summaryrefslogtreecommitdiffstats
path: root/doc/man/pam_get_item.3
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/man/pam_get_item.3196
-rw-r--r--doc/man/pam_get_item.3.xml143
2 files changed, 339 insertions, 0 deletions
diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3
new file mode 100644
index 0000000..b0e05d1
--- /dev/null
+++ b/doc/man/pam_get_item.3
@@ -0,0 +1,196 @@
+'\" t
+.\" Title: pam_get_item
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 09/03/2021
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_GET_ITEM" "3" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_get_item \- getting PAM information
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#include <security/pam_modules\&.h>
+.fi
+.ft
+.HP \w'int\ pam_get_item('u
+.BI "int pam_get_item(const\ pam_handle_t\ *" "pamh" ", int\ " "item_type" ", const\ void\ **" "item" ");"
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_get_item\fR
+function allows applications and PAM service modules to access and retrieve PAM information of
+\fIitem_type\fR\&. Upon successful return,
+\fIitem\fR
+contains a pointer to the value of the corresponding item\&. Note, this is a pointer to the
+\fIactual\fR
+data and should
+\fBnot\fR
+be
+\fIfree()\fR\*(Aqed or over\-written! The following values are supported for
+\fIitem_type\fR:
+.PP
+PAM_SERVICE
+.RS 4
+The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\&.
+.RE
+.PP
+PAM_USER
+.RS 4
+The username of the entity under whose identity service will be given\&. That is, following authentication,
+\fIPAM_USER\fR
+identifies the local entity that gets to use the service\&. Note, this value can be mapped from something (eg\&., "anonymous") to something else (eg\&. "guest119") by any module in the PAM stack\&. As such an application should consult the value of
+\fIPAM_USER\fR
+after each call to a PAM function\&.
+.RE
+.PP
+PAM_USER_PROMPT
+.RS 4
+The string used when prompting for a user\*(Aqs name\&. The default value for this string is a localized version of "login: "\&.
+.RE
+.PP
+PAM_TTY
+.RS 4
+The terminal name: prefixed by
+/dev/
+if it is a device file; for graphical, X\-based, applications the value for this item should be the
+\fI$DISPLAY\fR
+variable\&.
+.RE
+.PP
+PAM_RUSER
+.RS 4
+The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\&.
+.sp
+Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\&. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\&.
+.sp
+\fIPAM_RUSER@PAM_RHOST\fR
+should always identify the requesting user\&. In some cases,
+\fIPAM_RUSER\fR
+may be NULL\&. In such situations, it is unclear who the requesting entity is\&.
+.RE
+.PP
+PAM_RHOST
+.RS 4
+The requesting hostname (the hostname of the machine from which the
+\fIPAM_RUSER\fR
+entity is requesting service)\&. That is
+\fIPAM_RUSER@PAM_RHOST\fR
+does identify the requesting user\&. In some applications,
+\fIPAM_RHOST\fR
+may be NULL\&. In such situations, it is unclear where the authentication request is originating from\&.
+.RE
+.PP
+PAM_AUTHTOK
+.RS 4
+The authentication token (often a password)\&. This token should be ignored by all module functions besides
+\fBpam_sm_authenticate\fR(3)
+and
+\fBpam_sm_chauthtok\fR(3)\&. In the former function it is used to pass the most recent authentication token from one stacked module to another\&. In the latter function the token is used for another purpose\&. It contains the currently active authentication token\&.
+.RE
+.PP
+PAM_OLDAUTHTOK
+.RS 4
+The old authentication token\&. This token should be ignored by all module functions except
+\fBpam_sm_chauthtok\fR(3)\&.
+.RE
+.PP
+PAM_CONV
+.RS 4
+The pam_conv structure\&. See
+\fBpam_conv\fR(3)\&.
+.RE
+.PP
+The following additional items are specific to Linux\-PAM and should not be used in portable applications:
+.PP
+PAM_FAIL_DELAY
+.RS 4
+A function pointer to redirect centrally managed failure delays\&. See
+\fBpam_fail_delay\fR(3)\&.
+.RE
+.PP
+PAM_XDISPLAY
+.RS 4
+The name of the X display\&. For graphical, X\-based applications the value for this item should be the
+\fI$DISPLAY\fR
+variable\&. This value may be used independently of
+\fIPAM_TTY\fR
+for passing the name of the display\&.
