diff --git a/lib/openpam_dispatch.c b/lib/openpam_dispatch.c index 1582edb..b663d5a 100644 --- a/lib/openpam_dispatch.c +++ b/lib/openpam_dispatch.c @@ -47,6 +47,8 @@ static void _openpam_check_error_code(int, int); #endif /* !defined(OPENPAM_RELAX_CHECKS) */ /* + * OpenPAM internal + * * Execute a module chain */ @@ -210,3 +212,9 @@ _openpam_check_error_code(int primitive, int r) _pam_sm_func_name[primitive], r); } #endif /* !defined(OPENPAM_RELAX_CHECKS) */ + +/* + * NODOC + * + * Error codes: + */ diff --git a/lib/openpam_findenv.c b/lib/openpam_findenv.c index c32dd27..a9fb333 100644 --- a/lib/openpam_findenv.c +++ b/lib/openpam_findenv.c @@ -41,6 +41,8 @@ #include "openpam_impl.h" /* + * OpenPAM internal + * * Locate an environment variable */ @@ -60,3 +62,7 @@ openpam_findenv(pam_handle_t *pamh, return (i); return (-1); } + +/* + * NODOC + */ diff --git a/lib/openpam_load.c b/lib/openpam_load.c index 1a345ec..a042c0f 100644 --- a/lib/openpam_load.c +++ b/lib/openpam_load.c @@ -225,3 +225,7 @@ openpam_clear_chains(pam_handle_t *pamh) for (i = 0; i < PAM_NUM_CHAINS; ++i) openpam_destroy_chain(pamh->chains[i]); } + +/* + * NOPARSE + */ diff --git a/lib/openpam_log.c b/lib/openpam_log.c index b15c6e3..493ea33 100644 --- a/lib/openpam_log.c +++ b/lib/openpam_log.c @@ -47,6 +47,8 @@ #if defined(openpam_log) /* + * OpenPAM extension + * * Log a message through syslog(3) */ @@ -121,3 +123,7 @@ openpam_log(int level, const char *fmt, ...) } #endif + +/* + * NOLIST + */ diff --git a/lib/openpam_ttyconv.c b/lib/openpam_ttyconv.c index ac7eecd..5f913a5 100644 --- a/lib/openpam_ttyconv.c +++ b/lib/openpam_ttyconv.c @@ -46,7 +46,9 @@ #include /* - * Simple tty-based conversation function. + * OpenPAM extension + * + * Simple tty-based conversation function */ int @@ -129,3 +131,13 @@ openpam_ttyconv(int n, *resp = NULL; return (err); } + +/* + * NOLIST + * + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ diff --git a/lib/pam_acct_mgmt.c b/lib/pam_acct_mgmt.c index d88a24e..3187e8d 100644 --- a/lib/pam_acct_mgmt.c +++ b/lib/pam_acct_mgmt.c @@ -54,3 +54,11 @@ pam_acct_mgmt(pam_handle_t *pamh, return (openpam_dispatch(pamh, PAM_SM_ACCT_MGMT, flags)); } + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_acct_mgmt + * !PAM_IGNORE + */ diff --git a/lib/pam_authenticate.c b/lib/pam_authenticate.c index d98d1df..3524f4e 100644 --- a/lib/pam_authenticate.c +++ b/lib/pam_authenticate.c @@ -54,3 +54,11 @@ pam_authenticate(pam_handle_t *pamh, return (openpam_dispatch(pamh, PAM_SM_AUTHENTICATE, flags)); } + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_authenticate + * !PAM_IGNORE + */ diff --git a/lib/pam_authenticate_secondary.c b/lib/pam_authenticate_secondary.c index 37a57fe..e1380d2 100644 --- a/lib/pam_authenticate_secondary.c +++ b/lib/pam_authenticate_secondary.c @@ -36,6 +36,13 @@ #include +/* + * XSSO 4.2.1 + * XSSO 6 page 36 + * + * Perform authentication to a secondary domain within the PAM framework + */ + int pam_authenticate_secondary(pam_handle_t *pamh, char *target_username, @@ -48,3 +55,7 @@ pam_authenticate_secondary(pam_handle_t *pamh, return (PAM_SYSTEM_ERR); } + +/* + * NODOC + */ diff --git a/lib/pam_chauthtok.c b/lib/pam_chauthtok.c index c35ed49..3248feb 100644 --- a/lib/pam_chauthtok.c +++ b/lib/pam_chauthtok.c @@ -54,3 +54,11 @@ pam_chauthtok(pam_handle_t *pamh, return (openpam_dispatch(pamh, PAM_SM_CHAUTHTOK, flags)); } + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_chauthtok + * !PAM_IGNORE + */ diff --git a/lib/pam_close_session.c b/lib/pam_close_session.c index 9b2a1ae..5d292f2 100644 --- a/lib/pam_close_session.c +++ b/lib/pam_close_session.c @@ -54,3 +54,11 @@ pam_close_session(pam_handle_t *pamh, return (openpam_dispatch(pamh, PAM_SM_CLOSE_SESSION, flags)); } + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_close_session + * !PAM_IGNORE + */ diff --git a/lib/pam_end.c b/lib/pam_end.c index 0fbfdf8..b7c170f 100644 --- a/lib/pam_end.c +++ b/lib/pam_end.c @@ -82,3 +82,17 @@ pam_end(pam_handle_t *pamh, return (PAM_SUCCESS); } + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + */ + +/** + * The =pam_end function terminates a PAM transaction and destroys the + * corresponding PAM context, releasing all resources allocated to it. + * + * The =status argument should be set to the error code returned by the + * last API call before the call to =pam_end. + */ diff --git a/lib/pam_error.c b/lib/pam_error.c index aded8f1..cbee427 100644 --- a/lib/pam_error.c +++ b/lib/pam_error.c @@ -62,3 +62,21 @@ pam_error(pam_handle_t *pamh, free(rsp); /* ignore response */ return (r); } + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_info function displays an error message through the + * intermediary of the given PAM context's conversation function. + * + * >pam_info + * >pam_prompt + * >pam_verror + */ diff --git a/lib/pam_get_authtok.c b/lib/pam_get_authtok.c index 9776fff..a1dd1a8 100644 --- a/lib/pam_get_authtok.c +++ b/lib/pam_get_authtok.c @@ -73,3 +73,12 @@ pam_get_authtok(pam_handle_t *pamh, *authtok = resp; return (pam_set_item(pamh, PAM_AUTHTOK, *authtok)); } + +/* + * Error codes: + * + * =pam_get_item + * =pam_prompt + * =pam_set_item + * !PAM_SYMBOL_ERR + */ diff --git a/lib/pam_get_data.c b/lib/pam_get_data.c index f258de8..b1f8ab3 100644 --- a/lib/pam_get_data.c +++ b/lib/pam_get_data.c @@ -65,3 +65,21 @@ pam_get_data(pam_handle_t *pamh, return (PAM_NO_MODULE_DATA); } + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_NO_MODULE_DATA + */ + +/** + * The =pam_get_data function looks up the opaque object associated with + * the string specified by the =module_data_name argument, in the PAM + * context specified by the =pamh argument. + * A pointer to the object is stored in the location pointed to by the + * =data argument. + * + * This function and its counterpart =pam_set_data are useful for managing + * data that are meaningful only to a particular service module. + */ diff --git a/lib/pam_get_item.c b/lib/pam_get_item.c index ddcb92c..5767652 100644 --- a/lib/pam_get_item.c +++ b/lib/pam_get_item.c @@ -72,3 +72,48 @@ pam_get_item(pam_handle_t *pamh, return (PAM_SYMBOL_ERR); } } + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + */ + +/** + * The =pam_get_item function stores a pointer to the item specified by + * the =item_type argument in the location specified by the =item + * argument. + * The item is retrieved from the PAM context specified by the =pamh + * argument. + * The following item types are recognized: + * + * =PAM_SERVICE: + * The name of the requesting service. + * =PAM_USER: + * The name of the user the application is trying to + * authenticate. + * =PAM_TTY: + * The name of the current terminal. + * =PAM_RHOST: + * The name of the applicant's host. + * =PAM_CONV: + * A =struct pam_conv describing the current conversation + * function. + * =PAM_AUTHTOK: + * The current authentication token. + * =PAM_OLDAUTHTOK: + * The expired authentication token. + * =PAM_RUSER: + * The name of the applicant. + * =PAM_USER_PROMPT: + * The prompt to use when asking the applicant for a user + * name to authenticate as. + * =PAM_AUTHTOK_PROMPT: + * The prompt to use when asking the applicant for an + * authentication token. + * + * See =pam_start for a description of =struct pam_conv. + * + * >pam_set_item + */ diff --git a/lib/pam_get_mapped_authtok.c b/lib/pam_get_mapped_authtok.c index 0050c0e..5d6b0b0 100644 --- a/lib/pam_get_mapped_authtok.c +++ b/lib/pam_get_mapped_authtok.c @@ -36,6 +36,13 @@ #include +/* + * XSSO 4.2.1 + * XSSO 6 page 48 + * + * Get mapped password for the user + */ + int pam_get_mapped_authtok(pam_handle_t *pamh, const char *target_module_username, @@ -47,3 +54,7 @@ pam_get_mapped_authtok(pam_handle_t *pamh, return (PAM_SYSTEM_ERR); } + +/* + * NODOC + */ diff --git a/lib/pam_get_mapped_username.c b/lib/pam_get_mapped_username.c index faa78bb..038193f 100644 --- a/lib/pam_get_mapped_username.c +++ b/lib/pam_get_mapped_username.c @@ -36,6 +36,13 @@ #include +/* + * XSSO 4.2.1 + * XSSO 6 page 50 + * + * Get valid matched identity in new domain + */ + int pam_get_mapped_username(pam_handle_t *pamh, const char *src_username, @@ -48,3 +55,7 @@ pam_get_mapped_username(pam_handle_t *pamh, return (PAM_SYSTEM_ERR); } + +/* + * NODOC + */ diff --git a/lib/pam_get_user.c b/lib/pam_get_user.c index 17572c4..e8fe0bc 100644 --- a/lib/pam_get_user.c +++ b/lib/pam_get_user.c @@ -74,3 +74,12 @@ pam_get_user(pam_handle_t *pamh, *user = resp; return (pam_set_item(pamh, PAM_USER, *user)); } + +/* + * Error codes: + * + * =pam_get_item + * =pam_prompt + * =pam_set_item + * !PAM_SYMBOL_ERR + */ diff --git a/lib/pam_getenv.c b/lib/pam_getenv.c index d6bf219..05deb54 100644 --- a/lib/pam_getenv.c +++ b/lib/pam_getenv.c @@ -65,3 +65,13 @@ pam_getenv(pam_handle_t *pamh, return (NULL); return (strdup(pamh->env[i])); } + +/** + * The =pam_getenv function returns the value of an environment variable. + * Its semantics are similar to those of =getenv, but it accesses the PAM + * context's environment list instead of the application's. + * + * >pam_getenvlist + * >pam_putenv + * >pam_setenv + */ diff --git a/lib/pam_getenvlist.c b/lib/pam_getenvlist.c index bba8e16..ad72e7f 100644 --- a/lib/pam_getenvlist.c +++ b/lib/pam_getenvlist.c @@ -75,3 +75,28 @@ pam_getenvlist(pam_handle_t *pamh) } return (envlist); } + +/** + * The =pam_getenvlist function returns a copy of the given PAM context's + * environment list as a pointer to an array of strings. + * The last element in the array is =NULL. + * The pointer is suitable for assignment to {Va environ}. + * + * The array and the strings it lists are allocated using =malloc, and + * should be released using =free after use: + * + * char **envlist, **env; + * + * envlist = environ; + * environ = pam_getenvlist(pamh); + * \/\* do something nifty \*\/ + * for (env = environ; *env != NULL; env++) + * free(*env); + * free(environ); + * environ = envlist; + * + * >environ 7 + * >pam_getenv + * >pam_putenv + * >pam_setenv + */ diff --git a/lib/pam_info.c b/lib/pam_info.c index ce1d2b8..8752391 100644 --- a/lib/pam_info.c +++ b/lib/pam_info.c @@ -62,3 +62,21 @@ pam_info(pam_handle_t *pamh, free(rsp); /* ignore response */ return (r); } + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_info function displays an informational message through the + * intermediary of the given PAM context's conversation function. + * + * >pam_error + * >pam_prompt + * >pam_vinfo + */ diff --git a/lib/pam_open_session.c b/lib/pam_open_session.c index dcbf2b8..0f8f981 100644 --- a/lib/pam_open_session.c +++ b/lib/pam_open_session.c @@ -54,3 +54,11 @@ pam_open_session(pam_handle_t *pamh, return (openpam_dispatch(pamh, PAM_SM_OPEN_SESSION, flags)); } + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_open_session + * !PAM_IGNORE + */ diff --git a/lib/pam_prompt.c b/lib/pam_prompt.c index afc4169..5dbde6c 100644 --- a/lib/pam_prompt.c +++ b/lib/pam_prompt.c @@ -60,3 +60,28 @@ pam_prompt(pam_handle_t *pamh, va_end(ap); return (r); } + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_prompt function constructs a message from the specified format + * string and arguments and passes it to the given PAM context's + * conversation function. + * + * A pointer to the response, or =NULL if the conversation function did + * not return one, is stored in the location pointed to by the =resp + * argument. + * + * See =pam_vprompt for further details. + * + * >pam_error + * >pam_info + * >pam_vprompt + */ diff --git a/lib/pam_putenv.c