linux-pam (1.5.3)
1 /*
2 * $Id$
3 *
4 * Copyright (c) 1999 Andrew G. Morgan <morgan@linux.kernel.org>
5 *
6 * This header file provides the prototypes for the PAM client API
7 */
8
9 #ifndef PAM_CLIENT_H
10 #define PAM_CLIENT_H
11
12 #ifdef __cplusplus
13 extern "C" {
14 #endif /* def __cplusplus */
15
16 #include <unistd.h>
17 #include <string.h>
18 #include <stdio.h>
19 #include <stdint.h>
20 #include <sys/types.h>
21
22 /* opaque agent handling structure */
23
24 typedef struct pamc_handle_s *pamc_handle_t;
25
26 /* binary prompt structure pointer */
27 typedef struct { uint32_t length; uint8_t control; }
28 __attribute__ ((__packed__)) *pamc_bp_t;
29
30 /*
31 * functions provided by libpamc
32 */
33
34 /*
35 * Initialize the agent abstraction library
36 */
37
38 pamc_handle_t pamc_start(void);
39
40 /*
41 * Terminate the authentication process
42 */
43
44 int pamc_end(pamc_handle_t *pch);
45
46 /*
47 * force the loading of a specified agent
48 */
49
50 int pamc_load(pamc_handle_t pch, const char *agent_id);
51
52 /*
53 * Single conversation interface for binary prompts
54 */
55
56 int pamc_converse(pamc_handle_t pch, pamc_bp_t *prompt_p);
57
58 /*
59 * disable an agent
60 */
61
62 int pamc_disable(pamc_handle_t pch, const char *agent_id);
63
64 /*
65 * obtain a list of available agents
66 */
67
68 char **pamc_list_agents(pamc_handle_t pch);
69
70 /*
71 * PAM_BP_ MACROS for creating, destroying and manipulating binary prompts
72 */
73
74 #include <stdlib.h>
75 #include <stdio.h>
76 #include <unistd.h>
77
78 #ifndef PAM_BP_ASSERT
79 # ifdef NDEBUG
80 # define PAM_BP_ASSERT(x) do {} while (0)
81 # else
82 # define PAM_BP_ASSERT(x) do { printf(__FILE__ "(%d): %s\n", \
83 __LINE__, x) ; exit(1); } while (0)
84 # endif /* NDEBUG */
85 #endif /* PAM_BP_ASSERT */
86
87 #ifndef PAM_BP_CALLOC
88 # define PAM_BP_CALLOC calloc
89 #endif /* PAM_BP_CALLOC */
90
91 #ifndef PAM_BP_FREE
92 # define PAM_BP_FREE free
93 #endif /* PAM_BP_FREE */
94
95 #define __PAM_BP_WOCTET(x,y) (*((y) + (uint8_t *)(x)))
96 #define __PAM_BP_ROCTET(x,y) (*((y) + (const uint8_t *)(x)))
97
98 #define PAM_BP_MIN_SIZE (sizeof(uint32_t) + sizeof(uint8_t))
99 #define PAM_BP_MAX_LENGTH 0x20000 /* an advisory limit */
100 #define PAM_BP_WCONTROL(x) (__PAM_BP_WOCTET(x,4))
101 #define PAM_BP_RCONTROL(x) (__PAM_BP_ROCTET(x,4))
102 #define PAM_BP_SIZE(x) ((__PAM_BP_ROCTET(x,0)<<24)+ \
103 (__PAM_BP_ROCTET(x,1)<<16)+ \
104 (__PAM_BP_ROCTET(x,2)<< 8)+ \
105 (__PAM_BP_ROCTET(x,3) ))
106 #define PAM_BP_LENGTH(x) (PAM_BP_SIZE(x) - PAM_BP_MIN_SIZE)
107 #define PAM_BP_WDATA(x) (PAM_BP_MIN_SIZE + (uint8_t *) (x))
108 #define PAM_BP_RDATA(x) (PAM_BP_MIN_SIZE + (const uint8_t *) (x))
109
110 /* Note, this macro always '\0' terminates renewed packets */
111
112 #define PAM_BP_RENEW(old_p, cntrl, data_length) \
113 do { \
114 if ((old_p) != NULL) { \
115 if (*(old_p)) { \
116 uint32_t __size; \
