1 /*- 2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2004-2011 Dag-Erling Smørgrav 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and 7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The name of the author may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * $Id: openpam.h 455 2011-10-29 18:31:11Z des $ 36 */ 37 38 #ifndef SECURITY_OPENPAM_H_INCLUDED 39 #define SECURITY_OPENPAM_H_INCLUDED 40 41 /* 42 * Annoying but necessary header pollution 43 */ 44 #include <stdarg.h> 45 46 #include <security/openpam_attr.h> 47 48 #ifdef __cplusplus 49 extern "C" { 50 #endif 51 52 struct passwd; 53 54 /* 55 * API extensions 56 */ 57 int 58 openpam_borrow_cred(pam_handle_t *_pamh, 59 const struct passwd *_pwd) 60 OPENPAM_NONNULL((1,2)); 61 62 int 63 openpam_subst(const pam_handle_t *_pamh, 64 char *_buf, 65 size_t *_bufsize, 66 const char *_template); 67 68 void 69 openpam_free_data(pam_handle_t *_pamh, 70 void *_data, 71 int _status); 72 73 void 74 openpam_free_envlist(char **_envlist); 75 76 const char * 77 openpam_get_option(pam_handle_t *_pamh, 78 const char *_option); 79 80 int 81 openpam_restore_cred(pam_handle_t *_pamh) 82 OPENPAM_NONNULL((1)); 83 84 int 85 openpam_set_option(pam_handle_t *_pamh, 86 const char *_option, 87 const char *_value); 88 89 int 90 pam_error(const pam_handle_t *_pamh, 91 const char *_fmt, 92 ...) 93 OPENPAM_FORMAT ((__printf__, 2, 3)) 94 OPENPAM_NONNULL((1,2)); 95 96 int 97 pam_get_authtok(pam_handle_t *_pamh, 98 int _item, 99 const char **_authtok, 100 const char *_prompt) 101 OPENPAM_NONNULL((1,3)); 102 103 int 104 pam_info(const pam_handle_t *_pamh, 105 const char *_fmt, 106 ...) 107 OPENPAM_FORMAT ((__printf__, 2, 3)) 108 OPENPAM_NONNULL((1,2)); 109 110 int 111 pam_prompt(const pam_handle_t *_pamh, 112 int _style, 113 char **_resp, 114 const char *_fmt, 115 ...) 116 OPENPAM_FORMAT ((__printf__, 4, 5)) 117 OPENPAM_NONNULL((1,4)); 118 119 int 120 pam_setenv(pam_handle_t *_pamh, 121 const char *_name, 122 const char *_value, 123 int _overwrite) 124 OPENPAM_NONNULL((1,2,3)); 125 126 int 127 pam_vinfo(const pam_handle_t *_pamh, 128 const char *_fmt, 129 va_list _ap) 130 OPENPAM_FORMAT ((__printf__, 2, 0)) 131 OPENPAM_NONNULL((1,2)); 132 133 int 134 pam_verror(const pam_handle_t *_pamh, 135 const char *_fmt, 136 va_list _ap) 137 OPENPAM_FORMAT ((__printf__, 2, 0)) 138 OPENPAM_NONNULL((1,2)); 139 140 int 141 pam_vprompt(const pam_handle_t *_pamh, 142 int _style, 143 char **_resp, 144 const char *_fmt, 145 va_list _ap) 146 OPENPAM_FORMAT ((__printf__, 4, 0)) 147 OPENPAM_NONNULL((1,4)); 148 149 /* 150 * Read cooked lines. 151 * Checking for _IOFBF is a fairly reliable way to detect the presence 152 * of <stdio.h>, as SUSv3 requires it to be defined there. 153 */ 154 #ifdef _IOFBF 155 char * 156 openpam_readline(FILE *_f, 157 int *_lineno, 158 size_t *_lenp) 159 OPENPAM_NONNULL((1)); 160 #endif 161 162 /* 163 * Log levels 164 */ 165 enum { 166 PAM_LOG_DEBUG, 167 PAM_LOG_VERBOSE, 168 PAM_LOG_NOTICE, 169 PAM_LOG_ERROR 170 }; 171 172 /* 173 * Log to syslog 174 */ 175 void 176 _openpam_log(int _level, 177 const char *_func, 178 const char *_fmt, 179 ...) 180 OPENPAM_FORMAT ((__printf__, 3, 4)) 181 OPENPAM_NONNULL((3)); 182 183 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 184 #define openpam_log(lvl, ...) \ 185 _openpam_log((lvl), __func__, __VA_ARGS__) 186 #elif defined(__GNUC__) && (__GNUC__ >= 3) 187 #define openpam_log(lvl, ...) \ 188 _openpam_log((lvl), __func__, __VA_ARGS__) 189 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 190 #define openpam_log(lvl, fmt...) \ 191 _openpam_log((lvl), __func__, ##fmt) 192 #elif defined(__GNUC__) && defined(__FUNCTION__) 193 #define openpam_log(lvl, fmt...) \ 194 _openpam_log((lvl), __FUNCTION__, ##fmt) 195 #else 196 void 197 openpam_log(int _level, 198 const char *_format, 199 ...) 