openpam.h revision 1.4.8.2
1 /* $NetBSD: openpam.h,v 1.4.8.2 2014/08/19 23:52:06 tls Exp $ */ 2 3 /*- 4 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 5 * Copyright (c) 2004-2011 Dag-Erling Smrgrav 6 * All rights reserved. 7 * 8 * This software was developed for the FreeBSD Project by ThinkSec AS and 9 * Network Associates Laboratories, the Security Research Division of 10 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 11 * ("CBOSS"), as part of the DARPA CHATS research program. 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. The name of the author may not be used to endorse or promote 22 * products derived from this software without specific prior written 23 * permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * Id: openpam.h 648 2013-03-05 17:54:27Z des 38 */ 39 40 #ifndef SECURITY_OPENPAM_H_INCLUDED 41 #define SECURITY_OPENPAM_H_INCLUDED 42 43 /* 44 * Annoying but necessary header pollution 45 */ 46 #include <stdarg.h> 47 48 #include <security/openpam_attr.h> 49 50 #ifdef __cplusplus 51 extern "C" { 52 #endif 53 54 struct passwd; 55 56 /* 57 * API extensions 58 */ 59 int 60 openpam_borrow_cred(pam_handle_t *_pamh, 61 const struct passwd *_pwd) 62 OPENPAM_NONNULL((1,2)); 63 64 int 65 openpam_subst(const pam_handle_t *_pamh, 66 char *_buf, 67 size_t *_bufsize, 68 const char *_template); 69 70 void 71 openpam_free_data(pam_handle_t *_pamh, 72 void *_data, 73 int _status); 74 75 void 76 openpam_free_envlist(char **_envlist); 77 78 const char * 79 openpam_get_option(pam_handle_t *_pamh, 80 const char *_option); 81 82 int 83 openpam_restore_cred(pam_handle_t *_pamh) 84 OPENPAM_NONNULL((1)); 85 86 int 87 openpam_set_option(pam_handle_t *_pamh, 88 const char *_option, 89 const char *_value); 90 91 int 92 pam_error(const pam_handle_t *_pamh, 93 const char *_fmt, 94 ...) 95 OPENPAM_FORMAT ((__printf__, 2, 3)) 96 OPENPAM_NONNULL((1,2)); 97 98 int 99 pam_get_authtok(pam_handle_t *_pamh, 100 int _item, 101 const char **_authtok, 102 const char *_prompt) 103 OPENPAM_NONNULL((1,3)); 104 105 int 106 pam_info(const pam_handle_t *_pamh, 107 const char *_fmt, 108 ...) 109 OPENPAM_FORMAT ((__printf__, 2, 3)) 110 OPENPAM_NONNULL((1,2)); 111 112 int 113 pam_prompt(const pam_handle_t *_pamh, 114 int _style, 115 char **_resp, 116 const char *_fmt, 117 ...) 118 OPENPAM_FORMAT ((__printf__, 4, 5)) 119 OPENPAM_NONNULL((1,4)); 120 121 int 122 pam_setenv(pam_handle_t *_pamh, 123 const char *_name, 124 const char *_value, 125 int _overwrite) 126 OPENPAM_NONNULL((1,2,3)); 127 128 int 129 pam_vinfo(const pam_handle_t *_pamh, 130 const char *_fmt, 131 va_list _ap) 132 OPENPAM_FORMAT ((__printf__, 2, 0)) 133 OPENPAM_NONNULL((1,2)); 134 135 int 136 pam_verror(const pam_handle_t *_pamh, 137 const char *_fmt, 138 va_list _ap) 139 OPENPAM_FORMAT ((__printf__, 2, 0)) 140 OPENPAM_NONNULL((1,2)); 141 142 int 143 pam_vprompt(const pam_handle_t *_pamh, 144 int _style, 145 char **_resp, 146 const char *_fmt, 147 va_list _ap) 148 OPENPAM_FORMAT ((__printf__, 4, 0)) 149 OPENPAM_NONNULL((1,4)); 150 151 /* 152 * Read cooked lines. 