openpam.h revision 125647
191094Sdes/*- 2115619Sdes * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 391094Sdes * All rights reserved. 491094Sdes * 591094Sdes * This software was developed for the FreeBSD Project by ThinkSec AS and 699158Sdes * Network Associates Laboratories, the Security Research Division of 799158Sdes * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 899158Sdes * ("CBOSS"), as part of the DARPA CHATS research program. 991094Sdes * 1091094Sdes * Redistribution and use in source and binary forms, with or without 1191094Sdes * modification, are permitted provided that the following conditions 1291094Sdes * are met: 1391094Sdes * 1. Redistributions of source code must retain the above copyright 1491094Sdes * notice, this list of conditions and the following disclaimer. 1591094Sdes * 2. Redistributions in binary form must reproduce the above copyright 1691094Sdes * notice, this list of conditions and the following disclaimer in the 1791094Sdes * documentation and/or other materials provided with the distribution. 1891094Sdes * 3. The name of the author may not be used to endorse or promote 1991094Sdes * products derived from this software without specific prior written 2091094Sdes * permission. 2191094Sdes * 2291094Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2391094Sdes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2491094Sdes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2591094Sdes * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2691094Sdes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2791094Sdes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2891094Sdes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2991094Sdes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3091094Sdes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3191094Sdes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3291094Sdes * SUCH DAMAGE. 3391094Sdes * 34125647Sdes * $P4: //depot/projects/openpam/include/security/openpam.h#27 $ 3591094Sdes */ 3691094Sdes 3791094Sdes#ifndef _SECURITY_OPENPAM_H_INCLUDED 3891094Sdes#define _SECURITY_OPENPAM_H_INCLUDED 3991094Sdes 4091094Sdes/* 4191094Sdes * Annoying but necessary header pollution 4291094Sdes */ 4391094Sdes#include <stdarg.h> 4491094Sdes 4591094Sdes#ifdef __cplusplus 4691094Sdesextern "C" { 4791094Sdes#endif 4891094Sdes 4994209Sdesstruct passwd; 5094209Sdes 5191094Sdes/* 5291094Sdes * API extensions 5391094Sdes */ 5494209Sdesint 5594209Sdesopenpam_borrow_cred(pam_handle_t *_pamh, 5694209Sdes const struct passwd *_pwd); 5794209Sdes 5894209Sdesvoid 5994209Sdesopenpam_free_data(pam_handle_t *_pamh, 6094209Sdes void *_data, 6194209Sdes int _status); 6294209Sdes 6391100Sdesconst char * 6491100Sdesopenpam_get_option(pam_handle_t *_pamh, 6591100Sdes const char *_option); 6691100Sdes 6791094Sdesint 6894209Sdesopenpam_restore_cred(pam_handle_t *_pamh); 6994209Sdes 7094209Sdesint 7191100Sdesopenpam_set_option(pam_handle_t *_pamh, 7291100Sdes const char *_option, 7391100Sdes const char *_value); 7491100Sdes 7591100Sdesint 7691094Sdespam_error(pam_handle_t *_pamh, 7791094Sdes const char *_fmt, 7891094Sdes ...); 7991094Sdes 8091094Sdesint 8191094Sdespam_get_authtok(pam_handle_t *_pamh, 8293982Sdes int _item, 8391094Sdes const char **_authtok, 8491094Sdes const char *_prompt); 8591094Sdes 8691094Sdesint 8791094Sdespam_info(pam_handle_t *_pamh, 8891094Sdes const char *_fmt, 8991094Sdes ...); 9091094Sdes 9191094Sdesint 9291094Sdespam_prompt(pam_handle_t *_pamh, 9391094Sdes int _style, 9491094Sdes char **_resp, 9591094Sdes const char *_fmt, 9691094Sdes ...); 