openpam_impl.h revision 110503
1100894Srwatson/*- 2189503Srwatson * Copyright (c) 2001 Networks Associates Technology, Inc. 3100894Srwatson * All rights reserved. 4141050Srwatson * 5168954Srwatson * This software was developed for the FreeBSD Project by ThinkSec AS and 6182063Srwatson * Network Associates Laboratories, the Security Research Division of 7100894Srwatson * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 8100894Srwatson * ("CBOSS"), as part of the DARPA CHATS research program. 9100894Srwatson * 10100894Srwatson * Redistribution and use in source and binary forms, with or without 11100894Srwatson * modification, are permitted provided that the following conditions 12141050Srwatson * are met: 13141050Srwatson * 1. Redistributions of source code must retain the above copyright 14141050Srwatson * notice, this list of conditions and the following disclaimer. 15141050Srwatson * 2. Redistributions in binary form must reproduce the above copyright 16100894Srwatson * notice, this list of conditions and the following disclaimer in the 17165428Srwatson * documentation and/or other materials provided with the distribution. 18147982Srwatson * 3. The name of the author may not be used to endorse or promote 19147982Srwatson * products derived from this software without specific prior written 20189503Srwatson * permission. 21189503Srwatson * 22189503Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23100894Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24100894Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25100894Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26100894Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27100894Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28100894Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29100894Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30100894Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31100894Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32100894Srwatson * SUCH DAMAGE. 33100894Srwatson * 34100894Srwatson * $P4: //depot/projects/openpam/lib/openpam_impl.h#20 $ 35100894Srwatson */ 36100894Srwatson 37100894Srwatson#ifndef _OPENPAM_IMPL_H_INCLUDED 38100894Srwatson#define _OPENPAM_IMPL_H_INCLUDED 39100894Srwatson 40100894Srwatson#include <security/openpam.h> 41100894Srwatson 42100894Srwatsonextern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; 43100894Srwatsonextern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; 44116182Sobrienextern const char *_pam_err_name[PAM_NUM_ERRORS]; 45116182Sobrienextern const char *_pam_item_name[PAM_NUM_ITEMS]; 46116182Sobrien 47116182Sobrien/* 48189503Srwatson * Control flags 49100894Srwatson */ 50101173Srwatson#define PAM_REQUIRED 1 51100894Srwatson#define PAM_REQUISITE 2 52106856Srwatson#define PAM_SUFFICIENT 3 53100979Srwatson#define PAM_OPTIONAL 4 54106468Srwatson#define PAM_BINDING 5 55100979Srwatson#define PAM_NUM_CONTROLFLAGS 6 56100979Srwatson 57102949Sbde/* 58100979Srwatson * Chains 59100979Srwatson */ 60116701Srwatson#define PAM_AUTH 0 61100979Srwatson#define PAM_ACCOUNT 1 62100979Srwatson#define PAM_SESSION 2 63100979Srwatson#define PAM_PASSWORD 3 64100979Srwatson#define PAM_NUM_CHAINS 4 65100979Srwatson 66189503Srwatsontypedef struct pam_chain pam_chain_t; 67100979Srwatsonstruct pam_chain { 68100894Srwatson pam_module_t *module; 69100979Srwatson int flag; 70100979Srwatson int optc; 71100979Srwatson char **optv; 72100979Srwatson pam_chain_t *next; 73100979Srwatson}; 74100979Srwatson 75100979Srwatsontypedef struct pam_data pam_data_t; 76163606Srwatsonstruct pam_data { 77121367Srwatson char *name; 78165469Srwatson void *data; 79100979Srwatson void (*cleanup)(pam_handle_t *, void *, int); 80101712Srwatson pam_data_t *next; 81165428Srwatson}; 82165428Srwatson 83105988Srwatsonstruct pam_handle { 84105988Srwatson char *service; 85105988Srwatson 86172930Srwatson /* chains */ 87105988Srwatson pam_chain_t *chains[PAM_NUM_CHAINS]; 