Split the summar page in two (one for the standard API, one for
extensions). Also add a page about the conversation system, and remove that information from the pam_start page. Sponsored by: DARPA, NAI Labs git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@153 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
6caa430884
commit
f414e56812
6
MANIFEST
6
MANIFEST
|
@ -1,5 +1,5 @@
|
||||||
#
|
#
|
||||||
# $P4: //depot/projects/openpam/MANIFEST#10 $
|
# $P4: //depot/projects/openpam/MANIFEST#11 $
|
||||||
#
|
#
|
||||||
CREDITS
|
CREDITS
|
||||||
HISTORY
|
HISTORY
|
||||||
|
@ -15,6 +15,7 @@ bin/su/su.c
|
||||||
doc/Makefile
|
doc/Makefile
|
||||||
doc/man/Makefile
|
doc/man/Makefile
|
||||||
doc/man/openpam.3
|
doc/man/openpam.3
|
||||||
|
doc/man/openpam.man
|
||||||
doc/man/openpam_borrow_cred.3
|
doc/man/openpam_borrow_cred.3
|
||||||
doc/man/openpam_free_data.3
|
doc/man/openpam_free_data.3
|
||||||
doc/man/openpam_get_option.3
|
doc/man/openpam_get_option.3
|
||||||
|
@ -23,10 +24,13 @@ doc/man/openpam_nullconv.3
|
||||||
doc/man/openpam_restore_cred.3
|
doc/man/openpam_restore_cred.3
|
||||||
doc/man/openpam_set_option.3
|
doc/man/openpam_set_option.3
|
||||||
doc/man/openpam_ttyconv.3
|
doc/man/openpam_ttyconv.3
|
||||||
|
doc/man/pam.3
|
||||||
|
doc/man/pam.man
|
||||||
doc/man/pam_acct_mgmt.3
|
doc/man/pam_acct_mgmt.3
|
||||||
doc/man/pam_authenticate.3
|
doc/man/pam_authenticate.3
|
||||||
doc/man/pam_chauthtok.3
|
doc/man/pam_chauthtok.3
|
||||||
doc/man/pam_close_session.3
|
doc/man/pam_close_session.3
|
||||||
|
doc/man/pam_conv.3
|
||||||
doc/man/pam_end.3
|
doc/man/pam_end.3
|
||||||
doc/man/pam_error.3
|
doc/man/pam_error.3
|
||||||
doc/man/pam_get_authtok.3
|
doc/man/pam_get_authtok.3
|
||||||
|
|
105
doc/man/Makefile
105
doc/man/Makefile
|
@ -31,64 +31,75 @@
|
||||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
# SUCH DAMAGE.
|
# SUCH DAMAGE.
|
||||||
#
|
#
|
||||||
# $P4: //depot/projects/openpam/doc/man/Makefile#9 $
|
# $P4: //depot/projects/openpam/doc/man/Makefile#10 $
|
||||||
#
|
#
|
||||||
|
|
||||||
GENDOC = ${.CURDIR}/../../misc/gendoc.pl
|
GENDOC = ${.CURDIR}/../../misc/gendoc.pl
|
||||||
|
|
||||||
CMAN =
|
# Standard PAM API
|
||||||
CMAN += openpam_borrow_cred.3
|
PMAN =
|
||||||
CMAN += openpam_free_data.3
|
PMAN += pam_acct_mgmt.3
|
||||||
CMAN += openpam_get_option.3
|
PMAN += pam_authenticate.3
|
||||||
CMAN += openpam_log.3
|
PMAN += pam_chauthtok.3
|
||||||
CMAN += openpam_nullconv.3
|
PMAN += pam_close_session.3
|
||||||
CMAN += openpam_restore_cred.3
|
PMAN += pam_end.3
|
||||||
CMAN += openpam_set_option.3
|
PMAN += pam_get_data.3
|
||||||
CMAN += openpam_ttyconv.3
|
PMAN += pam_get_item.3
|
||||||
CMAN += pam_acct_mgmt.3
|
PMAN += pam_get_user.3
|
||||||
CMAN += pam_authenticate.3
|
PMAN += pam_getenv.3
|
||||||
CMAN += pam_chauthtok.3
|
PMAN += pam_getenvlist.3
|
||||||
CMAN += pam_close_session.3
|
PMAN += pam_open_session.3
|
||||||
CMAN += pam_end.3
|
PMAN += pam_putenv.3
|
||||||
CMAN += pam_error.3
|
PMAN += pam_set_data.3
|
||||||
CMAN += pam_get_authtok.3
|
PMAN += pam_set_item.3
|
||||||
CMAN += pam_get_data.3
|
PMAN += pam_setcred.3
|
||||||
CMAN += pam_get_item.3
|
