2 * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2015 Dag-Erling Smørgrav
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 * products derived from this software without specific prior written
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * $Id: openpam.h 890 2016-01-11 16:22:09Z des $
38 #ifndef SECURITY_OPENPAM_H_INCLUDED
39 #define SECURITY_OPENPAM_H_INCLUDED
42 * Annoying but necessary header pollution
46 #include <security/openpam_attr.h>
58 openpam_borrow_cred(pam_handle_t *_pamh,
59 const struct passwd *_pwd)
60 OPENPAM_NONNULL((1,2));
63 openpam_subst(const pam_handle_t *_pamh,
66 const char *_template);
69 openpam_free_data(pam_handle_t *_pamh,
74 openpam_free_envlist(char **_envlist);
77 openpam_get_option(pam_handle_t *_pamh,
81 openpam_restore_cred(pam_handle_t *_pamh)
85 openpam_set_option(pam_handle_t *_pamh,
90 pam_error(const pam_handle_t *_pamh,
93 OPENPAM_FORMAT ((__printf__, 2, 3))
94 OPENPAM_NONNULL((1,2));
97 pam_get_authtok(pam_handle_t *_pamh,
99 const char **_authtok,
101 OPENPAM_NONNULL((1,3));
104 pam_info(const pam_handle_t *_pamh,
107 OPENPAM_FORMAT ((__printf__, 2, 3))
108 OPENPAM_NONNULL((1,2));
111 pam_prompt(const pam_handle_t *_pamh,
116 OPENPAM_FORMAT ((__printf__, 4, 5))
117 OPENPAM_NONNULL((1,4));
120 pam_setenv(pam_handle_t *_pamh,
124 OPENPAM_NONNULL((1,2,3));
127 pam_vinfo(const pam_handle_t *_pamh,
130 OPENPAM_FORMAT ((__printf__, 2, 0))
131 OPENPAM_NONNULL((1,2));
134 pam_verror(const pam_handle_t *_pamh,
137 OPENPAM_FORMAT ((__printf__, 2, 0))
138 OPENPAM_NONNULL((1,2));
141 pam_vprompt(const pam_handle_t *_pamh,
146 OPENPAM_FORMAT ((__printf__, 4, 0))
147 OPENPAM_NONNULL((1,4));
151 * Checking for _IOFBF is a fairly reliable way to detect the presence
152 * of <stdio.h>, as SUSv3 requires it to be defined there.
156 openpam_readline(FILE *_f,
159 OPENPAM_NONNULL((1));
162 openpam_readlinev(FILE *_f,
165 OPENPAM_NONNULL((1));
168 openpam_readword(FILE *_f,
171 OPENPAM_NONNULL((1));
175 openpam_straddch(char **_str,
179 OPENPAM_NONNULL((1));
182 * Enable / disable optional features
185 OPENPAM_RESTRICT_SERVICE_NAME,
186 OPENPAM_VERIFY_POLICY_FILE,
187 OPENPAM_RESTRICT_MODULE_NAME,
188 OPENPAM_VERIFY_MODULE_FILE,
189 OPENPAM_FALLBACK_TO_OTHER,
194 openpam_set_feature(int _feature, int _onoff);
197 openpam_get_feature(int _feature, int *_onoff);
203 PAM_LOG_LIBDEBUG = -1,
214 _openpam_log(int _level,
218 OPENPAM_FORMAT ((__printf__, 3, 4))
219 OPENPAM_NONNULL((3));
221 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
222 #define openpam_log(lvl, ...) \
223 _openpam_log((lvl), __func__, __VA_ARGS__)
224 #elif defined(__GNUC__) && (__GNUC__ >= 3)
225 #define openpam_log(lvl, ...) \
226 _openpam_log((lvl), __func__, __VA_ARGS__)
227 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95)
228 #define openpam_log(lvl, fmt...) \
229 _openpam_log((lvl), __func__, ##fmt)
230 #elif defined(__GNUC__) && defined(__FUNCTION__)
231 #define openpam_log(lvl, fmt...) \
232 _openpam_log((lvl), __FUNCTION__, ##fmt)
235 openpam_log(int _level,
238 OPENPAM_FORMAT ((__printf__, 2, 3))
239 OPENPAM_NONNULL((2));
243 * Generic conversation function
247 int openpam_ttyconv(int _n,
248 const struct pam_message **_msg,
249 struct pam_response **_resp,
252 extern int openpam_ttyconv_timeout;
255 * Null conversation function
257 int openpam_nullconv(int _n,
258 const struct pam_message **_msg,
259 struct pam_response **_resp,
270 PAM_SM_CLOSE_SESSION,
277 * Dummy service module function
279 #define PAM_SM_DUMMY(type) \
281 pam_sm_##type(pam_handle_t *pamh, int flags, \
282 int argc, const char *argv[]) \
289 return (PAM_IGNORE); \
293 * PAM service module functions match this typedef
296 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
299 * A struct that describes a module.
301 typedef struct pam_module pam_module_t;
304 pam_func_t func[PAM_NUM_PRIMITIVES];
309 * Source-code compatibility with Linux-PAM modules
311 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \
312 defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD)
313 # define LINUX_PAM_MODULE
316 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH)
317 # define _PAM_SM_AUTHENTICATE 0
318 # define _PAM_SM_SETCRED 0
322 # define _PAM_SM_AUTHENTICATE pam_sm_authenticate
323 # define _PAM_SM_SETCRED pam_sm_setcred
326 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT)
327 # define _PAM_SM_ACCT_MGMT 0
329 # undef PAM_SM_ACCOUNT
330 # define PAM_SM_ACCOUNT
331 # define _PAM_SM_ACCT_MGMT pam_sm_acct_mgmt
334 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION)
335 # define _PAM_SM_OPEN_SESSION 0
336 # define _PAM_SM_CLOSE_SESSION 0
338 # undef PAM_SM_SESSION
339 # define PAM_SM_SESSION
340 # define _PAM_SM_OPEN_SESSION pam_sm_open_session
341 # define _PAM_SM_CLOSE_SESSION pam_sm_close_session
344 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD)
345 # define _PAM_SM_CHAUTHTOK 0
347 # undef PAM_SM_PASSWORD
348 # define PAM_SM_PASSWORD
349 # define _PAM_SM_CHAUTHTOK pam_sm_chauthtok
353 * Infrastructure for static modules using GCC linker sets.
354 * You are not expected to understand this.
356 #if !defined(PAM_SOEXT)
357 # define PAM_SOEXT ".so"
360 #if defined(OPENPAM_STATIC_MODULES)
361 # if !defined(__GNUC__)
362 # error "Don't know how to build static modules on non-GNU compilers"
364 /* gcc, static linking */
365 # include <sys/cdefs.h>
366 # include <linker_set.h>
367 # define PAM_EXTERN static
368 # define PAM_MODULE_ENTRY(name) \
369 static char _pam_name[] = name PAM_SOEXT; \
370 static struct pam_module _pam_module = { \
373 [PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE, \
374 [PAM_SM_SETCRED] = _PAM_SM_SETCRED, \
375 [PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT, \
376 [PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION, \
377 [PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \
378 [PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK \
381 DATA_SET(_openpam_static_modules, _pam_module)
385 # define PAM_MODULE_ENTRY(name)
392 #endif /* !SECURITY_OPENPAM_H_INCLUDED */