Initial revision

author: Andrew G. Morgan <morgan@kernel.org> 2000-06-20 22:10:38 +0000
committer: Andrew G. Morgan <morgan@kernel.org> 2000-06-20 22:10:38 +0000
commit: ea488580c42e8918445a945484de3c8a5addc761 (patch)
tree: c992f3ba699caafedfadc16af38e6359c3c24698 /libpam/include
6 files changed, 970 insertions, 0 deletions
diff --git a/libpam/include/security/_pam_compat.h b/libpam/include/security/_pam_compat.h
new file mode 100644
index 00000000..a5f77e7a
--- /dev/null
+++ b/libpam/include/security/_pam_compat.h
@@ -0,0 +1,122 @@
+#ifndef _PAM_COMPAT_H
+#define _PAM_COMPAT_H
+
+/*
+ * $Id$
+ *
+ * This file was contributed by Derrick J Brashear <shadow@dementia.org>
+ * slight modification by Brad M. Garcia <bgarcia@fore.com>
+ *
+ * A number of operating systems have started to implement PAM.
+ * unfortunately, they have a different set of numeric values for
+ * certain constants.  This file is included for compatibility's sake.
+ */
+
+/* Solaris uses different constants. We redefine to those here */
+#if defined(solaris) || (defined(__SVR4) && defined(sun))
+
+#ifndef _SECURITY__PAM_TYPES_H
+
+# ifdef _SECURITY_PAM_MODULES_H
+
+/* flags for pam_chauthtok() */
+#  undef PAM_PRELIM_CHECK
+#  define PAM_PRELIM_CHECK        0x1
+
+#  undef PAM_UPDATE_AUTHTOK
+#  define PAM_UPDATE_AUTHTOK      0x2
+
+# endif /* _SECURITY_PAM_MODULES_H */
+
+#else /* _SECURITY__PAM_TYPES_H */
+
+/* generic for pam_* functions */
+# undef PAM_SILENT
+# define PAM_SILENT              0x80000000
+
+/* flags for pam_setcred() */
+# undef PAM_ESTABLISH_CRED
+# define PAM_ESTABLISH_CRED      0x1
+
+# undef PAM_DELETE_CRED
+# define PAM_DELETE_CRED         0x2
+
+# undef PAM_REINITIALIZE_CRED
+# define PAM_REINITIALIZE_CRED   0x4
+
+# undef PAM_REFRESH_CRED
+# define PAM_REFRESH_CRED        0x8
+
+/* another binary incompatibility comes from the return codes! */
+
+# undef PAM_CONV_ERR
+# define PAM_CONV_ERR            6
+
+# undef PAM_PERM_DENIED
+# define PAM_PERM_DENIED         7
+
+# undef PAM_MAXTRIES
+# define PAM_MAXTRIES            8
+
+# undef PAM_AUTH_ERR
+# define PAM_AUTH_ERR            9
+
+# undef PAM_NEW_AUTHTOK_REQD
+# define PAM_NEW_AUTHTOK_REQD    10
+
+# undef PAM_CRED_INSUFFICIENT
+# define PAM_CRED_INSUFFICIENT   11
+
+# undef PAM_AUTHINFO_UNAVAIL
+# define PAM_AUTHINFO_UNAVAIL    12
+
+# undef PAM_USER_UNKNOWN
+# define PAM_USER_UNKNOWN        13
+
+# undef PAM_CRED_UNAVAIL
+# define PAM_CRED_UNAVAIL        14
+
+# undef PAM_CRED_EXPIRED
+# define PAM_CRED_EXPIRED        15
+
+# undef PAM_CRED_ERR
+# define PAM_CRED_ERR            16
+
+# undef PAM_ACCT_EXPIRED
+# define PAM_ACCT_EXPIRED        17
+
+# undef PAM_AUTHTOK_EXPIRED
+# define PAM_AUTHTOK_EXPIRED     18
+
+# undef PAM_SESSION_ERR
+# define PAM_SESSION_ERR         19
+
+# undef PAM_AUTHTOK_ERR
+# define PAM_AUTHTOK_ERR           20
+
+# undef PAM_AUTHTOK_RECOVERY_ERR
+# define PAM_AUTHTOK_RECOVERY_ERR  21
+
+# undef PAM_AUTHTOK_LOCK_BUSY
+# define PAM_AUTHTOK_LOCK_BUSY     22
+
+# undef PAM_AUTHTOK_DISABLE_AGING
+# define PAM_AUTHTOK_DISABLE_AGING 23
+
+# undef PAM_NO_MODULE_DATA
+# define PAM_NO_MODULE_DATA      24
+
+# undef PAM_IGNORE
+# define PAM_IGNORE              25
+
+# undef PAM_ABORT
+# define PAM_ABORT               26
+
+# undef PAM_TRY_AGAIN
+# define PAM_TRY_AGAIN           27
+
+#endif /* _SECURITY__PAM_TYPES_H */
+
+#endif /* defined(solaris) || (defined(__SVR4) && defined(sun)) */
+
+#endif /* _PAM_COMPAT_H */
diff --git a/libpam/include/security/_pam_macros.h b/libpam/include/security/_pam_macros.h
new file mode 100644
index 00000000..7c3dde1d
--- /dev/null
+++ b/libpam/include/security/_pam_macros.h
@@ -0,0 +1,166 @@
+#ifndef PAM_MACROS_H
+#define PAM_MACROS_H
+
+/*
+ * All kind of macros used by PAM, but usable in some other
+ * programs too.
