source: openpam/trunk/include/security/openpam.h @ 437

Last change on this file since 437 was 437, checked in by Dag-Erling Smørgrav, 9 years ago

Update copyright and release notes.

  • Property svn:keywords set to Id
File size: 8.2 KB
Line 
1/*-
2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2011 Dag-Erling Smørgrav
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in the
18 *    documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 *    products derived from this software without specific prior written
21 *    permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
35 * $Id: openpam.h 437 2011-09-13 12:00:13Z des $
36 */
37
38#ifndef SECURITY_OPENPAM_H_INCLUDED
39#define SECURITY_OPENPAM_H_INCLUDED
40
41/*
42 * Annoying but necessary header pollution
43 */
44#include <stdarg.h>
45
46#include <security/openpam_attr.h>
47
48#ifdef __cplusplus
49extern "C" {
50#endif
51
52struct passwd;
53
54/*
55 * API extensions
56 */
57int
58openpam_borrow_cred(pam_handle_t *_pamh,
59        const struct passwd *_pwd)
60        OPENPAM_NONNULL((1,2));
61
62void
63openpam_free_data(pam_handle_t *_pamh,
64        void *_data,
65        int _status);
66
67void
68openpam_free_envlist(char **_envlist);
69
70const char *
71openpam_get_option(pam_handle_t *_pamh,
72        const char *_option);
73
74int
75openpam_restore_cred(pam_handle_t *_pamh)
76        OPENPAM_NONNULL((1));
77
78int
79openpam_set_option(pam_handle_t *_pamh,
80        const char *_option,
81        const char *_value);
82
83int
84pam_error(const pam_handle_t *_pamh,
85        const char *_fmt,
86        ...)
87        OPENPAM_FORMAT ((__printf__, 2, 3))
88        OPENPAM_NONNULL((1,2));
89
90int
91pam_get_authtok(pam_handle_t *_pamh,
92        int _item,
93        const char **_authtok,
94        const char *_prompt)
95        OPENPAM_NONNULL((1,3));
96
97int
98pam_info(const pam_handle_t *_pamh,
99        const char *_fmt,
100        ...)
101        OPENPAM_FORMAT ((__printf__, 2, 3))
102        OPENPAM_NONNULL((1,2));
103
104int
105pam_prompt(const pam_handle_t *_pamh,
106        int _style,
107        char **_resp,
108        const char *_fmt,
109        ...)
110        OPENPAM_FORMAT ((__printf__, 4, 5))
111        OPENPAM_NONNULL((1,4));
112
113int
114pam_setenv(pam_handle_t *_pamh,
115        const char *_name,
116        const char *_value,
117        int _overwrite)
118        OPENPAM_NONNULL((1,2,3));
119
120int
121pam_vinfo(const pam_handle_t *_pamh,
122        const char *_fmt,
123        va_list _ap)
124        OPENPAM_FORMAT ((__printf__, 2, 0))
125        OPENPAM_NONNULL((1,2));
126
127int
128pam_verror(const pam_handle_t *_pamh,
129        const char *_fmt,
130        va_list _ap)
131        OPENPAM_FORMAT ((__printf__, 2, 0))
132        OPENPAM_NONNULL((1,2));
133
134int
135pam_vprompt(const pam_handle_t *_pamh,
136        int _style,
137        char **_resp,
138        const char *_fmt,
139        va_list _ap)
140        OPENPAM_FORMAT ((__printf__, 4, 0))
141        OPENPAM_NONNULL((1,4));
142
143/*
144 * Read cooked lines.
145 * Checking for _IOFBF is a fairly reliable way to detect the presence
146 * of <stdio.h>, as SUSv3 requires it to be defined there.
147 */
148#ifdef _IOFBF
149char *
150openpam_readline(FILE *_f,
151        int *_lineno,
152        size_t *_lenp)
153        OPENPAM_NONNULL((1));
154#endif
155
156/*
157 * Log levels
158 */
159enum {
160        PAM_LOG_DEBUG,
161        PAM_LOG_VERBOSE,
162        PAM_LOG_NOTICE,
163        PAM_LOG_ERROR
164};
165
166/*
167 * Log to syslog
168 */
169void
170_openpam_log(int _level,
171        const char *_func,
172        const char *_fmt,
173        ...)
174        OPENPAM_FORMAT ((__printf__, 3, 4))
175        OPENPAM_NONNULL((3));
176
177#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
178#define openpam_log(lvl, ...) \
179        _openpam_log((lvl), __func__, __VA_ARGS__)
180#elif defined(__GNUC__) && (__GNUC__ >= 3)
181#define openpam_log(lvl, ...) \
182        _openpam_log((lvl), __func__, __VA_ARGS__)
183#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95)
184#define openpam_log(lvl, fmt...) \
185        _openpam_log((lvl), __func__, ##fmt)
186#elif defined(__GNUC__) && defined(__FUNCTION__)
187#define openpam_log(lvl, fmt...) \
188        _openpam_log((lvl), __FUNCTION__, ##fmt)
189#else
190void
191openpam_log(int _level,
192        const char *_format,
193        ...)
194        OPENPAM_FORMAT ((__printf__, 2, 3))
195        OPENPAM_NONNULL((2));
196#endif
197
198/*
199 * Generic conversation function
200 */
201struct pam_message;
202struct pam_response;
203int openpam_ttyconv(int _n,
204        const struct pam_message **_msg,
205        struct pam_response **_resp,
206        void *_data);
207
208extern int openpam_ttyconv_timeout;
209
210/*
211 * Null conversation function
212 */
213int openpam_nullconv(int _n,