PMAN += pam_start.3
|
||||||
CMAN += pam_get_user.3
|
PMAN += pam_strerror.3
|
||||||
CMAN += pam_getenv.3
|
|
||||||
CMAN += pam_getenvlist.3
|
|
||||||
CMAN += pam_info.3
|
|
||||||
CMAN += pam_open_session.3
|
|
||||||
CMAN += pam_prompt.3
|
|
||||||
CMAN += pam_putenv.3
|
|
||||||
CMAN += pam_set_data.3
|
|
||||||
CMAN += pam_set_item.3
|
|
||||||
CMAN += pam_setcred.3
|
|
||||||
CMAN += pam_setenv.3
|
|
||||||
CMAN += pam_sm_acct_mgmt.3
|
|
||||||
CMAN += pam_sm_authenticate.3
|
|
||||||
CMAN += pam_sm_chauthtok.3
|
|
||||||
CMAN += pam_sm_close_session.3
|
|
||||||
CMAN += pam_sm_open_session.3
|
|
||||||
CMAN += pam_sm_setcred.3
|
|
||||||
CMAN += pam_start.3
|
|
||||||
CMAN += pam_strerror.3
|
|
||||||
CMAN += pam_verror.3
|
|
||||||
CMAN += pam_vinfo.3
|
|
||||||
CMAN += pam_vprompt.3
|
|
||||||
|
|
||||||
MAN = ${CMAN}
|
# Standard module API
|
||||||
|
MMAN =
|
||||||
|
MMAN += pam_sm_acct_mgmt.3
|
||||||
|
MMAN += pam_sm_authenticate.3
|
||||||
|
MMAN += pam_sm_chauthtok.3
|
||||||
|
MMAN += pam_sm_close_session.3
|
||||||
|
MMAN += pam_sm_open_session.3
|
||||||
|
MMAN += pam_sm_setcred.3
|
||||||
|
|
||||||
|
# OpenPAM extensions
|
||||||
|
OMAN =
|
||||||
|
OMAN += openpam_borrow_cred.3
|
||||||
|
OMAN += openpam_free_data.3
|
||||||
|
OMAN += openpam_get_option.3
|
||||||
|
OMAN += openpam_log.3
|
||||||
|
OMAN += openpam_nullconv.3
|
||||||
|
OMAN += openpam_restore_cred.3
|
||||||
|
OMAN += openpam_set_option.3
|
||||||
|
OMAN += openpam_ttyconv.3
|
||||||
|
OMAN += pam_error.3
|
||||||
|
OMAN += pam_get_authtok.3
|
||||||
|
OMAN += pam_info.3
|
||||||
|
OMAN += pam_prompt.3
|
||||||
|
OMAN += pam_setenv.3
|
||||||
|
OMAN += pam_verror.3
|
||||||
|
OMAN += pam_vinfo.3
|
||||||
|
OMAN += pam_vprompt.3
|
||||||
|
|
||||||
|
MAN = ${PMAN} ${OMAN} ${MMAN}
|
||||||
MAN += openpam.3
|
MAN += openpam.3
|
||||||
MLINKS = openpam.3 pam.3
|
MAN += pam.3
|
||||||
|
MAN += pam_conv.3
|
||||||
|
|
||||||
CLEANFILES += ${CMAN} openpam.3
|
CLEANFILES += ${PMAN} ${OMAN} ${MMAN} openpam.3 pam.3
|
||||||
|
|
||||||
.for man in ${CMAN}
|
.for man in ${PMAN} ${OMAN} ${MMAN}
|
||||||
${man}: ${.CURDIR}/../../lib/${man:R}.c ${GENDOC}
|
${man}: ${.CURDIR}/../../lib/${man:R}.c ${GENDOC}
|
||||||
perl -w ${GENDOC} ${.CURDIR}/../../lib/${man:R}.c
|
perl -w ${GENDOC} ${.CURDIR}/../../lib/${man:R}.c
|
||||||
.endfor
|
.endfor
|
||||||
|
|
||||||
openpam.3: ${CMAN} ${GENDOC}
|
openpam.3: ${OMAN} ${GENDOC} openpam.man
|
||||||
perl -w ${GENDOC} -s ${CMAN}
|
perl -w ${GENDOC} -o ${OMAN} <${.CURDIR}/openpam.man
|
||||||
|
|
||||||
|
pam.3: ${PMAN} ${GENDOC} pam.man
|
||||||
|
perl -w ${GENDOC} -p ${PMAN} <${.CURDIR}/pam.man
|
||||||
|
|
||||||
.include <bsd.prog.mk>
|
.include <bsd.prog.mk>
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
.\"
|
||||||
|
.\" $P4: //depot/projects/openpam/doc/man/openpam.man#1 $
|
||||||
|
.\"
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
These functions are OpenPAM extensions to the PAM API. Those named
|
||||||
|
.Fn pam_*
|
||||||
|
are, in the author's opinion, logical and necessary extensions to the
|
||||||
|
standard API, while those named
|
||||||
|
.Fn openpam_*
|
||||||
|
