Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------

2006-06-28  Thorsten Kukuk  <kukuk@thkukuk.de>

        * doc/mwg: Application Developers Guide as XML source.
        * doc/mwg/Makefile.am: New.
        * doc/mwg/Linux-PAM_MWG.xml: New, main XML document.
        * doc/mwg/pam_*.xml: New, wrappers to include manual pages.

1 files changed, 397 insertions, 0 deletions

diff --git a/doc/mwg/Linux-PAM_MWG.xml b/doc/mwg/Linux-PAM_MWG.xml
new file mode 100644
index 00000000..fc4831a2
--- /dev/null
+++ b/doc/mwg/Linux-PAM_MWG.xml
@@ -0,0 +1,397 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+<book>
+  <bookinfo>
+    <title>The Linux-PAM Module Writers' Guide</title>
+    <authorgroup>
+      <author>
+        <firstname>Andrew G.</firstname>
+        <surname>Morgan</surname>
+        <email>morgan@kernel.org</email>
+      </author>
+      <author>
+        <firstname>Thorsten</firstname>
+        <surname>Kukuk</surname>
+        <email>kukuk@thkukuk.de</email>
+      </author>
+    </authorgroup>
+    <releaseinfo>Version 0.99, 26. June 2006</releaseinfo>
+    <abstract>
+      <para>
+        This manual documents what a programmer needs to know in order
+        to write a module that conforms to the
+        <emphasis remap='B'>Linux-PAM</emphasis> standard.It also
+        discusses some security issues from the point of view of the
+        module programmer.
+      </para>
+    </abstract>
+  </bookinfo>
+
+  <chapter id="mwg-introduction">
+    <title>Introduction</title>
+    <section id="mwg-introduction-description">
+      <title>Description</title>
+      <para>
+        <emphasis remap='B'>Linux-PAM</emphasis> (Pluggable Authentication
+        Modules for Linux) is a library that enables the local system
+        administrator to choose how individual applications authenticate
+        users. For an overview of the
+        <emphasis remap='B'>Linux-PAM</emphasis> library see the
+        <emphasis>Linux-PAM System Administrators' Guide</emphasis>.
+      </para>
+      <para>
+        A <emphasis remap='B'>Linux-PAM</emphasis> module is a single
+        executable binary file that can be loaded by the
+        <emphasis remap='B'>Linux-PAM</emphasis> interface library.
+        This PAM library is configured locally with a system file,
+        <filename>/etc/pam.conf</filename>, to authenticate a user
+        request via the locally available authentication modules. The
+        modules themselves will usually be located in the directory
+        <filename>/lib/security</filename> (or
+        <filename>/lib64/security</filename>, depending on the architecture)
+        and take the form of dynamically loadable object files (see
+        <citerefentry>
+          <refentrytitle>dlopen</refentrytitle><manvolnum>3</manvolnum>
+        </citerefentry>. Alternatively, the modules can be statically
+        linked into the <emphasis remap='B'>Linux-PAM</emphasis> library;
+        this is mostly to allow <emphasis remap='B'>Linux-PAM</emphasis> to
+        be used on platforms without dynamic linking available, but this is
+        a <emphasis>deprecated</emphasis> functionality. It is the
+        <emphasis remap='B'>Linux-PAM</emphasis> interface that is called
+        by an application and it is the responsibility of the library to
+        locate, load and call the appropriate functions in a
+        <emphasis remap='B'>Linux-PAM</emphasis>-module.
+      </para>
+      <para>
+        Except for the immediate purpose of interacting with the user
+        (entering a password etc..) the module should never call the
+        application directly. This exception requires a "conversation
+        mechanism" which is documented below.
+      </para>
+    </section>
+
+    <section id="mwg-introducton-synopsis">
+      <title>Synopsis</title>
+      <programlisting>
+#include &lt;security/pam_modules.h&gt;
+
+gcc -fPIC -c pam_module.c
+gcc -shared -o pam_module.so pam_module.o -lpam
+      </programlisting>
+    </section>
+  </chapter>
+
+  <chapter id="mwg-expected-by-module">
+    <title>What can be expected by the module</title>
+    <para>
+      Here we list the interface that the conventions that all
+      <emphasis remap='B'>Linux-PAM</emphasis> modules must adhere to.
+    </para>
+    <section id="mwg-expected-by-module-item">
+      <title>
+        Getting and setting <emphasis>PAM_ITEM</emphasis>s and
+        <emphasis>data</emphasis>
+      </title>
+      <para>
+        First, we cover what the module should expect from the
+        <emphasis remap='B'>Linux-PAM</emphasis> library and a
+        <emphasis remap='B'>Linux-PAM</emphasis> aware application.
+        Essesntially this is the <filename>libpam.*</filename> library.
