1 /*- 2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by ThinkSec AS and 6 * Network Associates Laboratories, the Security Research Division of 7 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 8 * ("CBOSS"), as part of the DARPA CHATS research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote 19 * products derived from this software without specific prior written 20 * permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * $P4: //depot/projects/openpam/include/security/openpam.h#26 $ 35 */ 36 37 #ifndef _SECURITY_OPENPAM_H_INCLUDED 38 #define _SECURITY_OPENPAM_H_INCLUDED 39 40 /* 41 * Annoying but necessary header pollution 42 */ 43 #include <stdarg.h> 44 45 #ifdef __cplusplus 46 extern "C" { 47 #endif 48 49 struct passwd; 50 51 /* 52 * API extensions 53 */ 54 int 55 openpam_borrow_cred(pam_handle_t *_pamh, 56 const struct passwd *_pwd); 57 58 void 59 openpam_free_data(pam_handle_t *_pamh, 60 void *_data, 61 int _status); 62 63 const char * 64 openpam_get_option(pam_handle_t *_pamh, 65 const char *_option); 66 67 int 68 openpam_restore_cred(pam_handle_t *_pamh); 69 70 int 71 openpam_set_option(pam_handle_t *_pamh, 72 const char *_option, 73 const char *_value); 74 75 int 76 pam_error(pam_handle_t *_pamh, 77 const char *_fmt, 78 ...); 79 80 int 81 pam_get_authtok(pam_handle_t *_pamh, 82 int _item, 83 const char **_authtok, 84 const char *_prompt); 85 86 int 87 pam_info(pam_handle_t *_pamh, 88 const char *_fmt, 89 ...); 90 91 int 92 pam_prompt(pam_handle_t *_pamh, 93 int _style, 94 char **_resp, 95 const char *_fmt, 96 ...); 97 98 int 99 pam_setenv(pam_handle_t *_pamh, 100 const char *_name, 101 const char *_value, 102 int _overwrite); 103 104 int 105 pam_vinfo(pam_handle_t *_pamh, 106 const char *_fmt, 107 va_list _ap); 108 109 int 110 pam_verror(pam_handle_t *_pamh, 111 const char *_fmt, 112 va_list _ap); 113 114 int 115 pam_vprompt(pam_handle_t *_pamh, 116 int _style, 117 char **_resp, 118 const char *_fmt, 119 va_list _ap); 120 121 /* 122 * Read cooked lines. 123 * Checking for _IOFBF is a fairly reliable way to detect the presence 124 * of <stdio.h>, as SUSv3 requires it to be defined there. 125 */ 126 #ifdef _IOFBF 127 char * 128 openpam_readline(FILE *_f, 129 int *_lineno, 130 size_t *_lenp); 131 #endif 132 133 /* 134 * Log levels 135 */ 136 enum { 137 PAM_LOG_DEBUG, 138 PAM_LOG_VERBOSE, 139 PAM_LOG_NOTICE, 140 PAM_LOG_ERROR 141 }; 142 143 /* 144 * Log to syslog 145 */ 146 void 147 _openpam_log(int _level, 148 const char *_func, 149 const char *_fmt, 150 ...); 151 152 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 153 #define openpam_log(lvl, ...) \ 154 _openpam_log((lvl), __func__, __VA_ARGS__) 155 #elif defined(__GNUC__) && (__GNUC__ >= 3) 156 #define openpam_log(lvl, ...) \ 157 _openpam_log((lvl), __func__, __VA_ARGS__) 158 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 159 #define openpam_log(lvl, fmt...) \ 160 _openpam_log((lvl), __func__, ##fmt) 161 #elif defined(__GNUC__) && defined(__FUNCTION__) 162 #define openpam_log(lvl, fmt...) \ 163 _openpam_log((lvl), __FUNCTION__, ##fmt) 164 #else 165 void 166 openpam_log(int _level, 167 const char *_format, 168 ...); 169 #endif 170 171 /* 172 * Generic conversation function 173 */ 174 struct pam_message; 175 struct pam_response; 176 int openpam_ttyconv(int _n, 177 const struct pam_message **_msg, 178 struct pam_response **_resp, 179 void *_data); 180 