Wed, 05 May 2010 10:25:24 +0200
88 |
--------------------------------------------------------------------------------
/pam-python.html:
--------------------------------------------------------------------------------
1 |
3 |
4 |
5 |
6 |
7 | pam-python - write PAM modules in Python
8 |
9 |
10 |
11 |
17 |
18 |
19 |
20 |
21 |
22 |
23 | Pam-python
24 | Write PAM modules in Python
25 |
26 |
27 |
28 | Pam-python is a PAM Module that runs the Python interpreter,
29 | thus allowing PAM Modules to be written in Python.
30 |
31 |
32 | Documentation
33 |
34 |
35 | There is a
36 | documentation page,
37 | some examples, a
38 | change log and a
39 | README.txt.
40 | The documentation page must be read in conjunction with the
41 | PAM Module Writers Guide.
42 |
43 |
44 | Copyright and License
45 |
46 |
47 | Pam-python is copyright © 2007-2012,2014,2016,2019 Russell Stuart.
48 | It is licensed under the GNU Affero General Public License.
49 |
50 |
51 |
52 | This program is free software: you can redistribute it and/or modify it
53 | under the terms of the GNU Affero General Public License as published by
54 | the Free Software Foundation, either version 3 of the License, or (at your
55 | option) any later version.
56 |
57 |
58 |
59 | The copyright holders grant you an additional permission under Section 7
60 | of the GNU Affero General Public License, version 3, exempting you from
61 | the requirement in Section 6 of the GNU General Public License, version 3,
62 | to accompany Corresponding Source with Installation Information for the
63 | Program or any work based on the Program. You are still required to
64 | comply with all other Section 6 requirements to provide Corresponding
65 | Source.
66 |
67 |
68 |
69 | This program is distributed in the hope that it will be useful,
70 | but WITHOUT ANY WARRANTY; without even the implied warranty of
71 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
72 | GNU Affero General Public License for more details.
73 |
74 |
75 | Downloading, Feedback & Contributing
76 |
77 |
78 | Development for pam-python is hosted on
79 | Source forge:
80 |
81 |
82 |
83 | -
84 | Download area,
85 | (.tar.gz, .deb).
86 |
87 | -
88 | Issue tracker,
89 | bugs, features or just questions.
90 |
91 | -
92 | Source repository.
93 |
94 | -
95 | Pam-python is part of Debian.
96 | Most Debian derived distribution can install using apt-get.
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 | Russell Stuart, 2014-May-29.
105 |
106 |
107 |
108 |
109 |
--------------------------------------------------------------------------------
/src/ctest.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Best compiled & run using the Makefile target "test". To compile and run
3 | * manually:
4 | * gcc -O0 -g -Wall -o test -lpam test.c
5 | * sudo ln -s $PWD/test-pam_python.pam /etc/pam.d
6 | * ./ctest
7 | * sudo rm /etc/pam.d/test-pam_python.pam
8 | */
9 | #define _GNU_SOURCE
10 |
11 | #ifdef __APPLE__
12 | #include
13 | #else
14 | #include
15 | #endif
16 | #include
17 | #include
18 | #include
19 | #include
20 | #include
21 |
22 | struct walk_info {
23 | int libpam_python_seen;
24 | int python_seen;
25 | };
26 |
27 | static int conv(
28 | int num_msg, const struct pam_message** msg, struct pam_response** resp, void *appdata_ptr)
29 | {
30 | int i;
31 |
32 | (void)appdata_ptr;
33 | *resp = malloc(num_msg * sizeof(**resp));
34 | for (i = 0; i < num_msg; i += 1)
35 | {
36 | (*resp)[i].resp = strdup((*msg)[i].msg);
37 | (*resp)[i].resp_retcode = (*msg)[i].msg_style;
38 | }
39 | return 0;
40 | }
41 |
42 | static void call_pam(
43 | int* exit_status, const char* who, pam_handle_t* pamh,
44 | int (*func)(pam_handle_t*, int))
45 | {
46 | int pam_result = (*func)(pamh, 0);
47 |
48 | if (pam_result == PAM_SUCCESS)
49 | return;
50 | fprintf(
51 | stderr, "%s failed: %d %s\n",
52 | who, pam_result, pam_strerror(pamh, pam_result));
53 | *exit_status = 1;
54 | }
55 |
56 | #ifdef __APPLE__
57 | static void walk_dlls(struct walk_info* walk_info)
58 | {
59 | int image_index;
60 | walk_info->libpam_python_seen = 0;
61 | walk_info->python_seen = 0;
62 | for (image_index = 0; image_index < _dyld_image_count(); image_index += 1) {
63 | const char* image_name = _dyld_get_image_name(image_index);
64 | if (strstr(image_name, "/pam_python.so") != 0)
65 | walk_info->libpam_python_seen = 1;
66 | if (strstr(image_name, "/libpython") != 0)
67 | walk_info->python_seen = 1;
68 | }
69 | }
70 | #else
71 | static int dl_walk(struct dl_phdr_info* info, size_t size, void* data)
72 | {
73 | struct walk_info* walk_info = data;
74 |
75 | (void)size;
76 | if (strstr(info->dlpi_name, "/pam_python.so") != 0)
77 | walk_info->libpam_python_seen = 1;
78 | if (strstr(info->dlpi_name, "/libpython") != 0)
79 | walk_info->python_seen = 1;
80 | return 0;
81 | }
82 |
83 | static void walk_dlls(struct walk_info* walk_info)
84 | {
85 | walk_info->libpam_python_seen = 0;
86 | walk_info->python_seen = 0;
87 | dl_iterate_phdr(dl_walk, walk_info);
88 | }
89 | #endif
90 |
91 | int main(int argc, char **argv)
92 | {
93 | int exit_status;
94 | struct pam_conv convstruct;
95 | pam_handle_t* pamh;
96 | struct walk_info walk_info_before;
97 | struct walk_info walk_info_after;
98 |
99 | (void)argc;
100 | (void)argv;
101 | if (access("/etc/pam.d/test-pam_python.pam", 0) != 0)
102 | {
103 | fprintf(
104 | stderr,
105 | "**WARNING**\n"
106 | " This test requires ./test-pam_python.pam configuration to be\n"
107 | " available to PAM But it doesn't appear to be in /etc/pam.d.\n"
108 | );
109 | }
110 | printf("Testing calls from C");
111 | fflush(stdout);
112 | convstruct.conv = conv;
113 | convstruct.appdata_ptr = 0;
114 | if (pam_start("test-pam_python.pam", "", &convstruct, &pamh) == -1)
115 | {
116 | fprintf(stderr, "pam_start failed\n");
117 | exit(1);
118 | }
119 | exit_status = 0;
120 | call_pam(&exit_status, "pam_authenticate", pamh, pam_authenticate);
121 | call_pam(&exit_status, "pam_chauthtok", pamh, pam_chauthtok);
122 | call_pam(&exit_status, "pam_acct_mgmt", pamh, pam_acct_mgmt);
123 | call_pam(&exit_status, "pam_open_session", pamh, pam_open_session);
124 | call_pam(&exit_status, "pam_close_session", pamh, pam_close_session);
125 | walk_dlls(&walk_info_before);
126 | call_pam(&exit_status, "pam_end", pamh, pam_end);
127 | if (exit_status == 0)
128 | printf(" OK\n");
129 | walk_dlls(&walk_info_after);
130 | printf("Testing dll load/unload ");
131 | if (!walk_info_before.libpam_python_seen)
132 | {
133 | fprintf(stderr, "It looks like pam_python.so wasn't loaded!\n");
134 | exit_status = 1;
135 | }
136 | else if (!walk_info_before.python_seen)
137 | {
138 | fprintf(stderr, "It looks like libpythonX.Y.so wasn't loaded!\n");
139 | exit_status = 1;
140 | }
141 | else if (walk_info_after.libpam_python_seen)
142 | {
143 | fprintf(stderr, "pam_python.so wasn't unloaded.\n");
144 | exit_status = 1;
145 | }
146 | else if (walk_info_after.python_seen)
147 | {
148 | fprintf(stderr, "libpythonX.Y.so wasn't uloaded.\n");
149 | exit_status = 1;
150 | }
151 | else
152 | printf("OK\n");
153 | return exit_status;
154 | }
155 |
--------------------------------------------------------------------------------
/Makefile.release:
--------------------------------------------------------------------------------
1 | #
2 | # Do a release.
3 | #
4 | # This is file is identical for _all_ sourceforge projects I host. It is
5 | # designed to one thing: automate my sourceforce work flow. Be warned that
6 | # I will selfishly reject any patches that don't do that.
7 | #
8 | # It does the following:
9 | #
10 | # 1. Verifies the changelogs have been updated to a consistent version.
11 | #
12 | # 2. Updates the verison numbers and copyright dates in all source files.
13 | #
14 | # 3. Builds the source tarball.
15 | #
16 | # 4. Builds the debian source and binary packages.
17 | #
18 | # 5. If there is a .spec file, buids the rpm source and binary
19 | # packages.
20 | #
21 | # 6. Sends the released files (tarball, debian and rpm packages) to the
22 | # release area.
23 | #
24 | # 7. Sends the HTML file, and other files references by it, to the web
25 | # site.
26 | #
27 | # Copyright (c) 2013,2014,2015,2016,2017,2018,2019 Russell Stuart.
28 | # Licensed (at your choice) under GPLv2, or any later version,
29 | # or AGPL-3.0+, or any later version.
30 | #
31 | RELEASE_ME=$(shell sed -n '1s/ .*//p' ChangeLog.txt)
32 | RELEASE_PACKAGE_NAME=$(shell echo "$(RELEASE_ME)" | sed 's/-[^-]*$$//')
33 | RELEASE_VERSION=$(shell echo "$(RELEASE_ME)" | sed 's/.*-//')
34 | RELEASE_YEAR=$(shell date +%Y)
35 | RELEASE_MONTH=$(shell date +%b)
36 | RELEASE_DATE=$(shell date +%Y-%m-%d)
37 | RELEASE_DEBIAN_VERSION=$(shell sed -n 's/[^(]*(\([^)]*\)).*/\1/p;q' debian/changelog)
38 |
39 | RELEASE_DIR=release.tmp
40 | RELEASE_HTDOCS=$(RELEASE_DIR)/htdocs
41 | RELEASE_FILES=$(RELEASE_DIR)/$(RELEASE_PACKAGE_NAME)-$(RELEASE_DEBIAN_VERSION)
42 |
43 | .PHONY: release
44 | release: $(RELEASE_DIR)/release.stamp
45 | $(RELEASE_DIR)/release.stamp: $(RELEASE_SOURCES)
46 | @echo ME=$(RELEASE_ME) PACKAGE=$(RELEASE_PACKAGE_NAME) VERSION=$(RELEASE_VERSION) YEAR=$(RELEASE_YEAR) MONTH=$(RELEASE_MONTH) DATE=$(RELEASE_DATE) DEBIAN_VERSION=$(RELEASE_DEBIAN_VERSION)
47 | #
48 | # Ensure the Debian changelog matches this version.
49 | #
50 | debian_version="$(RELEASE_DEBIAN_VERSION)"; [ "$(RELEASE_PACKAGE_NAME)-$${debian_version%-*}" = "$(RELEASE_ME)" ] || \
51 | { echo 1>&2 "debian/changelog: changelog is out of date."; exit 1; }
52 | $(MAKE) release-clean
53 | #
54 | # Check changes have reflected in mercurial.
55 | #
56 | ! hg status | grep '^?' || { echo "hg add hasn't been done" 1>&2; exit 1; }
57 | ! hg status | grep '^!' || { echo "hg rm hasn't been done" 1>&2; exit 1; }
58 | [ -z "$$(hg resolv --list | grep -v ^R)" ] || { echo "There are unresolved merge conflicts" 1>&2; exit 1; }
59 |
60 | #
61 | # Update all the version numbers and dates.
62 | #
63 | set -e; for f in $(wildcard *.1); do \
64 | sed -i "s/^\([.].\" Copyright (c) \)2[0-9]*/\1$(RELEASE_YEAR)/" "$${f}"; \
65 | sed -i "s/^\([.]TH [A-Z]* 1 \"\)[^\"]*\(\".*Version[ ]\+\)[1-9][0-9]*[.][0-9]\+/\1$(RELEASE_MONTH) $(RELEASE_YEAR)\2$(RELEASE_VERSION)/" "$${f}"; \
66 | done
67 | set -e; for f in $$(find . -name "*.c" -o -name "*.h"); do \
68 | sed -i "/$(RELEASE_YEAR)/!s/\(Copyright (c) [-0-9, ]*2[0-9]*\)\(,\? *Russell Stuart\)/\1,$(RELEASE_YEAR)\2/" "$${f}"; \
69 | sed -i "s/^\(static.*_version..[ ]*=[ ]*\"\)[^\"]*/\1$(RELEASE_VERSION)/" "$${f}"; \
70 | sed -i "s/^\(static.*_date..[ ]*=[ ]*\"\)[^\"]*/\1$(RELEASE_DATE)/" "$${f}"; \
71 | done
72 | set -e; for f in $$(find . -name "*.py"); do \
73 | sed -i 's/^\(VERSION[ ]*=[ ]*"\)[^ "]*/\1$(RELEASE_VERSION)/' $${f}; \
74 | sed -i 's/^\(VERSION[ ]*=[ ]*"[^ ]* \+\)[^"]*/\1$(RELEASE_DATE)/' $${f}; \
75 | done
76 | set -e; for f in $$(find . -name "*.rst" -o -name "*.py" -o -name "Makefile*") README.txt; do \
77 | sed -i "/$(RELEASE_YEAR)/!s/\(Copyright (c) [-0-9, ]*2[0-9]*\)\(,\? *Russell Stuart\)/\1,$(RELEASE_YEAR)\2/" "$${f}"; \
78 | done
79 | set -e; for f in $$(find . -name "setup.py"); do \
80 | sed -i 's/^\([ ]*version="\)[0-9]\+[.][0-9.]\+/\1$(RELEASE_VERSION)/' "$${f}"; \
81 | done
82 | ifneq ($(wildcard $(RELEASE_PACKAGE_NAME).spec),)
83 | sed -i "s/\(Version:[ ]\+\)[0-9]\+[.][0-9.]\+/\1$(RELEASE_VERSION)/" "$(RELEASE_PACKAGE_NAME).spec"
84 | endif
85 | ifneq ($(wildcard configure.ac),)
86 | sed -i "s/\(AC_INIT(\[\?$(RELEASE_PACKAGE_NAME)\]\?, *\[\?\)[0-9]\+[.][0-9.]\+/\1$(RELEASE_VERSION)/" configure.ac
87 | endif
88 | ifneq ($(wildcard doc/conf.py),)
89 | sed -i "/$(RELEASE_YEAR)/!s/^\( *copyright *= *u'[-0-9, ]*2[0-9]*\)\(,\?[ ]*Russell Stuart\)/\1,$(RELEASE_YEAR)\2/" doc/conf.py
90 | sed -i "s/^\( *\(version\|release\) *= *u\?'\)[0-9]\+[.][0-9.]\+'/\1$(RELEASE_VERSION)'/" doc/conf.py
91 | endif
92 | sed -i "/$(RELEASE_YEAR)/!s/\(.* is copyright © [-0-9, ]*2[0-9]*\)\(,\?[ ]*Russell Stuart\)/\1,$(RELEASE_YEAR)\2/" "$(RELEASE_PACKAGE_NAME).html"
93 | sed -i "s/$(RELEASE_PACKAGE_NAME)-[1-9][0-9]*[.][0-9]\+/$(RELEASE_ME)/g" "$(RELEASE_PACKAGE_NAME).html"
94 | sed -i "/$(RELEASE_YEAR)/!s/\(Copyright (c) [-0-9, ]*2[0-9]*\)\(,\? *Russell Stuart\)/\1,$(RELEASE_YEAR)\2/" README.txt
95 | #
96 | # Do any custom stuff.
97 | #
98 | $(MAKE) release-customise
99 | #
100 | # Build the release source tarball.
