Context Navigation

source: openpam/trunk/include/security/openpam.h @ 437

Last change on this file since 437 was 437, checked in by Dag-Erling Smørgrav, 9 years ago
Update copyright and release notes.
Property svn:keywords set to `Id`
File size: 8.2 KB

Line
1	/*-
2	* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3	* Copyright (c) 2004-2011 Dag-Erling Smørgrav
4	* All rights reserved.
5	*
6	* This software was developed for the FreeBSD Project by ThinkSec AS and
7	* Network Associates Laboratories, the Security Research Division of
8	* Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9	* ("CBOSS"), as part of the DARPA CHATS research program.
10	*
11	* Redistribution and use in source and binary forms, with or without
12	* modification, are permitted provided that the following conditions
13	* are met:
14	* 1. Redistributions of source code must retain the above copyright
15	* notice, this list of conditions and the following disclaimer.
16	* 2. Redistributions in binary form must reproduce the above copyright
17	* notice, this list of conditions and the following disclaimer in the
18	* documentation and/or other materials provided with the distribution.
19	* 3. The name of the author may not be used to endorse or promote
20	* products derived from this software without specific prior written
21	* permission.
22	*
23	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33	* SUCH DAMAGE.
34	*
35	* $Id: openpam.h 437 2011-09-13 12:00:13Z des $
36	*/
37
38	#ifndef SECURITY_OPENPAM_H_INCLUDED
39	#define SECURITY_OPENPAM_H_INCLUDED
40
41	/*
42	* Annoying but necessary header pollution
43	*/
44	#include <stdarg.h>
45
46	#include <security/openpam_attr.h>
47
48	#ifdef __cplusplus
49	extern "C" {
50	#endif
51
52	struct passwd;
53
54	/*
55	* API extensions
56	*/
57	int
58	openpam_borrow_cred(pam_handle_t *_pamh,
59	const struct passwd *_pwd)
60	OPENPAM_NONNULL((1,2));
61
62	void
63	openpam_free_data(pam_handle_t *_pamh,
64	void *_data,
65	int _status);
66
67	void
68	openpam_free_envlist(char **_envlist);
69
70	const char *
71	openpam_get_option(pam_handle_t *_pamh,
72	const char *_option);
73
74	int
75	openpam_restore_cred(pam_handle_t *_pamh)
76	OPENPAM_NONNULL((1));
77
78	int
79	openpam_set_option(pam_handle_t *_pamh,
80	const char *_option,
81	const char *_value);
82
83	int
84	pam_error(const pam_handle_t *_pamh,
85	const char *_fmt,
86	...)
87	OPENPAM_FORMAT ((__printf__, 2, 3))
88	OPENPAM_NONNULL((1,2));
89
90	int
91	pam_get_authtok(pam_handle_t *_pamh,
92	int _item,
93	const char **_authtok,
94	const char *_prompt)
95	OPENPAM_NONNULL((1,3));
96
97	int
98	pam_info(const pam_handle_t *_pamh,
99	const char *_fmt,
100	...)
101	OPENPAM_FORMAT ((__printf__, 2, 3))
102	OPENPAM_NONNULL((1,2));
103
104	int
105	pam_prompt(const pam_handle_t *_pamh,
106	int _style,
107	char **_resp,
108	const char *_fmt,
109	...)
110	OPENPAM_FORMAT ((__printf__, 4, 5))
111	OPENPAM_NONNULL((1,4));
112
113	int
114	pam_setenv(pam_handle_t *_pamh,
115	const char *_name,
116	const char *_value,
117	int _overwrite)
118	OPENPAM_NONNULL((1,2,3));
119
120	int
121	pam_vinfo(const pam_handle_t *_pamh,
122	const char *_fmt,
123	va_list _ap)
124	OPENPAM_FORMAT ((__printf__, 2, 0))
125	OPENPAM_NONNULL((1,2));
126
127	int
128	pam_verror(const pam_handle_t *_pamh,
129	const char *_fmt,
130	va_list _ap)
131	OPENPAM_FORMAT ((__printf__, 2, 0))
132	OPENPAM_NONNULL((1,2));
133
134	int
135	pam_vprompt(const pam_handle_t *_pamh,
136	int _style,
137	char **_resp,
138	const char *_fmt,
139	va_list _ap)
140	OPENPAM_FORMAT ((__printf__, 4, 0))
141	OPENPAM_NONNULL((1,4));
142
143	/*
144	* Read cooked lines.
145	* Checking for _IOFBF is a fairly reliable way to detect the presence
146	* of <stdio.h>, as SUSv3 requires it to be defined there.
147	*/
148	#ifdef _IOFBF
149	char *
150	openpam_readline(FILE *_f,
151	int *_lineno,
152	size_t *_lenp)
153	OPENPAM_NONNULL((1));
154	#endif
155
156	/*
157	* Log levels
158	*/
159	enum {
160	PAM_LOG_DEBUG,
161	PAM_LOG_VERBOSE,
162	PAM_LOG_NOTICE,
163	PAM_LOG_ERROR
164	};
165
166	/*
167	* Log to syslog
168	*/
169	void
170	_openpam_log(int _level,
171	const char *_func,
172	const char *_fmt,
173	...)
174	OPENPAM_FORMAT ((__printf__, 3, 4))
175	OPENPAM_NONNULL((3));
176
177	#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
178	#define openpam_log(lvl, ...) \
179	_openpam_log((lvl), __func__, __VA_ARGS__)
180	#elif defined(__GNUC__) && (__GNUC__ >= 3)
181	#define openpam_log(lvl, ...) \
182	_openpam_log((lvl), __func__, __VA_ARGS__)
