contrib/openpam/include/security/openpam.h

   1 /*-
   2  * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
   3  * Copyright (c) 2004-2011 Dag-Erling Smørgrav
   4  * All rights reserved.
   5  *
   6  * This software was developed for the FreeBSD Project by ThinkSec AS and
   7  * Network Associates Laboratories, the Security Research Division of
   8  * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
   9  * ("CBOSS"), as part of the DARPA CHATS research program.
  10  *
  11  * Redistribution and use in source and binary forms, with or without
  12  * modification, are permitted provided that the following conditions
  13  * are met:
  14  * 1. Redistributions of source code must retain the above copyright
  15  *    notice, this list of conditions and the following disclaimer.
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *    notice, this list of conditions and the following disclaimer in the
  18  *    documentation and/or other materials provided with the distribution.
  19  * 3. The name of the author may not be used to endorse or promote
  20  *    products derived from this software without specific prior written
  21  *    permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33  * SUCH DAMAGE.
  34  *
  35  * $Id: openpam.h 605 2012-04-20 11:05:10Z des $
  36  */
  37
  38 #ifndef SECURITY_OPENPAM_H_INCLUDED
  39 #define SECURITY_OPENPAM_H_INCLUDED
  40
  41 /*
  42  * Annoying but necessary header pollution
  43  */
  44 #include <stdarg.h>
  45
  46 #include <security/openpam_attr.h>
  47
  48 #ifdef __cplusplus
  49 extern "C" {
  50 #endif
  51
  52 struct passwd;
  53
  54 /*
  55  * API extensions
  56  */
  57 int
  58 openpam_borrow_cred(pam_handle_t *_pamh,
  59         const struct passwd *_pwd)
  60         OPENPAM_NONNULL((1,2));
  61
  62 int
  63 openpam_subst(const pam_handle_t *_pamh,
  64         char *_buf,
  65         size_t *_bufsize,
  66         const char *_template);
  67
  68 void
  69 openpam_free_data(pam_handle_t *_pamh,
  70         void *_data,
  71         int _status);
  72
  73 void
  74 openpam_free_envlist(char **_envlist);
  75
  76 const char *
  77 openpam_get_option(pam_handle_t *_pamh,
  78         const char *_option);
  79
  80 int
  81 openpam_restore_cred(pam_handle_t *_pamh)
  82         OPENPAM_NONNULL((1));
  83
  84 int
  85 openpam_set_option(pam_handle_t *_pamh,
  86         const char *_option,
  87         const char *_value);
  88
  89 int
  90 pam_error(const pam_handle_t *_pamh,
  91         const char *_fmt,
  92         ...)
  93         OPENPAM_FORMAT ((__printf__, 2, 3))
  94         OPENPAM_NONNULL((1,2));
  95
  96 int
  97 pam_get_authtok(pam_handle_t *_pamh,
  98         int _item,
  99         const char **_authtok,
 100         const char *_prompt);
 101
 102 int
 103 pam_info(const pam_handle_t *_pamh,
 104         const char *_fmt,
 105         ...)
 106         OPENPAM_FORMAT ((__printf__, 2, 3))
 107         OPENPAM_NONNULL((1,2));
 108
 109 int
 110 pam_prompt(const pam_handle_t *_pamh,
 111         int _style,
 112         char **_resp,
 113         const char *_fmt,
 114         ...)
 115         OPENPAM_FORMAT ((__printf__, 4, 5))
 116         OPENPAM_NONNULL((1,4));
 117
 118 int
 119 pam_setenv(pam_handle_t *_pamh,
 120         const char *_name,
 121         const char *_value,
 122         int _overwrite);
 123
 124 int
 125 pam_vinfo(const pam_handle_t *_pamh,
 126         const char *_fmt,
 127         va_list _ap)
 128         OPENPAM_FORMAT ((__printf__, 2, 0))
 129         OPENPAM_NONNULL((1,2));
 130
 131 int
 132 pam_verror(const pam_handle_t *_pamh,
 133         const char *_fmt,
 134         va_list _ap)
 135         OPENPAM_FORMAT ((__printf__, 2, 0))
 136         OPENPAM_NONNULL((1,2));
 137
 138 int
 139 pam_vprompt(const pam_handle_t *_pamh,
 140         int _style,
 141         char **_resp,
 142         const char *_fmt,
 143         va_list _ap)
 144         OPENPAM_FORMAT ((__printf__, 4, 0))
 145         OPENPAM_NONNULL((1,4));
 146
 147 /*
 148  * Read cooked lines.