+ * Organized by Cristian Gafton <gafton@redhat.com>
+ */
+
+/* a 'safe' version of strdup */
+
+#include <string.h>
+#include <stdlib.h>
+
+#define  x_strdup(s)  ( (s) ? strdup(s):NULL )
+
+/* Good policy to strike out passwords with some characters not just
+   free the memory */
+
+#define _pam_overwrite(x)        \
+do {                             \
+     register char *__xx__;      \
+     if ((__xx__=(x)))           \
+          while (*__xx__)        \
+               *__xx__++ = '\0'; \
+} while (0)
+
+/*
+ * Don't just free it, forget it too.
+ */
+
+#define _pam_drop(X) \
+do {                 \
+    if (X) {         \
+        free(X);     \
+        X=NULL;      \
+    }                \
+} while (0)
+
+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+do {                                              \
+    int reply_i;                                  \
+                                                  \
+    for (reply_i=0; reply_i<replies; ++reply_i) { \
+	if (reply[reply_i].resp) {                \
+	    _pam_overwrite(reply[reply_i].resp);  \
+	    free(reply[reply_i].resp);            \
+	}                                         \
+    }                                             \
+    if (reply)                                    \
+	free(reply);                              \
+} while (0)
+
+/* some debugging code */
+
+#ifdef DEBUG
+
+/*
+ * This provides the necessary function to do debugging in PAM.
+ * Cristian Gafton <gafton@redhat.com>
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdarg.h>
+#include <errno.h>
+
+/*
+ * This is for debugging purposes ONLY. DO NOT use on live systems !!!
+ * You have been warned :-) - CG
+ *
+ * to get automated debugging to the log file, it must be created manually.
+ * _PAM_LOGFILE must exist, mode 666
+ */
+
+#ifndef _PAM_LOGFILE
+#define _PAM_LOGFILE "/tmp/pam-debug.log"
+#endif
+
+static void _pam_output_debug_info(const char *file, const char *fn
+				   , const int line)
+{
+    FILE *logfile;
+    int must_close = 1;
+    
+    if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
+        logfile = stderr;
+        must_close = 0;
+    }
+    fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
+    if (must_close) {
+        fflush(logfile);
+        fclose(logfile);
+    }
+}
+
+static void _pam_output_debug(const char *format, ...)
