Added pam_modules-138

pam_modules-138/common/Common.h

@@ -0,0 +1,21 @@
+#include <OpenDirectory/OpenDirectory.h>
+
+#ifndef _COMMON_H_
+#define _COMMON_H_
+
+int od_record_create(pam_handle_t*, ODRecordRef*, CFStringRef);
+int od_record_create_cstring(pam_handle_t*, ODRecordRef*, const char*);
+
+int od_record_check_pwpolicy(ODRecordRef);
+int od_record_check_authauthority(ODRecordRef);
+int od_record_check_homedir(ODRecordRef);
+int od_record_check_shell(ODRecordRef);
+
+int od_extract_home(pam_handle_t*, const char *, char **, char **, char **);
+int od_principal_for_user(pam_handle_t*, const char *, char **);
+
+void pam_cf_cleanup(__unused pam_handle_t *, void *, __unused int );
+
+int cfstring_to_cstring(const CFStringRef val, char **buffer);
+
+#endif /* _COMMON_H_ */

pam_modules-138/modules/pam_env/README

@@ -0,0 +1,72 @@
+# $Date: 2002/03/27 02:36:24 $
+# $Author: bbraun $
+# $Id: README,v 1.4 2002/03/27 02:36:24 bbraun Exp $
+#
+# This is the configuration file for pam_env, a PAM module to load in 
+# a configurable list of environment variables for a 
+# 
+# The original idea for this came from Andrew G. Morgan ...
+#<quote>
+#   Mmm. Perhaps you might like to write a pam_env module that reads a
+#   default environment from a file? I can see that as REALLY
+#   useful... Note it would be an "auth" module that returns PAM_IGNORE
+#   for the auth part and sets the environment returning PAM_SUCCESS in
+#   the setcred function...
+#</quote>
+#
+# What I wanted was the REMOTEHOST variable set, purely for selfish
+# reasons, and AGM didn't want it added to the SimpleApps login
+# program (which is where I added the patch). So, my first concern is
+# that variable, from there there are numerous others that might/would
+# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
+#
+# Of course, these are a different kind of variable than REMOTEHOST in
+# that they are things that are likely to be configured by
+# administrators rather than set by logging in, how to treat them both
+# in the same config file?
+#
+# Here is my idea: 
+#
+# Each line starts with the variable name, there are then two possible
+# options for each variable DEFAULT and OVERRIDE. 
+# DEFAULT allows and administrator to set the value of the
+# variable  to some default value, if none is supplied then the empty
+# string is assumed. The OVERRIDE option tells pam_env that it should
+# enter in its value (overriding the default value) if there is one
+# to use. OVERRIDE is not used, "" is assumed and no override will be
+# done. 
+#
+# VARIABLE   [DEFAULT=[value]]  [OVERRIDE=[value]]
+#
+# (Possibly non-existent) environment variables may be used in values
+# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
+# be used in values using the @{string} syntax. Both the $ and @
+# characters can be backslash escaped to be used as literal values
+# values can be delimited with "", escaped " not supported.
+#
+#
+# First, some special variables
+#
+# Set the REMOTEHOST variable for any hosts that are remote, default
+# to "localhost" rather than not being set at all
+REMOTEHOST	DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+#
+# Set the DISPLAY variable if it seems reasonable 
+DISPLAY		DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+#
+#
+#  Now some simple variables
+#
+PAGER		DEFAULT=less
+MANPAGER	DEFAULT=less
+LESS		DEFAULT="M q e h15 z23 b80"
+NNTPSERVER	DEFAULT=localhost
+PATH		DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
+:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+#
+# silly examples of escaped variables, just to show how they work.
+#
+DOLLAR		DEFAULT=\$
+DOLLARDOLLAR	DEFAULT=	OVERRIDE=\$${DOLLAR}
+DOLLARPLUS	DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+ATSIGN		DEFAULT=""	OVERRIDE=\@

pam_modules-138/modules/pam_env/pam_env.8

@@ -0,0 +1,95 @@
+.\"
+.\" $Id: pam_env.c,v 1.5 2002/03/27 02:36:24 bbraun Exp $
+.\"
+.\" Written by Dave Kinchlea <kinch@kinch.ark.com> 1997/01/31
+.\" Inspired by Andrew Morgan <morgan@kernel.org>, who also supplied the 
+.\" template for this file (via pam_mail)
+.\"
+.\" Portions Copyright (C) 2002-2009 Apple Inc.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms of Linux-PAM, with
+.\" or without modification, are permitted provided that the following
+.\" conditions are met:
+.\" 
+.\" 1. Redistributions of source code must retain any existing copyright
+.\" notice, and this entire permission notice in its entirety,
+.\" including the disclaimer of warranties.
+.\" 
+.\" 2. Redistributions in binary form must reproduce all prior and current
+.\" copyright notices, this list of conditions, and the following
+.\" disclaimer in the documentation and/or other materials provided
+.\" with the distribution.
+.\" 
+.\" 3. The name of any author may not be used to endorse or promote
+.\" products derived from this software without their specific prior
+.\" written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+.\" OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+.\" TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+.\" USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+.\" DAMAGE. 
+.\"
+.Dd February 7, 2009
+.Dt pam_env 8
+.Os
+.Sh NAME
+.Nm pam_env
+.Nd The Environment PAM module
+.Sh SYNOPSIS
+.Op Ar service-name
+.Ar function-class
+.Ar control-flag
+pam_env
+.Op Ar options
+.Sh DESCRIPTION
+The Environment PAM module supports the authentication and session management function classes.  In terms of the
+.Ar function-class
+parameter, these are
+.Dq Li auth
+and
+.Dq Li session
+respectively.  The Environment PAM module has identical support for both supported function classes.
+.Pp
+The Environment PAM module allows the setting and unsetting of environment variables.  The use of previously set environment variables as well as PAM_ITEMs such as PAM_RHOST is supported.
+.Pp
+This module can also parse a file with simple KEY=VAL pairs on separate lines
+.Pq /etc/environment by default .
+You can change the default file to parse, with the
+.Cm envfile
+flag and turn it on or off by setting the
+.Cm readenv
+flag to 1 or 0 respectively.
+.Pp
+The following options may be passed to this module:
+.Bl -tag
+.It Cm conffile=/path/to/pam_env.conf
+Indicate an alternative pam_env.conf style configuration file to override the default. This can be useful when different services need different environments.
+.It Cm debug
+A lot of debug information will be printed to the system log.
+.It Cm envfile=/path/to/environment
+Indicate an alternative environment file to override the default. This can be useful when different services need different environments.
+.It Cm readenv=0|1
+Turns on or off the reading of the file specified by envfile (0 is off, 1 is on). By default this option is on.
+.El
+.Sh FILES
+.Bl -tag
+.It Pa /etc/security/pam_env.conf
+The default configuration file.
+.It Pa /etc/environment
+The default environment file.
+.El
+.Sh SEE ALSO
+.Xr environ 7 ,
+.Xr pam.conf 5 ,
+.Xr pam 8
+.Sh AUTHORS
+The
+.Nm
+module was written by Dave Kinchlea <kinch@kinch.ark.com>.