1*ade90846SJoerg Sonnenberger /*- 2*ade90846SJoerg Sonnenberger * Copyright (c) 2002-2003 Networks Associates Technology, Inc. 3*ade90846SJoerg Sonnenberger * All rights reserved. 4*ade90846SJoerg Sonnenberger * 5*ade90846SJoerg Sonnenberger * This software was developed for the FreeBSD Project by ThinkSec AS and 6*ade90846SJoerg Sonnenberger * Network Associates Laboratories, the Security Research Division of 7*ade90846SJoerg Sonnenberger * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 8*ade90846SJoerg Sonnenberger * ("CBOSS"), as part of the DARPA CHATS research program. 9*ade90846SJoerg Sonnenberger * 10*ade90846SJoerg Sonnenberger * Redistribution and use in source and binary forms, with or without 11*ade90846SJoerg Sonnenberger * modification, are permitted provided that the following conditions 12*ade90846SJoerg Sonnenberger * are met: 13*ade90846SJoerg Sonnenberger * 1. Redistributions of source code must retain the above copyright 14*ade90846SJoerg Sonnenberger * notice, this list of conditions and the following disclaimer. 15*ade90846SJoerg Sonnenberger * 2. Redistributions in binary form must reproduce the above copyright 16*ade90846SJoerg Sonnenberger * notice, this list of conditions and the following disclaimer in the 17*ade90846SJoerg Sonnenberger * documentation and/or other materials provided with the distribution. 18*ade90846SJoerg Sonnenberger * 3. The name of the author may not be used to endorse or promote 19*ade90846SJoerg Sonnenberger * products derived from this software without specific prior written 20*ade90846SJoerg Sonnenberger * permission. 21*ade90846SJoerg Sonnenberger * 22*ade90846SJoerg Sonnenberger * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23*ade90846SJoerg Sonnenberger * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24*ade90846SJoerg Sonnenberger * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25*ade90846SJoerg Sonnenberger * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26*ade90846SJoerg Sonnenberger * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27*ade90846SJoerg Sonnenberger * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28*ade90846SJoerg Sonnenberger * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29*ade90846SJoerg Sonnenberger * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30*ade90846SJoerg Sonnenberger * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31*ade90846SJoerg Sonnenberger * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32*ade90846SJoerg Sonnenberger * SUCH DAMAGE. 33*ade90846SJoerg Sonnenberger * 34*ade90846SJoerg Sonnenberger * $P4: //depot/projects/openpam/include/security/openpam.h#28 $ 35*ade90846SJoerg Sonnenberger */ 36*ade90846SJoerg Sonnenberger 37*ade90846SJoerg Sonnenberger #ifndef _SECURITY_OPENPAM_H_INCLUDED 38*ade90846SJoerg Sonnenberger #define _SECURITY_OPENPAM_H_INCLUDED 39*ade90846SJoerg Sonnenberger 40*ade90846SJoerg Sonnenberger /* 41*ade90846SJoerg Sonnenberger * Annoying but necessary header pollution 42*ade90846SJoerg Sonnenberger */ 43*ade90846SJoerg Sonnenberger #include <stdarg.h> 44*ade90846SJoerg Sonnenberger 45*ade90846SJoerg Sonnenberger #ifdef __cplusplus 46*ade90846SJoerg Sonnenberger extern "C" { 47*ade90846SJoerg Sonnenberger #endif 48*ade90846SJoerg Sonnenberger 49*ade90846SJoerg Sonnenberger struct passwd; 50*ade90846SJoerg Sonnenberger 51*ade90846SJoerg Sonnenberger /* 52*ade90846SJoerg