6 * This is the Linux-PAM Library Private Header. It contains things
7 * internal to the Linux-PAM library. Things not needed by either an
8 * application or module.
10 * Please see end of file for copyright.
12 * Creator: Marc Ewing.
16 #ifndef _PAM_PRIVATE_H
17 #define _PAM_PRIVATE_H
19 #include <security/_pam_aconf.h>
21 /* this is not used at the moment --- AGM */
22 #define LIBPAM_VERSION (LIBPAM_VERSION_MAJOR*0x100 + LIBPAM_VERSION_MINOR)
24 #include <security/pam_appl.h>
25 #include <security/pam_modules.h>
27 /* the Linux-PAM configuration file */
29 #define PAM_CONFIG "/etc/pam.conf"
30 #define PAM_CONFIG_D "/etc/pam.d"
31 #define PAM_CONFIG_DF "/etc/pam.d/%s"
33 #define PAM_DEFAULT_SERVICE "other" /* lower case */
34 #define PAM_DEFAULT_SERVICE_FILE PAM_CONFIG_D "/" PAM_DEFAULT_SERVICE
38 * the Linux-PAM lock file. If it exists Linux-PAM will abort. Use it
39 * to block access to libpam
41 #define PAM_LOCK_FILE "/var/lock/subsys/PAM"
44 /* components of the pam_handle structure */
46 #define _PAM_INVALID_RETVAL -1 /* default value for cached_retval */
50 int (*func)(pam_handle_t *pamh, int flags, int argc, char **argv);
51 int actions[_PAM_RETURN_VALUES];
52 /* set by authenticate, open_session, chauthtok(1st)
53 consumed by setcred, close_session, chauthtok(2nd) */
54 int cached_retval; int *cached_retval_p;
60 struct loaded_module {
62 int type; /* PAM_STATIC_MOD or PAM_DYNAMIC_MOD */
66 #define PAM_MT_DYNAMIC_MOD 0
67 #define PAM_MT_STATIC_MOD 1
68 #define PAM_MT_FAULTY_MOD 2
71 struct handler *authenticate;
72 struct handler *setcred;
73 struct handler *acct_mgmt;
74 struct handler *open_session;
75 struct handler *close_session;
76 struct handler *chauthtok;
80 struct loaded_module *module; /* Only used for dynamic loading */
81 int modules_allocated;
85 struct handlers conf; /* the configured handlers */
86 struct handlers other; /* the default handlers */
90 * Environment helper functions
93 #define PAM_ENV_CHUNK 10 /* chunks of memory calloc()'d *
97 int entries; /* the number of pointers available */
98 int requested; /* the number of pointers used: *
99 * 1 <= requested <= entries */
100 char **list; /* the environment storage (a list *
101 * of pointers to malloc() memory) */
104 #include <sys/time.h>
106 typedef enum { PAM_FALSE, PAM_TRUE } _pam_boolean;
108 struct _pam_fail_delay {
112 const void *delay_fn_ptr;
115 struct _pam_former_state {
116 /* this is known and set by _pam_dispatch() */
117 int choice; /* which flavor of module function did we call? */
119 /* state info for the _pam_dispatch_aux() function */
120 int depth; /* how deep in the stack were we? */
121 int impression; /* the impression at that time */
122 int status; /* the status before returning incomplete */
124 /* state info used by pam_get_user() function */
126 char *prompt; /* saved prompt information */
128 /* state info for the pam_chauthtok() function */
135 struct pam_conv *pam_conversation;
137 char *prompt; /* for use by pam_get_user() */
143 struct pam_data *data;
144 struct pam_environ *env; /* structure to maintain environment list */
145 struct _pam_fail_delay fail_delay; /* helper function for easy delays */
146 struct service handlers;
147 struct _pam_former_state former; /* library state - support for
148 event driven applications */
151 /* Values for select arg to _pam_dispatch() */
152 #define PAM_NOT_STACKED 0
153 #define PAM_AUTHENTICATE 1
154 #define PAM_SETCRED 2
155 #define PAM_ACCOUNT 3
156 #define PAM_OPEN_SESSION 4
157 #define PAM_CLOSE_SESSION 5
158 #define PAM_CHAUTHTOK 6
160 #define _PAM_ACTION_IS_JUMP(x) ((x) > 0)
161 #define _PAM_ACTION_IGNORE 0
162 #define _PAM_ACTION_OK -1
163 #define _PAM_ACTION_DONE -2
164 #define _PAM_ACTION_BAD -3
165 #define _PAM_ACTION_DIE -4
166 #define _PAM_ACTION_RESET -5
167 /* Add any new entries here. Will need to change ..._UNDEF and then
168 * need to change pam_tokens.h */
169 #define _PAM_ACTION_UNDEF -6 /* this is treated as an error
170 ( = _PAM_ACTION_BAD) */
172 /* character tables for parsing config files */
173 extern const char * const _pam_token_actions[-_PAM_ACTION_UNDEF];
174 extern const char * const _pam_token_returns[_PAM_RETURN_VALUES+1];
177 * internally defined functions --- these should not be directly
178 * called by applications or modules
180 int _pam_dispatch(pam_handle_t *pamh, int flags, int choice);
182 /* Free various allocated structures and dlclose() the libs */
183 int _pam_free_handlers(pam_handle_t *pamh);
185 /* Parse config file, allocate handler structures, dlopen() */
186 int _pam_init_handlers(pam_handle_t *pamh);
188 /* Set all hander stuff to 0/NULL - called once from pam_start() */
189 void _pam_start_handlers(pam_handle_t *pamh);
191 /* environment helper functions */
