1*10b5fe87SSascha Wildner /*- 2*10b5fe87SSascha Wildner * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 3*10b5fe87SSascha Wildner * Copyright (c) 2004-2017 Dag-Erling Smørgrav 4*10b5fe87SSascha Wildner * All rights reserved. 5*10b5fe87SSascha Wildner * 6*10b5fe87SSascha Wildner * This software was developed for the FreeBSD Project by ThinkSec AS and 7*10b5fe87SSascha Wildner * Network Associates Laboratories, the Security Research Division of 8*10b5fe87SSascha Wildner * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9*10b5fe87SSascha Wildner * ("CBOSS"), as part of the DARPA CHATS research program. 10*10b5fe87SSascha Wildner * 11*10b5fe87SSascha Wildner * Redistribution and use in source and binary forms, with or without 12*10b5fe87SSascha Wildner * modification, are permitted provided that the following conditions 13*10b5fe87SSascha Wildner * are met: 14*10b5fe87SSascha Wildner * 1. Redistributions of source code must retain the above copyright 15*10b5fe87SSascha Wildner * notice, this list of conditions and the following disclaimer. 16*10b5fe87SSascha Wildner * 2. Redistributions in binary form must reproduce the above copyright 17*10b5fe87SSascha Wildner * notice, this list of conditions and the following disclaimer in the 18*10b5fe87SSascha Wildner * documentation and/or other materials provided with the distribution. 19*10b5fe87SSascha Wildner * 3. The name of the author may not be used to endorse or promote 20*10b5fe87SSascha Wildner * products derived from this software without specific prior written 21*10b5fe87SSascha Wildner * permission. 22*10b5fe87SSascha Wildner * 23*10b5fe87SSascha Wildner * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24*10b5fe87SSascha Wildner * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25*10b5fe87SSascha Wildner * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26*10b5fe87SSascha Wildner * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27*10b5fe87SSascha Wildner * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28*10b5fe87SSascha Wildner * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29*10b5fe87SSascha Wildner * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30*10b5fe87SSascha Wildner * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31*10b5fe87SSascha Wildner * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32*10b5fe87SSascha Wildner * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33*10b5fe87SSascha Wildner * SUCH DAMAGE. 34*10b5fe87SSascha Wildner * 35*10b5fe87SSascha Wildner * $OpenPAM: openpam_impl.h 938 2017-04-30 21:34:42Z des $ 36*10b5fe87SSascha Wildner */ 37*10b5fe87SSascha Wildner 38*10b5fe87SSascha Wildner #ifndef OPENPAM_IMPL_H_INCLUDED 39*10b5fe87SSascha Wildner #define OPENPAM_IMPL_H_INCLUDED 40*10b5fe87SSascha Wildner 41*10b5fe87SSascha Wildner #include <security/openpam.h> 42*10b5fe87SSascha Wildner 43*10b5fe87SSascha Wildner extern int openpam_debug; 44*10b5fe87SSascha Wildner 45*10b5fe87SSascha Wildner /* 46*10b5fe87SSascha Wildner * Control flags 47*10b5fe87SSascha Wildner */ 48*10b5fe87SSascha Wildner typedef enum { 49*10b5fe87SSascha Wildner PAM_BINDING, 50*10b5fe87SSascha Wildner PAM_REQUIRED, 51*10b5fe87SSascha Wildner PAM_REQUISITE, 52*10b5fe87SSascha Wildner PAM_SUFFICIENT, 53*10b5fe87SSascha Wildner PAM_OPTIONAL, 54*10b5fe87SSascha Wildner PAM_NUM_CONTROL_FLAGS 55*10b5fe87SSascha Wildner } pam_control_t; 56*10b5fe87SSascha Wildner 57*10b5fe87SSascha Wildner /* 58*10b5fe87SSascha Wildner * Facilities 59*10b5fe87SSascha Wildner */ 60*10b5fe87SSascha Wildner typedef enum { 61*10b5fe87SSascha Wildner PAM_FACILITY_ANY = -1, 62*10b5fe87SSascha Wildner PAM_AUTH = 0, 63*10b5fe87SSascha Wildner PAM_ACCOUNT, 64*10b5fe87SSascha Wildner PAM_SESSION, 65*10b5fe87SSascha Wildner PAM_PASSWORD, 66*10b5fe87SSascha Wildner PAM_NUM_FACILITIES 67*10b5fe87SSascha Wildner } pam_facility_t; 68*10b5fe87SSascha Wildner 69*10b5fe87SSascha Wildner /* 70*10b5fe87SSascha Wildner * Module chains 71*10b5fe87SSascha Wildner */ 72*10b5fe87SSascha Wildner typedef struct pam_chain pam_chain_t; 73*10b5fe87SSascha Wildner struct pam_chain { 74*10b5fe87SSascha Wildner pam_module_t *module; 75*10b5fe87SSascha Wildner int flag; 76*10b5fe87SSascha Wildner int optc; 77*10b5fe87SSascha Wildner char **optv; 78*10b5fe87SSascha Wildner pam_chain_t *next; 79*10b5fe87SSascha Wildner }; 80*10b5fe87SSascha