181 extern int openpam_ttyconv_timeout; 182 183 /* 184 * Null conversation function 185 */ 186 int openpam_nullconv(int _n, 187 const struct pam_message **_msg, 188 struct pam_response **_resp, 189 void *_data); 190 191 /* 192 * PAM primitives 193 */ 194 enum { 195 PAM_SM_AUTHENTICATE, 196 PAM_SM_SETCRED, 197 PAM_SM_ACCT_MGMT, 198 PAM_SM_OPEN_SESSION, 199 PAM_SM_CLOSE_SESSION, 200 PAM_SM_CHAUTHTOK, 201 /* keep this last */ 202 PAM_NUM_PRIMITIVES 203 }; 204 205 /* 206 * Dummy service module function 207 */ 208 #define PAM_SM_DUMMY(type) \ 209 PAM_EXTERN int \ 210 pam_sm_##type(pam_handle_t *pamh, int flags, \ 211 int argc, const char *argv[]) \ 212 { \ 213 return (PAM_IGNORE); \ 214 } 215 216 /* 217 * PAM service module functions match this typedef 218 */ 219 struct pam_handle; 220 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 221 222 /* 223 * A struct that describes a module. 224 */ 225 typedef struct pam_module pam_module_t; 226 struct pam_module { 227 char *path; 228 pam_func_t func[PAM_NUM_PRIMITIVES]; 229 void *dlh; 230 int refcount; 231 pam_module_t *prev; 232 pam_module_t *next; 233 }; 234 235 /* 236 * Source-code compatibility with Linux-PAM modules 237 */ 238 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 239 defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 240 #define LINUX_PAM_MODULE 241 #endif 242 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 243 #define _PAM_SM_AUTHENTICATE 0 244 #define _PAM_SM_SETCRED 0 245 #else 246 #undef PAM_SM_AUTH 247 #define PAM_SM_AUTH 248 #define _PAM_SM_AUTHENTICATE pam_sm_authenticate 249 #define _PAM_SM_SETCRED pam_sm_setcred 250 #endif 251 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 252 #define _PAM_SM_ACCT_MGMT 0 253 #else 254 #undef PAM_SM_ACCOUNT 255 #define PAM_SM_ACCOUNT 256 #define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 257 #endif 258 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 259 #define _PAM_SM_OPEN_SESSION 0 260 #define _PAM_SM_CLOSE_SESSION 0 261 #else 262 #undef PAM_SM_SESSION 263 #define PAM_SM_SESSION 264 #define _PAM_SM_OPEN_SESSION pam_sm_open_session 265 #define _PAM_SM_CLOSE_SESSION pam_sm_close_session 266 #endif 267 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 268 #define _PAM_SM_CHAUTHTOK 0 269 #else 270 #undef PAM_SM_PASSWORD 271 #define PAM_SM_PASSWORD 272 #define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 273 #endif 274 275 /* 276 * Infrastructure for static modules using GCC linker sets. 277 * You are not expected to understand this. 278 */ 279 #if defined(__FreeBSD__) 280 #define PAM_SOEXT ".so" 281 #else 282 #ifndef NO_STATIC_MODULES 283 #define NO_STATIC_MODULES 284 #endif 285 #endif 286 #if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) 287 /* gcc, static linking */ 288 #include <sys/cdefs.h> 289 #include <linker_set.h> 290 #define OPENPAM_STATIC_MODULES 291 #define PAM_EXTERN static 292 #define PAM_MODULE_ENTRY(name) \ 293 static char _pam_name[] = name PAM_SOEXT; \ 294 static struct pam_module _pam_module = { _pam_name, { \ 295 _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \ 296 _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \ 297 NULL, 0, NULL, NULL }; \ 298 DATA_SET(_openpam_static_modules, _pam_module) 299 #else 300 /* normal case */ 301 #define PAM_EXTERN 302 #define PAM_MODULE_ENTRY(name) 303 #endif 304 305 #ifdef __cplusplus 306 } 307 #endif 308 309 #endif 310