openpam.h revision 1.1.1.5
1 1.1 christos /*- 2 1.1 christos * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 1.1.1.5 christos * Copyright (c) 2004-2015 Dag-Erling Smrgrav 4 1.1 christos * All rights reserved. 5 1.1 christos * 6 1.1 christos * This software was developed for the FreeBSD Project by ThinkSec AS and 7 1.1 christos * Network Associates Laboratories, the Security Research Division of 8 1.1 christos * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 1.1 christos * ("CBOSS"), as part of the DARPA CHATS research program. 10 1.1 christos * 11 1.1 christos * Redistribution and use in source and binary forms, with or without 12 1.1 christos * modification, are permitted provided that the following conditions 13 1.1 christos * are met: 14 1.1 christos * 1. Redistributions of source code must retain the above copyright 15 1.1 christos * notice, this list of conditions and the following disclaimer. 16 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright 17 1.1 christos * notice, this list of conditions and the following disclaimer in the 18 1.1 christos * documentation and/or other materials provided with the distribution. 19 1.1 christos * 3. The name of the author may not be used to endorse or promote 20 1.1 christos * products derived from this software without specific prior written 21 1.1 christos * permission. 22 1.1 christos * 23 1.1 christos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 1.1 christos * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.1 christos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.1 christos * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 1.1 christos * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.1 christos * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.1 christos * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.1 christos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.1 christos * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.1 christos * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.1 christos * SUCH DAMAGE. 34 1.1 christos * 35 1.1.1.5 christos * $OpenPAM: openpam.h 938 2017-04-30 21:34:42Z des $ 36 1.1 christos */ 37 1.1 christos 38 1.1 christos #ifndef SECURITY_OPENPAM_H_INCLUDED 39 1.1 christos #define SECURITY_OPENPAM_H_INCLUDED 40 1.1 christos 41 1.1 christos /* 42 1.1 christos * Annoying but necessary header pollution 43 1.1 christos */ 44 1.1 christos #include <stdarg.h> 45 1.1 christos 46 1.1 christos #include <security/openpam_attr.h> 47 1.1 christos 48 1.1 christos #ifdef __cplusplus 49 1.1 christos extern "C" { 50 1.1 christos #endif 51 1.1 christos 52 1.1 christos struct passwd; 53 1.1 christos 54 1.1 christos /* 55 1.1 christos * API extensions 56 1.1 christos */ 57 1.1 christos int 58 1.1 christos openpam_borrow_cred(pam_handle_t *_pamh, 59 1.1 christos const struct passwd *_pwd) 60 1.1 christos OPENPAM_NONNULL((1,2)); 61 1.1 christos 62 1.1 christos int 63 1.1 christos openpam_subst(const pam_handle_t *_pamh, 64 1.1 christos char *_buf, 65 1.1 christos size_t *_bufsize, 66 1.1 christos const char *_template); 67 1.1 christos 68 1.1 christos void 69 1.1 christos openpam_free_data(pam_handle_t *_pamh, 70 1.1 christos void *_data, 71 1.1 christos int _status); 72 1.1 christos 73 1.1 christos void 74 1.1 christos openpam_free_envlist(char **_envlist); 75 1.1 christos 76 1.1 christos const char * 77 1.1 christos openpam_get_option(pam_handle_t *_pamh, 78 1.1 christos const char *_option); 79 1.1 christos 80 1.1 christos int 81 1.1 christos openpam_restore_cred(pam_handle_t *_pamh) 82 1.1 christos OPENPAM_NONNULL((1)); 83 1.1 christos 84 1.1 christos int 85 1.1 christos openpam_set_option(pam_handle_t *_pamh, 86 1.1 christos const char *_option, 87 1.1 christos const char *_value); 88 1.1 christos 89 1.1 christos int 90 1.1 christos pam_error(const pam_handle_t *_pamh, 91 1.1 christos const char *_fmt, 92 1.1 christos ...) 