diff options
Diffstat (limited to 'doc/man')
44 files changed, 0 insertions, 5819 deletions
diff --git a/doc/man/.cvsignore b/doc/man/.cvsignore deleted file mode 100644 index d1987738..00000000 --- a/doc/man/.cvsignore +++ /dev/null @@ -1,46 +0,0 @@ -Makefile -Makefile.in -*~ -misc_conv.3 -pam.3 -pam.8 -PAM.8 -pam_acct_mgmt.3 -pam_authenticate.3 -pam_chauthtok.3 -pam_close_session.3 -pam.conf.5 -pam_conv.3 -pam.d.5 -pam_end.3 -pam_error.3 -pam_fail_delay.3 -pam_get_data.3 -pam_getenv.3 -pam_getenvlist.3 -pam_get_item.3 -pam_get_user.3 -pam_info.3 -pam_misc_drop_env.3 -pam_misc_paste_env.3 -pam_misc_setenv.3 -pam_open_session.3 -pam_prompt.3 -pam_putenv.3 -pam_setcred.3 -pam_set_data.3 -pam_set_item.3 -pam_sm_acct_mgmt.3 -pam_sm_authenticate.3 -pam_sm_chauthtok.3 -pam_sm_close_session.3 -pam_sm_open_session.3 -pam_sm_setcred.3 -pam_start.3 -pam_strerror.3 -pam_syslog.3 -pam_verror.3 -pam_vinfo.3 -pam_vprompt.3 -pam_vsyslog.3 -pam_xauth_data.3 diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am deleted file mode 100644 index 52e5caab..00000000 --- a/doc/man/Makefile.am +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (c) 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de> -# - -CLEANFILES = *~ -MAINTAINERCLEANFILES = $(MANS) - -EXTRA_DIST = $(MANS) $(XMLS) - -man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ - pam_acct_mgmt.3 pam_authenticate.3 \ - pam_chauthtok.3 pam_close_session.3 pam_conv.3 \ - pam_end.3 pam_error.3 \ - pam_fail_delay.3 pam_xauth_data.3 \ - pam_get_data.3 pam_get_item.3 pam_get_user.3 pam_getenv.3 \ - pam_getenvlist.3 \ - pam_info.3 \ - pam_open_session.3 \ - pam_prompt.3 pam_putenv.3 \ - pam_set_data.3 pam_set_item.3 pam_syslog.3 \ - pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 \ - pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 \ - pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 \ - pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 \ - misc_conv.3 pam_misc_paste_env.3 pam_misc_drop_env.3 \ - pam_misc_setenv.3 -XMLS = pam.3.xml pam.8.xml \ - pam_acct_mgmt.3.xml pam_authenticate.3.xml \ - pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \ - pam_end.3.xml pam_error.3.xml \ - pam_fail_delay.3.xml pam_xauth_data.3 \ - pam_get_data.3.xml pam_get_item.3.xml pam_get_user.3.xml \ - pam_getenv.3.xml pam_getenvlist.3.xml \ - pam_info.3.xml \ - pam_open_session.3.xml \ - pam_prompt.3.xml pam_putenv.3.xml \ - pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \ - pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \ - pam_sm_close_session.3.xml pam_sm_open_session.3.xml \ - pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \ - pam_sm_chauthtok.3.xml \ - pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ - pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ - misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ - pam_misc_setenv.3.xml - -if ENABLE_REGENERATE_MAN -PAM.8: pam.8 -pam.d.5: pam.conf.5 - test -f $(srcdir)/pam\\.d.5 && mv $(srcdir)/pam\\.d.5 $(srcdir)/pam.d.5 ||: - -pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml -pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml -pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml --include $(top_srcdir)/Make.xml.rules -endif diff --git a/doc/man/misc_conv.3.xml b/doc/man/misc_conv.3.xml deleted file mode 100644 index 825dd10c..00000000 --- a/doc/man/misc_conv.3.xml +++ /dev/null @@ -1,188 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="misc_conv"> - - <refmeta> - <refentrytitle>misc_conv</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="misc_conv-name"> - <refname>misc_conv</refname> - <refpurpose>text based conversation function</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="misc_conv-synopsis"> - <funcsynopsisinfo>#include <security/pam_misc.h></funcsynopsisinfo> - <funcprototype> - <funcdef>void <function>misc_conv</function></funcdef> - <paramdef>int <parameter>num_msg</parameter></paramdef> - <paramdef>const struct pam_message **<parameter>msgm</parameter></paramdef> - <paramdef>struct pam_response **<parameter>response</parameter></paramdef> - <paramdef>void *<parameter>appdata_ptr</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='misc_conv-description'> - <title>DESCRIPTION</title> - <para> - The <function>misc_conv</function> function is part of - <command>libpam_misc</command> and not of the standard - <command>libpam</command> library. This function will prompt - the user with the appropriate comments and obtain the appropriate - inputs as directed by authentication modules. - </para> - <para> - In addition to simply slotting into the appropriate <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, this function provides some time-out facilities. - The function exports five variables that can be used by an - application programmer to limit the amount of time this conversation - function will spend waiting for the user to type something. The - five variabls are as follows: - </para> - <variablelist> - <varlistentry> - <term><type>time_t</type> <varname>pam_misc_conv_warn_time</varname>;</term> - <listitem> - <para> - This variable contains the <emphasis>time</emphasis> (as - returned by <citerefentry> - <refentrytitle>time</refentrytitle><manvolnum>2</manvolnum> - </citerefentry>) that the user should be first warned that - the clock is ticking. By default it has the value - <returnvalue>0</returnvalue>, which indicates that no such - warning will be given. The application may set its value to - sometime in the future, but this should be done prior to - passing control to the <emphasis>Linux-PAM</emphasis> library. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><type>const char *</type><varname>pam_misc_conv_warn_line</varname>;</term> - <listitem> - <para> - Used in conjuction with - <varname>pam_misc_conv_warn_time</varname>, this variable is - a pointer to the string that will be displayed when it becomes - time to warn the user that the timeout is approaching. Its - default value is a translated version of - <quote>...Time is running out...</quote>, but this can be - changed by the application prior to passing control to - <emphasis>Linux-PAM</emphasis>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><type>time_t</type> <varname>pam_misc_conv_die_time</varname>;</term> - <listitem> - <para> - This variable contains the <emphasis>time</emphasis> (as - returned by <citerefentry> - <refentrytitle>time</refentrytitle><manvolnum>2</manvolnum> - </citerefentry>) that the will time out. By default it has - the value <returnvalue>0</returnvalue>, which indicates that - the conversation function will not timeout. The application - may set its value to sometime in the future, but this should - be done prior to passing control to the - <emphasis>Linux-PAM</emphasis> library. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><type>const char *</type><varname>pam_misc_conv_die_line</varname>;</term> - <listitem> - <para> - Used in conjuction with - <varname>pam_misc_conv_die_time</varname>, this variable is - a pointer to the string that will be displayed when the - conversation times out. Its default value is a translated - version of - <quote>...Sorry, your time is up!</quote>, but this can be - changed by the application prior to passing control to - <emphasis>Linux-PAM</emphasis>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><type>int</type> <varname>pam_misc_conv_died</varname>;</term> - <listitem> - <para> - Following a return from the <emphasis>Linux-PAM</emphasis> - libraray, the value of this variable indicates whether the - conversation has timed out. A value of - <returnvalue>1</returnvalue> indicates the time-out occurred. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> - The following two function pointers are available for supporting - binary prompts in the conversation function. They are optimized - for the current incarnation of the <command>libpamc</command> - library and are subject to change. - </para> - <variablelist> - <varlistentry> - <term> - <type>int</type> <varname>(*pam_binary_handler_fn)</varname>(<type>void *</type><varname>appdata</varname>, <type>pamc_bp_t *</type><varname>prompt_p</varname>); - </term> - <listitem> - <para> - This function pointer is initialized to - <returnvalue>NULL</returnvalue> but can be filled with a - function that provides machine-machine (hidden) message - exchange. It is intended for use with hidden authentication - protocols such as RSA or Diffie-Hellman key exchanges. - (This is still under development.) - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <type>int</type> <varname>(*pam_binary_handler_free)</varname>(<type>void *</type><varname>appdata</varname>, <type>pamc_bp_t *</type><varname>delete_me</varname>); - </term> - <listitem> - <para> - This function pointer is initialized to - <function>PAM_BP_RENEW(delete_me, 0, 0)</function>, but can be - redefined as desired by the application. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='misc_conv-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='misc_conv-standards'> - <title>STANDARDS</title> - <para> - The <function>misc_conv</function> function is part of the - <command>libpam_misc</command> Library and not defined in any - standard. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam.3.xml b/doc/man/pam.3.xml deleted file mode 100644 index 3cf71b2d..00000000 --- a/doc/man/pam.3.xml +++ /dev/null @@ -1,433 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam3'> - - <refmeta> - <refentrytitle>pam</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam3-name'> - <refname>pam</refname> - <refpurpose>Pluggable Authentication Modules Library</refpurpose> - </refnamediv> - - <refsynopsisdiv id='pam3-synopsis'> - <funcsynopsis> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_ext.h></funcsynopsisinfo> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam3-description'> - <title>DESCRIPTION</title> - <para> - <emphasis remap='B'>PAM</emphasis> is a system of libraries - that handle the authentication tasks of applications (services) - on the system. The library provides a stable general interface - (Application Programming Interface - API) that privilege granting - programs (such as - <citerefentry> - <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> - </citerefentry> and <citerefentry> - <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>) - defer to to perform standard authentication tasks. - </para> - - <refsect2 id='pam3-initialization_and_cleanup'> - <title>Initialization and Cleanup</title> - <para> - The - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function creates the PAM context and initiates the - PAM transaction. It is the first of the PAM functions that needs to - be called by an application. The transaction state is contained - entirely within the structure identified by this handle, so it is - possible to have multiple transactions in parallel. But it is not - possible to use the same handle for different transactions, a new - one is needed for every new context. - </para> - <para> - The - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function terminates the PAM transaction and is the last - function an application should call in the PAM context. Upon return - the handle pamh is no longer valid and all memory associated with it - will be invalid. It can be called at any time to terminate a PAM - transaction. - </para> - </refsect2> - - <refsect2 id='pam3-authentication'> - <title>Authentication</title> - <para> - The - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - function is used to - authenticate the user. The user is required to provide an - authentication token depending upon the authentication service, - usually this is a password, but could also be a finger print. - </para> - <para> - The - <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - function manages the userscredentials. - </para> - </refsect2> - - <refsect2 id='pam3-account_management'> - <title>Account Management</title> - <para> - The - <citerefentry> - <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function is used to determine if the users account is - valid. It checks for authentication token and account expiration and - verifies access restrictions. It is typically called after the user - has been authenticated. - </para> - </refsect2> - - <refsect2 id='pam3-password_management'> - <title>Password Management</title> - <para> - The - <citerefentry> - <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function is used to change the authentication token - for a given user on request or because the token has expired. - </para> - </refsect2> - - <refsect2 id='pam3-session_management'> - <title>Session Management</title> - <para> - The - <citerefentry> - <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function sets up a user session for a previously - successful authenticated user. The session should later be terminated - with a call to - <citerefentry> - <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </refsect2> - - <refsect2 id='pam3-conversation'> - <title>Conversation</title> - <para> - The PAM library uses an application-defined callback to allow - a direct communication between a loaded module and the application. - This callback is specified by the - <emphasis>struct pam_conv</emphasis> passed to - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> at the start of the transaction. See - <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - for details. - </para> - </refsect2> - - <refsect2 id='pam3-data'> - <title>Data Objects</title> - <para> - The - <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - and - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - functions allows applications and PAM service modules to set and - retrieve PAM informations. - </para> - <para> - The - <citerefentry> - <refentrytitle>pam_get_user</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - function is the preferred method to obtain the username. - </para> - <para> - The - <citerefentry> - <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - and - <citerefentry> - <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - functions allows PAM service modules to set and retrieve free-form - data from one invocation to another. - </para> - </refsect2> - - <refsect2 id='pam3-miscellaneous'> - <title>Environment and Error Management</title> - <para> - The - <citerefentry> - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_getenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> and - <citerefentry> - <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - functions are for maintaining a set of private environment variables. - </para> - - <para> - The - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function returns a pointer to a string describing the - given PAM error code. - </para> - </refsect2> - </refsect1> - - <refsect1 id='pam3-return_values'> - <title>RETURN VALUES</title> - <para> - The following return codes are known by PAM: - </para> - <variablelist> - <varlistentry> - <term>PAM_ABORT</term> - <listitem> - <para>Critical error, immediate abort.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_ACCT_EXPIRED</term> - <listitem> - <para>User account has expired.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHINFO_UNAVAIL</term> - <listitem> - <para> - Authentication service cannot retrieve authentication info. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_DISABLE_AGING</term> - <listitem> - <para>Authentication token aging disabled.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_ERR</term> - <listitem> - <para>Authentication token manipulation error.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_EXPIRED</term> - <listitem> - <para>Authentication token expired.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_LOCK_BUSY</term> - <listitem> - <para>Authentication token lock busy.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_RECOVERY_ERR</term> - <listitem> - <para>Authentication information cannot be recovered.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para>Authentication failure.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para>Memory buffer error.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CONV_ERR</term> - <listitem> - <para>Conversation failure.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_ERR</term> - <listitem> - <para>Failure setting user credentials.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_EXPIRED</term> - <listitem> - <para>User credentials expired.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_INSUFFICIENT</term> - <listitem> - <para>Insufficient credentials to access authentication data.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_UNAVAIL</term> - <listitem> - <para>Authentication service cannot retrieve user credentials.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_IGNORE</term> - <listitem> - <para>The return value should be ignored by PAM dispatch.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_MAXTRIES</term> - <listitem> - <para>Have exhausted maximum number of retries for service.