+{
+    va_list args;
+    FILE *logfile;
+    int must_close = 1;
+    
+    va_start(args, format);
+
+    if (!(logfile = fopen(_PAM_LOGFILE,"a"))) {
+        logfile = stderr;
+        must_close = 0;
+    }
+    vfprintf(logfile, format, args);
+    fprintf(logfile, "\n");
+    if (must_close) {
+        fflush(logfile);
+        fclose(logfile);
+    }
+
+    va_end(args);
+}
+
+#define D(x) do { \
+    _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \
+    _pam_output_debug x ; \
+} while (0)
+
+#define _pam_show_mem(X,XS) do {                                      \
+      int i;                                                          \
+      register unsigned char *x;                                      \
+      x = (unsigned char *)X;                                         \
+      fprintf(stderr, "  <start at %p>\n", X);                        \
+      for (i = 0; i < XS ; ++x, ++i) {                                \
+          fprintf(stderr, "    %02X. <%p:%02X>\n", i, x, *x);         \
+      }                                                               \
+      fprintf(stderr, "  <end for %p after %d bytes>\n", X, XS);      \
+} while (0)
+
+#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \
+do {                                                                        \
+    int reply_i;                                                            \
+    setbuf(stderr, NULL);                                                   \
+    fprintf(stderr, "array at %p of size %d\n",reply,replies);              \
+    fflush(stderr);                                                         \
+    if (reply) {                                                            \
+	for (reply_i = 0; reply_i < replies; reply_i++) {                   \
+	    fprintf(stderr, "  elem# %d at %p: resp = %p, retcode = %d\n",  \
+		    reply_i, reply+reply_i, reply[reply_i].resp,            \
+		    reply[reply_i].resp, _retcode);                         \
+	    fflush(stderr);                                                 \
+	    if (reply[reply_i].resp) {                                      \
+		fprintf(stderr, "    resp[%d] = '%s'\n",                    \
+			strlen(reply[reply_i].resp), reply[reply_i].resp);  \
+		fflush(stderr);                                             \
+	    }                                                               \
+	}                                                                   \
+    }                                                                       \
+    fprintf(stderr, "done here\n");                                         \
+    fflush(stderr);                                                         \
+} while (0)
+
+#else
+
+#define D(x)                             do { } while (0)
+#define _pam_show_mem(X,XS)              do { } while (0)
+#define _pam_show_reply(reply, replies)  do { } while (0)
+
+#endif /* DEBUG */
+
+#endif  /* PAM_MACROS_H */
diff --git a/libpam/include/security/_pam_types.h b/libpam/include/security/_pam_types.h
new file mode 100644
index 00000000..fe4ada39
--- /dev/null
+++ b/libpam/include/security/_pam_types.h
@@ -0,0 +1,316 @@
+/*
+ * <security/_pam_types.h>
+ *
+ * $Id$
+ *
+ * This file defines all of the types common to the Linux-PAM library
+ * applications and modules.
+ *
+ * Note, the copyright+license information is at end of file.
+ *
+ * Created: 1996/3/5 by AGM
+ */
+
+#ifndef _SECURITY__PAM_TYPES_H
+#define _SECURITY__PAM_TYPES_H
+
+/*
+ * include local definition for POSIX - NULL
+ */
+
+#include <locale.h>
+
+/* This is a blind structure; users aren't allowed to see inside a
+ * pam_handle_t, so we don't define struct pam_handle here.  This is
+ * defined in a file private to the PAM library.  (i.e., it's private
+ * to PAM service modules, too!)  */
+
+typedef struct pam_handle pam_handle_t;
+
+/* ----------------- The Linux-PAM return values ------------------ */
+
+#define PAM_SUCCESS 0		/* Successful function return */
+#define PAM_OPEN_ERR 1		/* dlopen() failure when dynamically */
+				/* loading a service module */
+#define PAM_SYMBOL_ERR 2	/* Symbol not found */
+#define PAM_SERVICE_ERR 3	/* Error in service module */
+#define PAM_SYSTEM_ERR 4	/* System error */
+#define PAM_BUF_ERR 5		/* Memory buffer error */
+#define PAM_PERM_DENIED 6	/* Permission denied */
+#define PAM_AUTH_ERR 7		/* Authentication failure */
+#define PAM_CRED_INSUFFICIENT 8	/* Can not access authentication data */
+				/* due to insufficient credentials */
+#define PAM_AUTHINFO_UNAVAIL 9	/* Underlying authentication service */
+				/* can not retrieve authenticaiton */
+				/* information  */
+#define PAM_USER_UNKNOWN 10	/* User not known to the underlying */
+				/* authenticaiton module */
+#define PAM_MAXTRIES 11		/* An authentication service has */
+				/* maintained a retry count which has */
+				/* been reached.  No further retries */
+				/* should be attempted */
+#define PAM_NEW_AUTHTOK_REQD 12	/* New authentication token required. */
+				/* This is normally returned if the */
+				/* machine security policies require */