200 OPENPAM_FORMAT ((__printf__, 2, 3)) 201 OPENPAM_NONNULL((2)); 202 #endif 203 204 /* 205 * Generic conversation function 206 */ 207 struct pam_message; 208 struct pam_response; 209 int openpam_ttyconv(int _n, 210 const struct pam_message **_msg, 211 struct pam_response **_resp, 212 void *_data); 213 214 extern int openpam_ttyconv_timeout; 215 216 /* 217 * Null conversation function 218 */ 219 int openpam_nullconv(int _n, 220 const struct pam_message **_msg, 221 struct pam_response **_resp, 222 void *_data); 223 224 /* 225 * PAM primitives 226 */ 227 enum { 228 PAM_SM_AUTHENTICATE, 229 PAM_SM_SETCRED, 230 PAM_SM_ACCT_MGMT, 231 PAM_SM_OPEN_SESSION, 232 PAM_SM_CLOSE_SESSION, 233 PAM_SM_CHAUTHTOK, 234 /* keep this last */ 235 PAM_NUM_PRIMITIVES 236 }; 237 238 /* 239 * Dummy service module function 240 */ 241 #define PAM_SM_DUMMY(type) \ 242 PAM_EXTERN int \ 243 pam_sm_##type(pam_handle_t *pamh, int flags, \ 244 int argc, const char *argv[]) \ 245 { \ 246 \ 247 (void)pamh; \ 248 (void)flags; \ 249 (void)argc; \ 250 (void)argv; \ 251 return (PAM_IGNORE); \ 252 } 253 254 /* 255 * PAM service module functions match this typedef 256 */ 257 struct pam_handle; 258 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 259 260 /* 261 * A struct that describes a module. 262 */ 263 typedef struct pam_module pam_module_t; 264 struct pam_module { 265 char *path; 266 pam_func_t func[PAM_NUM_PRIMITIVES]; 267 void *dlh; 268 }; 269 270 /* 271 * Source-code compatibility with Linux-PAM modules 272 */ 273 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 274 defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 275 # define LINUX_PAM_MODULE 276 #endif 277 278 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 279 # define _PAM_SM_AUTHENTICATE 0 280 # define _PAM_SM_SETCRED 0 281 #else 282 # undef PAM_SM_AUTH 283 # define PAM_SM_AUTH 284 # define _PAM_SM_AUTHENTICATE pam_sm_authenticate 285 # define _PAM_SM_SETCRED pam_sm_setcred 286 #endif 287 288 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 289 # define _PAM_SM_ACCT_MGMT 0 290 #else 291 # undef PAM_SM_ACCOUNT 292 # define PAM_SM_ACCOUNT 293 # define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 294 #endif 295 296 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 297 # define _PAM_SM_OPEN_SESSION 0 298 # define _PAM_SM_CLOSE_SESSION 0 299 #else 300 # undef PAM_SM_SESSION 301 # define PAM_SM_SESSION 302 # define _PAM_SM_OPEN_SESSION pam_sm_open_session 303 # define _PAM_SM_CLOSE_SESSION pam_sm_close_session 304 #endif 305 306 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 307 # define _PAM_SM_CHAUTHTOK 0 308 #else 309 # undef PAM_SM_PASSWORD 310 # define PAM_SM_PASSWORD 311 # define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 312 #endif 313 314 /* 315 * Infrastructure for static modules using GCC linker sets. 316 * You are not expected to understand this. 317 */ 318 #if !defined(PAM_SOEXT) 319 # define PAM_SOEXT ".so" 320 #endif 321 322 #if defined(OPENPAM_STATIC_MODULES) 323 # if !defined(__GNUC__) 324 # error "Don't know how to build static modules on non-GNU compilers" 325 # endif 326 /* gcc, static linking */ 327 # include <sys/cdefs.h> 328 # include <linker_set.h> 329 # define PAM_EXTERN static 330 # define PAM_MODULE_ENTRY(name) \ 331 static char _pam_name[] = name PAM_SOEXT; \ 332 static struct pam_module _pam_module = { \ 333 .path = _pam_name, \ 334 .func = { \ 335 [PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE, \ 336 [PAM_SM_SETCRED] = _PAM_SM_SETCRED, \ 337 [PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT, \ 338 [PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION, \ 339 [PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \ 340 [PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK \ 341 }, \ 342 }; \ 343 DATA_SET(_openpam_static_modules, _pam_module) 344 #else 345 /* normal case */ 346 # define PAM_EXTERN 347 # define PAM_MODULE_ENTRY(name) 348 #endif 349 350 #ifdef __cplusplus 351 } 352 #endif 353 354 #endif /* !SECURITY_OPENPAM_H_INCLUDED */ 355