93 1.1 christos OPENPAM_FORMAT ((__printf__, 2, 3)) 94 1.1 christos OPENPAM_NONNULL((1,2)); 95 1.1 christos 96 1.1 christos int 97 1.1 christos pam_get_authtok(pam_handle_t *_pamh, 98 1.1 christos int _item, 99 1.1 christos const char **_authtok, 100 1.1 christos const char *_prompt) 101 1.1 christos OPENPAM_NONNULL((1,3)); 102 1.1 christos 103 1.1 christos int 104 1.1 christos pam_info(const pam_handle_t *_pamh, 105 1.1 christos const char *_fmt, 106 1.1 christos ...) 107 1.1 christos OPENPAM_FORMAT ((__printf__, 2, 3)) 108 1.1 christos OPENPAM_NONNULL((1,2)); 109 1.1 christos 110 1.1 christos int 111 1.1 christos pam_prompt(const pam_handle_t *_pamh, 112 1.1 christos int _style, 113 1.1 christos char **_resp, 114 1.1 christos const char *_fmt, 115 1.1 christos ...) 116 1.1 christos OPENPAM_FORMAT ((__printf__, 4, 5)) 117 1.1 christos OPENPAM_NONNULL((1,4)); 118 1.1 christos 119 1.1 christos int 120 1.1 christos pam_setenv(pam_handle_t *_pamh, 121 1.1 christos const char *_name, 122 1.1 christos const char *_value, 123 1.1 christos int _overwrite) 124 1.1 christos OPENPAM_NONNULL((1,2,3)); 125 1.1 christos 126 1.1 christos int 127 1.1 christos pam_vinfo(const pam_handle_t *_pamh, 128 1.1 christos const char *_fmt, 129 1.1 christos va_list _ap) 130 1.1 christos OPENPAM_FORMAT ((__printf__, 2, 0)) 131 1.1 christos OPENPAM_NONNULL((1,2)); 132 1.1 christos 133 1.1 christos int 134 1.1 christos pam_verror(const pam_handle_t *_pamh, 135 1.1 christos const char *_fmt, 136 1.1 christos va_list _ap) 137 1.1 christos OPENPAM_FORMAT ((__printf__, 2, 0)) 138 1.1 christos OPENPAM_NONNULL((1,2)); 139 1.1 christos 140 1.1 christos int 141 1.1 christos pam_vprompt(const pam_handle_t *_pamh, 142 1.1 christos int _style, 143 1.1 christos char **_resp, 144 1.1 christos const char *_fmt, 145 1.1 christos va_list _ap) 146 1.1 christos OPENPAM_FORMAT ((__printf__, 4, 0)) 147 1.1 christos OPENPAM_NONNULL((1,4)); 148 1.1 christos 149 1.1 christos /* 150 1.1 christos * Read cooked lines. 151 1.1 christos * Checking for _IOFBF is a fairly reliable way to detect the presence 152 1.1 christos * of <stdio.h>, as SUSv3 requires it to be defined there. 153 1.1 christos */ 154 1.1 christos #ifdef _IOFBF 155 1.1 christos char * 156 1.1 christos openpam_readline(FILE *_f, 157 1.1 christos int *_lineno, 158 1.1 christos size_t *_lenp) 159 1.1 christos OPENPAM_NONNULL((1)); 160 1.1.1.2 christos 161 1.1.1.2 christos char ** 162 1.1.1.2 christos openpam_readlinev(FILE *_f, 163 1.1.1.2 christos int *_lineno, 164 1.1.1.2 christos int *_lenp) 165 1.1.1.2 christos OPENPAM_NONNULL((1)); 166 1.1.1.2 christos 167 1.1.1.2 christos char * 168 1.1.1.2 christos openpam_readword(FILE *_f, 169 1.1.1.2 christos int *_lineno, 170 1.1.1.2 christos size_t *_lenp) 171 1.1.1.2 christos OPENPAM_NONNULL((1)); 172 1.1 christos #endif 173 1.1 christos 174 1.1.1.2 christos int 175 1.1.1.2 christos openpam_straddch(char **_str, 176 1.1.1.2 christos size_t *_sizep, 177 1.1.1.2 christos size_t *_lenp, 178 1.1.1.2 christos int ch) 179 1.1.1.2 christos OPENPAM_NONNULL((1)); 180 1.1.1.2 christos 181 1.1.1.2 christos /* 182 1.1.1.2 christos * Enable / disable optional features 183 1.1.1.2 christos */ 184 1.1.1.2 christos enum { 185 1.1.1.2 christos OPENPAM_RESTRICT_SERVICE_NAME, 186 1.1.1.2 christos OPENPAM_VERIFY_POLICY_FILE, 187 1.1.1.2 christos OPENPAM_RESTRICT_MODULE_NAME, 188 1.1.1.2 christos OPENPAM_VERIFY_MODULE_FILE, 189 1.1.1.5 christos OPENPAM_FALLBACK_TO_OTHER, 190 1.1.1.2 christos OPENPAM_NUM_FEATURES 191 1.1.1.2 christos }; 192 1.1.1.2 christos 193 1.1.1.2 christos int 194 1.1.1.2 christos openpam_set_feature(int _feature, int _onoff); 195 1.1.1.2 christos 196 1.1.1.2 christos int 197 1.1.1.2 christos openpam_get_feature(int _feature, int *_onoff); 198 1.1.1.2 christos 199 1.1 christos /* 200 1.1 christos * Log levels 201 1.1 christos */ 202 1.1 christos enum { 203 1.1.1.2 christos PAM_LOG_LIBDEBUG = -1, 204 1.1 christos PAM_LOG_DEBUG, 205 1.1 christos PAM_LOG_VERBOSE, 206 1.1 christos PAM_LOG_NOTICE, 207 1.1 christos PAM_LOG_ERROR 208 1.1 christos }; 209 1.1 christos 210 1.1 christos /* 211 1.1 christos * Log to syslog 212 1.1 christos */ 213 1.1 christos void 214 1.1 christos _openpam_log(int _level, 215 1.1 christos const char *_func, 216 1.1 christos const char *_fmt, 217 1.1 christos ...) 218 1.1 christos OPENPAM_FORMAT ((__printf__, 3, 4)) 219 1.1 christos OPENPAM_NONNULL((3)); 220 1.1 christos 221 1.1 christos #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 222 1.1 christos #define openpam_log(lvl, ...) \ 223 1.1 christos _openpam_log((lvl), __func__, __VA_ARGS__) 224 1.1 christos #elif defined(__GNUC__) && (__GNUC__ >= 3) 225 1.1 christos #define openpam_log(lvl, ...) \ 226 1.1 christos _openpam_log((lvl), __func__, __VA_ARGS__) 227 1.1 christos #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 228 1.1 christos #define openpam_log(lvl, fmt...) \ 229 1.1 christos _openpam_log((lvl), __func__, ##fmt) 230 1.1 christos #elif defined(__GNUC__) && defined(__FUNCTION__) 231 1.1 christos #define openpam_log(lvl, fmt...) \ 232 1.1 christos _openpam_log((lvl), __FUNCTION__, ##fmt) 233 1.1 christos #else 234 1.1 christos void 235 1.1 christos openpam_log(int _level, 236 1.1 christos const char *_format, 237 1.1.1.2 christos ...) 238 1.1.1.2 christos OPENPAM_FORMAT ((__printf__, 2, 3)) 239 1.1 christos OPENPAM_NONNULL((2)); 240 1.1 christos #endif 241 1.1 christos 242 1.1 christos /* 243 1.1 christos * Generic conversation function 244 1.1 christos */ 245 1.1 christos struct pam_message; 246 1.1 christos struct pam_response; 247 1.1 christos int openpam_ttyconv(int _n, 248 1.1 christos const struct pam_message **_msg, 249 1.1 christos struct pam_response **_resp, 250 1.1 christos void *_data); 251 1.1 christos 252 1.1 christos extern int openpam_ttyconv_timeout; 253 1.1 christos 254 1.1 christos /* 255 1.1 christos * Null conversation function 256 1.1 christos */ 257 1.1 christos int openpam_nullconv(int _n, 258 1.1 christos const struct pam_message **_msg, 259 1.1 christos struct pam_response **_resp, 260 1.1 christos void *_data); 261 1.1 christos 262 1.1 christos /* 263 1.1 christos * PAM primitives 264 1.1 christos */ 265 1.1 christos enum { 266 1.1 christos PAM_SM_AUTHENTICATE, 267 1.1 christos PAM_SM_SETCRED, 268 1.1 christos PAM_SM_ACCT_MGMT, 269 1.1 christos PAM_SM_OPEN_SESSION, 270 1.1 christos PAM_SM_CLOSE_SESSION, 271 1.1 christos PAM_SM_CHAUTHTOK, 272 1.1 christos /* keep this last */ 273 1.1 christos PAM_NUM_PRIMITIVES 274 1.1 christos }; 275 1.1 christos 276 1.1 christos /* 277 1.1 christos * Dummy service module function 278 1.1 christos */ 279 1.1 christos #define PAM_SM_DUMMY(type) \ 280 1.1 christos PAM_EXTERN int \ 281 1.1 christos pam_sm_##type(pam_handle_t *pamh, int flags, \ 282 1.1 christos int argc, const char *argv[]) \ 283 1.1 christos { \ 284 1.1 christos \ 285 1.1 christos (void)pamh; \ 286 1.1 christos (void)flags; \ 287 1.1 christos (void)argc; \ 288 1.1 christos (void)argv; \ 289 1.1 christos return (PAM_IGNORE); \ 290 1.1 christos } 291 1.1 christos 292 1.1 christos /* 293 1.1 christos * PAM service module functions match this typedef 294 1.1 christos */ 295 1.1 christos struct pam_handle; 296 1.1 christos typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 297 1.1 christos 298 1.1 christos /* 299 1.1 christos * A struct that describes a module. 