1/*- 2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2004-2007 Dag-Erling Smørgrav 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and 7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The name of the author may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * $Id: openpam_impl.h 408 2007-12-21 11:36:24Z des $ 36 */ 37 38#ifndef _OPENPAM_IMPL_H_INCLUDED 39#define _OPENPAM_IMPL_H_INCLUDED 40 41#define PAM_LOG_LIBDEBUG -1 42 43#ifdef HAVE_CONFIG_H 44# include <config.h> 45#endif 46 47#include <security/openpam.h> 48 49extern const char *_pam_func_name[PAM_NUM_PRIMITIVES]; 50extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES]; 51extern const char *_pam_err_name[PAM_NUM_ERRORS]; 52extern const char *_pam_item_name[PAM_NUM_ITEMS]; 53 54extern int _openpam_debug; 55 56/* 57 * Control flags 58 */ 59typedef enum { 60 PAM_BINDING, 61 PAM_REQUIRED, 62 PAM_REQUISITE, 63 PAM_SUFFICIENT, 64 PAM_OPTIONAL, 65 PAM_NUM_CONTROL_FLAGS 66} pam_control_t; 67 68/* 69 * Facilities 70 */ 71typedef enum { 72 PAM_FACILITY_ANY = -1, 73 PAM_AUTH = 0, 74 PAM_ACCOUNT, 75 PAM_SESSION, 76 PAM_PASSWORD, 77 PAM_NUM_FACILITIES 78} pam_facility_t; 79 80typedef struct pam_chain pam_chain_t; 81struct pam_chain { 82 pam_module_t *module; 83 int flag; 84 int optc; 85 char **optv; 86 pam_chain_t *next; 87}; 88 89typedef struct pam_data pam_data_t; 90struct pam_data { 91 char *name; 92 void *data; 93 void (*cleanup)(pam_handle_t *, void *, int); 94 pam_data_t *next; 95}; 96 97struct pam_handle { 98 char *service; 99 100 /* chains */ 101 pam_chain_t *chains[PAM_NUM_FACILITIES]; 102 pam_chain_t *current; 103 int primitive; 104 105 /* items and data */ 106 void *item[PAM_NUM_ITEMS]; 107 pam_data_t *module_data; 108 109 /* environment list */ 110 char **env; 111 int env_count; 112 int env_size; 113}; 114 115#ifdef NGROUPS_MAX 116#define PAM_SAVED_CRED "pam_saved_cred" 117struct pam_saved_cred { 118 uid_t euid; 119 gid_t egid; 120 gid_t groups[NGROUPS_MAX]; 121 int ngroups; 122}; 123#endif 124 125#define PAM_OTHER "other" 126 127int openpam_configure(pam_handle_t *, const char *); 128int openpam_dispatch(pam_handle_t *, int, int); 129int openpam_findenv(pam_handle_t *, const char *, size_t); 130pam_module_t *openpam_load_module(const char *); 131void openpam_clear_chains(pam_chain_t **); 132 133#ifdef OPENPAM_STATIC_MODULES 134pam_module_t *openpam_static(const char *); 135#endif 136pam_module_t *openpam_dynamic(const char *); 137 138#define FREE(p) do { free((p)); (p) = NULL; } while (0) 139 140#ifdef DEBUG 141#define ENTER() openpam_log(PAM_LOG_LIBDEBUG, "entering") 142#define ENTERI(i) do { \ 143 int _i = (i); \ 144 if (_i > 0 && _i < PAM_NUM_ITEMS) \ 145 openpam_log(PAM_LOG_LIBDEBUG, "entering: %s", _pam_item_name[_i]); \ 146 else \ 147 openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", _i); \ 148} while (0) 149#define ENTERN(n) do { \ 150 int _n = (n); \ 151 openpam_log(PAM_LOG_LIBDEBUG, "entering: %d", _n); \ 152} while (0) 153#define ENTERS(s) do { \ 154 const char *_s = (s); \ 155 if (_s == NULL) \ 156 openpam_log(PAM_LOG_LIBDEBUG, "entering: NULL"); \ 157 else \ 158 openpam_log(PAM_LOG_LIBDEBUG, "entering: '%s'", _s); \ 159} while (0) 160#define RETURNV() openpam_log(PAM_LOG_LIBDEBUG, "returning") 161#define RETURNC(c) do { \ 162 int _c = (c); \ 163 if (_c >= 0 && _c < PAM_NUM_ERRORS) \ 164 openpam_log(PAM_LOG_LIBDEBUG, "returning %s", _pam_err_name[_c]); \ 165 else \ 166 openpam_log(PAM_LOG_LIBDEBUG, "returning %d!", _c); \ 167 return (_c); \ 168} while (0) 169#define RETURNN(n) do { \ 170 int _n = (n); \ 171 openpam_log(PAM_LOG_LIBDEBUG, "returning %d", _n); \ 172 return (_n); \ 173} while (0) 174#define RETURNP(p) do { \ 175 const void *_p = (p); \ 176 if (_p == NULL) \ 177 openpam_log(PAM_LOG_LIBDEBUG, "returning NULL"); \ 178 else \ 179 openpam_log(PAM_LOG_LIBDEBUG, "returning %p", _p); \ 180 return (p); \ 181} while (0) 182#define RETURNS(s) do { \ 183 const char *_s = (s); \ 184 if (_s == NULL) \ 185 openpam_log(PAM_LOG_LIBDEBUG, "returning NULL"); \ 186 else \ 187 openpam_log(PAM_LOG_LIBDEBUG, "returning '%s'", _s); \ 188 return (_s); \ 189} while (0) 190#else 191#define ENTER() 192#define ENTERI(i) 193#define ENTERN(n) 194#define ENTERS(s) 195#define RETURNV() return 196#define RETURNC(c) return (c) 197#define RETURNN(n) return (n) 198#define RETURNP(p) return (p) 199#define RETURNS(s) return (s) 200#endif 201 202#endif 203