101 | #
102 | (set -exv; d="$${PWD##*/}" && sd=$$(echo "$$d" | sed 's/\./[.]/g') && cd .. && tar cfz "$(RELEASE_PACKAGE_NAME)_$(RELEASE_VERSION).orig.tar.gz" --exclude="$${d}/debian" --exclude="$${d}/.hg*" --exclude-vcs --transform "s;^$${sd}\(/\|\$$\);$(RELEASE_ME)\1;" "$${d}")
103 | #
104 | # Insert the debian packates into the release.
105 | #
106 | DEBIAN_KERNEL_USE_CCACHE="yes" debuild --preserve-env --preserve-envvar="PATH" -k0xF5231C62E7843A8C -sa --lintian-opts --info --display-info --display-experimental
107 | mkdir -p "$(RELEASE_FILES)"
108 | rm ../$(RELEASE_PACKAGE_NAME)_$(RELEASE_DEBIAN_VERSION)_*.build
109 | set -xve; mv $$(sed -n '1,/^Files:/d;/^$$/q;s:.* :../:p' ../$(RELEASE_PACKAGE_NAME)_$(RELEASE_DEBIAN_VERSION)_*.changes) ../$(RELEASE_PACKAGE_NAME)_$(RELEASE_DEBIAN_VERSION)_*.changes $(RELEASE_FILES)
110 | mv "$(RELEASE_FILES)/$(RELEASE_PACKAGE_NAME)_$(RELEASE_VERSION).orig.tar.gz" "$(RELEASE_FILES)/$(RELEASE_ME).tar.gz"
111 | ifneq ($(wildcard $(RELEASE_PACKAGE_NAME).spec),)
112 | #
113 | # Build the RPM package.
114 | #
115 | mkdir -p "$(RELEASE_DIR)/rpm/BUILD"
116 | mkdir -p "$(RELEASE_DIR)/rpm/RPMS"
117 | mkdir -p "$(RELEASE_DIR)/rpm/SOURCES"
118 | mkdir -p "$(RELEASE_DIR)/rpm/SPECS"
119 | mkdir -p "$(RELEASE_DIR)/rpm/SRPMS"
120 | echo >"$(RELEASE_DIR)/rpm/rpmmacros" "%_topdir $(PWD)/$(RELEASE_DIR)/rpm"
121 | TAR_OPTIONS=--wildcards rpmbuild -ta --macros "/usr/lib/rpm/macros:/usr/lib/rpm/platform/$(shell dpkg-architecture -qDEB_HOST_GNU_CPU)-$(shell dpkg-architecture -qDEB_HOST_ARCH_OS)linux/macros:/usr/lib/rpm/platform/noarch-$(shell dpkg-architecture -qDEB_HOST_ARCH_OS)/macros:$(RELEASE_DIR)/rpm/rpmmacros" "$(RELEASE_FILES)/$(RELEASE_ME).tar.gz"
122 | mv "$(RELEASE_DIR)/rpm/SRPMS/$(RELEASE_ME)-1ras.src.rpm" "$(RELEASE_FILES)"
123 | mv "$(RELEASE_DIR)/rpm/RPMS"/*/"$(RELEASE_ME)-1ras".*."rpm" "$(RELEASE_FILES)"
124 | cp ChangeLog.txt "$(RELEASE_FILES)/README.txt"
125 | endif
126 | #
127 | # Build the htdocs directory as it will appear on the host.
128 | #
129 | mkdir -p "$(RELEASE_HTDOCS)"
130 | cp -a $(RELEASE_PACKAGE_NAME).html $(RELEASE_HTDOCS)
131 | set -e; for f in $$(sed -n 's,<\(a href\|img src\)="https\?://[^"]*"[^>]*>,,;ta;:a;s/.*<\(a href\|img src\)="\([^#/"][^#"]*\)"[^>]*>/\2@@@/g;T;s/@@@\([^@]\|@[^@]\|@@[^@]\)*$$//;s/@@@/ /g;p' "$(RELEASE_PACKAGE_NAME).html"); do \
132 | f="$${f%/}"; \
133 | [ ."$${f%%/*}" = ."$${f}" ] || mkdir -p "$(RELEASE_HTDOCS)/$${f%/*}"; \
134 | case "$${f}" in \
135 | *.[12345678].html) man2html <"$${f%.html}" | sed >"$(RELEASE_HTDOCS)/$${f}" '1,2d;7,8d;/^
/,/^Time: /d';; \
136 | *) cp -a "$${f}" "$(RELEASE_HTDOCS)/$${f}";; \
137 | esac; \
138 | done
139 | ln -s "$(RELEASE_PACKAGE_NAME).html" "$(RELEASE_HTDOCS)/index.html"
140 | echo "Options +Indexes" >"$(RELEASE_HTDOCS)/.htaccess"
141 | #
142 | # Verify there is no rubbish lying wround.
143 | #
144 | ! hg status | grep '^?' || { echo '.hgignore: is missing some files' 1>&2; exit 1; }
145 | touch $@
146 |
147 | .PHONY: release-customise
148 | release-customise::
149 |
150 | .PHONY: release-upload
151 | release-upload: release-upload-htdocs release-upload-files
152 |
153 | .PHONY: release-upload-htdocs
154 | release-upload-htdocs: $(RELEASE_DIR)/release.stamp
155 | #
156 | # Send the files that a symlink'ed first, otherwise it fails on the
157 | # 1st send.
158 | #
159 | cd $(RELEASE_DIR); rsync -avPR $$(for f in $$(find htdocs -name index.html -type l); do ff=$$(readlink "$${f}"); echo $${f%/*}/$${ff}; done) rstuart,$(RELEASE_PACKAGE_NAME)@web.sourceforge.net:.
160 | rsync -avP --delete $(RELEASE_HTDOCS)/. rstuart,$(RELEASE_PACKAGE_NAME)@web.sourceforge.net:htdocs/.
161 |
162 | .PHONY: release-upload-files
163 | release-upload-files: $(RELEASE_DIR)/release.stamp
164 | rsync -avP --delete $(RELEASE_FILES) rstuart,$(RELEASE_PACKAGE_NAME)@frs.sourceforge.net:/home/frs/project/$(RELEASE_PACKAGE_NAME)/.
165 |
166 | .PHONY: release-clean
167 | release-clean: release-project-clean
168 | -[ "$(RELEASE_CLEAN_DONE)" = "yes" -o ! -d debian ] || RELEASE_CLEAN_DONE=yes debian/rules clean
169 | [ ! -d .pc ] || { quilt pop -a; rm -r .pc; }
170 | [ ! -f Makefile-automake ] || $(MAKE) maintainer-clean
171 | rm -rf $(RELEASE_DIR) "$(RELEASE_PACKAGE_NAME).1.html"
172 | rm -rf $$(find . -name "*.orig" -o -name ".*.sw?")
173 |
174 | .PHONY: release-tag
175 | release-tag: $(RELEASE_DIR)/release.stamp
176 | ! hg status | grep '^?' || { echo "hg add hasn't been done" 1>&2; exit 1; }
177 | ! hg status | grep '^!' || { echo "hg rm hasn't been done" 1>&2; exit 1; }
178 | [ -z "$$(hg resolv --list)" ] || { echo "There are unresolved merge conflicts" 1>&2; exit 1; }
179 | [ -z "$$(hg status)" ] || \
180 | hg commit -m "Release $(RELEASE_PACKAGE_NAME)-$(RELEASE_DEBIAN_VERSION) - see ChangeLog.txt"
181 | hg tag "$(RELEASE_PACKAGE_NAME)-$(RELEASE_DEBIAN_VERSION)"
182 |
183 |
184 | .PHONY: release-project-clean
185 | release-project-clean::
186 |
--------------------------------------------------------------------------------
/doc/pam_python.rst:
--------------------------------------------------------------------------------
1 | **************
2 | |pam_python|
3 | **************
4 |
5 | .. toctree::
6 | :maxdepth: 2
7 |
8 | .. topic:: Abstract
9 |
10 | |Pam_python| is a PAM module that runs the Python interpreter, and so
11 | allows PAM modules to be written in Python.
12 |
13 | :Author: Russell Stuart
14 |
15 |
16 | .. _intro:
17 |
18 | Introduction
19 | ============
20 |
21 | The |pam_python| PAM module runs the Python source file (aka Python PAM
22 | module) it is given in the Python interpreter, making the PAM module API
23 | available to it. This document describes the how the PAM Module API is exposed
24 | to the Python PAM module. It does not describe how to use the API. You must read
25 | the |PMWG|_ to learn how to do that. To re-iterate: this
26 | document does not tell you how to write PAM modules, it only tells you how to
27 | access the PAM module API from Python.
28 |
29 | Writing PAM modules from Python incurs a large performance penalty and requires
30 | Python to be installed, so it is not the best option for writing modules that
31 | will be used widely. On the other hand memory allocation / corruption problems
32 | can not be caused by bad Python code, and a Python module is generally shorter
33 | and easier to write than its C equivalent. This makes it ideal for the system
34 | administrator who just wants to make use of the the PAM API for his own ends
35 | while minimising the risk of introducing memory corruption problems into every
36 | program using PAM.
37 |
38 |
39 | .. _configuring:
40 |
41 | Configuring PAM
42 | ===============
43 |
44 | Tell PAM to use a Python PAM module in the usual way: add a rule to your PAM
45 | configuration. The PAM administrators manual gives the syntax of a rule as::
46 |
47 | service type control module-path module-arguments
48 |
49 | The first three parameters are the same for all PAM modules and so aren't any
50 | different for |pam_python|. The *module-path* is the path to pam_python.so.
51 | Like all paths PAM modules it is relative to the default PAM module directory so
52 | is usually just the string ``pam_python.so``. The first *module-argument* is the
53 | path to the Python PAM module. If it doesn't start with a / it is relative to
54 | the ``/lib/security``. All *module-arguments*, including the path name to the
55 | Python PAM module are passed to it.
56 |
57 |
58 | .. _module:
59 |
60 | Python PAM modules
61 | ==================
62 |
63 | When a PAM handle created by the applications call to PAM's :samp:`pam_start()`
64 | function first uses a Python PAM module, |pam_python| invokes it using Python's
65 | ``execfile`` function. The following variables are passed to the invoked
66 | module in its global namespace:
67 |
68 |
69 | .. data:: __builtins__
70 |
71 | The usual Python ``__builtins__``.
72 |
73 |
74 | .. data:: __file__
75 |
76 | The absolute path name to the Python PAM module.
77 |
78 | As described in the |PMWG|, PAM interacts with your module by calling methods
79 | you provide in it. Each ``type`` in the PAM configuration rules results in one
80 | or more methods being called. The Python PAM module must define the methods that
81 | will be called by each rule ``type`` it can be used with. Those methods are:
82 |
83 |
84 | .. function:: pam_sm_acct_mgmt(pamh, flags, args)
85 |
86 | The service module's implementation of PAM's :manpage:`pam_acct_mgmt(3)` interface.
87 |
88 |
89 | .. function:: pam_sm_authenticate(pamh, flags, args)
90 |
91 | The service module's implementation of PAM's :manpage:`pam_authenticate(3)`
92 | interface.
93 |
94 |
95 | .. function:: pam_sm_close_session(pamh, flags, args)
96 |
97 | The service module's implementation of PAM's :manpage:`pam_close_session(3)`
98 | interface.
99 |
100 |
101 | .. function:: pam_sm_chauthtok(pamh, flags, args)
102 |
103 | The service module's implementation of PAM's :manpage:`pam_chauthtok(3)` interface.
104 |
105 |
106 | .. function:: pam_sm_open_session(pamh, flags, args)
107 |
108 | The service module's implementation of PAM's :manpage:`pam_open_session(3)`
109 | interface.
110 |
111 |
112 | .. function:: pam_sm_setcred(pamh, flags, args)
113 |
114 | The service module's implementation of PAM's :manpage:`pam_setcred(3)` interface.
115 |
116 | The arguments and return value of all these methods are the same. The *pamh*
117 | parameter is an instance of the :class:`PamHandle` class. It is used to interact
118 | with PAM and is described in the next section. The remaining arguments are as
119 | described in the |PMWG|. All functions must return an integer,
120 | eg :const:`pamh.PAM_SUCCESS`. The valid return codes for each function are
121 | defined |PMWG|. If the Python method isn't present
122 | |pam_python| will return :const:`pamh.PAM_SYMBOL_ERR` to PAM; if the method
123 | doesn't return an integer or throws an exception :const:`pamh.PAM_SERVICE_ERR`
124 | is returned.
125 |
126 | There is one other method that in the Python PAM module
127 | that may be called by |pam_python|.
128 | It is optional:
129 |
130 |
131 | .. function:: pam_sm_end(pamh)
132 |
133 | If present this will be called when the application calls PAM's
134 | :manpage:`pam_end(3)` function.
135 | If not present nothing happens.
136 | The parameter *pamh* is the :class:`PamHandle` object.
137 | The return value is ignored.
138 |
139 |
140 | .. _pamhandle:
141 |
142 | The PamHandle Class
143 | ===================
144 |
145 | An instance of this class is automatically created for a Python PAM module when
146 | it is first referenced, (ie when it is ``execfile``'ed). It is the first
147 | argument to every Python method called by PAM. It is destroyed automatically
148 | when PAM's :c:func:`pam_end` is called, right after the ``execfile``'ed
149 | module is destroyed. If any method fails, or any access to a member fails a
150 | :exc:`PamHandle.exception` exception will be thrown. It contains the following
151 | members:
152 |
153 |
154 | .. data:: PAM_???
155 |
156 | All the :const:`PAM_???` constants defined in the PAM include files
157 | version 1.1.1 are available. They are all read-only :class:`int`'s.
158 |
159 |
160 | .. data:: authtok
161 |
162 | The :const:`PAM_AUTHTOK` PAM item. Reading this results in a call
163 | to the |pam-lib-func| :samp:`pam_get_item(PAM_AUTHTOK)`, writing it
164 | results in a call :samp:`pam_set_item(PAM_AUTHTOK, value)`. Its
165 | value will be either a :class:`string` or :const:`None` for the C
166 | value :c:macro:`NULL`.
167 |
168 |
169 | .. data:: authtok_type
170 |
171 | The :const:`PAM_AUTHTOK_TYPE` PAM item. Reading this results in a call
172 | to the |pam-lib-func| :samp:`pam_get_item(PAM_AUTHTOK_TYPE)`, writing it
173 | results in a call :samp:`pam_set_item(PAM_AUTHTOK_TYPE, value)`. Its
174 | value will be either a :class:`string` or :const:`None` for the C
175 | value :c:macro:`NULL`.
176 | New in version 1.0.0.
177 | Only present if the version of PAM |pam_python| is compiled with supports it.
178 |
179 |
180 | .. data:: env
181 |
182 | This is a mapping representing the PAM environment. |pam_python| implements
183 | accesses and changes to it via the |pam-lib-func| :samp:`pam_getenv()`,
184 | :samp:`pam_putenv()` and :samp:`pam_getenvlist()`. The PAM environment
185 | only supports :class:`string` keys and values, and the keys may not be
186 | blank nor contain '='.
187 |
188 |
189 | .. data:: exception
190 |
191 | The exception raised by methods defined here if they fail. It is a
192 | subclass of :class:`StandardError`. Instances contain the member
193 | :const:`pam_result`, which is the error code returned by PAM. The
194 | description is the PAM error message.
195 |
196 |
197 | .. data:: libpam_version
198 |
199 | The version of PAM |pam_python| was compiled with. This is a
200 | :class:`string`. In version 0.1.0 of |pam_python| and prior this was an
201 | :class:`int` holding the version of PAM library loaded. Newer versions of
202 | PAM no longer export that value.
203 |
204 |
205 | .. data:: pamh
206 |
207 | The PAM handle, as read-only :class:`int`. Possibly useful during debugging.
208 |
209 |
210 | .. data:: py_initialized
211 |
212 | A read-only :class:`int`.
213 | If the Python interpreter was initialised
214 | before the |pam_python| module was created this is 0.
215 | Otherwise it is 1, meaning |pam_python| has called :c:func:`Py_Initialize`
216 | and will call :c:func:`Py_Finalize`
217 | when the last |pam_python| module is destroyed.
218 |
219 |
220 | .. data:: oldauthtok
221 |
222 | The :const:`PAM_OLDAUTHTOK` PAM item. Reading this results in a call
223 | to the |pam-lib-func| :samp:`pam_get_item(PAM_OLDAUTHTOK)`,
224 | writing it results in a call :samp:`pam_set_item(PAM_OLDAUTHTOK, value)`.