Sonnenberger * API extensions 53*ade90846SJoerg Sonnenberger */ 54*ade90846SJoerg Sonnenberger int 55*ade90846SJoerg Sonnenberger openpam_borrow_cred(pam_handle_t *_pamh, 56*ade90846SJoerg Sonnenberger const struct passwd *_pwd); 57*ade90846SJoerg Sonnenberger 58*ade90846SJoerg Sonnenberger void 59*ade90846SJoerg Sonnenberger openpam_free_data(pam_handle_t *_pamh, 60*ade90846SJoerg Sonnenberger void *_data, 61*ade90846SJoerg Sonnenberger int _status); 62*ade90846SJoerg Sonnenberger 63*ade90846SJoerg Sonnenberger void 64*ade90846SJoerg Sonnenberger openpam_free_envlist(char **_envlist); 65*ade90846SJoerg Sonnenberger 66*ade90846SJoerg Sonnenberger const char * 67*ade90846SJoerg Sonnenberger openpam_get_option(pam_handle_t *_pamh, 68*ade90846SJoerg Sonnenberger const char *_option); 69*ade90846SJoerg Sonnenberger 70*ade90846SJoerg Sonnenberger int 71*ade90846SJoerg Sonnenberger openpam_restore_cred(pam_handle_t *_pamh); 72*ade90846SJoerg Sonnenberger 73*ade90846SJoerg Sonnenberger int 74*ade90846SJoerg Sonnenberger openpam_set_option(pam_handle_t *_pamh, 75*ade90846SJoerg Sonnenberger const char *_option, 76*ade90846SJoerg Sonnenberger const char *_value); 77*ade90846SJoerg Sonnenberger 78*ade90846SJoerg Sonnenberger int 79*ade90846SJoerg Sonnenberger pam_error(pam_handle_t *_pamh, 80*ade90846SJoerg Sonnenberger const char *_fmt, 81*ade90846SJoerg Sonnenberger ...); 82*ade90846SJoerg Sonnenberger 83*ade90846SJoerg Sonnenberger int 84*ade90846SJoerg Sonnenberger pam_get_authtok(pam_handle_t *_pamh, 85*ade90846SJoerg Sonnenberger int _item, 86*ade90846SJoerg Sonnenberger const char **_authtok, 87*ade90846SJoerg Sonnenberger const char *_prompt); 88*ade90846SJoerg Sonnenberger 89*ade90846SJoerg Sonnenberger int 90*ade90846SJoerg Sonnenberger pam_info(pam_handle_t *_pamh, 91*ade90846SJoerg Sonnenberger const char *_fmt, 92*ade90846SJoerg Sonnenberger ...); 93*ade90846SJoerg Sonnenberger 94*ade90846SJoerg Sonnenberger int 95*ade90846SJoerg Sonnenberger pam_prompt(pam_handle_t *_pamh, 96*ade90846SJoerg Sonnenberger int _style, 97*ade90846SJoerg Sonnenberger char **_resp, 98*ade90846SJoerg Sonnenberger const char *_fmt, 99*ade90846SJoerg Sonnenberger ...); 100*ade90846SJoerg Sonnenberger 101*ade90846SJoerg Sonnenberger int 102*ade90846SJoerg Sonnenberger pam_setenv(pam_handle_t *_pamh, 103*ade90846SJoerg Sonnenberger const char *_name, 104*ade90846SJoerg Sonnenberger const char *_value, 105*ade90846SJoerg Sonnenberger int _overwrite); 106*ade90846SJoerg Sonnenberger 107*ade90846SJoerg Sonnenberger int 108*ade90846SJoerg Sonnenberger pam_vinfo(pam_handle_t *_pamh, 109*ade90846SJoerg Sonnenberger const char *_fmt, 110*ade90846SJoerg Sonnenberger va_list _ap); 111*ade90846SJoerg Sonnenberger 112*ade90846SJoerg Sonnenberger int 113*ade90846SJoerg Sonnenberger pam_verror(pam_handle_t *_pamh, 114*ade90846SJoerg Sonnenberger const char *_fmt, 115*ade90846SJoerg Sonnenberger va_list _ap); 116*ade90846SJoerg Sonnenberger 117*ade90846SJoerg Sonnenberger int 118*ade90846SJoerg Sonnenberger pam_vprompt(pam_handle_t *_pamh, 119*ade90846SJoerg Sonnenberger int _style, 120*ade90846SJoerg Sonnenberger char **_resp, 121*ade90846SJoerg Sonnenberger const char *_fmt, 122*ade90846SJoerg Sonnenberger va_list _ap); 123*ade90846SJoerg Sonnenberger 124*ade90846SJoerg Sonnenberger /* 125*ade90846SJoerg Sonnenberger * Read cooked lines. 