source: openpam/trunk/include/security/openpam.h @ 241

Last change on this file since 241 was 241, checked in by des, 12 years ago

Continue improving the new configuration parser, particularly error
reporting: error messages relating to policy files now include line
numbers, and the parser will warn about invalid facility names.

Also fix an off-by-one bug in the option handling code.

File size: 7.1 KB
Line 
1/*-
2 * Copyright (c) 2002 Networks Associates Technology, Inc.
3 * All rights reserved.
4 *
5 * This software was developed for the FreeBSD Project by ThinkSec AS and
6 * Network Associates Laboratories, the Security Research Division of
7 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
8 * ("CBOSS"), as part of the DARPA CHATS research program.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. The name of the author may not be used to endorse or promote
19 *    products derived from this software without specific prior written
20 *    permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $P4: //depot/projects/openpam/include/security/openpam.h#23 $
35 */
36
37#ifndef _SECURITY_OPENPAM_H_INCLUDED
38#define _SECURITY_OPENPAM_H_INCLUDED
39
40/*
41 * Annoying but necessary header pollution
42 */
43#include <stdarg.h>
44
45#ifdef __cplusplus
46extern "C" {
47#endif
48
49struct passwd;
50
51/*
52 * API extensions
53 */
54int
55openpam_borrow_cred(pam_handle_t *_pamh,
56        const struct passwd *_pwd);
57
58void
59openpam_free_data(pam_handle_t *_pamh,
60        void *_data,
61        int _status);
62
63const char *
64openpam_get_option(pam_handle_t *_pamh,
65        const char *_option);
66
67int
68openpam_restore_cred(pam_handle_t *_pamh);
69
70int
71openpam_set_option(pam_handle_t *_pamh,
72        const char *_option,
73        const char *_value);
74
75int
76pam_error(pam_handle_t *_pamh,
77        const char *_fmt,
78        ...);
79
80int
81pam_get_authtok(pam_handle_t *_pamh,
82        int _item,
83        const char **_authtok,
84        const char *_prompt);
85
86int
87pam_info(pam_handle_t *_pamh,
88        const char *_fmt,
89        ...);
90
91int
92pam_prompt(pam_handle_t *_pamh,
93        int _style,
94        char **_resp,
95        const char *_fmt,
96        ...);
97
98int
99pam_setenv(pam_handle_t *_pamh,
100        const char *_name,
101        const char *_value,
102        int _overwrite);
103
104int
105pam_vinfo(pam_handle_t *_pamh,
106        const char *_fmt,
107        va_list _ap);
108
109int
110pam_verror(pam_handle_t *_pamh,
111        const char *_fmt,
112        va_list _ap);
113
114int
115pam_vprompt(pam_handle_t *_pamh,
116        int _style,
117        char **_resp,
118        const char *_fmt,
119        va_list _ap);
120
121/*
122 * Read cooked lines.
123 * Checking for FOPEN_MAX is a fairly reliable way to detect the presence
124 * of <stdio.h>
125 */
126#ifdef FOPEN_MAX
127char *
128openpam_readline(FILE *_f,
129        int *_lineno,
130        size_t *_lenp);
131#endif
132
133/*
134 * Log levels
135 */
136enum {
137        PAM_LOG_DEBUG,
138        PAM_LOG_VERBOSE,
139        PAM_LOG_NOTICE,
140        PAM_LOG_ERROR
141};
142
143/*
144 * Log to syslog
145 */
146void
147_openpam_log(int _level,
148        const char *_func,
149        const char *_fmt,
150        ...);
151
152#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
153#define openpam_log(lvl, ...) \
154        _openpam_log((lvl), __func__, __VA_ARGS__)
155#elif defined(__GNUC__) && (__GNUC__ >= 3)
156#define openpam_log(lvl, ...) \
157        _openpam_log((lvl), __func__, __VA_ARGS__)
158#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95)
159#define openpam_log(lvl, fmt...) \
160        _openpam_log((lvl), __func__, ##fmt)
161#elif defined(__GNUC__) && defined(__FUNCTION__)
162#define openpam_log(lvl, fmt...) \
163        _openpam_log((lvl), __FUNCTION__, ##fmt)
164#else
165void
166openpam_log(int _level,
167        const char *_format,
168        ...);
169#endif
170
171/*
172 * Generic conversation function
173 */
174struct pam_message;
175struct pam_response;
176int openpam_ttyconv(int _n,
