xref: /netbsd-src/external/bsd/openpam/dist/include/security/openpam.h (revision b757af438b42b93f8c6571f026d8b8ef3eaf5fc9) 
1 /*	$NetBSD: openpam.h,v 1.4 2012/01/28 21:52:14 christos Exp $	*/
2 
3 /*-
4  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
5  * Copyright (c) 2004-2011 Dag-Erling Smørgrav
6  * All rights reserved.
7  *
8  * This software was developed for the FreeBSD Project by ThinkSec AS and
9  * Network Associates Laboratories, the Security Research Division of
10  * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
11  * ("CBOSS"), as part of the DARPA CHATS research program.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. The name of the author may not be used to endorse or promote
22  *    products derived from this software without specific prior written
23  *    permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35  * SUCH DAMAGE.
36  *
37  * Id: openpam.h 455 2011-10-29 18:31:11Z des
38  */
39 
40 #ifndef SECURITY_OPENPAM_H_INCLUDED
41 #define SECURITY_OPENPAM_H_INCLUDED
42 
43 /*
44  * Annoying but necessary header pollution
45  */
46 #include <stdarg.h>
47 
48 #include <security/openpam_attr.h>
49 
50 #ifdef __cplusplus
51 extern "C" {
52 #endif
53 
54 struct passwd;
55 
56 /*
57  * API extensions
58  */
59 int
60 openpam_borrow_cred(pam_handle_t *_pamh,
61 	const struct passwd *_pwd)
62 	OPENPAM_NONNULL((1,2));
63 
64 int
65 openpam_subst(const pam_handle_t *_pamh,
66 	char *_buf,
67 	size_t *_bufsize,
68 	const char *_template);
69 
70 void
71 openpam_free_data(pam_handle_t *_pamh,
72 	void *_data,
73 	int _status);
74 
75 void
76 openpam_free_envlist(char **_envlist);
77 
78 const char *
79 openpam_get_option(pam_handle_t *_pamh,
80 	const char *_option);
81 
82 int
83 openpam_restore_cred(pam_handle_t *_pamh)
84 	OPENPAM_NONNULL((1));
85 
86 int
87 openpam_set_option(pam_handle_t *_pamh,
88 	const char *_option,
89 	const char *_value);
90 
91 int
92 pam_error(const pam_handle_t *_pamh,
93 	const char *_fmt,
94 	...)
95 	OPENPAM_FORMAT ((__printf__, 2, 3))
96 	OPENPAM_NONNULL((1,2));
97 
98 int
99 pam_get_authtok(pam_handle_t *_pamh,
100 	int _item,
101 	const char **_authtok,
102 	const char *_prompt)
103 	OPENPAM_NONNULL((1,3));
104 
105 int
106 pam_info(const pam_handle_t *_pamh,
107 	const char *_fmt,
108 	...)
109 	OPENPAM_FORMAT ((__printf__, 2, 3))
110 	OPENPAM_NONNULL((1,2));
111 
112 int
113 pam_prompt(const pam_handle_t *_pamh,
114 	int _style,
115 	char **_resp,
116 	const char *_fmt,
117 	...)
118 	OPENPAM_FORMAT ((__printf__, 4, 5))
119 	OPENPAM_NONNULL((1,4));
120 
121 int
122 pam_setenv(pam_handle_t *_pamh,
123 	const char *_name,
124 	const char *_value,
125 	int _overwrite)
126 	OPENPAM_NONNULL((1,2,3));
127 
128 int
129 pam_vinfo(const pam_handle_t *_pamh,
130 	const char *_fmt,
131 	va_list _ap)
132 	OPENPAM_FORMAT ((__printf__, 2, 0))
133 	OPENPAM_NONNULL((1,2));
134 
135 int
136 pam_verror(const pam_handle_t *_pamh,
137 	const char *_fmt,
138 	va_list _ap)
139 	OPENPAM_FORMAT ((__printf__, 2, 0))
140 	OPENPAM_NONNULL((1,2));
141 
142 int
143 pam_vprompt(const pam_handle_t *_pamh,
144 	int _style,
145 	char **_resp,
146 	const char *_fmt,
147 	va_list _ap)
148 	OPENPAM_FORMAT ((__printf__, 4, 0))
149 	OPENPAM_NONNULL((1,4));
150 
151 /*
152  * Read cooked lines.
153  * Checking for _IOFBF is a fairly reliable way to detect the presence
154  * of <stdio.h>, as SUSv3 requires it to be defined there.
155  */
156 #ifdef _IOFBF
157 char *
158 openpam_readline(FILE *_f,
159 	int *_lineno,
160 	size_t *_lenp)
161 	OPENPAM_NONNULL((1));
162 #endif
163 
164 /*
165  * Log levels
166  */
167 enum {
168 	PAM_LOG_DEBUG,
169 	PAM_LOG_VERBOSE,
170 	PAM_LOG_NOTICE,
171 	PAM_LOG_ERROR
172 };
173 
174 /*
175  * Log to syslog
176  */
177 void
178 _openpam_log(int _level,
179 	const char *_func,
180 	const char *_fmt,
181 	...)
182 	OPENPAM_FORMAT ((__printf__, 3, 4))
183 	OPENPAM_NONNULL((3));
184 
185 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
186 #define openpam_log(lvl, ...) \
187 	_openpam_log((lvl), __func__, __VA_ARGS__)
188 #elif defined(__GNUC__) && (__GNUC__ >= 3)
189 #define openpam_log(lvl, ...) \
190 	_openpam_log((lvl), __func__, __VA_ARGS__)
191 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95)
192 #define openpam_log(lvl, fmt...) \
193 	_openpam_log((lvl), __func__, ##fmt)
194 #elif defined(__GNUC__) && defined(__func__)
195 #define openpam_log(lvl, fmt...) \
196 	_openpam_log((lvl), __func__, ##fmt)
197 #else
198 void
199 openpam_log(int _level,
200 	const char *_format,
201  	...)