126*ade90846SJoerg Sonnenberger * Checking for _IOFBF is a fairly reliable way to detect the presence 127*ade90846SJoerg Sonnenberger * of <stdio.h>, as SUSv3 requires it to be defined there. 128*ade90846SJoerg Sonnenberger */ 129*ade90846SJoerg Sonnenberger #ifdef _IOFBF 130*ade90846SJoerg Sonnenberger char * 131*ade90846SJoerg Sonnenberger openpam_readline(FILE *_f, 132*ade90846SJoerg Sonnenberger int *_lineno, 133*ade90846SJoerg Sonnenberger size_t *_lenp); 134*ade90846SJoerg Sonnenberger #endif 135*ade90846SJoerg Sonnenberger 136*ade90846SJoerg Sonnenberger /* 137*ade90846SJoerg Sonnenberger * Log levels 138*ade90846SJoerg Sonnenberger */ 139*ade90846SJoerg Sonnenberger enum { 140*ade90846SJoerg Sonnenberger PAM_LOG_DEBUG, 141*ade90846SJoerg Sonnenberger PAM_LOG_VERBOSE, 142*ade90846SJoerg Sonnenberger PAM_LOG_NOTICE, 143*ade90846SJoerg Sonnenberger PAM_LOG_ERROR 144*ade90846SJoerg Sonnenberger }; 145*ade90846SJoerg Sonnenberger 146*ade90846SJoerg Sonnenberger /* 147*ade90846SJoerg Sonnenberger * Log to syslog 148*ade90846SJoerg Sonnenberger */ 149*ade90846SJoerg Sonnenberger void 150*ade90846SJoerg Sonnenberger _openpam_log(int _level, 151*ade90846SJoerg Sonnenberger const char *_func, 152*ade90846SJoerg Sonnenberger const char *_fmt, 153*ade90846SJoerg Sonnenberger ...) 154*ade90846SJoerg Sonnenberger #if defined(__GNUC__) 155*ade90846SJoerg Sonnenberger __attribute__((__format__(__printf__, 3, 4))) 156*ade90846SJoerg Sonnenberger #endif 157*ade90846SJoerg Sonnenberger ; 158*ade90846SJoerg Sonnenberger 159*ade90846SJoerg Sonnenberger #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) 160*ade90846SJoerg Sonnenberger #define openpam_log(lvl, ...) \ 161*ade90846SJoerg Sonnenberger _openpam_log((lvl), __func__, __VA_ARGS__) 162*ade90846SJoerg Sonnenberger #elif defined(__GNUC__) && (__GNUC__ >= 3) 163*ade90846SJoerg Sonnenberger #define openpam_log(lvl, ...) \ 164*ade90846SJoerg Sonnenberger _openpam_log((lvl), __func__, __VA_ARGS__) 165*ade90846SJoerg Sonnenberger #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95) 166*ade90846SJoerg Sonnenberger #define openpam_log(lvl, fmt...) \ 167*ade90846SJoerg Sonnenberger _openpam_log((lvl), __func__, ##fmt) 168*ade90846SJoerg Sonnenberger #elif defined(__GNUC__) && defined(__FUNCTION__) 169*ade90846SJoerg Sonnenberger #define openpam_log(lvl, fmt...) \ 170*ade90846SJoerg Sonnenberger _openpam_log((lvl), __FUNCTION__, ##fmt) 171*ade90846SJoerg Sonnenberger #else 172*ade90846SJoerg Sonnenberger void 173*ade90846SJoerg Sonnenberger openpam_log(int _level, 174*ade90846SJoerg Sonnenberger const char *_format, 175*ade90846SJoerg Sonnenberger ...); 176*ade90846SJoerg Sonnenberger #endif 177*ade90846SJoerg Sonnenberger 178*ade90846SJoerg Sonnenberger /* 179*ade90846SJoerg Sonnenberger * Generic conversation function 180*ade90846SJoerg Sonnenberger */ 181*ade90846SJoerg Sonnenberger struct pam_message; 182*ade90846SJoerg Sonnenberger struct pam_response; 183*ade90846SJoerg Sonnenberger int openpam_ttyconv(int _n, 184*ade90846SJoerg Sonnenberger const struct pam_message **_msg, 185*ade90846SJoerg Sonnenberger struct pam_response **_resp, 186*ade90846SJoerg Sonnenberger void *_data); 187*ade90846SJoerg Sonnenberger 188*ade90846SJoerg Sonnenberger extern int openpam_ttyconv_timeout; 189*ade90846SJoerg Sonnenberger 190*ade90846SJoerg Sonnenberger /* 191*ade90846SJoerg Sonnenberger * Null conversation function 192*ade90846SJoerg