openpam_impl.h revision 174832 
1/*-
2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2007 Dag-Erling Sm��rgrav
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in the
18 *    documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 *    products derived from this software without specific prior written
21 *    permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
35 * $Id: openpam_impl.h 408 2007-12-21 11:36:24Z des $
36 */
37
38#ifndef _OPENPAM_IMPL_H_INCLUDED
39#define _OPENPAM_IMPL_H_INCLUDED
40
41#ifdef HAVE_CONFIG_H
42# include <config.h>
43#endif
44
45#include <security/openpam.h>
46
47extern const char *_pam_func_name[PAM_NUM_PRIMITIVES];
48extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
49extern const char *_pam_err_name[PAM_NUM_ERRORS];
50extern const char *_pam_item_name[PAM_NUM_ITEMS];
51
52extern int _openpam_debug;
53
54/*
55 * Control flags
56 */
57typedef enum {
58	PAM_BINDING,
59	PAM_REQUIRED,
60	PAM_REQUISITE,
61	PAM_SUFFICIENT,
62	PAM_OPTIONAL,
63	PAM_NUM_CONTROL_FLAGS
64} pam_control_t;
65
66/*
67 * Facilities
68 */
69typedef enum {
70	PAM_FACILITY_ANY = -1,
71	PAM_AUTH = 0,
72	PAM_ACCOUNT,
73	PAM_SESSION,
74	PAM_PASSWORD,
75	PAM_NUM_FACILITIES
76} pam_facility_t;
77
78typedef struct pam_chain pam_chain_t;
79struct pam_chain {
80	pam_module_t	*module;
81	int		 flag;
82	int		 optc;
83	char	       **optv;
84	pam_chain_t	*next;
85};
86
87typedef struct pam_data pam_data_t;
88struct pam_data {
89	char		*name;
90	void		*data;
91	void		(*cleanup)(pam_handle_t *, void *, int);
92	pam_data_t	*next;
93};
94
95struct pam_handle {
96	char		*service;
97
98	/* chains */
99	pam_chain_t	*chains[PAM_NUM_FACILITIES];
100	pam_chain_t	*current;
101	int		 primitive;
102
103	/* items and data */
104	void		*item[PAM_NUM_ITEMS];
105	pam_data_t	*module_data;
106
107	/* environment list */
108	char	       **env;
109	int		 env_count;
110	int		 env_size;
111};
112
113#ifdef NGROUPS_MAX
114#define PAM_SAVED_CRED "pam_saved_cred"
115struct pam_saved_cred {
116	uid_t	 euid;
117	gid_t	 egid;
118	gid_t	 groups[NGROUPS_MAX];
119	int	 ngroups;
120};
121#endif
122
123#define PAM_OTHER	"other"
124
125int		 openpam_configure(pam_handle_t *, const char *);
126int		 openpam_dispatch(pam_handle_t *, int, int);
127int		 openpam_findenv(pam_handle_t *, const char *, size_t);
128pam_module_t	*openpam_load_module(const char *);
129void		 openpam_clear_chains(pam_chain_t **);
130
131#ifdef OPENPAM_STATIC_MODULES
132pam_module_t	*openpam_static(const char *);
133#endif
134pam_module_t	*openpam_dynamic(const char *);
135
136#define	FREE(p) do { free((p)); (p) = NULL; } while (0)
137
138#ifdef DEBUG
139#define ENTER() openpam_log(PAM_LOG_DEBUG, "entering")
140#define ENTERI(i) do { \
141	int _i = (i); \
142	if (_i > 0 && _i < PAM_NUM_ITEMS) \
143		openpam_log(PAM_LOG_DEBUG, "entering: %s", _pam_item_name[_i]); \
144	else \
145		openpam_log(PAM_LOG_DEBUG, "entering: %d", _i); \
146} while (0)
147#define ENTERN(n) do { \
148	int _n = (n); \
149	openpam_log(PAM_LOG_DEBUG, "entering: %d", _n); \
150} while (0)
151#define ENTERS(s) do { \
152	const char *_s = (s); \
153	if (_s == NULL) \
154		openpam_log(PAM_LOG_DEBUG, "entering: NULL"); \
155	else \
156		openpam_log(PAM_LOG_DEBUG, "entering: '%s'", _s); \
157} while (0)
158#define	RETURNV() openpam_log(PAM_LOG_DEBUG, "returning")
159#define RETURNC(c) do { \
160	int _c = (c); \
161	if (_c >= 0 && _c < PAM_NUM_ERRORS) \
162		openpam_log(PAM_LOG_DEBUG, "returning %s", _pam_err_name[_c]); \
163	else \
164		openpam_log(PAM_LOG_DEBUG, "returning %d!", _c); \
165	return (_c); \
166} while (0)
167#define	RETURNN(n) do { \
168	int _n = (n); \
169	openpam_log(PAM_LOG_DEBUG, "returning %d", _n); \
170	return (_n); \
171} while (0)
172#define	RETURNP(p) do { \
173	const void *_p = (p); \
174	if (_p == NULL) \
175		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
176	else \
177		openpam_log(PAM_LOG_DEBUG, "returning %p", _p); \
178	return (p); \
179} while (0)
180#define	RETURNS(s) do { \
181	const char *_s = (s); \
182	if (_s == NULL) \
183		openpam_log(PAM_LOG_DEBUG, "returning NULL"); \
184	else \
185		openpam_log(PAM_LOG_DEBUG, "returning '%s'", _s); \
186	return (_s); \
187} while (0)
188#else
189#define ENTER()
190#define ENTERI(i)
191#define ENTERN(n)
192#define ENTERS(s)
193#define RETURNV() return
194#define RETURNC(c) return (c)
195#define RETURNN(n) return (n)
196#define RETURNP(p) return (p)
197#define RETURNS(s) return (s)
198#endif
199
200#endif
201