are either simple convenience functions, or functions intimately tied
|
||||||
|
to OpenPAM implementation details, and therefore not well suited to
|
||||||
|
standardization.
|
|
@ -0,0 +1,98 @@
|
||||||
|
.\"
|
||||||
|
.\" $P4: //depot/projects/openpam/doc/man/pam.man#1 $
|
||||||
|
.\"
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
The Pluggable Authentication Modules (PAM) library abstracts a number
|
||||||
|
of common authentication-related operations and provides a framework
|
||||||
|
for dynamically loaded modules that implement these operations in
|
||||||
|
various ways.
|
||||||
|
.Ss Terminology
|
||||||
|
In PAM parlance, the application that uses PAM to authenticate a user
|
||||||
|
is the server, and is identified for configuration purposes by a
|
||||||
|
service name, which is often (but not necessarily) the program name.
|
||||||
|
.Pp
|
||||||
|
The user requesting authentication is called the applicant, while the
|
||||||
|
user (usually, root) charged with verifying his identity and granting
|
||||||
|
him the requested credentials is called the arbitrator.
|
||||||
|
.Pp
|
||||||
|
The sequence of operations the server goes through to authenticate a
|
||||||
|
user and perform whatever task he requested is a PAM transaction; the
|
||||||
|
context within which the server performs the requested task is called
|
||||||
|
a session.
|
||||||
|
.Pp
|
||||||
|
The functionality embodied by PAM is divided into six primitives
|
||||||
|
grouped into four facilities: authentication, account management,
|
||||||
|
session management and password management.
|
||||||
|
.Ss Conversation
|
||||||
|
The PAM library expects the application to provide a conversation
|
||||||
|
callback which it can use to communicate with the user.
|
||||||
|
Some modules may use specialized conversation functions to communicate
|
||||||
|
with special hardware such as cryptographic dongles or biometric
|
||||||
|
devices.
|
||||||
|
See
|
||||||
|
.Xr pam_conv 3
|
||||||
|
for details.
|
||||||
|
.Ss Initialization And Cleanup
|
||||||
|
The
|
||||||
|
.Fn pam_start
|
||||||
|
function initializes the PAM library and returns a handle which must
|
||||||
|
be provided in all subsequent function calls.
|
||||||
|
The transaction state is contained entirely within the structure
|
||||||
|
identified by this handle, so it is possible to conduct multiple
|
||||||
|
transactions in parallel.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn pam_end
|
||||||
|
function releases all resources associated with the specified context,
|
||||||
|
and can be called at any time to terminate a PAM transaction.
|
||||||
|
.Ss Storage
|
||||||
|
The
|
||||||
|
.Fn pam_set_item
|
||||||
|
and
|
||||||
|
.Fn pam_get_item
|
||||||
|
functions set and retrieve a number of predefined items, including the
|
||||||
|
service name, the names of the requesting and target users, the
|
||||||
|
conversation function, and prompts.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn pam_set_data
|
||||||
|
and
|
||||||
|
.Fn pam_get_data
|
||||||
|
manage named chunks of free-form data, generally used by modules to
|
||||||
|
store state from one invocation to another.