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_MODULE_UNKNOWN</term> - <listitem> - <para>Module is unknown.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_NEW_AUTHTOK_REQD</term> - <listitem> - <para> - Authentication token is no longer valid; new one required. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_NO_MODULE_DATA</term> - <listitem> - <para>No module specific data is present.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_OPEN_ERR</term> - <listitem> - <para>Failed to load module.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_PERM_DENIED</term> - <listitem> - <para>Permission denied.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SERVICE_ERR</term> - <listitem> - <para>Error in service module.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SESSION_ERR</term> - <listitem> - <para>Cannot make/remove an entry for the specified session.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para>Success.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYMBOL_ERR</term> - <listitem> - <para>Symbol not found.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para>System error.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_TRY_AGAIN</term> - <listitem> - <para>Failed preliminary check by password service.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para>User not known to the underlying authentication module.</para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='see_also'><title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_getenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_get_user</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml deleted file mode 100644 index 1267f01c..00000000 --- a/doc/man/pam.8.xml +++ /dev/null @@ -1,186 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam8'> - - <refmeta> - <refentrytitle>pam</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam8-name'> - <refname>PAM</refname> - <refname>pam</refname> - <refpurpose>Pluggable Authentication Modules for Linux</refpurpose> - </refnamediv> - - <refsect1 id='pam8-description'> - <title>DESCRIPTION</title> - <para> - This manual is intended to offer a quick introduction to - <emphasis remap='B'>Linux-PAM</emphasis>. For more information - the reader is directed to the - <emphasis remap='B'>Linux-PAM system administrators' guide</emphasis>. - </para> - - <para> - <emphasis remap='B'>Linux-PAM</emphasis> is a system of libraries - that handle the authentication tasks of applications (services) on - the system. The library provides a stable general interface - (Application Programming Interface - API) that privilege granting - programs (such as <citerefentry> - <refentrytitle>login</refentrytitle><manvolnum>1</manvolnum> - </citerefentry> and <citerefentry> - <refentrytitle>su</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>) defer to to perform standard authentication tasks. - </para> - - <para> - The principal feature of the PAM approach is that the nature of the - authentication is dynamically configurable. In other words, the - system administrator is free to choose how individual - service-providing applications will authenticate users. This dynamic - configuration is set by the contents of the single - <emphasis remap='B'>Linux-PAM</emphasis> configuration file - <filename>/etc/pam.conf</filename>. Alternatively, the configuration - can be set by individual configuration files located in the - <filename>/etc/pam.d/</filename> directory. The presence of this - directory will cause <emphasis remap='B'>Linux-PAM</emphasis> to - <emphasis remap='I'>ignore</emphasis> - <filename>/etc/pam.conf</filename>. - </para> - - -<para>From the point of view of the system administrator, for whom this -manual is provided, it is not of primary importance to understand the -internal behavior of the -<emphasis remap='B'>Linux-PAM</emphasis> -library. The important point to recognize is that the configuration -file(s) -<emphasis remap='I'>define</emphasis> -the connection between applications -<emphasis remap='B'></emphasis>(<emphasis remap='B'>services</emphasis>) -and the pluggable authentication modules -<emphasis remap='B'></emphasis>(<emphasis remap='B'>PAM</emphasis>s) -that perform the actual authentication tasks.</para> - - -<para><emphasis remap='B'>Linux-PAM</emphasis> -separates the tasks of -<emphasis remap='I'>authentication</emphasis> -into four independent management groups: -<emphasis remap='B'>account</emphasis> management; -<emphasis remap='B'>auth</emphasis>entication management; -<emphasis remap='B'>password</emphasis> management; -and -<emphasis remap='B'>session</emphasis> management. -(We highlight the abbreviations used for these groups in the -configuration file.)</para> - - -<para>Simply put, these groups take care of different aspects of a typical -user's request for a restricted service:</para> - - -<para><emphasis remap='B'>account</emphasis> - -provide account verification types of service: has the user's password -expired?; is this user permitted access to the requested service?</para> - -<!-- .br --> -<para><emphasis remap='B'>auth</emphasis>entication - -authenticate a user and set up user credentials. Typically this is via -some challenge-response request that the user must satisfy: if you are -who you claim to be please enter your password. Not all authentications -are of this type, there exist hardware based authentication schemes -(such as the use of smart-cards and biometric devices), with suitable -modules, these may be substituted seamlessly for more standard -approaches to authentication - such is the flexibility of -<emphasis remap='B'>Linux-PAM</emphasis>.</para> - -<!-- .br --> -<para><emphasis remap='B'>password</emphasis> - -this group's responsibility is the task of updating authentication -mechanisms. Typically, such services are strongly coupled to those of -the -<emphasis remap='B'>auth</emphasis> -group. Some authentication mechanisms lend themselves well to being -updated with such a function. Standard UN*X password-based access is -the obvious example: please enter a replacement password.</para> - -<!-- .br --> -<para><emphasis remap='B'>session</emphasis> - -this group of tasks cover things that should be done prior to a -service being given and after it is withdrawn. Such tasks include the -maintenance of audit trails and the mounting of the user's home -directory. The -<emphasis remap='B'>session</emphasis> -management group is important as it provides both an opening and -closing hook for modules to affect the services available to a user.</para> - -</refsect1> - - <refsect1 id='pam8-files'> - <title>FILES</title> - <variablelist> - <varlistentry> - <term><filename>/etc/pam.conf</filename></term> - <listitem> - <para>the configuration file</para> - </listitem> - </varlistentry> - <varlistentry> - <term><filename>/etc/pam.d</filename></term> - <listitem> - <para> - the <emphasis remap='B'>Linux-PAM</emphasis> configuration - directory. Generally, if this directory is present, the - <filename>/etc/pam.conf</filename> file is ignored. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam8-errors'> - <title>ERRORS</title> - <para> - Typically errors generated by the - <emphasis remap='B'>Linux-PAM</emphasis> system of libraries, will - be written to <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </refsect1> - - <refsect1 id='pam8-conforming_to'> - <title>CONFORMING TO</title> - <para> - DCE-RFC 86.0, October 1995. - Contains additional features, but remains backwardly compatible - with this RFC. - </para> - </refsect1> - - <refsect1 id='pam8-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam.conf-desc.xml b/doc/man/pam.conf-desc.xml deleted file mode 100644 index 909dcdbe..00000000 --- a/doc/man/pam.conf-desc.xml +++ /dev/null @@ -1,21 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<section id='pam.conf-desc'> - <para> - When a <emphasis>PAM</emphasis> aware privilege granting application - is started, it activates its attachment to the PAM-API. This - activation performs a number of tasks, the most important being the - reading of the configuration file(s): <filename>/etc/pam.conf</filename>. - Alternatively, this may be the contents of the - <filename>/etc/pam.d/</filename> directory. The presence of this - directory will cause Linux-PAM to ignore - <filename>/etc/pam.conf</filename>. - </para> - <para> - These files list the <emphasis>PAM</emphasis>s that will do the - authentication tasks required by this service, and the appropriate - behavior of the PAM-API in the event that individual - <emphasis>PAM</emphasis>s fail. - </para> -</section> diff --git a/doc/man/pam.conf-dir.xml b/doc/man/pam.conf-dir.xml deleted file mode 100644 index 8446cf35..00000000 --- a/doc/man/pam.conf-dir.xml +++ /dev/null @@ -1,30 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<section id='pam.conf-dir'> - <para> - More flexible than the single configuration file is it to - configure libpam via the contents of the - <filename>/etc/pam.d/</filename> directory. In this case the - directory is filled with files each of which has a filename - equal to a service-name (in lower-case): it is the personal - configuration file for the named service. - </para> - - <para> - The syntax of each file in /etc/pam.d/ is similar to that of the - <filename>/etc/pam.conf</filename> file and is made up of lines - of the following form: - </para> - - <programlisting> -type control module-path module-arguments - </programlisting> - - <para> - The only difference being that the service-name is not present. The - service-name is of course the name of the given configuration file. - For example, <filename>/etc/pam.d/login</filename> contains the - configuration for the <emphasis remap='B'>login</emphasis> service. - </para> -</section> diff --git a/doc/man/pam.conf-syntax.xml b/doc/man/pam.conf-syntax.xml deleted file mode 100644 index 1460c6f6..00000000 --- a/doc/man/pam.conf-syntax.xml +++ /dev/null @@ -1,393 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<section id='pam.conf-syntax'> - <para> - The syntax of the <filename>/etc/pam.conf</filename> - configuration file is as follows. The file is made up of a list - of rules, each rule is typically placed on a single line, - but may be extended with an escaped end of line: `\<LF>'. - Comments are preceded with `#' marks and extend to the next end of - line. - </para> - - <para> - The format of each rule is a space separated collection of tokens, - the first three being case-insensitive: - </para> - - <para> - <emphasis remap='B'> service type control module-path module-arguments</emphasis> - </para> - - <para> - The syntax of files contained in the <filename>/etc/pam.d/</filename> - directory, are identical except for the absence of any - <emphasis>service</emphasis> field. In this case, the - <emphasis>service</emphasis> is the name of the file in the - <filename>/etc/pam.d/</filename> directory. This filename must be - in lower case. - </para> - - <para> - An important feature of <emphasis>PAM</emphasis>, is that a - number of rules may be <emphasis>stacked</emphasis> to combine - the services of a number of PAMs for a given authentication task. - </para> - - <para> - The <emphasis>service</emphasis> is typically the familiar name of - the corresponding application: <emphasis>login</emphasis> and - <emphasis>su</emphasis> are good examples. The - <emphasis>service</emphasis>-name, <emphasis>other</emphasis>, - is reserved for giving <emphasis>default</emphasis> rules. - Only lines that mention the current service (or in the absence - of such, the <emphasis>other</emphasis> entries) will be associated - with the given service-application. - </para> - - <para> - The <emphasis>type</emphasis> is the management group that the rule - corresponds to. It is used to specify which of the management groups - the subsequent module is to be associated with. Valid entries are: - </para> - <variablelist> - <varlistentry> - <term>account</term> - <listitem> - <para> - this module type performs non-authentication based account - management. It is typically used to restrict/permit access - to a service based on the time of day, currently available - system resources (maximum number of users) or perhaps the - location of the applicant user -- 'root' login only on the - console. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>auth</term> - <listitem> - <para> - this module type provides two aspects of authenticating - the user. Firstly, it establishes that the user is who they - claim to be, by instructing the application to prompt the user - for a password or other means of identification. Secondly, the - module can grant group membership or other privileges through - its credential granting properties. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>password</term> - <listitem> - <para> - this module type is required for updating the authentication - token associated with the user. Typically, there is one module - for each 'challenge/response' based authentication (auth) type. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>session</term> - <listitem> - <para> - this module type is associated with doing things that need to - be done for the user before/after they can be given service. - Such things include the logging of information concerning the - opening/closing of some data exchange with a user, mounting - directories, etc. - </para> - </listitem> - </varlistentry> - </variablelist> - - <para> - The third field, <emphasis>control</emphasis>, indicates the - behavior of the PAM-API should the module fail to succeed in its - authentication task. There are two types of syntax for this control - field: the simple one has a single simple keyword; the more - complicated one involves a square-bracketed selection of - <emphasis>value=action</emphasis> pairs. - </para> - - <para> - For the simple (historical) syntax valid <emphasis>control</emphasis> - values are: - </para> - <variablelist> - <varlistentry> - <term>required</term> - <listitem> - <para> - failure of such a PAM will ultimately lead to the PAM-API - returning failure but only after the remaining - <emphasis>stacked</emphasis> modules (for this - <emphasis>service</emphasis> and <emphasis>type</emphasis>) - have been invoked. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>requisite</term> - <listitem> - <para> - like <emphasis>required</emphasis>, however, in the case that - such a module returns a failure, control is directly returned - to the application. The return value is that associated with - the first required or requisite module to fail. Note, this flag - can be used to protect against the possibility of a user getting - the opportunity to enter a password over an unsafe medium. It is - conceivable that such behavior might inform an attacker of valid - accounts on a system. This possibility should be weighed against - the not insignificant concerns of exposing a sensitive password - in a hostile environment. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>sufficient</term> - <listitem> - <para> - success of such a module is enough to satisfy the - authentication requirements of the stack of modules (if a - prior <emphasis>required</emphasis> module has failed the - success of this one is <emphasis>ignored</emphasis>). A failure - of this module is not deemed as fatal to satisfying the - application that this type has succeeded. If the module succeeds - the PAM framework returns success to the application immediately - without trying any other modules. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>optional</term> - <listitem> - <para> - the success or failure of this module is only important if - it is the only module in the stack associated with this - <emphasis>service</emphasis>+<emphasis>type</emphasis>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>include</term> - <listitem> - <para> - include all lines of given type from the configuration - file specified as an argument to this control. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>substack</term> - <listitem> - <para> - include all lines of given type from the configuration - file specified as an argument to this control. This differs from - <emphasis>include</emphasis> in that evaluation of the - <emphasis>done</emphasis> and <emphasis>die</emphasis> actions - in a substack does not cause skipping the rest of the complete - module stack, but only of the substack. Jumps in a substack - also can not make evaluation jump out of it, and the whole substack - is counted as one module when the jump is done in a parent stack. - The <emphasis>reset</emphasis> action will reset the state of a - module stack to the state it was in as of beginning of the substack - evaluation. - </para> - </listitem> - </varlistentry> - </variablelist> - - <para> - For the more complicated syntax valid <emphasis>control</emphasis> - values have the following form: - </para> - <programlisting> - [value1=action1 value2=action2 ...] - </programlisting> - - <para> - Where <emphasis>valueN</emphasis> corresponds to the return code - from the function invoked in the module for which the line is - defined. It is selected from one of these: - <emphasis>success</emphasis>, <emphasis>open_err</emphasis>, - <emphasis>symbol_err</emphasis>, <emphasis>service_err</emphasis>, - <emphasis>system_err</emphasis>, <emphasis>buf_err</emphasis>, - <emphasis>perm_denied</emphasis>, <emphasis>auth_err</emphasis>, - <emphasis>cred_insufficient</emphasis>, - <emphasis>authinfo_unavail</emphasis>, - <emphasis>user_unknown</emphasis>, <emphasis>maxtries</emphasis>, - <emphasis>new_authtok_reqd</emphasis>, - <emphasis>acct_expired</emphasis>, <emphasis>session_err</emphasis>, - <emphasis>cred_unavail</emphasis>, <emphasis>cred_expired</emphasis>, - <emphasis>cred_err</emphasis>, <emphasis>no_module_data</emphasis>, - <emphasis>conv_err</emphasis>, <emphasis>authtok_err</emphasis>, - <emphasis>authtok_recover_err</emphasis>, - <emphasis>authtok_lock_busy</emphasis>, - <emphasis>authtok_disable_aging</emphasis>, - <emphasis>try_again</emphasis>, <emphasis>ignore</emphasis>, - <emphasis>abort</emphasis>, <emphasis>authtok_expired</emphasis>, - <emphasis>module_unknown</emphasis>, <emphasis>bad_item</emphasis>, - <emphasis>conv_again</emphasis>, <emphasis>incomplete</emphasis>, - and <emphasis>default</emphasis>. - </para> - <para> - The last of these, <emphasis>default</emphasis>, implies 'all - <emphasis>valueN</emphasis>'s not mentioned explicitly. Note, the - full list of PAM errors is available in - <filename>/usr/include/security/_pam_types.h</filename>. The - <emphasis>actionN</emphasis> can be: an unsigned integer, - <emphasis>n</emphasis>, signifying an action of 'jump over the - next <emphasis>n</emphasis> modules in the stack'; or take one - of the following forms: - </para> - <variablelist> - <varlistentry> - <term>ignore</term> - <listitem> - <para> - when used with a stack of modules, the module's return - status will not contribute to the return code the application - obtains. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>bad</term> - <listitem> - <para> - this action indicates that the return code should be thought - of as indicative of the module failing. If this module is the - first in the stack to fail, its status value will be used for - that of the whole stack. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>die</term> - <listitem> - <para> - equivalent to bad with the side effect of terminating the - module stack and PAM immediately returning to the application. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>ok</term> - <listitem> - <para> - this tells PAM that the administrator thinks this return code - should contribute directly to the return code of the full - stack of modules. In other words, if the former state of the - stack would lead to a return of <emphasis>PAM_SUCCESS</emphasis>, - the module's return code will override this value. Note, if - the former state of the stack holds some value that is - indicative of a modules failure, this 'ok' value will not be - used to override that value. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>done</term> - <listitem> - <para> - equivalent to ok with the side effect of terminating the module - stack and PAM immediately returning to the application. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>reset</term> - <listitem> - <para> - clear all memory of the state of the module stack and - start again with the next stacked module. - </para> - </listitem> - </varlistentry> - </variablelist> - - <para> - Each of the four keywords: required; requisite; sufficient; and - optional, have an equivalent expression in terms of the [...] - syntax. They are as follows: - </para> - <variablelist> - <varlistentry> - <term>required</term> - <listitem> - <para> - [success=ok new_authtok_reqd=ok ignore=ignore default=bad] - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>requisite</term> - <listitem> - <para> - [success=ok new_authtok_reqd=ok ignore=ignore default=die] - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>sufficient</term> - <listitem> - <para> - [success=done new_authtok_reqd=done default=ignore] - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>optional</term> - <listitem> - <para> - [success=ok new_authtok_reqd=ok default=ignore] - </para> - </listitem> - </varlistentry> - </variablelist> - - <para> - <emphasis>module-path</emphasis> is either the full filename - of the PAM to be used by the application (it begins with a '/'), - or a relative pathname from the default module location: - <filename>/lib/security/</filename> or - <filename>/lib64/security/</filename>, depending on the architecture. - </para> - - <para> - <emphasis>module-arguments</emphasis> are a space separated list - of tokens that can be used to modify the specific behavior of the - given PAM. Such arguments will be documented for each individual - module. Note, if you wish to include spaces in an argument, you - should surround that argument with square brackets. - </para> - <programlisting> - squid auth required pam_mysql.so user=passwd_query passwd=mada \ - db=eminence [query=select user_name from internet_service \ - where user_name='%u' and password=PASSWORD('%p') and \ - service='web_proxy'] - </programlisting> - <para> - When using this convention, you can include `[' characters - inside the string, and if you wish to include a `]' character - inside the string that will survive the argument parsing, you - should use `\]'. In other words: - </para> - <programlisting> - [..[..\]..] --> ..[..].. - </programlisting> - - <para> - Any line in (one of) the configuration file(s), that is not formatted - correctly, will generally tend (erring on the side of caution) to make - the authentication process fail. A corresponding error is written to - the system log files with a call to - <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - -</section> diff --git a/doc/man/pam.conf.5.xml b/doc/man/pam.conf.5.xml deleted file mode 100644 index 68f576af..00000000 --- a/doc/man/pam.conf.5.xml +++ /dev/null @@ -1,50 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam.conf'> - - <refmeta> - <refentrytitle>pam.conf</refentrytitle> - <manvolnum>5</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam.conf-name'> - <refname>pam.conf</refname> - <refname>pam.d</refname> - <refpurpose>PAM configuration files</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsect1 id='pam.conf-description'> - <title>DESCRIPTION</title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam.conf-desc.xml" - xpointer='xpointer(//section[@id = "pam.conf-desc"]/*)' /> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam.conf-syntax.xml" - xpointer='xpointer(//section[@id = "pam.conf-syntax"]/*)' /> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam.conf-dir.xml" - xpointer='xpointer(//section[@id = "pam.conf-dir"]/*)' /> - </refsect1> - - <refsect1 id='pam.conf-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - - </refsect1> -</refentry> diff --git a/doc/man/pam_acct_mgmt.3.xml b/doc/man/pam_acct_mgmt.3.xml deleted file mode 100644 index 72274d1e..00000000 --- a/doc/man/pam_acct_mgmt.3.xml +++ /dev/null @@ -1,145 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_acct_mgmt'> - <refmeta> - <refentrytitle>pam_acct_mgmt</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_acct_mgmt-name"> - <refname>pam_acct_mgmt</refname> - <refpurpose>PAM account validation management</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_acct_mgmt-synopsis'> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_acct_mgmt</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_acct_mgmt-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_acct_mgmt</function> function is used to determine - if the users account is valid. It checks for authentication token - and account expiration and verifies access restrictions. It is - typically called after the user has been authenticated. - </para> - <para> - The <emphasis>pamh</emphasis> argument is an authentication - handle obtained by a prior call to pam_start(). - The flags argument is the binary or of zero or more of the - following values: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_DISALLOW_NULL_AUTHTOK</term> - <listitem> - <para> - The PAM module service should return PAM_NEW_AUTHTOK_REQD - if the user has a null authentication token. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_acct_mgmt-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_ACCT_EXPIRED</term> - <listitem> - <para> - User account has expired. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - Authentication failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_NEW_AUTHTOK_REQD</term> - <listitem> - <para> - The user account is valid but their authentication token - is <emphasis>expired</emphasis>. The correct response to - this return-value is to require that the user satisfies - the <function>pam_chauthtok()</function> function before - obtaining service. It may not be possible for some - applications to do this. In such cases, the user should be - denied access until such time as they can update their password. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_PERM_DENIED</term> - <listitem> - <para> - Permission denied. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The authentication token was successfully updated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User unknown to password service. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_acct_mgmt-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_authenticate.3.xml b/doc/man/pam_authenticate.3.xml deleted file mode 100644 index 8ddc38c9..00000000 --- a/doc/man/pam_authenticate.3.xml +++ /dev/null @@ -1,169 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_authenticate'> - <refmeta> - <refentrytitle>pam_authenticate</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_authenticate-name"> - <refname>pam_authenticate</refname> - <refpurpose>account authentication</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_authenticate-synopsis'> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_authenticate</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_authenticate-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_authenticate</function> function is used to - authenticate the user. The user is required to provide an - authentication token depending upon the authentication service, - usually this is a password, but could also be a finger print. - </para> - <para> - The PAM service module may request that the user enter their - username vio the the conversation mechanism (see - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> and - <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>). The name of the authenticated user - will be present in the PAM item PAM_USER. This item may be - recovered with a call to - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - <para> - The <emphasis>pamh</emphasis> argument is an authentication - handle obtained by a prior call to pam_start(). - The flags argument is the binary or of zero or more of the - following values: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_DISALLOW_NULL_AUTHTOK</term> - <listitem> - <para> - The PAM module service should return PAM_AUTH_ERR - if the user does not have a registered authentication token. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_authenticate-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_ABORT</term> - <listitem> - <para> - The application should exit immediately after calling - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> first. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - The user was not authenticated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_INSUFFICIENT</term> - <listitem> - <para> - For some reason the application does not have sufficient - credentials to authenticate the user. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHINFO_UNVAIL</term> - <listitem> - <para> - The modules were not able to access the authentication - information. This might be due to a network or hardware - failure etc. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_MAXTRIES</term> - <listitem> - <para> - One or more of the authentication modules has reached its - limit of tries authenticating the user. Do not try again. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The user was successfully authenticated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User unknown to authentication service. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_authenticate-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_chauthtok.3.xml b/doc/man/pam_chauthtok.3.xml deleted file mode 100644 index 7e20070b..00000000 --- a/doc/man/pam_chauthtok.3.xml +++ /dev/null @@ -1,164 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_chauthtok'> - <refmeta> - <refentrytitle>pam_chauthtok</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_chauthtok-name"> - <refname>pam_chauthtok</refname> - <refpurpose>updating authentication tokens</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_chauthtok-synopsis'> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_chauthtok</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_chauthtok-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_chauthtok</function> function is used to change the - authentication token for a given user (as indicated by the state - associated with the handle <emphasis>pamh</emphasis>). - </para> - <para> - The <emphasis>pamh</emphasis> argument is an authentication - handle obtained by a prior call to pam_start(). - The flags argument is the binary or of zero or more of the - following values: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CHANGE_EXPIRED_AUTHTOK</term> - <listitem> - <para> - This argument indicates to the modules that the users - authentication token (password) should only be changed - if it has expired. - If this argument is not passed, the application requires - that all authentication tokens are to be changed. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_chauthtok-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTHTOK_ERR</term> - <listitem> - <para> - A module was unable to obtain the new authentication token. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_RECOVERY_ERR</term> - <listitem> - <para> - A module was unable to obtain the old authentication token. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_LOCK_BUSY</term> - <listitem> - <para> - One or more of the modules was unable to change the - authentication token since it is currently locked. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_DISABLE_AGING</term> - <listitem> - <para> - Authentication token aging has been disabled for at least - one of the modules. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_PERM_DENIED</term> - <listitem> - <para> - Permission denied. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The authentication token was successfully updated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_TRY_AGAIN</term> - <listitem> - <para> - Not all of the modules were in a position to update the - authentication token(s). In such a case none of the user's - authentication tokens are updated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User unknown to password service. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_chauthtok-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_close_session.3.xml b/doc/man/pam_close_session.3.xml deleted file mode 100644 index db549bda..00000000 --- a/doc/man/pam_close_session.3.xml +++ /dev/null @@ -1,115 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_send'> - - <refmeta> - <refentrytitle>pam_close_session</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_close_session-name"> - <refname>pam_close_session</refname> - <refpurpose>terminate PAM session management</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_close_session-synopsis"> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_close_session</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id="pam_close_session-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_close_session</function> function is used - to indicate that an authenticated session has ended. - The session should have been created with a call to - <citerefentry> - <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - <para> - It should be noted that the effective uid, - <citerefentry> - <refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum> - </citerefentry>. of the application should be of sufficient - privilege to perform such tasks as unmounting the - user's home directory for example. - </para> - <para> - The flags argument is the binary or of zero or more of the - following values: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_close_session-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_ABORT</term> - <listitem> - <para> - General failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SESSION_ERR</term> - <listitem> - <para> - Session failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Session was successful terminated. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_close_session-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_conv.3.xml b/doc/man/pam_conv.3.xml deleted file mode 100644 index 0098ff94..00000000 --- a/doc/man/pam_conv.3.xml +++ /dev/null @@ -1,228 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_conv'> - <refmeta> - <refentrytitle>pam_conv</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_conv-name"> - <refname>pam_conv</refname> - <refpurpose>PAM conversation function</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_conv-synopsis"> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - </funcsynopsis> - <programlisting> -struct pam_message { - int msg_style; - const char *msg; -}; - -struct pam_response { - char *resp; - int resp_retcode; -}; - -struct pam_conv { - int (*conv)(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr); - void *appdata_ptr; -}; - </programlisting> - </refsynopsisdiv> - - <refsect1 id='pam_conv-description'> - <title>DESCRIPTION</title> - <para> - The PAM library uses an application-defined callback to allow - a direct communication between a loaded module and the application. - This callback is specified by the - <emphasis>struct pam_conv</emphasis> passed to - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - at the start of the transaction. - </para> - <para> - When a module calls the referenced conv() function, the argument - <emphasis>appdata_ptr</emphasis> is set to the second element of - this structure. - </para> - <para> - The other arguments of a call to conv() concern the information - exchanged by module and application. That is to say, - <emphasis>num_msg</emphasis> holds the length of the array of - pointers, <emphasis>msg</emphasis>. After a successful return, the - pointer <emphasis>resp</emphasis> points to an array of pam_response - structures, holding the application supplied text. The - <emphasis>resp_retcode</emphasis> member of this struct is unused and - should be set to zero. It is the caller's responsibility to release - both, this array and the responses themselves, using - <citerefentry> - <refentrytitle>free</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. Note, <emphasis>*resp</emphasis> is a - <emphasis>struct pam_response</emphasis> array and not an array of - pointers. - </para> - <para> - The number of responses is always equal to the - <emphasis>num_msg</emphasis> conversation function argument. - This does require that the response array is - <citerefentry> - <refentrytitle>free</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>'d after - every call to the conversation function. The index of the - responses corresponds directly to the prompt index in the - pam_message array. - </para> - <para> - On failure, the conversation function should release any resources - it has allocated, and return one of the predefined PAM error codes. - </para> - <para> - Each message can have one of four types, specified by the - <emphasis>msg_style</emphasis> member of - <emphasis>struct pam_message</emphasis>: - </para> - <variablelist> - <varlistentry> - <term>PAM_PROMPT_ECHO_OFF</term> - <listitem> - <para> - Obtain a string without echoing any text. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_PROMPT_ECHO_ON</term> - <listitem> - <para> - Obtain a string whilst echoing text. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_ERROR_MSG</term> - <listitem> - <para> - Display an error message. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_TEXT_INFO</term> - <listitem> - <para> - Display some text. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> - The point of having an array of messages is that it becomes possible - to pass a number of things to the application in a single call from - the module. It can also be convenient for the application that related - things come at once: a windows based application can then present a - single form with many messages/prompts on at once. - </para> - <para> - In passing, it is worth noting that there is a descrepency between - the way Linux-PAM handles the const struct pam_message **msg - conversation function argument from the way that Solaris' PAM - (and derivitives, known to include HP/UX, are there others?) does. - Linux-PAM interprets the msg argument as entirely equivalent to the - following prototype - const struct pam_message *msg[] (which, in spirit, is consistent with - the commonly used prototypes for argv argument to the familiar main() - function: char **argv; and char *argv[]). Said another way Linux-PAM - interprets the msg argument as a pointer to an array of num_msg read - only 'struct pam_message' pointers. Solaris' PAM implementation - interprets this argument as a pointer to a pointer to an array of - num_msg pam_message structures. Fortunately, perhaps, for most - module/application developers when num_msg has a value of one these - two definitions are entirely equivalent. Unfortunately, casually - raising this number to two has led to unanticipated compatibility - problems. - </para> - <para> - For what its worth the two known module writer work-arounds for trying - to maintain source level compatibility with both PAM implementations - are: - </para> - <itemizedlist> - <listitem> - <para> - never call the conversation function with num_msg greater than one. - </para> - </listitem> - <listitem> - <para> - set up msg as doubly referenced so both types of conversation - function can find the messages. That is, make - </para> - <programlisting> - msg[n] = & (( *msg )[n]) - </programlisting> - </listitem> - </itemizedlist> - </refsect1> - - <refsect1 id="pam_conv-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CONV_ERR</term> - <listitem> - <para> - Conversation failure. The application should not set - <emphasis>*resp</emphasis>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Success. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_conv-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_end.3.xml b/doc/man/pam_end.3.xml deleted file mode 100644 index 039bb3cd..00000000 --- a/doc/man/pam_end.3.xml +++ /dev/null @@ -1,122 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_end'> - - <refmeta> - <refentrytitle>pam_end</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_end-name"> - <refname>pam_end</refname> - <refpurpose>termination of PAM transaction</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_end-synopsis"> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_end</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>pam_status</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id="pam_end-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_end</function> function terminates the PAM - transaction and is the last function an application should call - in the PAM context. Upon return the handle <emphasis>pamh</emphasis> - is no longer valid and all memory associated with it will be - invalid. - </para> - <para> - The <emphasis>pam_status</emphasis> argument should be set to - the value returned to the application by the last PAM - library call. - </para> - <para> - The value taken by <emphasis>pam_status</emphasis> is used as - an argument to the module specific callback function, - <function>cleanup()</function> - (See <citerefentry> - <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> and - <citerefentry> - <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>). In this way the module can be given notification - of the pass/fail nature of the tear-down process, and perform any - last minute tasks that are appropriate to the module before it is - unlinked. This argument can be logically OR'd with - <emphasis>PAM_DATA_SILENT</emphasis> to indicate to indicate that - the module should not treat the call too seriously. It is generally - used to indicate that the current closing of the library is in a - <citerefentry> - <refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum> - </citerefentry>ed - process, and that the parent will take care of cleaning up things - that exist outside of the current process space (files etc.). - </para> - - <para> - This function <emphasis>free</emphasis>'s all memory for items - associated with the - <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> and - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> functions. Pointers associated with such objects - are not valid anymore after <function>pam_end</function> was called. - </para> - - </refsect1> - <refsect1 id="pam_end-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Transaction was successful terminated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - System error, for example a NULL pointer was submitted - as PAM handle or the function was called by a module. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_end-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_error.3.xml b/doc/man/pam_error.3.xml deleted file mode 100644 index de167f2c..00000000 --- a/doc/man/pam_error.3.xml +++ /dev/null @@ -1,121 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_error"> - - <refmeta> - <refentrytitle>pam_error</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_error-name"> - <refname>pam_error</refname> - <refname>pam_verror</refname> - <refpurpose>display error messages to the user</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv id="pam_error-synopsis"> - <funcsynopsis> - <funcsynopsisinfo>#include <security/pam_ext.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_error</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>fmt</parameter></paramdef> - <paramdef><parameter>...</parameter></paramdef> - </funcprototype> - <funcprototype> - <funcdef>int <function>pam_verror</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>fmt</parameter></paramdef> - <paramdef>va_list <parameter>args</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam_error-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_error</function> function prints error messages - through the conversation function to the user. - </para> - <para> - The <function>pam_verror</function> function performs the same - task as <function>pam_error()</function> with the difference - that it takes a set of arguments which have been obtained using - the <citerefentry> - <refentrytitle>stdarg</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> variable argument list macros. - </para> - </refsect1> - <refsect1 id="pam_error-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CONV_ERR</term> - <listitem> - <para> - Conversation failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Error message was displayed. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - System error. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_error-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_info</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_vinfo</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_prompt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_vprompt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_error-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_error</function> and <function>pam_verror</function> - functions are Linux-PAM extensions. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_fail_delay.3.xml b/doc/man/pam_fail_delay.3.xml deleted file mode 100644 index a101cf39..00000000 --- a/doc/man/pam_fail_delay.3.xml +++ /dev/null @@ -1,202 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_fail_delay"> - - <refmeta> - <refentrytitle>pam_fail_delay</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_fail_delay-name"> - <refname>pam_fail_delay</refname> - <refpurpose>request a delay on failure</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_fail_delay-synopsis"> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_fail_delay</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>unsigned int <parameter>usec</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam_fail_delay-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_fail_delay</function> function provides a - mechanism by which an application or module can suggest a minimum - delay of <emphasis>usec</emphasis> micro-seconds. The - function keeps a record of the longest time requested with this - function. Should - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> fail, the failing return to the application is - delayed by an amount of time randomly distributed (by up to 25%) - about this longest value. - </para> - <para> - Independent of success, the delay time is reset to its zero - default value when the PAM service module returns control to - the application. The delay occurs <emphasis>after</emphasis> all - authentication modules have been called, but <emphasis>before</emphasis> - control is returned to the service application. - </para> - <para> - When using this function the programmer should check if it is - available with: - </para> - <programlisting> -#ifdef HAVE_PAM_FAIL_DELAY - .... -#endif /* HAVE_PAM_FAIL_DELAY */ - </programlisting> - - <para> - For applications written with a single thread that are event - driven in nature, generating this delay may be undesirable. - Instead, the application may want to register the delay in some - other way. For example, in a single threaded server that serves - multiple authentication requests from a single event loop, the - application might want to simply mark a given connection as - blocked until an application timer expires. For this reason - the delay function can be changed with the - <emphasis>PAM_FAIL_DELAY</emphasis> item. It can be queried and - set with - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - and - <citerefentry> - <refentrytitle>pam_set_item </refentrytitle><manvolnum>3</manvolnum> - </citerefentry> respectively. The value used to set it should be - a function pointer of the following prototype: - <programlisting> -void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); - </programlisting> - The arguments being the <emphasis>retval</emphasis> return code - of the module stack, the <emphasis>usec_delay</emphasis> - micro-second delay that libpam is requesting and the - <emphasis>appdata_ptr</emphasis> that the application has associated - with the current <emphasis>pamh</emphasis>. This last value was set - by the application when it called - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> or explicitly with - <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay - will be performed. - </para> - </refsect1> - - <refsect1 id='pam_fail_delay-rationale'> - <title>RATIONALE</title> - <para> - It is often possible to attack an authentication scheme by exploiting - the time it takes the scheme to deny access to an applicant user. In - cases of <emphasis>short</emphasis> timeouts, it may prove possible - to attempt a <emphasis>brute force</emphasis> dictionary attack -- - with an automated process, the attacker tries all possible passwords - to gain access to the system. In other cases, where individual - failures can take measurable amounts of time (indicating the nature - of the failure), an attacker can obtain useful information about the - authentication process. These latter attacks make use of procedural - delays that constitute a <emphasis>covert channel</emphasis> - of useful information. - </para> - <para> - To minimize the effectiveness of such attacks, it is desirable to - introduce a random delay in a failed authentication process. - Preferable this value should be set by the application or a special - PAM module. Standard PAM modules should not modify the delay - unconditional. - </para> - </refsect1> - - <refsect1 id='pam_fail_delay-example'> - <title>EXAMPLE</title> - <para> - For example, a login application may require a failure delay of - roughly 3 seconds. It will contain the following code: - </para> - <programlisting> - pam_fail_delay (pamh, 3000000 /* micro-seconds */ ); - pam_authenticate (pamh, 0); - </programlisting> - - <para> - if the modules do not request a delay, the failure delay will be - between 2.25 and 3.75 seconds. - </para> - - <para> - However, the modules, invoked in the authentication process, may - also request delays: - </para> - - <programlisting> -module #1: pam_fail_delay (pamh, 2000000); -module #2: pam_fail_delay (pamh, 4000000); - </programlisting> - - <para> - in this case, it is the largest requested value that is used to - compute the actual failed delay: here between 3 and 5 seconds. - </para> - </refsect1> - - <refsect1 id='pam_fail_delay-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Delay was successful adjusted. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - A NULL pointer was submitted as PAM handle. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_fail_delay-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_fail_delay-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_fail_delay</function> function is an - Linux-PAM extension. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_get_data.3.xml b/doc/man/pam_get_data.3.xml deleted file mode 100644 index e84e5a4c..00000000 --- a/doc/man/pam_get_data.3.xml +++ /dev/null @@ -1,108 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_get_data'> - - <refmeta> - <refentrytitle>pam_get_data</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam_get_data-name'> - <refname>pam_get_data</refname> - <refpurpose> - get module internal data - </refpurpose> - </refnamediv> - - -<!