b/lib/pam_putenv.c index c8701f3..e1b497e 100644 --- a/lib/pam_putenv.c +++ b/lib/pam_putenv.c @@ -86,3 +86,20 @@ pam_putenv(pam_handle_t *pamh, ++pamh->env_count; return (PAM_SUCCESS); } + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_putenv function sets a environment variable. + * Its semantics are similar to those of =putenv, but it modifies the PAM + * context's environment list instead of the application's. + * + * >pam_getenv + * >pam_getenvlist + * >pam_setenv + */ diff --git a/lib/pam_set_data.c b/lib/pam_set_data.c index 59d5751..e04de73 100644 --- a/lib/pam_set_data.c +++ b/lib/pam_set_data.c @@ -81,3 +81,22 @@ pam_set_data(pam_handle_t *pamh, pamh->module_data = data; return (PAM_SUCCESS); } + +/* + * Error codes: + * + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_set_data function associates a pointer to an opaque object + * with an arbitrary string specified by the =module_data_name argument, + * in the PAM context specified by the =pamh argument. + * + * If not =NULL, the =cleanup argument should point to a function + * responsible for releasing the resources associated with the object. + * + * This function and its counterpart =pam_get_data are useful for managing + * data that are meaningful only to a particular service module. + */ diff --git a/lib/pam_set_item.c b/lib/pam_set_item.c index af9bd4f..038971d 100644 --- a/lib/pam_set_item.c +++ b/lib/pam_set_item.c @@ -97,3 +97,18 @@ pam_set_item(pam_handle_t *pamh, *slot = tmp; return (PAM_SUCCESS); } + +/* + * Error codes: + * + * PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_set_item function sets the item specified by the =item_type + * argument to a copy of the object pointed to by the =item argument. + * The item is stored in the PAM context specified by the =pamh argument. + * See =pam_get_item for a list of recognized item types. + */ diff --git a/lib/pam_set_mapped_authtok.c b/lib/pam_set_mapped_authtok.c index ad066df..36383e6 100644 --- a/lib/pam_set_mapped_authtok.c +++ b/lib/pam_set_mapped_authtok.c @@ -36,6 +36,13 @@ #include +/* + * XSSO 4.2.1 + * XSSO 6 page 62 + * + * Store the password for the username supplied + */ + int pam_set_mapped_authtok(pam_handle_t *pamh, const char *target_module_username, @@ -47,3 +54,7 @@ pam_set_mapped_authtok(pam_handle_t *pamh, return (PAM_SYSTEM_ERR); } + +/* + * NODOC + */ diff --git a/lib/pam_set_mapped_username.c b/lib/pam_set_mapped_username.c index fc12989..6ca011f 100644 --- a/lib/pam_set_mapped_username.c +++ b/lib/pam_set_mapped_username.c @@ -36,6 +36,13 @@ #include +/* + * XSSO 4.2.1 + * XSSO 6 page 64 + * + * Set a username + */ + int pam_set_mapped_username(pam_handle_t *pamh, char *src_username, @@ -48,3 +55,7 @@ pam_set_mapped_username(pam_handle_t *pamh, return (PAM_SYSTEM_ERR); } + +/* + * NODOC + */ diff --git a/lib/pam_setcred.c b/lib/pam_setcred.c index 0ea10ff..1a78498 100644 --- a/lib/pam_setcred.c +++ b/lib/pam_setcred.c @@ -54,3 +54,25 @@ pam_setcred(pam_handle_t *pamh, return (openpam_dispatch(pamh, PAM_SM_SETCRED, flags)); } + +/* + * Error codes: + * + * =openpam_dispatch + * =pam_sm_setcred + * !PAM_IGNORE + */ + +/** + * The =pam_setcred function manages the application's credentials. + * The operation to perform is specified by the =flags argument: + * + * PAM_ESTABLISH_CRED: + * Establish the credentials of the target user. + * PAM_DELETE_CRED: + * Revoke all established credentials. + * PAM_REINITIALISE_CRED: + * Fully reinitialise credentials. + * PAM_REFRESH_CRED: + * Refresh credentials. + */ diff --git a/lib/pam_setenv.c b/lib/pam_setenv.c index 6165b7c..155835e 100644 --- a/lib/pam_setenv.c +++ b/lib/pam_setenv.c @@ -77,3 +77,21 @@ pam_setenv(pam_handle_t *pamh, free(env); return (r); } + +/* + * Error codes: + * + * =pam_putenv + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_setenv function sets