202  	OPENPAM_FORMAT ((__printf__, 2, 3))
203 	OPENPAM_NONNULL((2));
204 #endif
205 
206 /*
207  * Generic conversation function
208  */
209 struct pam_message;
210 struct pam_response;
211 int openpam_ttyconv(int _n,
212 	const struct pam_message **_msg,
213 	struct pam_response **_resp,
214 	void *_data);
215 
216 extern int openpam_ttyconv_timeout;
217 
218 /*
219  * Null conversation function
220  */
221 int openpam_nullconv(int _n,
222 	const struct pam_message **_msg,
223 	struct pam_response **_resp,
224 	void *_data);
225 
226 /*
227  * PAM primitives
228  */
229 enum {
230 	PAM_SM_AUTHENTICATE,
231 	PAM_SM_SETCRED,
232 	PAM_SM_ACCT_MGMT,
233 	PAM_SM_OPEN_SESSION,
234 	PAM_SM_CLOSE_SESSION,
235 	PAM_SM_CHAUTHTOK,
236 	/* keep this last */
237 	PAM_NUM_PRIMITIVES
238 };
239 
240 /*
241  * Dummy service module function
242  */
243 #define PAM_SM_DUMMY(type)						\
244 PAM_EXTERN int								\
245 pam_sm_##type(pam_handle_t *pamh, int flags,				\
246     int argc, const char *argv[])					\
247 {									\
248 									\
249 	(void)pamh;							\
250 	(void)flags;							\
251 	(void)argc;							\
252 	(void)argv;							\
253 	return (PAM_IGNORE);						\
254 }
255 
256 /*
257  * PAM service module functions match this typedef
258  */
259 struct pam_handle;
260 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
261 
262 /*
263  * A struct that describes a module.
264  */
265 typedef struct pam_module pam_module_t;
266 struct pam_module {
267 	char		*path;
268 	pam_func_t	 func[PAM_NUM_PRIMITIVES];
269 	void		*dlh;
270 };
271 
272 /*
273  * Source-code compatibility with Linux-PAM modules
274  */
275 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \
276 	defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD)
277 # define LINUX_PAM_MODULE
278 #endif
279 
280 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH)
281 # define _PAM_SM_AUTHENTICATE	0
282 # define _PAM_SM_SETCRED	0
283 #else
284 # undef PAM_SM_AUTH
285 # define PAM_SM_AUTH
286 # define _PAM_SM_AUTHENTICATE	pam_sm_authenticate
287 # define _PAM_SM_SETCRED	pam_sm_setcred
288 #endif
289 
290 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT)
291 # define _PAM_SM_ACCT_MGMT	0
292 #else
293 # undef PAM_SM_ACCOUNT
294 # define PAM_SM_ACCOUNT
295 # define _PAM_SM_ACCT_MGMT	pam_sm_acct_mgmt
296 #endif
297 
298 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION)
299 # define _PAM_SM_OPEN_SESSION	0
300 # define _PAM_SM_CLOSE_SESSION	0
301 #else
302 # undef PAM_SM_SESSION
303 # define PAM_SM_SESSION
304 # define _PAM_SM_OPEN_SESSION	pam_sm_open_session
305 # define _PAM_SM_CLOSE_SESSION	pam_sm_close_session
306 #endif
307 
308 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD)
309 # define _PAM_SM_CHAUTHTOK	0
310 #else
311 # undef PAM_SM_PASSWORD
312 # define PAM_SM_PASSWORD
313 # define _PAM_SM_CHAUTHTOK	pam_sm_chauthtok
314 #endif
315 
316 /*
317  * Infrastructure for static modules using GCC linker sets.
318  * You are not expected to understand this.
319  */
320 #if !defined(PAM_SOEXT)
321 # define PAM_SOEXT ".so"
322 #endif
323 
324 #if (defined(__GNUC__) || defined(__PCC__)) && !defined(NO_STATIC_MODULES)
325 # include <sys/cdefs.h>
326 # ifdef __FreeBSD__
327 #  include <linker_set.h>
328 # endif
329 # ifdef __NetBSD__
330 #  define DATA_SET(a, b) __link_set_add_data(a, b)
331 #  define SET_DECLARE(a, b) __link_set_decl(a, b)
332 #  define SET_FOREACH(a, b) __link_set_foreach(a, b)
333 # endif
334 # define OPENPAM_STATIC_MODULES
335 # define PAM_EXTERN static
336 # define PAM_MODULE_ENTRY(name)						\
337 	static char _pam_name[] = name PAM_SOEXT;			\
338 	static struct pam_module _pam_module = {			\
339 		.path = _pam_name,					\
340 		.func = {						\
341 			[PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE,	\
342 			[PAM_SM_SETCRED] = _PAM_SM_SETCRED,		\
343 			[PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT,		\
344 			[PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION,	\
345 			[PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \
346 			[PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK		\
347 		},							\
348 	};								\
349 	DATA_SET(openpam_static_modules, _pam_module)
350 #else
351 /* normal case */
352 # define PAM_EXTERN
353 # define PAM_MODULE_ENTRY(name)
354 #endif
355 
356 #ifdef __cplusplus
357 }
358 #endif
359 
360 #endif /* !SECURITY_OPENPAM_H_INCLUDED */
361