pam-1 - Legacy API for PAM authentication
#include <rad/client/1/pam.h>
cc [ flag... ] file... -lpam1_client [ library... ]
interface Authentication
const char * user ; (ro)
const char ** roles ; (ro)
int connectionTimeout ; (ro)
rc_err_t pam_Authentication_login(rc_instance_t *inst,
const char *locale,
const char *username,
pam_Block_t **result);
rc_err_t pam_Authentication_assume(rc_instance_t *inst,
const char *locale,
const char *rolename,
pam_Block_t **result);
rc_err_t pam_Authentication_submit(rc_instance_t *inst,
const char **responses,
int responses_count,
pam_Block_t **result);
rc_err_t pam_Authentication_complete(rc_instance_t *inst);
Enumerated Types
enum MsgType
typedef enum pam_MsgType {
PMT_PROMPT_ECHO_OFF = 0,
PMT_PROMPT_ECHO_ON = 1,
PMT_ERROR_MSG = 2,
PMT_TEXT_INFO = 3,
} pam_MsgType_t;
enum BlockType
typedef enum pam_BlockType {
PBT_CONV = 0,
PBT_SUCCESS = 1,
PBT_ERROR = 2,
} pam_BlockType_t;
Structured Types
struct Message
typedef struct pam_Message pam_Message_t;
struct pam_Message {
pam_MsgType_t pm_style;
char *pm_message;
};
void pam_Message_free(pam_Message_t *in);
struct Block
typedef struct pam_Block pam_Block_t;
struct pam_Block {
pam_BlockType_t pb_type;
pam_Message_t **pb_messages;
int pb_messages_count;
};
void pam_Block_free(pam_Block_t *in);
PAM-1(3rad) RAD Module Definitions PAM-1(3rad)
NAME
pam - Legacy API for PAM authentication
SYNOPSIS
#include <rad/client/1/pam.h>
cc [ flag... ] file... -lpam1_client [ library... ]
interface Authentication
const char * user ; (ro)
const char ** roles ; (ro)
int connectionTimeout ; (ro)
rc_err_t pam_Authentication_login(rc_instance_t *inst,
const char *locale,
const char *username,
pam_Block_t **result);
rc_err_t pam_Authentication_assume(rc_instance_t *inst,
const char *locale,
const char *rolename,
pam_Block_t **result);
rc_err_t pam_Authentication_submit(rc_instance_t *inst,
const char **responses,
int responses_count,
pam_Block_t **result);
rc_err_t pam_Authentication_complete(rc_instance_t *inst);
Enumerated Types
enum MsgType
typedef enum pam_MsgType {
PMT_PROMPT_ECHO_OFF = 0,
PMT_PROMPT_ECHO_ON = 1,
PMT_ERROR_MSG = 2,
PMT_TEXT_INFO = 3,
} pam_MsgType_t;
enum BlockType
typedef enum pam_BlockType {
PBT_CONV = 0,
PBT_SUCCESS = 1,
PBT_ERROR = 2,
} pam_BlockType_t;
Structured Types
struct Message
typedef struct pam_Message pam_Message_t;
struct pam_Message {
pam_MsgType_t pm_style;
char *pm_message;
};
void pam_Message_free(pam_Message_t *in);
struct Block
typedef struct pam_Block pam_Block_t;
struct pam_Block {
pam_BlockType_t pb_type;
pam_Message_t **pb_messages;
int pb_messages_count;
};
void pam_Block_free(pam_Block_t *in);
DESCRIPTION
API com.oracle.solaris.rad.pam [1]
This is a legacy RAD authentication interface provided for backwards
compatibility only and not meant to be used directly. Please use
authentication(3rad) instead.
This API exposes PAM authentication to rad(8) clients.
INTERFACES
interface Authentication
The authentication interface implements a PAM exchange to authenticate
rad(8) clients. Handles to this type of object can be retrieved from
the RAD server using an object name built with:
1. the "com.oracle.solaris.rad.pam" domain name
2. a key named "type" paired with a value of "Authentication"
The login() method begins a PAM conversation to authenticate as a user,
while assume() does the same for a role. Each returns a list of Block
objects encapsulating the status of the conversation, the messages that
should be displayed, and the input that should be collected.
At each step, when the requested input has been collected, it is
submitted using submit(). This method also returns a list of Block
objects, allowing the conversation to continue indefinitely until
authentication is complete.
When any of the three returns a Block whose type is SUCCESS,
authentication has succeeded and complete() should be called to close
the conversation.
Authentication Properties
const char * user (read-only, nullable) -- gets the username of the
connected user
rc_err_t pam_Authentication_get_user(rc_instance_t *inst,
char **result);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
const char ** roles (read-only) -- gets the list of roles available
to the connected user
rc_err_t pam_Authentication_get_roles(rc_instance_t *inst,
char ***result,
int *result_cnt);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
result_cnt -- Number of items in result array
int connectionTimeout (read-only) -- the PAM conversation timeout,
in seconds
rc_err_t pam_Authentication_get_connectionTimeout(rc_instance_t *inst,
int *result);
Get property value.
