LCOV - code coverage report
Current view: top level - usr/include/security - _pam_types.h (source / functions) Hit Total Coverage
Test: coverage report for master 2b515b7d Lines: 8 8 100.0 %
Date: 2024-02-28 12:06:22 Functions: 5 6 83.3 %

          Line data    Source code
       1             : /*
       2             :  * <security/_pam_types.h>
       3             :  *
       4             :  * This file defines all of the types common to the Linux-PAM library
       5             :  * applications and modules.
       6             :  *
       7             :  * Note, the copyright+license information is at end of file.
       8             :  */
       9             : 
      10             : #ifndef _SECURITY__PAM_TYPES_H
      11             : #define _SECURITY__PAM_TYPES_H
      12             : 
      13             : /* This is a blind structure; users aren't allowed to see inside a
      14             :  * pam_handle_t, so we don't define struct pam_handle here.  This is
      15             :  * defined in a file private to the PAM library.  (i.e., it's private
      16             :  * to PAM service modules, too!)  */
      17             : 
      18             : typedef struct pam_handle pam_handle_t;
      19             : 
      20             : /* ---------------- The Linux-PAM Version defines ----------------- */
      21             : 
      22             : /* Major and minor version number of the Linux-PAM package.  Use
      23             :    these macros to test for features in specific releases.  */
      24             : #define __LINUX_PAM__ 1
      25             : #define __LINUX_PAM_MINOR__ 0
      26             : 
      27             : /* ----------------- The Linux-PAM return values ------------------ */
      28             : 
      29             : #define PAM_SUCCESS 0           /* Successful function return */
      30             : #define PAM_OPEN_ERR 1          /* dlopen() failure when dynamically */
      31             :                                 /* loading a service module */
      32             : #define PAM_SYMBOL_ERR 2        /* Symbol not found */
      33             : #define PAM_SERVICE_ERR 3       /* Error in service module */
      34             : #define PAM_SYSTEM_ERR 4        /* System error */
      35             : #define PAM_BUF_ERR 5           /* Memory buffer error */
      36             : #define PAM_PERM_DENIED 6       /* Permission denied */
      37             : #define PAM_AUTH_ERR 7          /* Authentication failure */
      38             : #define PAM_CRED_INSUFFICIENT 8 /* Can not access authentication data */
      39             :                                 /* due to insufficient credentials */
      40             : #define PAM_AUTHINFO_UNAVAIL 9  /* Underlying authentication service */
      41             :                                 /* can not retrieve authentication */
      42             :                                 /* information  */
      43             : #define PAM_USER_UNKNOWN 10     /* User not known to the underlying */
      44             :                                 /* authentication module */
      45             : #define PAM_MAXTRIES 11         /* An authentication service has */
      46             :                                 /* maintained a retry count which has */
      47             :                                 /* been reached.  No further retries */
      48             :                                 /* should be attempted */
      49             : #define PAM_NEW_AUTHTOK_REQD 12 /* New authentication token required. */
      50             :                                 /* This is normally returned if the */
      51             :                                 /* machine security policies require */
      52             :                                 /* that the password should be changed */
      53             :                                 /* because the password is NULL or it */
      54             :                                 /* has aged */
      55             : #define PAM_ACCT_EXPIRED 13     /* User account has expired */
      56             : #define PAM_SESSION_ERR 14      /* Can not make/remove an entry for */
      57             :                                 /* the specified session */
      58             : #define PAM_CRED_UNAVAIL 15     /* Underlying authentication service */
      59             :                                 /* can not retrieve user credentials */
      60             :                                 /* unavailable */
      61             : #define PAM_CRED_EXPIRED 16     /* User credentials expired */
      62             : #define PAM_CRED_ERR 17         /* Failure setting user credentials */
      63             : #define PAM_NO_MODULE_DATA 18   /* No module specific data is present */
      64             : #define PAM_CONV_ERR 19         /* Conversation error */
      65             : #define PAM_AUTHTOK_ERR 20      /* Authentication token manipulation error */
      66             : #define PAM_AUTHTOK_RECOVERY_ERR 21 /* Authentication information */
      67             :                                     /* cannot be recovered */
      68             : #define PAM_AUTHTOK_LOCK_BUSY 22   /* Authentication token lock busy */
      69             : #define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging disabled */
      70             : #define PAM_TRY_AGAIN 24        /* Preliminary check by password service */
      71             : #define PAM_IGNORE 25           /* Ignore underlying account module */
      72             :                                 /* regardless of whether the control */
      73             :                                 /* flag is required, optional, or sufficient */
      74             : #define PAM_ABORT 26            /* Critical error (?module fail now request) */
      75             : #define PAM_AUTHTOK_EXPIRED  27 /* user's authentication token has expired */
      76             : #define PAM_MODULE_UNKNOWN   28 /* module is not known */
      77             : 
      78             : #define PAM_BAD_ITEM         29 /* Bad item passed to pam_*_item() */
      79             : #define PAM_CONV_AGAIN       30 /* conversation function is event driven
      80             :                                      and data is not available yet */
      81             : #define PAM_INCOMPLETE       31 /* please call this function again to
      82             :                                    complete authentication stack. Before
      83             :                                    calling again, verify that conversation
      84             :                                    is completed */
      85             : 
      86             : /*
      87             :  * Add new #define's here - take care to also extend the libpam code:
      88             :  * pam_strerror() and "libpam/pam_tokens.h" .