117 __size = PAM_BP_SIZE(*(old_p)); \
118 memset(*(old_p), 0, __size); \
119 PAM_BP_FREE(*(old_p)); \
120 } \
121 if (cntrl) { \
122 uint32_t __size; \
123 \
124 __size = PAM_BP_MIN_SIZE + data_length; \
125 if ((*(old_p) = PAM_BP_CALLOC(1, 1+__size))) { \
126 __PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \
127 __PAM_BP_WOCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \
128 __PAM_BP_WOCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \
129 __PAM_BP_WOCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \
130 (*(old_p))->control = cntrl; \
131 } else { \
132 PAM_BP_ASSERT("out of memory for binary prompt"); \
133 } \
134 } else { \
135 *old_p = NULL; \
136 } \
137 } else { \
138 PAM_BP_ASSERT("programming error, invalid binary prompt pointer"); \
139 } \
140 } while (0)
141
142 #define PAM_BP_FILL(prmpt, offset, length, data) \
143 do { \
144 size_t bp_length; \
145 uint8_t *prompt = (uint8_t *) (prmpt); \
146 bp_length = PAM_BP_LENGTH(prompt); \
147 if (bp_length < ((length)+(offset))) { \
148 PAM_BP_ASSERT("attempt to write over end of prompt"); \
149 } \
150 memcpy((offset) + PAM_BP_WDATA(prompt), (data), (length)); \
151 } while (0)
152
153 #define PAM_BP_EXTRACT(prmpt, offset, length, data) \
154 do { \
155 size_t __bp_length; \
156 const uint8_t *__prompt = (const uint8_t *) (prmpt); \
157 __bp_length = PAM_BP_LENGTH(__prompt); \
158 if (((offset) < 0) || (__bp_length < ((length)+(offset))) \
159 || ((length) < 0)) { \
160 PAM_BP_ASSERT("invalid extraction from prompt"); \
161 } \
162 memcpy((data), (offset) + PAM_BP_RDATA(__prompt), (length)); \
163 } while (0)
164
165
166 /* Control types */
167
168 #define PAM_BPC_FALSE 0
169 #define PAM_BPC_TRUE 1
170
171 #define PAM_BPC_OK 0x01 /* continuation packet */
172 #define PAM_BPC_SELECT 0x02 /* initialization packet */
173 #define PAM_BPC_DONE 0x03 /* termination packet */
174 #define PAM_BPC_FAIL 0x04 /* unable to execute */
175
176 /* The following control characters are only legal for echanges
177 between an agent and a client (it is the responsibility of the
178 client to enforce this rule in the face of a rogue server): */
179
180 #define PAM_BPC_GETENV 0x41 /* obtain client env.var */
181 #define PAM_BPC_PUTENV 0x42 /* set client env.var */
182 #define PAM_BPC_TEXT 0x43 /* display message */
183 #define PAM_BPC_ERROR 0x44 /* display error message */
184 #define PAM_BPC_PROMPT 0x45 /* echo'd text prompt */
185 #define PAM_BPC_PASS 0x46 /* non-echo'd text prompt*/
186
187 /* quick check for prompts that are legal for the client (by
188 implication the server too) to send to libpamc */
189
190 #define PAM_BPC_FOR_CLIENT(/* pamc_bp_t */ prompt) \
191 (((prompt)->control <= PAM_BPC_FAIL && (prompt)->control >= PAM_BPC_OK) \
192 ? PAM_BPC_TRUE:PAM_BPC_FALSE)
193
194 #ifdef __cplusplus
195 }
196 #endif /* def __cplusplus */
197
198 #endif /* PAM_CLIENT_H */
Browse
Usage
Versions