+				/* that the password should be changed */
+				/* beccause the password is NULL or it */
+				/* has aged */
+#define PAM_ACCT_EXPIRED 13	/* User account has expired */
+#define PAM_SESSION_ERR 14	/* Can not make/remove an entry for */
+				/* the specified session */
+#define PAM_CRED_UNAVAIL 15	/* Underlying authentication service */
+				/* can not retrieve user credentials */
+                                /* unavailable */
+#define PAM_CRED_EXPIRED 16	/* User credentials expired */
+#define PAM_CRED_ERR 17		/* Failure setting user credentials */
+#define PAM_NO_MODULE_DATA 18	/* No module specific data is present */
+#define PAM_CONV_ERR 19		/* Conversation error */
+#define PAM_AUTHTOK_ERR 20	/* Authentication token manipulation error */
+#define PAM_AUTHTOK_RECOVER_ERR 21 /* Authentication information */
+				   /* cannot be recovered */
+#define PAM_AUTHTOK_LOCK_BUSY 22   /* Authentication token lock busy */
+#define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging disabled */
+#define PAM_TRY_AGAIN 24	/* Preliminary check by password service */
+#define PAM_IGNORE 25		/* Ingore underlying account module */
+				/* regardless of whether the control */
+				/* flag is required, optional, or sufficient */
+#define PAM_ABORT 26            /* Critical error (?module fail now request) */
+#define PAM_AUTHTOK_EXPIRED  27 /* user's authentication token has expired */
+#define PAM_MODULE_UNKNOWN   28 /* module is not known */
+
+#define PAM_BAD_ITEM         29 /* Bad item passed to pam_*_item() */
+#define PAM_CONV_AGAIN       30 /* conversation function is event driven
+				     and data is not available yet */
+#define PAM_INCOMPLETE       31 /* please call this function again to
+				   complete authentication stack. Before
+				   calling again, verify that conversation
+				   is completed */
+
+/* Add new #define's here */
+
+#define _PAM_RETURN_VALUES 32   /* this is the number of return values */
+
+
+/* ---------------------- The Linux-PAM flags -------------------- */
+
+/* Authentication service should not generate any messages */
+#define PAM_SILENT			0x8000U
+
+/* Note: these flags are used by pam_authenticate{,_secondary}() */
+
+/* The authentication service should return PAM_AUTH_ERROR if the
+ * user has a null authentication token */
+#define PAM_DISALLOW_NULL_AUTHTOK	0x0001U
+
+/* Note: these flags are used for pam_setcred() */
+
+/* Set user credentials for an authentication service */
+#define PAM_ESTABLISH_CRED              0x0002U
+
+/* Delete user credentials associated with an authentication service */
+#define PAM_DELETE_CRED                 0x0004U
+
+/* Reinitialize user credentials */
+#define PAM_REINITIALIZE_CRED           0x0008U
+
+/* Extend lifetime of user credentials */
+#define PAM_REFRESH_CRED                0x0010U
+
+/* Note: these flags are used by pam_chauthtok */
+
+/* The password service should only update those passwords that have
+ * aged.  If this flag is not passed, the password service should
+ * update all passwords. */
+#define PAM_CHANGE_EXPIRED_AUTHTOK	0x0020U
+
+/* ------------------ The Linux-PAM item types ------------------- */
+
+/* these defines are used by pam_set_item() and pam_get_item() */
+
+#define PAM_SERVICE	   1	/* The service name */
+#define PAM_USER           2	/* The user name */
+#define PAM_TTY            3	/* The tty name */
+#define PAM_RHOST          4	/* The remote host name */
+#define PAM_CONV           5	/* The pam_conv structure */
+
+/* missing entries found in <security/pam_modules.h> for modules only! */
+
+#define PAM_RUSER          8	/* The remote user name */
+#define PAM_USER_PROMPT    9    /* the prompt for getting a username */
+#define PAM_FAIL_DELAY     10   /* app supplied function to override failure
+				   delays */
+
+/* ---------- Common Linux-PAM application/module PI ----------- */
+
+extern int pam_set_item(pam_handle_t *pamh, int item_type, const void *item);
+extern int pam_get_item(const pam_handle_t *pamh, int item_type,
+			const void **item);
+extern const char *pam_strerror(pam_handle_t *pamh, int errnum);
+
+extern int pam_putenv(pam_handle_t *pamh, const char *name_value);
+extern const char *pam_getenv(pam_handle_t *pamh, const char *name);
+extern char **pam_getenvlist(pam_handle_t *pamh);
+
+/* ---------- Common Linux-PAM application/module PI ----------- */
+
+/*
+ * here are some proposed error status definitions for the
+ * 'error_status' argument used by the cleanup function associated
+ * with data items they should be logically OR'd with the error_status
+ * of the latest return from libpam -- new with .52 and positive
+ * impression from Sun although not official as of 1996/9/4
+ * [generally the other flags are to be found in pam_modules.h]
+ */
+
+#define PAM_DATA_SILENT    0x40000000     /* used to suppress messages... */
+
+/*
+ * here we define an externally (by apps or modules) callable function
+ * that primes the libpam library to delay when a stacked set of
+ * modules results in a failure. In the case of PAM_SUCCESS this delay
+ * is ignored.
