Lines Matching defs:pam
83 /* functions to read and store the pam.conf configuration file */
157 * pam_settrace - setup configuration for pam tracing
175 * PAM_DEBUG_CONF (0x0008), log pam.conf parsing.
1047 * Read PAM entries from either /etc/pam.conf and/or
1048 * /etc/pam.d/<service> or an included PAM configuration file
1246 * Go back to not having read /etc/pam.conf
1611 /* a missing pam.conf-formatted file or an empty path is an error */
1642 * pam.conf(4)-formatted 'pam_policy' file, must be an absolute
1659 * occurrence in the /etc/pam.d world where /etc/pam.d/<service>
1976 /* add this fd to the pam handle */
2026 * Routines to read the pam.conf configuration file
2031 * either the traditional pam.conf(4) syntax or the per-service
2032 * /etc/pam.d syntax which is the same as pam.conf(4) except the first
2045 * When looking up a per-service PAM policy file in /etc/pam.d the
2047 * walk through the /etc/pam.d directory using readdir(3C) to find a
2048 * case-insensitive match of a pam.d/<service> file to the current
2051 * maintain the same behaviour of pam.conf(4) where service names are
2160 * close_pam_conf - close pam.conf
2172 * read_pam_entries - read PAM entries from either pam.conf(4) and/or the
2173 * per-service files in /etc/pam.d.
2182 * /etc/pam.conf for the named PAM service
2183 * /etc/pam.d/<service> for the named PAM service
2184 * /etc/pam.conf for the "other" service
2185 * /etc/pam.d/other
2186 * which retains backwards compatbility with pam.conf(4) and
2187 * also allows per-service /etc/pam.d/ files to work as well.
2205 * included file could have either the pam.conf(4) syntax with
2206 * the 'service' name present or the per-service /etc/pam.d
2228 * read_pam_conf - read in each entry in pam.conf and store info
2229 * under the pam handle.
2247 "service = %s pam.d = %d", i, pam_trace_cname(pamh), (void *)pamh,
2248 config ? config : "/etc/pam.d/<service>", service, pamdotd);
2326 "service = %s type = %d pam.d = %d error = %d", i,
2328 "/etc/pam.d/<service>", service, type, pamdotd, error);
2337 * get_pam_conf_entry - get a pam.conf entry
2341 get_pam_conf_entry(struct pam_fh *pam_fh, pam_handle_t *pamh, pamtab_t **pam,
2352 /* get the next line from pam.conf */
2354 /* no more lines in pam.conf ==> return */
2356 *pam = NULL;
2360 if ((*pam = calloc(1, sizeof (pamtab_t))) == NULL) {
2372 "pam.conf[%s] entry:\t%s", pam_trace_cname(pamh), current_line);
2378 "illegal pam.conf[%s] entry: %s: "
2386 * PAM policy files in either pam.conf(4) format or the
2387 * per-service format of /etc/pam.d files so both are checked.
2388 * The pam.conf(4) format is checked first so when looking for
2389 * pam.conf(4) syntax and no service entry is present stop
2390 * searching using pam.conf(4) syntax. This avoids syslog'ing
2399 "pam.conf[%s] entry: %s: missing SERVICE name",
2404 if (((*pam)->pam_service = strdup(arg)) == 0) {
2409 if (((*pam)->pam_service = strdup(service)) == 0) {
2419 "illegal pam.conf[%s] entry: %s: missing MODULE TYPE",
2421 (*pam)->pam_type = -1; /* 0 is a valid value */
2425 (*pam)->pam_type = PAM_AUTH_MODULE;
2427 (*pam)->pam_type = PAM_ACCOUNT_MODULE;
2429 (*pam)->pam_type = PAM_SESSION_MODULE;
2431 (*pam)->pam_type = PAM_PASSWORD_MODULE;
2435 * an error. However since we support both the pam.conf(4)
2436 * format and the pam.d format for included PAM configs and PAM
2438 * a partial PAM policy file here in pam.conf syntax but
2439 * searching using pam.d syntax by skipping the first token
2448 "illegal pam.conf[%s] entry: %s: invalid module "
2451 (*pam)->pam_type = -1; /* 0 is a valid value */
2456 /* get pam flag (e.g., requisite, required, sufficient, optional) */
2459 "illegal pam.conf[%s] entry: %s: missing CONTROL FLAG",
2464 (*pam)->pam_flag = PAM_BINDING;
2466 (*pam)->pam_flag = PAM_DEFINITIVE;
2468 (*pam)->pam_flag = PAM_INCLUDE;
2470 (*pam)->pam_flag = PAM_OPTIONAL;
2472 (*pam)->pam_flag = PAM_REQUIRED;
2474 (*pam)->pam_flag = PAM_REQUISITE;
2476 (*pam)->pam_flag = PAM_SUFFICIENT;
2480 "illegal pam.conf[%s] entry: %s",
2490 "illegal pam.conf[%s] entry: %s: missing MODULE PATH",
2503 if (((*pam)->module_path = malloc(len)) == NULL) {
2507 if ((*pam)->pam_flag & PAM_INCLUDE) {
2508 (void) snprintf((*pam)->module_path, len, "%s%s",
2511 (void) snprintf((*pam)->module_path, len, "%s%s%s",
2525 if (((*pam)->module_path = malloc(len)) == NULL) {
2532 (void) snprintf((*pam)->module_path, len, "%s%s%s",
2534 } else if (((*pam)->module_path = strdup(arg)) == 0) {
2553 if (((*pam)->module_argv =
2561 (*pam)->module_argv[i] = strdup(arg);
2562 if ((*pam)->module_argv[i] == NULL) {
2568 (*pam)->module_argv[argc] = NULL;
2570 (*pam)->module_argc = argc;
2573 (*pam)->pam_err = err; /* was the line truncated */
2580 if (*pam)
2581 free_pamconf(*pam);
2697 "nextline[%d:%s]: pam.conf line too long %.256s",
2710 "nextline[%d:%s]: pam.conf line too long %.256s",
2733 verify_pam_conf(pamtab_t *pam, char *service)
2735 return ((pam->pam_service == (char *)NULL) ||
2736 ((strcasecmp(pam->pam_service, service) == 0) &&
2737 ((pam->pam_type == -1) ||
2738 (pam->pam_flag == 0) ||
2739 (pam->pam_err != PAM_SUCCESS) ||
2740 (pam->module_path == (char *)NULL))));
2748 * clean_up - free allocated storage in the pam handle
2786 * free_pamconf - free memory used to store pam.conf entry
2813 * free_pam_conf_info - free memory used to store all pam.conf info
2814 * under the pam handle
2941 * The UNIX pam modules always calls __pam_get_authtok() and
3034 * retrieves a password of at most PASS_MAX length from the pam
3044 * PAM_AUTHTOK - password is taken from pam handle (PAM_AUTHTOK)
3045 * PAM_OLDAUTHTOK - password is taken from pam handle (PAM_OLDAUTHTOK)
3051 * to store it in the pam handle.
3052 * PAM_AUTHTOK: Prompt for new passwd, store in pam handle as
3054 * PAM_OLDAUTHTOK: Prompt for new passwd, store in pam handle as
3076 /* get password from pam handle item list */
3104 * Prompt for new password and save in pam handle item list