libpamc/include/security/pam_client.h

   1 /*
   2  * $Id$
   3  *
   4  * Copyright (c) 1999 Andrew G. Morgan <morgan@linux.kernel.org>
   5  *
   6  * This header file provides the prototypes for the PAM client API
   7  */
   8
   9 #ifndef PAM_CLIENT_H
  10 #define PAM_CLIENT_H
  11
  12 #ifdef __cplusplus
  13 extern "C" {
  14 #endif /* def __cplusplus */
  15
  16 #include <unistd.h>
  17 #include <string.h>
  18 #include <stdio.h>
  19 #include <sys/types.h>
  20
  21 /* opaque agent handling structure */
  22
  23 typedef struct pamc_handle_s *pamc_handle_t;
  24
  25 /* binary prompt structure pointer */
  26 typedef struct { u_int32_t length; u_int8_t control; } *pamc_bp_t;
  27
  28 /*
  29  * functions provided by libpamc
  30  */
  31
  32 /*
  33  * Initialize the agent abstraction library
  34  */
  35
  36 pamc_handle_t pamc_start(void);
  37
  38 /*
  39  * Terminate the authentication process
  40  */
  41
  42 int pamc_end(pamc_handle_t *pch);
  43
  44 /*
  45  * force the loading of a specified agent
  46  */
  47
  48 int pamc_load(pamc_handle_t pch, const char *agent_id);
  49
  50 /*
  51  * Single conversation interface for binary prompts
  52  */
  53
  54 int pamc_converse(pamc_handle_t pch, pamc_bp_t *prompt_p);
  55
  56 /*
  57  * disable an agent
  58  */
  59
  60 int pamc_disable(pamc_handle_t pch, const char *agent_id);
  61
  62 /*
  63  * obtain a list of available agents
  64  */
  65
  66 char **pamc_list_agents(pamc_handle_t pch);
  67
  68 /*
  69  * PAM_BP_ MACROS for creating, destroying and manipulating binary prompts
  70  */
  71
  72 #include <stdlib.h>
  73 #include <stdio.h>
  74 #include <unistd.h>
  75
  76 #ifndef PAM_BP_ASSERT
  77 # ifdef NDEBUG
  78 #  define PAM_BP_ASSERT(x)   do {} while (0)
  79 # else
  80 #  define PAM_BP_ASSERT(x)   do { printf(__FILE__ "(%d): %s\n", \
  81                                          __LINE__, x) ; exit(1); } while (0)
  82 # endif /* NDEBUG */
  83 #endif /* PAM_BP_ASSERT */
  84
  85 #ifndef PAM_BP_CALLOC
  86 # define PAM_BP_CALLOC      calloc
  87 #endif /* PAM_BP_CALLOC */
  88
  89 #ifndef PAM_BP_FREE
  90 # define PAM_BP_FREE        free
  91 #endif /* PAM_BP_FREE */
  92
  93 #define __PAM_BP_WOCTET(x,y)  (*((y) + (u_int8_t *)(x)))
  94 #define __PAM_BP_ROCTET(x,y)  (*((y) + (const u_int8_t *)(x)))
  95
  96 #define PAM_BP_MIN_SIZE       (sizeof(u_int32_t) + sizeof(u_int8_t))
  97 #define PAM_BP_MAX_LENGTH     0x20000                   /* an advisory limit */
  98 #define PAM_BP_WCONTROL(x)    (__PAM_BP_WOCTET(x,4))
  99 #define PAM_BP_RCONTROL(x)    (__PAM_BP_ROCTET(x,4))
 100 #define PAM_BP_SIZE(x)        ((__PAM_BP_ROCTET(x,0)<<24)+      \
 101                                (__PAM_BP_ROCTET(x,1)<<16)+      \
 102                                (__PAM_BP_ROCTET(x,2)<< 8)+      \
 103                                (__PAM_BP_ROCTET(x,3)    ))
 104 #define PAM_BP_LENGTH(x)      (PAM_BP_SIZE(x) - PAM_BP_MIN_SIZE)
 105 #define PAM_BP_WDATA(x)       (PAM_BP_MIN_SIZE + (u_int8_t *) (x))
 106 #define PAM_BP_RDATA(x)       (PAM_BP_MIN_SIZE + (const u_int8_t *) (x))
 107
 108 /* Note, this macro always '\0' terminates renewed packets */
 109
 110 #define PAM_BP_RENEW(old_p, cntrl, data_length)                            \
 111 do {                                                                       \
 112     if (old_p) {                                                           \
 113         if (*(old_p)) {                                                    \
 114             u_int32_t __size;                                              \
 115             __size = PAM_BP_SIZE(*(old_p));                                \
 116             memset(*(old_p), 0, __size);                                   \
 117             PAM_BP_FREE(*(old_p));                                         \
 118         }                                                                  \
 119         if (cntrl) {                                                       \
 120             u_int32_t __size;                                              \
 121                                                                            \
 122             __size = PAM_BP_MIN_SIZE + data_length;                        \
