summaryrefslogtreecommitdiff
path: root/libpam/include/security
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2019-01-22 14:54:11 -0800
committerSteve Langasek <vorlon@debian.org>2019-01-22 14:54:11 -0800
commitf00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb (patch)
tree402838c53047b0e21466a653ae88d86a8e4b7b65 /libpam/include/security
parent795badba7f95e737f979917859cd32c9bd47bcad (diff)
parent1cad9fb2a0d729c5b5e5aa7297c521df7d5a2d33 (diff)
New upstream version 1.3.0
Diffstat (limited to 'libpam/include/security')
-rw-r--r--libpam/include/security/pam_modules.h81
-rw-r--r--libpam/include/security/pam_modutil.h13
2 files changed, 28 insertions, 66 deletions
diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h
index 5c516c4e..ec65e3e9 100644
--- a/libpam/include/security/pam_modules.h
+++ b/libpam/include/security/pam_modules.h
@@ -30,80 +30,26 @@ pam_get_data(const pam_handle_t *pamh, const char *module_data_name,
extern int PAM_NONNULL((1,2))
pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt);
-#ifdef PAM_STATIC
-
-#define PAM_EXTERN static
-
-struct pam_module {
- const char *name; /* Name of the module */
-
- /* These are function pointers to the module's key functions. */
-
- int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
- int (*pam_sm_setcred)(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
- int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
- int (*pam_sm_open_session)(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
- int (*pam_sm_close_session)(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
- int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
-};
-
-#else /* !PAM_STATIC */
-
-#define PAM_EXTERN extern
-
-#endif /* PAM_STATIC */
-
-/* Lots of files include pam_modules.h that don't need these
- * declared. However, when they are declared static, they
- * need to be defined later. So we have to protect C files
- * that include these without wanting these functions defined.. */
-
-#if (defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC)
-
/* Authentication API's */
-PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
-PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
-
-#endif /*(defined(PAM_STATIC) && defined(PAM_SM_AUTH))
- || !defined(PAM_STATIC)*/
-
-#if (defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC)
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+ int argc, const char **argv);
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+ int argc, const char **argv);
/* Account Management API's */
-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
-
-#endif /*(defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT))
- || !defined(PAM_STATIC)*/
-
-#if (defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC)
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+ int argc, const char **argv);
/* Session Management API's */
-PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
+int pam_sm_open_session(pam_handle_t *pamh, int flags,
+ int argc, const char **argv);
-PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
-
-#endif /*(defined(PAM_STATIC) && defined(PAM_SM_SESSION))
- || !defined(PAM_STATIC)*/
-
-#if (defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC)
+int pam_sm_close_session(pam_handle_t *pamh, int flags,
+ int argc, const char **argv);
/* Password Management API's */
-PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
- int argc, const char **argv);
-
-#endif /*(defined(PAM_STATIC) && defined(PAM_SM_PASSWORD))
- || !defined(PAM_STATIC)*/
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+ int argc, const char **argv);
/* The following two flags are for use across the Linux-PAM/module
* interface only. The Application is not permitted to use these
@@ -129,6 +75,9 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
#define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */
+/* PAM_EXTERN isn't needed anymore, but don't remove it to not break
+ lot of external code using it. */
+#define PAM_EXTERN extern
/* take care of any compatibility issues */
#include <security/_pam_compat.h>
diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h
index 8087ba15..4ce8c552 100644
--- a/libpam/include/security/pam_modutil.h
+++ b/libpam/include/security/pam_modutil.h
@@ -129,6 +129,19 @@ extern int PAM_NONNULL((1,2))
pam_modutil_regain_priv(pam_handle_t *pamh,
struct pam_modutil_privs *p);
+enum pam_modutil_redirect_fd {
+ PAM_MODUTIL_IGNORE_FD, /* do not redirect */
+ PAM_MODUTIL_PIPE_FD, /* redirect to a pipe */
+ PAM_MODUTIL_NULL_FD, /* redirect to /dev/null */
+};
+
+/* redirect standard descriptors, close all other descriptors. */
+extern int PAM_NONNULL((1))
+pam_modutil_sanitize_helper_fds(pam_handle_t *pamh,
+ enum pam_modutil_redirect_fd redirect_stdin,
+ enum pam_modutil_redirect_fd redirect_stdout,
+ enum pam_modutil_redirect_fd redirect_stderr);
+
#ifdef __cplusplus
}
#endif