1/*-
2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2011 Dag-Erling Sm��rgrav
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 * products derived from this software without specific prior written
21 * permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
| 1/*-
2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2011 Dag-Erling Sm��rgrav
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 * products derived from this software without specific prior written
21 * permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
|
35 * $Id: openpam_impl.h 499 2011-11-22 11:51:50Z des $
| 35 * $Id: openpam_impl.h 594 2012-04-14 14:18:41Z des $
|
36 */
37
38#ifndef OPENPAM_IMPL_H_INCLUDED
39#define OPENPAM_IMPL_H_INCLUDED
40
41#include <security/openpam.h>
42
43extern int openpam_debug;
44
45/*
46 * Control flags
47 */
48typedef enum {
49 PAM_BINDING,
50 PAM_REQUIRED,
51 PAM_REQUISITE,
52 PAM_SUFFICIENT,
53 PAM_OPTIONAL,
54 PAM_NUM_CONTROL_FLAGS
55} pam_control_t;
56
57/*
58 * Facilities
59 */
60typedef enum {
61 PAM_FACILITY_ANY = -1,
62 PAM_AUTH = 0,
63 PAM_ACCOUNT,
64 PAM_SESSION,
65 PAM_PASSWORD,
66 PAM_NUM_FACILITIES
67} pam_facility_t;
68
69/*
70 * Module chains
71 */
72typedef struct pam_chain pam_chain_t;
73struct pam_chain {
74 pam_module_t *module;
75 int flag;
76 int optc;
77 char **optv;
78 pam_chain_t *next;
79};
80
81/*
82 * Service policies
83 */
84#if defined(OPENPAM_EMBEDDED)
85typedef struct pam_policy pam_policy_t;
86struct pam_policy {
87 const char *service;
88 pam_chain_t *chains[PAM_NUM_FACILITIES];
89};
90extern pam_policy_t *pam_embedded_policies[];
91#endif
92
93/*
94 * Module-specific data
95 */
96typedef struct pam_data pam_data_t;
97struct pam_data {
98 char *name;
99 void *data;
100 void (*cleanup)(pam_handle_t *, void *, int);
101 pam_data_t *next;
102};
103
104/*
105 * PAM context
106 */
107struct pam_handle {
108 char *service;
109
110 /* chains */
111 pam_chain_t *chains[PAM_NUM_FACILITIES];
112 pam_chain_t *current;
113 int primitive;
114
115 /* items and data */
116 void *item[PAM_NUM_ITEMS];
117 pam_data_t *module_data;
118
119 /* environment list */
120 char **env;
121 int env_count;
122 int env_size;
123};
124
125#ifdef NGROUPS_MAX
126/*
127 * Saved credentials
128 */
129#define PAM_SAVED_CRED "pam_saved_cred"
130struct pam_saved_cred {
131 uid_t euid;
132 gid_t egid;
133 gid_t groups[NGROUPS_MAX];
134 int ngroups;
135};
136#endif
137
138/*
139 * Default policy
140 */
141#define PAM_OTHER "other"
142
143/*
144 * Internal functions
145 */
146int openpam_configure(pam_handle_t *, const char *);
147int openpam_dispatch(pam_handle_t *, int, int);
148int openpam_findenv(pam_handle_t *, const char *, size_t);
149pam_module_t *openpam_load_module(const char *);
150void openpam_clear_chains(pam_chain_t **);
151
152int openpam_check_desc_owner_perms(const char *, int);
153int openpam_check_path_owner_perms(const char *);
154
155#ifdef OPENPAM_STATIC_MODULES
156pam_module_t *openpam_static(const char *);
157#endif
158pam_module_t *openpam_dynamic(const char *);
159
| 36 */
37
38#ifndef OPENPAM_IMPL_H_INCLUDED
39#define OPENPAM_IMPL_H_INCLUDED
40
41#include <security/openpam.h>
42
43extern int openpam_debug;
44
45/*
46 * Control flags
47 */
48typedef enum {
49 PAM_BINDING,
50 PAM_REQUIRED,
51 PAM_REQUISITE,
52 PAM_SUFFICIENT,
53 PAM_OPTIONAL,
54 PAM_NUM_CONTROL_FLAGS
55} pam_control_t;
56
57/*
58 * Facilities
59 */
60typedef enum {
61 PAM_FACILITY_ANY = -1,
62 PAM_AUTH = 0,
63 PAM_ACCOUNT,
64 PAM_SESSION,
65 PAM_PASSWORD,
66 PAM_NUM_FACILITIES
67} pam_facility_t;
68
69/*
70 * Module chains
71 */
72typedef struct pam_chain pam_chain_t;
73struct pam_chain {
74 pam_module_t *module;
75 int flag;
76 int optc;
77 char **optv;
78 pam_chain_t *next;
79};
80
81/*
82 * Service policies
83 */
84#if defined(OPENPAM_EMBEDDED)
85typedef struct pam_policy pam_policy_t;
86struct pam_policy {
87 const char *service;
88 pam_chain_t *chains[PAM_NUM_FACILITIES];
89};
90extern pam_policy_t *pam_embedded_policies[];
91#endif
92
93/*
94 * Module-specific data
95 */
96typedef struct pam_data pam_data_t;
97struct pam_data {
98 char *name;
99 void *data;
100 void (*cleanup)(pam_handle_t *, void *, int);
101 pam_data_t *next;
102};
103
104/*
105 * PAM context
106 */
107struct pam_handle {
108 char *service;
109
110 /* chains */
111 pam_chain_t *chains[PAM_NUM_FACILITIES];
112 pam_chain_t *current;
113 int primitive;
114
115 /* items and data */
116 void *item[PAM_NUM_ITEMS];
117 pam_data_t *module_data;
118
119 /* environment list */
120 char **env;
121 int env_count;
122 int env_size;
123};
124
125#ifdef NGROUPS_MAX
126/*
127 * Saved credentials
128 */
129#define PAM_SAVED_CRED "pam_saved_cred"
130struct pam_saved_cred {
131 uid_t euid;
132 gid_t egid;
133 gid_t groups[NGROUPS_MAX];
134 int ngroups;
135};
136#endif
137
138/*
139 * Default policy
140 */
141#define PAM_OTHER "other"
142
143/*
144 * Internal functions
145 */
146int openpam_configure(pam_handle_t *, const char *);
147int openpam_dispatch(pam_handle_t *, int, int);
148int openpam_findenv(pam_handle_t *, const char *, size_t);
149pam_module_t *openpam_load_module(const char *);
150void openpam_clear_chains(pam_chain_t **);
151
152int openpam_check_desc_owner_perms(const char *, int);
153int openpam_check_path_owner_perms(const char *);
154
155#ifdef OPENPAM_STATIC_MODULES
156pam_module_t *openpam_static(const char *);
157#endif
158pam_module_t *openpam_dynamic(const char *);
159
|
160#define FREE(p) do { free((p)); (p) = NULL; } while (0)
| 160#define FREE(p) \
161 do { \
162 free(p); \
163 (p) = NULL; \
164 } while (0)
|
161
| 165
|
| 166#define FREEV(c, v) \
167 do { \
168 while (c) { \
169 --(c); \
170 FREE((v)[(c)]); \
171 } \
172 FREE(v); \
173 } while (0)
174
|
162#include "openpam_constants.h"
163#include "openpam_debug.h"
| 175#include "openpam_constants.h"
176#include "openpam_debug.h"
|
| 177#include "openpam_features.h"
|
164
165#endif
| 178
179#endif
|