openpam_impl.h revision 174832
1/*- 2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2004-2007 Dag-Erling Sm��rgrav 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and 7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The name of the author may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * $Id: openpam_impl.h 408 2007-12-21 11:36:24Z des $ 36 */ 37 38#ifndef _OPENPAM_IMPL_H_INCLUDED 39#define _OPENPAM_IMPL_H_INCLUDED 40 41#ifdef HAVE_CONFIG_H 42# include <config.h> 43#endif 44 45#include <security/openpam.h> 46 47extern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; 48extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; 49extern const char *_pam_err_name[PAM_NUM_ERRORS]; 50extern const char *_pam_item_name[PAM_NUM_ITEMS]; 51 52extern int _openpam_debug; 53 54/* 55 * Control flags 56 */ 57typedef enum { 58 PAM_BINDING, 59 PAM_REQUIRED, 60 PAM_REQUISITE, 61 PAM_SUFFICIENT, 62 PAM_OPTIONAL, 63 PAM_NUM_CONTROL_FLAGS 64} pam_control_t; 65 66/* 67 * Facilities 68 */ 69typedef enum { 70 PAM_FACILITY_ANY = -1, 71 PAM_AUTH = 0, 72 PAM_ACCOUNT, 73 PAM_SESSION, 74 PAM_PASSWORD, 75 PAM_NUM_FACILITIES 76} pam_facility_t; 77 78typedef struct pam_chain pam_chain_t; 79struct pam_chain { 80 pam_module_t *module; 81 int flag; 82 int optc; 83 char **optv; 84 pam_chain_t *next; 85}; 86 87typedef struct pam_data pam_data_t; 88struct pam_data { 89 char *name; 90 void *data; 91 void (*cleanup)(pam_handle_t *, void *, int); 92 pam_data_t *next; 93}; 94 95struct pam_handle { 96 char *service; 97 98 /* chains */ 99 pam_chain_t *chains[PAM_NUM_FACILITIES]; 100 pam_chain_t *current; 101 int primitive; 102 103 /* items and data */ 104 void *item[PAM_NUM_ITEMS]; 105 pam_data_t *module_data; 106 107 /* environment list */ 108 char **env; 109 int env_count; 110 int env_size; 111}; 112 113#ifdef NGROUPS_MAX 114#define PAM_SAVED_CRED "pam_saved_cred" 115struct pam_saved_cred { 116 uid_t euid; 117 gid_t egid; 118 gid_t groups[NGROUPS_MAX]; 119 int ngroups; 120}; 121#endif 122 123#define PAM_OTHER "other" 124 125int openpam_configure(pam_handle_t *, const char *); 126int openpam_dispatch(pam_handle_t *, int, int); 127int openpam_findenv(pam_handle_t *, const char *, size_t); 128pam_module_t *openpam_load_module(const char *); 129void openpam_clear_chains(pam_chain_t **); 130 131#ifdef OPENPAM_STATIC_MODULES 132pam_module_t *openpam_static(const char *); 133#endif 134pam_module_t *openpam_dynamic(const char *); 135 136#define FREE(p) do { free((p)); (p) = NULL; } while (0) 137 138#ifdef DEBUG 139#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering") 140#define ENTERI(i) do { \ 141 int _i = (i); \ 142 if (_i > 0 && _i < PAM_NUM_ITEMS) \ 143 openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[_i]); \ 144 else \ 145 openpam_log(PAM_LOG_DEBUG, "entering: %d", _i); \ 146} while (0) 147#define ENTERN(n) do { \ 148 int _n = (n); \ 149 openpam_log(PAM_LOG_DEBUG, "entering: %d", _n); \ 150} while (0) 151#define ENTERS(s) do { \ 152 const char *_s = (s); \ 153 if (_s == NULL) \ 154 openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \ 155 else \ 156 openpam_log(PAM_LOG_DEBUG, "entering: '%s'", _s); \ 157} while (0) 158#define RETURNV() openpam_log(PAM_LOG_DEBUG, "returning") 159#define RETURNC(c) do { \ 160 int _c = (c); \ 161 if (_c >= 0 && _c < PAM_NUM_ERRORS) \ 162 openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[_c]); \ 163 else \ 164 openpam_log(PAM_LOG_DEBUG, "returning %d!", _c); \ 165 return (_c); \ 166} while (0) 167#define RETURNN(n) do { \ 168 int _n = (n); \ 169 openpam_log(PAM_LOG_DEBUG, "returning %d", _n); \ 170 return (_n); \ 171} while (0) 172#define RETURNP(p) do { \ 173 const void *_p = (p); \ 174 if (_p == NULL) \ 175 openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ 176 else \ 177 openpam_log(PAM_LOG_DEBUG, "returning %p", _p); \ 178 return (p); \ 179} while (0) 180#define RETURNS(s) do { \ 181 const char *_s = (s); \ 182 if (_s == NULL) \ 183 openpam_log(PAM_LOG_DEBUG, "returning NULL"); \ 184 else \ 185 openpam_log(PAM_LOG_DEBUG, "returning '%s'", _s); \ 186 return (_s); \ 187} while (0) 188#else 189#define ENTER() 190#define ENTERI(i) 191#define ENTERN(n) 192#define ENTERS(s) 193#define RETURNV() return 194#define RETURNC(c) return (c) 195#define RETURNN(n) return (n) 196#define RETURNP(p) return (p) 197#define RETURNS(s) return (s) 198#endif 199 200#endif 201