pam-1 - Legacy API for PAM authentication
#include <rad/client/1/pam.h> cc [ flag... ] file... -lpam1_client [ library... ] interface Authentication const char * user ; (ro) const char ** roles ; (ro) int connectionTimeout ; (ro) rc_err_t pam_Authentication_login(rc_instance_t *inst, const char *locale, const char *username, pam_Block_t **result); rc_err_t pam_Authentication_assume(rc_instance_t *inst, const char *locale, const char *rolename, pam_Block_t **result); rc_err_t pam_Authentication_submit(rc_instance_t *inst, const char **responses, int responses_count, pam_Block_t **result); rc_err_t pam_Authentication_complete(rc_instance_t *inst); Enumerated Types enum MsgType typedef enum pam_MsgType { PMT_PROMPT_ECHO_OFF = 0, PMT_PROMPT_ECHO_ON = 1, PMT_ERROR_MSG = 2, PMT_TEXT_INFO = 3, } pam_MsgType_t; enum BlockType typedef enum pam_BlockType { PBT_CONV = 0, PBT_SUCCESS = 1, PBT_ERROR = 2, } pam_BlockType_t; Structured Types struct Message typedef struct pam_Message pam_Message_t; struct pam_Message { pam_MsgType_t pm_style; char *pm_message; }; void pam_Message_free(pam_Message_t *in); struct Block typedef struct pam_Block pam_Block_t; struct pam_Block { pam_BlockType_t pb_type; pam_Message_t **pb_messages; int pb_messages_count; }; void pam_Block_free(pam_Block_t *in);
PAM-1(3rad) RAD Module Definitions PAM-1(3rad) NAME pam - Legacy API for PAM authentication SYNOPSIS #include <rad/client/1/pam.h> cc [ flag... ] file... -lpam1_client [ library... ] interface Authentication const char * user ; (ro) const char ** roles ; (ro) int connectionTimeout ; (ro) rc_err_t pam_Authentication_login(rc_instance_t *inst, const char *locale, const char *username, pam_Block_t **result); rc_err_t pam_Authentication_assume(rc_instance_t *inst, const char *locale, const char *rolename, pam_Block_t **result); rc_err_t pam_Authentication_submit(rc_instance_t *inst, const char **responses, int responses_count, pam_Block_t **result); rc_err_t pam_Authentication_complete(rc_instance_t *inst); Enumerated Types enum MsgType typedef enum pam_MsgType { PMT_PROMPT_ECHO_OFF = 0, PMT_PROMPT_ECHO_ON = 1, PMT_ERROR_MSG = 2, PMT_TEXT_INFO = 3, } pam_MsgType_t; enum BlockType typedef enum pam_BlockType { PBT_CONV = 0, PBT_SUCCESS = 1, PBT_ERROR = 2, } pam_BlockType_t; Structured Types struct Message typedef struct pam_Message pam_Message_t; struct pam_Message { pam_MsgType_t pm_style; char *pm_message; }; void pam_Message_free(pam_Message_t *in); struct Block typedef struct pam_Block pam_Block_t; struct pam_Block { pam_BlockType_t pb_type; pam_Message_t **pb_messages; int pb_messages_count; }; void pam_Block_free(pam_Block_t *in); DESCRIPTION API com.oracle.solaris.rad.pam [1] This is a legacy RAD authentication interface provided for backwards compatibility only and not meant to be used directly. Please use authentication(3rad) instead. This API exposes PAM authentication to rad(8) clients. INTERFACES interface Authentication The authentication interface implements a PAM exchange to authenticate rad(8) clients. Handles to this type of object can be retrieved from the RAD server using an object name built with: 1. the "com.oracle.solaris.rad.pam" domain name 2. a key named "type" paired with a value of "Authentication" The login() method begins a PAM conversation to authenticate as a user, while assume() does the same for a role. Each returns a list of Block objects encapsulating the status of the conversation, the messages that should be displayed, and the input that should be collected. At each step, when the requested input has been collected, it is submitted using submit(). This method also returns a list of Block objects, allowing the conversation to continue indefinitely until authentication is complete. When any of the three returns a Block whose type is SUCCESS, authentication has succeeded and complete() should be called to close the conversation. Authentication Properties const char * user (read-only, nullable) -- gets the username of the connected user rc_err_t pam_Authentication_get_user(rc_instance_t *inst, char **result); Get property value. Arguments: inst -- RAD instance result -- Property value returned const char ** roles (read-only) -- gets the list of roles available to the connected user rc_err_t pam_Authentication_get_roles(rc_instance_t *inst, char ***result, int *result_cnt); Get property value. Arguments: inst -- RAD instance result -- Property value returned result_cnt -- Number of items in result array int connectionTimeout (read-only) -- the