191094Sdes/*-
2115619Sdes * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
3228690Sdes * Copyright (c) 2004-2011 Dag-Erling Sm��rgrav
491094Sdes * All rights reserved.
591094Sdes *
691094Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and
799158Sdes * Network Associates Laboratories, the Security Research Division of
899158Sdes * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
999158Sdes * ("CBOSS"), as part of the DARPA CHATS research program.
1091094Sdes *
1191094Sdes * Redistribution and use in source and binary forms, with or without
1291094Sdes * modification, are permitted provided that the following conditions
1391094Sdes * are met:
1491094Sdes * 1. Redistributions of source code must retain the above copyright
1591094Sdes *    notice, this list of conditions and the following disclaimer.
1691094Sdes * 2. Redistributions in binary form must reproduce the above copyright
1791094Sdes *    notice, this list of conditions and the following disclaimer in the
1891094Sdes *    documentation and/or other materials provided with the distribution.
1991094Sdes * 3. The name of the author may not be used to endorse or promote
2091094Sdes *    products derived from this software without specific prior written
2191094Sdes *    permission.
2291094Sdes *
2391094Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
2491094Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2591094Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2691094Sdes * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
2791094Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2891094Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2991094Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3091094Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3191094Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3291094Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3391094Sdes * SUCH DAMAGE.
3491094Sdes *
35255376Sdes * $Id: openpam_impl.h 648 2013-03-05 17:54:27Z des $
3691094Sdes */
3791094Sdes
38228690Sdes#ifndef OPENPAM_IMPL_H_INCLUDED
39228690Sdes#define OPENPAM_IMPL_H_INCLUDED
4091094Sdes
4191094Sdes#include <security/openpam.h>
4291094Sdes
43228690Sdesextern int openpam_debug;
4491094Sdes
4591094Sdes/*
4691094Sdes * Control flags
4791094Sdes */
48115619Sdestypedef enum {
49115619Sdes	PAM_BINDING,
50115619Sdes	PAM_REQUIRED,
51115619Sdes	PAM_REQUISITE,
52115619Sdes	PAM_SUFFICIENT,
53115619Sdes	PAM_OPTIONAL,
54115619Sdes	PAM_NUM_CONTROL_FLAGS
55115619Sdes} pam_control_t;
5691094Sdes
5791094Sdes/*
58115619Sdes * Facilities
5991094Sdes */
60115619Sdestypedef enum {
61115619Sdes	PAM_FACILITY_ANY = -1,
62115619Sdes	PAM_AUTH = 0,
63115619Sdes	PAM_ACCOUNT,
64115619Sdes	PAM_SESSION,
65115619Sdes	PAM_PASSWORD,
66115619Sdes	PAM_NUM_FACILITIES
67115619Sdes} pam_facility_t;
6891094Sdes
69228690Sdes/*
70228690Sdes * Module chains
71228690Sdes */
7291094Sdestypedef struct pam_chain pam_chain_t;
7391094Sdesstruct pam_chain {
7491094Sdes	pam_module_t	*module;
7591094Sdes	int		 flag;
7691094Sdes	int		 optc;
7791094Sdes	char	       **optv;
7891094Sdes	pam_chain_t	*next;
7991094Sdes};
8091094Sdes
81228690Sdes/*
82228690Sdes * Service policies
83228690Sdes */
84228690Sdes#if defined(OPENPAM_EMBEDDED)
85228690Sdestypedef struct pam_policy pam_policy_t;
86228690Sdesstruct pam_policy {
87228690Sdes	const char	*service;
88228690Sdes	pam_chain_t	*chains[PAM_NUM_FACILITIES];
89228690Sdes};
90228690Sdesextern pam_policy_t *pam_embedded_policies[];
91228690Sdes#endif
92228690Sdes
93228690Sdes/*
94228690Sdes * Module-specific data
95228690Sdes */
9691094Sdestypedef struct pam_data pam_data_t;
9791094Sdesstruct pam_data {
9891094Sdes	char		*name;
9991094Sdes	void		*data;
10091094Sdes	void		(*cleanup)(pam_handle_t *, void *, int);
10191094Sdes	pam_data_t	*next;
10291094Sdes};
10391094Sdes
104228690Sdes/*
105228690Sdes * PAM context
106228690Sdes */
10791094Sdesstruct pam_handle {
10891094Sdes	char		*service;
10991094Sdes
11091094Sdes	/* chains */
111115619Sdes	pam_chain_t	*chains[PAM_NUM_FACILITIES];
11291094Sdes	pam_chain_t	*current;
113107937Sdes	int		 primitive;
11491094Sdes
11591094Sdes	/* items and data */
11691094Sdes	void		*item[PAM_NUM_ITEMS];
11791094Sdes	pam_data_t	*module_data;
11891094Sdes
11991094Sdes	/* environment list */
12091094Sdes	char	       **env;
12191094Sdes	int		 env_count;
12291094Sdes	int		 env_size;
12391094Sdes};
12491094Sdes
125228690Sdes/*
126228690Sdes * Default policy
127228690Sdes */
12891094Sdes#define PAM_OTHER	"other"
12991094Sdes
130228690Sdes/*
131228690Sdes * Internal functions
132228690Sdes */
133115619Sdesint		 openpam_configure(pam_handle_t *, const char *);
134115619Sdesint		 openpam_dispatch(pam_handle_t *, int, int);
135115619Sdesint		 openpam_findenv(pam_handle_t *, const char *, size_t);
136115619Sdespam_module_t	*openpam_load_module(const char *);
137115619Sdesvoid		 openpam_clear_chains(pam_chain_t **);
13891094Sdes
139228690Sdesint		 openpam_check_desc_owner_perms(const char *, int);
140228690Sdesint		 openpam_check_path_owner_perms(const char *);
141228690Sdes
14291100Sdes#ifdef OPENPAM_STATIC_MODULES
143115619Sdespam_module_t	*openpam_static(const char *);
14491094Sdes#endif
145115619Sdespam_module_t	*openpam_dynamic(const char *);
14691100Sdes
147236099Sdes#define	FREE(p)					\
148236099Sdes	do {					\
149236099Sdes		free(p);			\
150236099Sdes		(p) = NULL;			\
151236099Sdes	} while (0)
152115619Sdes
153236099Sdes#define FREEV(c, v)				\
154236099Sdes	do {					\
155236099Sdes		while (c) {			\
156236099Sdes			--(c);			\
157236099Sdes			FREE((v)[(c)]);		\
158236099Sdes		}				\
159236099Sdes		FREE(v);			\
160236099Sdes	} while (0)
161236099Sdes
162228690Sdes#include "openpam_constants.h"
163228690Sdes#include "openpam_debug.h"
164236099Sdes#include "openpam_features.h"
165107937Sdes
166107937Sdes#endif
167