/* * pam_private.h * * This is the Linux-PAM Library Private Header. It contains things * internal to the Linux-PAM library. Things not needed by either an * application or module. * * Please see end of file for copyright. * * Creator: Marc Ewing. * Maintained: CVS */
#ifdef PAM_LOCKING /* * the Linux-PAM lock file. If it exists Linux-PAM will abort. Use it * to block access to libpam */ #define PAM_LOCK_FILE "/var/lock/subsys/PAM" #endif
/* components of the pam_handle structure */
#define _PAM_INVALID_RETVAL -1 /* default value for cached_retval */
structhandler { int handler_type; int (*func)(pam_handle_t *pamh, int flags, int argc, char **argv); int actions[_PAM_RETURN_VALUES]; /* set by authenticate, open_session, chauthtok(1st) consumed by setcred, close_session, chauthtok(2nd) */ int cached_retval; int *cached_retval_p; int argc; char **argv; structhandler *next; char *mod_name; int stack_level; };
structservice { structloaded_module *module;/* Array of modules */ int modules_allocated; int modules_used; int handlers_loaded;
structhandlersconf;/* the configured handlers */ structhandlersother;/* the default handlers */ };
/* * Environment helper functions */
#define PAM_ENV_CHUNK 10 /* chunks of memory calloc()'d * * at once */
structpam_environ { int entries; /* the number of pointers available */ int requested; /* the number of pointers used: * * 1 <= requested <= entries */ char **list; /* the environment storage (a list * * of pointers to malloc() memory) */ };
/* initial state in substack */ struct _pam_substack_state { int impression; int status; };
struct _pam_former_state { /* this is known and set by _pam_dispatch() */ int choice; /* which flavor of module function did we call? */
/* state info for the _pam_dispatch_aux() function */ int depth; /* how deep in the stack were we? */ int impression; /* the impression at that time */ int status; /* the status before returning incomplete */ struct _pam_substack_state *substates;/* array of initial substack states */
/* state info used by pam_get_user() function */ int fail_user; int want_user; char *prompt; /* saved prompt information */
/* state info for the pam_chauthtok() function */ _pam_boolean update; };
structpam_handle { char *authtok; unsigned caller_is; structpam_conv *pam_conversation; char *oldauthtok; char *prompt; /* for use by pam_get_user() */ char *service_name; char *user; char *rhost; char *ruser; char *tty; char *xdisplay; char *authtok_type; /* PAM_AUTHTOK_TYPE */ structpam_data *data; structpam_environ *env;/* structure to maintain environment list */ struct _pam_fail_delayfail_delay;/* helper function for easy delays */ structpam_xauth_dataxauth;/* auth info for X display */ structservicehandlers; struct _pam_former_stateformer;/* library state - support for event driven applications */ constchar *mod_name; /* Name of the module currently executed */ int mod_argc; /* Number of module arguments */ char **mod_argv; /* module arguments */ int choice; /* Which function we call from the module */
#ifdef HAVE_LIBAUDIT int audit_state; /* keep track of reported audit messages */ #endif };
#define _PAM_ACTION_IS_JUMP(x) ((x) > 0) #define _PAM_ACTION_IGNORE 0 #define _PAM_ACTION_OK -1 #define _PAM_ACTION_DONE -2 #define _PAM_ACTION_BAD -3 #define _PAM_ACTION_DIE -4 #define _PAM_ACTION_RESET -5 /* Add any new entries here. Will need to change ..._UNDEF and then * need to change pam_tokens.h */ #define _PAM_ACTION_UNDEF -6 /* this is treated as an error ( = _PAM_ACTION_BAD) */
#define PAM_SUBSTACK_MAX_LEVEL 16 /* maximum level of substacks */
/* character tables for parsing config files */ externconstchar * const _pam_token_actions[-_PAM_ACTION_UNDEF]; externconstchar * const _pam_token_returns[_PAM_RETURN_VALUES+1];
/* * internally defined functions --- these should not be directly * called by applications or modules */ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice);
/* Free various allocated structures and dlclose() the libs */ int _pam_free_handlers(pam_handle_t *pamh);
/* Set all hander stuff to 0/NULL - called once from pam_start() */ void _pam_start_handlers(pam_handle_t *pamh);
/* environment helper functions */
/* create the environment structure */ int _pam_make_env(pam_handle_t *pamh);
/* delete the environment structure */ void _pam_drop_env(pam_handle_t *pamh);
/* these functions deal with failure delays as required by the authentication modules and application. Their *interface* is likely to remain the same although their function is hopefully going to improve */
/* reset the timer to no-delay */ void _pam_reset_timer(pam_handle_t *pamh);
/* this sets the clock ticking */ void _pam_start_timer(pam_handle_t *pamh);
/* this waits for the clock to stop ticking if status != PAM_SUCCESS */ void _pam_await_timer(pam_handle_t *pamh, int status);
#ifdef PAM_STATIC /* The next two in ../modules/_pam_static/pam_static.c */
/* Return pointer to data structure used to define a static module */ structpam_module * _pam_open_static_handler (pam_handle_t *pamh, constchar *path);
/* Return pointer to function requested from static module */
/* For now we just use a stack and linear search for module data. */ /* If it becomes apparent that there is a lot of data, it should */ /* changed to either a sorted list or a hash table. */
#define __PAM_FROM_MODULE(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_MODULE) #define __PAM_FROM_APP(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_APP) #define __PAM_TO_MODULE(pamh) \ do { (pamh)->caller_is = _PAM_CALLED_FROM_MODULE; } while (0) #define __PAM_TO_APP(pamh) \ do { (pamh)->caller_is = _PAM_CALLED_FROM_APP; } while (0)
#ifdef HAVE_LIBAUDIT externint _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags); externint _pam_audit_end(pam_handle_t *pamh, int pam_status); #endif