|
||||||
|
.Ss Authentication
|
||||||
|
There are two authentication primitives:
|
||||||
|
.Fn pam_authenticate
|
||||||
|
and
|
||||||
|
.Fn pam_setcred .
|
||||||
|
The former authenticates the user, while the latter manages his
|
||||||
|
credentials.
|
||||||
|
.Ss Account Management
|
||||||
|
The
|
||||||
|
.Fn pam_acct_mgmt
|
||||||
|
function enforces policies such as password expiry, account expiry,
|
||||||
|
time-of-day restrictions, and so forth.
|
||||||
|
.Ss Session Management
|
||||||
|
The
|
||||||
|
.Fn pam_open_session
|
||||||
|
and
|
||||||
|
.Fn pam_close_session
|
||||||
|
handle session setup and teardown.
|
||||||
|
.Ss Password Management
|
||||||
|
The
|
||||||
|
.Fn pam_chauthtok
|
||||||
|
function allows the server to change the user's password, either at
|
||||||
|
the user's request or because the password has expired.
|
||||||
|
.Ss Miscellaneous
|
||||||
|
The
|
||||||
|
.Fn pam_putenv ,
|
||||||
|
.Fn pam_getenv
|
||||||
|
and
|
||||||
|
.Fn pam_getenvlist
|
||||||
|
manage a private environment list in which modules can set environment
|
||||||
|
variables they want the server to export during the session.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Fn pam_strerror
|
||||||
|
function returns a pointer to a string describing a the specified PAM
|
||||||
|
error code.
|
|
@ -0,0 +1,182 @@
|
||||||
|
.\"-
|
||||||
|
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
|
||||||
|
.\" All rights reserved.
|
||||||
|
.\"
|
||||||
|
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
|
||||||
|
.\" NAI Labs, the Security Research Division of Network Associates, Inc.
|
||||||
|
.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
|
||||||
|
.\" DARPA CHATS research program.
|
||||||
|
.\"
|
||||||
|
.\" Redistribution and use in source and binary forms, with or without
|
||||||
|
.\" modification, are permitted provided that the following conditions
|
||||||
|
.\" are met:
|
||||||
|
.\" 1. Redistributions of source code must retain the above copyright
|
||||||
|
.\" notice, this list of conditions and the following disclaimer.
|
||||||
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
.\" notice, this list of conditions and the following disclaimer in the
|
||||||
|
.\" documentation and/or other materials provided with the distribution.
|
||||||
|
.\" 3. The name of the author may not be used to endorse or promote
|
||||||
|
.\" products derived from this software without specific prior written
|
||||||
|
.\" permission.
|
||||||
|
.\"
|
||||||
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||||
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||||
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||||
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||||
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||||
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
|
.\" SUCH DAMAGE.
|
||||||
|
.\"
|
||||||
|
.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#1 $
|
||||||
|
.\"
|
||||||
|
.Dd May 27, 2002
|
||||||
|
.Dt PAM_CONV 3
|
||||||
|
.Os
|
||||||
|
.Sh NAME
|
||||||
|
.Nm pam_conv
|
||||||
|
.Nd PAM conversation system
|
||||||
|
.Sh LIBRARY
|
||||||
|
.Lb libpam
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
.In security/pam_appl.h
|
||||||
|
.Bd -literal
|
||||||
|
struct pam_message {
|
||||||
|
int msg_style;
|
||||||
|
char *msg;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct pam_response {
|
||||||
|
char *resp;
|
||||||
|
int resp_retcode;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct pam_conv {
|
||||||
|
int (*conv)(int, const struct pam_message **,
|
||||||
|
struct pam_response **, void *);
|
||||||
|
void *appdata_ptr;
|
||||||
|
};
|
||||||
|
.Ed
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
The PAM library uses an application-defined callback to communicate
|
||||||
|
with the user.
|
||||||
|
This callback is specified by the
|
||||||
|
.Vt struct pam_conv
|
||||||
|
passed to
|
||||||
|
.Fn pam_start
|
||||||
|
at the start of the transaction.
|
||||||
|
It is also possible to set or change the conversation function at any
|
||||||
|
point during a PAM transaction by changing the value of the
|
||||||
|
.Dv PAM_CONV
|
||||||
|
item.
|
||||||
|
.Pp
|
||||||
|
The conversation function's first argument specifies the number of
|
||||||
|
messages (up to
|
||||||
|
.Dv PAM_NUM_MSG )
|
||||||
|
to process.