-- body begins here --> - - <refsynopsisdiv> - - <funcsynopsis id="pam_get_data-synopsis"> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_get_data</function></funcdef> - <paramdef>const pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>module_data_name</parameter></paramdef> - <paramdef>const void **<parameter>data</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - </refsynopsisdiv> - - - <refsect1 id="pam_get_data-description"> - <title>DESCRIPTION</title> - <para> - This function together with the - <citerefentry> - <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function - is useful to manage module-specific data meaningful only to - the calling PAM module. - </para> - <para> - The <function>pam_get_data</function> function looks up the - object associated with the (hopefully) unique string - <emphasis>module_data_name</emphasis> in the PAM context - specified by the <emphasis>pamh</emphasis> argument. - A successful call to - <function>pam_get_data</function> will result in - <emphasis>data</emphasis> pointing to the object. Note, - this data is <emphasis>not</emphasis> a copy and should be - treated as <emphasis>constant</emphasis> by the module. - </para> - </refsect1> - - <refsect1 id="pam_get_data-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Data was successful retrieved. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - A NULL pointer was submitted as PAM handle or the - function was called by an application. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_NO_MODULE_DATA</term> - <listitem> - <para> - Module data not found or there is an entry, but it has - the value NULL. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_get_data-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_get_item.3.xml b/doc/man/pam_get_item.3.xml deleted file mode 100644 index d07862e0..00000000 --- a/doc/man/pam_get_item.3.xml +++ /dev/null @@ -1,143 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" -[ -<!-- -<!ENTITY accessconf SYSTEM "pam_item_types_std.inc.xml"> -<!ENTITY accessconf SYSTEM "pam_item_types_ext.inc.xml"> ---> -]> - -<refentry id='pam_get_item'> - - <refmeta> - <refentrytitle>pam_get_item</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam_get_item-name'> - <refname>pam_get_item</refname> - <refpurpose> - getting PAM informations - </refpurpose> - </refnamediv> - - -<!-- body begins here --> - - <refsynopsisdiv> - - <funcsynopsis id="pam_get_item-synopsis"> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_get_item</function></funcdef> - <paramdef>const pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>item_type</parameter></paramdef> - <paramdef>const void **<parameter>item</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - </refsynopsisdiv> - - - <refsect1 id="pam_get_item-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_get_item</function> function allows applications - and PAM service modules to access and retrieve PAM informations - of <emphasis>item_type</emphasis>. Upon successful return, - <emphasis>item</emphasis> contains a pointer to the value of the - corresponding item. Note, this is a pointer to the - <emphasis>actual</emphasis> data and should - <emphasis remap="B">not</emphasis> be <emphasis>free()</emphasis>'ed or - over-written! The following values are supported for - <emphasis>item_type</emphasis>: - </para> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_item_types_std.inc.xml"/> - - <para> - The following additional items are specific to Linux-PAM and should not be used in - portable applications: - </para> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_item_types_ext.inc.xml"/> - - <para> - If a service module wishes to obtain the name of the user, - it should not use this function, but instead perform a call to - <citerefentry> - <refentrytitle>pam_get_user</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - <para> - Only a service module is privileged to read the - authentication tokens, PAM_AUTHTOK and PAM_OLDAUTHTOK. - </para> - - </refsect1> - - <refsect1 id="pam_get_item-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_BAD_ITEM</term> - <listitem> - <para> - The application attempted to set an undefined or inaccessible - item. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_PERM_DENIED</term> - <listitem> - <para> - The value of <emphasis>item</emphasis> was NULL. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Data was successful updated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - The <emphasis>pam_handle_t</emphasis> passed as first - argument was invalid. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_get_item-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_get_user.3.xml b/doc/man/pam_get_user.3.xml deleted file mode 100644 index ff8be694..00000000 --- a/doc/man/pam_get_user.3.xml +++ /dev/null @@ -1,139 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_get_user'> - - <refmeta> - <refentrytitle>pam_get_user</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam_get_user-name'> - <refname>pam_get_user</refname> - <refpurpose> - get user name - </refpurpose> - </refnamediv> - - -<!-- body begins here --> - - <refsynopsisdiv> - - <funcsynopsis id="pam_get_user-synopsis"> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_get_user</function></funcdef> - <paramdef>const pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char **<parameter>user</parameter></paramdef> - <paramdef>const char *<parameter>prompt</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - </refsynopsisdiv> - - - <refsect1 id="pam_get_user-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_get_user</function> function returns the - name of the user specified by - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. If no user was specified it what - <function>pam_get_item (pamh, PAM_USER, ... );</function> would - have returned. If this is NULL it obtains the username via the - <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> mechanism, it prompts the user with the first - non-NULL string in the following list: - </para> - - <itemizedlist> - <listitem> - <para> - The <emphasis>prompt</emphasis> argument passed to the function. - </para> - </listitem> - <listitem> - <para> - What is returned by pam_get_item (pamh, PAM_USER_PROMPT, ... ); - </para> - </listitem> - <listitem> - <para> - The default prompt: "login: " - </para> - </listitem> - </itemizedlist> - <para> - By whatever means the username is obtained, a pointer to it is - returned as the contents of <emphasis>*user</emphasis>. Note, - this memory should <emphasis remap="B">not</emphasis> be - <emphasis>free()</emphasis>'d or <emphasis>modified</emphasis> - by the module. - </para> - <para> - This function sets the <emphasis>PAM_USER</emphasis> item - associated with the - <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> and - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> functions. - </para> - </refsect1> - - <refsect1 id="pam_get_user-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - User name was successful retrieved. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - A NULL pointer was submitted. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CONV_ERR</term> - <listitem> - <para> - The conversation method supplied by the - application failed to obtain the username. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_get_user-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_getenv.3.xml b/doc/man/pam_getenv.3.xml deleted file mode 100644 index e78aa3c2..00000000 --- a/doc/man/pam_getenv.3.xml +++ /dev/null @@ -1,66 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_getenv'> - <refmeta> - <refentrytitle>pam_getenv</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_getenv-name"> - <refname>pam_getenv</refname> - <refpurpose>get a PAM environment variable</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_getenv-synopsis'> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>const char *<function>pam_getenv</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>name</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_getenv-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_getenv</function> function searches the - PAM environment list as associated with the handle - <emphasis>pamh</emphasis> for a string that matches the string - pointed to by <emphasis>name</emphasis>. The return values are - of the form: "<emphasis>name=value</emphasis>". - </para> - </refsect1> - - <refsect1 id="pam_getenv-return_values"> - <title>RETURN VALUES</title> - <para> - The <function>pam_getenv</function> function returns NULL - on failure. - </para> - </refsect1> - - <refsect1 id='pam_getenv-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_getenvlist.3.xml b/doc/man/pam_getenvlist.3.xml deleted file mode 100644 index 1c29b737..00000000 --- a/doc/man/pam_getenvlist.3.xml +++ /dev/null @@ -1,85 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_getenvlist'> - <refmeta> - <refentrytitle>pam_getenvlist</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_getenvlist-name"> - <refname>pam_getenvlist</refname> - <refpurpose>getting the PAM environment</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_getenvlist-synopsis'> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>char **<function>pam_getenvlist</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_getenvlist-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_getenvlist</function> function returns a complete - copy of the PAM environment as associated with the handle - <emphasis>pamh</emphasis>. The PAM environment variables - represent the contents of the regular environment variables of the - authenticated user when service is granted. - </para> - <para> - The format of the memory is a malloc()'d array of char pointers, - the last element of which is set to NULL. Each of the non-NULL - entries in this array point to a NUL terminated and malloc()'d - char string of the form: "<emphasis>name=value</emphasis>". - </para> - <para> - It should be noted that this memory will never be free()'d by - libpam. Once obtained by a call to - <function>pam_getenvlist</function>, it is the responsibility of - the calling application to free() this memory. - </para> - <para> - It is by design, and not a coincidence, that the format and contents - of the returned array matches that required for the third argument of - the - <citerefentry> - <refentrytitle>execle</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function call. - </para> - </refsect1> - - <refsect1 id="pam_getenvlist-return_values"> - <title>RETURN VALUES</title> - <para> - The <function>pam_getenvlist</function> function returns NULL - on failure. - </para> - </refsect1> - - <refsect1 id='pam_getenvlist-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_getenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_info.3.xml b/doc/man/pam_info.3.xml deleted file mode 100644 index 88e671c7..00000000 --- a/doc/man/pam_info.3.xml +++ /dev/null @@ -1,109 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_info"> - - <refmeta> - <refentrytitle>pam_info</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_info-name"> - <refname>pam_info</refname> - <refname>pam_vinfo</refname> - <refpurpose>display messages to the user</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv id="pam_info-synopsis"> - <funcsynopsis> - <funcsynopsisinfo>#include <security/pam_ext.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_info</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>fmt</parameter></paramdef> - <paramdef><parameter>...</parameter></paramdef> - </funcprototype> - <funcprototype> - <funcdef>int <function>pam_vinfo</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>fmt</parameter></paramdef> - <paramdef>va_list <parameter>args</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam_info-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_info</function> function prints messages - through the conversation function to the user. - </para> - <para> - The <function>pam_vinfo</function> function performs the same - task as <function>pam_info()</function> with the difference - that it takes a set of arguments which have been obtained using - the <citerefentry> - <refentrytitle>stdarg</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> variable argument list macros. - </para> - </refsect1> - <refsect1 id="pam_info-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CONV_ERR</term> - <listitem> - <para> - Conversation failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Transaction was successful created. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - System error. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_info-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_info-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_info</function> and <function>pam_vinfo</function> - functions are Linux-PAM extensions. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_item_types_ext.inc.xml b/doc/man/pam_item_types_ext.inc.xml deleted file mode 100644 index 89f19875..00000000 --- a/doc/man/pam_item_types_ext.inc.xml +++ /dev/null @@ -1,45 +0,0 @@ -<!-- this file is included by pam_set_item and pam_get_item --> - - <variablelist> - <varlistentry> - <term>PAM_FAIL_DELAY</term> - <listitem> - <para> - A function pointer to redirect centrally managed - failure delays. See - <citerefentry> - <refentrytitle>pam_fail_delay</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_XDISPLAY</term> - <listitem> - <para> - The name of the X display. For graphical, X-based applications the - value for this item should be the <emphasis>$DISPLAY</emphasis> - variable. This value may be used independently of - <emphasis>PAM_TTY</emphasis> for passing the - name of the display. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_XAUTHDATA</term> - <listitem> - <para> - A pointer to a structure containing the X authentication data - required to make a connection to the display specified by - <emphasis>PAM_XDISPLAY</emphasis>, if such information is - necessary. See - <citerefentry> - <refentrytitle>pam_xauth_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - - </variablelist> diff --git a/doc/man/pam_item_types_std.inc.xml b/doc/man/pam_item_types_std.inc.xml deleted file mode 100644 index 81f240b0..00000000 --- a/doc/man/pam_item_types_std.inc.xml +++ /dev/null @@ -1,138 +0,0 @@ -<!-- this file is included by pam_set_item and pam_get_item --> - - <variablelist> - <varlistentry> - <term>PAM_SERVICE</term> - <listitem> - <para> - The service name (which identifies that PAM stack that - the PAM functions will use to authenticate the program). - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_USER</term> - <listitem> - <para> - The username of the entity under whose identity service - will be given. That is, following authentication, - <emphasis>PAM_USER</emphasis> identifies the local entity - that gets to use the service. Note, this value can be mapped - from something (eg., "anonymous") to something else (eg. - "guest119") by any module in the PAM stack. As such an - application should consult the value of - <emphasis>PAM_USER</emphasis> after each call to a PAM function. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_USER_PROMPT</term> - <listitem> - <para> - The string used when prompting for a user's name. The default - value for this string is a localized version of "login: ". - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_TTY</term> - <listitem> - <para> - The terminal name: prefixed by <filename>/dev/</filename> if - it is a device file; for graphical, X-based, applications the - value for this item should be the - <emphasis>$DISPLAY</emphasis> variable. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_RUSER</term> - <listitem> - <para> - The requesting user name: local name for a locally - requesting user or a remote user name for a remote - requesting user. - </para> - <para> - Generally an application or module will attempt to supply - the value that is most strongly authenticated (a local account - before a remote one. The level of trust in this value is - embodied in the actual authentication stack associated with - the application, so it is ultimately at the discretion of the - system administrator. - </para> - <para> - <emphasis>PAM_RUSER@PAM_RHOST</emphasis> should always identify - the requesting user. In some cases, - <emphasis>PAM_RUSER</emphasis> may be NULL. In such situations, - it is unclear who the requesting entity is. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_RHOST</term> - <listitem> - <para> - The requesting hostname (the hostname of the machine from - which the <emphasis>PAM_RUSER</emphasis> entity is requesting - service). That is <emphasis>PAM_RUSER@PAM_RHOST</emphasis> - does identify the requesting user. In some applications, - <emphasis>PAM_RHOST</emphasis> may be NULL. In such situations, - it is unclear where the authentication request is originating - from. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_AUTHTOK</term> - <listitem> - <para> - The authentication token (often a password). This token - should be ignored by all module functions besides - <citerefentry> - <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> and - <citerefentry> - <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - In the former function it is used to pass the most recent - authentication token from one stacked module to another. In - the latter function the token is used for another purpose. - It contains the currently active authentication token. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_OLDAUTHTOK</term> - <listitem> - <para> - The old authentication token. This token should be ignored - by all module functions except - <citerefentry> - <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - - - <varlistentry> - <term>PAM_CONV</term> - <listitem> - <para> - The pam_conv structure. See - <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - - </variablelist> diff --git a/doc/man/pam_misc_drop_env.3.xml b/doc/man/pam_misc_drop_env.3.xml deleted file mode 100644 index 1941f589..00000000 --- a/doc/man/pam_misc_drop_env.3.xml +++ /dev/null @@ -1,63 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_misc_drop_env"> - - <refmeta> - <refentrytitle>pam_misc_drop_env</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_misc_drop_env-name"> - <refname>pam_misc_drop_env</refname> - <refpurpose>liberating a locally saved environment</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_misc_drop_env-synopsis"> - <funcsynopsisinfo>#include <security/pam_misc.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_misc_drop_env</function></funcdef> - <paramdef>char **<parameter>env</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam_misc_drop_env-description'> - <title>DESCRIPTION</title> - <para> - This function is defined to complement the <citerefentry> - <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> function. It liberates the memory associated - with <parameter>env</parameter>, <emphasis>overwriting</emphasis> - with <emphasis>0</emphasis> all memory before - <function>free()</function>ing it. - </para> - </refsect1> - - <refsect1 id='pam_misc_drop_env-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_misc_drop_env-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_misc_drop_env</function> function is part of the - <command>libpam_misc</command> Library and not defined in any - standard. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_misc_paste_env.3.xml b/doc/man/pam_misc_paste_env.3.xml deleted file mode 100644 index d9a282c0..00000000 --- a/doc/man/pam_misc_paste_env.3.xml +++ /dev/null @@ -1,61 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_misc_paste_env"> - - <refmeta> - <refentrytitle>pam_misc_paste_env</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_misc_paste_env-name"> - <refname>pam_misc_paste_env</refname> - <refpurpose>transcribing an environment to that of PAM</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_misc_paste_env-synopsis"> - <funcsynopsisinfo>#include <security/pam_misc.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_misc_paste_env</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char * const *<parameter>user</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam_misc_paste_env-description'> - <title>DESCRIPTION</title> - <para> - This function takes the supplied list of environment pointers and - <emphasis>uploads</emphasis> its contents to the PAM environment. - Success is indicated by <errorname>PAM_SUCCESS</errorname>. - </para> - </refsect1> - - <refsect1 id='pam_misc_paste_env-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_misc_paste_env-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_misc_paste_env</function> function is part of the - <command>libpam_misc</command> Library and not defined in any - standard. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_misc_setenv.3.xml b/doc/man/pam_misc_setenv.3.xml deleted file mode 100644 index fdc8f33d..00000000 --- a/doc/man/pam_misc_setenv.3.xml +++ /dev/null @@ -1,68 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_misc_setenv"> - - <refmeta> - <refentrytitle>pam_misc_setenv</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - <refnamediv id="pam_misc_setenv-name"> - <refname>pam_misc_setenv</refname> - <refpurpose>BSD like PAM environment variable setting</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_misc_setenv-synopsis"> - <funcsynopsisinfo>#include <security/pam_misc.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_misc_setenv</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>name</parameter></paramdef> - <paramdef>const char *<parameter>value</parameter></paramdef> - <paramdef>int<parameter>readonly</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam_misc_setenv-description'> - <title>DESCRIPTION</title> - <para> - This function performs a task equivalent to <citerefentry> - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, its syntax is, however, more like the BSD style - function; <function>setenv()</function>. The <parameter>name</parameter> - and <parameter>value</parameter> are concatenated with an '=' to - form a name=value and passed to <function>pam_putenv()</function>. - If, however, the PAM variable is already set, the replacement will - only be applied if the last argument, <parameter>readonly</parameter>, - is zero. - </para> - </refsect1> - - <refsect1 id='pam_misc_setenv-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_misc_setenv-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_misc_setenv</function> function is part of the - <command>libpam_misc</command> Library and not defined in any - standard. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_open_session.3.xml b/doc/man/pam_open_session.3.xml deleted file mode 100644 index eba0bc01..00000000 --- a/doc/man/pam_open_session.3.xml +++ /dev/null @@ -1,115 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_send'> - - <refmeta> - <refentrytitle>pam_open_session</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_open_session-name"> - <refname>pam_open_session</refname> - <refpurpose>start PAM session management</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_open_session-synopsis"> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_open_session</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id="pam_open_session-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_open_session</function> function sets up a - user session for a previously successful authenticated user. - The session should later be terminated with a call to - <citerefentry> - <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - <para> - It should be noted that the effective uid, - <citerefentry> - <refentrytitle>geteuid</refentrytitle><manvolnum>2</manvolnum> - </citerefentry>. of the application should be of sufficient - privilege to perform such tasks as creating or mounting the - user's home directory for example. - </para> - <para> - The flags argument is the binary or of zero or more of the - following values: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_open_session-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_ABORT</term> - <listitem> - <para> - General failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SESSION_ERR</term> - <listitem> - <para> - Session failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Session was successful created. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_open_session-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_prompt.3.xml b/doc/man/pam_prompt.3.xml deleted file mode 100644 index d0824131..00000000 --- a/doc/man/pam_prompt.3.xml +++ /dev/null @@ -1,110 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_prompt"> - - <refmeta> - <refentrytitle>pam_prompt</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_prompt-name"> - <refname>pam_prompt</refname> - <refname>pam_vprompt</refname> - <refpurpose>interface to conversation function</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv id="pam_prompt-synopsis"> - <funcsynopsis> - <funcsynopsisinfo>#include <security/pam_ext.h></funcsynopsisinfo> - <funcprototype> - <funcdef>void <function>pam_prompt</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>style</parameter></paramdef> - <paramdef>char **<parameter>response</parameter></paramdef> - <paramdef>const char *<parameter>fmt</parameter></paramdef> - <paramdef><parameter>...</parameter></paramdef> - </funcprototype> - <funcprototype> - <funcdef>void <function>pam_vprompt</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>style</parameter></paramdef> - <paramdef>char **<parameter>response</parameter></paramdef> - <paramdef>const char *<parameter>fmt</parameter></paramdef> - <paramdef>va_list <parameter>args</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam_prompt-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_prompt</function> function constructs a message - from the specified format string and arguments and passes it to - </para> - </refsect1> - - <refsect1 id="pam_prompt-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CONV_ERR</term> - <listitem> - <para> - Conversation failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Transaction was successful created. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - System error. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - - <refsect1 id='pam_prompt-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_prompt-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_prompt</function> and <function>pam_vprompt</function> - functions are Linux-PAM extensions. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_putenv.3.xml b/doc/man/pam_putenv.3.xml deleted file mode 100644 index 619b218a..00000000 --- a/doc/man/pam_putenv.3.xml +++ /dev/null @@ -1,152 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_putenv'> - <refmeta> - <refentrytitle>pam_putenv</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_putenv-name"> - <refname>pam_putenv</refname> - <refpurpose>set or change PAM environment variable</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_putenv-synopsis'> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_putenv</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>name_value</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_putenv-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_putenv</function> function is used to - add or change the value of PAM environment variables as - associated with the <emphasis>pamh</emphasis> handle. - </para> - <para> - The <emphasis>pamh</emphasis> argument is an authentication - handle obtained by a prior call to pam_start(). - The <emphasis>name_value</emphasis> argument is a single NUL - terminated string of one of the following forms: - </para> - <variablelist> - <varlistentry> - <term>NAME=value of variable</term> - <listitem> - <para> - In this case the environment variable of the given NAME - is set to the indicated value: - <emphasis>value of variable</emphasis>. If this variable - is already known, it is overwritten. Otherwise it is added - to the PAM environment. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>NAME=</term> - <listitem> - <para> - This function sets the variable to an empty value. It is - listed separately to indicate that this is the correct way - to achieve such a setting. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>NAME</term> - <listitem> - <para> - Without an '=' the <function>pam_putenv</function>() function - will delete the - corresponding variable from the PAM environment. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> - <function>pam_putenv</function>() operates on a copy of - <emphasis>name_value</emphasis>, which means in contrast to - <citerefentry> - <refentrytitle>putenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, the application is responsible to free the data. - </para> - </refsect1> - - <refsect1 id="pam_putenv-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_PERM_DENIED</term> - <listitem> - <para> - Argument <emphasis>name_value</emphasis> given is a NULL pointer. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BAD_ITEM</term> - <listitem> - <para> - Variable requested (for deletion) is not currently set. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_ABORT</term> - <listitem> - <para> - The <emphasis>pamh</emphasis> handle is corrupt. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The environment variable was successfully updated. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_putenv-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_getenv</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_getenvlist</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_set_data.3.xml b/doc/man/pam_set_data.3.xml deleted file mode 100644 index d6d224e7..00000000 --- a/doc/man/pam_set_data.3.xml +++ /dev/null @@ -1,172 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_set_data'> - - <refmeta> - <refentrytitle>pam_set_data</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam_set_data-name'> - <refname>pam_set_data</refname> - <refpurpose> - set module internal data - </refpurpose> - </refnamediv> - - -<!-- body begins here --> - - <refsynopsisdiv> - - <funcsynopsis id="pam_set_data-synopsis"> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_set_data</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>const char *<parameter>module_data_name</parameter></paramdef> - <paramdef>void *<parameter>data</parameter></paramdef> - <paramdef>void <parameter>(*cleanup)(pam_handle_t *pamh, void *data, int error_status)</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - </refsynopsisdiv> - - - <refsect1 id="pam_set_data-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_set_data</function> function associates a pointer - to an object with the (hopefully) unique string - <emphasis>module_data_name</emphasis> in the PAM context specified - by the <emphasis>pamh</emphasis> argument. - </para> - - <para> - PAM modules may be dynamically loadable objects. In general such files - should not contain <emphasis>static</emphasis> variables. This function - and its counterpart - <citerefentry> - <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - provide a mechanism for a module to associate some data with - the handle <emphasis>pamh</emphasis>. Typically a module will call the - <function>pam_set_data</function> function to register some data - under a (hopefully) unique <emphasis>module_data_name</emphasis>. - The data is available for use by other modules too but - <emphasis>not</emphasis> by an application. Since this functions - stores only a pointer to the <emphasis>data</emphasis>, the module - should not modify or free the content of it. - </para> - - <para> - The function <function>cleanup()</function> is associated with the - <emphasis>data</emphasis> and, if non-NULL, it is called when this - data is over-written or following a call to - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - - <para> - The <emphasis>error_status</emphasis> argument is used to indicate - to the module the sort of action it is to take in cleaning this data - item. As an example, Kerberos creates a ticket file during the - authentication phase, this file might be associated with a data item. - When - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - is called by the module, the <emphasis>error_status</emphasis> - carries the return value of the - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - or other <emphasis>libpam</emphasis> function as appropriate. Based - on this value the Kerberos module may choose to delete the ticket file - (<emphasis>authentication failure</emphasis>) or leave it in place. - </para> - - <para> - The <emphasis>error_status</emphasis> may have been logically - OR'd with either of the following two values: - </para> - - <variablelist> - <varlistentry> - <term>PAM_DATA_REPLACE</term> - <listitem> - <para> - When a data item is being replaced (through a second call to - <function>pam_set_data</function>) this mask is used. - Otherwise, the call is assumed to be from - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PAM_DATA_SILENT</term> - <listitem> - <para> - Which indicates that the process would prefer to perform the - <function>cleanup()</function> quietly. That is, discourages - logging/messages to the user. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_set_data-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Data was successful stored. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - A NULL pointer was submitted as PAM handle or the - function was called by an application. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_set_data-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_set_item.3.xml b/doc/man/pam_set_item.3.xml deleted file mode 100644 index 39758313..00000000 --- a/doc/man/pam_set_item.3.xml +++ /dev/null @@ -1,136 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" -[ -<!