225 | Its value will be either a :class:`string` or :const:`None` for the
226 | C value :c:macro:`NULL`.
227 |
228 |
229 | .. data:: rhost
230 |
231 | The :const:`PAM_RHOST` PAM item. Reading this results in a call
232 | to the |pam-lib-func| :samp:`pam_get_item(PAM_RHOST)`,
233 | writing it results in a call :samp:`pam_set_item(PAM_RHOST, value)`.
234 | Its value will be either a :class:`string`
235 | or :const:`None` for the C value :c:macro:`NULL`.
236 |
237 |
238 | .. data:: ruser
239 |
240 | The :const:`PAM_RUSER` PAM item. Reading this results in a call
241 | to the |pam-lib-func| :samp:`pam_get_item(PAM_RUSER)`,
242 | writing it results in a call :samp:`pam_set_item(PAM_RUSER, value)`.
243 | Its value will be either a :class:`string`
244 | or :const:`None` for the C value :c:macro:`NULL`.
245 |
246 |
247 | .. data:: service
248 |
249 | The :const:`PAM_SERVICE` PAM item. Reading this results in a call
250 | to the |pam-lib-func| :samp:`pam_get_item(PAM_SERVICE)`,
251 | writing it results in a call :samp:`pam_set_item(PAM_SERVICE, value)`.
252 | Its value will be either a :class:`string`
253 | or :const:`None` for the C value :c:macro:`NULL`.
254 |
255 |
256 | .. data:: tty
257 |
258 | The :const:`PAM_TTY` PAM item. Reading this results in a call
259 | to the |pam-lib-func| :samp:`pam_get_item(PAM_TTY)`,
260 | writing it results in a call :samp:`pam_set_item(PAM_TTY, value)`.
261 | Its value will be either a :class:`string`
262 | or :const:`None` for the C value :c:macro:`NULL`.
263 |
264 |
265 | .. data:: user
266 |
267 | The :const:`PAM_USER` PAM item. Reading this results in a call
268 | to the |pam-lib-func| :samp:`pam_get_item(PAM_USER)`,
269 | writing it results in a call :samp:`pam_set_item(PAM_USER, value)`.
270 | Its value will be either a :class:`string`
271 | or :const:`None` for the C value :c:macro:`NULL`.
272 |
273 |
274 | .. data:: user_prompt
275 |
276 | The :const:`PAM_USER_PROMPT` PAM item. Reading this results in a call
277 | to the |pam-lib-func| :samp:`pam_get_item(PAM_USER_PROMPT)`,
278 | writing it results in a call :samp:`pam_set_item(PAM_USER_PROMPT, value)`.
279 | Its value will be either a :class:`string`
280 | or :const:`None` for the C value :c:macro:`NULL`.
281 |
282 |
283 | .. data:: xauthdata
284 |
285 | The :const:`PAM_XAUTHDATA` PAM item. Reading this results in a call
286 | to the |pam-lib-func| :samp:`pam_get_item(PAM_XAUTHDATA)`,
287 | writing it results in a call :samp:`pam_set_item(PAM_XAUTHDATA, value)`.
288 | Its value is a :class:`XAuthData` instance. When setting its value you
289 | don't have to use an actual :class:`XAuthData` instance,
290 | any class that contains a :class:`string` member :attr:`name`
291 | and a :class:`string` member :attr:`data` will do.
292 | New in version 1.0.0.
293 | Only present if the version of PAM |pam_python| is compiled with supports it.
294 |
295 |
296 | .. data:: xdisplay
297 |
298 | The :const:`PAM_XDISPLAY` PAM item. Reading this results in a call
299 | to the |pam-lib-func| :samp:`pam_get_item(PAM_XDISPLAY)`,
300 | writing it results in a call :samp:`pam_set_item(PAM_XDISPLAY, value)`.
301 | Its value will be either a :class:`string`
302 | or :const:`None` for the C value :c:macro:`NULL`.
303 | New in version 1.0.0.
304 | Only present if the version of PAM |pam_python| is compiled with supports it.
305 |
306 | The following methods are available:
307 |
308 |
309 | .. method:: PamHandle.Message(msg_style,msg)
310 |
311 | Creates an instance of the :class:`Message` class.
312 | The arguments become the instance members of the same name.
313 | This class is used to represent the C API's ``struct pam_message`` type.
314 | An instance has two members corresponding
315 | to the C structure members of the same name:
316 | :attr:`msg_style` an :class:`int`
317 | and :attr:`data` a :class:`string`.
318 | Instances are immutable.
319 | Instances of this class can be passed to the :meth:`conversation` method.
320 |
321 |
322 | .. method:: PamHandle.Response(resp,ret_code)
323 |
324 | Creates an instance of the :class:`Response` class.
325 | The arguments become the instance members of the same name.
326 | This class is used to represent the C API's ``struct pam_response`` type.
327 | An instance has two members
328 | corresponding to the C structure members of the same name:
329 | :attr:`resp` a :class:`string`
330 | and :attr:`ret_code` an :class:`int`.
331 | Instances are immutable.
332 | Instances of this class are returned by the :meth:`conversation` method.
333 |
334 |
335 | .. method:: PamHandle.XAuthData(name,data)
336 |
337 | Creates an instance of the :class:`XAuthData` class.
338 | The arguments become the instance members of the same name.
339 | This class is used to represent the C API's ``struct pam_xauth_data`` type.
340 | An instance has two members
341 | corresponding to the C structure members of the same name:
342 | :attr:`name` a :class:`string` and :attr:`data` also a :class:`string`.
343 | Instances are immutable.
344 | The :data:`xauthdata` member returns instances of this class and
345 | can be set to an instance of this class.
346 |
347 |
348 | .. method:: PamHandle.conversation(prompts)
349 |
350 | Calls the function defined by the PAM :c:macro:`PAM_CONV` item.
351 | The *prompts* argument is a :class:`Message` object
352 | or a :class:`list` of them.
353 | You don't have to pass an actual :class:`Message` object,
354 | any class that contains a :class:`string` member :attr:`msg`
355 | and a :class:`int` member :attr:`msg_style` will do.
356 | These members are used to initialise the ``struct pam_message``
357 | members of the same name. It returns either a single :class:`Response`
358 | object if a single :class:`Message` was passed,
359 | or a :class:`list` of them of the same length as the :class:`list` passed.
360 | These :class:`Response` objects contain the data the user entered.
361 |
362 |
363 | .. method:: PamHandle.fail_delay(delay)
364 |
365 | This results in a call to the |pam-lib-func| :samp:`pam_fail_delay()`,
366 | which sets the maximum random delay after an authentication failure
367 | to *delay* milliseconds.
368 |
369 |
370 | .. method:: PamHandle.get_user([prompt])
371 |
372 | This results in a call to the |pam-lib-func| :samp:`pam_get_user()`,
373 | which returns the current user name (a :class:`string`)
374 | or :const:`None` if :samp:`pam_get_user()` returns :c:macro:`NULL`.
375 | If not known it asks the PAM application for the user name,
376 | giving it the :class:`string` *prompt* parameter
377 | to prompt the user to enter it.
378 |
379 |
380 | .. method:: PamHandle.strerror(errnum)
381 |
382 | This results in a call to the |pam-lib-func| :samp:`pam_strerror()`,
383 | which returns a :class:`string` description of the :class:`int`
384 | PAM return value *errnum*.
385 |
386 | There is no interface provided for the |pam-lib-func|\s :samp:`pam_get_data()`
387 | and :samp:`pam_set_data()`. There are two reasons for this.
388 | Firstly those two methods are provided so C code can have private storage
389 | local to the PAM handle. A Python PAM Module can use own module name space
390 | to do the same job, and it's easier to do so. But more importantly it's
391 | safer because there is no type-safe way of providing access to the facility
392 | from Python.
393 |
394 |
395 | .. _diagnostics:
396 |
397 | Diagnostics, Debugging, Bugs
398 | ============================
399 |
400 | The way |pam_python| operates will be foreign to most Python programmers.
401 | It embeds Python into existing programs, primarily ones written in C.
402 | This means things like debugging and diagnostics
403 | are done differently to a normal Python program.
404 |
405 |
406 | .. _return-values:
407 |
408 | Diagnostics
409 | -----------
410 |
411 | If |pam_python| returns something other than :const:`PAM_SUCCESS` to PAM a
412 | message will be written to the ``syslog`` ``LOG_AUTHPRIV`` facility. The only
413 | exception to this is when |pam_python| is passing on the return value from
414 | a Python :meth:`pam_sm_...` entry point - nothing is logged in that case.
415 | So, if your Python PAM Module is failing in mysterious ways
416 | check the log file your system is configured to write
417 | ``LOG_AUTHPRIV`` entries to.
418 | Usually this is :file:`/var/log/syslog` or :file:`/var/log/auth.log`.
419 | The diagnostic or traceback Python would normally print to :attr:`sys.stderr`
420 | will be in there.
421 |
422 | The PAM result codes returned directly by |pam_python| are:
423 |
424 |
425 | .. data:: PAM_BUF_ERR
426 |
427 | Memory allocation failed.
428 |
429 |
430 | .. data:: PAM_MODULE_UNKNOWN
431 |
432 | The Python PAM module name wasn't supplied.
433 |
434 |
435 | .. data:: PAM_OPEN_ERR
436 |
437 | The Python PAM module could not be opened.
438 |
439 |
440 | .. data:: PAM_SERVICE_ERR
441 |
442 | A Python exception was thrown, unless it was because of a memory allocation
443 | failure.
444 |
445 |
446 | .. data:: PAM_SYMBOL_ERR
447 |
448 | A :meth:`pam_sm_...` called by PAM wasn't defined by the Python PAM module.
449 |
450 |
451 | .. _debugging:
452 |
453 | Debugging
454 | ---------
455 |
456 | If you have Python bindings for the PAM Application library then you can write
457 | test units in Python and use Pythons :mod:`pdb` module debug a Python PAM
458 | module. This is how |pam_python| was developed.
459 |
460 | I used `PyPAM `_ for the Python Application
461 | library bindings. Distributions often package it as ``python-pam``. To set
462 | breakpoints in :mod:`pdb` either wait until PAM has loaded your module, or
463 | :keyword:`import` it before you start debugging.
464 |
465 |
466 | .. _bugs:
467 |
468 | Bugs
469 | ----
470 |
471 | There are several design decisions you may stumble across when using
472 | |pam_python|. One is that the Python PAM module is isolated from the rest
473 | of the Python environment. This differs from a :keyword:`import`'ed Python module,
474 | where regardless of how many times a module is imported there is only one copy
475 | that shares the one global name space.
476 | For example, if you :keyword:`import` your Python PAM module
477 | and then debug it as suggested above then there will be 2
478 | copies of your Python PAM module in memory -
479 | the imported one and the one PAM is using.
480 | If the PAM module sets a global variable you won't see it in the
481 | :keyword:`import`'ed one. Indeed, obtaining any sort of handle to the module
482 | PAM is using is near impossible. This means the debugger can inspect variables
483 | in the module only when a breakpoint has one of the modules functions in its
484 | backtrace.
485 |
486 | There are a few of reasons for this. Firstly, the |PMWG| says
487 | this is the way it should be, so |pam_python| encourages it. Secondly, if a
488 | PAM application is using a Python PAM Module it's important the PAM module
489 | remains as near to invisible as possible to avoid conflicts. Finally, and most
490 | importantly, references to objects constructed by the Python PAM module must
491 | never leak. This is because the destructors to those objects are C functions
492 | that live in |pam_python|, and those destructors are called when all
493 | references to the objects are gone. When the application calls |pam-lib-func|
494 | :samp:`pam_end()` function |pam_python| is unloaded, and with it goes the
495 | destructor code. Should a reference to an object defined by |pam_python| exist
496 | after :samp:`pam_end()` returns the call to destructor
497 | will result in a jump to a non-existent address causing a ``SIGSEGV``.
498 |
499 | Another potential trap is the initialisation and finalisation of the Python
500 | interpreter itself. Calling the interpreter's finalisation routine while it is
501 | in use would I imagine be a big no-no. If |pam_python| has to initialise
502 | the interpreter (by calling :c:func:`Py_Initialize`) then it will call its
503 | finaliser :c:func:`Py_Finalize` when the last Python PAM module is destroyed.
504 | This is heuristic works in most scenarios. One example where is won't work is a
505 | sequence like::
506 |
507 | start-python-pam-module;
508 | application-initialises-interpreter;
509 | stop-python-pam-module;
510 | application-stops-interpreter.
511 |
512 | The above is doomed to fail.
513 |
514 |
515 | .. _example:
516 |
517 | An example
518 | ==========
519 |
520 | This is one of the examples provided by the package:
521 |
522 |
523 | .. include:: pam_permit.py
524 | :literal:
525 |
526 | Assuming it and ``pam_python.so`` are in the directory ``/lib/security`` adding
527 | these rules to ``/etc/pam.conf`` would run it::
528 |
529 | login account requisite pam_python.so pam_accept.py
530 | login auth requisite pam_python.so pam_accept.py
531 | login password requisite pam_python.so pam_accept.py
532 | login session requisite pam_python.so pam_accept.py
533 |
534 | .. |PMWG| replace:: PAM Module Writers Guide
535 |
536 | .. _PMWG: http://www.linux-pam.org/Linux-PAM-html/
537 |
538 | .. |pam_python| replace:: `pam_python`
539 |
540 | .. |pam-lib-func| replace:: PAM library function
541 |
--------------------------------------------------------------------------------
/src/test.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python -W default
2 | #
3 | # This is the test script for libpython-pam. There aren't many stones
4 | # left unturned.
5 | #
6 | # Best run from the Makefile using the target 'test'. To run manually:
7 | # sudo ln -s $PWD/test-pam_python.pam /etc/pam.d
8 | # python test.py
9 | # sudo rm /etc/pam.d/test-pam_python.pam
10 | #
11 | import warnings; warnings.simplefilter('default')
12 | import os
13 | import sys
14 |
15 | TEST_PAM_MODULE = "test-pam_python.pam"
16 | TEST_PAM_USER = "root"
17 |
18 | #
19 | # A Fairly straight forward test harness.
20 | #
21 | def pam_sm_end(pamh):
22 | return test(pam_sm_end, pamh, None, None)
23 | def pam_sm_authenticate(pamh, flags, argv):
24 | return test(pam_sm_authenticate, pamh, flags, argv)
25 | def pam_sm_setcred(pamh, flags, argv):
26 | return test(pam_sm_setcred, pamh, flags, argv)
27 | def pam_sm_acct_mgmt(pamh, flags, argv):
28 | return test(pam_sm_acct_mgmt, pamh, flags, argv)
29 | def pam_sm_open_session(pamh, flags, argv):
30 | return test(pam_sm_open_session, pamh, flags, argv)
31 | def pam_sm_close_session(pamh, flags, argv):
32 | return test(pam_sm_close_session, pamh, flags, argv)
33 | def pam_sm_chauthtok(pamh, flags, argv):
34 | return test(pam_sm_chauthtok, pamh, flags, argv)
35 |
36 | def test(who, pamh, flags, argv):
37 | import test
38 | if not hasattr(test, "test_function"):# only true if not called via "main"
39 | return pamh.PAM_SUCCESS # normally happens only if run by ctest
40 | test_function = globals()[test.test_function.__name__]
41 | return test_function(test.test_results, who, pamh, flags, argv)
42 |
43 | def run_test(caller):
44 | import test
45 | test_name = caller.__name__[4:]
46 | sys.stdout.write("Testing " + test_name + " ")
47 | sys.stdout.flush()
48 | test.test_results = []
49 | test.test_function = globals()["test_" + test_name]
50 | caller(test.test_results)
51 | sys.stdout.write("OK\n")
52 |
53 | def pam_conv(auth, query_list, userData=None):
54 | return query_list
55 |
56 | #
57 | # Verify the results match.
58 | #
59 | def assert_results(expected_results, results):
60 | for i in range(min(len(expected_results), len(results))):
61 | assert expected_results[i] == results[i], (i, expected_results[i], results[i])
62 | if len(expected_results) < len(results):
63 | assert len(expected_results) == len(results), (i, results[len(expected_results)])
64 | else:
65 | assert len(expected_results) == len(results), (i, expected_results[len(results)])
66 |
67 | #
68 | # Test all the calls happen.
69 | #
70 | def test_basic_calls(results, who, pamh, flags, argv):
71 | results.append((who.func_name, flags, argv))
72 | return pamh.PAM_SUCCESS
73 |
74 | def run_basic_calls(results):
75 | pam = PAM.pam()
76 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
77 | pam.authenticate(0)
78 | pam.acct_mgmt()
79 | pam.chauthtok()
80 | pam.open_session()
81 | pam.close_session()
82 | del pam
83 | me = os.path.join(os.getcwd(), __file__)
84 | expected_results = [
85 | (pam_sm_authenticate.func_name, 0, [me]),
86 | (pam_sm_acct_mgmt.func_name, 0, [me, 'arg1', 'arg2']),
87 | (pam_sm_chauthtok.func_name, 16384, [me]),
88 | (pam_sm_chauthtok.func_name, 8192, [me]),
89 | (pam_sm_open_session.func_name, 0, [me]),
90 | (pam_sm_close_session.func_name, 0, [me]),
91 | (pam_sm_end.func_name, None, None)]
92 | assert_results(expected_results, results)
93 |
94 | #
95 | # Test all the constants are defined.
96 | #
97 | PAM_CONSTANTS = {
98 | #
99 | # Constants defined in _pam_types.h. The item constants are omitted.
100 | #
101 | "PAM_SUCCESS": 0,
102 | "PAM_OPEN_ERR": 1,
103 | "PAM_SYMBOL_ERR": 2,
104 | "PAM_SERVICE_ERR": 3,
105 | "PAM_SYSTEM_ERR": 4,
106 | "PAM_BUF_ERR": 5,
107 | "PAM_PERM_DENIED": 6,
108 | "PAM_AUTH_ERR": 7,
109 | "PAM_CRED_INSUFFICIENT": 8,
110 | "PAM_AUTHINFO_UNAVAIL": 9,
111 | "PAM_USER_UNKNOWN": 10,
112 | "PAM_MAXTRIES": 11,
113 | "PAM_NEW_AUTHTOK_REQD": 12,
114 | "PAM_ACCT_EXPIRED": 13,
115 | "PAM_SESSION_ERR": 14,
116 | "PAM_CRED_UNAVAIL": 15,
117 | "PAM_CRED_EXPIRED": 16,
118 | "PAM_CRED_ERR": 17,
119 | "PAM_NO_MODULE_DATA": 18,
120 | "PAM_CONV_ERR": 19,
121 | "PAM_AUTHTOK_ERR": 20,
122 | "PAM_AUTHTOK_RECOVER_ERR": 21,
123 | "PAM_AUTHTOK_RECOVERY_ERR": 21,
124 | "PAM_AUTHTOK_LOCK_BUSY": 22,
125 | "PAM_AUTHTOK_DISABLE_AGING": 23,
126 | "PAM_TRY_AGAIN": 24,
127 | "PAM_IGNORE": 25,
128 | "PAM_ABORT": 26,
129 | "PAM_AUTHTOK_EXPIRED": 27,
130 | "PAM_MODULE_UNKNOWN": 28,
131 | "PAM_BAD_ITEM": 29,
132 | "PAM_CONV_AGAIN": 30,
133 | "PAM_INCOMPLETE": 31,
134 | "PAM_SERVICE": 1,
135 | "PAM_USER": 2,
136 | "PAM_TTY": 3,
137 | "PAM_RHOST": 4,
138 | "PAM_CONV": 5,
139 | "PAM_AUTHTOK": 6,
140 | "PAM_OLDAUTHTOK": 7,
141 | "PAM_RUSER": 8,
142 | "PAM_USER_PROMPT": 9,
143 | "PAM_FAIL_DELAY": 10,
144 | "PAM_XDISPLAY": 11,
145 | "PAM_XAUTHDATA": 12,
146 | "PAM_AUTHTOK_TYPE": 13,
147 | "PAM_SILENT": 0x8000,
148 | "PAM_DISALLOW_NULL_AUTHTOK": 0x0001,
149 | "PAM_ESTABLISH_CRED": 0x0002,
150 | "PAM_DELETE_CRED": 0x0004,
151 | "PAM_REINITIALIZE_CRED": 0x0008,
152 | "PAM_REFRESH_CRED": 0x0010,
153 | "PAM_CHANGE_EXPIRED_AUTHTOK": 0x0020,
154 | "PAM_DATA_SILENT": 0x40000000,
155 | "PAM_PROMPT_ECHO_OFF": 1,
156 | "PAM_PROMPT_ECHO_ON": 2,
157 | "PAM_ERROR_MSG": 3,
158 | "PAM_TEXT_INFO": 4,
159 | "PAM_RADIO_TYPE": 5,
160 | "PAM_BINARY_PROMPT": 7,
161 | "PAM_MAX_NUM_MSG": 32,
162 | "PAM_MAX_MSG_SIZE": 512,
163 | "PAM_MAX_RESP_SIZE": 512,
164 | "_PAM_RETURN_VALUES": 32,
165 | #
166 | # Constants defined in pam_modules.h. The item constants are omitted.
167 | #
168 | "PAM_PRELIM_CHECK": 0x4000,
169 | "PAM_UPDATE_AUTHTOK": 0x2000,
170 | "PAM_DATA_REPLACE": 0x20000000,
171 | }
172 | def test_constants(results, who, pamh, flags, argv):
173 | results.append(who.func_name)
174 | if who != pam_sm_authenticate:
175 | return pamh.PAM_SUCCESS
176 | pam_constants = dict([
177 | (var, getattr(pamh,var))
178 | for var in dir(pamh)
179 | if var.startswith("PAM_") or var.startswith("_PAM_")])
180 | results.append(pam_constants)
181 | try:
182 | pamh.PAM_SUCCESS = 1
183 | results.append("Opps, pamh.PAM_SUCCESS = 1 worked!")
184 | except StandardError, e:
185 | results.append("except: %s" % e)
186 | return pamh.PAM_SUCCESS
187 |
188 | def run_constants(results):
189 | pam = PAM.pam()
190 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
191 | pam.authenticate(0)
192 | pam.close_session()
193 | del pam
194 | assert results[0] == pam_sm_authenticate.func_name, (results[0], pam_sm_authenticate.func_name)
195 | assert results[2] == "except: attribute 'PAM_SUCCESS' of 'PamHandle_type' objects is not writable", results[2]
196 | assert results[3] == pam_sm_close_session.func_name, (results[3], pam_sm_close_session.func_name)
197 | assert results[4] == pam_sm_end.func_name, (results[4], pam_sm_end.func_name)
198 | consts = results[1]
199 | for var in PAM_CONSTANTS.keys():
200 | assert consts.has_key(var), var
201 | assert consts[var] == PAM_CONSTANTS[var], (var, consts[var], PAM_CONSTANTS[var])
202 | for var in consts.keys():
203 | assert PAM_CONSTANTS.has_key(var), var
204 | assert PAM_CONSTANTS[var] == consts[var], (var, PAM_CONSTANTS[var], consts[var])
205 | assert len(results) == 5, len(results)
206 |
207 | #
208 | # Test the environment calls.
209 | #
210 | def test_environment(results, who, pamh, flags, argv):
211 | results.append(who.func_name)
212 | if who != pam_sm_acct_mgmt:
213 | return pamh.PAM_SUCCESS
214 | def test_exception(func):
215 | try:
216 | func()
217 | return str(None)
218 | except Exception, e:
219 | return e.__class__.__name__ + ": " + str(e)
220 | #
221 | # A few things to test here. First that PamEnv_as_mapping works.
222 | #
223 | results.append(len(pamh.env))
224 | results.append(pamh.env["x1"])
225 | pamh.env["yy"] = "y"
226 | results.append(pamh.env["yy"])
227 | pamh.env["yy"] = "z"
228 | results.append(pamh.env["yy"])
229 | def t(): pamh.env["yy"] = 1
230 | results.append(test_exception(t))
231 | del pamh.env["yy"]
232 | results.append(test_exception(lambda: pamh.env["yy"]))
233 | results.append(test_exception(lambda: pamh.env[1]))
234 | results.append(test_exception(lambda: pamh.env['a=']))
235 | results.append(test_exception(lambda: pamh.env['']))
236 | #
237 | # Now the dict functions.
238 | #
239 | pamh.env["xx"] = "x"
240 | results.append("not in" in pamh.env)
241 | results.append("xx" in pamh.env)
242 | results.append(pamh.env.has_key("not in"))
243 | results.append(pamh.env.has_key("xx"))
244 | results.append(test_exception(lambda: pamh.env.__getitem__("not in")))
245 | results.append(pamh.env.get("not in"))
246 | results.append(pamh.env.get("not in", "default"))
247 | results.append(pamh.env.get("xx"))
248 | results.append(pamh.env.get("xx", "default"))
249 | del pamh.env["x1"]
250 | results.append(pamh.env.items())
251 | results.append(pamh.env.keys())
252 | results.append(pamh.env.values())
253 | return pamh.PAM_SUCCESS
254 |
255 | def run_environment(results):
256 | pam = PAM.pam()
257 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
258 | pam.authenticate(0)
259 | pam.putenv("x1=1")
260 | pam.putenv("x2=2")
261 | pam.putenv("x3=3")
262 | pam.acct_mgmt()
263 | pam.close_session()
264 | del pam
265 | expected_results = [
266 | pam_sm_authenticate.func_name, pam_sm_acct_mgmt.func_name,
267 | 3, '1', 'y', 'z',
268 | 'TypeError: PAM environment value must be a string',
269 | "KeyError: 'yy'",
270 | 'TypeError: PAM environment key must be a string',
271 | "ValueError: PAM environment key can't contain '='",
272 | "ValueError: PAM environment key mustn't be 0 length",
273 | False, True, False, True,
274 | "KeyError: 'not in'",
275 | None, 'default', 'x', 'x',
276 | [('x2', '2'), ('x3', '3'), ('xx', 'x')],
277 | ['x2', 'x3', 'xx'],
278 | ['2', '3', 'x'],
279 | pam_sm_close_session.func_name, pam_sm_end.func_name]
280 | assert_results(expected_results, results)
281 |
282 | #
283 | # Test strerror().
284 | #
285 | def test_strerror(results, who, pamh, flags, argv):
286 | results.append(who.func_name)
287 | if who != pam_sm_authenticate:
288 | return pamh.PAM_SUCCESS
289 | results.extend([(e, pamh.strerror(e).lower()) for e in (0, 1, 30, 31)])
290 | return pamh.PAM_SUCCESS
291 |
292 | def run_strerror(results):
293 | pam = PAM.pam()
294 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
295 | pam.authenticate(0)
296 | del pam
297 | expected_results = [
298 | pam_sm_authenticate.func_name,
299 | ( 0, 'success'),
300 | ( 1, 'failed to load module'),
301 | (30, 'conversation is waiting for event'),
302 | (31, 'application needs to call libpam again'),
303 | pam_sm_end.func_name]
304 | assert_results(expected_results, results)
305 |
306 | #
307 | # Test items.
308 | #
309 | def test_items(results, who, pamh, flags, argv):
310 | results.append(who.func_name)
311 | if not who in (pam_sm_open_session, pam_sm_close_session):
312 | return pamh.PAM_SUCCESS
313 | items = {
314 | "authtok": "authtok-module",
315 | "authtok_type": "authtok_type-module",
316 | "oldauthtok": "oldauthtok-module",
317 | "rhost": "rhost-module",
318 | "ruser": "ruser-module",
319 | "tty": "tty-module",
320 | "user_prompt": "user_prompt-module",
321 | "user": "user-module",
322 | "xdisplay": "xdisplay-module",
323 | }
324 | keys = items.keys()
325 | keys.sort()
326 | for key in keys:
327 | results.append((key, getattr(pamh, key)))
328 | value = items[key]
329 | if value != None:
330 | setattr(pamh, key, value)
331 | try:
332 | setattr(pamh, "tty", 1)
333 | results.append("%r = %r" % (key, value))
334 | except StandardError, e:
335 | results.append("except: %s" % e)
336 | results.append(pamh.get_user("a prompt"))
337 | return pamh.PAM_SUCCESS
338 |
339 | def run_items(results):
340 | pam = PAM.pam()
341 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
342 | pam.authenticate(0)
343 | items = {
344 | 2: "user",
345 | 3: "tty",
346 | 4: "rhost",
347 | 8: "ruser",
348 | 9: "user_prompt",
349 | 11: "xdisplay",
350 | 13: "authtok_type"}
351 | items_list = items.keys()
352 | items_list.sort()
353 | for item in items_list:
354 | pam.set_item(item, items[item])
355 | pam.open_session()
356 | pam.close_session()
357 | del pam
358 | expected_results = [
359 | pam_sm_authenticate.func_name, pam_sm_open_session.func_name,
360 | ('authtok', None),
361 | ('authtok_type', 'authtok_type'),
362 | ('oldauthtok', None),
363 | ('rhost', 'rhost'),
364 | ('ruser', 'ruser'),
365 | ('tty', 'tty'),
366 | ('user', 'user'),
367 | ('user_prompt', 'user_prompt'),
368 | ('xdisplay', 'xdisplay'),
369 | 'except: PAM item PAM_TTY must be set to a string',
370 | 'user-module',
371 | pam_sm_close_session.func_name,
372 | ('authtok', 'authtok-module'),
373 | ('authtok_type', 'authtok_type-module'),
374 | ('oldauthtok', 'oldauthtok-module'),
375 | ('rhost', 'rhost-module'),
376 | ('ruser', 'ruser-module'),
377 | ('tty', 'tty-module'),
378 | ('user', 'user-module'),
379 | ('user_prompt', 'user_prompt-module'),
380 | ('xdisplay', 'xdisplay-module'),
381 | 'except: PAM item PAM_TTY must be set to a string',
382 | 'user-module',
383 | pam_sm_end.func_name]
384 | assert_results(expected_results, results)
385 |
386 | #
387 | # Test the xauthdata item.
388 | #
389 | def test_xauthdata(results, who, pamh, flags, argv):
390 | results.append(who.func_name)
391 | if not who in (pam_sm_open_session, pam_sm_close_session):
392 | return pamh.PAM_SUCCESS
393 | xauthdata0 = pamh.XAuthData("name-module", "data-module")
394 | pamh.xauthdata = xauthdata0
395 | xauthdata1 = pamh.xauthdata
396 | results.append('name=%r, data=%r' % (xauthdata1.name, xauthdata1.data))
397 | try:
398 | xauthdata2 = pamh.XAuthData(None, "x")
399 | results.append('pamh.XAuthData(%r, %r)' % (xauthdata2.name, xauthdata2.data))
400 | except TypeError, e:
401 | results.append('except: %s' % e)
402 | try:
403 | xauthdata2 = pamh.XAuthData("x", 1)
404 | results.append('pamh.XAuthData(%r, %r)' % (xauthdata2.name, xauthdata2.data))
405 | except TypeError, e:
406 | results.append('except: %s' % e)
407 | class XA: pass
408 | XA.name = "name-XA"
409 | XA.data = "data-XA"
410 | pamh.xauthdata = XA
411 | xauthdata2 = pamh.xauthdata
412 | results.append('name=%r, data=%r' % (xauthdata2.name, xauthdata2.data))
413 | xa = XA()
414 | xa.name = "name-xa"
415 | xa.data = "data-xa"
416 | pamh.xauthdata = xa
417 | xauthdata4 = pamh.xauthdata
418 | results.append('name=%r, data=%r' % (xauthdata4.name, xauthdata4.data))
419 | return pamh.PAM_SUCCESS
420 |
421 | def run_xauthdata(results):
422 | pam = PAM.pam()
423 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
424 | pam.authenticate(0)
425 | #
426 | # The PAM module doesn't support XAUTHDATA, so check what we can from the
427 | # module only.
