source: openpam/trunk/include/security/openpam.h @ 269

Last change on this file since 269 was 269, checked in by des, 11 years ago

FOPEN_MAX wasn't such a reliable <stdio.h> indicator after all, so
use _IOFBF instead.

File size: 7.2 KB
Line 
1/*-
2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3 * All rights reserved.
4 *
5 * This software was developed for the FreeBSD Project by ThinkSec AS and
6 * Network Associates Laboratories, the Security Research Division of
7 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
8 * ("CBOSS"), as part of the DARPA CHATS research program.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. The name of the author may not be used to endorse or promote
19 *    products derived from this software without specific prior written
20 *    permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $P4: //depot/projects/openpam/include/security/openpam.h#26 $
35 */
36
37#ifndef _SECURITY_OPENPAM_H_INCLUDED
38#define _SECURITY_OPENPAM_H_INCLUDED
39
40/*
41 * Annoying but necessary header pollution
42 */
43#include <stdarg.h>
44
45#ifdef __cplusplus
46extern "C" {
47#endif
48
49struct passwd;
50
51/*
52 * API extensions
53 */
54int
55openpam_borrow_cred(pam_handle_t *_pamh,
56        const struct passwd *_pwd);
57
58void
59openpam_free_data(pam_handle_t *_pamh,
60        void *_data,
61        int _status);
62
63const char *
64openpam_get_option(pam_handle_t *_pamh,
65        const char *_option);
66
67int
68openpam_restore_cred(pam_handle_t *_pamh);
69
70int
71openpam_set_option(pam_handle_t *_pamh,
72        const char *_option,
73        const char *_value);
74
75int
76pam_error(pam_handle_t *_pamh,
77        const char *_fmt,
78        ...);
79
80int
81pam_get_authtok(pam_handle_t *_pamh,
82        int _item,
83        const char **_authtok,
84        const char *_prompt);
85
86int
87pam_info(pam_handle_t *_pamh,
88        const char *_fmt,
89        ...);
90
91int
92pam_prompt(pam_handle_t *_pamh,
93        int _style,
94        char **_resp,
95        const char *_fmt,
96        ...);
97
98int
99pam_setenv(pam_handle_t *_pamh,
100        const char *_name,
101        const char *_value,
102        int _overwrite);
103
104int
105pam_vinfo(pam_handle_t *_pamh,
106        const char *_fmt,
107        va_list _ap);
108
109int
110pam_verror(pam_handle_t *_pamh,
111        const char *_fmt,
112        va_list _ap);
113
114int
115pam_vprompt(pam_handle_t *_pamh,
116        int _style,
117        char **_resp,
118        const char *_fmt,
119        va_list _ap);
120
121/*
122 * Read cooked lines.
123 * Checking for _IOFBF is a fairly reliable way to detect the presence
124 * of <stdio.h>, as SUSv3 requires it to be defined there.
125 */
126#ifdef _IOFBF
127char *
128openpam_readline(FILE *_f,
129        int *_lineno,
130        size_t *_lenp);
131#endif
132
133/*
134 * Log levels
135 */
136enum {
137        PAM_LOG_DEBUG,
138        PAM_LOG_VERBOSE,
139        PAM_LOG_NOTICE,
140        PAM_LOG_ERROR
141};
142
143/*
144 * Log to syslog
145 */
146void
147_openpam_log(int _level,
148        const char *_func,
149        const char *_fmt,
150        ...);
151
152#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
153#define openpam_log(lvl, ...) \
154        _openpam_log((lvl), __func__, __VA_ARGS__)
155#elif defined(__GNUC__) && (__GNUC__ >= 3)
156#define openpam_log(lvl, ...) \
157        _openpam_log((lvl), __func__, __VA_ARGS__)
158#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95)
159#define openpam_log(lvl, fmt...) \
160        _openpam_log((lvl), __func__, ##fmt)
161#elif defined(__GNUC__) && defined(__FUNCTION__)
162#define openpam_log(lvl, fmt...) \
163        _openpam_log((lvl), __FUNCTION__, ##fmt)
164#else
165void
166openpam_log(int _level,
167        const char *_format,
168        ...);
169#endif
170
171/*
172 * Generic conversation function
173 */
174struct pam_message;
175struct pam_response;
176int openpam_ttyconv(int _n,
177        const struct pam_message **_msg,
178        struct pam_response **_resp,
179        void *_data);