      89             :  */
      90             : 
      91             : #define _PAM_RETURN_VALUES 32   /* this is the number of return values */
      92             : 
      93             : 
      94             : /* ---------------------- The Linux-PAM flags -------------------- */
      95             : 
      96             : /* Authentication service should not generate any messages */
      97             : #define PAM_SILENT                      0x8000U
      98             : 
      99             : /* Note: these flags are used by pam_authenticate{,_secondary}() */
     100             : 
     101             : /* The authentication service should return PAM_AUTH_ERROR if the
     102             :  * user has a null authentication token */
     103             : #define PAM_DISALLOW_NULL_AUTHTOK       0x0001U
     104             : 
     105             : /* Note: these flags are used for pam_setcred() */
     106             : 
     107             : /* Set user credentials for an authentication service */
     108             : #define PAM_ESTABLISH_CRED              0x0002U
     109             : 
     110             : /* Delete user credentials associated with an authentication service */
     111             : #define PAM_DELETE_CRED                 0x0004U
     112             : 
     113             : /* Reinitialize user credentials */
     114             : #define PAM_REINITIALIZE_CRED           0x0008U
     115             : 
     116             : /* Extend lifetime of user credentials */
     117             : #define PAM_REFRESH_CRED                0x0010U
     118             : 
     119             : /* Note: these flags are used by pam_chauthtok */
     120             : 
     121             : /* The password service should only update those passwords that have
     122             :  * aged.  If this flag is not passed, the password service should
     123             :  * update all passwords. */
     124             : #define PAM_CHANGE_EXPIRED_AUTHTOK      0x0020U
     125             : 
     126             : /* ------------------ The Linux-PAM item types ------------------- */
     127             : 
     128             : /* These defines are used by pam_set_item() and pam_get_item().
