191094Sdes/*- 2115619Sdes * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 3228690Sdes * Copyright (c) 2004-2011 Dag-Erling Sm��rgrav 491094Sdes * All rights reserved. 591094Sdes * 691094Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and 799158Sdes * Network Associates Laboratories, the Security Research Division of 899158Sdes * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 999158Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 1091094Sdes * 1191094Sdes * Redistribution and use in source and binary forms, with or without 1291094Sdes * modification, are permitted provided that the following conditions 1391094Sdes * are met: 1491094Sdes * 1. Redistributions of source code must retain the above copyright 1591094Sdes * notice, this list of conditions and the following disclaimer. 1691094Sdes * 2. Redistributions in binary form must reproduce the above copyright 1791094Sdes * notice, this list of conditions and the following disclaimer in the 1891094Sdes * documentation and/or other materials provided with the distribution. 1991094Sdes * 3. The name of the author may not be used to endorse or promote 2091094Sdes * products derived from this software without specific prior written 2191094Sdes * permission. 2291094Sdes * 2391094Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2491094Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2591094Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2691094Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2791094Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2891094Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2991094Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3091094Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3191094Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3291094Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3391094Sdes * SUCH DAMAGE. 3491094Sdes * 35255376Sdes * $Id: openpam_impl.h 648 2013-03-05 17:54:27Z des $ 3691094Sdes */ 3791094Sdes 38228690Sdes#ifndef OPENPAM_IMPL_H_INCLUDED 39228690Sdes#define OPENPAM_IMPL_H_INCLUDED 4091094Sdes 4191094Sdes#include <security/openpam.h> 4291094Sdes 43228690Sdesextern int openpam_debug; 4491094Sdes 4591094Sdes/* 4691094Sdes * Control flags 4791094Sdes */ 48115619Sdestypedef enum { 49115619Sdes PAM_BINDING, 50115619Sdes PAM_REQUIRED, 51115619Sdes PAM_REQUISITE, 52115619Sdes PAM_SUFFICIENT, 53115619Sdes PAM_OPTIONAL, 54115619Sdes PAM_NUM_CONTROL_FLAGS 55115619Sdes} pam_control_t; 5691094Sdes 5791094Sdes/* 58115619Sdes * Facilities 5991094Sdes */ 60115619Sdestypedef enum { 61115619Sdes PAM_FACILITY_ANY = -1, 62115619Sdes PAM_AUTH = 0, 63115619Sdes PAM_ACCOUNT, 64115619Sdes PAM_SESSION, 65115619Sdes PAM_PASSWORD, 66115619Sdes PAM_NUM_FACILITIES 67115619Sdes} pam_facility_t; 6891094Sdes 69228690Sdes/* 70228690Sdes * Module chains 71228690Sdes */ 7291094Sdestypedef struct pam_chain pam_chain_t; 7391094Sdesstruct pam_chain { 7491094Sdes pam_module_t *module; 7591094Sdes int flag; 7691094Sdes int optc; 7791094Sdes char **optv; 7891094Sdes pam_chain_t *next; 7991094Sdes}; 8091094Sdes 81228690Sdes/* 82228690Sdes * Service policies 83228690Sdes */ 84228690Sdes#if defined(OPENPAM_EMBEDDED) 85228690Sdestypedef struct pam_policy pam_policy_t; 86228690Sdesstruct pam_policy { 87228690Sdes const char *service; 88228690Sdes pam_chain_t *chains[PAM_NUM_FACILITIES]; 89228690Sdes}; 90228690Sdesextern pam_policy_t *pam_embedded_policies[]; 91228690Sdes#endif 92228690Sdes 93228690Sdes/* 94228690Sdes * Module-specific data 95228690Sdes */ 9691094Sdestypedef struct pam_data pam_data_t; 9791094Sdesstruct pam_data { 9891094Sdes char *name; 9991094Sdes void *data; 10091094Sdes void (*cleanup)(pam_handle_t *, void *, int); 10191094Sdes pam_data_t *next; 10291094Sdes}; 10391094Sdes 104228690Sdes/* 105228690Sdes * PAM context 106228690Sdes */ 10791094Sdesstruct pam_handle { 10891094Sdes char *service; 10991094Sdes 11091094Sdes /* chains */ 111115619Sdes pam_chain_t *chains[PAM_NUM_FACILITIES]; 11291094Sdes pam_chain_t *current; 113107937Sdes int primitive; 11491094Sdes 11591094Sdes /* items and data */ 11691094Sdes void *item[PAM_NUM_ITEMS]; 11791094Sdes pam_data_t *module_data; 11891094Sdes 11991094Sdes /* environment list */ 12091094Sdes char **env; 12191094Sdes int env_count; 12291094Sdes int env_size; 12391094Sdes}; 12491094Sdes 125228690Sdes/* 126228690Sdes * Default policy 127228690Sdes */ 12891094Sdes#define PAM_OTHER "other" 12991094Sdes 130228690Sdes/* 131228690Sdes * Internal functions 132228690Sdes */ 133115619Sdesint openpam_configure(pam_handle_t *, const char *); 134115619Sdesint openpam_dispatch(pam_handle_t *, int, int); 135115619Sdesint openpam_findenv(pam_handle_t *, const char *, size_t); 136115619Sdespam_module_t *openpam_load_module(const char *); 137115619Sdesvoid openpam_clear_chains(pam_chain_t **); 13891094Sdes 139228690Sdesint openpam_check_desc_owner_perms(const char *, int); 140228690Sdesint openpam_check_path_owner_perms(const char *); 141228690Sdes 14291100Sdes#ifdef OPENPAM_STATIC_MODULES 143115619Sdespam_module_t *openpam_static(const char *); 14491094Sdes#endif 145115619Sdespam_module_t *openpam_dynamic(const char *); 14691100Sdes 147236099Sdes#define FREE(p) \ 148236099Sdes do { \ 149236099Sdes free(p); \ 150236099Sdes (p) = NULL; \ 151236099Sdes } while (0) 152115619Sdes 153236099Sdes#define FREEV(c, v) \ 154236099Sdes do { \ 155236099Sdes while (c) { \ 156236099Sdes --(c); \ 157236099Sdes FREE((v)[(c)]); \ 158236099Sdes } \ 159236099Sdes FREE(v); \ 160236099Sdes } while (0) 161236099Sdes 162228690Sdes#include "openpam_constants.h" 163228690Sdes#include "openpam_debug.h" 164236099Sdes#include "openpam_features.h" 165107937Sdes 166107937Sdes#endif 167