1/*	$NetBSD: openpam_impl.h,v 1.2 2011/12/25 22:27:55 christos Exp $	*/
2
3/*-
4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
5 * Copyright (c) 2004-2011 Dag-Erling Smørgrav
6 * All rights reserved.
7 *
8 * This software was developed for the FreeBSD Project by ThinkSec AS and
9 * Network Associates Laboratories, the Security Research Division of
10 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
11 * ("CBOSS"), as part of the DARPA CHATS research program.
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 *    notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 *    notice, this list of conditions and the following disclaimer in the
20 *    documentation and/or other materials provided with the distribution.
21 * 3. The name of the author may not be used to endorse or promote
22 *    products derived from this software without specific prior written
23 *    permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * SUCH DAMAGE.
36 *
37 * Id: openpam_impl.h 499 2011-11-22 11:51:50Z des
38 */
39
40#ifndef OPENPAM_IMPL_H_INCLUDED
41#define OPENPAM_IMPL_H_INCLUDED
42
43#include <security/openpam.h>
44
45extern int openpam_debug;
46
47/*
48 * Control flags
49 */
50typedef enum {
51	PAM_BINDING,
52	PAM_REQUIRED,
53	PAM_REQUISITE,
54	PAM_SUFFICIENT,
55	PAM_OPTIONAL,
56	PAM_NUM_CONTROL_FLAGS
57} pam_control_t;
58
59/*
60 * Facilities
61 */
62typedef enum {
63	PAM_FACILITY_ANY = -1,
64	PAM_AUTH = 0,
65	PAM_ACCOUNT,
66	PAM_SESSION,
67	PAM_PASSWORD,
68	PAM_NUM_FACILITIES
69} pam_facility_t;
70
71/*
72 * Module chains
73 */
74typedef struct pam_chain pam_chain_t;
75struct pam_chain {
76	pam_module_t	*module;
77	int		 flag;
78	int		 optc;
79	char	       **optv;
80	pam_chain_t	*next;
81};
82
83/*
84 * Service policies
85 */
86#if defined(OPENPAM_EMBEDDED)
87typedef struct pam_policy pam_policy_t;
88struct pam_policy {
89	const char	*service;
90	pam_chain_t	*chains[PAM_NUM_FACILITIES];
91};
92extern pam_policy_t *pam_embedded_policies[];
93#endif
94
95/*
96 * Module-specific data
97 */
98typedef struct pam_data pam_data_t;
99struct pam_data {
100	char		*name;
101	void		*data;
102	void		(*cleanup)(pam_handle_t *, void *, int);
103	pam_data_t	*next;
104};
105
106/*
107 * PAM context
108 */
109struct pam_handle {
110	char		*service;
111
112	/* chains */
113	pam_chain_t	*chains[PAM_NUM_FACILITIES];
114	pam_chain_t	*current;
115	int		 primitive;
116
117	/* items and data */
118	void		*item[PAM_NUM_ITEMS];
119	pam_data_t	*module_data;
120
121	/* environment list */
122	char	       **env;
123	int		 env_count;
124	int		 env_size;
125};
126
127#ifdef NGROUPS_MAX
128/*
129 * Saved credentials
130 */
131#define PAM_SAVED_CRED "pam_saved_cred"
132struct pam_saved_cred {
133	uid_t	 euid;
134	gid_t	 egid;
135	gid_t	 groups[NGROUPS_MAX];
136	int	 ngroups;
137};
138#endif
139
140/*
141 * Default policy
142 */
143#define PAM_OTHER	"other"
144
145/*
146 * Internal functions
147 */
148int		 openpam_configure(pam_handle_t *, const char *);
149int		 openpam_dispatch(pam_handle_t *, int, int);
150int		 openpam_findenv(pam_handle_t *, const char *, size_t);
151pam_module_t	*openpam_load_module(const char *);
152void		 openpam_clear_chains(pam_chain_t **);
153
154int		 openpam_check_desc_owner_perms(const char *, int);
155int		 openpam_check_path_owner_perms(const char *);
156
157#ifdef OPENPAM_STATIC_MODULES
158pam_module_t	*openpam_static(const char *);
159#endif
160pam_module_t	*openpam_dynamic(const char *);
161
162#define	FREE(p) do { free((p)); (p) = NULL; } while (/*CONSTCOND*/0)
163
164#include "openpam_constants.h"
165#include "openpam_debug.h"
166
167#endif
168