1 /*- 2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2004-2007 Dag-Erling Smørgrav 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and 7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The name of the author may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * $Id: openpam.h 408 2007-12-21 11:36:24Z des $ 36 */ 37 38 #ifndef SECURITY_OPENPAM_H_INCLUDED 39 #define SECURITY_OPENPAM_H_INCLUDED 40 41 /* 42 * Annoying but necessary header pollution 43 */ 44 #include <stdarg.h> 45 46 #include <security/openpam_attr.h> 47 48 #ifdef __cplusplus 49 extern "C" { 50 #endif 51 52 struct passwd; 53 54 /* 55 * API extensions 56 */ 57 int 58 openpam_borrow_cred(pam_handle_t *_pamh, 59 const struct passwd *_pwd) 60 OPENPAM_NONNULL((1,2)); 61 62 void 63 openpam_free_data(pam_handle_t *_pamh, 64 void *_data, 65 int _status); 66 67 void 68 openpam_free_envlist(char **_envlist); 69 70 const char * 71 openpam_get_option(pam_handle_t *_pamh, 72 const char *_option); 73 74 int 75 openpam_restore_cred(pam_handle_t *_pamh) 76 OPENPAM_NONNULL((1)); 77 78 int 79 openpam_set_option(pam_handle_t *_pamh, 80 const char *_option, 81 const char *_value); 82 83 int 84 pam_error(const pam_handle_t *_pamh, 85 const char *_fmt, 86 ...) 87 OPENPAM_FORMAT ((__printf__, 2, 3)) 88 OPENPAM_NONNULL((1,2)); 89 90 int 91 pam_get_authtok(pam_handle_t *_pamh, 92 int _item, 93 const char **_authtok, 94 const char *_prompt) 95 OPENPAM_NONNULL((1,3)); 96 97 int 98 pam_info(const pam_handle_t *_pamh, 99 const char *_fmt, 100 ...) 101 OPENPAM_FORMAT ((__printf__, 2, 3)) 102 OPENPAM_NONNULL((1,2)); 103 104 int 105 pam_prompt(const pam_handle_t *_pamh, 106 int _style, 107 char **_resp, 108 const char *_fmt, 109 ...) 110 OPENPAM_FORMAT ((__printf__, 4, 5)) 111 OPENPAM_NONNULL((1,4)); 112 113 int 114 pam_setenv(pam_handle_t *_pamh, 115 const char *_name, 116 const char *_value, 117 int _overwrite) 118 OPENPAM_NONNULL((1,2,3)); 119 120 int 121 pam_vinfo(const pam_handle_t *_pamh, 122 const char *_fmt, 123 va_list _ap) 124 OPENPAM_FORMAT ((__printf__, 2, 0)) 125 OPENPAM_NONNULL((1,2)); 126 127 int 128 pam_verror(const pam_handle_t *_pamh, 129 const char *_fmt, 130 va_list _ap) 131 OPENPAM_FORMAT ((__printf__, 2, 0)) 132 OPENPAM_NONNULL((1,2)); 133 134 int 135 pam_vprompt(const pam_handle_t *_pamh, 136 int _style, 137 char **_resp, 138 const char *_fmt, 139 va_list _ap) 140 OPENPAM_FORMAT ((__printf__, 4, 0)) 141 OPENPAM_NONNULL((1,4)); 142 143 /* 144 * Read cooked lines. 145 * Checking for _IOFBF is a fairly reliable way to detect the presence 146 * of <stdio.h>, as SUSv3 requires it to be defined there. 147 */ 148 #ifdef _IOFBF 149 char * 150 openpam_readline(FILE *_f, 151 int *_lineno, 152 size_t *_lenp) 153 OPENPAM_NONNULL((1)); 154 #endif 155 156 /* 157 * Log levels 158 */ 159 enum { 160 PAM_LOG_DEBUG, 161 PAM_LOG_VERBOSE, 162 PAM_LOG_NOTICE, 163 PAM_LOG_ERROR 164 }; 165 166 /* 167 * Log to syslog 168 */ 169 void 170 _openpam_log(int _level, 171 const char *_func, 172 const char *_fmt, 173 ...) 174 OPENPAM_FORMAT ((__printf__, 3, 4)) 175 OPENPAM_NONNULL((3)); 176 177 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 178 #define openpam_log(lvl, ...) \ 179 _openpam_log((lvl), __func__, __VA_ARGS__) 180 #elif defined(__GNUC__) && (__GNUC__ >= 3) 181 #define openpam_log(lvl, ...) \ 182 _openpam_log((lvl), __func__, __VA_ARGS__) 183 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 184 #define openpam_log(lvl, fmt...) \ 185 _openpam_log((lvl), __func__, ##fmt) 186 #elif defined(__GNUC__) && defined(__FUNCTION__) 187 #define openpam_log(lvl, fmt...) \ 188 _openpam_log((lvl), __FUNCTION__, ##fmt) 189 #else 190 void 191 openpam_log(int _level, 192 const char *_format, 193 ...) 