214        const struct pam_message **_msg,
215        struct pam_response **_resp,
216        void *_data);
217
218/*
219 * PAM primitives
220 */
221enum {
222        PAM_SM_AUTHENTICATE,
223        PAM_SM_SETCRED,
224        PAM_SM_ACCT_MGMT,
225        PAM_SM_OPEN_SESSION,
226        PAM_SM_CLOSE_SESSION,
227        PAM_SM_CHAUTHTOK,
228        /* keep this last */
229        PAM_NUM_PRIMITIVES
230};
231
232/*
233 * Dummy service module function
234 */
235#define PAM_SM_DUMMY(type)                                              \
236PAM_EXTERN int                                                          \
237pam_sm_##type(pam_handle_t *pamh, int flags,                            \
238    int argc, const char *argv[])                                       \
239{                                                                       \
240                                                                        \
241        (void)pamh;                                                     \
242        (void)flags;                                                    \
243        (void)argc;                                                     \
244        (void)argv;                                                     \
245        return (PAM_IGNORE);                                            \
246}
247
248/*
249 * PAM service module functions match this typedef
250 */
251struct pam_handle;
252typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
253
254/*
255 * A struct that describes a module.
256 */
257typedef struct pam_module pam_module_t;
258struct pam_module {
259        char            *path;
260        pam_func_t       func[PAM_NUM_PRIMITIVES];
261        void            *dlh;
262};
263
264/*
265 * Source-code compatibility with Linux-PAM modules
266 */
267#if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \
268        defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD)
269# define LINUX_PAM_MODULE
270#endif
271
272#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH)
273# define _PAM_SM_AUTHENTICATE   0
274# define _PAM_SM_SETCRED        0
275#else
276# undef PAM_SM_AUTH
277# define PAM_SM_AUTH
278# define _PAM_SM_AUTHENTICATE   pam_sm_authenticate
279# define _PAM_SM_SETCRED        pam_sm_setcred
280#endif
281
282#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT)
283# define _PAM_SM_ACCT_MGMT      0
284#else
285# undef PAM_SM_ACCOUNT
286# define PAM_SM_ACCOUNT
287# define _PAM_SM_ACCT_MGMT      pam_sm_acct_mgmt
288#endif
289
290#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION)
291# define _PAM_SM_OPEN_SESSION   0
292# define _PAM_SM_CLOSE_SESSION  0
293#else
294# undef PAM_SM_SESSION
295# define PAM_SM_SESSION
296# define _PAM_SM_OPEN_SESSION   pam_sm_open_session
297# define _PAM_SM_CLOSE_SESSION  pam_sm_close_session
298#endif
299
300#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD)
301# define _PAM_SM_CHAUTHTOK      0
302#else
303# undef PAM_SM_PASSWORD
304# define PAM_SM_PASSWORD
305# define _PAM_SM_CHAUTHTOK      pam_sm_chauthtok
306#endif
307
308/*
309 * Infrastructure for static modules using GCC linker sets.
310 * You are not expected to understand this.
311 */
312#if !defined(PAM_SOEXT)
313# define PAM_SOEXT ".so"
314#endif
315
316#if defined(OPENPAM_STATIC_MODULES)
317# if !defined(__GNUC__)
318#  error "Don't know how to build static modules on non-GNU compilers"
319# endif
320/* gcc, static linking */
321# include <sys/cdefs.h>
322# include <linker_set.h>
323# define PAM_EXTERN static
324# define PAM_MODULE_ENTRY(name)                                         \
325        static char _pam_name[] = name PAM_SOEXT;                       \
326        static struct pam_module _pam_module = {                        \
327                .path = _pam_name,                                      \
328                .func = {                                               \
329                        [PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE,   \
330                        [PAM_SM_SETCRED] = _PAM_SM_SETCRED,             \
331                        [PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT,         \
332                        [PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION,   \
333                        [PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \
334                        [PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK          \
335                },                                                      \
336        };                                                              \
337        DATA_SET(_openpam_static_modules, _pam_module)
338#else
339/* normal case */
340# define PAM_EXTERN
341# define PAM_MODULE_ENTRY(name)
342#endif
343
344#ifdef __cplusplus
345}
346#endif
347
348#endif /* !SECURITY_OPENPAM_H_INCLUDED */
Note: See TracBrowser for help on using the repository browser.