Mercurial > illumos > illumos-gate
annotate usr/src/lib/libpam/pam_appl.h @ 10702:ca0edf2daf1c
PSARC/2004/678 EOF SCF_ Smartcard APIs
PSARC/2005/106 iButton Smartcard EOF
PSARC/2005/107 Cyberflex Smartcard EOF
PSARC/2006/295 EOF pam_smartcard(5)
PSARC/2006/296 EOF smartcard(1m)
6857067 Smartcard EOF Removal
author | Darren J Moffat <Darren.Moffat@Sun.COM> |
---|---|
date | Thu, 01 Oct 2009 07:56:28 -0700 |
parents | 7c6b0ab715f4 |
children |
rev | line source |
---|---|
0 | 1 /* |
2 * CDDL HEADER START | |
3 * | |
4 * The contents of this file are subject to the terms of the | |
2815 | 5 * Common Development and Distribution License (the "License"). |
6 * You may not use this file except in compliance with the License. | |
0 | 7 * |
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 * or http://www.opensolaris.org/os/licensing. | |
10 * See the License for the specific language governing permissions | |
11 * and limitations under the License. | |
12 * | |
13 * When distributing Covered Code, include this CDDL HEADER in each | |
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 * If applicable, add the following below this CDDL HEADER, with the | |
16 * fields enclosed by brackets "[]" replaced with your own identifying | |
17 * information: Portions Copyright [yyyy] [name of copyright owner] | |
18 * | |
19 * CDDL HEADER END | |
20 */ | |
21 /* | |
10702
ca0edf2daf1c
PSARC/2004/678 EOF SCF_ Smartcard APIs
Darren J Moffat <Darren.Moffat@Sun.COM>
parents:
2815
diff
changeset
|
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. |
0 | 23 * Use is subject to license terms. |
24 */ | |
25 | |
26 #ifndef _PAM_APPL_H | |
27 #define _PAM_APPL_H | |
28 | |
29 #include <sys/types.h> | |
30 | |
31 #ifdef __cplusplus | |
32 extern "C" { | |
33 #endif | |
34 | |
35 /* Generic PAM errors */ | |
36 #define PAM_SUCCESS 0 /* Normal function return */ | |
37 #define PAM_OPEN_ERR 1 /* Dlopen failure */ | |
38 #define PAM_SYMBOL_ERR 2 /* Symbol not found */ | |
39 #define PAM_SERVICE_ERR 3 /* Error in underlying service module */ | |
40 #define PAM_SYSTEM_ERR 4 /* System error */ | |
41 #define PAM_BUF_ERR 5 /* Memory buffer error */ | |
42 #define PAM_CONV_ERR 6 /* Conversation failure */ | |
43 #define PAM_PERM_DENIED 7 /* Permission denied */ | |
44 | |
45 /* Errors returned by pam_authenticate, pam_acct_mgmt(), and pam_setcred() */ | |
46 #define PAM_MAXTRIES 8 /* Maximum number of tries exceeded */ | |
47 #define PAM_AUTH_ERR 9 /* Authentication failure */ | |
48 #define PAM_NEW_AUTHTOK_REQD 10 /* Get new auth token from the user */ | |
49 #define PAM_CRED_INSUFFICIENT 11 /* can not access auth data b/c */ | |
50 /* of insufficient credentials */ | |
51 #define PAM_AUTHINFO_UNAVAIL 12 /* Can not retrieve auth information */ | |
52 #define PAM_USER_UNKNOWN 13 /* No account present for user */ | |
53 | |
54 /* Errors returned by pam_setcred() */ | |
55 #define PAM_CRED_UNAVAIL 14 /* can not retrieve user credentials */ | |
56 #define PAM_CRED_EXPIRED 15 /* user credentials expired */ | |
57 #define PAM_CRED_ERR 16 /* failure setting user credentials */ | |
58 | |
59 /* Errors returned by pam_acct_mgmt() */ | |
60 #define PAM_ACCT_EXPIRED 17 /* user account has expired */ | |
61 #define PAM_AUTHTOK_EXPIRED 18 /* Password expired and no longer */ | |
62 /* usable */ | |
63 | |