194 OPENPAM_FORMAT ((__printf__, 2, 3)) 195 OPENPAM_NONNULL((2)); 196 #endif 197 198 /* 199 * Generic conversation function 200 */ 201 struct pam_message; 202 struct pam_response; 203 int openpam_ttyconv(int _n, 204 const struct pam_message **_msg, 205 struct pam_response **_resp, 206 void *_data); 207 208 extern int openpam_ttyconv_timeout; 209 210 /* 211 * Null conversation function 212 */ 213 int openpam_nullconv(int _n, 214 const struct pam_message **_msg, 215 struct pam_response **_resp, 216 void *_data); 217 218 /* 219 * PAM primitives 220 */ 221 enum { 222 PAM_SM_AUTHENTICATE, 223 PAM_SM_SETCRED, 224 PAM_SM_ACCT_MGMT, 225 PAM_SM_OPEN_SESSION, 226 PAM_SM_CLOSE_SESSION, 227 PAM_SM_CHAUTHTOK, 228 /* keep this last */ 229 PAM_NUM_PRIMITIVES 230 }; 231 232 /* 233 * Dummy service module function 234 */ 235 #define PAM_SM_DUMMY(type) \ 236 PAM_EXTERN int \ 237 pam_sm_##type(pam_handle_t *pamh, int flags, \ 238 int argc, const char *argv[]) \ 239 { \ 240 \ 241 (void)pamh; \ 242 (void)flags; \ 243 (void)argc; \ 244 (void)argv; \ 245 return (PAM_IGNORE); \ 246 } 247 248 /* 249 * PAM service module functions match this typedef 250 */ 251 struct pam_handle; 252 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 253 254 /* 255 * A struct that describes a module. 256 */ 257 typedef struct pam_module pam_module_t; 258 struct pam_module { 259 char *path; 260 pam_func_t func[PAM_NUM_PRIMITIVES]; 261 void *dlh; 262 }; 263 264 /* 265 * Source-code compatibility with Linux-PAM modules 266 */ 267 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 268 defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 269 # define LINUX_PAM_MODULE 270 #endif 271 272 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 273 # define _PAM_SM_AUTHENTICATE 0 274 # define _PAM_SM_SETCRED 0 275 #else 276 # undef PAM_SM_AUTH 277 # define PAM_SM_AUTH 278 # define _PAM_SM_AUTHENTICATE pam_sm_authenticate 279 # define _PAM_SM_SETCRED pam_sm_setcred 280 #endif 281 282 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 283 # define _PAM_SM_ACCT_MGMT 0 284 #else 285 # undef PAM_SM_ACCOUNT 286 # define PAM_SM_ACCOUNT 287 # define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 288 #endif 289 290 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 291 # define _PAM_SM_OPEN_SESSION 0 292 # define _PAM_SM_CLOSE_SESSION 0 293 #else 294 # undef PAM_SM_SESSION 295 # define PAM_SM_SESSION 296 # define _PAM_SM_OPEN_SESSION pam_sm_open_session 297 # define _PAM_SM_CLOSE_SESSION pam_sm_close_session 298 #endif 299 300 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 301 # define _PAM_SM_CHAUTHTOK 0 302 #else 303 # undef PAM_SM_PASSWORD 304 # define PAM_SM_PASSWORD 305 # define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 306 #endif 307 308 /* 309 * Infrastructure for static modules using GCC linker sets. 310 * You are not expected to understand this. 311 */ 312 #if defined(__FreeBSD__) 313 # define PAM_SOEXT ".so" 314 #else 315 # undef NO_STATIC_MODULES 316 # define NO_STATIC_MODULES 317 #endif 318 319 #if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) 320 /* gcc, static linking */ 321 # include <sys/cdefs.h> 322 # include <linker_set.h> 323 # define OPENPAM_STATIC_MODULES 324 # define PAM_EXTERN static 325 # define PAM_MODULE_ENTRY(name) \ 326 static char _pam_name[] = name PAM_SOEXT; \ 327 static struct pam_module _pam_module = { \ 328 .path = _pam_name, \ 329 .func = { \ 330 [PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE, \ 331 [PAM_SM_SETCRED] = _PAM_SM_SETCRED, \ 332 [PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT, \ 333 [PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION, \ 334 [PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \ 335 [PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK \ 336 }, \ 337 }; \ 338 DATA_SET(_openpam_static_modules, _pam_module) 339 #else 340 /* normal case */ 341 # define PAM_EXTERN 342 # define PAM_MODULE_ENTRY(name) 343 #endif 344 345 #ifdef __cplusplus 346 } 347 #endif 348 349 #endif /* !SECURITY_OPENPAM_H_INCLUDED */ 350