183	#elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95)
184	#define openpam_log(lvl, fmt...) \
185	_openpam_log((lvl), __func__, ##fmt)
186	#elif defined(__GNUC__) && defined(__FUNCTION__)
187	#define openpam_log(lvl, fmt...) \
188	_openpam_log((lvl), __FUNCTION__, ##fmt)
189	#else
190	void
191	openpam_log(int _level,
192	const char *_format,
193	...)
194	OPENPAM_FORMAT ((__printf__, 2, 3))
195	OPENPAM_NONNULL((2));
196	#endif
197
198	/*
199	* Generic conversation function
200	*/
201	struct pam_message;
202	struct pam_response;
203	int openpam_ttyconv(int _n,
204	const struct pam_message **_msg,
205	struct pam_response **_resp,
206	void *_data);
207
208	extern int openpam_ttyconv_timeout;
209
210	/*
211	* Null conversation function
212	*/
213	int openpam_nullconv(int _n,
214	const struct pam_message **_msg,
215	struct pam_response **_resp,
216	void *_data);
217
218	/*
219	* PAM primitives
220	*/
221	enum {
222	PAM_SM_AUTHENTICATE,
223	PAM_SM_SETCRED,
224	PAM_SM_ACCT_MGMT,
225	PAM_SM_OPEN_SESSION,
226	PAM_SM_CLOSE_SESSION,
227	PAM_SM_CHAUTHTOK,
228	/* keep this last */
229	PAM_NUM_PRIMITIVES
230	};
231
232	/*
233	* Dummy service module function
234	*/
235	#define PAM_SM_DUMMY(type) \
236	PAM_EXTERN int \
237	pam_sm_##type(pam_handle_t *pamh, int flags, \
238	int argc, const char *argv[]) \
239	{ \
240	\
241	(void)pamh; \
242	(void)flags; \
243	(void)argc; \
244	(void)argv; \
245	return (PAM_IGNORE); \
246	}
247
248	/*
249	* PAM service module functions match this typedef
250	*/
251	struct pam_handle;
252	typedef int (pam_func_t)(struct pam_handle , int, int, const char **);
253
254	/*
255	* A struct that describes a module.
256	*/
257	typedef struct pam_module pam_module_t;
258	struct pam_module {
259	char *path;
260	pam_func_t func[PAM_NUM_PRIMITIVES];
261	void *dlh;
262	};
263
264	/*
265	* Source-code compatibility with Linux-PAM modules
266	*/
267	#if defined(PAM_SM_AUTH) \|\| defined(PAM_SM_ACCOUNT) \|\| \
268	defined(PAM_SM_SESSION) \|\| defined(PAM_SM_PASSWORD)
269	# define LINUX_PAM_MODULE
270	#endif
271
272	#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH)
273	# define _PAM_SM_AUTHENTICATE 0
274	# define _PAM_SM_SETCRED 0
275	#else
276	# undef PAM_SM_AUTH
277	# define PAM_SM_AUTH
278	# define _PAM_SM_AUTHENTICATE pam_sm_authenticate
279	# define _PAM_SM_SETCRED pam_sm_setcred
280	#endif
281
282	#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT)
283	# define _PAM_SM_ACCT_MGMT 0
284	#else
285	# undef PAM_SM_ACCOUNT
286	# define PAM_SM_ACCOUNT
287	# define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt
288	#endif
289
290	#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION)
291	# define _PAM_SM_OPEN_SESSION 0
292	# define _PAM_SM_CLOSE_SESSION 0
293	#else
294	# undef PAM_SM_SESSION
295	# define PAM_SM_SESSION
296	# define _PAM_SM_OPEN_SESSION pam_sm_open_session
297	# define _PAM_SM_CLOSE_SESSION pam_sm_close_session
298	#endif
299
300	#if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD)
301	# define _PAM_SM_CHAUTHTOK 0
302	#else
303	# undef PAM_SM_PASSWORD
304	# define PAM_SM_PASSWORD
305	# define _PAM_SM_CHAUTHTOK pam_sm_chauthtok
306	#endif
307
308	/*
309	* Infrastructure for static modules using GCC linker sets.
310	* You are not expected to understand this.
311	*/
312	#if !defined(PAM_SOEXT)
313	# define PAM_SOEXT ".so"
314	#endif
315
316	#if defined(OPENPAM_STATIC_MODULES)
317	# if !defined(__GNUC__)
318	# error "Don't know how to build static modules on non-GNU compilers"
319	# endif
320	/* gcc, static linking */
321	# include <sys/cdefs.h>
322	# include <linker_set.h>
323	# define PAM_EXTERN static
324	# define PAM_MODULE_ENTRY(name) \
325	static char _pam_name[] = name PAM_SOEXT; \
326	static struct pam_module _pam_module = { \
327	.path = _pam_name, \
328	.func = { \
329	[PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE, \
330	[PAM_SM_SETCRED] = _PAM_SM_SETCRED, \
331	[PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT, \
332	[PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION, \
333	[PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \
334	[PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK \
335	}, \
336	}; \
337	DATA_SET(_openpam_static_modules, _pam_module)
338	#else
339	/* normal case */
340	# define PAM_EXTERN
341	# define PAM_MODULE_ENTRY(name)
342	#endif
343
344	#ifdef __cplusplus
345	}
346	#endif
347
348	#endif /* !SECURITY_OPENPAM_H_INCLUDED */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: