linux-pam (1.5.3)
1 /*
2 * Copyright (c) 2001-2002 Andrew Morgan <morgan@kernel.org>
3 *
4 * <security/pam_modutil.h>
5 *
6 * This file is a list of handy libc wrappers that attempt to provide some
7 * thread-safe and other convenient functionality to modules in a common form.
8 *
9 * A number of these functions reserve space in a pam_[sg]et_data item.
10 * In all cases, the name of the item is prefixed with "pam_modutil_*".
11 *
12 * On systems that simply can't support thread safe programming, these
13 * functions don't support it either - sorry.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, and the entire permission notice in its entirety,
20 * including the disclaimer of warranties.
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution.
24 * 3. The name of the author may not be used to endorse or promote
25 * products derived from this software without specific prior
26 * written permission.
27 *
28 * ALTERNATIVELY, this product may be distributed under the terms of
29 * the GNU Public License, in which case the provisions of the GPL are
30 * required INSTEAD OF the above restrictions. (This clause is
31 * necessary due to a potential bad interaction between the GPL and
32 * the restrictions contained in a BSD-style copyright.)
33 *
34 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
35 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
36 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
37 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
38 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
39 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
40 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
41 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
42 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
43 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
44 * OF THE POSSIBILITY OF SUCH DAMAGE.
45 */
46
47 #ifndef _SECURITY__PAM_MODUTIL_H
48 #define _SECURITY__PAM_MODUTIL_H
49
50 #include <sys/types.h>
51 #include <pwd.h>
52 #include <grp.h>
53 #include <shadow.h>
54
55 #ifdef __cplusplus
56 extern "C" {
57 #endif
58
59 #include <security/_pam_types.h>
60
61 extern int PAM_NONNULL((1,2))
62 pam_modutil_check_user_in_passwd(pam_handle_t *pamh,
63 const char *user_name,
64 const char *file_name);
65
66 extern struct passwd * PAM_NONNULL((1,2))
67 pam_modutil_getpwnam(pam_handle_t *pamh, const char *user);
68
69 extern struct passwd * PAM_NONNULL((1))
70 pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid);
71
72 extern struct group * PAM_NONNULL((1,2))
73 pam_modutil_getgrnam(pam_handle_t *pamh, const char *group);
74
75 extern struct group * PAM_NONNULL((1))
76 pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid);
77
78 extern struct spwd * PAM_NONNULL((1,2))
79 pam_modutil_getspnam(pam_handle_t *pamh, const char *user);
80
81 extern int PAM_NONNULL((1,2,3))
82 pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh,
83 const char *user,
84 const char *group);
85
86 extern int PAM_NONNULL((1,2))
87 pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh,
88 const char *user,
89 gid_t group);
90
91 extern int PAM_NONNULL((1,3))
92 pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh,
93 uid_t user,
94 const char *group);
95
96 extern int PAM_NONNULL((1))
97 pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh,
98 uid_t user,
99 gid_t group);
100
101 extern const char * PAM_NONNULL((1))
102 pam_modutil_getlogin(pam_handle_t *pamh);
103
104 extern int
105 pam_modutil_read(int fd, char *buffer, int count);
106
107 extern int
108 pam_modutil_write(int fd, const char *buffer, int count);
109
110 extern int PAM_NONNULL((1,3))
111 pam_modutil_audit_write(pam_handle_t *pamh, int type,
112 const char *message, int retval);
113
114 struct pam_modutil_privs {
115 gid_t *grplist;
116 int number_of_groups;
117 int allocated;
118 gid_t old_gid;
119 uid_t old_uid;
120 int is_dropped;
121 };
122
123 #define PAM_MODUTIL_NGROUPS 64
124 #define PAM_MODUTIL_DEF_PRIVS(n) \
125 gid_t n##_grplist[PAM_MODUTIL_NGROUPS]; \
126 struct pam_modutil_privs n = { n##_grplist, PAM_MODUTIL_NGROUPS, 0, -1, -1, 0 }
127
128 extern int PAM_NONNULL((1,2,3))
129 pam_modutil_drop_priv(pam_handle_t *pamh,
130 struct pam_modutil_privs *p,
131 const struct passwd *pw);
132
133 extern int PAM_NONNULL((1,2))
134 pam_modutil_regain_priv(pam_handle_t *pamh,
135 struct pam_modutil_privs *p);
136
137 enum pam_modutil_redirect_fd {
138 PAM_MODUTIL_IGNORE_FD, /* do not redirect */
139 PAM_MODUTIL_PIPE_FD, /* redirect to a pipe */
140 PAM_MODUTIL_NULL_FD, /* redirect to /dev/null */
141 };
142
143 /* redirect standard descriptors, close all other descriptors. */
144 extern int PAM_NONNULL((1))
145 pam_modutil_sanitize_helper_fds(pam_handle_t *pamh,
146 enum pam_modutil_redirect_fd redirect_stdin,
147 enum pam_modutil_redirect_fd redirect_stdout,
148 enum pam_modutil_redirect_fd redirect_stderr);
149
150 /**************************************************
151 * @brief Lookup a value for the key in the file (i.e. login.defs or a similar
152 * key-value format file).
153 *
154 * @param[in] pamh The pam handle structure
155 * @param[in] file_name Configuration file name
156 * @param[in] key Lookup key
157 *
158 * @return value, or NULL if key was not found.
159 **************************************************/
160 extern char * PAM_NONNULL((1,2,3))
161 pam_modutil_search_key(pam_handle_t *pamh,
162 const char *file_name,
163 const char *key);
164
165 #ifdef __cplusplus
166 }
167 #endif
168
169 #endif /* _SECURITY__PAM_MODUTIL_H */
Browse
Usage
Versions