xref: /freebsd/contrib/openpam/lib/libpam/openpam_impl.h (revision ba3c1f5972d7b90feb6e6da47905ff2757e0fe57) 
1 /*-
2  * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
3  * Copyright (c) 2004-2017 Dag-Erling Smørgrav
4  * All rights reserved.
5  *
6  * This software was developed for the FreeBSD Project by ThinkSec AS and
7  * Network Associates Laboratories, the Security Research Division of
8  * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
9  * ("CBOSS"), as part of the DARPA CHATS research program.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  * 3. The name of the author may not be used to endorse or promote
20  *    products derived from this software without specific prior written
21  *    permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #ifndef OPENPAM_IMPL_H_INCLUDED
37 #define OPENPAM_IMPL_H_INCLUDED
38 
39 #include <security/openpam.h>
40 
41 extern int openpam_debug;
42 
43 /*
44  * Control flags
45  */
46 typedef enum {
47 	PAM_BINDING,
48 	PAM_REQUIRED,
49 	PAM_REQUISITE,
50 	PAM_SUFFICIENT,
51 	PAM_OPTIONAL,
52 	PAM_NUM_CONTROL_FLAGS
53 } pam_control_t;
54 
55 /*
56  * Facilities
57  */
58 typedef enum {
59 	PAM_FACILITY_ANY = -1,
60 	PAM_AUTH = 0,
61 	PAM_ACCOUNT,
62 	PAM_SESSION,
63 	PAM_PASSWORD,
64 	PAM_NUM_FACILITIES
65 } pam_facility_t;
66 
67 /*
68  * Module chains
69  */
70 typedef struct pam_chain pam_chain_t;
71 struct pam_chain {
72 	pam_module_t	*module;
73 	int		 flag;
74 	int		 optc;
75 	char	       **optv;
76 	pam_chain_t	*next;
77 };
78 
79 /*
80  * Service policies
81  */
82 #if defined(OPENPAM_EMBEDDED)
83 typedef struct pam_policy pam_policy_t;
84 struct pam_policy {
85 	const char	*service;
86 	pam_chain_t	*chains[PAM_NUM_FACILITIES];
87 };
88 extern pam_policy_t *pam_embedded_policies[];
89 #endif
90 
91 /*
92  * Module-specific data
93  */
94 typedef struct pam_data pam_data_t;
95 struct pam_data {
96 	char		*name;
97 	void		*data;
98 	void		(*cleanup)(pam_handle_t *, void *, int);
99 	pam_data_t	*next;
100 };
101 
102 /*
103  * PAM context
104  */
105 struct pam_handle {
106 	char		*service;
107 
108 	/* chains */
109 	pam_chain_t	*chains[PAM_NUM_FACILITIES];
110 	pam_chain_t	*current;
111 	int		 primitive;
112 
113 	/* items and data */
114 	void		*item[PAM_NUM_ITEMS];
115 	pam_data_t	*module_data;
116 
117 	/* environment list */
118 	char	       **env;
119 	int		 env_count;
120 	int		 env_size;
121 };
122 
123 /*
124  * Default policy
125  */
126 #define PAM_OTHER	"other"
127 
128 /*
129  * Internal functions
130  */
131 int		 openpam_configure(pam_handle_t *, const char *)
132 	OPENPAM_NONNULL((1));
133 int		 openpam_dispatch(pam_handle_t *, int, int)
134 	OPENPAM_NONNULL((1));
135 int		 openpam_findenv(pam_handle_t *, const char *, size_t)
136 	OPENPAM_NONNULL((1,2));
137 pam_module_t	*openpam_load_module(const char *)
138 	OPENPAM_NONNULL((1));
139 void		 openpam_clear_chains(pam_chain_t **)
140 	OPENPAM_NONNULL((1));
141 
142 int		 openpam_check_desc_owner_perms(const char *, int)
143 	OPENPAM_NONNULL((1));
144 int		 openpam_check_path_owner_perms(const char *)
145 	OPENPAM_NONNULL((1));
146 
147 #ifdef OPENPAM_STATIC_MODULES
148 pam_module_t	*openpam_static(const char *)
149 	OPENPAM_NONNULL((1));
150 #endif
151 pam_module_t	*openpam_dynamic(const char *)
152 	OPENPAM_NONNULL((1));
153 
154 #define	FREE(p)					\
155 	do {					\
156 		free(p);			\
157 		(p) = NULL;			\
158 	} while (0)
159 
160 #define FREEV(c, v)				\
161 	do {					\
162 		if ((v) != NULL) {		\
163 			while ((c)-- > 0)	\
164 				FREE((v)[(c)]);	\
165 			FREE(v);		\
166 		}				\
167 	} while (0)
168 
169 #include "openpam_constants.h"
170 #include "openpam_debug.h"
171 #include "openpam_features.h"
172 
173 #endif
174