+ *
+ * Note, the pam_[gs]et_item(... PAM_FAIL_DELAY ...) can be used to set
+ * a function pointer which can override the default fail-delay behavior.
+ * This item was added to accommodate event driven programs that need to
+ * manage delays more carefully.  The function prototype for this data
+ * item is
+ *           void (*fail_delay)(int status, unsigned int delay);
+ */
+
+#define HAVE_PAM_FAIL_DELAY
+extern int pam_fail_delay(pam_handle_t *pamh, unsigned int musec_delay);
+
+#include <syslog.h>
+#ifndef LOG_AUTHPRIV
+# ifdef LOG_PRIV
+#  define LOG_AUTHPRIV LOG_PRIV
+# endif /* LOG_PRIV */
+#endif /* !LOG_AUTHPRIV */
+
+#ifdef MEMORY_DEBUG
+/*
+ * this defines some macros that keep track of what memory has been
+ * allocated and indicates leakage etc... It should not be included in
+ * production application/modules.
+ */
+#include <security/pam_malloc.h>
+#endif
+
+/* ------------ The Linux-PAM conversation structures ------------ */
+
+/* Message styles */
+
+#define PAM_PROMPT_ECHO_OFF	1
+#define PAM_PROMPT_ECHO_ON	2
+#define PAM_ERROR_MSG		3
+#define PAM_TEXT_INFO		4
+
+/* Linux-PAM specific types */
+
+#define PAM_RADIO_TYPE          5        /* yes/no/maybe conditionals */
+
+/* This is for server client non-human interaction.. these are NOT
+   part of the X/Open PAM specification. */
+
+#define PAM_BINARY_PROMPT       7
+
+/* maximum size of messages/responses etc.. (these are mostly
+   arbitrary so Linux-PAM should handle longer values). */
+
+#define PAM_MAX_NUM_MSG       32
+#define PAM_MAX_MSG_SIZE      512
+#define PAM_MAX_RESP_SIZE     512
+
+/* Used to pass prompting text, error messages, or other informatory
+ * text to the user.  This structure is allocated and freed by the PAM
+ * library (or loaded module).  */
+
+struct pam_message {
+    int msg_style;
+    const char *msg;
+};
+
+/* if the pam_message.msg_style = PAM_BINARY_PROMPT
+   the 'pam_message.msg' is a pointer to a 'const *' for the following
+   pseudo-structure.  When used with a PAM_BINARY_PROMPT, the returned
+   pam_response.resp pointer points to an object with the following
+   structure:
+
+   struct {
+       u32 length;                         #  network byte order
+       unsigned char type;
+       unsigned char data[length-5];
+   };
+
+   The 'libpamc' library is designed around this flavor of
+   message and should be used to handle this flavor of msg_style.
+   */
+
+/* Used to return the user's response to the PAM library.  This
+   structure is allocated by the application program, and free()'d by
+   the Linux-PAM library (or calling module).  */
+
+struct pam_response {
+    char *resp;
+    int	resp_retcode;	/* currently un-used, zero expected */
+};
+
+/* The actual conversation structure itself */
+
+struct pam_conv {
+    int (*conv)(int num_msg, const struct pam_message **msg,
+		struct pam_response **resp, void *appdata_ptr);
+    void *appdata_ptr;
+};
+
+#ifndef LINUX_PAM
+/*
+ * the following few lines represent a hack.  They are there to make
+ * the Linux-PAM headers more compatible with the Sun ones, which have a
+ * less strictly separated notion of module specific and application
+ * specific definitions.
