openpam_impl.h revision 99158 
1/*-
2 * Copyright (c) 2001 Networks Associates Technology, Inc.
3 * All rights reserved.
4 *
5 * This software was developed for the FreeBSD Project by ThinkSec AS and
6 * Network Associates Laboratories, the Security Research Division of
7 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
8 * ("CBOSS"), as part of the DARPA CHATS research program.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. The name of the author may not be used to endorse or promote
19 *    products derived from this software without specific prior written
20 *    permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $P4: //depot/projects/openpam/lib/openpam_impl.h#16 $
35 */
36
37#ifndef _OPENPAM_IMPL_H_INCLUDED
38#define _OPENPAM_IMPL_H_INCLUDED
39
40#include <security/openpam.h>
41
42extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
43
44/*
45 * Control flags
46 */
47#define PAM_REQUIRED		1
48#define PAM_REQUISITE		2
49#define PAM_SUFFICIENT		3
50#define PAM_OPTIONAL		4
51#define PAM_BINDING		5
52#define PAM_NUM_CONTROLFLAGS	6
53
54/*
55 * Chains
56 */
57#define PAM_AUTH		0
58#define PAM_ACCOUNT		1
59#define PAM_SESSION		2
60#define PAM_PASSWORD		3
61#define PAM_NUM_CHAINS		4
62
63typedef struct pam_chain pam_chain_t;
64struct pam_chain {
65	pam_module_t	*module;
66	int		 flag;
67	int		 optc;
68	char	       **optv;
69	pam_chain_t	*next;
70};
71
72typedef struct pam_data pam_data_t;
73struct pam_data {
74	char		*name;
75	void		*data;
76	void		(*cleanup)(pam_handle_t *, void *, int);
77	pam_data_t	*next;
78};
79
80struct pam_handle {
81	char		*service;
82
83	/* chains */
84	pam_chain_t	*chains[PAM_NUM_CHAINS];
85	pam_chain_t	*current;
86
87	/* items and data */
88	void		*item[PAM_NUM_ITEMS];
89	pam_data_t	*module_data;
90
91	/* environment list */
92	char	       **env;
93	int		 env_count;
94	int		 env_size;
95};
96
97#ifdef NGROUPS_MAX
98#define PAM_SAVED_CRED "pam_saved_cred"
99struct pam_saved_cred {
100	uid_t	 euid;
101	gid_t	 egid;
102	gid_t	 groups[NGROUPS_MAX];
103	int	 ngroups;
104};
105#endif
106
107#define PAM_OTHER	"other"
108
109int		openpam_configure(pam_handle_t *, const char *);
110int		openpam_dispatch(pam_handle_t *, int, int);
111int		openpam_findenv(pam_handle_t *, const char *, size_t);
112int		openpam_add_module(pam_chain_t **, int, int,
113				   const char *, int, const char **);
114void		openpam_clear_chains(pam_chain_t **);
115
116#ifdef OPENPAM_STATIC_MODULES
117pam_module_t   *openpam_static(const char *);
118#endif
119pam_module_t   *openpam_dynamic(const char *);
120
121#endif
122