+.RE
+.PP
+PAM_XAUTHDATA
+.RS 4
+A pointer to a structure containing the X authentication data required to make a connection to the display specified by
+\fIPAM_XDISPLAY\fR, if such information is necessary\&. See
+\fBpam_xauth_data\fR(3)\&.
+.RE
+.PP
+PAM_AUTHTOK_TYPE
+.RS 4
+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word
+\fIUNIX\fR
+can be replaced with this item, by default it is empty\&. This item is used by
+\fBpam_get_authtok\fR(3)\&.
+.RE
+.PP
+If a service module wishes to obtain the name of the user, it should not use this function, but instead perform a call to
+\fBpam_get_user\fR(3)\&.
+.PP
+Only a service module is privileged to read the authentication tokens, PAM_AUTHTOK and PAM_OLDAUTHTOK\&.
+.SH "RETURN VALUES"
+.PP
+PAM_BAD_ITEM
+.RS 4
+The application attempted to set an undefined or inaccessible item\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_PERM_DENIED
+.RS 4
+The value of
+\fIitem\fR
+was NULL\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Data was successful updated\&.
+.RE
+.PP
+PAM_SYSTEM_ERR
+.RS 4
+The
+\fIpam_handle_t\fR
+passed as first argument was invalid\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpam_set_item\fR(3),
+\fBpam_strerror\fR(3)
diff --git a/doc/man/pam_get_item.3.xml b/doc/man/pam_get_item.3.xml
new file mode 100644
index 0000000..1145273
--- /dev/null
+++ b/doc/man/pam_get_item.3.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"
+[
+<!--
+<!ENTITY accessconf SYSTEM "pam_item_types_std.inc.xml">
+<!ENTITY accessconf SYSTEM "pam_item_types_ext.inc.xml">
+-->
+]>
+
+<refentry id='pam_get_item'>
+
+ <refmeta>
+ <refentrytitle>pam_get_item</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id='pam_get_item-name'>
+ <refname>pam_get_item</refname>
+ <refpurpose>
+ getting PAM information
+ </refpurpose>
+ </refnamediv>
+
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+
+ <funcsynopsis id="pam_get_item-synopsis">
+ <funcsynopsisinfo>#include &lt;security/pam_modules.h&gt;</funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>int <function>pam_get_item</function></funcdef>
+ <paramdef>const pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>item_type</parameter></paramdef>
+ <paramdef>const void **<parameter>item</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+
+ </refsynopsisdiv>
+
+
+ <refsect1 id="pam_get_item-description">
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_get_item</function> function allows applications
+ and PAM service modules to access and retrieve PAM information
+ of <emphasis>item_type</emphasis>. Upon successful return,
+ <emphasis>item</emphasis> contains a pointer to the value of the
+ corresponding item. Note, this is a pointer to the
+ <emphasis>actual</emphasis> data and should
+ <emphasis remap="B">not</emphasis> be <emphasis>free()</emphasis>'ed or
+ over-written! The following values are supported for
+ <emphasis>item_type</emphasis>:
+ </para>
+
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_item_types_std.inc.xml"/>
+
+ <para>
+ The following additional items are specific to Linux-PAM and should not be used in
+ portable applications:
+ </para>
+
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_item_types_ext.inc.xml"/>
+
+ <para>
+ If a service module wishes to obtain the name of the user,
+ it should not use this function, but instead perform a call to
+ <citerefentry>
+ <refentrytitle>pam_get_user</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ <para>
+ Only a service module is privileged to read the
+ authentication tokens, PAM_AUTHTOK and PAM_OLDAUTHTOK.
+ </para>
+
+ </refsect1>
+
+ <refsect1 id="pam_get_item-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_BAD_ITEM</term>
+ <listitem>
+ <para>
+ The application attempted to set an undefined or inaccessible
+ item.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory buffer error.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_PERM_DENIED</term>
+ <listitem>
+ <para>
+ The value of <emphasis>item</emphasis> was NULL.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Data was successful updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SYSTEM_ERR</term>
+ <listitem>
+ <para>
+ The <emphasis>pam_handle_t</emphasis> passed as first
+ argument was invalid.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_get_item-see_also">
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+</refentry>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-20 07:31:40 +0000