+      </para>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_set_data.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_get_data.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_set_item.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_get_item.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_get_user.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_conv.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_putenv.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_getenv.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_getenvlist.xml"/>
+    </section>
+    <section id="mwg-expected-by-module-other">
+      <title>
+        Other functions provided by <filename>libpam</filename>
+      </title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_strerror.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_fail_delay.xml"/>
+    </section>
+  </chapter>
+
+  <chapter id="mwg-expected-of-module">
+    <title>What is expected of a module</title>
+    <para>
+      The module must supply a sub-set of the six functions listed
+      below. Together they define the function of a
+      <emphasis remap='B'>Linux-PAM module</emphasis>. Module developers
+      are strongly urged to read the comments on security that follow
+      this list.
+    </para>
+    <section id="mwg-expected-of-module-overview">
+      <title>Overview</title>
+      <para>
+        The six module functions are grouped into four independent
+        management groups. These groups are as follows:
+        <emphasis>authentication</emphasis>, <emphasis>account</emphasis>,
+        <emphasis>session</emphasis> and <emphasis>password</emphasis>.
+        To be properly defined, a module must define all functions within
+        at least one of these groups. A single module may contain the
+        necessary functions for <emphasis>all</emphasis> four groups.
+      </para>
+      <section id="mwg-expected-of-module-overview-1">
+        <title>Functional independence</title>
+        <para>
+          The independence of the four groups of service a module can
+          offer means that the module should allow for the possibility
+          that any one of these four services may legitimately be called
+          in any order. Thus, the module writer should consider the
+          appropriateness of performing a service without the prior
+          success of some other part of the module.
+        </para>
+        <para>
+          As an informative example, consider the possibility that an
+          application applies to change a user's authentication token,
+          without having first requested that
+          <emphasis remap='B'>Linux-PAM</emphasis> authenticate the
+          user. In some cases this may be deemed appropriate: when
+          <command>root</command> wants to change the authentication
+          token of some lesser user. In other cases it may not be
+          appropriate: when <command>joe</command> maliciously wants
+          to reset <command>alice</command>'s password; or when anyone
+          other than the user themself wishes to reset their
+          <emphasis>KERBEROS</emphasis> authentication token. A policy
+          for this action should be defined by any reasonable
+          authentication scheme, the module writer should consider
+          this when implementing a given module.
+        </para>
+      </section>
+      <section id="mwg-expected-of-module-overview-2">
+        <title>Minimizing administration problems</title>
+        <para>
+          To avoid system administration problems and the poor
+          construction of a <filename>/etc/pam.conf</filename> file,
+          the module developer may define all six of the following
+          functions. For those functions that would not be called,
+          the module should return <errorname>PAM_SERVICE_ERR</errorname>
+          and write an appropriate message to the system log. When
+          this action is deemed inappropriate, the function would
+          simply return <errorname>PAM_IGNORE</errorname>.
+        </para>
+      </section>
+      <section id="mwg-expected-of-module-overview-3">
+        <title>Arguments supplied to the module</title>
+        <para>
+          The <parameter>flags</parameter> argument of each of
+          the following functions can be logically OR'd with
+          <parameter>PAM_SILENT</parameter>, which is used to inform the
+          module to not pass any <emphasis>text</emphasis> (errors or
+          warnings) application.
+        </para>
+        <para>
+          The <parameter>argc</parameter> and <parameter>argv</parameter>
+          arguments are taken from the line appropriate to this
+          module---that is, with the <emphasis>service_name</emphasis>
+          matching that of the application---in the configuration file
+          (see the <emphasis remap='B'>Linux-PAM</emphasis>
+          System Administrators' Guide). Together these two parameters
+          provide the number of arguments and an array of pointers to
+          the individual argument tokens. This will be familiar to C
+          programmers as the ubiquitous method of passing command arguments
+          to the function <function>main()</function>. Note, however, that
+          the first argument (<parameter>argv[0]</parameter>) is a true
+          argument and <emphasis>not</emphasis> the name of the module.
+        </para>
+      </section>
+    </section>
+    <section id="mwg-expected-of-module-auth">
+      <title>Authentication management</title>
+      <para>
+        To be correctly initialized, <parameter>PAM_SM_AUTH</parameter>
+        must be <command>#define</command>'d prior to including
+        <function>&lt;security/pam_modules.h&gt;</function>. This will
+        ensure that the prototypes for static modules are properly declared.
+      </para>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_sm_authenticate.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_sm_setcred.xml"/>
+    </section>
+    <section id="mwg-expected-of-module-acct">
+      <title>Account management</title>
+      <para>
+        To be correctly initialized, <parameter>PAM_SM_ACCOUNT</parameter>
+        must be <command>#define</command>'d prior to including
+        <function>&lt;security/pam_modules.h&gt;</function>. This will
+        ensure that the prototypes for static modules are properly declared.
+      </para>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_sm_acct_mgmt.xml"/>
+    </section>
+    <section id="mwg-expected-of-module-session">
+      <title>Session management</title>
+      <para>
+        To be correctly initialized, <parameter>PAM_SM_SESSION</parameter>
+        must be <command>#define</command>'d prior to including
+        <function>&lt;security/pam_modules.h&gt;</function>. This will
+        ensure that the prototypes for static modules are properly declared.
