diff options
Diffstat (limited to 'modules/pam_stress')
-rw-r--r-- | modules/pam_stress/Makefile.am | 12 | ||||
-rw-r--r-- | modules/pam_stress/Makefile.in | 126 | ||||
-rw-r--r-- | modules/pam_stress/README | 93 | ||||
-rw-r--r-- | modules/pam_stress/README.xml | 31 | ||||
-rw-r--r-- | modules/pam_stress/pam_stress.8 | 190 | ||||
-rw-r--r-- | modules/pam_stress/pam_stress.8.xml | 356 |
6 files changed, 727 insertions, 81 deletions
diff --git a/modules/pam_stress/Makefile.am b/modules/pam_stress/Makefile.am index 10671ad4..e964fcc4 100644 --- a/modules/pam_stress/Makefile.am +++ b/modules/pam_stress/Makefile.am @@ -3,9 +3,14 @@ # CLEANFILES = *~ +MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = +EXTRA_DIST = $(XMLS) +if HAVE_DOC +dist_man_MANS = pam_stress.8 +endif +XMLS = README.xml pam_stress.8.xml dist_check_SCRIPTS = tst-pam_stress TESTS = $(dist_check_SCRIPTS) @@ -20,3 +25,8 @@ if HAVE_VERSIONING endif securelib_LTLIBRARIES = pam_stress.la pam_stress_la_LIBADD = $(top_builddir)/libpam/libpam.la + +if ENABLE_REGENERATE_MAN +dist_noinst_DATA = README +-include $(top_srcdir)/Make.xml.rules +endif diff --git a/modules/pam_stress/Makefile.in b/modules/pam_stress/Makefile.in index 36c9b3c2..297f39d2 100644 --- a/modules/pam_stress/Makefile.in +++ b/modules/pam_stress/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -18,6 +18,7 @@ # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de> # + VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -95,22 +96,25 @@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_stress ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ - $(top_srcdir)/m4/japhar_grep_cflags.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/ld-no-undefined.m4 \ + $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/warn_lang_flags.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ - $(am__DIST_COMMON) + $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -142,7 +146,7 @@ am__uninstall_files_from_dir = { \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -am__installdirs = "$(DESTDIR)$(securelibdir)" +am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_stress_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_stress_la_SOURCES = pam_stress.c @@ -193,6 +197,11 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(dist_man_MANS) +am__dist_noinst_DATA_DIST = README +DATA = $(dist_noinst_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -367,6 +376,7 @@ am__set_TESTS_bases = \ bases='$(TEST_LOGS)'; \ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' RECHECK_LOGS = $(TEST_LOGS) AM_RECURSIVE_TARGETS = check recheck TEST_SUITE_LOG = test-suite.log @@ -389,9 +399,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log) TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ $(TEST_LOG_FLAGS) -am__DIST_COMMON = $(srcdir)/Makefile.in \ +am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ $(top_srcdir)/build-aux/depcomp \ - $(top_srcdir)/build-aux/test-driver README + $(top_srcdir)/build-aux/test-driver DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -411,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CRYPT_CFLAGS = @CRYPT_CFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -424,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@ ECONF_LIBS = @ECONF_LIBS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ +EXE_CFLAGS = @EXE_CFLAGS@ +EXE_LDFLAGS = @EXE_LDFLAGS@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ @@ -443,7 +458,6 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ @@ -490,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PIE_CFLAGS = @PIE_CFLAGS@ -PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ @@ -502,6 +514,7 @@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +STRINGPARAM_HMAC = @STRINGPARAM_HMAC@ STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ STRIP = @STRIP@ TIRPC_CFLAGS = @TIRPC_CFLAGS@ @@ -551,7 +564,6 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ @@ -559,9 +571,6 @@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pam_cv_ld_O1 = @pam_cv_ld_O1@ -pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ -pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ @@ -571,12 +580,16 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ -EXTRA_DIST = +MAINTAINERCLEANFILES = $(MANS) README +EXTRA_DIST = $(XMLS) +@HAVE_DOC_TRUE@dist_man_MANS = pam_stress.8 +XMLS = README.xml pam_stress.8.xml dist_check_SCRIPTS = tst-pam_stress TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) @@ -587,6 +600,7 @@ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_stress.la pam_stress_la_LIBADD = $(top_builddir)/libpam/libpam.la +@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README all: all-am .SUFFIXES: @@ -699,6 +713,49 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +install-man8: $(dist_man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(dist_man_MANS)'; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -859,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ fi; \ echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ echo "$${col}$$br$${std}"; \ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ @@ -952,9 +1009,9 @@ check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am -all-am: Makefile $(LTLIBRARIES) +all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: - for dir in "$(DESTDIR)$(securelibdir)"; do \ + for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -991,6 +1048,7 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ @@ -1014,7 +1072,7 @@ info: info-am info-am: -install-data-am: install-securelibLTLIBRARIES +install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am @@ -1030,7 +1088,7 @@ install-info: install-info-am install-info-am: -install-man: +install-man: install-man8 install-pdf: install-pdf-am @@ -1060,7 +1118,9 @@ ps: ps-am ps-am: -uninstall-am: uninstall-securelibLTLIBRARIES +uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES + +uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip @@ -1072,16 +1132,18 @@ uninstall-am: uninstall-securelibLTLIBRARIES html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-securelibLTLIBRARIES \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am recheck tags tags-am uninstall \ - uninstall-am uninstall-securelibLTLIBRARIES + install-info-am install-man install-man8 install-pdf \ + install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + recheck tags tags-am uninstall uninstall-am uninstall-man \ + uninstall-man8 uninstall-securelibLTLIBRARIES .PRECIOUS: Makefile +@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/modules/pam_stress/README b/modules/pam_stress/README index ed56ae58..230e8621 100644 --- a/modules/pam_stress/README +++ b/modules/pam_stress/README @@ -1,64 +1,61 @@ -# -# This describes the behavior of this module with respect to the -# /etc/pam.conf file. -# -# written by Andrew Morgan <morgan@parc.power.net> -# +pam_stress — The stress-testing PAM module -This module recognizes the following arguments. +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -debug put lots of information in syslog. - *NOTE* this option writes passwords to syslog, so - don't use anything sensitive when testing. +DESCRIPTION -no_warn don't give warnings about things (otherwise warnings are issued - via the conversation function) +The pam_stress PAM module is mainly intended to give the impression of failing +as a fully functioning module might. -use_first_pass don't prompt for a password, for pam_sm_authentication - function just use item PAM_AUTHTOK. +OPTIONS -try_first_pass don't prompt for a password unless there has been no - previous authentication token (item PAM_AUTHTOK is NULL) +debug -rootok This is intended for the pam_sm_chauthtok function and - it instructs this function to permit root to change - the user's password without entering the old password. + Put lots of information in syslog. *NOTE* this option writes passwords to + syslog, so don't use anything sensitive when testing. -The following arguments are acted on by the module. They are intended -to make the module give the impression of failing as a fully -functioning module might. +no_warn -expired an argument intended for the account and chauthtok module - parts. It instructs the module to act as if the user's - password has expired + Do not give warnings about things (otherwise warnings are issued via the + conversation function) -fail_1 this instructs the module to make its first function fail. +use_first_pass -fail_2 this instructs the module to make its second function (if there - is one) fail. + Do not prompt for a password, for