openpam.h revision 115619
191094Sdes/*- 2115619Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 391094Sdes * All rights reserved. 491094Sdes * 591094Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and 699158Sdes * Network Associates Laboratories, the Security Research Division of 799158Sdes * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 899158Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 991094Sdes * 1091094Sdes * Redistribution and use in source and binary forms, with or without 1191094Sdes * modification, are permitted provided that the following conditions 1291094Sdes * are met: 1391094Sdes * 1. Redistributions of source code must retain the above copyright 1491094Sdes * notice, this list of conditions and the following disclaimer. 1591094Sdes * 2. Redistributions in binary form must reproduce the above copyright 1691094Sdes * notice, this list of conditions and the following disclaimer in the 1791094Sdes * documentation and/or other materials provided with the distribution. 1891094Sdes * 3. The name of the author may not be used to endorse or promote 1991094Sdes * products derived from this software without specific prior written 2091094Sdes * permission. 2191094Sdes * 2291094Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2391094Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2491094Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2591094Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2691094Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2791094Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2891094Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2991094Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3091094Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3191094Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3291094Sdes * SUCH DAMAGE. 3391094Sdes * 34115619Sdes * $P4: //depot/projects/openpam/include/security/openpam.h#24 $ 3591094Sdes */ 3691094Sdes 3791094Sdes#ifndef _SECURITY_OPENPAM_H_INCLUDED 3891094Sdes#define _SECURITY_OPENPAM_H_INCLUDED 3991094Sdes 4091094Sdes/* 4191094Sdes * Annoying but necessary header pollution 4291094Sdes */ 4391094Sdes#include <stdarg.h> 4491094Sdes 4591094Sdes#ifdef __cplusplus 4691094Sdesextern "C" { 4791094Sdes#endif 4891094Sdes 4994209Sdesstruct passwd; 5094209Sdes 5191094Sdes/* 5291094Sdes * API extensions 5391094Sdes */ 5494209Sdesint 5594209Sdesopenpam_borrow_cred(pam_handle_t *_pamh, 5694209Sdes const struct passwd *_pwd); 5794209Sdes 5894209Sdesvoid 5994209Sdesopenpam_free_data(pam_handle_t *_pamh, 6094209Sdes void *_data, 6194209Sdes int _status); 6294209Sdes 6391100Sdesconst char * 6491100Sdesopenpam_get_option(pam_handle_t *_pamh, 6591100Sdes const char *_option); 6691100Sdes 6791094Sdesint 6894209Sdesopenpam_restore_cred(pam_handle_t *_pamh); 6994209Sdes 7094209Sdesint 7191100Sdesopenpam_set_option(pam_handle_t *_pamh, 7291100Sdes const char *_option, 7391100Sdes const char *_value); 7491100Sdes 7591100Sdesint 7691094Sdespam_error(pam_handle_t *_pamh, 7791094Sdes const char *_fmt, 7891094Sdes ...); 7991094Sdes 8091094Sdesint 8191094Sdespam_get_authtok(pam_handle_t *_pamh, 8293982Sdes int _item, 8391094Sdes const char **_authtok, 8491094Sdes const char *_prompt); 8591094Sdes 8691094Sdesint 8791094Sdespam_info(pam_handle_t *_pamh, 8891094Sdes const char *_fmt, 8991094Sdes ...); 9091094Sdes 9191094Sdesint 9291094Sdespam_prompt(pam_handle_t *_pamh, 9391094Sdes int _style, 9491094Sdes char **_resp, 9591094Sdes const