OpenSolaris Launch

author: stevel@tonic-gate <none@none> 2005-06-14 00:00:00 -0700
committer: stevel@tonic-gate <none@none> 2005-06-14 00:00:00 -0700
commit: 7c478bd95313f5f23a4c958a745db2134aa03244 (patch)
tree: c871e58545497667cbb4b0a4f2daf204743e1fe7 /usr/src/lib/libpam/pam_appl.h
download: illumos-joyent-7c478bd95313f5f23a4c958a745db2134aa03244.tar.gz
1 files changed, 362 insertions, 0 deletions
diff --git a/usr/src/lib/libpam/pam_appl.h b/usr/src/lib/libpam/pam_appl.h
new file mode 100644
index 0000000000..772f402e7b
--- /dev/null
+++ b/usr/src/lib/libpam/pam_appl.h
@@ -0,0 +1,362 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License").  You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#ifndef _PAM_APPL_H
+#define	_PAM_APPL_H
+
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+#include <sys/types.h>
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+/* Generic PAM errors */
+#define	PAM_SUCCESS		0	/* Normal function return */
+#define	PAM_OPEN_ERR		1	/* Dlopen failure */
+#define	PAM_SYMBOL_ERR		2	/* Symbol not found */
+#define	PAM_SERVICE_ERR		3	/* Error in underlying service module */
+#define	PAM_SYSTEM_ERR		4	/* System error */
+#define	PAM_BUF_ERR		5	/* Memory buffer error */
+#define	PAM_CONV_ERR		6	/* Conversation failure */
+#define	PAM_PERM_DENIED		7	/* Permission denied */
+
+/* Errors returned by pam_authenticate, pam_acct_mgmt(), and pam_setcred() */
+#define	PAM_MAXTRIES		8	/* Maximum number of tries exceeded */
+#define	PAM_AUTH_ERR		9	/* Authentication failure */
+#define	PAM_NEW_AUTHTOK_REQD	10	/* Get new auth token from the user */
+#define	PAM_CRED_INSUFFICIENT	11	/* can not access auth data b/c */
+					/* of insufficient credentials  */
+#define	PAM_AUTHINFO_UNAVAIL	12	/* Can not retrieve auth information */
+#define	PAM_USER_UNKNOWN	13	/* No account present for user */
+
+/* Errors returned by pam_setcred() */
+#define	PAM_CRED_UNAVAIL	14	/* can not retrieve user credentials */
+#define	PAM_CRED_EXPIRED	15	/* user credentials expired */
+#define	PAM_CRED_ERR		16	/* failure setting user credentials */
+
+/* Errors returned by pam_acct_mgmt() */
+#define	PAM_ACCT_EXPIRED	17	/* user account has expired */
+#define	PAM_AUTHTOK_EXPIRED 	18	/* Password expired and no longer */
+					/* usable */
+
+/* Errors returned by pam_open/close_session() */
+#define	PAM_SESSION_ERR		19	/* can not make/remove entry for */
+					/* specified session */
+
+/* Errors returned by pam_chauthtok() */
+#define	PAM_AUTHTOK_ERR		  20	/* Authentication token */
+					/*   manipulation error */
+#define	PAM_AUTHTOK_RECOVERY_ERR  21	/* Old authentication token */
+					/*   cannot be recovered */
+#define	PAM_AUTHTOK_LOCK_BUSY	  22	/* Authentication token */
+					/*   lock busy */
+#define	PAM_AUTHTOK_DISABLE_AGING 23	/* Authentication token aging */
+					/*   is disabled */
+
+/* Errors returned by pam_get_data */
+#define	PAM_NO_MODULE_DATA	24	/* module data not found */
+
+/* Errors returned by modules */
+#define	PAM_IGNORE		25	/* ignore module */
+
+#define	PAM_ABORT		26	/* General PAM failure */
+#define	PAM_TRY_AGAIN		27	/* Unable to update password */
+					/* Try again another time */
+#define	PAM_TOTAL_ERRNUM	28
+
+/*
+ * structure pam_message is used to pass prompt, error message,
+ * or any text information from scheme to application/user.
+ */
+
+struct pam_message {
+	int msg_style;		/* Msg_style - see below */
+	char *msg; 		/* Message string */
+};
+
+/*
+ * msg_style defines the interaction style between the
+ * scheme and the application.