428 | #
429 | pam.open_session()
430 | pam.close_session()
431 | del pam
432 | expected_results = [
433 | pam_sm_authenticate.func_name, pam_sm_open_session.func_name,
434 | ("name='name-module', data='data-module'"),
435 | 'except: XAuthData() argument 1 must be string, not None',
436 | 'except: XAuthData() argument 2 must be string, not int',
437 | ("name='name-XA', data='data-XA'"),
438 | ("name='name-xa', data='data-xa'"),
439 | pam_sm_close_session.func_name,
440 | ("name='name-module', data='data-module'"),
441 | 'except: XAuthData() argument 1 must be string, not None',
442 | 'except: XAuthData() argument 2 must be string, not int',
443 | ("name='name-XA', data='data-XA'"),
444 | ("name='name-xa', data='data-xa'"),
445 | pam_sm_end.func_name]
446 | assert_results(expected_results, results)
447 |
448 | #
449 | # Test having no pam_sm_end.
450 | #
451 | def test_no_sm_end(results, who, pamh, flags, argv):
452 | results.append(who.func_name)
453 | global pam_sm_end
454 | del pam_sm_end
455 | return pamh.PAM_SUCCESS
456 |
457 | def run_no_sm_end(results):
458 | pam = PAM.pam()
459 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
460 | pam.authenticate(0)
461 | del pam
462 | expected_results = [pam_sm_authenticate.func_name]
463 | assert_results(expected_results, results)
464 |
465 | #
466 | # Test the conversation mechanism.
467 | #
468 | def test_conv(results, who, pamh, flags, argv):
469 | results.append(who.func_name)
470 | if who == pam_sm_end:
471 | return
472 | #
473 | # We must get rid of all references to pamh.Response objects. This instance
474 | # of the test.py module is running inside of libpam_python. That shared
475 | # library will be unloaded soon. Should a pamh.Response instance be
476 | # dealloc'ed after it is unloaded the now non-existant dealloc function will
477 | # be called, and a SIGSEGV will result. Normally instances would not leak,
478 | # but with the trickery we are performing with fake import's here they will
479 | # leak via the results variable unless we take special action.
480 | #
481 | def conv(convs):
482 | responses = pamh.conversation(convs)
483 | if type(responses) != type(()):
484 | return (responses.resp, responses.resp_retcode)
485 | return [(r.resp, r.resp_retcode) for r in responses]
486 | if who == pam_sm_authenticate:
487 | convs = [
488 | pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Prompt_echo_off"),
489 | pamh.Message(pamh.PAM_PROMPT_ECHO_ON, "Prompt_echo_on"),
490 | pamh.Message(pamh.PAM_ERROR_MSG, "Error_msg"),
491 | pamh.Message(pamh.PAM_TEXT_INFO, "Text_info")]
492 | if who == pam_sm_acct_mgmt:
493 | convs = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "single")
494 | results.append(conv(convs))
495 | return pamh.PAM_SUCCESS
496 |
497 | def run_conv(results):
498 | pam = PAM.pam()
499 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
500 | pam.authenticate(0)
501 | pam.acct_mgmt()
502 | del pam
503 | expected_results = [
504 | pam_sm_authenticate.func_name,
505 | [('Prompt_echo_off', 1), ('Prompt_echo_on', 2), ('Error_msg', 3), ('Text_info', 4)],
506 | pam_sm_acct_mgmt.func_name,
507 | ('single', 1),
508 | pam_sm_end.func_name]
509 | assert_results(expected_results, results)
510 |
511 | #
512 | # Test pam error returns.
513 | #
514 | def test_pamerr(results, who, pamh, flags, argv):
515 | return results[-1]
516 |
517 | def run_pamerr(results):
518 | pam = PAM.pam()
519 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
520 | for err in range(0, PAM._PAM_RETURN_VALUES):
521 | results.append(err)
522 | try:
523 | pam.authenticate(0)
524 | except PAM.error, e:
525 | results[-1] = -e.args[1]
526 | del pam
527 | expected_results = [-r for r in range(PAM._PAM_RETURN_VALUES)]
528 | expected_results[25] = -6
529 | assert_results(expected_results, results)
530 |
531 | #
532 | # Test fail_delay.
533 | #
534 | def test_fail_delay(results, who, pamh, flags, argv):
535 | pamh.fail_delay(10)
536 | return pamh.PAM_SUCCESS
537 |
538 | def run_fail_delay(results):
539 | pam = PAM.pam()
540 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
541 | pam.authenticate(0)
542 | del pam
543 |
544 | #
545 | # Test raising an exception.
546 | #
547 | def test_exceptions(results, who, pamh, flags, argv):
548 | if who != pam_sm_end:
549 | return pamh.PAM_SUCCESS
550 | #
551 | # Here we have use of a backdoor put into pam_python.c specifically
552 | # for testing raising exceptions. Oddly, normally PAM should never
553 | # return anything other than PAM_SUCCESS to anything pam_python.c
554 | # calls.
555 | #
556 | debug_magic = 0x4567abcd
557 | results.append(pamh._PAM_RETURN_VALUES)
558 | for err in range(pamh._PAM_RETURN_VALUES):
559 | try:
560 | pamh.strerror(debug_magic + err)
561 | results.append(err)
562 | except pamh.exception, e:
563 | results.append((-e.pam_result,))
564 | return pamh.PAM_SUCCESS
565 |
566 | def run_exceptions(results):
567 | pam = PAM.pam()
568 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
569 | pam.authenticate(0)
570 | del pam
571 | expected_results = [results[0], 0]
572 | expected_results += [(-r,) for r in range(1, results[0])]
573 | assert_results(expected_results, results)
574 |
575 | #
576 | # Test absent entry point.
577 | #
578 | def test_absent(results, who, pamh, flags, argv):
579 | results.append(who.func_name)
580 | if who != pam_sm_authenticate:
581 | return pamh.PAM_SUCCESS
582 | global pam_sm_acct_mgmt; del pam_sm_acct_mgmt
583 | global pam_sm_setcred; del pam_sm_setcred
584 | global pam_sm_open_session; del pam_sm_open_session
585 | global pam_sm_close_session; del pam_sm_close_session
586 | global pam_sm_chauthtok; del pam_sm_chauthtok
587 | return pamh.PAM_SUCCESS
588 |
589 | def run_absent(results):
590 | pam = PAM.pam()
591 | pam.start(TEST_PAM_MODULE, TEST_PAM_USER, pam_conv)
592 | pam.authenticate(0)
593 | funcs = (
594 | pam.acct_mgmt,
595 | pam.setcred,
596 | pam.open_session,
597 | pam.close_session,
598 | pam.chauthtok
599 | )
600 | for func in funcs:
601 | try:
602 | func(0)
603 | exception = None
604 | except Exception, e:
605 | exception = e
606 | results.append((exception.__class__.__name__, str(exception)))
607 | del pam
608 | expected_results = [
609 | 'pam_sm_authenticate',
610 | ('error', "('Symbol not found', 2)"),
611 | ('error', "('Symbol not found', 2)"),
612 | ('error', "('Symbol not found', 2)"),
613 | ('error', "('Symbol not found', 2)"),
614 | ('error', "('Symbol not found', 2)"),
615 | ]
616 | assert_results(expected_results, results)
617 |
618 | #
619 | # Entry point.
620 | #
621 | def main(argv):
622 | run_test(run_basic_calls)
623 | run_test(run_constants)
624 | run_test(run_environment)
625 | run_test(run_strerror)
626 | run_test(run_items)
627 | run_test(run_xauthdata)
628 | run_test(run_no_sm_end)
629 | run_test(run_conv)
630 | run_test(run_pamerr)
631 | run_test(run_fail_delay)
632 | run_test(run_exceptions)
633 | run_test(run_absent)
634 |
635 | #
636 | # If run from Python run the test suite. Otherwse we are being used
637 | # as a real PAM module presumable from ctest, so just make every call
638 | # return success.
639 | #
640 | if __name__ == "__main__":
641 | import PAM
642 | main(sys.argv)
643 |
--------------------------------------------------------------------------------
/agpl-3.0.txt:
--------------------------------------------------------------------------------
1 | GNU AFFERO GENERAL PUBLIC LICENSE
2 | Version 3, 19 November 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU Affero General Public License is a free, copyleft license for
11 | software and other kinds of works, specifically designed to ensure
12 | cooperation with the community in the case of network server software.
13 |
14 | The licenses for most software and other practical works are designed
15 | to take away your freedom to share and change the works. By contrast,
16 | our General Public Licenses are intended to guarantee your freedom to
17 | share and change all versions of a program--to make sure it remains free
18 | software for all its users.
19 |
20 | When we speak of free software, we are referring to freedom, not
21 | price. Our General Public Licenses are designed to make sure that you
22 | have the freedom to distribute copies of free software (and charge for
23 | them if you wish), that you receive source code or can get it if you
24 | want it, that you can change the software or use pieces of it in new
25 | free programs, and that you know you can do these things.
26 |
27 | Developers that use our General Public Licenses protect your rights
28 | with two steps: (1) assert copyright on the software, and (2) offer
29 | you this License which gives you legal permission to copy, distribute
30 | and/or modify the software.
31 |
32 | A secondary benefit of defending all users' freedom is that
33 | improvements made in alternate versions of the program, if they
34 | receive widespread use, become available for other developers to
35 | incorporate. Many developers of free software are heartened and
36 | encouraged by the resulting cooperation. However, in the case of
37 | software used on network servers, this result may fail to come about.
38 | The GNU General Public License permits making a modified version and
39 | letting the public access it on a server without ever releasing its
40 | source code to the public.
41 |
42 | The GNU Affero General Public License is designed specifically to
43 | ensure that, in such cases, the modified source code becomes available
44 | to the community. It requires the operator of a network server to
45 | provide the source code of the modified version running there to the
46 | users of that server. Therefore, public use of a modified version, on
47 | a publicly accessible server, gives the public access to the source
48 | code of the modified version.
49 |
50 | An older license, called the Affero General Public License and
51 | published by Affero, was designed to accomplish similar goals. This is
52 | a different license, not a version of the Affero GPL, but Affero has
53 | released a new version of the Affero GPL which permits relicensing under
54 | this license.
55 |
56 | The precise terms and conditions for copying, distribution and
57 | modification follow.
58 |
59 | TERMS AND CONDITIONS
60 |
61 | 0. Definitions.
62 |
63 | "This License" refers to version 3 of the GNU Affero General Public License.
64 |
65 | "Copyright" also means copyright-like laws that apply to other kinds of
66 | works, such as semiconductor masks.
67 |
68 | "The Program" refers to any copyrightable work licensed under this
69 | License. Each licensee is addressed as "you". "Licensees" and
70 | "recipients" may be individuals or organizations.
71 |
72 | To "modify" a work means to copy from or adapt all or part of the work
73 | in a fashion requiring copyright permission, other than the making of an
74 | exact copy. The resulting work is called a "modified version" of the
75 | earlier work or a work "based on" the earlier work.
76 |
77 | A "covered work" means either the unmodified Program or a work based
78 | on the Program.
79 |
80 | To "propagate" a work means to do anything with it that, without
81 | permission, would make you directly or secondarily liable for
82 | infringement under applicable copyright law, except executing it on a
83 | computer or modifying a private copy. Propagation includes copying,
84 | distribution (with or without modification), making available to the
85 | public, and in some countries other activities as well.
86 |
87 | To "convey" a work means any kind of propagation that enables other
88 | parties to make or receive copies. Mere interaction with a user through
89 | a computer network, with no transfer of a copy, is not conveying.
90 |
91 | An interactive user interface displays "Appropriate Legal Notices"
92 | to the extent that it includes a convenient and prominently visible
93 | feature that (1) displays an appropriate copyright notice, and (2)
94 | tells the user that there is no warranty for the work (except to the
95 | extent that warranties are provided), that licensees may convey the
96 | work under this License, and how to view a copy of this License. If
97 | the interface presents a list of user commands or options, such as a
98 | menu, a prominent item in the list meets this criterion.
99 |
100 | 1. Source Code.
101 |
102 | The "source code" for a work means the preferred form of the work
103 | for making modifications to it. "Object code" means any non-source
104 | form of a work.
105 |
106 | A "Standard Interface" means an interface that either is an official
107 | standard defined by a recognized standards body, or, in the case of
108 | interfaces specified for a particular programming language, one that
109 | is widely used among developers working in that language.
110 |
111 | The "System Libraries" of an executable work include anything, other
112 | than the work as a whole, that (a) is included in the normal form of
113 | packaging a Major Component, but which is not part of that Major
114 | Component, and (b) serves only to enable use of the work with that
115 | Major Component, or to implement a Standard Interface for which an
116 | implementation is available to the public in source code form. A
117 | "Major Component", in this context, means a major essential component
118 | (kernel, window system, and so on) of the specific operating system
119 | (if any) on which the executable work runs, or a compiler used to
120 | produce the work, or an object code interpreter used to run it.
121 |
122 | The "Corresponding Source" for a work in object code form means all
123 | the source code needed to generate, install, and (for an executable
124 | work) run the object code and to modify the work, including scripts to
125 | control those activities. However, it does not include the work's
126 | System Libraries, or general-purpose tools or generally available free
127 | programs which are used unmodified in performing those activities but
128 | which are not part of the work. For example, Corresponding Source
129 | includes interface definition files associated with source files for
130 | the work, and the source code for shared libraries and dynamically
131 | linked subprograms that the work is specifically designed to require,
132 | such as by intimate data communication or control flow between those
133 | subprograms and other parts of the work.
134 |
135 | The Corresponding Source need not include anything that users
136 | can regenerate automatically from other parts of the Corresponding
137 | Source.
138 |
139 | The Corresponding Source for a work in source code form is that
140 | same work.
141 |
142 | 2. Basic Permissions.
143 |
144 | All rights granted under this License are granted for the term of
145 | copyright on the Program, and are irrevocable provided the stated
146 | conditions are met. This License explicitly affirms your unlimited
147 | permission to run the unmodified Program. The output from running a
148 | covered work is covered by this License only if the output, given its
149 | content, constitutes a covered work. This License acknowledges your
150 | rights of fair use or other equivalent, as provided by copyright law.
151 |
152 | You may make, run and propagate covered works that you do not
153 | convey, without conditions so long as your license otherwise remains
154 | in force. You may convey covered works to others for the sole purpose
155 | of having them make modifications exclusively for you, or provide you
156 | with facilities for running those works, provided that you comply with
157 | the terms of this License in conveying all material for which you do
158 | not control copyright. Those thus making or running the covered works
159 | for you must do so exclusively on your behalf, under your direction
160 | and control, on terms that prohibit them from making any copies of
161 | your copyrighted material outside their relationship with you.
162 |
163 | Conveying under any other circumstances is permitted solely under
164 | the conditions stated below. Sublicensing is not allowed; section 10
165 | makes it unnecessary.
166 |
167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
168 |
169 | No covered work shall be deemed part of an effective technological
170 | measure under any applicable law fulfilling obligations under article
171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
172 | similar laws prohibiting or restricting circumvention of such
173 | measures.
174 |
175 | When you convey a covered work, you waive any legal power to forbid
176 | circumvention of technological measures to the extent such circumvention
177 | is effected by exercising rights under this License with respect to
178 | the covered work, and you disclaim any intention to limit operation or
179 | modification of the work as a means of enforcing, against the work's
180 | users, your or third parties' legal rights to forbid circumvention of
181 | technological measures.
182 |
183 | 4. Conveying Verbatim Copies.
184 |
185 | You may convey verbatim copies of the Program's source code as you
186 | receive it, in any medium, provided that you conspicuously and
187 | appropriately publish on each copy an appropriate copyright notice;
188 | keep intact all notices stating that this License and any
189 | non-permissive terms added in accord with section 7 apply to the code;
190 | keep intact all notices of the absence of any warranty; and give all
191 | recipients a copy of this License along with the Program.
192 |
193 | You may charge any price or no price for each copy that you convey,
194 | and you may offer support or warranty protection for a fee.
195 |
196 | 5. Conveying Modified Source Versions.
197 |
198 | You may convey a work based on the Program, or the modifications to
199 | produce it from the Program, in the form of source code under the
200 | terms of section 4, provided that you also meet all of these conditions:
201 |
202 | a) The work must carry prominent notices stating that you modified
203 | it, and giving a relevant date.
204 |
205 | b) The work must carry prominent notices stating that it is
206 | released under this License and any conditions added under section
207 | 7. This requirement modifies the requirement in section 4 to
208 | "keep intact all notices".
