Index: squid3/helpers/basic_auth/PAM/pam_auth.8 diff -c squid3/helpers/basic_auth/PAM/pam_auth.8:1.3 squid3/helpers/basic_auth/PAM/pam_auth.8:1.5 *** squid3/helpers/basic_auth/PAM/pam_auth.8:1.3 Wed May 15 06:03:57 2002 --- squid3/helpers/basic_auth/PAM/pam_auth.8 Wed Nov 5 03:00:40 2003 *************** *** 1,4 **** ! .TH pam_auth 8 "15 May 2002" "Squid PAM Auth" . .SH NAME pam_auth - Squid PAM authentication helper --- 1,4 ---- ! .TH pam_auth 8 "5 Sep 2003" "Squid PAM Auth" . .SH NAME pam_auth - Squid PAM authentication helper *************** *** 17,38 **** . .TP .BI "-t " TTL ! Unless the -1 option is used, this specified for how long ! the connection to the PAM database should be kept open and ! reused for new logins. Defaults to 60 seconds. . .TP .BI "-o" Do not perform the PAM account management group (account expiration etc) - .TP - .BI "-1" - Specifies "One shot" mode, where a new PAM connection will - be opened for each new user. This is how PAM is normally - used and may be required by some backend databases. - The default is to reuse the PAM connection to maximize - performance. (see -t above) . .SH CONFIGURATION . --- 17,34 ---- . .TP .BI "-t " TTL ! Enables persistent PAM connections where the connection to the PAM ! database is kept open and reused for new logins. The TTL specifies ! how long the connetion will be kept open (in seconds). Default is ! to not keep PAM connections open. Please note that the use of ! persistent PAM connections is slightly outside the PAM ! specification and may not work with all PAM configurations. . .TP .BI "-o" Do not perform the PAM account management group (account expiration etc) . .SH CONFIGURATION . *************** *** 76,82 **** .I Henrik Nordstrom . .SH COPYRIGHT ! Squid pam_auth and this manual is Copyright 1999,2002 Henrik Nordstrom . .SH QUESTIONS --- 72,78 ---- .I Henrik Nordstrom . .SH COPYRIGHT ! Squid pam_auth and this manual is Copyright 1999,2002,2003 Henrik Nordstrom . .SH QUESTIONS Index: squid3/helpers/basic_auth/PAM/pam_auth.c diff -c squid3/helpers/basic_auth/PAM/pam_auth.c:1.12 squid3/helpers/basic_auth/PAM/pam_auth.c:1.15 *** squid3/helpers/basic_auth/PAM/pam_auth.c:1.12 Wed Jan 22 17:35:35 2003 --- squid3/helpers/basic_auth/PAM/pam_auth.c Wed Nov 5 11:14:25 2003 *************** *** 2,8 **** * $Id$ * * PAM authenticator module for Squid. ! * Copyright (C) 1999,2002 Henrik Nordstrom * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by --- 2,8 ---- * $Id$ * * PAM authenticator module for Squid. ! * Copyright (C) 1999,2002,2003 Henrik Nordstrom * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by *************** *** 37,42 **** --- 37,51 ---- * * Change Log: * + * Version 2.2, 2003-11-05 + * One shot mode is now the default mode of operation + * with persistent PAM connections enabled by -t option. + * Support for clearing the PAM_AUTHTOK attribute on + * persistent PAM connections. + * + * Version 2.1, 2002-08-12 + * Squid-2.5 support (URL encoded login, password strings) + * * Version 2.0, 2002-01-07 * One shot mode, command line options * man page *************** *** 76,82 **** /* The default TTL */ #ifndef DEFAULT_SQUID_PAM_TTL ! #define DEFAULT_SQUID_PAM_TTL 60 #endif static char *password = NULL; /* Workaround for Solaris 2.6 brokenness */ --- 85,91 ---- /* The default TTL */ #ifndef DEFAULT_SQUID_PAM_TTL ! #define DEFAULT_SQUID_PAM_TTL 0 #endif static char *password = NULL; /* Workaround for Solaris 2.6 brokenness */ *************** *** 221,226 **** --- 230,236 ---- } pamh_created = time(NULL); } + /* Authentication */ retval = PAM_SUCCESS; if (ttl != 0) { if (retval == PAM_SUCCESS) *************** *** 238,244 **** error: fprintf(stdout, "ERR\n"); } ! if (ttl == 0) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { fprintf(stderr, "WARNING: failed to release PAM authenticator\n"); --- 248,262 ---- error: fprintf(stdout, "ERR\n"); } ! /* cleanup */ ! retval = PAM_SUCCESS; ! #ifdef PAM_AUTHTOK ! if (ttl != 0) { ! if (retval == PAM_SUCCESS) ! retval = pam_set_item(pamh, PAM_AUTHTOK, NULL); ! } ! #endif ! if (ttl == 0 || retval != PAM_SUCCESS) { retval = pam_end(pamh, retval); if (retval != PAM_SUCCESS) { fprintf(stderr, "WARNING: failed to release PAM authenticator\n");