-- -<!ENTITY accessconf SYSTEM "pam_item_types_std.inc.xml"> -<!ENTITY accessconf SYSTEM "pam_item_types_ext.inc.xml"> ---> -]> - -<refentry id='pam_set_item'> - - <refmeta> - <refentrytitle>pam_set_item</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id='pam_set_item-name'> - <refname>pam_set_item</refname> - <refpurpose> - set and update PAM informations - </refpurpose> - </refnamediv> - - -<!-- body begins here --> - - <refsynopsisdiv> - - <funcsynopsis id="pam_set_item-synopsis"> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_set_item</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>item_type</parameter></paramdef> - <paramdef>const void *<parameter>item</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - </refsynopsisdiv> - - - <refsect1 id="pam_set_item-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_set_item</function> function allows applications - and PAM service modules to access and to update PAM informations - of <emphasis>item_type</emphasis>. For this a copy - of the object pointed to by the <emphasis>item</emphasis> argument - is created. The following <emphasis>item_type</emphasis>s are - supported: - </para> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_item_types_std.inc.xml"/> - - <para> - The following additional items are specific to Linux-PAM and should not be used in - portable applications: - </para> - - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_item_types_ext.inc.xml"/> - - <para> - For all <emphasis>item_type</emphasis>s, other than PAM_CONV and - PAM_FAIL_DELAY, <emphasis>item</emphasis> is a pointer to a <NUL> - terminated character string. In the case of PAM_CONV, - <emphasis>item</emphasis> points to an initialized - <emphasis>pam_conv</emphasis> structure. In the case of - PAM_FAIL_DELAY, <emphasis>item</emphasis> is a function pointer: - <function>void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr)</function> - </para> - - <para> - Both, PAM_AUTHTOK and PAM_OLDAUTHTOK, will be reseted before - returning to the application. Which means an application is not - able to access the authentication tokens. - </para> - - </refsect1> - - <refsect1 id="pam_set_item-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_BAD_ITEM</term> - <listitem> - <para> - The application attempted to set an undefined or inaccessible - item. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Data was successful updated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - The <emphasis>pam_handle_t</emphasis> passed as first - argument was invalid. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_set_item-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_setcred.3.xml b/doc/man/pam_setcred.3.xml deleted file mode 100644 index 90e23b5c..00000000 --- a/doc/man/pam_setcred.3.xml +++ /dev/null @@ -1,173 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_setcred"> - - <refmeta> - <refentrytitle>pam_setcred</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_setcred-name"> - <refname>pam_setcred</refname> - <refpurpose> - establish / delete user credentials - </refpurpose> - </refnamediv> - - <!-- body begins here --> - <refsynopsisdiv> - <funcsynopsis id='pam_setcred-synopsis'> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_setcred</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_setcred-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_setcred</function> function is used to establish, - maintain and delete the credentials of a user. It should be called - after a user has been authenticated and before a session is opened - for the user (with - <citerefentry> - <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>). - </para> - - <para> - A credential is something that the user possesses. It is some - property, such as a <emphasis>Kerberos</emphasis> ticket, or a - supplementary group membership that make up the uniqueness of a - given user. On a Linux system the user's <emphasis>UID</emphasis> - and <emphasis>GID</emphasis>'s are credentials too. However, it - has been decided that these properties (along with the default - supplementary groups of which the user is a member) are credentials - that should be set directly by the application and not by PAM. - Such credentials should be established, by the application, prior - to a call to this function. For example, - <citerefentry> - <refentrytitle>initgroups</refentrytitle><manvolnum>2</manvolnum> - </citerefentry> (or equivalent) should have been performed. - </para> - - <para> - Valid <emphasis>flags</emphasis>, any one of which, may be - logically OR'd with <option>PAM_SILENT</option>, are: - </para> - - <variablelist> - <varlistentry> - <term>PAM_ESTABLISH_CRED</term> - <listitem> - <para>Initialize the credentials for the user.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_DELETE_CRED</term> - <listitem> - <para>Delete the user's credentials.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_REINITIALIZE_CRED</term> - <listitem> - <para>Fully reinitialize the user's credentials.</para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_REFRESH_CRED</term> - <listitem> - <para>Extend the lifetime of the existing credentials.</para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_setcred-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_ERR</term> - <listitem> - <para> - Failed to set user credentials. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_EXPIRED</term> - <listitem> - <para> - User credentials are expired. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_UNAVAIL</term> - <listitem> - <para> - Failed to retrieve user credentials. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Data was successful stored. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - A NULL pointer was submitted as PAM handle, the - function was called by a module or another system - error occured. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User is not known to an authentication module. - </para> - </listitem> - </varlistentry> - - </variablelist> - </refsect1> - - <refsect1 id="pam_set_data-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml deleted file mode 100644 index 35aa28a8..00000000 --- a/doc/man/pam_sm_acct_mgmt.3.xml +++ /dev/null @@ -1,155 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_sm_acct_mgmt'> - <refmeta> - <refentrytitle>pam_sm_acct_mgmt</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_sm_acct_mgmt-name"> - <refname>pam_sm_acct_mgmt</refname> - <refpurpose>PAM service function for account management</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_sm_acct_mgmt-synopsis'> - <funcsynopsisinfo>#define PAM_SM_ACCOUNT</funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>PAM_EXTERN int <function>pam_sm_acct_mgmt</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - <paramdef>int <parameter>argc</parameter></paramdef> - <paramdef>const char **<parameter>argv</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_sm_acct_mgmt-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_sm_acct_mgmt</function> function is the service - module's implementation of the - <citerefentry> - <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> interface. - </para> - <para> - This function performs the task of establishing whether the user is - permitted to gain access at this time. It should be understood that - the user has previously been validated by an authentication - module. This function checks for other things. Such things might be: - the time of day or the date, the terminal line, remote hostname, etc. - This function may also determine things like the expiration on - passwords, and respond that the user change it before continuing. - </para> - <para> - Valid flags, which may be logically OR'd with - <emphasis>PAM_SILENT</emphasis>, are: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_DISALLOW_NULL_AUTHTOK</term> - <listitem> - <para> - Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the - database of authentication tokens for this authentication - mechanism has a <emphasis>NULL</emphasis> entry for the user. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_sm_acct_mgmt-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_ACCT_EXPIRED</term> - <listitem> - <para> - User account has expired. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - Authentication failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_NEW_AUTHTOK_REQD</term> - <listitem> - <para> - The user's authentication token has expired. Before calling - this function again the application will arrange for a new - one to be given. This will likely result in a call to - <function>pam_sm_chauthtok()</function>. - - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_PERM_DENIED</term> - <listitem> - <para> - Permission denied. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The authentication token was successfully updated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User unknown to password service. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_sm_acct_mgmt-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_acct_mgmt</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml deleted file mode 100644 index 37c77576..00000000 --- a/doc/man/pam_sm_authenticate.3.xml +++ /dev/null @@ -1,152 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_sm_authenticate'> - <refmeta> - <refentrytitle>pam_sm_authenticate</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_sm_authenticate-name"> - <refname>pam_sm_authenticate</refname> - <refpurpose>PAM service function for user authentication</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_sm_authenticate-synopsis'> - <funcsynopsisinfo>#define PAM_SM_AUTH</funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>PAM_EXTERN int <function>pam_sm_authenticate</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - <paramdef>int <parameter>argc</parameter></paramdef> - <paramdef>const char **<parameter>argv</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_sm_authenticate-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_sm_authenticate</function> function is the service - module's implementation of the - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> interface. - </para> - <para> - This function performs the task of authenticating the user. - </para> - <para> - Valid flags, which may be logically OR'd with - <emphasis>PAM_SILENT</emphasis>, are: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_DISALLOW_NULL_AUTHTOK</term> - <listitem> - <para> - Return <emphasis remap='B'>PAM_AUTH_ERR</emphasis> if the - database of authentication tokens for this authentication - mechanism has a <emphasis>NULL</emphasis> entry for the user. - Without this flag, such a <emphasis>NULL</emphasis> token - will lead to a success without the user being prompted. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_sm_authenticate-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - Authentication failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_INSUFFICIENT</term> - <listitem> - <para> - For some reason the application does not have sufficient - credentials to authenticate the user. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHINFO_UNAVAIL</term> - <listitem> - <para> - The modules were not able to access the authentication - information. This might be due to a network or hardware - failure etc. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The authentication token was successfully updated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - The supplied username is not known to the authentication - service. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_MAXTRIES</term> - <listitem> - <para> - One or more of the authentication modules has reached its - limit of tries authenticating the user. Do not try again. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_sm_authenticate-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sm_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml deleted file mode 100644 index c36a0baf..00000000 --- a/doc/man/pam_sm_chauthtok.3.xml +++ /dev/null @@ -1,200 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_sm_chauthtok'> - <refmeta> - <refentrytitle>pam_sm_chauthtok</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_sm_chauthtok-name"> - <refname>pam_sm_chauthtok</refname> - <refpurpose>PAM service function for authentication token management</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_sm_chauthtok-synopsis'> - <funcsynopsisinfo>#define PAM_SM_PASSWORD</funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>PAM_EXTERN int <function>pam_sm_chauthtok</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - <paramdef>int <parameter>argc</parameter></paramdef> - <paramdef>const char **<parameter>argv</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_sm_chauthtok-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_sm_chauthtok</function> function is the service - module's implementation of the - <citerefentry> - <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> interface. - </para> - <para> - This function is used to (re-)set the authentication token of the user. - </para> - <para> - Valid flags, which may be logically OR'd with - <emphasis>PAM_SILENT</emphasis>, are: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CHANGE_EXPIRED_AUTHTOK</term> - <listitem> - <para> - This argument indicates to the module that the users - authentication token (password) should only be changed if - it has expired. This flag is optional and - <emphasis>must</emphasis> be combined with one of the - following two flags. Note, however, the following two options - are <emphasis>mutually exclusive</emphasis>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_PRELIM_CHECK</term> - <listitem> - <para> - This indicates that the modules are being probed as to - their ready status for altering the user's authentication - token. If the module requires access to another system over - some network it should attempt to verify it can connect to - this system on receiving this flag. If a module cannot establish - it is ready to update the user's authentication token it should - return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this - information will be passed back to the application. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_UPDATE_AUTHTOK</term> - <listitem> - <para> - This informs the module that this is the call it should change - the authorization tokens. If the flag is logically OR'd with - <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the - token is only changed if it has actually expired. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> - The PAM library calls this function twice in succession. The first - time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then, - if the module does not return - <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with - <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on - the second call that the authorization token is (possibly) changed. - </para> - </refsect1> - - <refsect1 id="pam_sm_chauthtok-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTHTOK_ERR</term> - <listitem> - <para> - The module was unable to obtain the new authentication token. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_RECOVERY_ERR</term> - <listitem> - <para> - The module was unable to obtain the old authentication token. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_LOCK_BUSY</term> - <listitem> - <para> - Cannot change the authentication token since it is currently - locked. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_AUTHTOK_DISABLE_AGING</term> - <listitem> - <para> - Authentication token aging has been disabled. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_PERM_DENIED</term> - <listitem> - <para> - Permission denied. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_TRY_AGAIN</term> - <listitem> - <para> - Preliminary check was unsuccessful. Signals an immediate - return to the application is desired. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The authentication token was successfully updated. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User unknown to password service. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_sm_chauthtok-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml deleted file mode 100644 index f2e67185..00000000 --- a/doc/man/pam_sm_close_session.3.xml +++ /dev/null @@ -1,100 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-close.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_sm_close_session'> - <refmeta> - <refentrytitle>pam_sm_close_session</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_sm_close_session-name"> - <refname>pam_sm_close_session</refname> - <refpurpose>PAM service function to terminate session management</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_sm_close_session-synopsis'> - <funcsynopsisinfo>#define PAM_SM_SESSION</funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>PAM_EXTERN int <function>pam_sm_close_session</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - <paramdef>int <parameter>argc</parameter></paramdef> - <paramdef>const char **<parameter>argv</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_sm_close_session-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_sm_close_session</function> function is the service - module's implementation of the - <citerefentry> - <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> interface. - </para> - <para> - This function is called to terminate a session. The only valid - value for <varname role='parameter'>flags</varname> is zero or: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_sm_close_session-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_SESSION_ERR</term> - <listitem> - <para> - Cannot make/remove an entry for the specified session. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The session was successfully terminated. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_sm_close_session-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_close_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sm_close_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml deleted file mode 100644 index 0851c345..00000000 --- a/doc/man/pam_sm_open_session.3.xml +++ /dev/null @@ -1,100 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_sm_open_session'> - <refmeta> - <refentrytitle>pam_sm_open_session</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_sm_open_session-name"> - <refname>pam_sm_open_session</refname> - <refpurpose>PAM service function to start session management</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_sm_open_session-synopsis'> - <funcsynopsisinfo>#define PAM_SM_SESSION</funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>PAM_EXTERN int <function>pam_sm_open_session</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - <paramdef>int <parameter>argc</parameter></paramdef> - <paramdef>const char **<parameter>argv</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_sm_open_session-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_sm_open_session</function> function is the service - module's implementation of the - <citerefentry> - <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> interface. - </para> - <para> - This function is called to commence a session. The only valid - value for <varname role='parameter'>flags</varname> is zero or: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_sm_open_session-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_SESSION_ERR</term> - <listitem> - <para> - Cannot make/remove an entry for the specified session. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The session was successfully started. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_sm_open_session-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_open_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sm_close_session</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml deleted file mode 100644 index e4809ad7..00000000 --- a/doc/man/pam_sm_setcred.3.xml +++ /dev/null @@ -1,179 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> -<refentry id='pam_sm_setcred'> - <refmeta> - <refentrytitle>pam_sm_setcred</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_sm_setcred-name"> - <refname>pam_sm_setcred</refname> - <refpurpose>PAM service function to alter credentials</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id='pam_sm_setcred-synopsis'> - <funcsynopsisinfo>#define PAM_SM_AUTH</funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> - <funcprototype> - <funcdef>PAM_EXTERN int <function>pam_sm_setcred</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>flags</parameter></paramdef> - <paramdef>int <parameter>argc</parameter></paramdef> - <paramdef>const char **<parameter>argv</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id='pam_sm_setcred-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_sm_setcred</function> function is the service - module's implementation of the - <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> interface. - </para> - <para> - This function performs the task of altering the credentials of the - user with respect to the corresponding authorization - scheme. Generally, an authentication module may have access to more - information about a user than their authentication token. This - function is used to make such information available to the - application. It should only be called <emphasis>after</emphasis> the - user has been authenticated but before a session has been established. - </para> - <para> - Valid flags, which may be logically OR'd with - <emphasis>PAM_SILENT</emphasis>, are: - </para> - <variablelist> - <varlistentry> - <term>PAM_SILENT</term> - <listitem> - <para> - Do not emit any messages. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_DELETE_CRED</term> - <listitem> - <para> - Delete the credentials associated with the authentication service. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_REINITIALIZE_CRED</term> - <listitem> - <para> - Reinitialize the user credentials. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_REFRESH_CRED</term> - <listitem> - <para> - Extend the lifetime of the user credentials. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> - The way the <emphasis remap='B'>auth</emphasis> stack is - navigated in order to evaluate the <function>pam_setcred</function>() - function call, independent of the <function>pam_sm_setcred</function>() - return codes, is exactly the same way that it was navigated when - evaluating the <function>pam_authenticate</function>() library - call. Typically, if a stack entry was ignored in evaluating - <function>pam_authenticate</function>(), it will be ignored when - libpam evaluates the <function>pam_setcred</function>() function - call. Otherwise, the return codes from each module specific - <function>pam_sm_setcred</function>() call are treated as - <emphasis remap='B'>required</emphasis>. - </para> - </refsect1> - - <refsect1 id="pam_sm_setcred-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_CRED_UNAVAIL</term> - <listitem> - <para> - This module cannot retrieve the user's credentials. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_EXPIRED</term> - <listitem> - <para> - The user's credentials have expired. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_CRED_ERR</term> - <listitem> - <para> - This module was unable to set the credentials of the user. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The user credential was successfully set. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - The user is not known to this authentication module. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> - These, non-<emphasis>PAM_SUCCESS</emphasis>, return values will - typically lead to the credential stack <emphasis>failing</emphasis>. - The first such error will dominate in the return value of - <function>pam_setcred</function>(). - </para> - </refsect1> - - <refsect1 id='pam_sm_setcred-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_start.3.xml b/doc/man/pam_start.3.xml deleted file mode 100644 index 9b370f52..00000000 --- a/doc/man/pam_start.3.xml +++ /dev/null @@ -1,147 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_start'> - - <refmeta> - <refentrytitle>pam_start</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_start-name"> - <refname>pam_start</refname> - <refpurpose>initialization of PAM transaction</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_start-synopsis"> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>int <function>pam_start</function></funcdef> - <paramdef>const char *<parameter>service_name</parameter></paramdef> - <paramdef>const char *<parameter>user</parameter></paramdef> - <paramdef>const struct pam_conv *<parameter>pam_conversation</parameter></paramdef> - <paramdef>pam_handle_t **<parameter>pamh</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id="pam_start-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_start</function> function creates the PAM context - and initiates the PAM transaction. It is the first of the PAM - functions that needs to be called by an application. The transaction - state is contained entirely within the structure identified by this - handle, so it is possible to have multiple transactions in parallel. - But it is not possible to use the same handle for different - transactions, a new one is needed for every new context. - </para> - - <para> - The <emphasis>service_name</emphasis> argument specifies the name - of the service to apply and will be stored as PAM_SERVICE item in - the new context. The policy for the service will be read from the - file <filename>/etc/pam.d/service_name</filename> or, if that file - does not exist, from <filename>/etc/pam.conf</filename>. - </para> - - <para> - The <emphasis>user</emphasis> argument can specify the name - of the target user and will be stored as PAM_USER item. If - the argument is NULL, the module has to ask for this item if - necessary. - </para> - - <para> - The <emphasis>pam_conversation</emphasis> argument points to - a <emphasis>struct pam_conv</emphasis> describing the - conversation function to use. An application must provide this - for direct communication between a loaded module and the - application. - </para> - - <para> - Following a successful return (PAM_SUCCESS) the contents of - <emphasis>pamh</emphasis> is a handle that contains the PAM - context for successive calls to the PAM functions. In an error - case is the content of <emphasis>pamh</emphasis> undefined. - </para> - - <para> - The <emphasis>pam_handle_t</emphasis> is a blind structure and - the application should not attempt to probe it directly for - information. Instead the PAM library provides the functions - <citerefentry> - <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> and - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - The PAM handle cannot be used for mulitiple authentications at the - same time as long as <function>pam_end</function> was not called on - it before. - </para> - </refsect1> - <refsect1 id="pam_start-return_values"> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_ABORT</term> - <listitem> - <para> - General failure. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_BUF_ERR</term> - <listitem> - <para> - Memory buffer error. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Transaction was successful created. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SYSTEM_ERR</term> - <listitem> - <para> - System error, for example a NULL pointer was submitted - instead of a pointer to data. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_start-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_get_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_set_data</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_strerror.3.xml b/doc/man/pam_strerror.3.xml deleted file mode 100644 index 954e131d..00000000 --- a/doc/man/pam_strerror.3.xml +++ /dev/null @@ -1,58 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id='pam_strerror'> - - <refmeta> - <refentrytitle>pam_strerror</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_strerror-name"> - <refname>pam_strerror</refname> - <refpurpose>return string describing PAM error code</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_strerror-synopsis"> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - <funcprototype> - <funcdef>const char *<function>pam_strerror</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>errnum</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - - <refsect1 id="pam_strerror-description"> - <title>DESCRIPTION</title> - <para> - The <function>pam_strerror</function> function returns a pointer to - a string describing the error code passed in the argument - <emphasis>errnum</emphasis>, possibly using the LC_MESSAGES part of - the current locale to select the appropriate language. This string - must not be modified by the application. No library function will - modify this string. - </para> - </refsect1> - <refsect1 id="pam_strerror-return_values"> - <title>RETURN VALUES</title> - <para> - This function returns always a pointer to a string. - </para> - </refsect1> - - <refsect1 id="pam_strerror-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/doc/man/pam_syslog.3.xml b/doc/man/pam_syslog.3.xml deleted file mode 100644 index 7c5b166a..00000000 --- a/doc/man/pam_syslog.3.xml +++ /dev/null @@ -1,82 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_syslog"> - - <refmeta> - <refentrytitle>pam_syslog</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_syslog-name"> - <refname>pam_syslog</refname> - <refname>pam_vsyslog</refname> - <refpurpose>send messages to the system logger</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv id="pam_syslog-synopsis"> - <funcsynopsis> - <funcsynopsisinfo>#include <syslog.h></funcsynopsisinfo> - <funcsynopsisinfo>#include <security/pam_ext.h></funcsynopsisinfo> - <funcprototype> - <funcdef>void <function>pam_syslog</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>priority</parameter></paramdef> - <paramdef>const char *<parameter>fmt</parameter></paramdef> - <paramdef><parameter>...</parameter></paramdef> - </funcprototype> - <funcprototype> - <funcdef>void <function>pam_vsyslog</function></funcdef> - <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef> - <paramdef>int <parameter>priority</parameter></paramdef> - <paramdef>const char *<parameter>fmt</parameter></paramdef> - <paramdef>va_list <parameter>args</parameter></paramdef> - </funcprototype> - </funcsynopsis> - </refsynopsisdiv> - - <refsect1 id='pam_syslog-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_syslog</function> function logs messages using - <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> and is intended for internal use by Linux-PAM and - PAM service modules. The <emphasis>priority</emphasis> argument is - formed by ORing the facility and the level values as documented - in the <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> manual page. - </para> - <para> - The <function>pam_vsyslog</function> function performs the same - task as <function>pam_syslog()</function> with the difference - that it takes a set of arguments which have been obtained using - the <citerefentry> - <refentrytitle>stdarg</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> variable argument list macros. - </para> - </refsect1> - - <refsect1 id='pam_syslog-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_syslog-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_syslog</function> and <function>pam_vsyslog</function> - functions are Linux-PAM extensions. - </para> - </refsect1> - -</refentry> diff --git a/doc/man/pam_xauth_data.3.xml b/doc/man/pam_xauth_data.3.xml deleted file mode 100644 index 0cd6730b..00000000 --- a/doc/man/pam_xauth_data.3.xml +++ /dev/null @@ -1,94 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" - "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - -<refentry id="pam_xauth_data"> - - <refmeta> - <refentrytitle>pam_xauth_data</refentrytitle> - <manvolnum>3</manvolnum> - <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_xauth_data-name"> - <refname>pam_xauth_data</refname> - <refpurpose>structure containing X authentication data</refpurpose> - </refnamediv> - -<!-- body begins here --> - - <refsynopsisdiv> - <funcsynopsis id="pam_xauth_data-synopsis"> - <funcsynopsisinfo>#include <security/pam_appl.h></funcsynopsisinfo> - </funcsynopsis> - <programlisting> -struct pam_xauth_data { - int namelen; - char *name; - int datalen; - char *data; -}; - </programlisting> - </refsynopsisdiv> - - <refsect1 id='pam_xauth_data-description'> - <title>DESCRIPTION</title> - <para> - The <function>pam_xauth_data</function> structure contains X - authentication data used to make a connection to an X display. - Using this mechanism, an application can communicate X - authentication data to PAM service modules. This allows modules to - make a connection to the user's X display in order to label the - user's session on login, display visual feedback or for other - purposes. - </para> - <para> - The <emphasis>name</emphasis> field contains the name of the - authentication method, such as "MIT-MAGIC-COOKIE-1". The - <emphasis>namelen</emphasis> field contains the length of this string, - not including the trailing NUL character. - </para> - <para> - The <emphasis>data</emphasis> field contains the authentication - method-specific data corresponding to the specified name. The - <emphasis>datalen</emphasis> field contains its length in bytes. - </para> - <para> - The X authentication data can be changed with the - <emphasis>PAM_XAUTH_DATA</emphasis> item. It can be queried and - set with - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> - and - <citerefentry> - <refentrytitle>pam_set_item </refentrytitle><manvolnum>3</manvolnum> - </citerefentry> respectively. The value used to set it should be - a pointer to a pam_xauth_data structure. An internal copy of both - the structure itself and its fields is made by PAM when setting the - item. - </para> - </refsect1> - - <refsect1 id='pam_xauth_data-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>, - </para> - </refsect1> - - <refsect1 id='pam_xauth_data-standards'> - <title>STANDARDS</title> - <para> - The <function>pam_xauth_data</function> structure and - <emphasis>PAM_XAUTH_DATA</emphasis> item are - Linux-PAM extensions. - </para> - </refsect1> - -</refentry> |