openpam.h revision 117610
1/*- 2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by ThinkSec AS and 6 * Network Associates Laboratories, the Security Research Division of 7 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 8 * ("CBOSS"), as part of the DARPA CHATS research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote 19 * products derived from this software without specific prior written 20 * permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $P4: //depot/projects/openpam/include/security/openpam.h#26 $ 35 */ 36 37#ifndef _SECURITY_OPENPAM_H_INCLUDED 38#define _SECURITY_OPENPAM_H_INCLUDED 39 40/* 41 * Annoying but necessary header pollution 42 */ 43#include <stdarg.h> 44 45#ifdef __cplusplus 46extern "C" { 47#endif 48 49struct passwd; 50 51/* 52 * API extensions 53 */ 54int 55openpam_borrow_cred(pam_handle_t *_pamh, 56 const struct passwd *_pwd); 57 58void 59openpam_free_data(pam_handle_t *_pamh, 60 void *_data, 61 int _status); 62 63const char * 64openpam_get_option(pam_handle_t *_pamh, 65 const char *_option); 66 67int 68openpam_restore_cred(pam_handle_t *_pamh); 69 70int 71openpam_set_option(pam_handle_t *_pamh, 72 const char *_option, 73 const char *_value); 74 75int 76pam_error(pam_handle_t *_pamh, 77 const char *_fmt, 78 ...); 79 80int 81pam_get_authtok(pam_handle_t *_pamh, 82 int _item, 83 const char **_authtok, 84 const char *_prompt); 85 86int 87pam_info(pam_handle_t *_pamh, 88 const char *_fmt, 89 ...); 90 91int 92pam_prompt(pam_handle_t *_pamh, 93 int _style, 94 char **_resp, 95 const char *_fmt, 96 ...); 97 98int 99pam_setenv(pam_handle_t *_pamh, 100 const char *_name, 101 const char *_value, 102 int _overwrite); 103 104int 105pam_vinfo(pam_handle_t *_pamh, 106 const char *_fmt, 107 va_list _ap); 108 109int 110pam_verror(pam_handle_t *_pamh, 111 const char *_fmt, 112 va_list _ap); 113 114int 115pam_vprompt(pam_handle_t *_pamh, 116 int _style, 117 char **_resp, 118 const char *_fmt, 119 va_list _ap); 120 121/* 122 * Read cooked lines. 123 * Checking for _IOFBF is a fairly reliable way to detect the presence 124 * of <stdio.h>, as SUSv3 requires it to be defined there. 125 */ 126#ifdef _IOFBF 127char * 128openpam_readline(FILE *_f, 129 int *_lineno, 130 size_t *_lenp); 131#endif 132 133/* 134 * Log levels 135 */ 136enum { 137 PAM_LOG_DEBUG, 138 PAM_LOG_VERBOSE, 139 PAM_LOG_NOTICE, 140 PAM_LOG_ERROR 141}; 142 143/* 144 * Log to syslog 145 */ 146void 147_openpam_log(int _level, 148 const char *_func, 149 const char *_fmt, 150 ...); 151 152#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 153#define openpam_log(lvl, ...) \ 154 _openpam_log((lvl), __func__, __VA_ARGS__) 155#elif defined(__GNUC__) && (__GNUC__ >= 3) 156#define openpam_log(lvl, ...) \ 157 _openpam_log((lvl), __func__, __VA_ARGS__) 158#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 159#define openpam_log(lvl, fmt...) \ 160 _openpam_log((lvl), __func__, ##fmt) 161#elif defined(__GNUC__) && defined(__FUNCTION__) 162#define openpam_log(lvl, fmt...) \ 163 _openpam_log((lvl), __FUNCTION__, ##fmt) 164#else 165void 166openpam_log(int _level, 167 const char *_format, 168 ...); 169#endif 170 171/* 172 * Generic conversation function 173 */ 174struct pam_message; 175struct pam_response; 176int openpam_ttyconv(int _n, 177 const struct pam_message **_msg, 178 struct pam_response **_resp, 179 