+      </para>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_sm_open_session.xml"/>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_sm_close_session.xml"/>
+    </section>
+    <section id="mwg-expected-of-module-chauthtok">
+      <title>Authentication token management</title>
+      <para>
+        To be correctly initialized, <parameter>PAM_SM_PASSWORD</parameter>
+        must be <command>#define</command>'d prior to including
+        <function>&lt;security/pam_modules.h&gt;</function>. This will
+        ensure that the prototypes for static modules are properly declared.
+      </para>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+       href="pam_sm_chauthtok.xml"/>
+    </section>
+  </chapter>
+
+  <chapter id="mwg-see-options">
+    <title>Generic optional arguments</title>
+    <para>
+      Here we list the generic arguments that all modules can expect to
+      be passed. They are not mandatory, and their absence should be
+      accepted without comment by the module.
+    </para>
+    <variablelist>
+      <varlistentry>
+        <term>debug</term>
+        <listitem>
+           <para>
+             Use the <citerefentry>
+             <refentrytitle>pam_syslog</refentrytitle><manvolnum>3</manvolnum>
+             </citerefentry> call to log debugging information to the system
+             log files.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>use_first_pass</term>
+        <listitem>
+           <para>
+             The module should not prompt the user for a password.
+             Instead, it should obtain the previously typed password
+             (by a call to <function>pam_get_item()</function> for the
+             <parameter>PAM_AUTHTOK</parameter> item), and use that. If
+             that doesn't work, then the user will not be authenticated.
+             (This option is intended for <command>auth</command> and
+             <command>passwd</command> modules only).
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </chapter>
+
+  <chapter id="mwg-see-also">
+    <title>See also</title>
+    <itemizedlist>
+      <listitem>
+        <para>
+          The Linux-PAM System Administrators' Guide.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          The Linux-PAM Application Developers' Guide.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          The V. Samar and R. Schemers (SunSoft), ``UNIFIED LOGIN WITH
+          PLUGGABLE AUTHENTICATION MODULES'', Open Software Foundation
+          Request For Comments 86.0, October 1995.
+        </para>
+      </listitem>
+    </itemizedlist>
+  </chapter>
+
+  <chapter id='mwg-author'>
+    <title>Author/acknowledgments</title>
+    <para>
+      This document was written by Andrew G. Morgan (morgan@kernel.org)
+      with many contributions from
+      Chris Adams, Peter Allgeyer, Tim Baverstock, Tim Berger, Craig S. Bell,
+      Derrick J. Brashear, Ben Buxton, Seth Chaiklin, Oliver Crow, Chris Dent,
+      Marc Ewing, Cristian Gafton, Emmanuel Galanos, Brad M. Garcia,
+      Eric Hester, Roger Hu, Eric Jacksch, Michael K. Johnson, David Kinchlea,
+      Olaf Kirch, Marcin Korzonek, Thorsten Kukuk, Stephen Langasek,
+      Nicolai Langfeldt, Elliot Lee, Luke Kenneth Casson Leighton,
+      Al Longyear, Ingo Luetkebohle, Marek Michalkiewicz, Robert Milkowski,
+      Aleph One, Martin Pool, Sean Reifschneider, Jan Rekorajski, Erik Troan,
+      Theodore Ts'o, Jeff Uphoff, Myles Uyema, Savochkin Andrey Vladimirovich,
+      Ronald Wahl, David Wood, John Wilmes, Joseph S. D. Yao
+      and Alex O. Yuriev.
+    </para>
+    <para>
+      Thanks are also due to Sun Microsystems, especially to Vipin Samar and
+      Charlie Lai for their advice. At an early stage in the development of
+      <emphasis remap='B'>Linux-PAM</emphasis>, Sun graciously made the
+      documentation for their implementation of PAM available. This act
+      greatly accelerated the development of
+      <emphasis remap='B'>Linux-PAM</emphasis>.
+    </para>
+  </chapter>
+
+  <chapter id='mwg-copyright'>
+    <title>Copyright information for this document</title>
+    <programlisting>
+Copyright (c) 2006 Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;
+Copyright (c) 1996-2002 Andrew G. Morgan &lt;morgan@kernel.org&gt;
+    </programlisting>
+    <para>
+      Redistribution and use in source and binary forms, with or without
+      modification, are permitted provided that the following conditions are
+      met:
+    </para>
+    <programlisting>
+1. Redistributions of source code must retain the above copyright
+   notice, and the entire permission notice in its entirety,
+   including the disclaimer of warranties.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. The name of the author may not be used to endorse or promote
+   products derived from this software without specific prior
+   written permission.
+    </programlisting>
+    <para>
+      Alternatively, this product may be distributed under the terms of
+      the GNU General Public License (GPL), in which case the provisions
+      of the GNU GPL are required instead of the above restrictions.
+      (This clause is necessary due to a potential bad interaction between
+      the GNU GPL and the restrictions contained in a BSD-style copyright.)
+    </para>
+    <programlisting>
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+    </programlisting>
+  </chapter>
+</book>