9791094Sdes 9891094Sdesint 9991094Sdespam_setenv(pam_handle_t *_pamh, 10091094Sdes const char *_name, 10191094Sdes const char *_value, 10291094Sdes int _overwrite); 10391094Sdes 10491094Sdesint 10591094Sdespam_vinfo(pam_handle_t *_pamh, 10691094Sdes const char *_fmt, 10791094Sdes va_list _ap); 10891094Sdes 10991094Sdesint 11091094Sdespam_verror(pam_handle_t *_pamh, 11191094Sdes const char *_fmt, 11291094Sdes va_list _ap); 11391094Sdes 11491094Sdesint 11591094Sdespam_vprompt(pam_handle_t *_pamh, 11691094Sdes int _style, 11791094Sdes char **_resp, 11891094Sdes const char *_fmt, 11991094Sdes va_list _ap); 12091094Sdes 12191094Sdes/* 122115619Sdes * Read cooked lines. 123117610Sdes * Checking for _IOFBF is a fairly reliable way to detect the presence 124117610Sdes * of <stdio.h>, as SUSv3 requires it to be defined there. 125115619Sdes */ 126117610Sdes#ifdef _IOFBF 127115619Sdeschar * 128115619Sdesopenpam_readline(FILE *_f, 129115619Sdes int *_lineno, 130115619Sdes size_t *_lenp); 131115619Sdes#endif 132115619Sdes 133115619Sdes/* 13491094Sdes * Log levels 13591094Sdes */ 13691094Sdesenum { 13791094Sdes PAM_LOG_DEBUG, 13891094Sdes PAM_LOG_VERBOSE, 13991094Sdes PAM_LOG_NOTICE, 14091094Sdes PAM_LOG_ERROR 14191094Sdes}; 14291094Sdes 14391094Sdes/* 14491094Sdes * Log to syslog 14591094Sdes */ 14693982Sdesvoid 14793982Sdes_openpam_log(int _level, 14891094Sdes const char *_func, 14991094Sdes const char *_fmt, 150125647Sdes ...) 151125647Sdes#if defined(__GNUC__) 152125647Sdes __attribute__((__format__(__printf__, 3, 4))) 153125647Sdes#endif 154125647Sdes ; 15591094Sdes 15697241Sdes#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 15797241Sdes#define openpam_log(lvl, ...) \ 15897241Sdes _openpam_log((lvl), __func__, __VA_ARGS__) 15997241Sdes#elif defined(__GNUC__) && (__GNUC__ >= 3) 16097241Sdes#define openpam_log(lvl, ...) \ 16197241Sdes _openpam_log((lvl), __func__, __VA_ARGS__) 16293982Sdes#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 16394562Sdes#define openpam_log(lvl, fmt...) \ 16494878Sdes _openpam_log((lvl), __func__, ##fmt) 16593982Sdes#elif defined(__GNUC__) && defined(__FUNCTION__) 16691094Sdes#define openpam_log(lvl, fmt...) \ 16793982Sdes _openpam_log((lvl), __FUNCTION__, ##fmt) 16891094Sdes#else 16993982Sdesvoid 17093982Sdesopenpam_log(int _level, 17193982Sdes const char *_format, 17293982Sdes ...); 17391094Sdes#endif 17491094Sdes 17591094Sdes/* 17691094Sdes * Generic conversation function 17791094Sdes */ 17891094Sdesstruct pam_message; 17991094Sdesstruct pam_response; 18091094Sdesint openpam_ttyconv(int _n, 18191094Sdes const struct pam_message **_msg, 18291094Sdes struct pam_response **_resp, 18391094Sdes void *_data); 18491094Sdes 185117610Sdesextern int openpam_ttyconv_timeout; 186117610Sdes 18791094Sdes/* 18895908Sdes * Null conversation function 18995908Sdes */ 19095908Sdesint openpam_nullconv(int _n, 19195908Sdes const struct pam_message **_msg, 19295908Sdes struct pam_response **_resp, 19395908Sdes void *_data); 19495908Sdes 19595908Sdes/* 19691094Sdes * PAM primitives 19791094Sdes */ 19891094Sdesenum { 19991094Sdes PAM_SM_AUTHENTICATE, 20091094Sdes PAM_SM_SETCRED, 20191094Sdes PAM_SM_ACCT_MGMT, 20291094Sdes PAM_SM_OPEN_SESSION, 20391094Sdes PAM_SM_CLOSE_SESSION, 20491094Sdes PAM_SM_CHAUTHTOK, 20591094Sdes /* keep this last */ 20691094Sdes PAM_NUM_PRIMITIVES 20791094Sdes}; 20891094Sdes 20991094Sdes/* 21091094Sdes * Dummy service module function 21191094Sdes */ 21291094Sdes#define PAM_SM_DUMMY(type) \ 21391094SdesPAM_EXTERN int \ 21491094Sdespam_sm_##type(pam_handle_t *pamh, int flags, \ 21591094Sdes int argc, const char *argv[]) \ 21691094Sdes{ \ 21791094Sdes return (PAM_IGNORE); \ 21891094Sdes} 21991094Sdes 22091094Sdes/* 22191094Sdes * PAM service module functions match this typedef 22291094Sdes */ 22391094Sdesstruct pam_handle; 22491094Sdestypedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 22591094Sdes 22691094Sdes/* 22791094Sdes * A struct that describes a module. 