 149  * Checking for _IOFBF is a fairly reliable way to detect the presence
 150  * of <stdio.h>, as SUSv3 requires it to be defined there.
 151  */
 152 #ifdef _IOFBF
 153 char *
 154 openpam_readline(FILE *_f,
 155         int *_lineno,
 156         size_t *_lenp)
 157         OPENPAM_NONNULL((1));
 158
 159 char **
 160 openpam_readlinev(FILE *_f,
 161         int *_lineno,
 162         int *_lenp)
 163         OPENPAM_NONNULL((1));
 164
 165 char *
 166 openpam_readword(FILE *_f,
 167         int *_lineno,
 168         size_t *_lenp)
 169         OPENPAM_NONNULL((1));
 170 #endif
 171
 172 int
 173 openpam_straddch(char **_str,
 174         size_t *_sizep,
 175         size_t *_lenp,
 176         int ch)
 177         OPENPAM_NONNULL((1));
 178
 179 /*
 180  * Enable / disable optional features
 181  */
 182 enum {
 183         OPENPAM_RESTRICT_SERVICE_NAME,
 184         OPENPAM_VERIFY_POLICY_FILE,
 185         OPENPAM_RESTRICT_MODULE_NAME,
 186         OPENPAM_VERIFY_MODULE_FILE,
 187         OPENPAM_NUM_FEATURES
 188 };
 189
 190 int
 191 openpam_set_feature(int _feature, int _onoff);
 192
 193 int
 194 openpam_get_feature(int _feature, int *_onoff);
 195
 196 /*
 197  * Log levels
 198  */
 199 enum {
 200         PAM_LOG_LIBDEBUG = -1,
 201         PAM_LOG_DEBUG,
 202         PAM_LOG_VERBOSE,
 203         PAM_LOG_NOTICE,
 204         PAM_LOG_ERROR
 205 };
 206
 207 /*
 208  * Log to syslog
 209  */
 210 void
 211 _openpam_log(int _level,
 212         const char *_func,
 213         const char *_fmt,
 214         ...)
 215         OPENPAM_FORMAT ((__printf__, 3, 4))
 216         OPENPAM_NONNULL((3));
 217
 218 #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
 219 #define openpam_log(lvl, ...) \
 220         _openpam_log((lvl), __func__, __VA_ARGS__)
 221 #elif defined(__GNUC__) && (__GNUC__ >= 3)
 222 #define openpam_log(lvl, ...) \
 223         _openpam_log((lvl), __func__, __VA_ARGS__)
 224 #elif defined(__GNUC__) && (__GNUC__ >= 2) && (__GNUC_MINOR__ >= 95)
 225 #define openpam_log(lvl, fmt...) \
 226         _openpam_log((lvl), __func__, ##fmt)
 227 #elif defined(__GNUC__) && defined(__FUNCTION__)
 228 #define openpam_log(lvl, fmt...) \
 229         _openpam_log((lvl), __FUNCTION__, ##fmt)
 230 #else
 231 void
 232 openpam_log(int _level,
 233         const char *_format,
 234         ...)
 235         OPENPAM_FORMAT ((__printf__, 2, 3))
 236         OPENPAM_NONNULL((2));
 237 #endif
 238
 239 /*
 240  * Generic conversation function
 241  */
 242 struct pam_message;
 243 struct pam_response;
 244 int openpam_ttyconv(int _n,
 245         const struct pam_message **_msg,
 246         struct pam_response **_resp,
 247         void *_data);
 248
 249 extern int openpam_ttyconv_timeout;
 250
 251 /*
 252  * Null conversation function
 253  */
 254 int openpam_nullconv(int _n,
 255         const struct pam_message **_msg,
 256         struct pam_response **_resp,
 257         void *_data);
 258
 259 /*
 260  * PAM primitives
 261  */
 262 enum {
 263         PAM_SM_AUTHENTICATE,
 264         PAM_SM_SETCRED,
 265         PAM_SM_ACCT_MGMT,
 266         PAM_SM_OPEN_SESSION,
 267         PAM_SM_CLOSE_SESSION,
 268         PAM_SM_CHAUTHTOK,
 269         /* keep this last */
 270         PAM_NUM_PRIMITIVES
 271 };
 272
 273 /*
 274  * Dummy service module function
 275  */
 276 #define PAM_SM_DUMMY(type)                                              \
 277 PAM_EXTERN int                                                          \
 278 pam_sm_##type(pam_handle_t *pamh, int flags,                            \
 279     int argc, const char *argv[])                                       \
 280 {                                                                       \
 281                                                                         \
 282         (void)pamh;                                                     \
 283         (void)flags;                                                    \
 284         (void)argc;                                                     \
 285         (void)argv;                                                     \
 286         return (PAM_IGNORE);                                            \
 287 }
 288
 289 /*
 290  * PAM service module functions match this typedef
 291  */
 292 struct pam_handle;
 293 typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
 294
 295 /*
 296  * A struct that describes a module.