+ */
+#define	PAM_PROMPT_ECHO_OFF	1	/* Echo off when getting response */
+#define	PAM_PROMPT_ECHO_ON	2 	/* Echo on when getting response */
+#define	PAM_ERROR_MSG		3	/* Error message */
+#define	PAM_TEXT_INFO		4	/* Textual information */
+
+/*
+ * Sun's proprietary message types
+ * Can these new new message types supported in version 2
+ * have the numbers like -XXX (ie., negative numbers).
+ * Hence will not clash with new proposals from X/OPEN
+ */
+#define	PAM_MSG_NOCONF		2001	/* No confirmation from user */
+#define	PAM_CONV_INTERRUPT	2002	/* Return from conv() */
+
+/*
+ * max # of messages passed to the application through the
+ * conversation function call
+ */
+#define	PAM_MAX_NUM_MSG	32
+
+/*
+ * max size (in chars) of each messages passed to the application
+ * through the conversation function call
+ */
+#define	PAM_MAX_MSG_SIZE	512
+
+/*
+ * max size (in chars) of each response passed from the application
+ * through the conversation function call
+ */
+#define	PAM_MAX_RESP_SIZE	512
+
+/*
+ * structure pam_response is used by the scheme to get the user's
+ * response back from the application/user.
+ */
+
+struct pam_response {
+	char *resp;		/* Response string */
+	int resp_retcode;	/* Return code - for future use */
+};
+
+/*
+ * structure pam_conv is used by authentication applications for passing
+ * call back function pointers and application data pointers to the scheme
+ */
+struct pam_conv {
+	int (*conv)(int, struct pam_message **,
+	    struct pam_response **, void *);
+	void *appdata_ptr;		/* Application data ptr */
+};
+
+/* the pam handle */
+typedef struct pam_handle pam_handle_t;
+
+/*
+ * pam_start() is called to initiate an authentication exchange
+ * with PAM.
+ */
+extern int
+pam_start(
+	const char *service_name,		/* Service Name */
+	const char *user,			/* User Name */
+	const struct pam_conv *pam_conv,	/* Conversation structure */
+	pam_handle_t **pamh		/* Address to store handle */
+);
+
+/*
+ * pam_end() is called to end an authentication exchange with PAM.
+ */
+extern int
+pam_end(
+	pam_handle_t *pamh,		/* handle from pam_start() */
+	int status			/* the final status value that */
+					/* gets passed to cleanup functions */
+);
+
+/*
+ * pam_set_item is called to store an object in PAM handle.
+ */
+extern int
+pam_set_item(
+	pam_handle_t *pamh,		/* PAM handle */
+	int item_type, 			/* Type of object - see below */
+	const void *item		/* Address of place to put pointer */
+					/*   to object */
+);
+
+/*
+ * pam_get_item is called to retrieve an object from the static data area
+ */
+extern int
+pam_get_item(
+	const pam_handle_t *pamh, 	/* PAM handle */
+	int item_type, 			/* Type of object - see below */
+	void **	item			/* Address of place to put pointer */
+					/*   to object */
+);
+
+/* Items supported by pam_[sg]et_item() calls */
+#define	PAM_SERVICE	1		/* The program/service name */
+#define	PAM_USER	2		/* The user name */
+#define	PAM_TTY		3		/* The tty name */
+#define	PAM_RHOST	4		/* The remote host name */
+#define	PAM_CONV	5		/* The conversation structure */
+#define	PAM_AUTHTOK	6		/* The authentication token */
+#define	PAM_OLDAUTHTOK	7		/* Old authentication token */
+#define	PAM_RUSER	8		/* The remote user name */
+#define	PAM_USER_PROMPT	9		/* The user prompt */
+#define	PAM_REPOSITORY	10		/* The repository to be updated */
+#define	PAM_RESOURCE	11		/* Resource management info */
+
+/* pam repository structure */
+
+struct pam_repository {
+	char   *type;		/* Repository type, e.g., files, nis, ldap */
+	void   *scope;		/* Optional scope information */
+	size_t  scope_len;	/* length of scope inforamtion */
+};
+
+typedef struct pam_repository pam_repository_t;
+
+/*
+ * PAM message version.