+ */
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+#endif
+
+
+/* ... adapted from the pam_appl.h file created by Theodore Ts'o and
+ *
+ * Copyright Theodore Ts'o, 1996.  All rights reserved.
+ * Copyright (c) Andrew G. Morgan <morgan@linux.kernel.org>, 1996-8
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ * 
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.  */
+
+#endif /* _SECURITY__PAM_TYPES_H */
+
diff --git a/libpam/include/security/pam_appl.h b/libpam/include/security/pam_appl.h
new file mode 100644
index 00000000..2849970a
--- /dev/null
+++ b/libpam/include/security/pam_appl.h
@@ -0,0 +1,92 @@
+/*
+ * <security/pam_appl.h>
+ * 
+ * This header file collects definitions for the PAM API --- that is,
+ * public interface between the PAM library and an application program
+ * that wishes to use it.
+ *
+ * Note, the copyright information is at end of file.
+ *
+ * Created: 15-Jan-96 by TYT
+ * Last modified: 1996/3/5 by AGM
+ *
+ * $Id$
+ */
+
+#ifndef _SECURITY_PAM_APPL_H
+#define _SECURITY_PAM_APPL_H
+
+#include <security/_pam_types.h>      /* Linux-PAM common defined types */
+
+/* -------------- The Linux-PAM Framework layer API ------------- */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+ 
+extern int pam_start(const char *service_name, const char *user,
+		     const struct pam_conv *pam_conversation,
+		     pam_handle_t **pamh);
+extern int pam_end(pam_handle_t *pamh, int pam_status);
+
+/* Authentication API's */
+
+extern int pam_authenticate(pam_handle_t *pamh, int flags);
+extern int pam_setcred(pam_handle_t *pamh, int flags);
+
+/* Account Management API's */
+
+extern int pam_acct_mgmt(pam_handle_t *pamh, int flags);
+
+/* Session Management API's */
+
+extern int pam_open_session(pam_handle_t *pamh, int flags);
+extern int pam_close_session(pam_handle_t *pamh, int flags);
+
+/* Password Management API's */
+
+extern int pam_chauthtok(pam_handle_t *pamh, int flags);
+
+#ifdef __cplusplus
+}
+#endif
+
+/* take care of any compatibility issues */
+#include <security/_pam_compat.h>
+
+/*
+ * Copyright Theodore Ts'o, 1996.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ * 
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#endif /* _SECURITY_PAM_APPL_H */
diff --git a/libpam/include/security/pam_malloc.h b/libpam/include/security/pam_malloc.h
new file mode 100644
index 00000000..8daf3f7c
--- /dev/null
+++ b/libpam/include/security/pam_malloc.h
@@ -0,0 +1,79 @@
+/* $Id$
+ *
+ * $Log$
+ * Revision 1.1  2000/06/20 22:11:23  agmorgan
+ * Initial revision
+ *
+ * Revision 1.1.1.1  1998/07/12 05:17:15  morgan
+ * Linux PAM sources pre-0.66
+ *
+ * Revision 1.1  1996/11/10 21:23:14  morgan
+ * Initial revision
+ *
+ */
+
+/*
+ * This file (via the use of macros) defines a wrapper for the malloc
+ * family of calls. It logs where the memory was requested and also
+ * where it was free()'d and keeps a list of currently requested memory.
+ *
+ * It is hoped that it will provide some help in locating memory leaks.