|
||||||
|
The second argument is a pointer to a contiguous array of
|
||||||
|
.Vt struct pam_message
|
||||||
|
containing the actual messages.
|
||||||
|
.Pp
|
||||||
|
Each message can have one of four types, specified by the
|
||||||
|
.Va msg_style
|
||||||
|
member of
|
||||||
|
.Vt struct pam_message :
|
||||||
|
.Bl -tag -width 18n
|
||||||
|
.It Dv PAM_PROMPT_ECHO_OFF
|
||||||
|
Display a prompt and accept the user's response without echoing it to
|
||||||
|
the terminal.
|
||||||
|
This is commonly used for passwords.
|
||||||
|
.It Dv PAM_PROMPT_ECHO_ON
|
||||||
|
Display a prompt and accept the user's response, echoing it to the
|
||||||
|
terminal.
|
||||||
|
This is commonly used for login names and one-time passphrases.
|
||||||
|
.It Dv PAM_ERROR_MSG
|
||||||
|
Display an error message.
|
||||||
|
.It Dv PAM_TEXT_INFO
|
||||||
|
Display an informational message.
|
||||||
|
.El
|
||||||
|
.Pp
|
||||||
|
In each case, the prompt or message to display is pointed to by the
|
||||||
|
.Va msg
|
||||||
|
member of
|
||||||
|
.Vt struct pam_message .
|
||||||
|
It can be up to
|
||||||
|
.Dv PAM_MAX_MSG_SIZE
|
||||||
|
characters long, including the terminating NUL.
|
||||||
|
.Pp
|
||||||
|
On success, the conversation function should allocate and fill a
|
||||||
|
contiguous array of
|
||||||
|
.Vt struct pam_response ,
|
||||||
|
one for each message that was passed in.
|
||||||
|
A pointer to the user's response to each message (or
|
||||||
|
.Dv NULL
|
||||||
|
in the case of informational or error messages) should be stored in
|
||||||
|
the
|
||||||
|
.Va resp
|
||||||
|
member of the corresponding
|
||||||
|
.Vt struct pam_response .
|
||||||
|
Each response can be up to
|
||||||
|
.Dv PAM_MAX_RESP_SIZE
|
||||||
|
characters long, including the terminating NUL.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Va resp_retcode
|
||||||
|
member of
|
||||||
|
.Vt struct pam_response
|
||||||
|
is unused and should be set to zero.
|
||||||
|
.Pp
|
||||||
|
The conversation function should store a pointer to this array in the
|
||||||
|
location pointed to by its third argument.
|
||||||
|
It is the caller's responsibility to release both this array and the
|
||||||
|
responses themselves, using
|
||||||
|
.Xr free 3 .
|
||||||
|
It is the conversation function's responsibility to ensure that it is
|
||||||
|
legal to do so.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Va appdata_ptr
|
||||||
|
member of
|
||||||
|
.Vt struct pam_conv
|
||||||
|
is passed unmodified to the conversation function as its fourth and
|
||||||
|
final argument.
|
||||||
|
.Pp
|
||||||
|
On failure, the conversation function should release any resources it
|
||||||
|
has allocated, and return one of the predefined PAM error codes.
|
||||||
|
.Sh RETURN VALUES
|
||||||
|
The conversation function should return one of the following values:
|
||||||
|
.Bl -tag -width 18n
|
||||||
|
.It Bq Er PAM_BUF_ERR
|
||||||
|
Memory buffer error.
|
||||||
|
.It Bq Er PAM_CONV_ERR
|
||||||
|
Conversation failure.
|
||||||
|
.It Bq Er PAM_SUCCESS
|
||||||
|
Success.
|
||||||
|
.It Bq Er PAM_SYSTEM_ERR
|
||||||
|
System error.
