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ *	PAM_PERM_DENIED
+ *	PAM_IGNORE
+ *	PAM_ABORT
+ *
+ *	PAM_SESSION_ERR
+ */
+
+/**
+ * The =pam_sm_open_session function is the service module's
+ * implementation of the =pam_open_session API function.
+ */

lib/pam_sm_set_mapped_authtok.c

@@ -0,0 +1,65 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 83
+ *
+ * Service module implementation for pam_set_mapped_authtok
+ */
+
+int
+pam_sm_set_mapped_authtok(pam_handle_t *pamh,
+	char *target_module_username,
+	size_t target_authtok_len,
+	unsigned char *target_module_authtok,
+	char *target_module_type,
+	char *target_authn_domain,
+	int argc,
+	const char *argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NODOC
+ */

lib/pam_sm_set_mapped_username.c

@@ -0,0 +1,63 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 85
+ *
+ * Service module implementation for pam_set_mapped_username
+ */
+
+int
+pam_sm_set_mapped_username(pam_handle_t *pamh,
+	char *target_module_username,
+	char *target_module_type,
+	char *target_authn_domain,
+	int argc,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+/*
+ * NODOC
+ */

lib/pam_sm_setcred.c

@@ -0,0 +1,82 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#include <sys/param.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+/*
+ * XSSO 4.2.2
+ * XSSO 6 page 87
+ *
+ * Service module implementation for pam_setcred
+ */
+
+int
+pam_sm_setcred(pam_handle_t *pamh,
+	int flags,
+	int argc,
+	const char **argv)
+{
+
+	return (PAM_SYSTEM_ERR);
+}
+
+
+/*
+ * NOLIST
+ *
+ * Error codes:
+ *
+ *	PAM_SERVICE_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ *	PAM_PERM_DENIED
+ *	PAM_IGNORE
+ *	PAM_ABORT
+ *
+ *	PAM_CRED_UNAVAIL
+ *	PAM_CRED_EXPIRED
+ *	PAM_USER_UNKNOWN
+ *	PAM_CRED_ERR
+ */
+
+/**
+ * The =pam_sm_setcred function is the service module's implementation of
+ * the =pam_setcred API function.
+ */

lib/pam_start.c

@@ -290,3 +290,37 @@ _pam_configure_service(pam_handle_t *pamh,
 
 	return (PAM_SYSTEM_ERR);
 }
+
+/*
+ * Error codes:
+ *
+ *	=pam_set_item
+ *	!PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ */
+
+/**
+ * The =pam_start function creates and initializes a PAM context.
+ *
+ * The =service argument specifies the name of the policy to apply, and is
+ * stored in the =PAM_SERVICE item in the created context.
+ *
+ * The =user argument specifies the name of the target user - the user the
+ * created context will serve to authenticate.
+ * It is stored in the =PAM_USER item in the created context.
+ *
+ * The =pam_conv argument points to a =struct pam_conv describing the
+ * conversation function to use.
+ * This structure is defined as follows:
+ *
+ *     struct pam_conv {
+ *          int   (*conv)(int, const struct pam_message **,
+ *              struct pam_response **, void *);
+ *          void   *appdata_ptr;
+ *     };
+ *
+ * >pam_get_item
+ * >pam_set_item
+ * >pam_end
+ */

lib/pam_strerror.c

@@ -103,7 +103,7 @@ pam_strerror(pam_handle_t *pamh,
 	case PAM_AUTHTOK_LOCK_BUSY:
 		return ("authentication token lock busy");
 	case PAM_AUTHTOK_DISABLE_AGING:
-		return ("authentication token ageing disabled");
+		return ("authentication token aging disabled");
 	case PAM_NO_MODULE_DATA:
 		return ("module data not found");
 	case PAM_IGNORE:
@@ -121,3 +121,10 @@ pam_strerror(pam_handle_t *pamh,
 		return (unknown);
 	}
 }
+
+/**
+ * The =pam_strerror function returns a pointer to a string containing a
+ * textual description of the error indicated by the =error_number
+ * argument, in the context of the PAM transaction described by the =pamh
+ * argument.
+ */

lib/pam_verror.c

@@ -58,3 +58,20 @@ pam_verror(pam_handle_t *pamh,
 	free(rsp); /* ignore response */
 	return (r);
 }
+
+/*
+ * Error codes:
+ *
+ *     !PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ */
+
+/**
+ * The =pam_verror function passes its arguments to =pam_vprompt with a
+ * =style argument of =PAM_ERROR_MSG, and discards the response.
+ *
+ * >pam_error
+ * >pam_vinfo
+ */

lib/pam_vinfo.c

@@ -58,3 +58,20 @@ pam_vinfo(pam_handle_t *pamh,
 	free(rsp); /* ignore response */
 	return (r);
 }
+
+/*
+ * Error codes:
+ *
+ *     !PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ */
+
+/**
+ * The =pam_vinfo function passes its arguments to =pam_vprompt with a
+ * =style argument of =PAM_TEXT_INFO, and discards the response.
+ *
+ * >pam_info
+ * >pam_verror
+ */

lib/pam_vprompt.c

@@ -77,3 +77,47 @@ pam_vprompt(pam_handle_t *pamh,
 	free(rsp);
 	return (r);
 }
+
+/*
+ * Error codes:
+ *
+ *     !PAM_SYMBOL_ERR
+ *	PAM_SYSTEM_ERR
+ *	PAM_BUF_ERR
+ *	PAM_CONV_ERR
+ */
+
+/**
+ * The =pam_vprompt function constructs a string from the =fmt and =ap
+ * arguments using =vsnprintf, and passes it to the given PAM context's
+ * conversation function.
+ *
+ * The =style argument specifies the type of interaction requested, and
+ * must be one of the following:
+ *
+ *	=PAM_PROMPT_ECHO_OFF:
+ *		Display the message and obtain the user's response without
+ *		displaying it.
+ *	=PAM_PROMPT_ECHO_ON:
+ *		Display the message and obtain the user's response.
+ *	=PAM_ERROR_MSG:
+ *		Display the message as an error message, and do not wait
+ *		for a response.
+ *	=PAM_TEXT_INFO:
+ *		Display the message as an informational message, and do
+ *		not wait for a response.
+ *
+ * A pointer to the response, or =NULL if the conversation function did
+ * not return one, is stored in the location pointed to by the =resp
+ * argument.
+ *
+ * The message and response should not exceed =PAM_MAX_MSG_SIZE or
+ * =PAM_MAX_RESP_SIZE, respectively.
+ * If they do, they may be truncated.
+ *
+ * >pam_error
+ * >pam_info
+ * >pam_prompt
+ * >pam_verror
+ * >pam_vinfo
+ */