1 /*- 2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by ThinkSec AS and 6 * Network Associates Laboratories, the Security Research Division of 7 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 8 * ("CBOSS"), as part of the DARPA CHATS research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote 19 * products derived from this software without specific prior written 20 * permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $P4: //depot/projects/openpam/include/security/openpam.h#24 $ 35 */ 36 37 #ifndef _SECURITY_OPENPAM_H_INCLUDED 38 #define _SECURITY_OPENPAM_H_INCLUDED 39 40 /* 41 * Annoying but necessary header pollution 42 */ 43 #include <stdarg.h> 44 45 #ifdef __cplusplus 46 extern "C" { 47 #endif 48 49 struct passwd; 50 51 /* 52 * API extensions 53 */ 54 int 55 openpam_borrow_cred(pam_handle_t *_pamh, 56 const struct passwd *_pwd); 57 58 void 59 openpam_free_data(pam_handle_t *_pamh, 60 void *_data, 61 int _status); 62 63 const char * 64 openpam_get_option(pam_handle_t *_pamh, 65 const char *_option); 66 67 int 68 openpam_restore_cred(pam_handle_t *_pamh); 69 70 int 71 openpam_set_option(pam_handle_t *_pamh, 72 const char *_option, 73 const char *_value); 74 75 int 76 pam_error(pam_handle_t *_pamh, 77 const char *_fmt, 78 ...); 79 80 int 81 pam_get_authtok(pam_handle_t *_pamh, 82 int _item, 83 const char **_authtok, 84 const char *_prompt); 85 86 int 87 pam_info(pam_handle_t *_pamh, 88 const char *_fmt, 89 ...); 90 91 int 92 pam_prompt(pam_handle_t *_pamh, 93 int _style, 94 char **_resp, 95 const char *_fmt, 96 ...); 97 98 int 99 pam_setenv(pam_handle_t *_pamh, 100 const char *_name, 101 const char *_value, 102 int _overwrite); 103 104 int 105 pam_vinfo(pam_handle_t *_pamh, 106 const char *_fmt, 107 va_list _ap); 108 109 int 110 pam_verror(pam_handle_t *_pamh, 111 const char *_fmt, 112 va_list _ap); 113 114 int 115 pam_vprompt(pam_handle_t *_pamh, 116 int _style, 117 char **_resp, 118 const char *_fmt, 119 va_list _ap); 120 121 /* 122 * Read cooked lines. 123 * Checking for FOPEN_MAX is a fairly reliable way to detect the presence 124 * of <stdio.h> 125 */ 126 #ifdef FOPEN_MAX 127 char * 128 openpam_readline(FILE *_f, 129 int *_lineno, 130 size_t *_lenp); 131 #endif 132 133 /* 134 * Log levels 135 */ 136 enum { 137 PAM_LOG_DEBUG, 138 PAM_LOG_VERBOSE, 139 PAM_LOG_NOTICE, 140 PAM_LOG_ERROR 141 }; 142 143 /* 144 * Log to syslog 145 */ 146 void 147 _openpam_log(int _level, 148 const char *_func, 149 const char *_fmt, 150 ...); 151 152 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 153 #define openpam_log(lvl, ...) \ 154 _openpam_log((lvl), __func__, __VA_ARGS__) 155 #elif defined(__GNUC__) && (__GNUC__ >= 3) 156 #define openpam_log(lvl, ...) \ 157 _openpam_log((lvl), __func__, __VA_ARGS__) 158 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 159 #define openpam_log(lvl, fmt...) \ 160 _openpam_log((lvl), __func__, ##fmt) 161 #elif defined(__GNUC__) && defined(__FUNCTION__) 162 #define openpam_log(lvl, fmt...) \ 163 _openpam_log((lvl), __FUNCTION__, ##fmt) 164 #else 165 void 166 openpam_log(int _level, 167 const char *_format, 168 ...); 169 #endif 170 171 /* 172 * Generic conversation function 173 */ 174 struct pam_message; 175 struct pam_response; 176 int openpam_ttyconv(int _n, 177 const struct pam_message **_msg, 178 struct pam_response **_resp, 179 void *_data); 180 