153 * Checking for _IOFBF is a fairly reliable way to detect the presence 154 * of <stdio.h>, as SUSv3 requires it to be defined there. 155 */ 156 #ifdef _IOFBF 157 char * 158 openpam_readline(FILE *_f, 159 int *_lineno, 160 size_t *_lenp) 161 OPENPAM_NONNULL((1)); 162 163 char ** 164 openpam_readlinev(FILE *_f, 165 int *_lineno, 166 int *_lenp) 167 OPENPAM_NONNULL((1)); 168 169 char * 170 openpam_readword(FILE *_f, 171 int *_lineno, 172 size_t *_lenp) 173 OPENPAM_NONNULL((1)); 174 #endif 175 176 int 177 openpam_straddch(char **_str, 178 size_t *_sizep, 179 size_t *_lenp, 180 int ch) 181 OPENPAM_NONNULL((1)); 182 183 /* 184 * Enable / disable optional features 185 */ 186 enum { 187 OPENPAM_RESTRICT_SERVICE_NAME, 188 OPENPAM_VERIFY_POLICY_FILE, 189 OPENPAM_RESTRICT_MODULE_NAME, 190 OPENPAM_VERIFY_MODULE_FILE, 191 OPENPAM_NUM_FEATURES 192 }; 193 194 int 195 openpam_set_feature(int _feature, int _onoff); 196 197 int 198 openpam_get_feature(int _feature, int *_onoff); 199 200 /* 201 * Log levels 202 */ 203 enum { 204 PAM_LOG_LIBDEBUG = -1, 205 PAM_LOG_DEBUG, 206 PAM_LOG_VERBOSE, 207 PAM_LOG_NOTICE, 208 PAM_LOG_ERROR 209 }; 210 211 /* 212 * Log to syslog 213 */ 214 void 215 _openpam_log(int _level, 216 const char *_func, 217 const char *_fmt, 218 ...) 219 OPENPAM_FORMAT ((__printf__, 3, 4)) 220 OPENPAM_NONNULL((3)); 221 222 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 223 #define openpam_log(lvl, ...) \ 224 _openpam_log((lvl), __func__, __VA_ARGS__) 225 #elif defined(__GNUC__) && (__GNUC__ >= 3) 226 #define openpam_log(lvl, ...) \ 227 _openpam_log((lvl), __func__, __VA_ARGS__) 228 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 229 #define openpam_log(lvl, fmt...) \ 230 _openpam_log((lvl), __func__, ##fmt) 231 #elif defined(__GNUC__) && defined(__func__) 232 #define openpam_log(lvl, fmt...) \ 233 _openpam_log((lvl), __func__, ##fmt) 234 #else 235 void 236 openpam_log(int _level, 237 const char *_format, 238 ...) 239 OPENPAM_FORMAT ((__printf__, 2, 3)) 240 OPENPAM_NONNULL((2)); 241 #endif 242 243 /* 244 * Generic conversation function 245 */ 246 struct pam_message; 247 struct pam_response; 248 int openpam_ttyconv(int _n, 249 const struct pam_message **_msg, 250 struct pam_response **_resp, 251 void *_data); 252 253 extern int openpam_ttyconv_timeout; 254 255 /* 256 * Null conversation function 257 */ 258 int openpam_nullconv(int _n, 259 const struct pam_message **_msg, 260 struct pam_response **_resp, 261 void *_data); 262 263 /* 264 * PAM primitives 265 */ 266 enum { 267 PAM_SM_AUTHENTICATE, 268 PAM_SM_SETCRED, 269 PAM_SM_ACCT_MGMT, 270 PAM_SM_OPEN_SESSION, 271 PAM_SM_CLOSE_SESSION, 272 PAM_SM_CHAUTHTOK, 273 /* keep this last */ 274 PAM_NUM_PRIMITIVES 275 }; 276 277 /* 278 * Dummy service module function 279 */ 280 #define PAM_SM_DUMMY(type) \ 281 PAM_EXTERN int \ 282 pam_sm_##type(pam_handle_t *pamh, int flags, \ 283 int argc, const char *argv[]) \ 284 { \ 285 \ 286 (void)pamh; \ 287 (void)flags; \ 288 (void)argc; \ 289 (void)argv; \ 290 return (PAM_IGNORE); \ 291 } 292 293 /* 294 * PAM service module functions match this typedef 295 */ 296 struct pam_handle; 297 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 298 299 /* 300 * A struct that describes a module. 