193 /* create the environment structure */
194 int _pam_make_env(pam_handle_t *pamh);
196 /* delete the environment structure */
197 void _pam_drop_env(pam_handle_t *pamh);
199 /* these functions deal with failure delays as required by the
200 authentication modules and application. Their *interface* is likely
201 to remain the same although their function is hopefully going to
204 /* reset the timer to no-delay */
205 void _pam_reset_timer(pam_handle_t *pamh);
207 /* this sets the clock ticking */
208 void _pam_start_timer(pam_handle_t *pamh);
210 /* this waits for the clock to stop ticking if status != PAM_SUCCESS */
211 void _pam_await_timer(pam_handle_t *pamh, int status);
213 typedef void (*voidfunc(void))(void);
216 /* The next two in ../modules/_pam_static/pam_static.c */
218 /* Return pointer to data structure used to define a static module */
219 struct pam_module * _pam_open_static_handler(const char *path);
221 /* Return pointer to function requested from static module */
223 voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname);
227 /* For now we just use a stack and linear search for module data. */
228 /* If it becomes apparent that there is a lot of data, it should */
229 /* changed to either a sorted list or a hash table. */
234 void (*cleanup)(pam_handle_t *pamh, void *data, int error_status);
235 struct pam_data *next;
238 void _pam_free_data(pam_handle_t *pamh, int status);
240 int _pam_strCMP(const char *s, const char *t);
241 char *_pam_StrTok(char *from, const char *format, char **next);
243 char *_pam_strdup(const char *s);
245 int _pam_mkargv(char *s, char ***argv, int *argc);
247 void _pam_sanitize(pam_handle_t *pamh);
249 void _pam_set_default_control(int *control_array, int default_action);
251 void _pam_parse_control(int *control_array, char *tok);
253 void _pam_system_log(int priority, const char *format, ... )
255 __attribute__ ((format (printf, 2, 3)));
260 #define _PAM_SYSTEM_LOG_PREFIX "PAM "
263 * XXX - Take care with this. It could confuse the logic of a trailing
267 #define IF_NO_PAMH(X,pamh,ERR) \
268 if ((pamh) == NULL) { \
269 _pam_system_log(LOG_ERR, X ": NULL pam handle passed"); \
273 /* Definition for the default username prompt used by pam_get_user() */
275 #define PAM_DEFAULT_PROMPT "Please enter username: "
278 * include some helpful macros
281 #include <security/_pam_macros.h>
283 /* used to work out where control currently resides (in an application
286 #define _PAM_CALLED_FROM_MODULE 1
287 #define _PAM_CALLED_FROM_APP 2
289 #define __PAM_FROM_MODULE(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_MODULE)
290 #define __PAM_FROM_APP(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_APP)
291 #define __PAM_TO_MODULE(pamh) \
292 do { (pamh)->caller_is = _PAM_CALLED_FROM_MODULE; } while (0)
293 #define __PAM_TO_APP(pamh) \
294 do { (pamh)->caller_is = _PAM_CALLED_FROM_APP; } while (0)
297 * Copyright (C) 1995 by Red Hat Software, Marc Ewing
298 * Copyright (c) 1996-8,2001 by Andrew G. Morgan <morgan@kernel.org>
300 * All rights reserved
302 * Redistribution and use in source and binary forms, with or without
303 * modification, are permitted provided that the following conditions
305 * 1. Redistributions of source code must retain the above copyright
306 * notice, and the entire permission notice in its entirety,
307 * including the disclaimer of warranties.
308 * 2. Redistributions in binary form must reproduce the above copyright
309 * notice, this list of conditions and the following disclaimer in the
310 * documentation and/or other materials provided with the distribution.
311 * 3. The name of the author may not be used to endorse or promote
312 * products derived from this software without specific prior
313 * written permission.
315 * ALTERNATIVELY, this product may be distributed under the terms of
316 * the GNU Public License, in which case the provisions of the GPL are
317 * required INSTEAD OF the above restrictions. (This clause is
318 * necessary due to a potential bad interaction between the GPL and
319 * the restrictions contained in a BSD-style copyright.)
321 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
322 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
323 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
324 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
325 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
326 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
327 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
328 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
329 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
330 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
331 * OF THE POSSIBILITY OF SUCH DAMAGE.
334 #endif /* _PAM_PRIVATE_H_ */