     129             :    Please check the spec which are allowed for use by applications
     130             :    and which are only allowed for use by modules. */
     131             : 
     132             : #define PAM_SERVICE        1    /* The service name */
     133             : #define PAM_USER           2    /* The user name */
     134             : #define PAM_TTY            3    /* The tty name */
     135             : #define PAM_RHOST          4    /* The remote host name */
     136             : #define PAM_CONV           5    /* The pam_conv structure */
     137             : #define PAM_AUTHTOK        6    /* The authentication token (password) */
     138             : #define PAM_OLDAUTHTOK     7    /* The old authentication token */
     139             : #define PAM_RUSER          8    /* The remote user name */
     140             : #define PAM_USER_PROMPT    9    /* the prompt for getting a username */
     141             : /* Linux-PAM extensions */
     142             : #define PAM_FAIL_DELAY     10   /* app supplied function to override failure
     143             :                                    delays */
     144             : #define PAM_XDISPLAY       11   /* X display name */
     145             : #define PAM_XAUTHDATA      12   /* X server authentication data */
     146             : #define PAM_AUTHTOK_TYPE   13   /* The type for pam_get_authtok */
     147             : 
     148             : /* -------------- Special defines used by Linux-PAM -------------- */
     149             : 
     150             : #if defined(__GNUC__) && defined(__GNUC_MINOR__)
     151             : # define PAM_GNUC_PREREQ(maj, min) \
     152             :         ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
     153             : #else
     154             : # define PAM_GNUC_PREREQ(maj, min) 0
     155             : #endif
     156             : 
     157             : #if PAM_GNUC_PREREQ(2,5)
     158             : # define PAM_FORMAT(params) __attribute__((__format__ params))
     159             : #else
     160             : # define PAM_FORMAT(params)
     161             : #endif
     162             : 
     163             : #if PAM_GNUC_PREREQ(3,3) && !defined(LIBPAM_COMPILE)
     164             : # define PAM_NONNULL(params) __attribute__((__nonnull__ params))
     165             : #else
     166             : # define PAM_NONNULL(params)
     167             : #endif
     168             : 
     169             : /* ---------- Common Linux-PAM application/module PI ----------- */
     170             : 
     171             : extern int PAM_NONNULL((1))
     172         222 : pam_set_item(pam_handle_t *pamh, int item_type, const void *item);
     173             : 
     174             : extern int PAM_NONNULL((1))
     175        3085 : pam_get_item(const pam_handle_t *pamh, int item_type, const void **item);
     176             : 
     177             : extern const char *
     178         722 : pam_strerror(pam_handle_t *pamh, int errnum);
     179             : 
     180             : extern int PAM_NONNULL((1,2))
     181        3087 : pam_putenv(pam_handle_t *pamh, const char *name_value);
     182             : 
     183             : extern const char * PAM_NONNULL((1,2))
     184           2 : pam_getenv(pam_handle_t *pamh, const char *name);
     185             : 
     186             : extern char ** PAM_NONNULL((1))
     187          29 : pam_getenvlist(pam_handle_t *pamh);
     188             : 
     189             : /* ---------- Common Linux-PAM application/module PI ----------- */
     190           2 : 
     191             : /*
     192             :  * here are some proposed error status definitions for the
     193           1 :  * 'error_status' argument used by the cleanup function associated
     194             :  * with data items they should be logically OR'd with the error_status
     195             :  * of the latest return from libpam -- new with .52 and positive
     196             :  * impression from Sun although not official as of 1996/9/4
     197             :  * [generally the other flags are to be found in pam_modules.h]
     198             :  */
     199             : 
     200             : #define PAM_DATA_SILENT    0x40000000     /* used to suppress messages... */
     201             : 
     202             : /*
     203             :  * here we define an externally (by apps or modules) callable function
     204             :  * that primes the libpam library to delay when a stacked set of
     205             :  * modules results in a failure. In the case of PAM_SUCCESS this delay
     206             :  * is ignored.
     207             :  *
     208             :  * Note, the pam_[gs]et_item(... PAM_FAIL_DELAY ...) can be used to set
     209             :  * a function pointer which can override the default fail-delay behavior.
