openpam_impl.h revision 117610 
1/*-
2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
3 * All rights reserved.
4 *
5 * This software was developed for the FreeBSD Project by ThinkSec AS and
6 * Network Associates Laboratories, the Security Research Division of
7 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
8 * ("CBOSS"), as part of the DARPA CHATS research program.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. The name of the author may not be used to endorse or promote
19 *    products derived from this software without specific prior written
20 *    permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $P4: //depot/projects/openpam/lib/openpam_impl.h#28 $
35 */
36
37#ifndef _OPENPAM_IMPL_H_INCLUDED
38#define _OPENPAM_IMPL_H_INCLUDED
39
40#ifdef HAVE_CONFIG_H
41# include <config.h>
42#endif
43
44#include <security/openpam.h>
45
46extern const char *_pam_func_name[PAM_NUM_PRIMITIVES];
47extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
48extern const char *_pam_err_name[PAM_NUM_ERRORS];
49extern const char *_pam_item_name[PAM_NUM_ITEMS];
50
51extern int _openpam_debug;
52
53/*
54 * Control flags
55 */
56typedef enum {
57	PAM_BINDING,
58	PAM_REQUIRED,
59	PAM_REQUISITE,
60	PAM_SUFFICIENT,
61	PAM_OPTIONAL,
62	PAM_NUM_CONTROL_FLAGS
63} pam_control_t;
64
65/*
66 * Facilities
67 */
68typedef enum {
69	PAM_FACILITY_ANY = -1,
70	PAM_AUTH = 0,
71	PAM_ACCOUNT,
72	PAM_SESSION,
73	PAM_PASSWORD,
74	PAM_NUM_FACILITIES
75} pam_facility_t;
76
77typedef struct pam_chain pam_chain_t;
78struct pam_chain {
79	pam_module_t	*module;
80	int		 flag;
81	int		 optc;
82	char	       **optv;
83	pam_chain_t	*next;
84};
85
86typedef struct pam_data pam_data_t;
87struct pam_data {
88	char		*name;
89	void		*data;
90	void		(*cleanup)(pam_handle_t *, void *, int);
91	pam_data_t	*next;
92};
93
94struct pam_handle {
95	char		*service;
96
97	/* chains */
98	pam_chain_t	*chains[PAM_NUM_FACILITIES];
99	pam_chain_t	*current;
100	int		 primitive;
101
102	/* items and data */
103	void		*item[PAM_NUM_ITEMS];
104	pam_data_t	*module_data;
105
106	/* environment list */
107	char	       **env;
108	int		 env_count;
109	int		 env_size;
110};
111
112#ifdef NGROUPS_MAX
113#define PAM_SAVED_CRED "pam_saved_cred"
114struct pam_saved_cred {
115	uid_t	 euid;
116	gid_t	 egid;
117	gid_t	 groups[NGROUPS_MAX];
118	int	 ngroups;
119};
120#endif
121
122#define PAM_OTHER	"other"
123
124int		 openpam_configure(pam_handle_t *, const char *);
125int		 openpam_dispatch(pam_handle_t *, int, int);
126int		 openpam_findenv(pam_handle_t *, const char *, size_t);
127pam_module_t	*openpam_load_module(const char *);
128void		 openpam_clear_chains(pam_chain_t **);
129
130#ifdef OPENPAM_STATIC_MODULES
131pam_module_t	*openpam_static(const char *);
132#endif
133pam_module_t	*openpam_dynamic(const char *);
134
135#define	FREE(p) do { free((p)); (p) = NULL; } while (0)
136
137#ifdef DEBUG
138#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
139#define ENTERI(i) do { \
140	if ((i) > 0 && (i) < PAM_NUM_ITEMS) \
141		openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[i]); \
142	else \
143		openpam_log(PAM_LOG_DEBUG, "entering: %d", (i)); \
144} while (0)
145#define ENTERN(n) do { \
146	openpam_log(PAM_LOG_DEBUG, "entering: %d", (n)); \
147} while (0)
148#define ENTERS(s) do { \
149	if ((s) == NULL) \
150		openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \
151	else \
152		openpam_log(PAM_LOG_DEBUG, "entering: '%s'", (s)); \
153} while (0)
154#define	RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
155#define RETURNC(c) do { \
156	if ((c) >= 0 && (c) < PAM_NUM_ERRORS) \
157		openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[c]); \
158	else \
159		openpam_log(PAM_LOG_DEBUG, "returning %d!", (c)); \
160	return (c); \
161} while (0)
162#define	RETURNN(n) do { \
163	openpam_log(PAM_LOG_DEBUG, "returning %d", (n)); \
164	return (n); \
165} while (0)
166#define	RETURNP(p) do { \
167	if ((p) == NULL) \
168		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
169	else \
170		openpam_log(PAM_LOG_DEBUG, "returning %p", (p)); \
171	return (p); \
172} while (0)
173#define	RETURNS(s) do { \
174	if ((s) == NULL) \
175		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
176	else \
177		openpam_log(PAM_LOG_DEBUG, "returning '%s'", (s)); \
178	return (s); \
179} while (0)
180#else
181#define ENTER()
182#define ENTERI(i)
183#define ENTERN(n)
184#define ENTERS(s)
185#define RETURNV() return
186#define RETURNC(c) return (c)
187#define RETURNN(n) return (n)
188#define RETURNP(p) return (p)
189#define RETURNS(s) return (s)
190#endif
191
192#endif
193