a environment variable. + * Its semantics are similar to those of =setenv, but it modifies the PAM + * context's environment list instead of the application's. + * + * >pam_getenv + * >pam_getenvlist + * >pam_putenv + */ diff --git a/lib/pam_sm_acct_mgmt.c b/lib/pam_sm_acct_mgmt.c new file mode 100644 index 0000000..692d52e --- /dev/null +++ b/lib/pam_sm_acct_mgmt.c @@ -0,0 +1,81 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 66 + * + * Service module implementation for pam_acct_mgmt + */ + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NOLIST + * + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_USER_UNKNOWN + * PAM_AUTH_ERR + * PAM_NEW_AUTHTOK_REQD + * PAM_ACCT_EXPIRED + */ + +/** + * The =pam_sm_acct_mgmt function is the service module's implementation + * of the =pam_acct_mgmt API function. + */ diff --git a/lib/pam_sm_authenticate.c b/lib/pam_sm_authenticate.c new file mode 100644 index 0000000..17c8a76 --- /dev/null +++ b/lib/pam_sm_authenticate.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 68 + * + * Service module implementation for pam_authenticate + */ + +int +pam_sm_authenticate(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NOLIST + * + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_AUTH_ERR + * PAM_CRED_INSUFFICIENT + * PAM_AUTHINFO_UNAVAIL + * PAM_USER_UNKNOWN + * PAM_MAXTRIES + */ + +/** + * The =pam_sm_authenticate function is the service module's + * implementation of the =pam_authenticate API function. + */ diff --git a/lib/pam_sm_authenticate_secondary.c b/lib/pam_sm_authenticate_secondary.c new file mode 100644 index 0000000..ec56f47 --- /dev/null +++ b/lib/pam_sm_authenticate_secondary.c @@ -0,0 +1,66 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 70 + * + * Service module implementation for pam_authenticate_secondary + */ + +int +pam_sm_authenticate_secondary(pam_handle_t *pamh, + char *target_username, + char *target_module_type, + char *target_authn_domain, + char *target_supp_data, + unsigned char *target_module_authtok, + int flags, + int argc, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_chauthtok.c b/lib/pam_sm_chauthtok.c new file mode 100644 index 0000000..2edf0d7 --- /dev/null +++ b/lib/pam_sm_chauthtok.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 72 + * + * Service module implementation for pam_chauthtok + */ + +int +pam_sm_chauthtok(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NOLIST + * + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_PERM_DENIED + * PAM_AUTHTOK_ERR + * PAM_AUTHTOK_RECOVERY_ERR + * PAM_AUTHTOK_LOCK_BUSY + * PAM_AUTHTOK_DISABLE_AGING + */ + +/** + * The =pam_sm_chauthtok function is the service module's implementation + * of the =pam_chauthtok API function. + */ diff --git a/lib/pam_sm_close_session.c b/lib/pam_sm_close_session.c new file mode 100644 index 0000000..7ff7a83 --- /dev/null +++ b/lib/pam_sm_close_session.c @@ -0,0 +1,78 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 75 + * + * Service module implementation for pam_close_session + */ + +int +pam_sm_close_session(pam_handle_t *pamh, + int flags, + int args, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NOLIST + * + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_SESSION_ERR + */ + +/** + * The =pam_sm_close_session function is the service module's + * implementation of the =pam_close_session API function. + */ diff --git a/lib/pam_sm_get_mapped_authtok.c b/lib/pam_sm_get_mapped_authtok.c new file mode 100644 index 0000000..c6a9112 --- /dev/null +++ b/lib/pam_sm_get_mapped_authtok.c @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 77 + * + * Service module implementation for pam_get_mapped_authtok + */ + +int +pam_sm_get_mapped_authtok(pam_handle_t *pamh, + char *target_module_username, + char *target_module_type, + char *target_authn_domain, + size_t *target_authtok_len, + unsigned char **target_module_authtok, + int argc, + char *argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_get_mapped_username.c b/lib/pam_sm_get_mapped_username.c new file mode 100644 index 0000000..0aed26c --- /dev/null +++ b/lib/pam_sm_get_mapped_username.c @@ -0,0 +1,66 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 79 + * + * Service module implementation for pam_get_mapped_username + */ + +int +pam_sm_get_mapped_username(pam_handle_t *pamh, + char *src_username, + char *src_module_type, + char *src_authn_domain, + char *target_module_type, + char *target_authn_domain, + char **target_module_username, + int argc, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_open_session.c b/lib/pam_sm_open_session.c new file mode 100644 index 0000000..7ed7401 --- /dev/null +++ b/lib/pam_sm_open_session.c @@ -0,0 +1,78 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 81 + * + * Service module implementation for pam_open_session + */ + +int +pam_sm_open_session(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NOLIST + * + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_SESSION_ERR + */ + +/** + * The =pam_sm_open_session function is the service module's + * implementation of the =pam_open_session API function. + */ diff --git a/lib/pam_sm_set_mapped_authtok.c b/lib/pam_sm_set_mapped_authtok.c new file mode 100644 index 0000000..35cecaa --- /dev/null +++ b/lib/pam_sm_set_mapped_authtok.c @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 83 + * + * Service module implementation for pam_set_mapped_authtok + */ + +int +pam_sm_set_mapped_authtok(pam_handle_t *pamh, + char *target_module_username, + size_t target_authtok_len, + unsigned char *target_module_authtok, + char *target_module_type, + char *target_authn_domain, + int argc, + const char *argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_set_mapped_username.c b/lib/pam_sm_set_mapped_username.c new file mode 100644 index 0000000..1911fd8 --- /dev/null +++ b/lib/pam_sm_set_mapped_username.c @@ -0,0 +1,63 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 85 + * + * Service module implementation for pam_set_mapped_username + */ + +int +pam_sm_set_mapped_username(pam_handle_t *pamh, + char *target_module_username, + char *target_module_type, + char *target_authn_domain, + int argc, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + +/* + * NODOC + */ diff --git a/lib/pam_sm_setcred.c b/lib/pam_sm_setcred.c new file mode 100644 index 0000000..20777ad --- /dev/null +++ b/lib/pam_sm_setcred.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2002 Networks Associates Technologies, Inc. + * All rights reserved. + * + * This software was developed for the FreeBSD Project by ThinkSec AS and + * NAI Labs, the Security Research Division of Network Associates, Inc. + * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the + * DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include + +#include +#include + +/* + * XSSO 4.2.2 + * XSSO 6 page 87 + * + * Service module implementation for pam_setcred + */ + +int +pam_sm_setcred(pam_handle_t *pamh, + int flags, + int argc, + const char **argv) +{ + + return (PAM_SYSTEM_ERR); +} + + +/* + * NOLIST + * + * Error codes: + * + * PAM_SERVICE_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + * PAM_PERM_DENIED + * PAM_IGNORE + * PAM_ABORT + * + * PAM_CRED_UNAVAIL + * PAM_CRED_EXPIRED + * PAM_USER_UNKNOWN + * PAM_CRED_ERR + */ + +/** + * The =pam_sm_setcred function is the service module's implementation of + * the =pam_setcred API function. + */ diff --git a/lib/pam_start.c b/lib/pam_start.c index a059661..1578258 100644 --- a/lib/pam_start.c +++ b/lib/pam_start.c @@ -290,3 +290,37 @@ _pam_configure_service(pam_handle_t *pamh, return (PAM_SYSTEM_ERR); } + +/* + * Error codes: + * + * =pam_set_item + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + */ + +/** + * The =pam_start function creates and initializes a PAM context. + * + * The =service argument specifies the name of the policy to apply, and is + * stored in the =PAM_SERVICE item in the created context. + * + * The =user argument specifies the name of the target user - the user the + * created context will serve to authenticate. + * It is stored in the =PAM_USER item in the created context. + * + * The =pam_conv argument points to a =struct pam_conv describing the + * conversation function to use. + * This structure is defined as follows: + * + * struct pam_conv { + * int (*conv)(int, const struct pam_message **, + * struct pam_response **, void *); + * void *appdata_ptr; + * }; + * + * >pam_get_item + * >pam_set_item + * >pam_end + */ diff --git a/lib/pam_strerror.c b/lib/pam_strerror.c index 962563e..2503e4f 100644 --- a/lib/pam_strerror.c +++ b/lib/pam_strerror.c @@ -103,7 +103,7 @@ pam_strerror(pam_handle_t *pamh, case PAM_AUTHTOK_LOCK_BUSY: return ("authentication token lock busy"); case PAM_AUTHTOK_DISABLE_AGING: - return ("authentication token ageing disabled"); + return ("authentication token aging disabled"); case PAM_NO_MODULE_DATA: return ("module data not found"); case PAM_IGNORE: @@ -121,3 +121,10 @@ pam_strerror(pam_handle_t *pamh, return (unknown); } } + +/** + * The =pam_strerror function returns a pointer to a string containing a + * textual description of the error indicated by the =error_number + * argument, in the context of the PAM transaction described by the =pamh + * argument. + */ diff --git a/lib/pam_verror.c b/lib/pam_verror.c index feeaa6e..2d8e2ca 100644 --- a/lib/pam_verror.c +++ b/lib/pam_verror.c @@ -58,3 +58,20 @@ pam_verror(pam_handle_t *pamh, free(rsp); /* ignore response */ return (r); } + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_verror function passes its arguments to =pam_vprompt with a + * =style argument of =PAM_ERROR_MSG, and discards the response. + * + * >pam_error + * >pam_vinfo + */ diff --git a/lib/pam_vinfo.c b/lib/pam_vinfo.c index 2484998..6cd4188 100644 --- a/lib/pam_vinfo.c +++ b/lib/pam_vinfo.c @@ -58,3 +58,20 @@ pam_vinfo(pam_handle_t *pamh, free(rsp); /* ignore response */ return (r); } + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_vinfo function passes its arguments to =pam_vprompt with a + * =style argument of =PAM_TEXT_INFO, and discards the response. + * + * >pam_info + * >pam_verror + */ diff --git a/lib/pam_vprompt.c b/lib/pam_vprompt.c index cea56c7..e5eba2e 100644 --- a/lib/pam_vprompt.c +++ b/lib/pam_vprompt.c @@ -77,3 +77,47 @@ pam_vprompt(pam_handle_t *pamh, free(rsp); return (r); } + +/* + * Error codes: + * + * !PAM_SYMBOL_ERR + * PAM_SYSTEM_ERR + * PAM_BUF_ERR + * PAM_CONV_ERR + */ + +/** + * The =pam_vprompt function constructs a string from the =fmt and =ap + * arguments using =vsnprintf, and passes it to the given PAM context's + * conversation function. + * + * The =style argument specifies the type of interaction requested, and + * must be one of the following: + * + * =PAM_PROMPT_ECHO_OFF: + * Display the message and obtain the user's response without + * displaying it. + * =PAM_PROMPT_ECHO_ON: + * Display the message and obtain the user's response. + * =PAM_ERROR_MSG: + * Display the message as an error message, and do not wait + * for a response. + * =PAM_TEXT_INFO: + * Display the message as an informational message, and do + * not wait for a response. + * + * A pointer to the response, or =NULL if the conversation function did + * not return one, is stored in the location pointed to by the =resp + * argument. + * + * The message and response should not exceed =PAM_MAX_MSG_SIZE or + * =PAM_MAX_RESP_SIZE, respectively. + * If they do, they may be truncated. + * + * >pam_error + * >pam_info + * >pam_prompt + * >pam_verror + * >pam_vinfo + */