Arguments:
inst -- RAD instance
result -- Property value returned
Authentication Methods
rc_err_t pam_Authentication_login(rc_instance_t *inst,
const char *locale,
const char *username,
pam_Block_t **result);
begins a PAM conversation to authenticate as the specified user
Arguments:
inst -- RAD instance
locale
username
result
rc_err_t pam_Authentication_assume(rc_instance_t *inst,
const char *locale,
const char *rolename,
pam_Block_t **result);
begins a PAM conversation to authenticate as the specified role
Like login(),
Arguments:
inst -- RAD instance
locale
rolename
result
rc_err_t pam_Authentication_submit(rc_instance_t *inst,
const char **responses,
int responses_count,
pam_Block_t **result);
continues a PAM conversation with information collected from
the previous step
Arguments:
inst -- RAD instance
responses
responses_count -- Number of items in responses array
result
rc_err_t pam_Authentication_complete(rc_instance_t *inst);
completes the PAM conversation with the RAD server
Arguments:
inst -- RAD instance
Authentication Retrieve
rc_err_t pam_Authentication__rad_get_name(adr_name_t **result,
int n,
...);
Obtain RAD name of a Authentication object.
Arguments:
result -- RAD name
n -- Number of key-value pairs provided as variadic arguments
... -- Optional key-value pairs that compose the primary key
rc_err_t pam_Authentication__rad_lookup(rc_conn_t *c,
boolean_t strict,
rc_instance_t **result,
int n,
...);
Lookup a Authentication instance.
Construct a RAD name for the interface based on the provided
key-value pairs and perform a lookup. If successful, instance
reference is returned in the result.
Arguments:
c -- RAD connection handle
strict -- Strict (B_TRUE) or relaxed (B_FALSE) versioning
result -- RAD instance
n -- Number of key-value pairs provided as variadic arguments
... -- Optional key-value pairs that compose the primary key
rc_err_t pam_Authentication__rad_list(rc_conn_t *c,
boolean_t strict,
adr_pattern_scheme_t scheme,
adr_name_t ***result,
int *result_count,
int n,
...);
List RAD names of a available Authentication instances.
Returns an array and array size of matching object names.
Arguments:
c -- RAD connection handle
strict -- Strict (B_TRUE) or relaxed (B_FALSE) versioning
scheme -- Apply glob (NS_GLOB) or regex (NS_REGEX) matching
result -- Array of RAD names
result_count -- Number of names in result array
n -- Number of key-value pairs provided as variadic arguments
... -- Optional key-value pairs that compose the primary key
ENUMERATED TYPES
enum MsgType
typedef enum pam_MsgType {
PMT_PROMPT_ECHO_OFF = 0,
PMT_PROMPT_ECHO_ON = 1,
PMT_ERROR_MSG = 2,
PMT_TEXT_INFO = 3,
} pam_MsgType_t;
PMT_PROMPT_ECHO_OFF (0) -- a request for non-sensitive information,
such as a username
PMT_PROMPT_ECHO_ON (1) -- a request for secure/sensitive
information, such as a password or passphrase
PMT_ERROR_MSG (2) -- an error message to display to the user
attempting authentication
PMT_TEXT_INFO (3) -- an informational message to display to the
user attempting authentication
enum BlockType
typedef enum pam_BlockType {
PBT_CONV = 0,
PBT_SUCCESS = 1,
PBT_ERROR = 2,
} pam_BlockType_t;
PBT_CONV (0) -- conversation must continue
PBT_SUCCESS (1) -- authentication has succeeded
PBT_ERROR (2) -- authentication has failed
STRUCTURED TYPES
struct Message
typedef struct pam_Message pam_Message_t;
struct pam_Message {
pam_MsgType_t pm_style;
char *pm_message;
};
void pam_Message_free(pam_Message_t *in);
Fields:
pm_style -- this message's type
pm_message -- the message text
struct Block
typedef struct pam_Block pam_Block_t;
struct pam_Block {
pam_BlockType_t pb_type;
pam_Message_t **pb_messages;
int pb_messages_count;
};
void pam_Block_free(pam_Block_t *in);
Fields:
pb_type -- the status of the conversation
pb_messages -- the messages to display to the user
pb_messages_count
VERSION
1.0
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Availability | system/management/rad/* |
+--------------------+-------------------------+
|Interface Stability | Private |
+--------------------+-------------------------+
SEE ALSO
rad(8)
NOTES
1. Accessing Python documentation for this module:
$ pydoc rad.bindings.com.oracle.solaris.rad.pam_1
Solaris 11.4 2017-06-28 PAM-1(3rad)