+ */
+
+#ifndef PAM_MALLOC_H
+#define PAM_MALLOC_H
+
+/* these are the macro definitions for the stdlib.h memory functions */
+
+#define malloc(s)      pam_malloc(s,__FILE__,__FUNCTION__,__LINE__)
+#define calloc(n,s)    pam_calloc(n,s,__FILE__,__FUNCTION__,__LINE__)
+#define free(x)        pam_free(x,__FILE__,__FUNCTION__,__LINE__)
+/* #define memalign(a,s)  pam_memalign(a,s,__FILE__,__FUNCTION__,__LINE__) */
+#define realloc(x,s)   pam_realloc(x,s,__FILE__,__FUNCTION__,__LINE__)
+/* #define valloc(s)      pam_valloc(s,__FILE__,__FUNCTION__,__LINE__) */
+/* #define alloca(s)      pam_alloca(s,__FILE__,__FUNCTION__,__LINE__) */
+#define exit(i)        pam_exit(i,__FILE__,__FUNCTION__,__LINE__)
+
+/* these are the prototypes for the wrapper functions */
+
+#include <sys/types.h>
+
+extern void *pam_malloc(size_t s,const char *,const char *,const int);
+extern void *pam_calloc(size_t n,size_t s,const char *,const char *,const int);
+extern void  pam_free(void *x,const char *,const char *,const int);
+extern void *pam_memalign(size_t a,size_t s
+			 ,const char *,const char *,const int);
+extern void *pam_realloc(void *x,size_t s,const char *,const char *,const int);
+extern void *pam_valloc(size_t s,const char *,const char *,const int);
+extern void *pam_alloca(size_t s,const char *,const char *,const int);
+extern void  pam_exit(int i,const char *,const char *,const int);
+
+/* these are the flags used to turn on and off diagnostics */
+
+#define PAM_MALLOC_LEAKED             01
+#define PAM_MALLOC_REQUEST            02
+#define PAM_MALLOC_FREE               04
+#define PAM_MALLOC_EXCH               (PAM_MALLOC_FREED|PAM_MALLOC_EXCH)
+#define PAM_MALLOC_RESIZE            010
+#define PAM_MALLOC_FAIL              020
+#define PAM_MALLOC_NULL              040
+#define PAM_MALLOC_VERIFY           0100
+#define PAM_MALLOC_FUNC             0200
+#define PAM_MALLOC_PAUSE            0400
+#define PAM_MALLOC_STOP            01000
+
+#define PAM_MALLOC_ALL              0777
+
+#define PAM_MALLOC_DEFAULT     \
+  (PAM_MALLOC_LEAKED|PAM_MALLOC_PAUSE|PAM_MALLOC_FAIL)
+
+#include <stdio.h>
+
+extern FILE *pam_malloc_outfile;      /* defaults to stdout */
+
+/* how much output do you want? */
+
+extern int pam_malloc_flags;
+extern int pam_malloc_delay_length;      /* how long to pause on errors */
+
+#endif /* PAM_MALLOC_H */
diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h
new file mode 100644
index 00000000..945c1711
--- /dev/null
+++ b/libpam/include/security/pam_modules.h
@@ -0,0 +1,195 @@
+/*
+ * <security/pam_modules.h>
+ * 
+ * $Id$
+ *
+ * This header file documents the PAM SPI --- that is, interface
+ * between the PAM library and a PAM service library which is called
+ * by the PAM library.
+ *
+ * Note, the copyright information is at end of file.
+ *
+ * $Log$
+ * Revision 1.1  2000/06/20 22:11:23  agmorgan
+ * Initial revision
+ *
+ * Revision 1.1.1.1  1998/07/12 05:17:15  morgan
+ * Linux PAM sources pre-0.66
+ *
+ * Revision 1.8  1997/01/04 20:14:42  morgan
+ * moved PAM_DATA_SILENT to _pam_types.h so applications can use it too
+ *
+ * Revision 1.7  1996/11/10 19:57:08  morgan
+ * pam_get_user prototype.