char *_fmt, 9691094Sdes ...); 9791094Sdes 9891094Sdesint 9991094Sdespam_setenv(pam_handle_t *_pamh, 10091094Sdes const char *_name, 10191094Sdes const char *_value, 10291094Sdes int _overwrite); 10391094Sdes 10491094Sdesint 10591094Sdespam_vinfo(pam_handle_t *_pamh, 10691094Sdes const char *_fmt, 10791094Sdes va_list _ap); 10891094Sdes 10991094Sdesint 11091094Sdespam_verror(pam_handle_t *_pamh, 11191094Sdes const char *_fmt, 11291094Sdes va_list _ap); 11391094Sdes 11491094Sdesint 11591094Sdespam_vprompt(pam_handle_t *_pamh, 11691094Sdes int _style, 11791094Sdes char **_resp, 11891094Sdes const char *_fmt, 11991094Sdes va_list _ap); 12091094Sdes 12191094Sdes/* 122115619Sdes * Read cooked lines. 123115619Sdes * Checking for FOPEN_MAX is a fairly reliable way to detect the presence 124115619Sdes * of <stdio.h> 125115619Sdes */ 126115619Sdes#ifdef FOPEN_MAX 127115619Sdeschar * 128115619Sdesopenpam_readline(FILE *_f, 129115619Sdes int *_lineno, 130115619Sdes size_t *_lenp); 131115619Sdes#endif 132115619Sdes 133115619Sdes/* 13491094Sdes * Log levels 13591094Sdes */ 13691094Sdesenum { 13791094Sdes PAM_LOG_DEBUG, 13891094Sdes PAM_LOG_VERBOSE, 13991094Sdes PAM_LOG_NOTICE, 14091094Sdes PAM_LOG_ERROR 14191094Sdes}; 14291094Sdes 14391094Sdes/* 14491094Sdes * Log to syslog 14591094Sdes */ 14693982Sdesvoid 14793982Sdes_openpam_log(int _level, 14891094Sdes const char *_func, 14991094Sdes const char *_fmt, 15091094Sdes ...); 15191094Sdes 15297241Sdes#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 15397241Sdes#define openpam_log(lvl, ...) \ 15497241Sdes _openpam_log((lvl), __func__, __VA_ARGS__) 15597241Sdes#elif defined(__GNUC__) && (__GNUC__ >= 3) 15697241Sdes#define openpam_log(lvl, ...) \ 15797241Sdes _openpam_log((lvl), __func__, __VA_ARGS__) 15893982Sdes#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 15994562Sdes#define openpam_log(lvl, fmt...) \ 16094878Sdes _openpam_log((lvl), __func__, ##fmt) 16193982Sdes#elif defined(__GNUC__) && defined(__FUNCTION__) 16291094Sdes#define openpam_log(lvl, fmt...) \ 16393982Sdes _openpam_log((lvl), __FUNCTION__, ##fmt) 16491094Sdes#else 16593982Sdesvoid 16693982Sdesopenpam_log(int _level, 16793982Sdes const char *_format, 16893982Sdes ...); 16991094Sdes#endif 17091094Sdes 17191094Sdes/* 17291094Sdes * Generic conversation function 17391094Sdes */ 17491094Sdesstruct pam_message; 17591094Sdesstruct pam_response; 17691094Sdesint openpam_ttyconv(int _n, 17791094Sdes const struct pam_message **_msg, 17891094Sdes struct pam_response **_resp, 17991094Sdes void *_data); 18091094Sdes 18191094Sdes/* 18295908Sdes * Null conversation function 18395908Sdes */ 18495908Sdesint openpam_nullconv(int _n, 18595908Sdes const struct pam_message **_msg, 18695908Sdes struct pam_response **_resp, 18795908Sdes void *_data); 18895908Sdes 18995908Sdes/* 19091094Sdes * PAM primitives 19191094Sdes */ 19291094Sdesenum { 19391094Sdes PAM_SM_AUTHENTICATE, 19491094Sdes PAM_SM_SETCRED, 19591094Sdes PAM_SM_ACCT_MGMT, 19691094Sdes PAM_SM_OPEN_SESSION, 19791094Sdes PAM_SM_CLOSE_SESSION, 19891094Sdes PAM_SM_CHAUTHTOK, 19991094Sdes /* keep this last */ 20091094Sdes PAM_NUM_PRIMITIVES 20191094Sdes}; 20291094Sdes 20391094Sdes/* 20491094Sdes * Dummy service module function 20591094Sdes */ 20691094Sdes#define PAM_SM_DUMMY(type) \ 20791094SdesPAM_EXTERN int \ 20891094Sdespam_sm_##type(pam_handle_t *pamh, int flags, \ 20991094Sdes int argc, const char *argv[]) \ 21091094Sdes{ \ 21191094Sdes return (PAM_IGNORE); \ 21291094Sdes} 21391094Sdes 21491094Sdes/* 21591094Sdes * PAM service module functions match this typedef 21691094Sdes */ 21791094Sdesstruct pam_handle; 21891094Sdestypedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 21991094Sdes 22091094Sdes/* 22191094Sdes * A struct that describes a module. 