source: openpam/trunk/lib/openpam_impl.h @ 547

Last change on this file since 547 was 547, checked in by Dag-Erling Smørgrav, 9 years ago

Add an openpam_straddch() function that appends a character to a
string, reallocating the string if necessary.

Add an openpam_readword() function that reads a single word from a
file according to the usual shell quoting rules.

Add an openpam_readlinev() function that uses openpam_readword() to
read an entire line and return a list of the words it contained.

Rewrite openpam_parse_chain() using openpam_readlinev(), which greatly
simplifies the code and ensures correct parsing of module option.

Thanks to Maëlle Lesage for pointing out the issue and writing an
early version of what became the main loop in openpam_readword().

  • Property svn:keywords set to Id
File size: 4.2 KB
Line 
1/*-
2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2011 Dag-Erling Smørgrav
4 * All rights reserved.
5 *
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in the
18 *    documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 *    products derived from this software without specific prior written
21 *    permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 *
35 * $Id: openpam_impl.h 547 2012-04-01 15:01:21Z des $
36 */
37
38#ifndef OPENPAM_IMPL_H_INCLUDED
39#define OPENPAM_IMPL_H_INCLUDED
40
41#include <security/openpam.h>
42
43extern int openpam_debug;
44
45/*
46 * Control flags
47 */
48typedef enum {
49        PAM_BINDING,
50        PAM_REQUIRED,
51        PAM_REQUISITE,
52        PAM_SUFFICIENT,
53        PAM_OPTIONAL,
54        PAM_NUM_CONTROL_FLAGS
55} pam_control_t;
56
57/*
58 * Facilities
59 */
60typedef enum {
61        PAM_FACILITY_ANY = -1,
62        PAM_AUTH = 0,
63        PAM_ACCOUNT,
64        PAM_SESSION,
65        PAM_PASSWORD,
66        PAM_NUM_FACILITIES
67} pam_facility_t;
68
69/*
70 * Module chains
71 */
72typedef struct pam_chain pam_chain_t;
73struct pam_chain {
74        pam_module_t    *module;
75        int              flag;
76        int              optc;
77        char           **optv;
78        pam_chain_t     *next;
79};
80
81/*
82 * Service policies
83 */
84#if defined(OPENPAM_EMBEDDED)
85typedef struct pam_policy pam_policy_t;
86struct pam_policy {
87        const char      *service;
88        pam_chain_t     *chains[PAM_NUM_FACILITIES];
89};
90extern pam_policy_t *pam_embedded_policies[];
91#endif
92
93/*
94 * Module-specific data
95 */
96typedef struct pam_data pam_data_t;
97struct pam_data {
98        char            *name;
99        void            *data;
100        void            (*cleanup)(pam_handle_t *, void *, int);
101        pam_data_t      *next;
102};
103
104/*
105 * PAM context
106 */
107struct pam_handle {
108        char            *service;
109
110        /* chains */
111        pam_chain_t     *chains[PAM_NUM_FACILITIES];
112        pam_chain_t     *current;
113        int              primitive;
114
115        /* items and data */
116        void            *item[PAM_NUM_ITEMS];
117        pam_data_t      *module_data;
118
119        /* environment list */
120        char           **env;
121        int              env_count;
122        int              env_size;
123};
124
125#ifdef NGROUPS_MAX
126/*
127 * Saved credentials
128 */
129#define PAM_SAVED_CRED "pam_saved_cred"
130struct pam_saved_cred {
131        uid_t    euid;
132        gid_t    egid;
133        gid_t    groups[NGROUPS_MAX];
134        int      ngroups;
135};
136#endif
137
138/*
139 * Default policy
140 */
141#define PAM_OTHER       "other"
142
143/*
144 * Internal functions
145 */
146int              openpam_configure(pam_handle_t *, const char *);
147int              openpam_dispatch(pam_handle_t *, int, int);
148int              openpam_findenv(pam_handle_t *, const char *, size_t);
149pam_module_t    *openpam_load_module(const char *);
150void             openpam_clear_chains(pam_chain_t **);
151
152int              openpam_check_desc_owner_perms(const char *, int);
153int              openpam_check_path_owner_perms(const char *);
154
155#ifdef OPENPAM_STATIC_MODULES
156pam_module_t    *openpam_static(const char *);
157#endif
158pam_module_t    *openpam_dynamic(const char *);
159
160#define FREE(p)                                 \
161        do {                                    \
162                free(p);                        \
163                (p) = NULL;                     \
164        } while (0)
165
166#define FREEV(c, v)                             \
167        do {                                    \
168                while (c) {                     \
169                        --(c);                  \
170                        FREE((v)[(c)]);         \
171                }                               \
172                FREE(v);                        \
173        } while (0)
174
175#include "openpam_constants.h"
176#include "openpam_debug.h"
177
178#endif
Note: See TracBrowser for help on using the repository browser.