+ *
+ * Revision 1.6  1996/09/05 06:18:45  morgan
+ * added some data error_status masks, changed prototype for cleanup()
+ *
+ * Revision 1.5  1996/06/02 07:58:37  morgan
+ * altered the way in which modules obtain static prototypes for
+ * functions
+ *
+ */
+
+#ifndef _SECURITY_PAM_MODULES_H
+#define _SECURITY_PAM_MODULES_H
+
+#include <security/_pam_types.h>      /* Linux-PAM common defined types */
+
+/* these defines are used by pam_set_item() and pam_get_item() and are
+ * in addition to those found in <security/_pam_types.h> */
+
+#define PAM_AUTHTOK     6	/* The authentication token (password) */
+#define PAM_OLDAUTHTOK  7	/* The old authentication token */
+
+/* -------------- The Linux-PAM Module PI ------------- */
+
+extern int pam_set_data(pam_handle_t *pamh, const char *module_data_name,
+			void *data,
+			void (*cleanup)(pam_handle_t *pamh, void *data,
+				       int error_status));
+extern int pam_get_data(const pam_handle_t *pamh,
+			const char *module_data_name, const void **data);
+
+extern int pam_get_user(pam_handle_t *pamh, const char **user
+			, const char *prompt);
+
+#ifdef PAM_STATIC
+
+#define PAM_EXTERN static
+
+struct pam_module {
+    const char *name;		/* Name of the module */
+
+    /* These are function pointers to the module's key functions.  */
+
+    int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags,
+			       int argc, const char **argv);
+    int (*pam_sm_setcred)(pam_handle_t *pamh, int flags,
+			  int argc, const char **argv);
+    int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags,
+			    int argc, const char **argv);
+    int (*pam_sm_open_session)(pam_handle_t *pamh, int flags,
+			       int argc, const char **argv);
+    int (*pam_sm_close_session)(pam_handle_t *pamh, int flags,
+				int argc, const char **argv);
+    int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags,
+			    int argc, const char **argv);
+};
+
+#else /* !PAM_STATIC */
+
+#define PAM_EXTERN extern
+
+#endif /* PAM_STATIC */
+	
+/* Lots of files include pam_modules.h that don't need these
+ * declared.  However, when they are declared static, they
+ * need to be defined later.  So we have to protect C files
+ * that include these without wanting these functions defined.. */
+
+#if (defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC)
+
+/* Authentication API's */
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+                                   int argc, const char **argv);
+PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags,
+			      int argc, const char **argv);
+
+#endif /*(defined(PAM_STATIC) && defined(PAM_SM_AUTH))
+	 || !defined(PAM_STATIC)*/
+
+#if (defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC)
+
+/* Account Management API's */
+PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+				int argc, const char **argv);
+
+#endif /*(defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT))
+	 || !defined(PAM_STATIC)*/
+
+#if (defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC)
+
+/* Session Management API's */
+PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
+				   int argc, const char **argv);
+
+PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags,
+				    int argc, const char **argv);
+
+#endif /*(defined(PAM_STATIC) && defined(PAM_SM_SESSION))
+	 || !defined(PAM_STATIC)*/
+
+#if (defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC)
+
+/* Password Management API's */
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+				int argc, const char **argv);
+
+#endif /*(defined(PAM_STATIC) && defined(PAM_SM_PASSWORD))
+	 || !defined(PAM_STATIC)*/
+
+/* The following two flags are for use across the Linux-PAM/module
+ * interface only. The Application is not permitted to use these
+ * tokens.
+ *
+ * The password service should only perform preliminary checks.  No
+ * passwords should be updated. */
+#define PAM_PRELIM_CHECK		0x4000
+
+/* The password service should update passwords Note: PAM_PRELIM_CHECK
+ * and PAM_UPDATE_AUTHTOK can not both be set simultaneously! */
+#define PAM_UPDATE_AUTHTOK		0x2000
+
+
+/*
+ * here are some proposed error status definitions for the
+ * 'error_status' argument used by the cleanup function associated
+ * with data items they should be logically OR'd with the error_status
+ * of the latest return from libpam -- new with .52 and positive
+ * impression from Sun although not official as of 1996/9/4 there are
+ * others in _pam_types.h -- they are for common module/app use.
+ */
+
+#define PAM_DATA_REPLACE   0x20000000     /* used when replacing a data item */
+
+/* take care of any compatibility issues */
+#include <security/_pam_compat.h>
+
+/* Copyright (C) Theodore Ts'o, 1996.
+ * Copyright (C) Andrew Morgan, 1996-8.
+ *                                                All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ * 
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU General Public License, in which case the provisions of the
+ * GNU GPL are required INSTEAD OF the above restrictions.  (This
+ * clause is necessary due to a potential bad interaction between the
+ * GNU GPL and the restrictions contained in a BSD-style copyright.)
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.  */
+
+#endif /* _SECURITY_PAM_MODULES_H */
+
author	Andrew G. Morgan <morgan@kernel.org>	2000-06-20 22:10:38 +0000
committer	Andrew G. Morgan <morgan@kernel.org>	2000-06-20 22:10:38 +0000
commit	ea488580c42e8918445a945484de3c8a5addc761 (patch)
tree	c992f3ba699caafedfadc16af38e6359c3c24698 /libpam/include