1*0d9d0fd8Schristos /* $NetBSD: openpam_impl.h,v 1.4 2023/06/30 21:46:20 christos Exp $ */ 2201780c4Schristos 376e8c542Schristos /*- 476e8c542Schristos * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 54cb4af11Schristos * Copyright (c) 2004-2017 Dag-Erling Smørgrav 676e8c542Schristos * All rights reserved. 776e8c542Schristos * 876e8c542Schristos * This software was developed for the FreeBSD Project by ThinkSec AS and 976e8c542Schristos * Network Associates Laboratories, the Security Research Division of 1076e8c542Schristos * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 1176e8c542Schristos * ("CBOSS"), as part of the DARPA CHATS research program. 1276e8c542Schristos * 1376e8c542Schristos * Redistribution and use in source and binary forms, with or without 1476e8c542Schristos * modification, are permitted provided that the following conditions 1576e8c542Schristos * are met: 1676e8c542Schristos * 1. Redistributions of source code must retain the above copyright 1776e8c542Schristos * notice, this list of conditions and the following disclaimer. 1876e8c542Schristos * 2. Redistributions in binary form must reproduce the above copyright 1976e8c542Schristos * notice, this list of conditions and the following disclaimer in the 2076e8c542Schristos * documentation and/or other materials provided with the distribution. 2176e8c542Schristos * 3. The name of the author may not be used to endorse or promote 2276e8c542Schristos * products derived from this software without specific prior written 2376e8c542Schristos * permission. 2476e8c542Schristos * 2576e8c542Schristos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 2676e8c542Schristos * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2776e8c542Schristos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2876e8c542Schristos * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 2976e8c542Schristos * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 3076e8c542Schristos * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 3176e8c542Schristos * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3276e8c542Schristos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3376e8c542Schristos * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3476e8c542Schristos * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3576e8c542Schristos * SUCH DAMAGE. 3676e8c542Schristos */ 3776e8c542Schristos 3876e8c542Schristos #ifndef OPENPAM_IMPL_H_INCLUDED 3976e8c542Schristos #define OPENPAM_IMPL_H_INCLUDED 4076e8c542Schristos 4176e8c542Schristos #include <security/openpam.h> 4276e8c542Schristos 4376e8c542Schristos extern int openpam_debug; 4476e8c542Schristos 4576e8c542Schristos /* 4676e8c542Schristos * Control flags 4776e8c542Schristos */ 4876e8c542Schristos typedef enum { 4976e8c542Schristos PAM_BINDING, 5076e8c542Schristos PAM_REQUIRED, 5176e8c542Schristos PAM_REQUISITE, 5276e8c542Schristos PAM_SUFFICIENT, 5376e8c542Schristos PAM_OPTIONAL, 5476e8c542Schristos PAM_NUM_CONTROL_FLAGS 5576e8c542Schristos } pam_control_t; 5676e8c542Schristos 5776e8c542Schristos /* 5876e8c542Schristos * Facilities 5976e8c542Schristos */ 6076e8c542Schristos typedef enum { 6176e8c542Schristos PAM_FACILITY_ANY = -1, 6276e8c542Schristos PAM_AUTH = 0, 6376e8c542Schristos PAM_ACCOUNT, 6476e8c542Schristos PAM_SESSION, 6576e8c542Schristos PAM_PASSWORD, 6676e8c542Schristos PAM_NUM_FACILITIES 6776e8c542Schristos } pam_facility_t; 6876e8c542Schristos 6976e8c542Schristos /* 7076e8c542Schristos * Module chains 7176e8c542Schristos */ 7276e8c542Schristos typedef struct pam_chain pam_chain_t; 7376e8c542Schristos struct pam_chain { 7476e8c542Schristos pam_module_t *module; 7576e8c542Schristos int flag; 7676e8c542Schristos int optc; 7776e8c542Schristos char **optv; 7876e8c542Schristos pam_chain_t *next; 7976e8c542Schristos }; 8076e8c542Schristos 8176e8c542Schristos /* 8276e8c542Schristos * Service policies 8376e8c542Schristos */ 8476e8c542Schristos #if defined(OPENPAM_EMBEDDED) 8576e8c542Schristos typedef struct pam_policy pam_policy_t; 8676e8c542Schristos struct pam_policy { 8776e8c542Schristos const char *service; 8876e8c542Schristos pam_chain_t *chains[PAM_NUM_FACILITIES]; 8976e8c542Schristos }; 9076e8c542Schristos extern pam_policy_t *pam_embedded_policies[]; 9176e8c542Schristos #endif 9276e8c542Schristos 9376e8c542Schristos /* 9476e8c542Schristos * Module-specific data 9576e8c542Schristos */ 9676e8c542Schristos typedef struct pam_data pam_data_t; 9776e8c542Schristos struct pam_data { 9876e8c542Schristos char *name; 9976e8c542Schristos void *data; 10076e8c542Schristos void (*cleanup)(pam_handle_t *, void *, int); 10176e8c542Schristos pam_data_t *next; 10276e8c542Schristos }; 10376e8c542Schristos 10476e8c542Schristos /* 10576e8c542Schristos * PAM context 10676e8c542Schristos */ 10776e8c542Schristos struct pam_handle { 10876e8c542Schristos char *service; 10976e8c542Schristos 11076e8c542Schristos /* chains */ 11176e8c542Schristos pam_chain_t *chains[PAM_NUM_FACILITIES]; 11276e8c542Schristos pam_chain_t *current; 11376e8c542Schristos int primitive; 11476e8c542Schristos 11576e8c542Schristos /* items and data */ 11676e8c542Schristos void *item[PAM_NUM_ITEMS]; 11776e8c542Schristos pam_data_t *module_data; 11876e8c542Schristos 11976e8c542Schristos /* environment list */ 12076e8c542Schristos char **env; 1214cb4af11Schristos size_t env_count; 1224cb4af11Schristos size_t env_size; 12376e8c542Schristos }; 12476e8c542Schristos 12576e8c542Schristos /* 12676e8c542Schristos * Default policy 12776e8c542Schristos */ 12876e8c542Schristos #define PAM_OTHER "other" 12976e8c542Schristos 13076e8c542Schristos /* 13176e8c542Schristos * Internal functions 13276e8c542Schristos */ 1334cb4af11Schristos int openpam_configure(pam_handle_t *, const char *) 1344cb4af11Schristos OPENPAM_NONNULL((1)); 1354cb4af11Schristos int openpam_dispatch(pam_handle_t *, int, int) 1364cb4af11Schristos OPENPAM_NONNULL((1)); 1374cb4af11Schristos int openpam_findenv(pam_handle_t *, const char *, size_t) 1384cb4af11Schristos OPENPAM_NONNULL((1,2)); 1394cb4af11Schristos pam_module_t *openpam_load_module(const char *) 1404cb4af11Schristos OPENPAM_NONNULL((1)); 1414cb4af11Schristos void openpam_clear_chains(pam_chain_t **) 1424cb4af11Schristos OPENPAM_NONNULL((1)); 14376e8c542Schristos 1444cb4af11Schristos int openpam_check_desc_owner_perms(const char *, int) 1454cb4af11Schristos OPENPAM_NONNULL((1)); 1464cb4af11Schristos int openpam_check_path_owner_perms(const char *) 1474cb4af11Schristos OPENPAM_NONNULL((1)); 14876e8c542Schristos 14976e8c542Schristos #ifdef OPENPAM_STATIC_MODULES 1504cb4af11Schristos pam_module_t *openpam_static(const char *) 1514cb4af11Schristos OPENPAM_NONNULL((1)); 15276e8c542Schristos #endif 1534cb4af11Schristos pam_module_t *openpam_dynamic(const char *) 1544cb4af11Schristos OPENPAM_NONNULL((1)); 15576e8c542Schristos 15676e8c542Schristos #define FREE(p) \ 15776e8c542Schristos do { \ 15876e8c542Schristos free(p); \ 15976e8c542Schristos (p) = NULL; \ 160201780c4Schristos } while (/*CONSTCOND*/0) 16176e8c542Schristos 16276e8c542Schristos #define FREEV(c, v) \ 16376e8c542Schristos do { \ 1644cb4af11Schristos if ((v) != NULL) { \ 1654cb4af11Schristos while ((c)-- > 0) \ 16676e8c542Schristos FREE((v)[(c)]); \ 16776e8c542Schristos FREE(v); \ 1684cb4af11Schristos } \ 169201780c4Schristos } while (/*CONSTCOND*/0) 17076e8c542Schristos 17176e8c542Schristos #include "openpam_constants.h" 17276e8c542Schristos #include "openpam_debug.h" 17376e8c542Schristos #include "openpam_features.h" 17476e8c542Schristos 17576e8c542Schristos #endif 176