88105988Srwatson pam_chain_t *current; 89122524Srwatson int primitive; 90168977Srwatson 91104521Srwatson /* items and data */ 92122524Srwatson void *item[PAM_NUM_ITEMS]; 93104521Srwatson pam_data_t *module_data; 94122524Srwatson 95191731Srwatson /* environment list */ 96122524Srwatson char **env; 97104521Srwatson int env_count; 98104521Srwatson int env_size; 99104521Srwatson}; 100172930Srwatson 101104521Srwatson#ifdef NGROUPS_MAX 102104521Srwatson#define PAM_SAVED_CRED "pam_saved_cred" 103182063Srwatsonstruct pam_saved_cred { 104182063Srwatson uid_t euid; 105182063Srwatson gid_t egid; 106182063Srwatson gid_t groups[NGROUPS_MAX]; 107122524Srwatson int ngroups; 108122524Srwatson}; 109122524Srwatson#endif 110122524Srwatson 111122524Srwatson#define PAM_OTHER "other" 112122524Srwatson 113122524Srwatsonint openpam_configure(pam_handle_t *, const char *); 114122524Srwatsonint openpam_dispatch(pam_handle_t *, int, int); 115191731Srwatsonint openpam_findenv(pam_handle_t *, const char *, size_t); 116122524Srwatsonint openpam_add_module(pam_chain_t **, int, int, 117104521Srwatson const char *, int, const char **); 118104521Srwatsonvoid openpam_clear_chains(pam_chain_t **); 119104521Srwatson 120172930Srwatson#ifdef OPENPAM_STATIC_MODULES 121104521Srwatsonpam_module_t *openpam_static(const char *); 122104521Srwatson#endif 123182063Srwatsonpam_module_t *openpam_dynamic(const char *); 124182063Srwatson 125182063Srwatson#ifdef DEBUG 126182063Srwatson#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") 127122524Srwatson#define ENTERI(i) do { \ 128122524Srwatson if ((i) > 0 && (i) < PAM_NUM_ITEMS) \ 129122524Srwatson openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[i]); \ 130122524Srwatson else \ 131122524Srwatson openpam_log(PAM_LOG_DEBUG, "entering: %d", (i)); \ 132122524Srwatson} while (0); 133122524Srwatson#define ENTERN(n) do { \ 134122524Srwatson openpam_log(PAM_LOG_DEBUG, "entering: %d", (n)); \ 135191731Srwatson} while (0); 136122524Srwatson#define ENTERS(s) do { \ 137104521Srwatson if ((s) == NULL) \ 138104521Srwatson openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ 139104521Srwatson else \ 140172930Srwatson openpam_log(PAM_LOG_DEBUG, "entering: '%s'", (s)); \ 141104521Srwatson} while (0); 142104521Srwatson#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") 143182063Srwatson#define RETURNC(c) do { \ 144182063Srwatson if ((c) >= 0 && (c) < PAM_NUM_ERRORS) \ 145182063Srwatson openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[c]); \ 146182063Srwatson else \ 147104521Srwatson openpam_log(PAM_LOG_DEBUG, "returning %d!", (c)); \ 148104521Srwatson return (c); \ 149122524Srwatson} while (0) 150168977Srwatson#define RETURNN(n) do { \ 151122524Srwatson openpam_log(PAM_LOG_DEBUG, "returning %d", (n)); \ 152122524Srwatson return (n); \ 153191731Srwatson} while (0) 154122524Srwatson#define RETURNP(p) do { \ 155122524Srwatson if ((p) == NULL) \ 156122524Srwatson openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ 157104521Srwatson else \ 158172930Srwatson openpam_log(PAM_LOG_DEBUG, "returning %p", (p)); \ 159104521Srwatson return (p); \ 160104521Srwatson} while (0) 161182063Srwatson#define RETURNS(s) do { \ 162182063Srwatson if ((s) == NULL) \ 163182063Srwatson openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ 164182063Srwatson else \ 165104521Srwatson openpam_log(PAM_LOG_DEBUG, "returning '%s'", (s)); \ 166104521Srwatson return (s); \ 167122524Srwatson} while (0) 168122524Srwatson#else 169122524Srwatson#define ENTER() 170122524Srwatson#define ENTERI(i) 171191731Srwatson#define ENTERN(n) 172122524Srwatson#define ENTERS(s) 173122524Srwatson#define RETURNV() return 174122524Srwatson#define RETURNC(c) return (c) 175104521Srwatson#define RETURNN(n) return (n) 176172930Srwatson#define RETURNP(p) return (p) 177104521Srwatson#define RETURNS(s) return (s) 178104521Srwatson#endif 179182063Srwatson 180182063Srwatson#endif 181182063Srwatson