209 |
210 | c) You must license the entire work, as a whole, under this
211 | License to anyone who comes into possession of a copy. This
212 | License will therefore apply, along with any applicable section 7
213 | additional terms, to the whole of the work, and all its parts,
214 | regardless of how they are packaged. This License gives no
215 | permission to license the work in any other way, but it does not
216 | invalidate such permission if you have separately received it.
217 |
218 | d) If the work has interactive user interfaces, each must display
219 | Appropriate Legal Notices; however, if the Program has interactive
220 | interfaces that do not display Appropriate Legal Notices, your
221 | work need not make them do so.
222 |
223 | A compilation of a covered work with other separate and independent
224 | works, which are not by their nature extensions of the covered work,
225 | and which are not combined with it such as to form a larger program,
226 | in or on a volume of a storage or distribution medium, is called an
227 | "aggregate" if the compilation and its resulting copyright are not
228 | used to limit the access or legal rights of the compilation's users
229 | beyond what the individual works permit. Inclusion of a covered work
230 | in an aggregate does not cause this License to apply to the other
231 | parts of the aggregate.
232 |
233 | 6. Conveying Non-Source Forms.
234 |
235 | You may convey a covered work in object code form under the terms
236 | of sections 4 and 5, provided that you also convey the
237 | machine-readable Corresponding Source under the terms of this License,
238 | in one of these ways:
239 |
240 | a) Convey the object code in, or embodied in, a physical product
241 | (including a physical distribution medium), accompanied by the
242 | Corresponding Source fixed on a durable physical medium
243 | customarily used for software interchange.
244 |
245 | b) Convey the object code in, or embodied in, a physical product
246 | (including a physical distribution medium), accompanied by a
247 | written offer, valid for at least three years and valid for as
248 | long as you offer spare parts or customer support for that product
249 | model, to give anyone who possesses the object code either (1) a
250 | copy of the Corresponding Source for all the software in the
251 | product that is covered by this License, on a durable physical
252 | medium customarily used for software interchange, for a price no
253 | more than your reasonable cost of physically performing this
254 | conveying of source, or (2) access to copy the
255 | Corresponding Source from a network server at no charge.
256 |
257 | c) Convey individual copies of the object code with a copy of the
258 | written offer to provide the Corresponding Source. This
259 | alternative is allowed only occasionally and noncommercially, and
260 | only if you received the object code with such an offer, in accord
261 | with subsection 6b.
262 |
263 | d) Convey the object code by offering access from a designated
264 | place (gratis or for a charge), and offer equivalent access to the
265 | Corresponding Source in the same way through the same place at no
266 | further charge. You need not require recipients to copy the
267 | Corresponding Source along with the object code. If the place to
268 | copy the object code is a network server, the Corresponding Source
269 | may be on a different server (operated by you or a third party)
270 | that supports equivalent copying facilities, provided you maintain
271 | clear directions next to the object code saying where to find the
272 | Corresponding Source. Regardless of what server hosts the
273 | Corresponding Source, you remain obligated to ensure that it is
274 | available for as long as needed to satisfy these requirements.
275 |
276 | e) Convey the object code using peer-to-peer transmission, provided
277 | you inform other peers where the object code and Corresponding
278 | Source of the work are being offered to the general public at no
279 | charge under subsection 6d.
280 |
281 | A separable portion of the object code, whose source code is excluded
282 | from the Corresponding Source as a System Library, need not be
283 | included in conveying the object code work.
284 |
285 | A "User Product" is either (1) a "consumer product", which means any
286 | tangible personal property which is normally used for personal, family,
287 | or household purposes, or (2) anything designed or sold for incorporation
288 | into a dwelling. In determining whether a product is a consumer product,
289 | doubtful cases shall be resolved in favor of coverage. For a particular
290 | product received by a particular user, "normally used" refers to a
291 | typical or common use of that class of product, regardless of the status
292 | of the particular user or of the way in which the particular user
293 | actually uses, or expects or is expected to use, the product. A product
294 | is a consumer product regardless of whether the product has substantial
295 | commercial, industrial or non-consumer uses, unless such uses represent
296 | the only significant mode of use of the product.
297 |
298 | "Installation Information" for a User Product means any methods,
299 | procedures, authorization keys, or other information required to install
300 | and execute modified versions of a covered work in that User Product from
301 | a modified version of its Corresponding Source. The information must
302 | suffice to ensure that the continued functioning of the modified object
303 | code is in no case prevented or interfered with solely because
304 | modification has been made.
305 |
306 | If you convey an object code work under this section in, or with, or
307 | specifically for use in, a User Product, and the conveying occurs as
308 | part of a transaction in which the right of possession and use of the
309 | User Product is transferred to the recipient in perpetuity or for a
310 | fixed term (regardless of how the transaction is characterized), the
311 | Corresponding Source conveyed under this section must be accompanied
312 | by the Installation Information. But this requirement does not apply
313 | if neither you nor any third party retains the ability to install
314 | modified object code on the User Product (for example, the work has
315 | been installed in ROM).
316 |
317 | The requirement to provide Installation Information does not include a
318 | requirement to continue to provide support service, warranty, or updates
319 | for a work that has been modified or installed by the recipient, or for
320 | the User Product in which it has been modified or installed. Access to a
321 | network may be denied when the modification itself materially and
322 | adversely affects the operation of the network or violates the rules and
323 | protocols for communication across the network.
324 |
325 | Corresponding Source conveyed, and Installation Information provided,
326 | in accord with this section must be in a format that is publicly
327 | documented (and with an implementation available to the public in
328 | source code form), and must require no special password or key for
329 | unpacking, reading or copying.
330 |
331 | 7. Additional Terms.
332 |
333 | "Additional permissions" are terms that supplement the terms of this
334 | License by making exceptions from one or more of its conditions.
335 | Additional permissions that are applicable to the entire Program shall
336 | be treated as though they were included in this License, to the extent
337 | that they are valid under applicable law. If additional permissions
338 | apply only to part of the Program, that part may be used separately
339 | under those permissions, but the entire Program remains governed by
340 | this License without regard to the additional permissions.
341 |
342 | When you convey a copy of a covered work, you may at your option
343 | remove any additional permissions from that copy, or from any part of
344 | it. (Additional permissions may be written to require their own
345 | removal in certain cases when you modify the work.) You may place
346 | additional permissions on material, added by you to a covered work,
347 | for which you have or can give appropriate copyright permission.
348 |
349 | Notwithstanding any other provision of this License, for material you
350 | add to a covered work, you may (if authorized by the copyright holders of
351 | that material) supplement the terms of this License with terms:
352 |
353 | a) Disclaiming warranty or limiting liability differently from the
354 | terms of sections 15 and 16 of this License; or
355 |
356 | b) Requiring preservation of specified reasonable legal notices or
357 | author attributions in that material or in the Appropriate Legal
358 | Notices displayed by works containing it; or
359 |
360 | c) Prohibiting misrepresentation of the origin of that material, or
361 | requiring that modified versions of such material be marked in
362 | reasonable ways as different from the original version; or
363 |
364 | d) Limiting the use for publicity purposes of names of licensors or
365 | authors of the material; or
366 |
367 | e) Declining to grant rights under trademark law for use of some
368 | trade names, trademarks, or service marks; or
369 |
370 | f) Requiring indemnification of licensors and authors of that
371 | material by anyone who conveys the material (or modified versions of
372 | it) with contractual assumptions of liability to the recipient, for
373 | any liability that these contractual assumptions directly impose on
374 | those licensors and authors.
375 |
376 | All other non-permissive additional terms are considered "further
377 | restrictions" within the meaning of section 10. If the Program as you
378 | received it, or any part of it, contains a notice stating that it is
379 | governed by this License along with a term that is a further
380 | restriction, you may remove that term. If a license document contains
381 | a further restriction but permits relicensing or conveying under this
382 | License, you may add to a covered work material governed by the terms
383 | of that license document, provided that the further restriction does
384 | not survive such relicensing or conveying.
385 |
386 | If you add terms to a covered work in accord with this section, you
387 | must place, in the relevant source files, a statement of the
388 | additional terms that apply to those files, or a notice indicating
389 | where to find the applicable terms.
390 |
391 | Additional terms, permissive or non-permissive, may be stated in the
392 | form of a separately written license, or stated as exceptions;
393 | the above requirements apply either way.
394 |
395 | 8. Termination.
396 |
397 | You may not propagate or modify a covered work except as expressly
398 | provided under this License. Any attempt otherwise to propagate or
399 | modify it is void, and will automatically terminate your rights under
400 | this License (including any patent licenses granted under the third
401 | paragraph of section 11).
402 |
403 | However, if you cease all violation of this License, then your
404 | license from a particular copyright holder is reinstated (a)
405 | provisionally, unless and until the copyright holder explicitly and
406 | finally terminates your license, and (b) permanently, if the copyright
407 | holder fails to notify you of the violation by some reasonable means
408 | prior to 60 days after the cessation.
409 |
410 | Moreover, your license from a particular copyright holder is
411 | reinstated permanently if the copyright holder notifies you of the
412 | violation by some reasonable means, this is the first time you have
413 | received notice of violation of this License (for any work) from that
414 | copyright holder, and you cure the violation prior to 30 days after
415 | your receipt of the notice.
416 |
417 | Termination of your rights under this section does not terminate the
418 | licenses of parties who have received copies or rights from you under
419 | this License. If your rights have been terminated and not permanently
420 | reinstated, you do not qualify to receive new licenses for the same
421 | material under section 10.
422 |
423 | 9. Acceptance Not Required for Having Copies.
424 |
425 | You are not required to accept this License in order to receive or
426 | run a copy of the Program. Ancillary propagation of a covered work
427 | occurring solely as a consequence of using peer-to-peer transmission
428 | to receive a copy likewise does not require acceptance. However,
429 | nothing other than this License grants you permission to propagate or
430 | modify any covered work. These actions infringe copyright if you do
431 | not accept this License. Therefore, by modifying or propagating a
432 | covered work, you indicate your acceptance of this License to do so.
433 |
434 | 10. Automatic Licensing of Downstream Recipients.
435 |
436 | Each time you convey a covered work, the recipient automatically
437 | receives a license from the original licensors, to run, modify and
438 | propagate that work, subject to this License. You are not responsible
439 | for enforcing compliance by third parties with this License.
440 |
441 | An "entity transaction" is a transaction transferring control of an
442 | organization, or substantially all assets of one, or subdividing an
443 | organization, or merging organizations. If propagation of a covered
444 | work results from an entity transaction, each party to that
445 | transaction who receives a copy of the work also receives whatever
446 | licenses to the work the party's predecessor in interest had or could
447 | give under the previous paragraph, plus a right to possession of the
448 | Corresponding Source of the work from the predecessor in interest, if
449 | the predecessor has it or can get it with reasonable efforts.
450 |
451 | You may not impose any further restrictions on the exercise of the
452 | rights granted or affirmed under this License. For example, you may
453 | not impose a license fee, royalty, or other charge for exercise of
454 | rights granted under this License, and you may not initiate litigation
455 | (including a cross-claim or counterclaim in a lawsuit) alleging that
456 | any patent claim is infringed by making, using, selling, offering for
457 | sale, or importing the Program or any portion of it.
458 |
459 | 11. Patents.
460 |
461 | A "contributor" is a copyright holder who authorizes use under this
462 | License of the Program or a work on which the Program is based. The
463 | work thus licensed is called the contributor's "contributor version".
464 |
465 | A contributor's "essential patent claims" are all patent claims
466 | owned or controlled by the contributor, whether already acquired or
467 | hereafter acquired, that would be infringed by some manner, permitted
468 | by this License, of making, using, or selling its contributor version,
469 | but do not include claims that would be infringed only as a
470 | consequence of further modification of the contributor version. For
471 | purposes of this definition, "control" includes the right to grant
472 | patent sublicenses in a manner consistent with the requirements of
473 | this License.
474 |
475 | Each contributor grants you a non-exclusive, worldwide, royalty-free
476 | patent license under the contributor's essential patent claims, to
477 | make, use, sell, offer for sale, import and otherwise run, modify and
478 | propagate the contents of its contributor version.
479 |
480 | In the following three paragraphs, a "patent license" is any express
481 | agreement or commitment, however denominated, not to enforce a patent
482 | (such as an express permission to practice a patent or covenant not to
483 | sue for patent infringement). To "grant" such a patent license to a
484 | party means to make such an agreement or commitment not to enforce a
485 | patent against the party.
486 |
487 | If you convey a covered work, knowingly relying on a patent license,
488 | and the Corresponding Source of the work is not available for anyone
489 | to copy, free of charge and under the terms of this License, through a
490 | publicly available network server or other readily accessible means,
491 | then you must either (1) cause the Corresponding Source to be so
492 | available, or (2) arrange to deprive yourself of the benefit of the
493 | patent license for this particular work, or (3) arrange, in a manner
494 | consistent with the requirements of this License, to extend the patent
495 | license to downstream recipients. "Knowingly relying" means you have
496 | actual knowledge that, but for the patent license, your conveying the
497 | covered work in a country, or your recipient's use of the covered work
498 | in a country, would infringe one or more identifiable patents in that
499 | country that you have reason to believe are valid.
500 |
501 | If, pursuant to or in connection with a single transaction or
502 | arrangement, you convey, or propagate by procuring conveyance of, a
503 | covered work, and grant a patent license to some of the parties
504 | receiving the covered work authorizing them to use, propagate, modify
505 | or convey a specific copy of the covered work, then the patent license
506 | you grant is automatically extended to all recipients of the covered
507 | work and works based on it.
508 |
509 | A patent license is "discriminatory" if it does not include within
510 | the scope of its coverage, prohibits the exercise of, or is
511 | conditioned on the non-exercise of one or more of the rights that are
512 | specifically granted under this License. You may not convey a covered
513 | work if you are a party to an arrangement with a third party that is
514 | in the business of distributing software, under which you make payment
515 | to the third party based on the extent of your activity of conveying
516 | the work, and under which the third party grants, to any of the
517 | parties who would receive the covered work from you, a discriminatory
518 | patent license (a) in connection with copies of the covered work
519 | conveyed by you (or copies made from those copies), or (b) primarily
520 | for and in connection with specific products or compilations that
521 | contain the covered work, unless you entered into that arrangement,
522 | or that patent license was granted, prior to 28 March 2007.
523 |
524 | Nothing in this License shall be construed as excluding or limiting
525 | any implied license or other defenses to infringement that may
526 | otherwise be available to you under applicable patent law.
527 |
528 | 12. No Surrender of Others' Freedom.
529 |
530 | If conditions are imposed on you (whether by court order, agreement or
531 | otherwise) that contradict the conditions of this License, they do not
532 | excuse you from the conditions of this License. If you cannot convey a
533 | covered work so as to satisfy simultaneously your obligations under this
534 | License and any other pertinent obligations, then as a consequence you may
535 | not convey it at all. For example, if you agree to terms that obligate you
536 | to collect a royalty for further conveying from those to whom you convey
537 | the Program, the only way you could satisfy both those terms and this
538 | License would be to refrain entirely from conveying the Program.
539 |
540 | 13. Remote Network Interaction; Use with the GNU General Public License.
541 |
542 | Notwithstanding any other provision of this License, if you modify the
543 | Program, your modified version must prominently offer all users
544 | interacting with it remotely through a computer network (if your version
545 | supports such interaction) an opportunity to receive the Corresponding
546 | Source of your version by providing access to the Corresponding Source
547 | from a network server at no charge, through some standard or customary
548 | means of facilitating copying of software. This Corresponding Source
549 | shall include the Corresponding Source for any work covered by version 3
550 | of the GNU General Public License that is incorporated pursuant to the
551 | following paragraph.
552 |
553 | Notwithstanding any other provision of this License, you have
554 | permission to link or combine any covered work with a work licensed
555 | under version 3 of the GNU General Public License into a single
556 | combined work, and to convey the resulting work. The terms of this
557 | License will continue to apply to the part which is the covered work,
558 | but the work with which it is combined will remain governed by version
559 | 3 of the GNU General Public License.
560 |
561 | 14. Revised Versions of this License.
562 |
563 | The Free Software Foundation may publish revised and/or new versions of
564 | the GNU Affero General Public License from time to time. Such new versions
565 | will be similar in spirit to the present version, but may differ in detail to
566 | address new problems or concerns.
