Print this page
2947 initial /etc/pam.d cut
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libpam/pam_impl.h
+++ new/usr/src/lib/libpam/pam_impl.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + *
25 + * Copyright 2012 Joshua M. Clulow <josh@sysmgr.org>
24 26 */
25 27
26 28 #ifndef _PAM_IMPL_H
27 29 #define _PAM_IMPL_H
28 30
29 31 #ifdef __cplusplus
30 32 extern "C" {
31 33 #endif
32 34
33 35 #include <limits.h>
34 36 #include <shadow.h>
35 37 #include <sys/types.h>
36 38
37 39 #define PAMTXD "SUNW_OST_SYSOSPAM"
38 40
39 41 #define PAM_CONFIG "/etc/pam.conf"
42 +#define PAM_CONFIG_DIR "/etc/pam.d/"
40 43 #define PAM_ISA "/$ISA/"
41 44 #define PAM_LIB_DIR "/usr/lib/security/"
42 45 #ifdef _LP64
43 46 #define PAM_ISA_DIR "/64/"
44 47 #else /* !_LP64 */
45 48 #define PAM_ISA_DIR "/"
46 49 #endif /* _LP64 */
47 50
48 51 /* Service Module Types */
49 52
50 53 /*
51 54 * If new service types are added, they should be named in
52 55 * pam_framework.c::pam_snames[] as well.
53 56 */
54 57
55 58 #define PAM_ACCOUNT_NAME "account"
56 59 #define PAM_AUTH_NAME "auth"
57 60 #define PAM_PASSWORD_NAME "password"
58 61 #define PAM_SESSION_NAME "session"
59 62
60 63 #define PAM_ACCOUNT_MODULE 0
61 64 #define PAM_AUTH_MODULE 1
62 65 #define PAM_PASSWORD_MODULE 2
63 66 #define PAM_SESSION_MODULE 3
64 67
65 68 #define PAM_NUM_MODULE_TYPES 4
66 69
67 70 /* Control Flags */
68 71
69 72 #define PAM_BINDING_NAME "binding"
70 73 #define PAM_INCLUDE_NAME "include"
71 74 #define PAM_OPTIONAL_NAME "optional"
72 75 #define PAM_REQUIRED_NAME "required"
73 76 #define PAM_REQUISITE_NAME "requisite"
74 77 #define PAM_SUFFICIENT_NAME "sufficient"
75 78
76 79 #define PAM_BINDING 0x01
77 80 #define PAM_INCLUDE 0x02
78 81 #define PAM_OPTIONAL 0x04
79 82 #define PAM_REQUIRED 0x08
80 83 #define PAM_REQUISITE 0x10
81 84 #define PAM_SUFFICIENT 0x20
82 85
83 86 #define PAM_REQRD_BIND (PAM_REQUIRED | PAM_BINDING)
84 87 #define PAM_SUFFI_BIND (PAM_SUFFICIENT | PAM_BINDING)
85 88
86 89 /* Function Indicators */
87 90
88 91 #define PAM_AUTHENTICATE 1
89 92 #define PAM_SETCRED 2
90 93 #define PAM_ACCT_MGMT 3
91 94 #define PAM_OPEN_SESSION 4
92 95 #define PAM_CLOSE_SESSION 5
93 96 #define PAM_CHAUTHTOK 6
94 97
95 98 /* PAM tracing */
96 99
97 100 #define PAM_DEBUG "/etc/pam_debug"
98 101 #define LOG_PRIORITY "log_priority="
99 102 #define LOG_FACILITY "log_facility="
100 103 #define DEBUG_FLAGS "debug_flags="
101 104 #define PAM_DEBUG_NONE 0x0000
102 105 #define PAM_DEBUG_DEFAULT 0x0001
103 106 #define PAM_DEBUG_ITEM 0x0002
104 107 #define PAM_DEBUG_MODULE 0x0004
105 108 #define PAM_DEBUG_CONF 0x0008
106 109 #define PAM_DEBUG_DATA 0x0010
107 110 #define PAM_DEBUG_CONV 0x0020
108 111 #define PAM_DEBUG_AUTHTOK 0x8000
109 112
110 113 #define PAM_MAX_ITEMS 64 /* Max number of items */
111 114 #define PAM_MAX_INCLUDE 32 /* Max include flag recursions */
112 115
113 116 /* authentication module functions */
114 117 #define PAM_SM_AUTHENTICATE "pam_sm_authenticate"
115 118 #define PAM_SM_SETCRED "pam_sm_setcred"
116 119
117 120 /* session module functions */
118 121 #define PAM_SM_OPEN_SESSION "pam_sm_open_session"
119 122 #define PAM_SM_CLOSE_SESSION "pam_sm_close_session"
120 123
121 124 /* password module functions */
122 125 #define PAM_SM_CHAUTHTOK "pam_sm_chauthtok"
123 126
124 127 /* account module functions */
125 128 #define PAM_SM_ACCT_MGMT "pam_sm_acct_mgmt"
126 129
127 130 /* max # of authentication token attributes */
128 131 #define PAM_MAX_NUM_ATTR 10
129 132
130 133 /* max size (in chars) of an authentication token attribute */
131 134 #define PAM_MAX_ATTR_SIZE 80
132 135
133 136 /* utility function prototypes */
134 137
135 138 /* source values when calling __pam_get_authtok() */
136 139 #define PAM_PROMPT 1 /* prompt user for new password */
137 140 #define PAM_HANDLE 2 /* get password from pam handle (item) */
138 141
139 142 #if PASS_MAX >= PAM_MAX_RESP_SIZE
140 143 #error PASS_MAX > PAM_MAX_RESP_SIZE
141 144 #endif /* PASS_MAX >= PAM_MAX_RESP_SIZE */
142 145
143 146 extern int
144 147 __pam_get_authtok(pam_handle_t *pamh, int source, int type, char *prompt,
