summaryrefslogtreecommitdiff
path: root/doc/man/pam_set_item.3
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/pam_set_item.3')
-rw-r--r--doc/man/pam_set_item.3340
1 files changed, 340 insertions, 0 deletions
diff --git a/doc/man/pam_set_item.3 b/doc/man/pam_set_item.3
new file mode 100644
index 00000000..0935fe1b
--- /dev/null
+++ b/doc/man/pam_set_item.3
@@ -0,0 +1,340 @@
+.\" Title: pam_set_item
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\" Date: 10/27/2010
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_SET_ITEM" "3" "10/27/2010" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+pam_set_item \- set and update PAM informations
+.SH "Synopsis"
+.sp
+.ft B
+.fam C
+.ps -1
+.nf
+#include <security/pam_modules\&.h>
+.fi
+.fam
+.ps +1
+.ft
+.fam C
+.HP \w'int\ pam_set_item('u
+.BI "int pam_set_item(pam_handle_t\ *" "pamh" ", int\ " "item_type" ", const\ void\ *" "item" ");"
+.fam
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_set_item\fR
+function allows applications and PAM service modules to access and to update PAM informations of
+\fIitem_type\fR\&. For this a copy of the object pointed to by the
+\fIitem\fR
+argument is created\&. The following
+\fIitem_type\fRs are supported:
+.PP
+PAM_SERVICE
+.RS 4
+The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\&.
+.RE
+.PP
+PAM_USER
+.RS 4
+The username of the entity under whose identity service will be given\&. That is, following authentication,
+\fIPAM_USER\fR
+identifies the local entity that gets to use the service\&. Note, this value can be mapped from something (eg\&., "anonymous") to something else (eg\&. "guest119") by any module in the PAM stack\&. As such an application should consult the value of
+\fIPAM_USER\fR
+after each call to a PAM function\&.
+.RE
+.PP
+PAM_USER_PROMPT
+.RS 4
+The string used when prompting for a user\'s name\&. The default value for this string is a localized version of "login: "\&.
+.RE
+.PP
+PAM_TTY
+.RS 4
+The terminal name: prefixed by
+\FC/dev/\F[]
+if it is a device file; for graphical, X\-based, applications the value for this item should be the
+\fI$DISPLAY\fR
+variable\&.
+.RE
+.PP
+PAM_RUSER
+.RS 4
+The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\&.
+.sp
+Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\&. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\&.
+.sp
+
+\fIPAM_RUSER@PAM_RHOST\fR
+should always identify the requesting user\&. In some cases,
+\fIPAM_RUSER\fR
+may be NULL\&. In such situations, it is unclear who the requesting entity is\&.
+.RE
+.PP
+PAM_RHOST
+.RS 4
+The requesting hostname (the hostname of the machine from which the
+\fIPAM_RUSER\fR
+entity is requesting service)\&. That is
+\fIPAM_RUSER@PAM_RHOST\fR
+does identify the requesting user\&. In some applications,
+\fIPAM_RHOST\fR
+may be NULL\&. In such situations, it is unclear where the authentication request is originating from\&.
+.RE
+.PP
+PAM_AUTHTOK
+.RS 4
+The authentication token (often a password)\&. This token should be ignored by all module functions besides
+\fBpam_sm_authenticate\fR(3)
+and
+\fBpam_sm_chauthtok\fR(3)\&. In the former function it is used to pass the most recent authentication token from one stacked module to another\&. In the latter function the token is used for another purpose\&. It contains the currently active authentication token\&.
+.RE
+.PP
+PAM_OLDAUTHTOK
+.RS 4
+The old authentication token\&. This token should be ignored by all module functions except
+\fBpam_sm_chauthtok\fR(3)\&.
+.RE
+.PP
+PAM_CONV
+.RS 4
+The pam_conv structure\&. See
+\fBpam_conv\fR(3)\&.
+.RE
+.PP
+The following additional items are specific to Linux\-PAM and should not be used in portable applications:
+.PP
+PAM_FAIL_DELAY
+.RS 4
+A function pointer to redirect centrally managed failure delays\&. See
+\fBpam_fail_delay\fR(3)\&.
+.RE
+.PP
+PAM_XDISPLAY
+.RS 4
+The name of the X display\&. For graphical, X\-based applications the value for this item should be the
+\fI$DISPLAY\fR
+variable\&. This value may be used independently of
+\fIPAM_TTY\fR
+for passing the name of the display\&.
+.RE
+.PP
+PAM_XAUTHDATA
+.RS 4
+A pointer to a structure containing the X authentication data required to make a connection to the display specified by
+\fIPAM_XDISPLAY\fR, if such information is necessary\&. See
+\fBpam_xauth_data\fR(3)\&.
+.RE
+.PP
+PAM_AUTHTOK_TYPE
+.RS 4
+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word
+\fIUNIX\fR
+can be replaced with this item, by default it is empty\&. This item is used by
+\fBpam_get_authtok\fR(3)\&.
+.RE
+.PP
+For all
+\fIitem_type\fRs, other than PAM_CONV and PAM_FAIL_DELAY,
+\fIitem\fR
+is a pointer to a <NUL> terminated character string\&. In the case of PAM_CONV,
+\fIitem\fR
+points to an initialized
+\fIpam_conv\fR
+structure\&. In the case of PAM_FAIL_DELAY,
+\fIitem\fR
+is a function pointer:
+\fBvoid (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr)\fR
+.PP
+Both, PAM_AUTHTOK and PAM_OLDAUTHTOK, will be reseted before returning to the application\&. Which means an application is not able to access the authentication tokens\&.
+.SH "RETURN VALUES"
+.PP
+PAM_BAD_ITEM
+.RS 4
+The application attempted to set an undefined or inaccessible item\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Data was successful updated\&.
+.RE
+.PP
+PAM_SYSTEM_ERR
+.RS 4
+The
+\fIpam_handle_t\fR
+passed as first argument was invalid\&.
+.RE
+.SH "SEE ALSO"
+.PP
+
+\fBpam_get_item\fR(3),
+\fBpam_strerror\fR(3)