diff options
Diffstat (limited to 'doc/man/pam_get_item.3')
-rw-r--r-- | doc/man/pam_get_item.3 | 196 |
1 files changed, 196 insertions, 0 deletions
diff --git a/doc/man/pam_get_item.3 b/doc/man/pam_get_item.3 new file mode 100644 index 0000000..b0e05d1 --- /dev/null +++ b/doc/man/pam_get_item.3 @@ -0,0 +1,196 @@ +'\" t +.\" Title: pam_get_item +.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/03/2021 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_GET_ITEM" "3" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_get_item \- getting PAM information +.SH "SYNOPSIS" +.sp +.ft B +.nf +#include <security/pam_modules\&.h> +.fi +.ft +.HP \w'int\ pam_get_item('u +.BI "int pam_get_item(const\ pam_handle_t\ *" "pamh" ", int\ " "item_type" ", const\ void\ **" "item" ");" +.SH "DESCRIPTION" +.PP +The +\fBpam_get_item\fR +function allows applications and PAM service modules to access and retrieve PAM information of +\fIitem_type\fR\&. Upon successful return, +\fIitem\fR +contains a pointer to the value of the corresponding item\&. Note, this is a pointer to the +\fIactual\fR +data and should +\fBnot\fR +be +\fIfree()\fR\*(Aqed or over\-written! The following values are supported for +\fIitem_type\fR: +.PP +PAM_SERVICE +.RS 4 +The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\&. +.RE +.PP +PAM_USER +.RS 4 +The username of the entity under whose identity service will be given\&. That is, following authentication, +\fIPAM_USER\fR +identifies the local entity that gets to use the service\&. Note, this value can be mapped from something (eg\&., "anonymous") to something else (eg\&. "guest119") by any module in the PAM stack\&. As such an application should consult the value of +\fIPAM_USER\fR +after each call to a PAM function\&. +.RE +.PP +PAM_USER_PROMPT +.RS 4 +The string used when prompting for a user\*(Aqs name\&. The default value for this string is a localized version of "login: "\&. +.RE +.PP +PAM_TTY +.RS 4 +The terminal name: prefixed by +/dev/ +if it is a device file; for graphical, X\-based, applications the value for this item should be the +\fI$DISPLAY\fR +variable\&. +.RE +.PP +PAM_RUSER +.RS 4 +The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\&. +.sp +Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\&. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\&. +.sp +\fIPAM_RUSER@PAM_RHOST\fR +should always identify the requesting user\&. In some cases, +\fIPAM_RUSER\fR +may be NULL\&. In such situations, it is unclear who the requesting entity is\&. +.RE +.PP +PAM_RHOST +.RS 4 +The requesting hostname (the hostname of the machine from which the +\fIPAM_RUSER\fR +entity is requesting service)\&. That is +\fIPAM_RUSER@PAM_RHOST\fR +does identify the requesting user\&. In some applications, +\fIPAM_RHOST\fR +may be NULL\&. In such situations, it is unclear where the authentication request is originating from\&. +.RE +.PP +PAM_AUTHTOK +.RS 4 +The authentication token (often a password)\&. This token should be ignored by all module functions besides +\fBpam_sm_authenticate\fR(3) +and +\fBpam_sm_chauthtok\fR(3)\&. In the former function it is used to pass the most recent authentication token from one stacked module to another\&. In the latter function the token is used for another purpose\&. It contains the currently active authentication token\&. +.RE +.PP +PAM_OLDAUTHTOK +.RS 4 +The old authentication token\&. This token should be ignored by all module functions except +\fBpam_sm_chauthtok\fR(3)\&. +.RE +.PP +PAM_CONV +.RS 4 +The pam_conv structure\&. See +\fBpam_conv\fR(3)\&. +.RE +.PP +The following additional items are specific to Linux\-PAM and should not be used in portable applications: +.PP +PAM_FAIL_DELAY +.RS 4 +A function pointer to redirect centrally managed failure delays\&. See +\fBpam_fail_delay\fR(3)\&. +.RE +.PP +PAM_XDISPLAY +.RS 4 +The name of the X display\&. For graphical, X\-based applications the value for this item should be the +\fI$DISPLAY\fR +variable\&. This value may be used independently of +\fIPAM_TTY\fR +for passing the name of the display\&. +.RE +.PP +PAM_XAUTHDATA +.RS 4 +A pointer to a structure containing the X authentication data required to make a connection to the display specified by +\fIPAM_XDISPLAY\fR, if such information is necessary\&. See +\fBpam_xauth_data\fR(3)\&. +.RE +.PP +PAM_AUTHTOK_TYPE +.RS 4 +The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word +\fIUNIX\fR +can be replaced with this item, by default it is empty\&. This item is used by +\fBpam_get_authtok\fR(3)\&. +.RE +.PP +If a service module wishes to obtain the name of the user, it should not use this function, but instead perform a call to +\fBpam_get_user\fR(3)\&. +.PP +Only a service module is privileged to read the authentication tokens, PAM_AUTHTOK and PAM_OLDAUTHTOK\&. +.SH "RETURN VALUES" +.PP +PAM_BAD_ITEM +.RS 4 +The application attempted to set an undefined or inaccessible item\&. +.RE +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_PERM_DENIED +.RS 4 +The value of +\fIitem\fR +was NULL\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +Data was successful updated\&. +.RE +.PP +PAM_SYSTEM_ERR +.RS 4 +The +\fIpam_handle_t\fR +passed as first argument was invalid\&. +.RE +.SH "SEE ALSO" +.PP +\fBpam_set_item\fR(3), +\fBpam_strerror\fR(3) |