 297  */
 298 typedef struct pam_module pam_module_t;
 299 struct pam_module {
 300         char            *path;
 301         pam_func_t       func[PAM_NUM_PRIMITIVES];
 302         void            *dlh;
 303 };
 304
 305 /*
 306  * Source-code compatibility with Linux-PAM modules
 307  */
 308 #if defined(PAM_SM_AUTH) || defined(PAM_SM_ACCOUNT) || \
 309         defined(PAM_SM_SESSION) || defined(PAM_SM_PASSWORD)
 310 # define LINUX_PAM_MODULE
 311 #endif
 312
 313 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_AUTH)
 314 # define _PAM_SM_AUTHENTICATE   0
 315 # define _PAM_SM_SETCRED        0
 316 #else
 317 # undef PAM_SM_AUTH
 318 # define PAM_SM_AUTH
 319 # define _PAM_SM_AUTHENTICATE   pam_sm_authenticate
 320 # define _PAM_SM_SETCRED        pam_sm_setcred
 321 #endif
 322
 323 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_ACCOUNT)
 324 # define _PAM_SM_ACCT_MGMT      0
 325 #else
 326 # undef PAM_SM_ACCOUNT
 327 # define PAM_SM_ACCOUNT
 328 # define _PAM_SM_ACCT_MGMT      pam_sm_acct_mgmt
 329 #endif
 330
 331 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_SESSION)
 332 # define _PAM_SM_OPEN_SESSION   0
 333 # define _PAM_SM_CLOSE_SESSION  0
 334 #else
 335 # undef PAM_SM_SESSION
 336 # define PAM_SM_SESSION
 337 # define _PAM_SM_OPEN_SESSION   pam_sm_open_session
 338 # define _PAM_SM_CLOSE_SESSION  pam_sm_close_session
 339 #endif
 340
 341 #if defined(LINUX_PAM_MODULE) && !defined(PAM_SM_PASSWORD)
 342 # define _PAM_SM_CHAUTHTOK      0
 343 #else
 344 # undef PAM_SM_PASSWORD
 345 # define PAM_SM_PASSWORD
 346 # define _PAM_SM_CHAUTHTOK      pam_sm_chauthtok
 347 #endif
 348
 349 /*
 350  * Infrastructure for static modules using GCC linker sets.
 351  * You are not expected to understand this.
 352  */
 353 #if !defined(PAM_SOEXT)
 354 # define PAM_SOEXT ".so"
 355 #endif
 356
 357 #if defined(OPENPAM_STATIC_MODULES)
 358 # if !defined(__GNUC__)
 359 #  error "Don't know how to build static modules on non-GNU compilers"
 360 # endif
 361 /* gcc, static linking */
 362 # include <sys/cdefs.h>
 363 # include <linker_set.h>
 364 # define PAM_EXTERN static
 365 # define PAM_MODULE_ENTRY(name)                                         \
 366         static char _pam_name[] = name PAM_SOEXT;                       \
 367         static struct pam_module _pam_module = {                        \
 368                 .path = _pam_name,                                      \
 369                 .func = {                                               \
 370                         [PAM_SM_AUTHENTICATE] = _PAM_SM_AUTHENTICATE,   \
 371                         [PAM_SM_SETCRED] = _PAM_SM_SETCRED,             \
 372                         [PAM_SM_ACCT_MGMT] = _PAM_SM_ACCT_MGMT,         \
 373                         [PAM_SM_OPEN_SESSION] = _PAM_SM_OPEN_SESSION,   \
 374                         [PAM_SM_CLOSE_SESSION] = _PAM_SM_CLOSE_SESSION, \
 375                         [PAM_SM_CHAUTHTOK] = _PAM_SM_CHAUTHTOK          \
 376                 },                                                      \
 377         };                                                              \
 378         DATA_SET(_openpam_static_modules, _pam_module)
 379 #else
 380 /* normal case */
 381 # define PAM_EXTERN
 382 # define PAM_MODULE_ENTRY(name)
 383 #endif
 384
 385 #ifdef __cplusplus
 386 }
 387 #endif
 388
 389 #endif /* !SECURITY_OPENPAM_H_INCLUDED */