Sonnenberger */ 193*ade90846SJoerg Sonnenberger int openpam_nullconv(int _n, 194*ade90846SJoerg Sonnenberger const struct pam_message **_msg, 195*ade90846SJoerg Sonnenberger struct pam_response **_resp, 196*ade90846SJoerg Sonnenberger void *_data); 197*ade90846SJoerg Sonnenberger 198*ade90846SJoerg Sonnenberger /* 199*ade90846SJoerg Sonnenberger * PAM primitives 200*ade90846SJoerg Sonnenberger */ 201*ade90846SJoerg Sonnenberger enum { 202*ade90846SJoerg Sonnenberger PAM_SM_AUTHENTICATE, 203*ade90846SJoerg Sonnenberger PAM_SM_SETCRED, 204*ade90846SJoerg Sonnenberger PAM_SM_ACCT_MGMT, 205*ade90846SJoerg Sonnenberger PAM_SM_OPEN_SESSION, 206*ade90846SJoerg Sonnenberger PAM_SM_CLOSE_SESSION, 207*ade90846SJoerg Sonnenberger PAM_SM_CHAUTHTOK, 208*ade90846SJoerg Sonnenberger /* keep this last */ 209*ade90846SJoerg Sonnenberger PAM_NUM_PRIMITIVES 210*ade90846SJoerg Sonnenberger }; 211*ade90846SJoerg Sonnenberger 212*ade90846SJoerg Sonnenberger /* 213*ade90846SJoerg Sonnenberger * Dummy service module function 214*ade90846SJoerg Sonnenberger */ 215*ade90846SJoerg Sonnenberger #define PAM_SM_DUMMY(type) \ 216*ade90846SJoerg Sonnenberger PAM_EXTERN int \ 217*ade90846SJoerg Sonnenberger pam_sm_##type(pam_handle_t *pamh, int flags, \ 218*ade90846SJoerg Sonnenberger int argc, const char *argv[]) \ 219*ade90846SJoerg Sonnenberger { \ 220*ade90846SJoerg Sonnenberger return (PAM_IGNORE); \ 221*ade90846SJoerg Sonnenberger } 222*ade90846SJoerg Sonnenberger 223*ade90846SJoerg Sonnenberger /* 224*ade90846SJoerg Sonnenberger * PAM service module functions match this typedef 225*ade90846SJoerg Sonnenberger */ 226*ade90846SJoerg Sonnenberger struct pam_handle; 227*ade90846SJoerg Sonnenberger typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **); 228*ade90846SJoerg Sonnenberger 229*ade90846SJoerg Sonnenberger /* 230*ade90846SJoerg Sonnenberger * A struct that describes a module. 231*ade90846SJoerg Sonnenberger */ 232*ade90846SJoerg Sonnenberger typedef struct pam_module pam_module_t; 233*ade90846SJoerg Sonnenberger struct pam_module { 234*ade90846SJoerg Sonnenberger char *path; 235*ade90846SJoerg Sonnenberger pam_func_t func[PAM_NUM_PRIMITIVES]; 236*ade90846SJoerg Sonnenberger void *dlh; 237*ade90846SJoerg Sonnenberger int refcount; 238*ade90846SJoerg Sonnenberger pam_module_t *prev; 239*ade90846SJoerg Sonnenberger pam_module_t *next; 240*ade90846SJoerg Sonnenberger }; 241*ade90846SJoerg Sonnenberger 242*ade90846SJoerg Sonnenberger /* 243*ade90846SJoerg Sonnenberger * Source-code compatibility with Linux-PAM modules 244*ade90846SJoerg Sonnenberger */ 245*ade90846SJoerg Sonnenberger #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \ 246*ade90846SJoerg Sonnenberger defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD) 247*ade90846SJoerg Sonnenberger #define LINUX_PAM_MODULE 248*ade90846SJoerg Sonnenberger #endif 249*ade90846SJoerg Sonnenberger #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH) 250*ade90846SJoerg Sonnenberger #define _PAM_SM_AUTHENTICATE 0 251*ade90846SJoerg Sonnenberger #define _PAM_SM_SETCRED 0 252*ade90846SJoerg Sonnenberger #else 253*ade90846SJoerg Sonnenberger #undef PAM_SM_AUTH 254*ade90846SJoerg Sonnenberger #define PAM_SM_AUTH 255*ade90846SJoerg Sonnenberger #define _PAM_SM_AUTHENTICATE pam_sm_authenticate 256*ade90846SJoerg Sonnenberger #define _PAM_SM_SETCRED pam_sm_setcred 257*ade90846SJoerg Sonnenberger #endif 258*ade90846SJoerg