177        const struct pam_message **_msg,
178        struct pam_response **_resp,
179        void *_data);
180
181/*
182 * Null conversation function
183 */
184int openpam_nullconv(int _n,
185        const struct pam_message **_msg,
186        struct pam_response **_resp,
187        void *_data);
188
189/*
190 * PAM primitives
191 */
192enum {
193        PAM_SM_AUTHENTICATE,
194        PAM_SM_SETCRED,
195        PAM_SM_ACCT_MGMT,
196        PAM_SM_OPEN_SESSION,
197        PAM_SM_CLOSE_SESSION,
198        PAM_SM_CHAUTHTOK,
199        /* keep this last */
200        PAM_NUM_PRIMITIVES
201};
202
203/*
204 * Dummy service module function
205 */
206#define PAM_SM_DUMMY(type)                                              \
207PAM_EXTERN int                                                          \
208pam_sm_##type(pam_handle_t *pamh, int flags,                            \
209    int argc, const char *argv[])                                       \
210{                                                                       \
211        return (PAM_IGNORE);                                            \
212}
213
214/*
215 * PAM service module functions match this typedef
216 */
217struct pam_handle;
218typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
219
220/*
221 * A struct that describes a module.
222 */
223typedef struct pam_module pam_module_t;
224struct pam_module {
225        char            *path;
226        pam_func_t       func[PAM_NUM_PRIMITIVES];
227        void            *dlh;
228        int              refcount;
229        pam_module_t    *prev;
230        pam_module_t    *next;
231};
232
233/*
234 * Source-code compatibility with Linux-PAM modules
235 */
236#if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \
237        defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD)
238#define LINUX_PAM_MODULE
239#endif
240#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH)
241#define _PAM_SM_AUTHENTICATE    0
242#define _PAM_SM_SETCRED         0
243#else
244#undef PAM_SM_AUTH
245#define PAM_SM_AUTH
246#define _PAM_SM_AUTHENTICATE    pam_sm_authenticate
247#define _PAM_SM_SETCRED         pam_sm_setcred
248#endif
249#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT)
250#define _PAM_SM_ACCT_MGMT       0
251#else
252#undef PAM_SM_ACCOUNT
253#define PAM_SM_ACCOUNT
254#define _PAM_SM_ACCT_MGMT       pam_sm_acct_mgmt
255#endif
256#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION)
257#define _PAM_SM_OPEN_SESSION    0
258#define _PAM_SM_CLOSE_SESSION   0
259#else
260#undef PAM_SM_SESSION
261#define PAM_SM_SESSION
262#define _PAM_SM_OPEN_SESSION    pam_sm_open_session
263#define _PAM_SM_CLOSE_SESSION   pam_sm_close_session
264#endif
265#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD)
266#define _PAM_SM_CHAUTHTOK       0
267#else
268#undef PAM_SM_PASSWORD
269#define PAM_SM_PASSWORD
270#define _PAM_SM_CHAUTHTOK       pam_sm_chauthtok
271#endif
272
273/*
274 * Infrastructure for static modules using GCC linker sets.
275 * You are not expected to understand this.
276 */
277#if defined(__FreeBSD__)
278#define PAM_SOEXT ".so"
279#else
280#ifndef NO_STATIC_MODULES
281#define NO_STATIC_MODULES
282#endif
283#endif
284#if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES)
285/* gcc, static linking */
286#include <sys/cdefs.h>
287#include <linker_set.h>
288#define OPENPAM_STATIC_MODULES
289#define PAM_EXTERN static
290#define PAM_MODULE_ENTRY(name)                                          \
291static char _pam_name[] = name PAM_SOEXT;                               \
292static struct pam_module _pam_module = { _pam_name, {                   \
293    _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT,           \
294    _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK },   \
295    NULL, 0, NULL, NULL };                                              \
296DATA_SET(_openpam_static_modules, _pam_module)
297#else
298/* normal case */
299#define PAM_EXTERN
300#define PAM_MODULE_ENTRY(name)
301#endif
302
303#ifdef __cplusplus
304}
305#endif
306
307#endif
Note: See TracBrowser for help on using the repository browser.