 123             if ((*(old_p) = PAM_BP_CALLOC(1, 1+__size))) {                 \
 124                 __PAM_BP_WOCTET(*(old_p), 3) =  __size      & 0xFF;        \
 125                 __PAM_BP_WOCTET(*(old_p), 2) = (__size>>=8) & 0xFF;        \
 126                 __PAM_BP_WOCTET(*(old_p), 1) = (__size>>=8) & 0xFF;        \
 127                 __PAM_BP_WOCTET(*(old_p), 0) = (__size>>=8) & 0xFF;        \
 128                 (*(old_p))->control = cntrl;                               \
 129             } else {                                                       \
 130                 PAM_BP_ASSERT("out of memory for binary prompt");          \
 131             }                                                              \
 132         } else {                                                           \
 133             *old_p = NULL;                                                 \
 134         }                                                                  \
 135     } else {                                                               \
 136         PAM_BP_ASSERT("programming error, invalid binary prompt pointer"); \
 137     }                                                                      \
 138 } while (0)
 139
 140 #define PAM_BP_FILL(prmpt, offset, length, data)                           \
 141 do {                                                                       \
 142     size_t bp_length;                                                      \
 143     u_int8_t *prompt = (u_int8_t *) (prmpt);                               \
 144     bp_length = PAM_BP_LENGTH(prompt);                                     \
 145     if (bp_length < ((length)+(offset))) {                                 \
 146         PAM_BP_ASSERT("attempt to write over end of prompt");              \
 147     }                                                                      \
 148     memcpy((offset) + PAM_BP_WDATA(prompt), (data), (length));             \
 149 } while (0)
 150
 151 #define PAM_BP_EXTRACT(prmpt, offset, length, data)                        \
 152 do {                                                                       \
 153     size_t __bp_length;                                                    \
 154     const u_int8_t *__prompt = (const u_int8_t *) (prmpt);                 \
 155     __bp_length = PAM_BP_LENGTH(__prompt);                                 \
 156     if (((offset) < 0) || (__bp_length < ((length)+(offset)))              \
 157         || ((length) < 0)) {                                               \
 158         PAM_BP_ASSERT("invalid extraction from prompt");                   \
 159     }                                                                      \
 160     memcpy((data), (offset) + PAM_BP_RDATA(__prompt), (length));           \
 161 } while (0)
 162
 163
 164 /* Control types */
 165
 166 #define PAM_BPC_FALSE   0
 167 #define PAM_BPC_TRUE    1
 168
 169 #define PAM_BPC_OK      0x01   /* continuation packet   */
 170 #define PAM_BPC_SELECT  0x02   /* initialization packet */
 171 #define PAM_BPC_DONE    0x03   /* termination packet    */
 172 #define PAM_BPC_FAIL    0x04   /* unable to execute     */
 173
 174 /* The following control characters are only legal for echanges
 175    between an agent and a client (it is the responsibility of the
 176    client to enforce this rule in the face of a rogue server): */
 177
 178 #define PAM_BPC_GETENV  0x41   /* obtain client env.var */
 179 #define PAM_BPC_PUTENV  0x42   /* set client env.var    */
 180 #define PAM_BPC_TEXT    0x43   /* display message       */
 181 #define PAM_BPC_ERROR   0x44   /* display error message */
 182 #define PAM_BPC_PROMPT  0x45   /* echo'd text prompt    */
 183 #define PAM_BPC_PASS    0x46   /* non-echo'd text prompt*/
 184
 185 /* quick check for prompts that are legal for the client (by
 186    implication the server too) to send to libpamc */
 187
 188 #define PAM_BPC_FOR_CLIENT(/* pamc_bp_t */ prompt)                            \
 189     (((prompt)->control <= PAM_BPC_FAIL && (prompt)->control >= PAM_BPC_OK)   \
 190      ? PAM_BPC_TRUE:PAM_BPC_FALSE)
 191
 192 #ifdef __cplusplus
 193 }
 194 #endif /* def __cplusplus */
 195
 196 #endif /* PAM_CLIENT_H */