Sonnenberger #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT) 259*ade90846SJoerg Sonnenberger #define _PAM_SM_ACCT_MGMT 0 260*ade90846SJoerg Sonnenberger #else 261*ade90846SJoerg Sonnenberger #undef PAM_SM_ACCOUNT 262*ade90846SJoerg Sonnenberger #define PAM_SM_ACCOUNT 263*ade90846SJoerg Sonnenberger #define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt 264*ade90846SJoerg Sonnenberger #endif 265*ade90846SJoerg Sonnenberger #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION) 266*ade90846SJoerg Sonnenberger #define _PAM_SM_OPEN_SESSION 0 267*ade90846SJoerg Sonnenberger #define _PAM_SM_CLOSE_SESSION 0 268*ade90846SJoerg Sonnenberger #else 269*ade90846SJoerg Sonnenberger #undef PAM_SM_SESSION 270*ade90846SJoerg Sonnenberger #define PAM_SM_SESSION 271*ade90846SJoerg Sonnenberger #define _PAM_SM_OPEN_SESSION pam_sm_open_session 272*ade90846SJoerg Sonnenberger #define _PAM_SM_CLOSE_SESSION pam_sm_close_session 273*ade90846SJoerg Sonnenberger #endif 274*ade90846SJoerg Sonnenberger #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD) 275*ade90846SJoerg Sonnenberger #define _PAM_SM_CHAUTHTOK 0 276*ade90846SJoerg Sonnenberger #else 277*ade90846SJoerg Sonnenberger #undef PAM_SM_PASSWORD 278*ade90846SJoerg Sonnenberger #define PAM_SM_PASSWORD 279*ade90846SJoerg Sonnenberger #define _PAM_SM_CHAUTHTOK pam_sm_chauthtok 280*ade90846SJoerg Sonnenberger #endif 281*ade90846SJoerg Sonnenberger 282*ade90846SJoerg Sonnenberger /* 283*ade90846SJoerg Sonnenberger * Infrastructure for static modules using GCC linker sets. 284*ade90846SJoerg Sonnenberger * You are not expected to understand this. 285*ade90846SJoerg Sonnenberger */ 286*ade90846SJoerg Sonnenberger #if defined(__FreeBSD__) 287*ade90846SJoerg Sonnenberger #define PAM_SOEXT ".so" 288*ade90846SJoerg Sonnenberger #else 289*ade90846SJoerg Sonnenberger #ifndef NO_STATIC_MODULES 290*ade90846SJoerg Sonnenberger #define NO_STATIC_MODULES 291*ade90846SJoerg Sonnenberger #endif 292*ade90846SJoerg Sonnenberger #endif 293*ade90846SJoerg Sonnenberger #if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) 294*ade90846SJoerg Sonnenberger /* gcc, static linking */ 295*ade90846SJoerg Sonnenberger #include <sys/cdefs.h> 296*ade90846SJoerg Sonnenberger #include <linker_set.h> 297*ade90846SJoerg Sonnenberger #define OPENPAM_STATIC_MODULES 298*ade90846SJoerg Sonnenberger #define PAM_EXTERN static 299*ade90846SJoerg Sonnenberger #define PAM_MODULE_ENTRY(name) \ 300*ade90846SJoerg Sonnenberger static char _pam_name[] = name PAM_SOEXT; \ 301*ade90846SJoerg Sonnenberger static struct pam_module _pam_module = { _pam_name, { \ 302*ade90846SJoerg Sonnenberger _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \ 303*ade90846SJoerg Sonnenberger _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \ 304*ade90846SJoerg Sonnenberger NULL, 0, NULL, NULL }; \ 305*ade90846SJoerg Sonnenberger DATA_SET(_openpam_static_modules, _pam_module) 306*ade90846SJoerg Sonnenberger #else 307*ade90846SJoerg Sonnenberger /* normal case */ 308*ade90846SJoerg Sonnenberger #define PAM_EXTERN 309*ade90846SJoerg Sonnenberger #define PAM_MODULE_ENTRY(name) 310*ade90846SJoerg Sonnenberger #endif 311*ade90846SJoerg Sonnenberger 312*ade90846SJoerg Sonnenberger #ifdef __cplusplus 313*ade90846SJoerg Sonnenberger } 314*ade90846SJoerg Sonnenberger #endif 315*ade90846SJoerg Sonnenberger 316*ade90846SJoerg Sonnenberger #endif 317