openpam_impl.h revision 117610
1/*- 2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by ThinkSec AS and 6 * Network Associates Laboratories, the Security Research Division of 7 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 8 * ("CBOSS"), as part of the DARPA CHATS research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote 19 * products derived from this software without specific prior written 20 * permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $P4: //depot/projects/openpam/lib/openpam_impl.h#28 $ 35 */ 36 37#ifndef _OPENPAM_IMPL_H_INCLUDED 38#define _OPENPAM_IMPL_H_INCLUDED 39 40#ifdef HAVE_CONFIG_H 41# include <config.h> 42#endif 43 44#include <security/openpam.h> 45 46extern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; 47extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; 48extern const char *_pam_err_name[PAM_NUM_ERRORS]; 49extern const char *_pam_item_name[PAM_NUM_ITEMS]; 50 51extern int _openpam_debug; 52 53/* 54 * Control flags 55 */ 56typedef enum { 57 PAM_BINDING, 58 PAM_REQUIRED, 59 PAM_REQUISITE, 60 PAM_SUFFICIENT, 61 PAM_OPTIONAL, 62 PAM_NUM_CONTROL_FLAGS 63} pam_control_t; 64 65/* 66 * Facilities 67 */ 68typedef enum { 69 PAM_FACILITY_ANY = -1, 70 PAM_AUTH = 0, 71 PAM_ACCOUNT, 72 PAM_SESSION, 73 PAM_PASSWORD, 74 PAM_NUM_FACILITIES 75} pam_facility_t; 76 77typedef struct pam_chain pam_chain_t; 78struct pam_chain { 79 pam_module_t *module; 80 int flag; 81 int optc; 82 char **optv; 83 pam_chain_t *next; 84}; 85 86typedef struct pam_data pam_data_t; 87struct pam_data { 88 char *name; 89 void *data; 90 void (*cleanup)(pam_handle_t *, void *, int); 91 pam_data_t *next; 92}; 93 94struct pam_handle { 95 char *service; 96 97 /* chains */ 98 pam_chain_t *chains[PAM_NUM_FACILITIES]; 99 pam_chain_t *current; 100 int primitive; 101 102 /* items and data */ 103 void *item[PAM_NUM_ITEMS]; 104 pam_data_t *module_data; 105 106 /* environment list */ 107 char **env; 108 int env_count; 109 int env_size; 110}; 111 112#ifdef NGROUPS_MAX 113#define PAM_SAVED_CRED "pam_saved_cred" 114struct pam_saved_cred { 115 uid_t euid; 116 gid_t egid; 117 gid_t groups[NGROUPS_MAX]; 118 int ngroups; 119}; 120#endif 121 122#define PAM_OTHER "other" 123 124int openpam_configure(pam_handle_t *, const char *); 125int openpam_dispatch(pam_handle_t *, int, int); 126int openpam_findenv(pam_handle_t *, const char *, size_t); 127pam_module_t *openpam_load_module(const char *); 128void openpam_clear_chains(pam_chain_t **); 129 130#ifdef OPENPAM_STATIC_MODULES 131pam_module_t *openpam_static(const char *); 132#endif 133pam_module_t *openpam_dynamic(const char *); 134 135#define FREE(p) do { free((p)); (p) = NULL; } while (0) 136 137#ifdef DEBUG 138#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") 139#define ENTERI(i) do { \ 140 if ((i) > 0 && (i) < PAM_NUM_ITEMS) \ 141 openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[i]); \ 142 else \ 143 openpam_log(PAM_LOG_DEBUG, "entering: %d", (i)); \ 144} while (0) 145#define ENTERN(n) do { \ 146 openpam_log(PAM_LOG_DEBUG, "entering: %d", (n)); \ 147} while (0) 148#define ENTERS(s) do { \ 149 if ((s) == NULL) \ 150 openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ 151 else \ 152 openpam_log(PAM_LOG_DEBUG, "entering: '%s'", (s)); \ 153} while (0) 154#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") 155#define RETURNC(c) do { \ 156 if ((c) >= 0 && (c) < PAM_NUM_ERRORS) \ 157 openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[c]); \ 158 else \ 159 openpam_log(PAM_LOG_DEBUG, "returning %d!", (c)); \ 160 return (c); \ 161} while (0) 162#define RETURNN(n) do { \ 163 openpam_log(PAM_LOG_DEBUG, "returning %d", (n)); \ 164 return (n); \ 165} while (0) 166#define RETURNP(p) do { \ 167 if ((p) == NULL) \ 168 openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ 169 else \ 170 openpam_log(PAM_LOG_DEBUG, "returning %p", (p)); \ 171 return (p); \ 172} while (0) 173#define RETURNS(s) do { \ 174 if ((s) == NULL) \ 175 openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ 176 else \ 177 openpam_log(PAM_LOG_DEBUG, "returning '%s'", (s)); \ 178 return (s); \ 179} while (0) 180#else 181#define ENTER() 182#define ENTERI(i) 183#define ENTERN(n) 184#define ENTERS(s) 185#define RETURNV() return 186#define RETURNC(c) return (c) 187#define RETURNN(n) return (n) 188#define RETURNP(p) return (p) 189#define RETURNS(s) return (s) 190#endif 191 192#endif 193