2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
5 * This software was developed for the FreeBSD Project by ThinkSec AS and
6 * Network Associates Laboratories, the Security Research Division of
7 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
8 * ("CBOSS"), as part of the DARPA CHATS research program.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The name of the author may not be used to endorse or promote
19 * products derived from this software without specific prior written
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * $P4: //depot/projects/openpam/include/security/openpam.h#28 $
37 #ifndef _SECURITY_OPENPAM_H_INCLUDED
38 #define _SECURITY_OPENPAM_H_INCLUDED
41 * Annoying but necessary header pollution
55 openpam_borrow_cred(pam_handle_t *_pamh,
56 const struct passwd *_pwd);
59 openpam_free_data(pam_handle_t *_pamh,
64 openpam_free_envlist(char **_envlist);
67 openpam_get_option(pam_handle_t *_pamh,
71 openpam_restore_cred(pam_handle_t *_pamh);
74 openpam_set_option(pam_handle_t *_pamh,
79 pam_error(pam_handle_t *_pamh,
84 pam_get_authtok(pam_handle_t *_pamh,
86 const char **_authtok,
90 pam_info(pam_handle_t *_pamh,
95 pam_prompt(pam_handle_t *_pamh,
102 pam_setenv(pam_handle_t *_pamh,
108 pam_vinfo(pam_handle_t *_pamh,
113 pam_verror(pam_handle_t *_pamh,
118 pam_vprompt(pam_handle_t *_pamh,
126 * Checking for _IOFBF is a fairly reliable way to detect the presence
127 * of <stdio.h>, as SUSv3 requires it to be defined there.
131 openpam_readline(FILE *_f,
150 _openpam_log(int _level,
154 #if defined(__GNUC__)
155 __attribute__((__format__(__printf__, 3, 4)))
159 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
160 #define openpam_log(lvl, ...) \
161 _openpam_log((lvl), __func__, __VA_ARGS__)
162 #elif defined(__GNUC__) && (__GNUC__ >= 3)
163 #define openpam_log(lvl, ...) \
164 _openpam_log((lvl), __func__, __VA_ARGS__)
165 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95)
166 #define openpam_log(lvl, fmt...) \
167 _openpam_log((lvl), __func__, ##fmt)
168 #elif defined(__GNUC__) && defined(__FUNCTION__)
169 #define openpam_log(lvl, fmt...) \
170 _openpam_log((lvl), __FUNCTION__, ##fmt)
173 openpam_log(int _level,
179 * Generic conversation function
183 int openpam_ttyconv(int _n,
184 const struct pam_message **_msg,
185 struct pam_response **_resp,
188 extern int openpam_ttyconv_timeout;
191 * Null conversation function
193 int openpam_nullconv(int _n,
194 const struct pam_message **_msg,
195 struct pam_response **_resp,
206 PAM_SM_CLOSE_SESSION,
213 * Dummy service module function
215 #define PAM_SM_DUMMY(type) \
217 pam_sm_##type(pam_handle_t *pamh, int flags, \
218 int argc, const char *argv[]) \
220 return (PAM_IGNORE); \
224 * PAM service module functions match this typedef
227 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
230 * A struct that describes a module.
232 typedef struct pam_module pam_module_t;
235 pam_func_t func[PAM_NUM_PRIMITIVES];
243 * Source-code compatibility with Linux-PAM modules
245 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \
246 defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD)
247 #define LINUX_PAM_MODULE
249 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH)
250 #define _PAM_SM_AUTHENTICATE 0
251 #define _PAM_SM_SETCRED 0
255 #define _PAM_SM_AUTHENTICATE pam_sm_authenticate
256 #define _PAM_SM_SETCRED pam_sm_setcred
258 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT)
259 #define _PAM_SM_ACCT_MGMT 0
261 #undef PAM_SM_ACCOUNT
262 #define PAM_SM_ACCOUNT
263 #define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt
265 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION)
266 #define _PAM_SM_OPEN_SESSION 0
267 #define _PAM_SM_CLOSE_SESSION 0
269 #undef PAM_SM_SESSION
270 #define PAM_SM_SESSION
271 #define _PAM_SM_OPEN_SESSION pam_sm_open_session
272 #define _PAM_SM_CLOSE_SESSION pam_sm_close_session
274 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD)
275 #define _PAM_SM_CHAUTHTOK 0
277 #undef PAM_SM_PASSWORD
278 #define PAM_SM_PASSWORD
279 #define _PAM_SM_CHAUTHTOK pam_sm_chauthtok
283 * Infrastructure for static modules using GCC linker sets.
284 * You are not expected to understand this.
286 #if defined(__FreeBSD__)
287 #define PAM_SOEXT ".so"
289 #ifndef NO_STATIC_MODULES
290 #define NO_STATIC_MODULES
293 #if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES)
294 /* gcc, static linking */
295 #include <sys/cdefs.h>
296 #include <linker_set.h>
297 #define OPENPAM_STATIC_MODULES
298 #define PAM_EXTERN static
299 #define PAM_MODULE_ENTRY(name) \
300 static char _pam_name[] = name PAM_SOEXT; \
301 static struct pam_module _pam_module = { _pam_name, { \
302 _PAM_SM_AUTHENTICATE, _PAM_SM_SETCRED, _PAM_SM_ACCT_MGMT, \
303 _PAM_SM_OPEN_SESSION, _PAM_SM_CLOSE_SESSION, _PAM_SM_CHAUTHTOK }, \
304 NULL, 0, NULL, NULL }; \
305 DATA_SET(_openpam_static_modules, _pam_module)
309 #define PAM_MODULE_ENTRY(name)