PAM Library Functions pamsetitem(3PAM)
NAME
pamsetitem, pamgetitem - authentication information rou-
tines for PAM
SYNOPSIS
cc [ flag ... ] file ... -lpam [ library ... ]
#include
int pamsetitem(pamhandlet *pamh, int itemtype,
const void *item);
int pamgetitem(const pamhandlet *pamh, int itemtype,
void **item);
DESCRIPTION
The pamgetitem() and pamsetitem() functions allow appli-
cations and PAM service modules to access and to update PAM
information as needed. The information is specified by
itemtype, and can be one of the following:
PAMAUSER The authenticated user name. Applica-
tions that are trusted to correctly iden-
tify the authenticated user should set
this item to the authenticated user name.
See NOTES and pamunixcred(5).
PAMAUTHTOK The user authentication token.
PAMCONV The pamconv structure.
PAMOLDAUTHTOK The old user authentication token.
PAMRESOURCE A semicolon-separated list of key=value
pairs that represent the set of resource
controls for application by
pamsetcred(3PAM) or
pamopensession(3PAM). See the indivi-
dual service module definitions, such as
pamunixcred(5), for interpretations of
the keys and values.
PAMRHOST The remote host name.
SunOS 5.11 Last change: 31 Oct 2006 1
PAM Library Functions pamsetitem(3PAM)
PAMRUSER The rlogin/rsh untrusted remote user
name.
PAMSERVICE The service name.
PAMTY The tty name.
PAMUSER The user name.
PAMUSERPROMPT The default prompt used by
pamgetuser().
PAMREPOSITORY The repository that contains the authen-
tication token information.
The pamrepository structure is defined as:
struct pamrepository {
char *type; /* Repository type, e.g., files, */
/* nis, ldap */
void *scope; /* Optional scope information */
sizet scopelen; /* length of scope information */
};
The itemtype PAMSERVICE can be set only by pamstart() and
is read-only to both applications and service modules.
For security reasons, the itemtype PAMAUTHTOK and
PAMOLDAUTHTOK are available only to the module providers.
The authentication module, account module, and session
management module should treat PAMAUTHTOK as the current
authentication token and ignore PAMOLDAUTHTOK. The password
management module should treat PAMOLDAUTHTOK as the current
authentication token and PAMAUTHTOK as the new authentica-
tion token.
The pamsetitem() function is passed the authentication
handle, pamh, returned by pamstart(), a pointer to the
object, item, and its type, itemtype. If successful,
pamsetitem() copies the item to an internal storage area
allocated by the authentication module and returns
SunOS 5.11 Last change: 31 Oct 2006 2
PAM Library Functions pamsetitem(3PAM)
PAMSUCES. An item that had been previously set will be
overwritten by the new value.
The pamgetitem() function is passed the authentication
handle, pamh, returned by pamstart(), an itemtype, and the
address of the pointer, item, which is assigned the address
of the requested object. The object data is valid until
modified by a subsequent call to pamsetitem() for the same
itemtype, or unless it is modified by any of the underlying
service modules. If the item has not been previously set,
pamgetitem() returns a null pointer. An item retrieved by
pamgetitem() should not be modified or freed. The item
will be released by pamend().
RETURN VALUES
Upon success, pamgetitem() returns PAMSUCES; otherwise
it returns an error code. Refer to pam(3PAM) for information
on error related return values.
ATRIBUTES
See attributes(5) for description of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Stable
MT-Level MT-Safe with exceptions
The functions in libpam(3LIB) are MT-Safe only if each
thread within the multithreaded application uses its own PAM
handle.
SEE ALSO
libpam(3LIB), pam(3PAM), pamacctmgmt(3PAM),
pamauthenticate(3PAM), pamchauthtok(3PAM),
pamgetuser(3PAM), pamopensession(3PAM),
pamsetcred(3PAM), pamstart(3PAM), attributes(5),
pamunixcred(5)
NOTES
If the PAMREPOSITORY itemtype is set and a service module
does not recognize the type, the service module does not
process any information, and returns PAMIGNORE. If the
PAMREPOSITORY itemtype is not set, a service module
SunOS 5.11 Last change: 31 Oct 2006 3
PAM Library Functions pamsetitem(3PAM)
performs its default action.
PAMAUSER is not intended as a replacement for PAMUSER. It
is expected to be used to supplement PAMUSER when there is
an authenticated user from a source other than
pamauthenticate(3PAM). Such sources could be sshd host-
based authentication, kerberized rlogin, and su(1M).
SunOS 5.11 Last change: 31 Oct 2006 4
|