180
181extern int openpam_ttyconv_timeout;
182
183/*
184 * Null conversation function
185 */
186int openpam_nullconv(int _n,
187        const struct pam_message **_msg,
188        struct pam_response **_resp,
189        void *_data);
190
191/*
192 * PAM primitives
193 */
194enum {
195        PAM_SM_AUTHENTICATE,
196        PAM_SM_SETCRED,
197        PAM_SM_ACCT_MGMT,
198        PAM_SM_OPEN_SESSION,
199        PAM_SM_CLOSE_SESSION,
200        PAM_SM_CHAUTHTOK,
201        /* keep this last */
202        PAM_NUM_PRIMITIVES
203};
204
205/*
206 * Dummy service module function
207 */
208#define PAM_SM_DUMMY(type)                                              \
209PAM_EXTERN int                                                          \
210pam_sm_##type(pam_handle_t *pamh, int flags,                            \
211    int argc, const char *argv[])                                       \
212{                                                                       \
213        return (PAM_IGNORE);                                            \
214}
215
216/*
217 * PAM service module functions match this typedef
218 */
219struct pam_handle;
220typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
221
222/*
223 * A struct that describes a module.
224 */
225typedef struct pam_module pam_module_t;
226struct pam_module {
227        char            *path;
228        pam_func_t       func[PAM_NUM_PRIMITIVES];
229        void            *dlh;
230        int              refcount;
231        pam_module_t    *prev;
232        pam_module_t    *next;
233};
234
235/*
236 * Source-code compatibility with Linux-PAM modules
237 */
238#if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \
239        defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD)
240#define LINUX_PAM_MODULE
241#endif
242#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH)
243#define _PAM_SM_AUTHENTICATE    0
244#define _PAM_SM_SETCRED         0
245#else
246#undef PAM_SM_AUTH
247#define PAM_SM_AUTH
248#define _PAM_SM_AUTHENTICATE    pam_sm_authenticate
249#define _PAM_SM_SETCRED         pam_sm_setcred
250#endif
251#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT)
252#define _PAM_SM_ACCT_MGMT       0
253#else
254#undef PAM_SM_ACCOUNT
255#define PAM_SM_ACCOUNT
256#define _PAM_SM_ACCT_MGMT       pam_sm_acct_mgmt
257#endif
258#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION)
259#define _PAM_SM_OPEN_SESSION    0
260#define _PAM_SM_CLOSE_SESSION   0
261#else
262#undef PAM_SM_SESSION
263#define PAM_SM_SESSION
264#define _PAM_SM_OPEN_SESSION    pam_sm_open_session
265#define _PAM_SM_CLOSE_SESSION   pam_sm_close_session
266#endif
267#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD)
268#define _PAM_SM_CHAUTHTOK       0
269#else
270#undef PAM_SM_PASSWORD
271#define PAM_SM_PASSWORD
272#define _PAM_SM_CHAUTHTOK       pam_sm_chauthtok
273#endif
274
275/*
276 * Infrastructure for static modules using GCC linker sets.
277 * You are not expected to understand this.
278 */
279#if defined(__FreeBSD__)
280#define PAM_SOEXT ".so"
281#else
282#ifndef NO_STATIC_MODULES
283#define NO_STATIC_MODULES
284#endif
285#endif
286#if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES)
287/* gcc, static linking */
288#include <sys/cdefs.h>
289#include <linker_set.h>
290#define OPENPAM_STATIC_MODULES
291#define PAM_EXTERN static
292#define PAM_MODULE_ENTRY(name)                                          \
293static char _pam_name[] = name PAM_SOEXT;                               \
294static struct pam_module _pam_module = { _pam_name, {                   \
295    _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT,           \
296    _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK },   \
297    NULL, 0, NULL, NULL };                                              \
298DATA_SET(_openpam_static_modules, _pam_module)
299#else
300/* normal case */
301#define PAM_EXTERN
302#define PAM_MODULE_ENTRY(name)
303#endif
304
305#ifdef __cplusplus
306}
307#endif
308
309#endif
Note: See TracBrowser for help on using the repository browser.