22291094Sdes */ 22391094Sdestypedef struct pam_module pam_module_t; 22491094Sdesstruct pam_module { 22591684Sdes char *path; 22691094Sdes pam_func_t func[PAM_NUM_PRIMITIVES]; 22791094Sdes void *dlh; 22891094Sdes int refcount; 22991094Sdes pam_module_t *prev; 23091094Sdes pam_module_t *next; 23191094Sdes}; 23291094Sdes 23391094Sdes/* 23494532Sdes * Source-code compatibility with Linux-PAM modules 23594532Sdes */ 23694532Sdes#if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 23794532Sdes defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 23894532Sdes#define LINUX_PAM_MODULE 23994532Sdes#endif 24094532Sdes#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 24194532Sdes#define _PAM_SM_AUTHENTICATE 0 24294532Sdes#define _PAM_SM_SETCRED 0 24394532Sdes#else 24494532Sdes#undef PAM_SM_AUTH 24594532Sdes#define PAM_SM_AUTH 24694532Sdes#define _PAM_SM_AUTHENTICATE pam_sm_authenticate 24794532Sdes#define _PAM_SM_SETCRED pam_sm_setcred 24894532Sdes#endif 24994532Sdes#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 25094532Sdes#define _PAM_SM_ACCT_MGMT 0 25194532Sdes#else 25294532Sdes#undef PAM_SM_ACCOUNT 25394532Sdes#define PAM_SM_ACCOUNT 25494532Sdes#define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 25594532Sdes#endif 25694532Sdes#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 25794532Sdes#define _PAM_SM_OPEN_SESSION 0 25894532Sdes#define _PAM_SM_CLOSE_SESSION 0 25994532Sdes#else 26094532Sdes#undef PAM_SM_SESSION 26194532Sdes#define PAM_SM_SESSION 26294532Sdes#define _PAM_SM_OPEN_SESSION pam_sm_open_session 26394532Sdes#define _PAM_SM_CLOSE_SESSION pam_sm_close_session 26494532Sdes#endif 26594532Sdes#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 26694532Sdes#define _PAM_SM_CHAUTHTOK 0 26794532Sdes#else 26894532Sdes#undef PAM_SM_PASSWORD 26994532Sdes#define PAM_SM_PASSWORD 27094532Sdes#define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 27194532Sdes#endif 27294532Sdes 27394532Sdes/* 27491094Sdes * Infrastructure for static modules using GCC linker sets. 27591094Sdes * You are not expected to understand this. 27691094Sdes */ 27791094Sdes#if defined(__FreeBSD__) 27891094Sdes#define PAM_SOEXT ".so" 27991094Sdes#else 28093982Sdes#ifndef NO_STATIC_MODULES 28193982Sdes#define NO_STATIC_MODULES 28291094Sdes#endif 28393982Sdes#endif 28493982Sdes#if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) 28591094Sdes/* gcc, static linking */ 28691094Sdes#include <sys/cdefs.h> 28791094Sdes#include <linker_set.h> 28891094Sdes#define OPENPAM_STATIC_MODULES 28991094Sdes#define PAM_EXTERN static 29091094Sdes#define PAM_MODULE_ENTRY(name) \ 29191684Sdesstatic char _pam_name[] = name PAM_SOEXT; \ 29291684Sdesstatic struct pam_module _pam_module = { _pam_name, { \ 29394532Sdes _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \ 29494532Sdes _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \ 29591094Sdes NULL, 0, NULL, NULL }; \ 29691100SdesDATA_SET(_openpam_static_modules, _pam_module) 29791094Sdes#else 29891094Sdes/* normal case */ 29991094Sdes#define PAM_EXTERN 30091094Sdes#define PAM_MODULE_ENTRY(name) 30191094Sdes#endif 30291094Sdes 30391094Sdes#ifdef __cplusplus 30491094Sdes} 30591094Sdes#endif 30691094Sdes 30791094Sdes#endif 308