1 /* 2 * Portability wrapper around PAM header files. 3 * 4 * This header file includes the various PAM headers, wherever they may be 5 * found on the system, and defines replacements for PAM functions that may 6 * not be available on the local system. 7 * 8 * The canonical version of this file is maintained in the rra-c-util package, 9 * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>. 10 * 11 * Written by Russ Allbery <eagle@eyrie.org> 12 * Copyright 2015, 2020 Russ Allbery <eagle@eyrie.org> 13 * Copyright 2010-2011, 2014 14 * The Board of Trustees of the Leland Stanford Junior University 15 * 16 * Copying and distribution of this file, with or without modification, are 17 * permitted in any medium without royalty provided the copyright notice and 18 * this notice are preserved. This file is offered as-is, without any 19 * warranty. 20 * 21 * SPDX-License-Identifier: FSFAP 22 */ 23 24 #ifndef PORTABLE_PAM_H 25 #define PORTABLE_PAM_H 1 26 27 #include <config.h> 28 #include <portable/macros.h> 29 30 /* Linux PAM 1.1.0 requires sys/types.h before security/pam_modutil.h. */ 31 #include <sys/types.h> 32 33 #ifndef HAVE_PAM_MODUTIL_GETPWNAM 34 # include <pwd.h> 35 #endif 36 #if defined(HAVE_SECURITY_PAM_APPL_H) 37 # include <security/pam_appl.h> 38 # include <security/pam_modules.h> 39 #elif defined(HAVE_PAM_PAM_APPL_H) 40 # include <pam/pam_appl.h> 41 # include <pam/pam_modules.h> 42 #endif 43 #if defined(HAVE_SECURITY_PAM_EXT_H) 44 # include <security/pam_ext.h> 45 #elif defined(HAVE_PAM_PAM_EXT_H) 46 # include <pam/pam_ext.h> 47 #endif 48 #if defined(HAVE_SECURITY_PAM_MODUTIL_H) 49 # include <security/pam_modutil.h> 50 #elif defined(HAVE_PAM_PAM_MODUTIL_H) 51 # include <pam/pam_modutil.h> 52 #endif 53 #include <stdarg.h> 54 55 /* Solaris doesn't have these. */ 56 #ifndef PAM_CONV_AGAIN 57 # define PAM_CONV_AGAIN 0 58 # define PAM_INCOMPLETE PAM_SERVICE_ERR 59 #endif 60 61 /* Solaris 8 has deficient PAM. */ 62 #ifndef PAM_AUTHTOK_RECOVER_ERR 63 # define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_ERR 64 #endif 65 66 /* 67 * Mac OS X 10 doesn't define these. They're meant to be logically or'd with 68 * an exit status in pam_set_data, so define them to 0 if not defined to 69 * deactivate them. 70 */ 71 #ifndef PAM_DATA_REPLACE 72 # define PAM_DATA_REPLACE 0 73 #endif 74 #ifndef PAM_DATA_SILENT 75 # define PAM_DATA_SILENT 0 76 #endif 77 78 /* 79 * Mac OS X 10 apparently doesn't use PAM_BAD_ITEM and returns PAM_SYMBOL_ERR 80 * instead. 81 */ 82 #ifndef PAM_BAD_ITEM 83 # define PAM_BAD_ITEM PAM_SYMBOL_ERR 84 #endif 85 86 /* We use this as a limit on password length, so make sure it's defined. */ 87 #ifndef PAM_MAX_RESP_SIZE 88 # define PAM_MAX_RESP_SIZE 512 89 #endif 90 91 /* 92 * Some PAM implementations support building the module static and exporting 93 * the call points via a struct instead. (This is the default in OpenPAM, for 94 * example.) To support this, the pam_sm_* functions are declared PAM_EXTERN. 95 * Ensure that's defined for implementations that don't have this. 96 */ 97 #ifndef PAM_EXTERN 98 # define PAM_EXTERN 99 #endif 100 101 BEGIN_DECLS 102 103 /* Default to a hidden visibility for all portability functions. */ 104 #pragma GCC visibility push(hidden) 105 106 /* 107 * If pam_modutil_getpwnam is missing, ideally we should roll our own using 108 * getpwnam_r. However, this is a fair bit of work, since we have to stash 109 * the allocated memory in the PAM data so that it will be freed properly. 110 * Bail for right now. 111 */ 112 #if !HAVE_PAM_MODUTIL_GETPWNAM 113 # define pam_modutil_getpwnam(h, u) getpwnam(u) 114 #endif 115 116 /* Prototype missing optional PAM functions. */ 117 #if !HAVE_PAM_SYSLOG 118 void pam_syslog(const pam_handle_t *, int, const char *, ...); 119 #endif 120 #if !HAVE_PAM_VSYSLOG 121 void pam_vsyslog(const pam_handle_t *, int, const char *, va_list); 122 #endif 123 124 /* Undo default visibility change. */ 125 #pragma GCC visibility pop 126 127 END_DECLS 128 129 #endif /* !PORTABLE_PAM_H */ 130