|
||||||
|
.El
|
||||||
|
.Sh SEE ALSO
|
||||||
|
.Xr openpam_ttyconv 3 ,
|
||||||
|
.Xr openpam_nullconv 3 ,
|
||||||
|
.Xr pam 3 ,
|
||||||
|
.Xr pam_error 3 ,
|
||||||
|
.Xr pam_get_item 3 ,
|
||||||
|
.Xr pam_info 3 ,
|
||||||
|
.Xr pam_prompt 3 ,
|
||||||
|
.Xr pam_set_item 3 ,
|
||||||
|
.Xr pam_start 3
|
||||||
|
.Sh STANDARDS
|
||||||
|
.Rs
|
||||||
|
.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
|
||||||
|
.%D "June 1997"
|
||||||
|
.Re
|
||||||
|
.Sh AUTHORS
|
||||||
|
The OpenPAM library and this manual page were developed for the
|
||||||
|
FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
|
||||||
|
Division of Network Associates, Inc. under DARPA/SPAWAR contract
|
||||||
|
N66001-01-C-8035
|
||||||
|
.Pq Dq CBOSS ,
|
||||||
|
as part of the DARPA CHATS research program.
|
|
@ -31,7 +31,7 @@
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/openpam/lib/pam_start.c#14 $
|
* $P4: //depot/projects/openpam/lib/pam_start.c#15 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
@ -98,14 +98,7 @@ pam_start(const char *service,
|
||||||
* It is stored in the =PAM_USER item in the created context.
|
* It is stored in the =PAM_USER item in the created context.
|
||||||
*
|
*
|
||||||
* The =pam_conv argument points to a =struct pam_conv describing the
|
* The =pam_conv argument points to a =struct pam_conv describing the
|
||||||
* conversation function to use.
|
* conversation function to use; see =pam_conv for details.
|
||||||
* This structure is defined as follows:
|
|
||||||
*
|
|
||||||
* struct pam_conv {
|
|
||||||
* int (*conv)(int, const struct pam_message **,
|
|
||||||
* struct pam_response **, void *);
|
|
||||||
* void *appdata_ptr;
|
|
||||||
* };
|
|
||||||
*
|
*
|
||||||
* >pam_get_item
|
* >pam_get_item
|
||||||
* >pam_set_item
|
* >pam_set_item
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
# SUCH DAMAGE.
|
# SUCH DAMAGE.
|
||||||
#
|
#
|
||||||
# $P4: //depot/projects/openpam/misc/gendoc.pl#15 $
|
# $P4: //depot/projects/openpam/misc/gendoc.pl#16 $
|
||||||
#
|
#
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
@ -455,51 +455,77 @@ sub readproto($) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub gensummary() {
|
sub gensummary($) {
|
||||||
|
my $page = shift; # Which page to produce
|
||||||
|
|
||||||
local *FILE;
|
local *FILE;
|
||||||
|
my $upage;
|
||||||
my $func;
|
my $func;
|
||||||
|
my %xref;
|
||||||
|
|
||||||
sysopen(FILE, "openpam.3", O_RDWR|O_CREAT|O_TRUNC)
|
sysopen(FILE, "$page.3", O_RDWR|O_CREAT|O_TRUNC)
|
||||||
or die("openpam.3: $!\n");
|
or die("$page.3: $!\n");
|
||||||
|
|
||||||
|
$upage = uc($page);
|
||||||
print FILE "$COPYRIGHT
|
print FILE "$COPYRIGHT
|
||||||
.Dd $TODAY
|
.Dd $TODAY
|
||||||
.Dt PAM 3
|
.Dt $upage 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
";
|
";
|
||||||
foreach $func (sort(keys(%FUNCTIONS))) {
|
my @funcs = sort(keys(%FUNCTIONS));
|
||||||
print FILE ".Nm $FUNCTIONS{$func}->{'Nm'}\n";
|
while ($func = shift(@funcs)) {
|
||||||
|
print FILE ".Nm $FUNCTIONS{$func}->{'Nm'}";
|
||||||
|
print FILE " ,"
|
||||||
|
if (@funcs);
|
||||||
|
print FILE "\n";
|
||||||
}
|
}
|
||||||
print FILE ".Nd Pluggable Authentication Modules Library