PAM conversation timeout, in seconds rc_err_t pam_Authentication_get_connectionTimeout(rc_instance_t *inst, int *result); Get property value. Arguments: inst -- RAD instance result -- Property value returned Authentication Methods rc_err_t pam_Authentication_login(rc_instance_t *inst, const char *locale, const char *username, pam_Block_t **result); begins a PAM conversation to authenticate as the specified user Arguments: inst -- RAD instance locale username result rc_err_t pam_Authentication_assume(rc_instance_t *inst, const char *locale, const char *rolename, pam_Block_t **result); begins a PAM conversation to authenticate as the specified role Like login(), Arguments: inst -- RAD instance locale rolename result rc_err_t pam_Authentication_submit(rc_instance_t *inst, const char **responses, int responses_count, pam_Block_t **result); continues a PAM conversation with information collected from the previous step Arguments: inst -- RAD instance responses responses_count -- Number of items in responses array result rc_err_t pam_Authentication_complete(rc_instance_t *inst); completes the PAM conversation with the RAD server Arguments: inst -- RAD instance Authentication Retrieve rc_err_t pam_Authentication__rad_get_name(adr_name_t **result, int n, ...); Obtain RAD name of a Authentication object. Arguments: result -- RAD name n -- Number of key-value pairs provided as variadic arguments ... -- Optional key-value pairs that compose the primary key rc_err_t pam_Authentication__rad_lookup(rc_conn_t *c, boolean_t strict, rc_instance_t **result, int n, ...); Lookup a Authentication instance. Construct a RAD name for the interface based on the provided key-value pairs and perform a lookup. If successful, instance reference is returned in the result. Arguments: c -- RAD connection handle strict -- Strict (B_TRUE) or relaxed (B_FALSE) versioning result -- RAD instance n -- Number of key-value pairs provided as variadic arguments ... -- Optional key-value pairs that compose the primary key rc_err_t pam_Authentication__rad_list(rc_conn_t *c, boolean_t strict, adr_pattern_scheme_t scheme, adr_name_t ***result, int *result_count, int n, ...); List RAD names of a available Authentication instances. Returns an array and array size of matching object names. Arguments: c -- RAD connection handle strict -- Strict (B_TRUE) or relaxed (B_FALSE) versioning scheme -- Apply glob (NS_GLOB) or regex (NS_REGEX) matching result -- Array of RAD names result_count -- Number of names in result array n -- Number of key-value pairs provided as variadic arguments ... -- Optional key-value pairs that compose the primary key ENUMERATED TYPES enum MsgType typedef enum pam_MsgType { PMT_PROMPT_ECHO_OFF = 0, PMT_PROMPT_ECHO_ON = 1, PMT_ERROR_MSG = 2, PMT_TEXT_INFO = 3, } pam_MsgType_t; PMT_PROMPT_ECHO_OFF (0) -- a request for non-sensitive information, such as a username PMT_PROMPT_ECHO_ON (1) -- a request for secure/sensitive information, such as a password or passphrase PMT_ERROR_MSG (2) -- an error message to display to the user attempting authentication PMT_TEXT_INFO (3) -- an informational message to display to the user attempting authentication enum BlockType typedef enum pam_BlockType { PBT_CONV = 0, PBT_SUCCESS = 1, PBT_ERROR = 2, } pam_BlockType_t; PBT_CONV (0) -- conversation must continue PBT_SUCCESS (1) -- authentication has succeeded PBT_ERROR (2) -- authentication has failed STRUCTURED TYPES struct Message typedef struct pam_Message pam_Message_t; struct pam_Message { pam_MsgType_t pm_style; char *pm_message; }; void pam_Message_free(pam_Message_t *in); Fields: pm_style -- this message's type pm_message -- the message text struct Block typedef struct pam_Block pam_Block_t; struct pam_Block { pam_BlockType_t pb_type; pam_Message_t **pb_messages; int pb_messages_count; }; void pam_Block_free(pam_Block_t *in); Fields: pb_type -- the status of the conversation pb_messages -- the messages to display to the user pb_messages_count VERSION 1.0 ATTRIBUTES See attributes(7) for descriptions of the following attributes: +--------------------+-------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +--------------------+-------------------------+ |Availability | system/management/rad/* | +--------------------+-------------------------+ |Interface Stability | Private | +--------------------+-------------------------+ SEE ALSO rad(8) NOTES 1. Accessing Python documentation for this module: $ pydoc rad.bindings.com.oracle.solaris.rad.pam_1 Solaris 11.4 2017-06-28 PAM-1(3rad)