567 |
568 | Each version is given a distinguishing version number. If the
569 | Program specifies that a certain numbered version of the GNU Affero General
570 | Public License "or any later version" applies to it, you have the
571 | option of following the terms and conditions either of that numbered
572 | version or of any later version published by the Free Software
573 | Foundation. If the Program does not specify a version number of the
574 | GNU Affero General Public License, you may choose any version ever published
575 | by the Free Software Foundation.
576 |
577 | If the Program specifies that a proxy can decide which future
578 | versions of the GNU Affero General Public License can be used, that proxy's
579 | public statement of acceptance of a version permanently authorizes you
580 | to choose that version for the Program.
581 |
582 | Later license versions may give you additional or different
583 | permissions. However, no additional obligations are imposed on any
584 | author or copyright holder as a result of your choosing to follow a
585 | later version.
586 |
587 | 15. Disclaimer of Warranty.
588 |
589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
597 |
598 | 16. Limitation of Liability.
599 |
600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
608 | SUCH DAMAGES.
609 |
610 | 17. Interpretation of Sections 15 and 16.
611 |
612 | If the disclaimer of warranty and limitation of liability provided
613 | above cannot be given local legal effect according to their terms,
614 | reviewing courts shall apply local law that most closely approximates
615 | an absolute waiver of all civil liability in connection with the
616 | Program, unless a warranty or assumption of liability accompanies a
617 | copy of the Program in return for a fee.
618 |
619 | END OF TERMS AND CONDITIONS
620 |
621 | How to Apply These Terms to Your New Programs
622 |
623 | If you develop a new program, and you want it to be of the greatest
624 | possible use to the public, the best way to achieve this is to make it
625 | free software which everyone can redistribute and change under these terms.
626 |
627 | To do so, attach the following notices to the program. It is safest
628 | to attach them to the start of each source file to most effectively
629 | state the exclusion of warranty; and each file should have at least
630 | the "copyright" line and a pointer to where the full notice is found.
631 |
632 |
633 | Copyright (C)
634 |
635 | This program is free software: you can redistribute it and/or modify
636 | it under the terms of the GNU Affero General Public License as published by
637 | the Free Software Foundation, either version 3 of the License, or
638 | (at your option) any later version.
639 |
640 | This program is distributed in the hope that it will be useful,
641 | but WITHOUT ANY WARRANTY; without even the implied warranty of
642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
643 | GNU Affero General Public License for more details.
644 |
645 | You should have received a copy of the GNU Affero General Public License
646 | along with this program. If not, see .
647 |
648 | Also add information on how to contact you by electronic and paper mail.
649 |
650 | If your software can interact with users remotely through a computer
651 | network, you should also make sure that it provides a way for users to
652 | get its source. For example, if your program is a web application, its
653 | interface could display a "Source" link that leads users to an archive
654 | of the code. There are many ways you could offer source, and different
655 | solutions will be better for different programs; see section 13 for the
656 | specific requirements.
657 |
658 | You should also get your employer (if you work as a programmer) or school,
659 | if any, to sign a "copyright disclaimer" for the program, if necessary.
660 | For more information on this, and how to apply and follow the GNU AGPL, see
661 | .
662 |
--------------------------------------------------------------------------------
/debian/copyright:
--------------------------------------------------------------------------------
1 | Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
2 | Upstream-Name: pam-python
3 | Upstream-Contact: Russell Stuart
4 | Source: http://pam-python.sourceforge.net/
5 |
6 | Files: *
7 | Copyright: Copyright (c) 2007-2012,2013 Russell Stuart
8 | License: AGPL-3.0+
9 | GNU AFFERO GENERAL PUBLIC LICENSE
10 | Version 3, 19 November 2007
11 | .
12 | Copyright (C) 2007 Free Software Foundation, Inc.
13 | Everyone is permitted to copy and distribute verbatim copies
14 | of this license document, but changing it is not allowed.
15 | .
16 | Preamble
17 | .
18 | The GNU Affero General Public License is a free, copyleft license for
19 | software and other kinds of works, specifically designed to ensure
20 | cooperation with the community in the case of network server software.
21 | .
22 | The licenses for most software and other practical works are designed
23 | to take away your freedom to share and change the works. By contrast,
24 | our General Public Licenses are intended to guarantee your freedom to
25 | share and change all versions of a program--to make sure it remains free
26 | software for all its users.
27 | .
28 | When we speak of free software, we are referring to freedom, not
29 | price. Our General Public Licenses are designed to make sure that you
30 | have the freedom to distribute copies of free software (and charge for
31 | them if you wish), that you receive source code or can get it if you
32 | want it, that you can change the software or use pieces of it in new
33 | free programs, and that you know you can do these things.
34 | .
35 | Developers that use our General Public Licenses protect your rights
36 | with two steps: (1) assert copyright on the software, and (2) offer
37 | you this License which gives you legal permission to copy, distribute
38 | and/or modify the software.
39 | .
40 | A secondary benefit of defending all users' freedom is that
41 | improvements made in alternate versions of the program, if they
42 | receive widespread use, become available for other developers to
43 | incorporate. Many developers of free software are heartened and
44 | encouraged by the resulting cooperation. However, in the case of
45 | software used on network servers, this result may fail to come about.
46 | The GNU General Public License permits making a modified version and
47 | letting the public access it on a server without ever releasing its
48 | source code to the public.
49 | .
50 | The GNU Affero General Public License is designed specifically to
51 | ensure that, in such cases, the modified source code becomes available
52 | to the community. It requires the operator of a network server to
53 | provide the source code of the modified version running there to the
54 | users of that server. Therefore, public use of a modified version, on
55 | a publicly accessible server, gives the public access to the source
56 | code of the modified version.
57 | .
58 | An older license, called the Affero General Public License and
59 | published by Affero, was designed to accomplish similar goals. This is
60 | a different license, not a version of the Affero GPL, but Affero has
61 | released a new version of the Affero GPL which permits relicensing under
62 | this license.
63 | .
64 | The precise terms and conditions for copying, distribution and
65 | modification follow.
66 | .
67 | TERMS AND CONDITIONS
68 | .
69 | 0. Definitions.
70 | .
71 | "This License" refers to version 3 of the GNU Affero General Public License.
72 | .
73 | "Copyright" also means copyright-like laws that apply to other kinds of
74 | works, such as semiconductor masks.
75 | .
76 | "The Program" refers to any copyrightable work licensed under this
77 | License. Each licensee is addressed as "you". "Licensees" and
78 | "recipients" may be individuals or organizations.
79 | .
80 | To "modify" a work means to copy from or adapt all or part of the work
81 | in a fashion requiring copyright permission, other than the making of an
82 | exact copy. The resulting work is called a "modified version" of the
83 | earlier work or a work "based on" the earlier work.
84 | .
85 | A "covered work" means either the unmodified Program or a work based
86 | on the Program.
87 | .
88 | To "propagate" a work means to do anything with it that, without
89 | permission, would make you directly or secondarily liable for
90 | infringement under applicable copyright law, except executing it on a
91 | computer or modifying a private copy. Propagation includes copying,
92 | distribution (with or without modification), making available to the
93 | public, and in some countries other activities as well.
94 | .
95 | To "convey" a work means any kind of propagation that enables other
96 | parties to make or receive copies. Mere interaction with a user through
97 | a computer network, with no transfer of a copy, is not conveying.
98 | .
99 | An interactive user interface displays "Appropriate Legal Notices"
100 | to the extent that it includes a convenient and prominently visible
101 | feature that (1) displays an appropriate copyright notice, and (2)
102 | tells the user that there is no warranty for the work (except to the
103 | extent that warranties are provided), that licensees may convey the
104 | work under this License, and how to view a copy of this License. If
105 | the interface presents a list of user commands or options, such as a
106 | menu, a prominent item in the list meets this criterion.
107 | .
108 | 1. Source Code.
109 | .
110 | The "source code" for a work means the preferred form of the work
111 | for making modifications to it. "Object code" means any non-source
112 | form of a work.
113 | .
114 | A "Standard Interface" means an interface that either is an official
115 | standard defined by a recognized standards body, or, in the case of
116 | interfaces specified for a particular programming language, one that
117 | is widely used among developers working in that language.
118 | .
119 | The "System Libraries" of an executable work include anything, other
120 | than the work as a whole, that (a) is included in the normal form of
121 | packaging a Major Component, but which is not part of that Major
122 | Component, and (b) serves only to enable use of the work with that
123 | Major Component, or to implement a Standard Interface for which an
124 | implementation is available to the public in source code form. A
125 | "Major Component", in this context, means a major essential component
126 | (kernel, window system, and so on) of the specific operating system
127 | (if any) on which the executable work runs, or a compiler used to
128 | produce the work, or an object code interpreter used to run it.
129 | .
130 | The "Corresponding Source" for a work in object code form means all
131 | the source code needed to generate, install, and (for an executable
132 | work) run the object code and to modify the work, including scripts to
133 | control those activities. However, it does not include the work's
134 | System Libraries, or general-purpose tools or generally available free
135 | programs which are used unmodified in performing those activities but
136 | which are not part of the work. For example, Corresponding Source
137 | includes interface definition files associated with source files for
138 | the work, and the source code for shared libraries and dynamically
139 | linked subprograms that the work is specifically designed to require,
140 | such as by intimate data communication or control flow between those
141 | subprograms and other parts of the work.
142 | .
143 | The Corresponding Source need not include anything that users
144 | can regenerate automatically from other parts of the Corresponding
145 | Source.
146 | .
147 | The Corresponding Source for a work in source code form is that
148 | same work.
149 | .
150 | 2. Basic Permissions.
151 | .
152 | All rights granted under this License are granted for the term of
153 | copyright on the Program, and are irrevocable provided the stated
154 | conditions are met. This License explicitly affirms your unlimited
155 | permission to run the unmodified Program. The output from running a
156 | covered work is covered by this License only if the output, given its
157 | content, constitutes a covered work. This License acknowledges your
158 | rights of fair use or other equivalent, as provided by copyright law.
159 | .
160 | You may make, run and propagate covered works that you do not
161 | convey, without conditions so long as your license otherwise remains
162 | in force. You may convey covered works to others for the sole purpose
163 | of having them make modifications exclusively for you, or provide you
164 | with facilities for running those works, provided that you comply with
165 | the terms of this License in conveying all material for which you do
166 | not control copyright. Those thus making or running the covered works
167 | for you must do so exclusively on your behalf, under your direction
168 | and control, on terms that prohibit them from making any copies of
169 | your copyrighted material outside their relationship with you.
170 | .
171 | Conveying under any other circumstances is permitted solely under
172 | the conditions stated below. Sublicensing is not allowed; section 10
173 | makes it unnecessary.
174 | .
175 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
176 | .
177 | No covered work shall be deemed part of an effective technological
178 | measure under any applicable law fulfilling obligations under article
179 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
180 | similar laws prohibiting or restricting circumvention of such
181 | measures.
182 | .
183 | When you convey a covered work, you waive any legal power to forbid
184 | circumvention of technological measures to the extent such circumvention
185 | is effected by exercising rights under this License with respect to
186 | the covered work, and you disclaim any intention to limit operation or
187 | modification of the work as a means of enforcing, against the work's
188 | users, your or third parties' legal rights to forbid circumvention of
189 | technological measures.
190 | .
191 | 4. Conveying Verbatim Copies.
192 | .
193 | You may convey verbatim copies of the Program's source code as you
194 | receive it, in any medium, provided that you conspicuously and
195 | appropriately publish on each copy an appropriate copyright notice;
196 | keep intact all notices stating that this License and any
197 | non-permissive terms added in accord with section 7 apply to the code;
198 | keep intact all notices of the absence of any warranty; and give all
199 | recipients a copy of this License along with the Program.
200 | .
201 | You may charge any price or no price for each copy that you convey,
202 | and you may offer support or warranty protection for a fee.
203 | .
204 | 5. Conveying Modified Source Versions.
205 | .
206 | You may convey a work based on the Program, or the modifications to
207 | produce it from the Program, in the form of source code under the
208 | terms of section 4, provided that you also meet all of these conditions:
209 | .
210 | a) The work must carry prominent notices stating that you modified
211 | it, and giving a relevant date.
212 | .
213 | b) The work must carry prominent notices stating that it is
214 | released under this License and any conditions added under section
215 | 7. This requirement modifies the requirement in section 4 to
216 | "keep intact all notices".
217 | .
218 | c) You must license the entire work, as a whole, under this
219 | License to anyone who comes into possession of a copy. This
220 | License will therefore apply, along with any applicable section 7
221 | additional terms, to the whole of the work, and all its parts,
222 | regardless of how they are packaged. This License gives no
223 | permission to license the work in any other way, but it does not
224 | invalidate such permission if you have separately received it.
225 | .
226 | d) If the work has interactive user interfaces, each must display
227 | Appropriate Legal Notices; however, if the Program has interactive
228 | interfaces that do not display Appropriate Legal Notices, your
229 | work need not make them do so.
230 | .
231 | A compilation of a covered work with other separate and independent
232 | works, which are not by their nature extensions of the covered work,
233 | and which are not combined with it such as to form a larger program,
234 | in or on a volume of a storage or distribution medium, is called an
235 | "aggregate" if the compilation and its resulting copyright are not
236 | used to limit the access or legal rights of the compilation's users
237 | beyond what the individual works permit. Inclusion of a covered work
238 | in an aggregate does not cause this License to apply to the other
239 | parts of the aggregate.
240 | .
241 | 6. Conveying Non-Source Forms.
242 | .
243 | You may convey a covered work in object code form under the terms
244 | of sections 4 and 5, provided that you also convey the
245 | machine-readable Corresponding Source under the terms of this License,
246 | in one of these ways:
247 | .
248 | a) Convey the object code in, or embodied in, a physical product
249 | (including a physical distribution medium), accompanied by the
250 | Corresponding Source fixed on a durable physical medium
251 | customarily used for software interchange.
252 | .
253 | b) Convey the object code in, or embodied in, a physical product
254 | (including a physical distribution medium), accompanied by a
255 | written offer, valid for at least three years and valid for as
256 | long as you offer spare parts or customer support for that product
257 | model, to give anyone who possesses the object code either (1) a
258 | copy of the Corresponding Source for all the software in the
259 | product that is covered by this License, on a durable physical
260 | medium customarily used for software interchange, for a price no
261 | more than your reasonable cost of physically performing this
262 | conveying of source, or (2) access to copy the
263 | Corresponding Source from a network server at no charge.
264 | .
265 | c) Convey individual copies of the object code with a copy of the
266 | written offer to provide the Corresponding Source. This
267 | alternative is allowed only occasionally and noncommercially, and
268 | only if you received the object code with such an offer, in accord
269 | with subsection 6b.
270 | .
271 | d) Convey the object code by offering access from a designated
272 | place (gratis or for a charge), and offer equivalent access to the
273 | Corresponding Source in the same way through the same place at no
274 | further charge. You need not require recipients to copy the
275 | Corresponding Source along with the object code. If the place to
276 | copy the object code is a network server, the Corresponding Source
277 | may be on a different server (operated by you or a third party)
278 | that supports equivalent copying facilities, provided you maintain
279 | clear directions next to the object code saying where to find the
280 | Corresponding Source. Regardless of what server hosts the
281 | Corresponding Source, you remain obligated to ensure that it is
282 | available for as long as needed to satisfy these requirements.
283 | .
284 | e) Convey the object code using peer-to-peer transmission, provided
285 | you inform other peers where the object code and Corresponding
286 | Source of the work are being offered to the general public at no
287 | charge under subsection 6d.
288 | .
289 | A separable portion of the object code, whose source code is excluded
290 | from the Corresponding Source as a System Library, need not be
291 | included in conveying the object code work.
292 | .
293 | A "User Product" is either (1) a "consumer product", which means any
294 | tangible personal property which is normally used for personal, family,
295 | or household purposes, or (2) anything designed or sold for incorporation
296 | into a dwelling. In determining whether a product is a consumer product,
297 | doubtful cases shall be resolved in favor of coverage. For a particular
298 | product received by a particular user, "normally used" refers to a
299 | typical or common use of that class of product, regardless of the status
300 | of the particular user or of the way in which the particular user
301 | actually uses, or expects or is expected to use, the product. A product
302 | is a consumer product regardless of whether the product has substantial
303 | commercial, industrial or non-consumer uses, unless such uses represent
304 | the only significant mode of use of the product.
305 | .
306 | "Installation Information" for a User Product means any methods,
307 | procedures, authorization keys, or other information required to install
308 | and execute modified versions of a covered work in that User Product from
309 | a modified version of its Corresponding Source. The information must
310 | suffice to ensure that the continued functioning of the modified object
311 | code is in no case prevented or interfered with solely because
312 | modification has been made.
313 | .
314 | If you convey an object code work under this section in, or with, or
315 | specifically for use in, a User Product, and the conveying occurs as
316 | part of a transaction in which the right of possession and use of the
317 | User Product is transferred to the recipient in perpetuity or for a
318 | fixed term (regardless of how the transaction is characterized), the
319 | Corresponding Source conveyed under this section must be accompanied
320 | by the Installation Information. But this requirement does not apply
321 | if neither you nor any third party retains the ability to install
322 | modified object code on the User Product (for example, the work has
323 | been installed in ROM).
324 | .
325 | The requirement to provide Installation Information does not include a
326 | requirement to continue to provide support service, warranty, or updates
327 | for a work that has been modified or installed by the recipient, or for
328 | the User Product in which it has been modified or installed. Access to a
329 | network may be denied when the modification itself materially and
330 | adversely affects the operation of the network or violates the rules and
331 | protocols for communication across the network.
332 | .
333 | Corresponding Source conveyed, and Installation Information provided,
334 | in accord with this section must be in a format that is publicly
335 | documented (and with an implementation available to the public in
336 | source code form), and must require no special password or key for
337 | unpacking, reading or copying.
338 | .
339 | 7. Additional Terms.
340 | .
341 | "Additional permissions" are terms that supplement the terms of this
342 | License by making exceptions from one or more of its conditions.
343 | Additional permissions that are applicable to the entire Program shall
344 | be treated as though they were included in this License, to the extent
345 | that they are valid under applicable law. If additional permissions
346 | apply only to part of the Program, that part may be used separately
347 | under those permissions, but the entire Program remains governed by
348 | this License without regard to the additional permissions.
349 | .
350 | When you convey a copy of a covered work, you may at your option
351 | remove any additional permissions from that copy, or from any part of
352 | it. (Additional permissions may be written to require their own
353 | removal in certain cases when you modify the work.) You may place
354 | additional permissions on material, added by you to a covered work,
355 | for which you have or can give appropriate copyright permission.
356 | .
357 | Notwithstanding any other provision of this License, for material you
358 | add to a covered work, you may (if authorized by the copyright holders of
359 | that material) supplement the terms of this License with terms:
360 | .
361 | a) Disclaiming warranty or limiting liability differently from the
362 | terms of sections 15 and 16 of this License; or
363 | .
364 | b) Requiring preservation of specified reasonable legal notices or
365 | author attributions in that material or in the Appropriate Legal
366 | Notices displayed by works containing it; or
367 | .
368 | c) Prohibiting misrepresentation of the origin of that material, or
369 | requiring that modified versions of such material be marked in
370 | reasonable ways as different from the original version; or
371 | .
372 | d) Limiting the use for publicity purposes of names of licensors or
373 | authors of the material; or
374 | .
375 | e) Declining to grant rights under trademark law for use of some
376 | trade names, trademarks, or service marks; or
377 | .
378 | f) Requiring indemnification of licensors and authors of that
379 | material by anyone who conveys the material (or modified versions of
380 | it) with contractual assumptions of liability to the recipient, for
381 | any liability that these contractual assumptions directly impose on
382 | those licensors and authors.
383 | .
384 | All other non-permissive additional terms are considered "further
385 | restrictions" within the meaning of section 10. If the Program as you
386 | received it, or any part of it, contains a notice stating that it is
387 | governed by this License along with a term that is a further
388 | restriction, you may remove that term. If a license document contains
389 | a further restriction but permits relicensing or conveying under this
390 | License, you may add to a covered work material governed by the terms
391 | of that license document, provided that the further restriction does
392 | not survive such relicensing or conveying.
393 | .
394 | If you add terms to a covered work in accord with this section, you
395 | must place, in the relevant source files, a statement of the
396 | additional terms that apply to those files, or a notice indicating
397 | where to find the applicable terms.
398 | .
399 | Additional terms, permissive or non-permissive, may be stated in the
400 | form of a separately written license, or stated as exceptions;
401 | the above requirements apply either way.
402 | .
403 | 8. Termination.
404 | .
405 | You may not propagate or modify a covered work except as expressly
406 | provided under this License. Any attempt otherwise to propagate or
407 | modify it is void, and will automatically terminate your rights under
408 | this License (including any patent licenses granted under the third
409 | paragraph of section 11).
410 | .
411 | However, if you cease all violation of this License, then your
412 | license from a particular copyright holder is reinstated (a)
413 | provisionally, unless and until the copyright holder explicitly and
414 | finally terminates your license, and (b) permanently, if the copyright
415 | holder fails to notify you of the violation by some reasonable means
416 | prior to 60 days after the cessation.
417 | .
418 | Moreover, your license from a particular copyright holder is
419 | reinstated permanently if the copyright holder notifies you of the
420 | violation by some reasonable means, this is the first time you have
421 | received notice of violation of this License (for any work) from that
422 | copyright holder, and you cure the violation prior to 30 days after
423 | your receipt of the notice.
424 | .
425 | Termination of your rights under this section does not terminate the
426 | licenses of parties who have received copies or rights from you under
427 | this License. If your rights have been terminated and not permanently
428 | reinstated, you do not qualify to receive new licenses for the same
429 | material under section 10.
430 | .
431 | 9. Acceptance Not Required for Having Copies.
432 | .
433 | You are not required to accept this License in order to receive or
434 | run a copy of the Program. Ancillary propagation of a covered work
435 | occurring solely as a consequence of using peer-to-peer transmission
436 | to receive a copy likewise does not require acceptance. However,
437 | nothing other than this License grants you permission to propagate or
438 | modify any covered work. These actions infringe copyright if you do
439 | not accept this License. Therefore, by modifying or propagating a
440 | covered work, you indicate your acceptance of this License to do so.
441 | .
442 | 10. Automatic Licensing of Downstream Recipients.
443 | .
444 | Each time you convey a covered work, the recipient automatically
445 | receives a license from the original licensors, to run, modify and
446 | propagate that work, subject to this License. You are not responsible
447 | for enforcing compliance by third parties with this License.
448 | .
449 | An "entity transaction" is a transaction transferring control of an
450 | organization, or substantially all assets of one, or subdividing an
451 | organization, or merging organizations. If propagation of a covered
452 | work results from an entity transaction, each party to that
453 | transaction who receives a copy of the work also receives whatever
454 | licenses to the work the party's predecessor in interest had or could
455 | give under the previous paragraph, plus a right to possession of the
456 | Corresponding Source of the work from the predecessor in interest, if
457 | the predecessor has it or can get it with reasonable efforts.
458 | .
459 | You may not impose any further restrictions on the exercise of the
460 | rights granted or affirmed under this License. For example, you may
461 | not impose a license fee, royalty, or other charge for exercise of
462 | rights granted under this License, and you may not initiate litigation
463 | (including a cross-claim or counterclaim in a lawsuit) alleging that
464 | any patent claim is infringed by making, using, selling, offering for
465 | sale, or importing the Program or any portion of it.
466 | .
467 | 11. Patents.
468 | .
469 | A "contributor" is a copyright holder who authorizes use under this
470 | License of the Program or a work on which the Program is based. The
471 | work thus licensed is called the contributor's "contributor version".
472 | .
473 | A contributor's "essential patent claims" are all patent claims
474 | owned or controlled by the contributor, whether already acquired or
475 | hereafter acquired, that would be infringed by some manner, permitted
476 | by this License, of making, using, or selling its contributor version,
477 | but do not include claims that would be infringed only as a
478 | consequence of further modification of the contributor version. For
479 | purposes of this definition, "control" includes the right to grant
480 | patent sublicenses in a manner consistent with the requirements of
481 | this License.
482 | .
483 | Each contributor grants you a non-exclusive, worldwide, royalty-free
484 | patent license under the contributor's essential patent claims, to
485 | make, use, sell, offer for sale, import and otherwise run, modify and
486 | propagate the contents of its contributor version.
487 | .
488 | In the following three paragraphs, a "patent license" is any express
489 | agreement or commitment, however denominated, not to enforce a patent
490 | (such as an express permission to practice a patent or covenant not to
491 | sue for patent infringement). To "grant" such a patent license to a
492 | party means to make such an agreement or commitment not to enforce a
493 | patent against the party.
494 | .
495 | If you convey a covered work, knowingly relying on a patent license,
496 | and the Corresponding Source of the work is not available for anyone
497 | to copy, free of charge and under the terms of this License, through a
498 | publicly available network server or other readily accessible means,
499 | then you must either (1) cause the Corresponding Source to be so
500 | available, or (2) arrange to deprive yourself of the benefit of the
501 | patent license for this particular work, or (3) arrange, in a manner
502 | consistent with the requirements of this License, to extend the patent
503 | license to downstream recipients. "Knowingly relying" means you have
504 | actual knowledge that, but for the patent license, your conveying the
505 | covered work in a country, or your recipient's use of the covered work
506 | in a country, would infringe one or more identifiable patents in that
507 | country that you have reason to believe are valid.
508 | .
509 | If, pursuant to or in connection with a single transaction or
510 | arrangement, you convey, or propagate by procuring conveyance of, a
511 | covered work, and grant a patent license to some of the parties
512 | receiving the covered work authorizing them to use, propagate, modify
513 | or convey a specific copy of the covered work, then the patent license
514 | you grant is automatically extended to all recipients of the covered
515 | work and works based on it.
516 | .
517 | A patent license is "discriminatory" if it does not include within
518 | the scope of its coverage, prohibits the exercise of, or is
519 | conditioned on the non-exercise of one or more of the rights that are
520 | specifically granted under this License. You may not convey a covered
521 | work if you are a party to an arrangement with a third party that is
522 | in the business of distributing software, under which you make payment
523 | to the third party based on the extent of your activity of conveying
524 | the work, and under which the third party grants, to any of the
525 | parties who would receive the covered work from you, a discriminatory
526 | patent license (a) in connection with copies of the covered work
527 | conveyed by you (or copies made from those copies), or (b) primarily
528 | for and in connection with specific products or compilations that
529 | contain the covered work, unless you entered into that arrangement,
530 | or that patent license was granted, prior to 28 March 2007.
531 | .
532 | Nothing in this License shall be construed as excluding or limiting
533 | any implied license or other defenses to infringement that may
534 | otherwise be available to you under applicable patent law.
535 | .
536 | 12. No Surrender of Others' Freedom.
537 | .
538 | If conditions are imposed on you (whether by court order, agreement or
539 | otherwise) that contradict the conditions of this License, they do not
540 | excuse you from the conditions of this License. If you cannot convey a
541 | covered work so as to satisfy simultaneously your obligations under this
542 | License and any other pertinent obligations, then as a consequence you may
543 | not convey it at all. For example, if you agree to terms that obligate you
544 | to collect a royalty for further conveying from those to whom you convey
545 | the Program, the only way you could satisfy both those terms and this
546 | License would be to refrain entirely from conveying the Program.
547 | .
548 | 13. Remote Network Interaction; Use with the GNU General Public License.
549 | .
550 | Notwithstanding any other provision of this License, if you modify the
551 | Program, your modified version must prominently offer all users
552 | interacting with it remotely through a computer network (if your version
553 | supports such interaction) an opportunity to receive the Corresponding
554 | Source of your version by providing access to the Corresponding Source
555 | from a network server at no charge, through some standard or customary
556 | means of facilitating copying of software. This Corresponding Source
557 | shall include the Corresponding Source for any work covered by version 3
558 | of the GNU General Public License that is incorporated pursuant to the
559 | following paragraph.
560 | .
561 | Notwithstanding any other provision of this License, you have
562 | permission to link or combine any covered work with a work licensed
563 | under version 3 of the GNU General Public License into a single
564 | combined work, and to convey the resulting work. The terms of this
565 | License will continue to apply to the part which is the covered work,
566 | but the work with which it is combined will remain governed by version
567 | 3 of the GNU General Public License.
568 | .
569 | 14. Revised Versions of this License.
570 | .
571 | The Free Software Foundation may publish revised and/or new versions of
572 | the GNU Affero General Public License from time to time. Such new versions
573 | will be similar in spirit to the present version, but may differ in detail to
574 | address new problems or concerns.
575 | .
576 | Each version is given a distinguishing version number. If the
577 | Program specifies that a certain numbered version of the GNU Affero General
578 | Public License "or any later version" applies to it, you have the
579 | option of following the terms and conditions either of that numbered
580 | version or of any later version published by the Free Software
581 | Foundation. If the Program does not specify a version number of the
582 | GNU Affero General Public License, you may choose any version ever published
583 | by the Free Software Foundation.
584 | .
585 | If the Program specifies that a proxy can decide which future
586 | versions of the GNU Affero General Public License can be used, that proxy's
587 | public statement of acceptance of a version permanently authorizes you
588 | to choose that version for the Program.
589 | .
590 | Later license versions may give you additional or different
591 | permissions. However, no additional obligations are imposed on any
592 | author or copyright holder as a result of your choosing to follow a
593 | later version.
594 | .
595 | 15. Disclaimer of Warranty.
596 | .
597 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
598 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
599 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
600 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
601 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
602 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
603 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
604 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
605 | .
606 | 16. Limitation of Liability.
607 | .
608 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
609 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
610 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
611 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
612 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
613 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
614 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
615 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
616 | SUCH DAMAGES.
617 | .
618 | 17. Interpretation of Sections 15 and 16.
619 | .
620 | If the disclaimer of warranty and limitation of liability provided
621 | above cannot be given local legal effect according to their terms,
622 | reviewing courts shall apply local law that most closely approximates
623 | an absolute waiver of all civil liability in connection with the
624 | Program, unless a warranty or assumption of liability accompanies a
625 | copy of the Program in return for a fee.
626 | .
627 | END OF TERMS AND CONDITIONS
628 | .
629 | How to Apply These Terms to Your New Programs
630 | .
631 | If you develop a new program, and you want it to be of the greatest
632 | possible use to the public, the best way to achieve this is to make it
633 | free software which everyone can redistribute and change under these terms.
634 | .
635 | To do so, attach the following notices to the program. It is safest
636 | to attach them to the start of each source file to most effectively
637 | state the exclusion of warranty; and each file should have at least
638 | the "copyright" line and a pointer to where the full notice is found.
639 | .
640 |
641 | Copyright (C)
642 | .
643 | This program is free software: you can redistribute it and/or modify
644 | it under the terms of the GNU Affero General Public License as published by
645 | the Free Software Foundation, either version 3 of the License, or
646 | (at your option) any later version.
647 | .
648 | This program is distributed in the hope that it will be useful,
649 | but WITHOUT ANY WARRANTY; without even the implied warranty of
650 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
651 | GNU Affero General Public License for more details.
652 | .
653 | You should have received a copy of the GNU Affero General Public License
654 | along with this program. If not, see .
655 | .
656 | Also add information on how to contact you by electronic and paper mail.
657 | .
658 | If your software can interact with users remotely through a computer
659 | network, you should also make sure that it provides a way for users to
660 | get its source. For example, if your program is a web application, its
661 | interface could display a "Source" link that leads users to an archive
662 | of the code. There are many ways you could offer source, and different
663 | solutions will be better for different programs; see section 13 for the
664 | specific requirements.
665 | .
666 | You should also get your employer (if you work as a programmer) or school,
667 | if any, to sign a "copyright disclaimer" for the program, if necessary.
668 | For more information on this, and how to apply and follow the GNU AGPL, see
669 | .
670 | .
671 | The copyright holders grant you an additional permission under Section 7
672 | of the GNU Affero General Public License, version 3, exempting you from
673 | the requirement in Section 6 of the GNU General Public License, version 3,
674 | to accompany Corresponding Source with Installation Information for the
675 | Program or any work based on the Program. You are still required to
676 | comply with all other Section 6 requirements to provide Corresponding
677 | Source.
678 |
--------------------------------------------------------------------------------