pam_sm_authentication function just use + item PAM_AUTHTOK. - The function break up is indicated in the Module - Developers' Guide. Listed here it is: +try_first_pass - service function 1 function 2 - ------- ---------- ---------- - auth pam_sm_authenticate pam_sm_setcred - password pam_sm_chauthtok - session pam_sm_open_session pam_sm_close_session - account pam_sm_acct_mgmt + Do not prompt for a password unless there has been no previous + authentication token (item PAM_AUTHTOK is NULL) -prelim for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK. +rootok -required for pam_sm_chauthtok, means fail if the user hasn't already - been authenticated by this module. (See stress_new_pwd data - item below.) + This is intended for the pam_sm_chauthtok function and it instructs this + function to permit root to change the user's password without entering the + old password. -# -# data strings that this module uses are the following: -# +expired + + An argument intended for the account and chauthtok module parts. It + instructs the module to act as if the user's password has expired + +fail_1 + + This instructs the module to make its first function fail. + +fail_2 + + This instructs the module to make its second function (if there is one) + fail. + +prelim + + For pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK. + +required + + For pam_sm_chauthtok, means fail if the user hasn't already been + authenticated by this module. (See stress_new_pwd data string in the + NOTES.) -data name value(s) Comments ---------- -------- -------- -stress_new_pwd yes tells pam_sm_chauthtok that - pam_sm_acct_mgmt says we need a new - password diff --git a/modules/pam_stress/README.xml b/modules/pam_stress/README.xml new file mode 100644 index 00000000..6f94685e --- /dev/null +++ b/modules/pam_stress/README.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" +"http://www.docbook.org/xml/4.3/docbookx.dtd" +[ +<!-- +<!ENTITY pamstress SYSTEM "pam_stress.8.xml"> +--> +]> + +<article> + + <articleinfo> + + <title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_stress.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_stress-name"]/*)'/> + </title> + + </articleinfo> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_stress.8.xml" xpointer='xpointer(//refsect1[@id = "pam_stress-description"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_stress.8.xml" xpointer='xpointer(//refsect1[@id = "pam_stress-options"]/*)'/> + </section> + +</article> diff --git a/modules/pam_stress/pam_stress.8 b/modules/pam_stress/pam_stress.8 new file mode 100644 index 00000000..2fdb9397 --- /dev/null +++ b/modules/pam_stress/pam_stress.8 @@ -0,0 +1,190 @@ +'\" t +.\" Title: pam_stress +.\" Author: [see the "AUTHORS" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/03/2021 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_STRESS" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_stress \- The stress\-testing PAM module +.SH "SYNOPSIS" +.HP \w'\fBpam_stress\&.so\fR\ 'u +\fBpam_stress\&.so\fR [debug] [no_warn] [use_first_pass] [try_first_pass] [rootok] [expired] [fail_1] [fail_2] [prelim] [required] +.SH "DESCRIPTION" +.PP +The pam_stress PAM module is mainly intended to give the impression of failing as a fully functioning module might\&. +.SH "OPTIONS" +.PP +\fBdebug\fR +.RS 4 +Put lots of information in syslog\&. *NOTE* this option writes passwords to syslog, so don\*(Aqt use anything sensitive when testing\&. +.RE +.PP +\fBno_warn\fR +.RS 4 +Do not give warnings about things (otherwise warnings are issued via the conversation function) +.RE +.PP +\fBuse_first_pass\fR +.RS 4 +Do not prompt for a password, for pam_sm_authentication function just use item PAM_AUTHTOK\&. +.RE +.PP +\fBtry_first_pass\fR +.RS 4 +Do not prompt for a password unless there has been no previous authentication token (item PAM_AUTHTOK is NULL) +.RE +.PP +\fBrootok\fR +.RS 4 +This is intended for the pam_sm_chauthtok function and it instructs this function to permit root to change the user\*(Aqs password without entering the old password\&. +.RE +.PP +\fBexpired\fR +.RS 4 +An argument intended for the account and chauthtok module parts\&. It instructs the module to act as if the user\*(Aqs password has expired +.RE +.PP +\fBfail_1\fR +.RS 4 +This instructs the module to