1/* $NetBSD: openpam_impl.h,v 1.2 2011/12/25 22:27:55 christos Exp $ */ 2 3/*- 4 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2004-2011 Dag-Erling Smørgrav 6 * All rights reserved. 7 * 8 * This software was developed for the FreeBSD Project by ThinkSec AS and 9 * Network Associates Laboratories, the Security Research Division of 10 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 11 * ("CBOSS"), as part of the DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The name of the author may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * Id: openpam_impl.h 499 2011-11-22 11:51:50Z des 38 */ 39 40#ifndef OPENPAM_IMPL_H_INCLUDED 41#define OPENPAM_IMPL_H_INCLUDED 42 43#include <security/openpam.h> 44 45extern int openpam_debug; 46 47/* 48 * Control flags 49 */ 50typedef enum { 51 PAM_BINDING, 52 PAM_REQUIRED, 53 PAM_REQUISITE, 54 PAM_SUFFICIENT, 55 PAM_OPTIONAL, 56 PAM_NUM_CONTROL_FLAGS 57} pam_control_t; 58 59/* 60 * Facilities 61 */ 62typedef enum { 63 PAM_FACILITY_ANY = -1, 64 PAM_AUTH = 0, 65 PAM_ACCOUNT, 66 PAM_SESSION, 67 PAM_PASSWORD, 68 PAM_NUM_FACILITIES 69} pam_facility_t; 70 71/* 72 * Module chains 73 */ 74typedef struct pam_chain pam_chain_t; 75struct pam_chain { 76 pam_module_t *module; 77 int flag; 78 int optc; 79 char **optv; 80 pam_chain_t *next; 81}; 82 83/* 84 * Service policies 85 */ 86#if defined(OPENPAM_EMBEDDED) 87typedef struct pam_policy pam_policy_t; 88struct pam_policy { 89 const char *service; 90 pam_chain_t *chains[PAM_NUM_FACILITIES]; 91}; 92extern pam_policy_t *pam_embedded_policies[]; 93#endif 94 95/* 96 * Module-specific data 97 */ 98typedef struct pam_data pam_data_t; 99struct pam_data { 100 char *name; 101 void *data; 102 void (*cleanup)(pam_handle_t *, void *, int); 103 pam_data_t *next; 104}; 105 106/* 107 * PAM context 108 */ 109struct pam_handle { 110 char *service; 111 112 /* chains */ 113 pam_chain_t *chains[PAM_NUM_FACILITIES]; 114 pam_chain_t *current; 115 int primitive; 116 117 /* items and data */ 118 void *item[PAM_NUM_ITEMS]; 119 pam_data_t *module_data; 120 121 /* environment list */ 122 char **env; 123 int env_count; 124 int env_size; 125}; 126 127#ifdef NGROUPS_MAX 128/* 129 * Saved credentials 130 */ 131#define PAM_SAVED_CRED "pam_saved_cred" 132struct pam_saved_cred { 133 uid_t euid; 134 gid_t egid; 135 gid_t groups[NGROUPS_MAX]; 136 int ngroups; 137}; 138#endif 139 140/* 141 * Default policy 142 */ 143#define PAM_OTHER "other" 144 145/* 146 * Internal functions 147 */ 148int openpam_configure(pam_handle_t *, const char *); 149int openpam_dispatch(pam_handle_t *, int, int); 150int openpam_findenv(pam_handle_t *, const char *, size_t); 151pam_module_t *openpam_load_module(const char *); 152void openpam_clear_chains(pam_chain_t **); 153 154int openpam_check_desc_owner_perms(const char *, int); 155int openpam_check_path_owner_perms(const char *); 156 157#ifdef OPENPAM_STATIC_MODULES 158pam_module_t *openpam_static(const char *); 159#endif 160pam_module_t *openpam_dynamic(const char *); 161 162#define FREE(p) do { free((p)); (p) = NULL; } while (/*CONSTCOND*/0) 163 164#include "openpam_constants.h" 165#include "openpam_debug.h" 166 167#endif 168