     210             :  * This item was added to accommodate event driven programs that need to
     211             :  * manage delays more carefully.  The function prototype for this data
     212             :  * item is
     213             :  *     void (*fail_delay)(int status, unsigned int delay, void *appdata_ptr);
     214             :  */
     215             : 
     216             : #define HAVE_PAM_FAIL_DELAY
     217             : extern int pam_fail_delay(pam_handle_t *pamh, unsigned int musec_delay);
     218             : 
     219             : /* ------------ The Linux-PAM conversation structures ------------ */
     220             : 
     221             : /* Message styles */
     222             : 
     223             : #define PAM_PROMPT_ECHO_OFF     1
     224             : #define PAM_PROMPT_ECHO_ON      2
     225             : #define PAM_ERROR_MSG           3
     226             : #define PAM_TEXT_INFO           4
     227             : 
     228             : /* Linux-PAM specific types */
     229             : 
     230             : #define PAM_RADIO_TYPE          5        /* yes/no/maybe conditionals */
     231             : 
     232             : /* This is for server client non-human interaction.. these are NOT
     233             :    part of the X/Open PAM specification. */
     234             : 
     235             : #define PAM_BINARY_PROMPT       7
     236             : 
     237             : /* maximum size of messages/responses etc.. (these are mostly
     238             :    arbitrary so Linux-PAM should handle longer values). */
     239             : 
     240             : #define PAM_MAX_NUM_MSG       32
     241             : #define PAM_MAX_MSG_SIZE      512
     242             : #define PAM_MAX_RESP_SIZE     512
     243             : 
     244             : /* Used to pass prompting text, error messages, or other informatory
     245             :  * text to the user.  This structure is allocated and freed by the PAM
     246             :  * library (or loaded module).  */
     247             : 
     248             : struct pam_message {
     249             :     int msg_style;
     250             :     const char *msg;
     251             : };
     252             : 
     253             : /* if the pam_message.msg_style = PAM_BINARY_PROMPT
     254             :    the 'pam_message.msg' is a pointer to a 'const *' for the following
     255             :    pseudo-structure.  When used with a PAM_BINARY_PROMPT, the returned
     256             :    pam_response.resp pointer points to an object with the following
     257             :    structure:
     258             : 
     259             :    struct {
     260             :        u32 length;                         #  network byte order
     261             :        unsigned char type;
     262             :        unsigned char data[length-5];
     263             :    };
     264             : 
     265             :    The 'libpamc' library is designed around this flavor of
     266             :    message and should be used to handle this flavor of msg_style.
     267             :    */
     268             : 
     269             : /* Used to return the user's response to the PAM library.  This
     270             :    structure is allocated by the application program, and free()'d by
     271             :    the Linux-PAM library (or calling module).  */
     272             : 
     273             : struct pam_response {
     274             :     char *resp;
     275             :     int resp_retcode;   /* currently un-used, zero expected */
     276             : };
     277             : 
     278             : /* The actual conversation structure itself */
     279             : 
     280             : struct pam_conv {
     281             :     int (*conv)(int num_msg, const struct pam_message **msg,
     282             :                 struct pam_response **resp, void *appdata_ptr);
     283             :     void *appdata_ptr;
     284             : };
     285             : 
     286             : /* Used by the PAM_XAUTHDATA pam item.  Contains X authentication
     287             :    data used by modules to connect to the user's X display.  Note:
     288             :    this structure is intentionally compatible with xcb_auth_info_t. */
     289             : 
     290             : struct pam_xauth_data {
     291             :     int namelen;
     292             :     char *name;
     293             :     int datalen;
     294             :     char *data;
     295             : };
     296             : 
     297             : /* ... adapted from the pam_appl.h file created by Theodore Ts'o and
     298             :  *
     299             :  * Copyright Theodore Ts'o, 1996.  All rights reserved.
     300             :  * Copyright (c) Andrew G. Morgan <morgan@linux.kernel.org>, 1996-8
     301             :  *
     302             :  * Redistribution and use in source and binary forms, with or without
     303             :  * modification, are permitted provided that the following conditions
     304             :  * are met:
     305             :  * 1. Redistributions of source code must retain the above copyright
     306             :  *    notice, and the entire permission notice in its entirety,
     307             :  *    including the disclaimer of warranties.
     308             :  * 2. Redistributions in binary form must reproduce the above copyright
     309             :  *    notice, this list of conditions and the following disclaimer in the
     310             :  *    documentation and/or other materials provided with the distribution.
     311             :  * 3. The name of the author may not be used to endorse or promote
     312             :  *    products derived from this software without specific prior
     313             :  *    written permission.
     314             :  *
     315             :  * ALTERNATIVELY, this product may be distributed under the terms of
     316             :  * the GNU Public License, in which case the provisions of the GPL are
     317             :  * required INSTEAD OF the above restrictions.  (This clause is
     318             :  * necessary due to a potential bad interaction between the GPL and
     319             :  * the restrictions contained in a BSD-style copyright.)
     320             :  *
     321             :  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
     322             :  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     323             :  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
     324             :  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
     325             :  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
     326             :  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
     327             :  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     328             :  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     329             :  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     330             :  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     331             :  * OF THE POSSIBILITY OF SUCH DAMAGE.  */
     332             : 
     333             : #endif /* _SECURITY__PAM_TYPES_H */

Generated by: LCOV version 1.14