Wildner 81*10b5fe87SSascha Wildner /* 82*10b5fe87SSascha Wildner * Service policies 83*10b5fe87SSascha Wildner */ 84*10b5fe87SSascha Wildner #if defined(OPENPAM_EMBEDDED) 85*10b5fe87SSascha Wildner typedef struct pam_policy pam_policy_t; 86*10b5fe87SSascha Wildner struct pam_policy { 87*10b5fe87SSascha Wildner const char *service; 88*10b5fe87SSascha Wildner pam_chain_t *chains[PAM_NUM_FACILITIES]; 89*10b5fe87SSascha Wildner }; 90*10b5fe87SSascha Wildner extern pam_policy_t *pam_embedded_policies[]; 91*10b5fe87SSascha Wildner #endif 92*10b5fe87SSascha Wildner 93*10b5fe87SSascha Wildner /* 94*10b5fe87SSascha Wildner * Module-specific data 95*10b5fe87SSascha Wildner */ 96*10b5fe87SSascha Wildner typedef struct pam_data pam_data_t; 97*10b5fe87SSascha Wildner struct pam_data { 98*10b5fe87SSascha Wildner char *name; 99*10b5fe87SSascha Wildner void *data; 100*10b5fe87SSascha Wildner void (*cleanup)(pam_handle_t *, void *, int); 101*10b5fe87SSascha Wildner pam_data_t *next; 102*10b5fe87SSascha Wildner }; 103*10b5fe87SSascha Wildner 104*10b5fe87SSascha Wildner /* 105*10b5fe87SSascha Wildner * PAM context 106*10b5fe87SSascha Wildner */ 107*10b5fe87SSascha Wildner struct pam_handle { 108*10b5fe87SSascha Wildner char *service; 109*10b5fe87SSascha Wildner 110*10b5fe87SSascha Wildner /* chains */ 111*10b5fe87SSascha Wildner pam_chain_t *chains[PAM_NUM_FACILITIES]; 112*10b5fe87SSascha Wildner pam_chain_t *current; 113*10b5fe87SSascha Wildner int primitive; 114*10b5fe87SSascha Wildner 115*10b5fe87SSascha Wildner /* items and data */ 116*10b5fe87SSascha Wildner void *item[PAM_NUM_ITEMS]; 117*10b5fe87SSascha Wildner pam_data_t *module_data; 118*10b5fe87SSascha Wildner 119*10b5fe87SSascha Wildner /* environment list */ 120*10b5fe87SSascha Wildner char **env; 121*10b5fe87SSascha Wildner int env_count; 122*10b5fe87SSascha Wildner int env_size; 123*10b5fe87SSascha Wildner }; 124*10b5fe87SSascha Wildner 125*10b5fe87SSascha Wildner /* 126*10b5fe87SSascha Wildner * Default policy 127*10b5fe87SSascha Wildner */ 128*10b5fe87SSascha Wildner #define PAM_OTHER "other" 129*10b5fe87SSascha Wildner 130*10b5fe87SSascha Wildner /* 131*10b5fe87SSascha Wildner * Internal functions 132*10b5fe87SSascha Wildner */ 133*10b5fe87SSascha Wildner int openpam_configure(pam_handle_t *, const char *) 134*10b5fe87SSascha Wildner OPENPAM_NONNULL((1)); 135*10b5fe87SSascha Wildner int openpam_dispatch(pam_handle_t *, int, int) 136*10b5fe87SSascha Wildner OPENPAM_NONNULL((1)); 137*10b5fe87SSascha Wildner int openpam_findenv(pam_handle_t *, const char *, size_t) 138*10b5fe87SSascha Wildner OPENPAM_NONNULL((1,2)); 139*10b5fe87SSascha Wildner pam_module_t *openpam_load_module(const char *) 140*10b5fe87SSascha Wildner OPENPAM_NONNULL((1)); 141*10b5fe87SSascha Wildner void openpam_clear_chains(pam_chain_t **) 142*10b5fe87SSascha Wildner OPENPAM_NONNULL((1)); 143*10b5fe87SSascha Wildner 144*10b5fe87SSascha Wildner int openpam_check_desc_owner_perms(const char *, int) 145*10b5fe87SSascha Wildner OPENPAM_NONNULL((1)); 146*10b5fe87SSascha Wildner int openpam_check_path_owner_perms(const char *) 147*10b5fe87SSascha Wildner OPENPAM_NONNULL((1)); 148*10b5fe87SSascha Wildner 149*10b5fe87SSascha Wildner #ifdef OPENPAM_STATIC_MODULES 150*10b5fe87SSascha Wildner pam_module_t *openpam_static(const char *) 151*10b5fe87SSascha Wildner OPENPAM_NONNULL((1)); 152*10b5fe87SSascha Wildner #endif 153*10b5fe87SSascha Wildner pam_module_t *openpam_dynamic(const char *) 154*10b5fe87SSascha Wildner OPENPAM_NONNULL((1)); 155*10b5fe87SSascha Wildner 156*10b5fe87SSascha Wildner #define FREE(p) \ 157*10b5fe87SSascha Wildner do { \ 158*10b5fe87SSascha Wildner free(p); \ 159*10b5fe87SSascha Wildner (p) = NULL; \ 160*10b5fe87SSascha Wildner } while (0) 161*10b5fe87SSascha Wildner 162*10b5fe87SSascha Wildner #define FREEV(c, v) \ 163*10b5fe87SSascha Wildner do { \ 164*10b5fe87SSascha Wildner if ((v) != NULL) { \ 165*10b5fe87SSascha Wildner while ((c)-- > 0) \ 166*10b5fe87SSascha Wildner FREE((v)[(c)]); \ 167*10b5fe87SSascha Wildner FREE(v); \ 168*10b5fe87SSascha Wildner } \ 169*10b5fe87SSascha Wildner } while (0) 170*10b5fe87SSascha Wildner 171*10b5fe87SSascha Wildner #include "openpam_constants.h" 172*10b5fe87SSascha Wildner #include "openpam_debug.h" 173*10b5fe87SSascha Wildner #include "openpam_features.h" 174*10b5fe87SSascha Wildner 175*10b5fe87SSascha Wildner #endif 176