145 148 char **authtok);
146 149
147 150 extern int
148 151 __pam_display_msg(pam_handle_t *pamh, int msg_style, int num_msg,
149 152 char messages[PAM_MAX_NUM_MSG][PAM_MAX_MSG_SIZE], void *conv_apdp);
150 153
151 154 extern void
152 155 __pam_log(int priority, const char *format, ...);
153 156
154 157 /* file handle for pam.conf */
155 158 struct pam_fh {
156 159 int fconfig; /* file descriptor returned by open() */
157 160 char line[256];
158 161 size_t bufsize; /* size of the buffer which holds */
159 162 /* the content of pam.conf */
160 163 char *bufferp; /* used to process data */
161 164 char *data; /* contents of pam.conf */
162 165 };
163 166
164 167 /* items that can be set/retrieved thru pam_[sg]et_item() */
165 168 struct pam_item {
166 169 void *pi_addr; /* pointer to item */
167 170 int pi_size; /* size of item */
168 171 };
169 172
170 173 /* module specific data stored in the pam handle */
171 174 struct pam_module_data {
172 175 char *module_data_name; /* unique module data name */
173 176 void *data; /* the module specific data */
174 177 void (*cleanup)(pam_handle_t *pamh, void *data, int pam_status);
175 178 struct pam_module_data *next; /* pointer to next module data */
176 179 };
177 180
178 181 /* each entry from pam.conf is stored here (in the pam handle) */
179 182 typedef struct pamtab {
180 183 char *pam_service; /* PAM service, e.g. login, rlogin */
181 184 int pam_type; /* AUTH, ACCOUNT, PASSWORD, SESSION */
182 185 int pam_flag; /* required, optional, sufficient */
183 186 int pam_err; /* error if line overflow */
184 187 char *module_path; /* module library */
185 188 int module_argc; /* module specific options */
186 189 char **module_argv;
187 190 void *function_ptr; /* pointer to struct holding function ptrs */
188 191 struct pamtab *next;
189 192 } pamtab_t;
190 193
191 194 /* list of open fd's (modules that were dlopen'd) */
192 195 typedef struct fd_list {
193 196 void *mh; /* module handle */
194 197 struct fd_list *next;
195 198 } fd_list;
196 199
197 200 /* list of PAM environment varialbes */
198 201 typedef struct env_list {
199 202 char *name;
200 203 char *value;
201 204 struct env_list *next;
202 205 } env_list;
203 206
204 207 /* pam_inmodule values for pam item checking */
205 208 #define RW_OK 0 /* Read Write items OK */
206 209 #define RO_OK 1 /* Read Only items OK */
207 210 #define WO_OK 2 /* Write Only items/data OK */
208 211
209 212 /* the pam handle */
210 213 struct pam_handle {
211 214 struct pam_item ps_item[PAM_MAX_ITEMS]; /* array of PAM items */
212 215 int include_depth;
213 216 int pam_inmodule; /* Protect restricted pam_get_item calls */
214 217 char *pam_conf_name[PAM_MAX_INCLUDE+1];
215 218 pamtab_t *pam_conf_info[PAM_MAX_INCLUDE+1][PAM_NUM_MODULE_TYPES];
216 219 pamtab_t *pam_conf_modulep[PAM_MAX_INCLUDE+1];
217 220 struct pam_module_data *ssd; /* module specific data */
218 221 fd_list *fd; /* module fd's */
219 222 env_list *pam_env; /* environment variables */
220 223 };
221 224
222 225 /*
223 226 * the function_ptr field in pamtab_t
224 227 * will point to one of these modules
225 228 */
226 229 struct auth_module {
227 230 int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags, int argc,
228 231 const char **argv);
229 232 int (*pam_sm_setcred)(pam_handle_t *pamh, int flags, int argc,
230 233 const char **argv);
231 234 };
232 235
233 236 struct password_module {
234 237 int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags, int argc,
235 238 const char **argv);
236 239 };
237 240
238 241 struct session_module {
239 242 int (*pam_sm_open_session)(pam_handle_t *pamh, int flags, int argc,
240 243 const char **argv);
241 244 int (*pam_sm_close_session)(pam_handle_t *pamh, int flags, int argc,
242 245 const char **argv);
243 246 };
244 247
245 248 struct account_module {
246 249 int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags, int argc,
247 250 const char **argv);
248 251 };
249 252
250 253 #ifdef __cplusplus
251 254 }
252 255 #endif
253 256
254 257 #endif /* _PAM_IMPL_H */
|
↓ open down ↓ |
205 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX