1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _PAM_IMPL_H
#define _PAM_IMPL_H
#ifdef __cplusplus
extern "C" {
#endif
#include <limits.h>
#include <shadow.h>
#include <sys/types.h>
#define PAMTXD "SUNW_OST_SYSOSPAM"
#define PAM_CONFIG "/etc/pam.conf"
#define PAM_ISA "/$ISA/"
#define PAM_LIB_DIR "/usr/lib/security/"
#ifdef _LP64
#define PAM_ISA_DIR "/64/"
#else /* !_LP64 */
#define PAM_ISA_DIR "/"
#endif /* _LP64 */
/* Service Module Types */
/*
* If new service types are added, they should be named in
* pam_framework.c::pam_snames[] as well.
*/
#define PAM_ACCOUNT_NAME "account"
#define PAM_AUTH_NAME "auth"
#define PAM_PASSWORD_NAME "password"
#define PAM_SESSION_NAME "session"
#define PAM_ACCOUNT_MODULE 0
#define PAM_AUTH_MODULE 1
#define PAM_PASSWORD_MODULE 2
#define PAM_SESSION_MODULE 3
#define PAM_NUM_MODULE_TYPES 4
/* Control Flags */
#define PAM_BINDING_NAME "binding"
#define PAM_INCLUDE_NAME "include"
#define PAM_OPTIONAL_NAME "optional"
#define PAM_REQUIRED_NAME "required"
#define PAM_REQUISITE_NAME "requisite"
#define PAM_SUFFICIENT_NAME "sufficient"
#define PAM_BINDING 0x01
#define PAM_INCLUDE 0x02
#define PAM_OPTIONAL 0x04
#define PAM_REQUIRED 0x08
#define PAM_REQUISITE 0x10
#define PAM_SUFFICIENT 0x20
#define PAM_REQRD_BIND (PAM_REQUIRED | PAM_BINDING)
#define PAM_SUFFI_BIND (PAM_SUFFICIENT | PAM_BINDING)
/* Function Indicators */
#define PAM_AUTHENTICATE 1
#define PAM_SETCRED 2
#define PAM_ACCT_MGMT 3
#define PAM_OPEN_SESSION 4
#define PAM_CLOSE_SESSION 5
#define PAM_CHAUTHTOK 6
/* PAM tracing */
#define PAM_DEBUG "/etc/pam_debug"
#define LOG_PRIORITY "log_priority="
#define LOG_FACILITY "log_facility="
#define DEBUG_FLAGS "debug_flags="
#define PAM_DEBUG_NONE 0x0000
#define PAM_DEBUG_DEFAULT 0x0001
#define PAM_DEBUG_ITEM 0x0002
#define PAM_DEBUG_MODULE 0x0004
#define PAM_DEBUG_CONF 0x0008
#define PAM_DEBUG_DATA 0x0010
#define PAM_DEBUG_CONV 0x0020
#define PAM_DEBUG_AUTHTOK 0x8000
#define PAM_MAX_ITEMS 64 /* Max number of items */
#define PAM_MAX_INCLUDE 32 /* Max include flag recursions */
/* authentication module functions */
#define PAM_SM_AUTHENTICATE "pam_sm_authenticate"
#define PAM_SM_SETCRED "pam_sm_setcred"
/* session module functions */
#define PAM_SM_OPEN_SESSION "pam_sm_open_session"
#define PAM_SM_CLOSE_SESSION "pam_sm_close_session"
/* password module functions */
#define PAM_SM_CHAUTHTOK "pam_sm_chauthtok"
/* account module functions */
#define PAM_SM_ACCT_MGMT "pam_sm_acct_mgmt"
/* max # of authentication token attributes */
#define PAM_MAX_NUM_ATTR 10
/* max size (in chars) of an authentication token attribute */
#define PAM_MAX_ATTR_SIZE 80
/* utility function prototypes */
/* source values when calling __pam_get_authtok() */
#define PAM_PROMPT 1 /* prompt user for new password */
#define PAM_HANDLE 2 /* get password from pam handle (item) */
#if PASS_MAX >= PAM_MAX_RESP_SIZE
#error PASS_MAX > PAM_MAX_RESP_SIZE
#endif /* PASS_MAX >= PAM_MAX_RESP_SIZE */
extern int
__pam_get_authtok(pam_handle_t *pamh, int source, int type, char *prompt,
char **authtok);
extern int
__pam_display_msg(pam_handle_t *pamh, int msg_style, int num_msg,
char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE], void *conv_apdp);
extern void
__pam_log(int priority, const char *format, ...);
/* file handle for pam.conf */
struct pam_fh {
int fconfig; /* file descriptor returned by open() */
char line[256];
size_t bufsize; /* size of the buffer which holds */
/* the content of pam.conf */
char *bufferp; /* used to process data */
char *data; /* contents of pam.conf */
};
/* items that can be set/retrieved thru pam_[sg]et_item() */
struct pam_item {
void *pi_addr; /* pointer to item */
int pi_size; /* size of item */
};
/* module specific data stored in the pam handle */
struct pam_module_data {
char *module_data_name; /* unique module data name */
void *data; /* the module specific data */
void (*cleanup)(pam_handle_t *pamh, void *data, int pam_status);
struct pam_module_data *next; /* pointer to next module data */
};
/* each entry from pam.conf is stored here (in the pam handle) */
typedef struct pamtab {
char *pam_service; /* PAM service, e.g. login, rlogin */
int pam_type; /* AUTH, ACCOUNT, PASSWORD, SESSION */
int pam_flag; /* required, optional, sufficient */
int pam_err; /* error if line overflow */
char *module_path; /* module library */
int module_argc; /* module specific options */
char **module_argv;
void *function_ptr; /* pointer to struct holding function ptrs */
struct pamtab *next;
} pamtab_t;
/* list of open fd's (modules that were dlopen'd) */
typedef struct fd_list {
void *mh; /* module handle */
struct fd_list *next;
} fd_list;
/* list of PAM environment varialbes */
typedef struct env_list {
char *name;
char *value;
struct env_list *next;
} env_list;
/* pam_inmodule values for pam item checking */
#define RW_OK 0 /* Read Write items OK */
#define RO_OK 1 /* Read Only items OK */
#define WO_OK 2 /* Write Only items/data OK */
/* the pam handle */
struct pam_handle {
struct pam_item ps_item[PAM_MAX_ITEMS]; /* array of PAM items */
int include_depth;
int pam_inmodule; /* Protect restricted pam_get_item calls */
char *pam_conf_name[PAM_MAX_INCLUDE+1];
pamtab_t *pam_conf_info[PAM_MAX_INCLUDE+1][PAM_NUM_MODULE_TYPES];
pamtab_t *pam_conf_modulep[PAM_MAX_INCLUDE+1];
struct pam_module_data *ssd; /* module specific data */
fd_list *fd; /* module fd's */
env_list *pam_env; /* environment variables */
};
/*
* the function_ptr field in pamtab_t
* will point to one of these modules
*/
struct auth_module {
int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags, int argc,
const char **argv);
int (*pam_sm_setcred)(pam_handle_t *pamh, int flags, int argc,
const char **argv);
};
struct password_module {
int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags, int argc,
const char **argv);
};
struct session_module {
int (*pam_sm_open_session)(pam_handle_t *pamh, int flags, int argc,
const char **argv);
int (*pam_sm_close_session)(pam_handle_t *pamh, int flags, int argc,
const char **argv);
};
struct account_module {
int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags, int argc,
const char **argv);
};
#ifdef __cplusplus
}
#endif
#endif /* _PAM_IMPL_H */
|