301 */ 302 typedef struct pam_module pam_module_t; 303 struct pam_module { 304 char *path; 305 pam_func_t func[PAM_NUM_PRIMITIVES]; 306 void *dlh; 307 }; 308 309 /* 310 * Source-code compatibility with Linux-PAM modules 311 */ 312 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 313 defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 314 # define LINUX_PAM_MODULE 315 #endif 316 317 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 318 # define _PAM_SM_AUTHENTICATE 0 319 # define _PAM_SM_SETCRED 0 320 #else 321 # undef PAM_SM_AUTH 322 # define PAM_SM_AUTH 323 # define _PAM_SM_AUTHENTICATE pam_sm_authenticate 324 # define _PAM_SM_SETCRED pam_sm_setcred 325 #endif 326 327 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 328 # define _PAM_SM_ACCT_MGMT 0 329 #else 330 # undef PAM_SM_ACCOUNT 331 # define PAM_SM_ACCOUNT 332 # define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 333 #endif 334 335 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 336 # define _PAM_SM_OPEN_SESSION 0 337 # define _PAM_SM_CLOSE_SESSION 0 338 #else 339 # undef PAM_SM_SESSION 340 # define PAM_SM_SESSION 341 # define _PAM_SM_OPEN_SESSION pam_sm_open_session 342 # define _PAM_SM_CLOSE_SESSION pam_sm_close_session 343 #endif 344 345 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 346 # define _PAM_SM_CHAUTHTOK 0 347 #else 348 # undef PAM_SM_PASSWORD 349 # define PAM_SM_PASSWORD 350 # define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 351 #endif 352 353 /* 354 * Infrastructure for static modules using GCC linker sets. 355 * You are not expected to understand this. 356 */ 357 #if !defined(PAM_SOEXT) 358 # define PAM_SOEXT ".so" 359 #endif 360 361 #if (defined(__GNUC__) || defined(__PCC__)) && !defined(NO_STATIC_MODULES) 362 # include <sys/cdefs.h> 363 # ifdef __FreeBSD__ 364 # include <linker_set.h> 365 # endif 366 # ifdef __NetBSD__ 367 # define DATA_SET(a, b) __link_set_add_data(a, b) 368 # define SET_DECLARE(a, b) __link_set_decl(a, b) 369 # define SET_FOREACH(a, b) __link_set_foreach(a, b) 370 # endif 371 # define OPENPAM_STATIC_MODULES 372 # define PAM_EXTERN static 373 # define PAM_MODULE_ENTRY(name) \ 374 static char _pam_name[] = name PAM_SOEXT; \ 375 static struct pam_module _pam_module = { \ 376 .path = _pam_name, \ 377 .func = { \ 378 [PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE, \ 379 [PAM_SM_SETCRED] = _PAM_SM_SETCRED, \ 380 [PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT, \ 381 [PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION, \ 382 [PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \ 383 [PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK \ 384 }, \ 385 }; \ 386 DATA_SET(openpam_static_modules, _pam_module) 387 #else 388 /* normal case */ 389 # define PAM_EXTERN 390 # define PAM_MODULE_ENTRY(name) 391 #endif 392 393 #ifdef __cplusplus 394 } 395 #endif 396 397 #endif /* !SECURITY_OPENPAM_H_INCLUDED */ 398
Indexes created Fri Jun 26 00:24:39 UTC 2026