|
print FILE ".Nd Pluggable Authentication Modules Library
|
||||||
.Sh LIBRARY
|
.Sh LIBRARY
|
||||||
.Lb libpam
|
.Lb libpam
|
||||||
.Sh SYNOPSIS
|
.Sh SYNOPSIS\n";
|
||||||
.In security/pam_appl.h
|
if ($page eq 'pam') {
|
||||||
";
|
print FILE ".In security/pam_appl.h\n";
|
||||||
|
} else {
|
||||||
|
print FILE ".In security/openpam.h\n";
|
||||||
|
}
|
||||||
foreach $func (sort(keys(%FUNCTIONS))) {
|
foreach $func (sort(keys(%FUNCTIONS))) {
|
||||||
print FILE ".Ft $FUNCTIONS{$func}->{'Ft'}\n";
|
print FILE ".Ft $FUNCTIONS{$func}->{'Ft'}\n";
|
||||||
print FILE ".Fn $FUNCTIONS{$func}->{'Fn'}\n";
|
print FILE ".Fn $FUNCTIONS{$func}->{'Fn'}\n";
|
||||||
}
|
}
|
||||||
print FILE ".Sh DESCRIPTION
|
while (<STDIN>) {
|
||||||
.Sh RETURN VALUES
|
if (m/^\.Xr (\S+)\s*(\d)\s*$/) {
|
||||||
The following return codes are defined in the
|
$xref{$1} = $2;
|
||||||
.In security/pam_constants.h
|
}
|
||||||
header:
|
print FILE $_;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($page eq 'pam') {
|
||||||
|
print FILE ".Sh RETURN VALUES
|
||||||
|
The following return codes are defined by
|
||||||
|
.Aq Pa security/pam_constants.h :
|
||||||
.Bl -tag -width 18n
|
.Bl -tag -width 18n
|
||||||
";
|
";
|
||||||
foreach (sort(keys(%PAMERR))) {
|
foreach (sort(keys(%PAMERR))) {
|
||||||
print FILE ".It Bq Er $_\n$PAMERR{$_}.\n";
|
print FILE ".It Bq Er $_\n$PAMERR{$_}.\n";
|
||||||
|
}
|
||||||
|
print FILE ".El\n";
|
||||||
}
|
}
|
||||||
print FILE ".El
|
print FILE ".Sh SEE ALSO
|
||||||
.Sh SEE ALSO
|
|
||||||
";
|
";
|
||||||
foreach $func (sort(keys(%FUNCTIONS))) {
|
print FILE ".Xr openpam 3\n"
|
||||||
print FILE ".Xr $func 3 ,\n";
|
if ($page eq 'pam');
|
||||||
|
foreach $func (keys(%FUNCTIONS)) {
|
||||||
|
$xref{$func} = 3;
|
||||||
}
|
}
|
||||||
print FILE ".Xr pam.conf 5
|
my @refs = sort(keys(%xref));
|
||||||
.Sh STANDARDS
|
while ($_ = shift(@refs)) {
|
||||||
|
print FILE ".Xr $_ $xref{$_}";
|
||||||
|
print FILE " ,"
|
||||||
|
if (@refs);
|
||||||
|
print FILE "\n";
|
||||||
|
}
|
||||||
|
print FILE ".Sh STANDARDS
|
||||||
.Rs
|
.Rs
|
||||||
.%T \"X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules\"
|
.%T \"X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules\"
|
||||||
.%D \"June 1997\"
|
.%D \"June 1997\"
|
||||||
|
@ -525,14 +551,17 @@ MAIN:{
|
||||||
my %opts;
|
my %opts;
|
||||||
|
|
||||||
usage()
|
usage()
|
||||||
unless (@ARGV && getopts("s", \%opts));
|
unless (@ARGV && getopts("op", \%opts));
|
||||||
$TODAY = strftime("%B %e, %Y", localtime(time()));
|
$TODAY = strftime("%B %e, %Y", localtime(time()));
|
||||||
$TODAY =~ s,\s+, ,g;
|
$TODAY =~ s,\s+, ,g;
|
||||||
if ($opts{'s'}) {
|
if ($opts{'o'} || $opts{'p'}) {
|
||||||
foreach my $fn (@ARGV) {
|
foreach my $fn (@ARGV) {
|
||||||
readproto($fn);
|
readproto($fn);
|
||||||
}
|
}
|
||||||
gensummary();
|
gensummary('openpam')
|
||||||
|
if ($opts{'o'});
|
||||||
|
gensummary('pam')
|
||||||
|
if ($opts{'p'});
|
||||||
} else {
|
} else {
|
||||||
foreach my $fn (@ARGV) {
|
foreach my $fn (@ARGV) {
|
||||||
my $func = parse_source($fn);
|
my $func = parse_source($fn);
|
||||||
|
|
Loading…
Reference in New Issue