void *_data); 180 181extern int openpam_ttyconv_timeout; 182 183/* 184 * Null conversation function 185 */ 186int openpam_nullconv(int _n, 187 const struct pam_message **_msg, 188 struct pam_response **_resp, 189 void *_data); 190 191/* 192 * PAM primitives 193 */ 194enum { 195 PAM_SM_AUTHENTICATE, 196 PAM_SM_SETCRED, 197 PAM_SM_ACCT_MGMT, 198 PAM_SM_OPEN_SESSION, 199 PAM_SM_CLOSE_SESSION, 200 PAM_SM_CHAUTHTOK, 201 /* keep this last */ 202 PAM_NUM_PRIMITIVES 203}; 204 205/* 206 * Dummy service module function 207 */ 208#define PAM_SM_DUMMY(type) \ 209PAM_EXTERN int \ 210pam_sm_##type(pam_handle_t *pamh, int flags, \ 211 int argc, const char *argv[]) \ 212{ \ 213 return (PAM_IGNORE); \ 214} 215 216/* 217 * PAM service module functions match this typedef 218 */ 219struct pam_handle; 220typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 221 222/* 223 * A struct that describes a module. 224 */ 225typedef struct pam_module pam_module_t; 226struct pam_module { 227 char *path; 228 pam_func_t func[PAM_NUM_PRIMITIVES]; 229 void *dlh; 230 int refcount; 231 pam_module_t *prev; 232 pam_module_t *next; 233}; 234 235/* 236 * Source-code compatibility with Linux-PAM modules 237 */ 238#if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 239 defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 240#define LINUX_PAM_MODULE 241#endif 242#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 243#define _PAM_SM_AUTHENTICATE 0 244#define _PAM_SM_SETCRED 0 245#else 246#undef PAM_SM_AUTH 247#define PAM_SM_AUTH 248#define _PAM_SM_AUTHENTICATE pam_sm_authenticate 249#define _PAM_SM_SETCRED pam_sm_setcred 250#endif 251#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 252#define _PAM_SM_ACCT_MGMT 0 253#else 254#undef PAM_SM_ACCOUNT 255#define PAM_SM_ACCOUNT 256#define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 257#endif 258#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 259#define _PAM_SM_OPEN_SESSION 0 260#define _PAM_SM_CLOSE_SESSION 0 261#else 262#undef PAM_SM_SESSION 263#define PAM_SM_SESSION 264#define _PAM_SM_OPEN_SESSION pam_sm_open_session 265#define _PAM_SM_CLOSE_SESSION pam_sm_close_session 266#endif 267#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 268#define _PAM_SM_CHAUTHTOK 0 269#else 270#undef PAM_SM_PASSWORD 271#define PAM_SM_PASSWORD 272#define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 273#endif 274 275/* 276 * Infrastructure for static modules using GCC linker sets. 277 * You are not expected to understand this. 278 */ 279#if defined(__FreeBSD__) 280#define PAM_SOEXT ".so" 281#else 282#ifndef NO_STATIC_MODULES 283#define NO_STATIC_MODULES 284#endif 285#endif 286#if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) 287/* gcc, static linking */ 288#include <sys/cdefs.h> 289#include <linker_set.h> 290#define OPENPAM_STATIC_MODULES 291#define PAM_EXTERN static 292#define PAM_MODULE_ENTRY(name) \ 293static char _pam_name[] = name PAM_SOEXT; \ 294static struct pam_module _pam_module = { _pam_name, { \ 295 _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \ 296 _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \ 297 NULL, 0, NULL, NULL }; \ 298DATA_SET(_openpam_static_modules, _pam_module) 299#else 300/* normal case */ 301#define PAM_EXTERN 302#define PAM_MODULE_ENTRY(name) 303#endif 304 305#ifdef __cplusplus 306} 307#endif 308 309#endif 310