22891094Sdes */ 22991094Sdestypedef struct pam_module pam_module_t; 23091094Sdesstruct pam_module { 23191684Sdes char *path; 23291094Sdes pam_func_t func[PAM_NUM_PRIMITIVES]; 23391094Sdes void *dlh; 23491094Sdes int refcount; 23591094Sdes pam_module_t *prev; 23691094Sdes pam_module_t *next; 23791094Sdes}; 23891094Sdes 23991094Sdes/* 24094532Sdes * Source-code compatibility with Linux-PAM modules 24194532Sdes */ 24294532Sdes#if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 24394532Sdes defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 24494532Sdes#define LINUX_PAM_MODULE 24594532Sdes#endif 24694532Sdes#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 24794532Sdes#define _PAM_SM_AUTHENTICATE 0 24894532Sdes#define _PAM_SM_SETCRED 0 24994532Sdes#else 25094532Sdes#undef PAM_SM_AUTH 25194532Sdes#define PAM_SM_AUTH 25294532Sdes#define _PAM_SM_AUTHENTICATE pam_sm_authenticate 25394532Sdes#define _PAM_SM_SETCRED pam_sm_setcred 25494532Sdes#endif 25594532Sdes#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 25694532Sdes#define _PAM_SM_ACCT_MGMT 0 25794532Sdes#else 25894532Sdes#undef PAM_SM_ACCOUNT 25994532Sdes#define PAM_SM_ACCOUNT 26094532Sdes#define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 26194532Sdes#endif 26294532Sdes#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 26394532Sdes#define _PAM_SM_OPEN_SESSION 0 26494532Sdes#define _PAM_SM_CLOSE_SESSION 0 26594532Sdes#else 26694532Sdes#undef PAM_SM_SESSION 26794532Sdes#define PAM_SM_SESSION 26894532Sdes#define _PAM_SM_OPEN_SESSION pam_sm_open_session 26994532Sdes#define _PAM_SM_CLOSE_SESSION pam_sm_close_session 27094532Sdes#endif 27194532Sdes#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 27294532Sdes#define _PAM_SM_CHAUTHTOK 0 27394532Sdes#else 27494532Sdes#undef PAM_SM_PASSWORD 27594532Sdes#define PAM_SM_PASSWORD 27694532Sdes#define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 27794532Sdes#endif 27894532Sdes 27994532Sdes/* 28091094Sdes * Infrastructure for static modules using GCC linker sets. 28191094Sdes * You are not expected to understand this. 28291094Sdes */ 28391094Sdes#if defined(__FreeBSD__) 28491094Sdes#define PAM_SOEXT ".so" 28591094Sdes#else 28693982Sdes#ifndef NO_STATIC_MODULES 28793982Sdes#define NO_STATIC_MODULES 28891094Sdes#endif 28993982Sdes#endif 29093982Sdes#if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) 29191094Sdes/* gcc, static linking */ 29291094Sdes#include <sys/cdefs.h> 29391094Sdes#include <linker_set.h> 29491094Sdes#define OPENPAM_STATIC_MODULES 29591094Sdes#define PAM_EXTERN static 29691094Sdes#define PAM_MODULE_ENTRY(name) \ 29791684Sdesstatic char _pam_name[] = name PAM_SOEXT; \ 29891684Sdesstatic struct pam_module _pam_module = { _pam_name, { \ 29994532Sdes _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \ 30094532Sdes _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \ 30191094Sdes NULL, 0, NULL, NULL }; \ 30291100SdesDATA_SET(_openpam_static_modules, _pam_module) 30391094Sdes#else 30491094Sdes/* normal case */ 30591094Sdes#define PAM_EXTERN 30691094Sdes#define PAM_MODULE_ENTRY(name) 30791094Sdes#endif 30891094Sdes 30991094Sdes#ifdef __cplusplus 31091094Sdes} 31191094Sdes#endif 31291094Sdes 31391094Sdes#endif 314