make its first function fail\&. +.RE +.PP +\fBfail_2\fR +.RS 4 +This instructs the module to make its second function (if there is one) fail\&. +.RE +.PP +\fBprelim\fR +.RS 4 +For pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK\&. +.RE +.PP +\fBrequired\fR +.RS 4 +For pam_sm_chauthtok, means fail if the user hasn\*(Aqt already been authenticated by this module\&. (See stress_new_pwd data string in the NOTES\&.) +.RE +.SH "MODULE TYPES PROVIDED" +.PP +All module types (\fBauth\fR, +\fBaccount\fR, +\fBpassword\fR +and +\fBsession\fR) are provided\&. +.SH "RETURN VALUES" +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_PERM_DENIED +.RS 4 +Permission denied\&. +.RE +.PP +PAM_AUTH_ERR +.RS 4 +Access to the system was denied\&. +.RE +.PP +PAM_CONV_ERR +.RS 4 +Conversation failure\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +The function passes all checks\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 +The user is not known to the system\&. +.RE +.PP +PAM_CRED_ERR +.RS 4 +Failure involving user credentials\&. +.RE +.PP +PAM_NEW_AUTHTOK_REQD +.RS 4 +Authentication token is no longer valid; new one required\&. +.RE +.PP +PAM_SESSION_ERR +.RS 4 +Session failure\&. +.RE +.PP +PAM_TRY_AGAIN +.RS 4 +Failed preliminary check by service\&. +.RE +.PP +PAM_AUTHTOK_LOCK_BUSY +.RS 4 +Authentication token lock busy\&. +.RE +.PP +PAM_AUTHTOK_ERR +.RS 4 +Authentication token manipulation error\&. +.RE +.PP +PAM_SYSTEM_ERR +.RS 4 +System error\&. +.RE +.SH "NOTES" +.PP +This module uses the stress_new_pwd data string which tells pam_sm_chauthtok that pam_sm_acct_mgmt says we need a new password\&. The only possible value for this data string is \*(Aqyes\*(Aq\&. +.SH "EXAMPLES" +.sp +.if n \{\ +.RS 4 +.\} +.nf +#%PAM\-1\&.0 +# +# Any of the following will suffice +account required pam_stress\&.so +auth required pam_stress\&.so +password required pam_stress\&.so +session required pam_stress\&.so + +.fi +.if n \{\ +.RE +.\} +.SH "SEE ALSO" +.PP +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8)\&. +.SH "AUTHORS" +.PP +The pam_stress PAM module was developed by Andrew Morgan <morgan@linux\&.kernel\&.org>\&. The man page for pam_stress was written by Lucas Ramage <ramage\&.lucas@protonmail\&.com>\&. diff --git a/modules/pam_stress/pam_stress.8.xml b/modules/pam_stress/pam_stress.8.xml new file mode 100644 index 00000000..98888b1c --- /dev/null +++ b/modules/pam_stress/pam_stress.8.xml @@ -0,0 +1,356 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> + +<refentry id='pam_stress'> + + <refmeta> + <refentrytitle>pam_stress</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id='pam_stress-name'> + <refname>pam_stress</refname> + <refpurpose>The stress-testing PAM module</refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv> + <cmdsynopsis id="pam_stress-cmdsynopsis"> + <command>pam_stress.so</command> + <arg choice="opt"> + debug + </arg> + <arg choice="opt"> + no_warn + </arg> + <arg choice="opt"> + use_first_pass + </arg> + <arg choice="opt"> + try_first_pass + </arg> + <arg choice="opt"> + rootok + </arg> + <arg choice="opt"> + expired + </arg> + <arg choice="opt"> + fail_1 + </arg> + <arg choice="opt"> + fail_2 + </arg> + <arg choice="opt"> + prelim + </arg> + <arg choice="opt"> + required + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id="pam_stress-description"> + <title>DESCRIPTION</title> + <para> + The pam_stress PAM module is mainly intended to give the impression of failing as a fully +functioning module might. + </para> + </refsect1> + + <refsect1 id="pam_stress-options"> + <title>OPTIONS</title> + <variablelist> + + <varlistentry> + <term> + <option>debug</option> + </term> + <listitem> + <para> + Put lots of information in syslog. + *NOTE* this option writes passwords to syslog, so don't use anything sensitive when testing. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>no_warn</option> + </term> + <listitem> + <para> + Do not give warnings about things (otherwise warnings are issued + via the conversation function) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>use_first_pass</option> + </term> + <listitem> + <para> + Do not prompt for a password, for pam_sm_authentication + function just use item PAM_AUTHTOK. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>try_first_pass</option> + </term> + <listitem> + <para> + Do not prompt for a password unless there has been no + previous authentication token (item PAM_AUTHTOK is NULL) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>rootok</option> + </term> + <listitem> + <para> + This is intended for the pam_sm_chauthtok function and + it instructs this function to permit root to change + the user's password without entering the old password. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>expired</option> + </term> + <listitem> + <para> + An argument intended for the account and chauthtok module + parts. It instructs the module to act as if the user's + password has expired + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>fail_1</option> + </term> + <listitem> + <para> + This instructs the module to make its first function fail. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>fail_2</option> + </term> + <listitem> + <para> + This instructs the module to make its second function (if there + is one) fail. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>prelim</option> + </term> + <listitem> + <para> + For pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>required</option> + </term> + <listitem> + <para> + For pam_sm_chauthtok, means fail if the user hasn't already + been authenticated by this module. (See stress_new_pwd data + string in the NOTES.) + </para> + </listitem> + </varlistentry> + + </variablelist> + </refsect1> + + <refsect1 id="pam_stress-types"> + <title>MODULE TYPES PROVIDED</title> + <para> + All module types (<option>auth</option>, <option>account</option>, + <option>password</option> and <option>session</option>) are provided. + </para> + </refsect1> + + <refsect1 id="pam_stress-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_BUF_ERR</term> + <listitem> + <para> + Memory buffer error. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_PERM_DENIED</term> + <listitem> + <para> + Permission denied. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTH_ERR</term> + <listitem> + <para> + Access to the system was denied. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CONV_ERR</term> + <listitem> + <para> + Conversation failure. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The function passes all checks. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + The user is not known to the system. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CRED_ERR</term> + <listitem> + <para> + Failure involving user credentials. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_NEW_AUTHTOK_REQD</term> + <listitem> + <para> + Authentication token is no longer valid; new one required. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SESSION_ERR</term> + <listitem> + <para> + Session failure. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_TRY_AGAIN</term> + <listitem> + <para> + Failed preliminary check by service. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_LOCK_BUSY</term> + <listitem> + <para> + Authentication token lock busy. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_ERR</term> + <listitem> + <para> + Authentication token manipulation error. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SYSTEM_ERR</term> + <listitem> + <para> + System error. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_stress-notes'> + <title>NOTES</title> + <para> + This module uses the stress_new_pwd data string which tells + pam_sm_chauthtok that pam_sm_acct_mgmt says we need a new password. + The only possible value for this data string is 'yes'. + </para> + </refsect1> + + <refsect1 id='pam_stress-examples'> + <title>EXAMPLES</title> + <programlisting> +#%PAM-1.0 +# +# Any of the following will suffice +account required pam_stress.so +auth required pam_stress.so +password required pam_stress.so +session required pam_stress.so + </programlisting> + </refsect1> + + <refsect1 id="pam_stress-see_also"> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>. + </para> + </refsect1> + + <refsect1 id="pam_stress-authors"> + <title>AUTHORS</title> + <para> + The pam_stress PAM module was developed by + Andrew Morgan <morgan@linux.kernel.org>. + The man page for pam_stress was written by + Lucas Ramage <ramage.lucas@protonmail.com>. + </para> + </refsect1> +</refentry> |