1 /* 2 * PAM-PKCS11 mapping modules 3 * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es> 4 * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net> 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 * 20 * $Id$ 21 */ 22 23 #ifndef __MAPPER_H_ 24 #define __MAPPER_H_ 25 26 #ifdef HAVE_CONFIG_H 27 #include <config.h> 28 #endif 29 30 #include <sys/types.h> 31 #include <stdlib.h> 32 #include <string.h> 33 #include <pwd.h> 34 #include <../common/cert_st.h> 35 #include "../scconf/scconf.h" 36 37 /** 38 * Structure to be filled on mapper module initialization 39 */ 40 typedef struct mapper_module_st { 41 /** mapper name */ 42 const char *name; 43 /** mapper configuration block */ 44 scconf_block *block; 45 /** debug level to set before call entry points */ 46 int dbg_level; 47 /** pointer to mapper local data */ 48 void *context; 49 /** cert. entries enumerator */ 50 char **(*entries)(X509 *x509, void *context); 51 /** cert. login finder */ 52 char *(*finder)(X509 *x509, void *context, int *match); 53 /** cert-to-login matcher*/ 54 int (*matcher)(X509 *x509, const char *login, void *context); 55 /** module de-initialization */ 56 void (*deinit)( void *context); 57 } mapper_module; 58 59 /** 60 * This struct is used in processing map files 61 * a map file is a list of "key" " -> " "value" text lines 62 */ 63 struct mapfile { 64 /** URL of mapfile */ 65 const char *uri; 66 /** buffer to content of mapfile */ 67 char *buffer; 68 /** lenght of buffer */ 69 size_t length; 70 /** pointer to last readed entry in buffer */ 71 char *pt; 72 /** key entry in current buffer */ 73 char *key; 74 /** value assigned to key */ 75 char *value; 76 }; 77 78 /* ------------------------------------------------------- */ 79 80 /** 81 * Initialize module and mapper_module_st structure 82 * 83 * EVERY mapper module MUST provide and export this function if dinamycally linked 84 *@param ctx Pointer to related configuration file context 85 *@param mapper_name Name of this mapper. Used for multi-mapper modules 86 *@return Pointer to a mapper_module structure, or NULL if failed 87 */ 88 mapper_module * mapper_module_init(scconf_block *ctx,const char *mapper_name); 89 90 /* ------------------------------------------------------- */ 91 92 /* 93 * mapper.c prototype functions 94 */ 95 #ifndef __MAPPER_C_ 96 #define MAPPER_EXTERN extern 97 #else 98 #define MAPPER_EXTERN 99 #endif 100 101 /* mapfile related functions */ 102 103 /** 104 * Initialize a mapper entry table 105 *@param uri Universal Resource Locator of the file to be mapped 106 *@return A mapfile structure pointer or NULL 107 */ 108 MAPPER_EXTERN struct mapfile *set_mapent(const char *uri); 109 110 /** 111 * Retrieve next entry of given map file 112 *@param mfile Map file entry pointer 113 *@return 1 on sucess, 0 on no more entries, -1 on error 114 */ 115 MAPPER_EXTERN int get_mapent(struct mapfile *mfile); 116 117 /** 118 * Release a mapentry structure 119 *@param mfile Map file structure to be released 120 */ 121 MAPPER_EXTERN void end_mapent(struct mapfile *mfile); 122 123 /** 124 * Try to map "key" to provided mapfile 125 *@param file URL of map file 126 *@param key String to be mapped 127 *@param ignorecase Flag to indicate upper/lowercase ignore in string compare 128 *@param match Set to 1 for mapped string return, unmodified for key return 129 *@return key on no match, else a clone_str()'d of found mapping 130 */ 131 MAPPER_EXTERN char *mapfile_find(const char *file,char *key,int ignorecase,int *match); 132 133 /** 134 * Try to match provided key to provided name by mean of a mapfile 135 *@param file URL of map file 136 *@param key String to be mapped 137 *@param value String to be matched against mapped result 138 *@param ignorecase Flag to indicate upper/lowercase ignore in string compare 139 *@return 1 on match, 0 on no match, -1 on process error 140 */ 141 MAPPER_EXTERN int mapfile_match(const char *file,char *key,const char *value,int ignorecase); 142 143 /* pwent related functions */ 144 145 /** 146 * find the user login that matches pw_name or pw_gecos with provided item 147 *@param item Data to be searched from password database 148 *@param ignorecase Flag to check upper/lowercase in string comparisions 149 *@return userlogin if match found, else NULL 150 */ 151 MAPPER_EXTERN char *search_pw_entry(const char *item, int ignorecase); 152 153 /** 154 * Test if provided item matches pw_name or pw_gecos of provided password structure 155 *@param item String to be compared 156 *@param pw password entry to search into 157 *@param ignorecase Flag to check upper/lowercase in string comparisions 158 *@return 1 on match, 0 on no match, -1 on error 159 */ 160 MAPPER_EXTERN int compare_pw_entry(const char *item, struct passwd *pw,int ignorecase); 161 162 #undef MAPPER_EXTERN 163 164 /* ------------------------------------------------------- */ 165 166 /** 167 * Default macro for locate certificate entry 168 * 169 * Provided as sample for debugging, not for real user 170 *@param x509 X509 Certificate 171 *@param context Mapper context 172 *@return String array with up to 15 results or NULL if fail 173 */ 174 #define _DEFAULT_MAPPER_FIND_ENTRIES \ 175 static char ** mapper_find_entries(X509 *x509, void *context) { \ 176 return NULL; \ 177 } 178 179 /** 180 * Default macro for locating user 181 * 182 * Should not be used except for debugging, as always returns "nobody" 183 *@param x509 X509 Certificate 184 *@param context Mapper context 185 *@return Found user, or NULL 186 */ 187 #define _DEFAULT_MAPPER_FIND_USER \ 188 static char * mapper_find_user(X509 *x509,void *context,int *match) { \ 189 if ( !x509 ) return NULL; \ 190 *match = 1; \ 191 return "nobody"; \ 192 } 193 194 /** 195 * Macro for match mapper function 196 * 197 *@param x509 X509 Certificate 198 *@param login user to match, or null to find user that matches certificate 199 *@param context Mapper context 200 *@return 1 on success; login points to matched user 201 * 0 on no match 202 * -1 on error 203 */ 204 #define _DEFAULT_MAPPER_MATCH_USER \ 205 static int mapper_match_user(X509 *x509, const char *login, void *context) { \ 206 int match = 0; \ 207 char *username= mapper_find_user(x509,context,&match); \ 208 if (!x509) return -1; \ 209 if (!login) return -1; \ 210 if (!username) return 0; /*user not found*/ \ 211 if ( ! strcmp(login,username) ) return 1; /* match user */ \ 212 return 0; /* no match */ \ 213 } 214 215 /** 216 * Macro for de-initialization routine 217 *@param context Mapper context 218 */ 219 #define _DEFAULT_MAPPER_END \ 220 static void mapper_module_end(void *context) { \ 221 free(context); \ 222 return; \ 223 } \ 224 225 /** 226 * Macro for default init function 227 *@param blk Mapper Configuration file block 228 *@param name Name of this mapper 229 *@return pointer to mapper_module data, else NULL 230 * NOTE: mapper module data MUST BE defined in module 231 */ 232 #define _DEFAULT_MAPPER_INIT \ 233 mapper_module* mapper_module_init(scconf_block *blk,const char *name) { \ 234 mapper_module *pt= malloc(sizeof (mapper_module)); \ 235 if (!pt) return NULL; \ 236 pt->name = name; \ 237 pt->context = NULL; \ 238 pt->block = blk; \ 239 pt->dbg_level = get_debug_level(); \ 240 pt->entries = mapper_find_entries; \ 241 pt->finder = mapper_find_user; \ 242 pt->matcher = mapper_match_user; \ 243 pt->deinit = mapper_module_end; \ 244 return pt; \ 245 } \ 246 247 /* end of mapper.h file */ 248 #endif 249