From 632dffe99cc8e3aefb4410aec2a3091df48a6f46 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 6 Dec 2007 20:20:07 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2007-12-06 Eamon Walsh * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n() macro. * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY, PAM_XAUTHDATA items, pam_xauth_data struct. * libpam/pam_item.c (pam_set_item, pam_get_item): Handle PAM_XDISPLAY and PAM_XAUTHDATA items. * libpam/pam_end.c (pam_end): Destroy the new items. * libpam/pam_private.h (pam_handle): Add data members for new items. Add prototype for _pam_memdup. * libpam/pam_misc.c: Add _pam_memdup. * doc/man/Makefile.am: Add pam_xauth_data.3. Replace pam_item_types.inc.xml with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. * doc/man/pam_set_item.3.xml: Likewise. * doc/man/pam_item_types.inc.xml: Removed file. * doc/man/pam_item_types_ext.inc.xml: New file. * doc/man/pam_item_types_std.inc.xml: New file. --- doc/man/Makefile.am | 10 +-- doc/man/pam_get_item.3.xml | 13 +++- doc/man/pam_item_types.inc.xml | 151 ------------------------------------- doc/man/pam_item_types_ext.inc.xml | 45 +++++++++++ doc/man/pam_item_types_std.inc.xml | 138 +++++++++++++++++++++++++++++++++ doc/man/pam_set_item.3.xml | 13 +++- 6 files changed, 210 insertions(+), 160 deletions(-) delete mode 100644 doc/man/pam_item_types.inc.xml create mode 100644 doc/man/pam_item_types_ext.inc.xml create mode 100644 doc/man/pam_item_types_std.inc.xml (limited to 'doc/man') diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index 7d17a439..926f1ae5 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -10,7 +10,7 @@ man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ pam_acct_mgmt.3 pam_authenticate.3 \ pam_chauthtok.3 pam_close_session.3 pam_conv.3 \ pam_end.3 pam_error.3 \ - pam_fail_delay.3 \ + pam_fail_delay.3 pam_xauth_data.3 \ pam_get_data.3 pam_get_item.3 pam_get_user.3 pam_getenv.3 \ pam_getenvlist.3 \ pam_info.3 \ @@ -27,7 +27,7 @@ XMLS = pam.3.xml pam.8.xml \ pam_acct_mgmt.3.xml pam_authenticate.3.xml \ pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \ pam_end.3.xml pam_error.3.xml \ - pam_fail_delay.3.xml \ + pam_fail_delay.3.xml pam_xauth_data.3 \ pam_get_data.3.xml pam_get_item.3.xml pam_get_user.3.xml \ pam_getenv.3.xml pam_getenvlist.3.xml \ pam_info.3.xml \ @@ -38,14 +38,14 @@ XMLS = pam.3.xml pam.8.xml \ pam_sm_close_session.3.xml pam_sm_open_session.3.xml \ pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \ pam_sm_chauthtok.3.xml \ - pam_item_types.inc.xml \ + pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ pam_misc_setenv.3.xml if ENABLE_REGENERATE_MAN -pam_get_item.3: pam_item_types.inc.xml -pam_set_data.3: pam_item_types.inc.xml +pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml +pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml -include $(top_srcdir)/Make.xml.rules endif diff --git a/doc/man/pam_get_item.3.xml b/doc/man/pam_get_item.3.xml index e5806d11..d07862e0 100644 --- a/doc/man/pam_get_item.3.xml +++ b/doc/man/pam_get_item.3.xml @@ -3,7 +3,8 @@ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [ ]> @@ -55,7 +56,15 @@ + href="pam_item_types_std.inc.xml"/> + + + The following additional items are specific to Linux-PAM and should not be used in + portable applications: + + + If a service module wishes to obtain the name of the user, diff --git a/doc/man/pam_item_types.inc.xml b/doc/man/pam_item_types.inc.xml deleted file mode 100644 index 9d70087b..00000000 --- a/doc/man/pam_item_types.inc.xml +++ /dev/null @@ -1,151 +0,0 @@ - - - - - PAM_SERVICE - - - The service name (which identifies that PAM stack that - the PAM functions will use to authenticate the program). - - - - - - PAM_USER - - - The username of the entity under whose identity service - will be given. That is, following authentication, - PAM_USER identifies the local entity - that gets to use the service. Note, this value can be mapped - from something (eg., "anonymous") to something else (eg. - "guest119") by any module in the PAM stack. As such an - application should consult the value of - PAM_USER after each call to a PAM function. - - - - - - PAM_USER_PROMPT - - - The string used when prompting for a user's name. The default - value for this string is a localized version of "login: ". - - - - - - PAM_TTY - - - The terminal name: prefixed by /dev/ if - it is a device file; for graphical, X-based, applications the - value for this item should be the - $DISPLAY variable. - - - - - - PAM_RUSER - - - The requesting user name: local name for a locally - requesting user or a remote user name for a remote - requesting user. - - - Generally an application or module will attempt to supply - the value that is most strongly authenticated (a local account - before a remote one. The level of trust in this value is - embodied in the actual authentication stack associated with - the application, so it is ultimately at the discretion of the - system administrator. - - - PAM_RUSER@PAM_RHOST should always identify - the requesting user. In some cases, - PAM_RUSER may be NULL. In such situations, - it is unclear who the requesting entity is. - - - - - - PAM_RHOST - - - The requesting hostname (the hostname of the machine from - which the PAM_RUSER entity is requesting - service). That is PAM_RUSER@PAM_RHOST - does identify the requesting user. In some applications, - PAM_RHOST may be NULL. In such situations, - it is unclear where the authentication request is originating - from. - - - - - - PAM_AUTHTOK - - - The authentication token (often a password). This token - should be ignored by all module functions besides - - pam_sm_authenticate3 - and - - pam_sm_chauthtok3 - . - In the former function it is used to pass the most recent - authentication token from one stacked module to another. In - the latter function the token is used for another purpose. - It contains the currently active authentication token. - - - - - - PAM_OLDAUTHTOK - - - The old authentication token. This token should be ignored - by all module functions except - - pam_sm_chauthtok3 - . - - - - - - - PAM_CONV - - - The pam_conv structure. See - - pam_conv3 - . - - - - - - PAM_FAIL_DELAY - - - A function pointer to redirect centrally managed - failure delays. See - - pam_fail_delay3 - . - - - - - diff --git a/doc/man/pam_item_types_ext.inc.xml b/doc/man/pam_item_types_ext.inc.xml new file mode 100644 index 00000000..0c72f699 --- /dev/null +++ b/doc/man/pam_item_types_ext.inc.xml @@ -0,0 +1,45 @@ + + + + + PAM_FAIL_DELAY + + + A function pointer to redirect centrally managed + failure delays. See + + pam_fail_delay3 + . + + + + + + PAM_XDISPLAY + + + The name of the X display. For graphical, X-based applications the + value for this item should be the $DISPLAY + variable. This value should be used instead of + PAM_TTY for passing the + name of the display where possible. + + + + + + PAM_XAUTHDATA + + + A pointer to a structure containing the X authentication data + required to make a connection to the display specified by + PAM_XDISPLAY, if such information is + necessary. See + + pam_xauth_data3 + . + + + + + diff --git a/doc/man/pam_item_types_std.inc.xml b/doc/man/pam_item_types_std.inc.xml new file mode 100644 index 00000000..81f240b0 --- /dev/null +++ b/doc/man/pam_item_types_std.inc.xml @@ -0,0 +1,138 @@ + + + + + PAM_SERVICE + + + The service name (which identifies that PAM stack that + the PAM functions will use to authenticate the program). + + + + + + PAM_USER + + + The username of the entity under whose identity service + will be given. That is, following authentication, + PAM_USER identifies the local entity + that gets to use the service. Note, this value can be mapped + from something (eg., "anonymous") to something else (eg. + "guest119") by any module in the PAM stack. As such an + application should consult the value of + PAM_USER after each call to a PAM function. + + + + + + PAM_USER_PROMPT + + + The string used when prompting for a user's name. The default + value for this string is a localized version of "login: ". + + + + + + PAM_TTY + + + The terminal name: prefixed by /dev/ if + it is a device file; for graphical, X-based, applications the + value for this item should be the + $DISPLAY variable. + + + + + + PAM_RUSER + + + The requesting user name: local name for a locally + requesting user or a remote user name for a remote + requesting user. + + + Generally an application or module will attempt to supply + the value that is most strongly authenticated (a local account + before a remote one. The level of trust in this value is + embodied in the actual authentication stack associated with + the application, so it is ultimately at the discretion of the + system administrator. + + + PAM_RUSER@PAM_RHOST should always identify + the requesting user. In some cases, + PAM_RUSER may be NULL. In such situations, + it is unclear who the requesting entity is. + + + + + + PAM_RHOST + + + The requesting hostname (the hostname of the machine from + which the PAM_RUSER entity is requesting + service). That is PAM_RUSER@PAM_RHOST + does identify the requesting user. In some applications, + PAM_RHOST may be NULL. In such situations, + it is unclear where the authentication request is originating + from. + + + + + + PAM_AUTHTOK + + + The authentication token (often a password). This token + should be ignored by all module functions besides + + pam_sm_authenticate3 + and + + pam_sm_chauthtok3 + . + In the former function it is used to pass the most recent + authentication token from one stacked module to another. In + the latter function the token is used for another purpose. + It contains the currently active authentication token. + + + + + + PAM_OLDAUTHTOK + + + The old authentication token. This token should be ignored + by all module functions except + + pam_sm_chauthtok3 + . + + + + + + + PAM_CONV + + + The pam_conv structure. See + + pam_conv3 + . + + + + + diff --git a/doc/man/pam_set_item.3.xml b/doc/man/pam_set_item.3.xml index cbac8413..39758313 100644 --- a/doc/man/pam_set_item.3.xml +++ b/doc/man/pam_set_item.3.xml @@ -3,7 +3,8 @@ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [ ]> @@ -52,7 +53,15 @@ + href="pam_item_types_std.inc.xml"/> + + + The following additional items are specific to Linux-PAM and should not be used in + portable applications: + + + For all item_types, other than PAM_CONV and -- cgit v1.2.3