summaryrefslogtreecommitdiffstats
path: root/doc/man/pam_sm_setcred.3
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/man/pam_sm_setcred.3128
-rw-r--r--doc/man/pam_sm_setcred.3.xml184
2 files changed, 312 insertions, 0 deletions
diff --git a/doc/man/pam_sm_setcred.3 b/doc/man/pam_sm_setcred.3
new file mode 100644
index 0000000..6493870
--- /dev/null
+++ b/doc/man/pam_sm_setcred.3
@@ -0,0 +1,128 @@
+'\" t
+.\" Title: pam_sm_setcred
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 09/03/2021
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_SM_SETCRED" "3" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_sm_setcred \- PAM service function to alter credentials
+.SH "SYNOPSIS"
+.sp
+.ft B
+.nf
+#include <security/pam_modules\&.h>
+.fi
+.ft
+.HP \w'int\ pam_sm_setcred('u
+.BI "int pam_sm_setcred(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");"
+.SH "DESCRIPTION"
+.PP
+The
+\fBpam_sm_setcred\fR
+function is the service module\*(Aqs implementation of the
+\fBpam_setcred\fR(3)
+interface\&.
+.PP
+This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme\&. Generally, an authentication module may have access to more information about a user than their authentication token\&. This function is used to make such information available to the application\&. It should only be called
+\fIafter\fR
+the user has been authenticated but before a session has been established\&.
+.PP
+Valid flags, which may be logically OR\*(Aqd with
+\fIPAM_SILENT\fR, are:
+.PP
+PAM_SILENT
+.RS 4
+Do not emit any messages\&.
+.RE
+.PP
+PAM_ESTABLISH_CRED
+.RS 4
+Initialize the credentials for the user\&.
+.RE
+.PP
+PAM_DELETE_CRED
+.RS 4
+Delete the credentials associated with the authentication service\&.
+.RE
+.PP
+PAM_REINITIALIZE_CRED
+.RS 4
+Reinitialize the user credentials\&.
+.RE
+.PP
+PAM_REFRESH_CRED
+.RS 4
+Extend the lifetime of the user credentials\&.
+.RE
+.PP
+The way the
+\fBauth\fR
+stack is navigated in order to evaluate the
+\fBpam_setcred\fR() function call, independent of the
+\fBpam_sm_setcred\fR() return codes, is exactly the same way that it was navigated when evaluating the
+\fBpam_authenticate\fR() library call\&. Typically, if a stack entry was ignored in evaluating
+\fBpam_authenticate\fR(), it will be ignored when libpam evaluates the
+\fBpam_setcred\fR() function call\&. Otherwise, the return codes from each module specific
+\fBpam_sm_setcred\fR() call are treated as
+\fBrequired\fR\&.
+.SH "RETURN VALUES"
+.PP
+PAM_CRED_UNAVAIL
+.RS 4
+This module cannot retrieve the user\*(Aqs credentials\&.
+.RE
+.PP
+PAM_CRED_EXPIRED
+.RS 4
+The user\*(Aqs credentials have expired\&.
+.RE
+.PP
+PAM_CRED_ERR
+.RS 4
+This module was unable to set the credentials of the user\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+The user credential was successfully set\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+The user is not known to this authentication module\&.
+.RE
+.PP
+These, non\-\fIPAM_SUCCESS\fR, return values will typically lead to the credential stack
+\fIfailing\fR\&. The first such error will dominate in the return value of
+\fBpam_setcred\fR()\&.
+.SH "SEE ALSO"
+.PP
+\fBpam\fR(3),
+\fBpam_authenticate\fR(3),
+\fBpam_setcred\fR(3),
+\fBpam_sm_authenticate\fR(3),
+\fBpam_strerror\fR(3),
+\fBPAM\fR(8)
diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml
new file mode 100644
index 0000000..bb04a2d
--- /dev/null
+++ b/doc/man/pam_sm_setcred.3.xml
@@ -0,0 +1,184 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+<refentry id='pam_sm_setcred'>
+ <refmeta>
+ <refentrytitle>pam_sm_setcred</refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_sm_setcred-name">
+ <refname>pam_sm_setcred</refname>
+ <refpurpose>PAM service function to alter credentials</refpurpose>
+ </refnamediv>
+
+<!-- body begins here -->
+
+ <refsynopsisdiv>
+ <funcsynopsis id='pam_sm_setcred-synopsis'>
+ <funcsynopsisinfo>#include &lt;security/pam_modules.h&gt;</funcsynopsisinfo>
+ <funcprototype>
+ <funcdef>int <function>pam_sm_setcred</function></funcdef>
+ <paramdef>pam_handle_t *<parameter>pamh</parameter></paramdef>
+ <paramdef>int <parameter>flags</parameter></paramdef>
+ <paramdef>int <parameter>argc</parameter></paramdef>
+ <paramdef>const char **<parameter>argv</parameter></paramdef>
+ </funcprototype>
+ </funcsynopsis>
+ </refsynopsisdiv>
+
+
+ <refsect1 id='pam_sm_setcred-description'>
+ <title>DESCRIPTION</title>
+ <para>
+ The <function>pam_sm_setcred</function> function is the service
+ module's implementation of the
+ <citerefentry>
+ <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> interface.
+ </para>
+ <para>
+ This function performs the task of altering the credentials of the
+ user with respect to the corresponding authorization
+ scheme. Generally, an authentication module may have access to more
+ information about a user than their authentication token. This
+ function is used to make such information available to the
+ application. It should only be called <emphasis>after</emphasis> the
+ user has been authenticated but before a session has been established.
+ </para>
+ <para>
+ Valid flags, which may be logically OR'd with
+ <emphasis>PAM_SILENT</emphasis>, are:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SILENT</term>
+ <listitem>
+ <para>
+ Do not emit any messages.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_ESTABLISH_CRED</term>
+ <listitem>
+ <para>Initialize the credentials for the user.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_DELETE_CRED</term>
+ <listitem>
+ <para>
+ Delete the credentials associated with the authentication service.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_REINITIALIZE_CRED</term>
+ <listitem>
+ <para>
+ Reinitialize the user credentials.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_REFRESH_CRED</term>
+ <listitem>
+ <para>
+ Extend the lifetime of the user credentials.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ The way the <emphasis remap='B'>auth</emphasis> stack is
+ navigated in order to evaluate the <function>pam_setcred</function>()
+ function call, independent of the <function>pam_sm_setcred</function>()
+ return codes, is exactly the same way that it was navigated when
+ evaluating the <function>pam_authenticate</function>() library
+ call. Typically, if a stack entry was ignored in evaluating
+ <function>pam_authenticate</function>(), it will be ignored when
+ libpam evaluates the <function>pam_setcred</function>() function
+ call. Otherwise, the return codes from each module specific
+ <function>pam_sm_setcred</function>() call are treated as
+ <emphasis remap='B'>required</emphasis>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_sm_setcred-return_values">
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_CRED_UNAVAIL</term>
+ <listitem>
+ <para>
+ This module cannot retrieve the user's credentials.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_EXPIRED</term>
+ <listitem>
+ <para>
+ The user's credentials have expired.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CRED_ERR</term>
+ <listitem>
+ <para>
+ This module was unable to set the credentials of the user.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ The user credential was successfully set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ The user is not known to this authentication module.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ These, non-<emphasis>PAM_SUCCESS</emphasis>, return values will
+ typically lead to the credential stack <emphasis>failing</emphasis>.
+ The first such error will dominate in the return value of
+ <function>pam_setcred</function>().
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_sm_setcred-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+</refentry>
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-20 10:29:22 +0000