181 /* 182 * Null conversation function 183 */ 184 int openpam_nullconv(int _n, 185 const struct pam_message **_msg, 186 struct pam_response **_resp, 187 void *_data); 188 189 /* 190 * PAM primitives 191 */ 192 enum { 193 PAM_SM_AUTHENTICATE, 194 PAM_SM_SETCRED, 195 PAM_SM_ACCT_MGMT, 196 PAM_SM_OPEN_SESSION, 197 PAM_SM_CLOSE_SESSION, 198 PAM_SM_CHAUTHTOK, 199 /* keep this last */ 200 PAM_NUM_PRIMITIVES 201 }; 202 203 /* 204 * Dummy service module function 205 */ 206 #define PAM_SM_DUMMY(type) \ 207 PAM_EXTERN int \ 208 pam_sm_##type(pam_handle_t *pamh, int flags, \ 209 int argc, const char *argv[]) \ 210 { \ 211 return (PAM_IGNORE); \ 212 } 213 214 /* 215 * PAM service module functions match this typedef 216 */ 217 struct pam_handle; 218 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 219 220 /* 221 * A struct that describes a module. 222 */ 223 typedef struct pam_module pam_module_t; 224 struct pam_module { 225 char *path; 226 pam_func_t func[PAM_NUM_PRIMITIVES]; 227 void *dlh; 228 int refcount; 229 pam_module_t *prev; 230 pam_module_t *next; 231 }; 232 233 /* 234 * Source-code compatibility with Linux-PAM modules 235 */ 236 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 237 defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 238 #define LINUX_PAM_MODULE 239 #endif 240 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 241 #define _PAM_SM_AUTHENTICATE 0 242 #define _PAM_SM_SETCRED 0 243 #else 244 #undef PAM_SM_AUTH 245 #define PAM_SM_AUTH 246 #define _PAM_SM_AUTHENTICATE pam_sm_authenticate 247 #define _PAM_SM_SETCRED pam_sm_setcred 248 #endif 249 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 250 #define _PAM_SM_ACCT_MGMT 0 251 #else 252 #undef PAM_SM_ACCOUNT 253 #define PAM_SM_ACCOUNT 254 #define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 255 #endif 256 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 257 #define _PAM_SM_OPEN_SESSION 0 258 #define _PAM_SM_CLOSE_SESSION 0 259 #else 260 #undef PAM_SM_SESSION 261 #define PAM_SM_SESSION 262 #define _PAM_SM_OPEN_SESSION pam_sm_open_session 263 #define _PAM_SM_CLOSE_SESSION pam_sm_close_session 264 #endif 265 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 266 #define _PAM_SM_CHAUTHTOK 0 267 #else 268 #undef PAM_SM_PASSWORD 269 #define PAM_SM_PASSWORD 270 #define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 271 #endif 272 273 /* 274 * Infrastructure for static modules using GCC linker sets. 275 * You are not expected to understand this. 276 */ 277 #if defined(__FreeBSD__) 278 #define PAM_SOEXT ".so" 279 #else 280 #ifndef NO_STATIC_MODULES 281 #define NO_STATIC_MODULES 282 #endif 283 #endif 284 #if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) 285 /* gcc, static linking */ 286 #include <sys/cdefs.h> 287 #include <linker_set.h> 288 #define OPENPAM_STATIC_MODULES 289 #define PAM_EXTERN static 290 #define PAM_MODULE_ENTRY(name) \ 291 static char _pam_name[] = name PAM_SOEXT; \ 292 static struct pam_module _pam_module = { _pam_name, { \ 293 _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \ 294 _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \ 295 NULL, 0, NULL, NULL }; \ 296 DATA_SET(_openpam_static_modules, _pam_module) 297 #else 298 /* normal case */ 299 #define PAM_EXTERN 300 #define PAM_MODULE_ENTRY(name) 301 #endif 302 303 #ifdef __cplusplus 304 } 305 #endif 306 307 #endif 308