300 1.1 christos */ 301 1.1 christos typedef struct pam_module pam_module_t; 302 1.1 christos struct pam_module { 303 1.1 christos char *path; 304 1.1 christos pam_func_t func[PAM_NUM_PRIMITIVES]; 305 1.1 christos void *dlh; 306 1.1 christos }; 307 1.1 christos 308 1.1 christos /* 309 1.1 christos * Source-code compatibility with Linux-PAM modules 310 1.1 christos */ 311 1.1 christos #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 312 1.1 christos defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 313 1.1 christos # define LINUX_PAM_MODULE 314 1.1 christos #endif 315 1.1 christos 316 1.1 christos #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 317 1.1 christos # define _PAM_SM_AUTHENTICATE 0 318 1.1 christos # define _PAM_SM_SETCRED 0 319 1.1 christos #else 320 1.1 christos # undef PAM_SM_AUTH 321 1.1 christos # define PAM_SM_AUTH 322 1.1 christos # define _PAM_SM_AUTHENTICATE pam_sm_authenticate 323 1.1 christos # define _PAM_SM_SETCRED pam_sm_setcred 324 1.1 christos #endif 325 1.1 christos 326 1.1 christos #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 327 1.1 christos # define _PAM_SM_ACCT_MGMT 0 328 1.1 christos #else 329 1.1 christos # undef PAM_SM_ACCOUNT 330 1.1 christos # define PAM_SM_ACCOUNT 331 1.1 christos # define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 332 1.1 christos #endif 333 1.1 christos 334 1.1 christos #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 335 1.1 christos # define _PAM_SM_OPEN_SESSION 0 336 1.1 christos # define _PAM_SM_CLOSE_SESSION 0 337 1.1 christos #else 338 1.1 christos # undef PAM_SM_SESSION 339 1.1 christos # define PAM_SM_SESSION 340 1.1 christos # define _PAM_SM_OPEN_SESSION pam_sm_open_session 341 1.1 christos # define _PAM_SM_CLOSE_SESSION pam_sm_close_session 342 1.1 christos #endif 343 1.1 christos 344 1.1 christos #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 345 1.1 christos # define _PAM_SM_CHAUTHTOK 0 346 1.1 christos #else 347 1.1 christos # undef PAM_SM_PASSWORD 348 1.1 christos # define PAM_SM_PASSWORD 349 1.1 christos # define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 350 1.1 christos #endif 351 1.1 christos 352 1.1 christos /* 353 1.1 christos * Infrastructure for static modules using GCC linker sets. 354 1.1 christos * You are not expected to understand this. 355 1.1 christos */ 356 1.1 christos #if !defined(PAM_SOEXT) 357 1.1 christos # define PAM_SOEXT ".so" 358 1.1 christos #endif 359 1.1 christos 360 1.1 christos #if defined(OPENPAM_STATIC_MODULES) 361 1.1 christos # if !defined(__GNUC__) 362 1.1 christos # error "Don't know how to build static modules on non-GNU compilers" 363 1.1 christos # endif 364 1.1 christos /* gcc, static linking */ 365 1.1 christos # include <sys/cdefs.h> 366 1.1 christos # include <linker_set.h> 367 1.1 christos # define PAM_EXTERN static 368 1.1 christos # define PAM_MODULE_ENTRY(name) \ 369 1.1 christos static char _pam_name[] = name PAM_SOEXT; \ 370 1.1 christos static struct pam_module _pam_module = { \ 371 1.1 christos .path = _pam_name, \ 372 1.1 christos .func = { \ 373 1.1 christos [PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE, \ 374 1.1 christos [PAM_SM_SETCRED] = _PAM_SM_SETCRED, \ 375 1.1 christos [PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT, \ 376 1.1 christos [PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION, \ 377 1.1 christos [PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \ 378 1.1 christos [PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK \ 379 1.1 christos }, \ 380 1.1 christos }; \ 381 1.1 christos DATA_SET(_openpam_static_modules, _pam_module) 382 1.1 christos #else 383 1.1 christos /* normal case */ 384 1.1 christos # define PAM_EXTERN 385 1.1 christos # define PAM_MODULE_ENTRY(name) 386 1.1 christos #endif 387 1.1 christos 388 1.1 christos #ifdef __cplusplus 389 1.1 christos } 390 1.1 christos #endif 391 1.1 christos 392 1.1 christos #endif /* !SECURITY_OPENPAM_H_INCLUDED */ 393
Indexes created Sun Jun 28 00:24:58 UTC 2026