+ * Sun proprietary pam_[sg]et_item() extension
+ */
+#define	PAM_MSG_VERSION	3001		/* PAM message version supported */
+#define	PAM_MSG_VERSION_V2 "2.0"	/* PAM 2.0 message version */
+
+/*
+ * pam_get_user is called to retrieve the user name (PAM_USER). If PAM_USER
+ * is not set then this call will prompt for the user name using the
+ * conversation function. This function should only be used by modules, not
+ * applications.
+ */
+
+extern int
+pam_get_user(
+	pam_handle_t *pamh,		/* PAM handle */
+	char **user, 			/* User Name */
+	const char *prompt		/* Prompt */
+);
+
+/*
+ * PAM equivalent to strerror();
+ */
+extern const char *
+pam_strerror(
+	pam_handle_t *pamh,	/* pam handle */
+	int errnum		/* error number */
+);
+
+/* general flag for pam_* functions */
+#define	PAM_SILENT	0x80000000
+
+/*
+ * pam_authenticate is called to authenticate the current user.
+ */
+extern int
+pam_authenticate(
+	pam_handle_t *pamh,
+	int flags
+);
+
+/*
+ * Flags for pam_authenticate
+ */
+
+#define	PAM_DISALLOW_NULL_AUTHTOK 0x1	/* The password must be non-null */
+
+/*
+ * pam_acct_mgmt is called to perform account management processing
+ */
+extern int
+pam_acct_mgmt(
+	pam_handle_t *pamh,
+	int flags
+);
+
+/*
+ * pam_open_session is called to note the initiation of new session in the
+ * appropriate administrative data bases.
+ */
+extern int
+pam_open_session(
+	pam_handle_t *pamh,
+	int flags
+);
+
+/*
+ * pam_close_session records the termination of a session.
+ */
+extern int
+pam_close_session(
+	pam_handle_t	*pamh,
+	int		flags
+);
+
+/* pam_setcred is called to set the credentials of the current user */
+extern int
+pam_setcred(
+	pam_handle_t *pamh,
+	int flags
+);
+
+/* flags for pam_setcred() */
+#define	PAM_ESTABLISH_CRED	0x1	/* set scheme specific user id */
+#define	PAM_DELETE_CRED		0x2	/* unset scheme specific user id */
+#define	PAM_REINITIALIZE_CRED	0x4	/* reinitialize user credentials */
+					/* (after a password has changed */
+#define	PAM_REFRESH_CRED	0x8	/* extend lifetime of credentials */
+
+/* pam_chauthtok is called to change authentication token */
+
+extern int
+pam_chauthtok(
+	pam_handle_t	*pamh,
+	int		flags
+);
+
+/*
+ * Be careful - there are flags defined for pam_sm_chauthtok() in
+ * pam_modules.h also:
+ * PAM_PRELIM_CHECK	0x1
+ * PAM_UPDATE_AUTHTOK	0x2
+ */
+#define	PAM_CHANGE_EXPIRED_AUTHTOK	0x4 /* update expired passwords only */
+#define	PAM_NO_AUTHTOK_CHECK		0x8 /* bypass password strength tests */
+
+/* pam_putenv is called to add environment variables to the PAM handle */
+
+extern int
+pam_putenv(
+	pam_handle_t	*pamh,
+	const char	*name_value
+);
+
+/* pam_getenv is called to retrieve an env variable from the PAM handle */
+
+extern char *
+pam_getenv(
+	pam_handle_t	*pamh,
+	const char	*name
+);
+
+/* pam_getenvlist is called to retrieve all env variables from the PAM handle */
+
+extern char **
+pam_getenvlist(
+	pam_handle_t	*pamh
+);
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif /* _PAM_APPL_H */
author	stevel@tonic-gate <none@none>	2005-06-14 00:00:00 -0700
committer	stevel@tonic-gate <none@none>	2005-06-14 00:00:00 -0700
commit	7c478bd95313f5f23a4c958a745db2134aa03244 (patch)
tree	c871e58545497667cbb4b0a4f2daf204743e1fe7 /usr/src/lib/libpam/pam_appl.h
download	illumos-joyent-7c478bd95313f5f23a4c958a745db2134aa03244.tar.gz