64 /* Errors returned by pam_open/close_session() */ | |
65 #define PAM_SESSION_ERR 19 /* can not make/remove entry for */ | |
66 /* specified session */ | |
67 | |
68 /* Errors returned by pam_chauthtok() */ | |
69 #define PAM_AUTHTOK_ERR 20 /* Authentication token */ | |
70 /* manipulation error */ | |
71 #define PAM_AUTHTOK_RECOVERY_ERR 21 /* Old authentication token */ | |
72 /* cannot be recovered */ | |
73 #define PAM_AUTHTOK_LOCK_BUSY 22 /* Authentication token */ | |
74 /* lock busy */ | |
75 #define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging */ | |
76 /* is disabled */ | |
77 | |
78 /* Errors returned by pam_get_data */ | |
79 #define PAM_NO_MODULE_DATA 24 /* module data not found */ | |
80 | |
81 /* Errors returned by modules */ | |
82 #define PAM_IGNORE 25 /* ignore module */ | |
83 | |
84 #define PAM_ABORT 26 /* General PAM failure */ | |
85 #define PAM_TRY_AGAIN 27 /* Unable to update password */ | |
86 /* Try again another time */ | |
87 #define PAM_TOTAL_ERRNUM 28 | |
88 | |
89 /* | |
90 * structure pam_message is used to pass prompt, error message, | |
91 * or any text information from scheme to application/user. | |
92 */ | |
93 | |
94 struct pam_message { | |
95 int msg_style; /* Msg_style - see below */ | |
96 char *msg; /* Message string */ | |
97 }; | |
98 | |
99 /* | |
100 * msg_style defines the interaction style between the | |
101 * scheme and the application. | |
102 */ | |
103 #define PAM_PROMPT_ECHO_OFF 1 /* Echo off when getting response */ | |
104 #define PAM_PROMPT_ECHO_ON 2 /* Echo on when getting response */ | |
105 #define PAM_ERROR_MSG 3 /* Error message */ | |
106 #define PAM_TEXT_INFO 4 /* Textual information */ | |
107 | |
108 /* | |
109 * max # of messages passed to the application through the | |
110 * conversation function call | |
111 */ | |
112 #define PAM_MAX_NUM_MSG 32 | |
113 | |
114 /* | |
115 * max size (in chars) of each messages passed to the application | |
116 * through the conversation function call | |
117 */ | |
118 #define PAM_MAX_MSG_SIZE 512 | |
119 | |
120 /* | |
121 * max size (in chars) of each response passed from the application | |
122 * through the conversation function call | |
123 */ | |
124 #define PAM_MAX_RESP_SIZE 512 | |
125 | |
126 /* | |
127 * structure pam_response is used by the scheme to get the user's | |
128 * response back from the application/user. | |
129 */ | |
130 | |
131 struct pam_response { | |
132 char *resp; /* Response string */ | |
133 int resp_retcode; /* Return code - for future use */ | |
134 }; | |
135 | |
136 /* | |
137 * structure pam_conv is used by authentication applications for passing | |
138 * call back function pointers and application data pointers to the scheme | |
139 */ | |
140 struct pam_conv { | |
141 int (*conv)(int, struct pam_message **, | |
142 struct pam_response **, void *); | |
143 void *appdata_ptr; /* Application data ptr */ | |
144 }; | |
145 | |
146 /* the pam handle */ | |
147 typedef struct pam_handle pam_handle_t; | |
148 | |
149 /* | |
150 * pam_start() is called to initiate an authentication exchange | |
151 * with PAM. | |
152 */ | |
153 extern int | |
154 pam_start( | |
155 const char *service_name, /* Service Name */ | |
156 const char *user, /* User Name */ | |
157 const struct pam_conv *pam_conv, /* Conversation structure */ | |
158 pam_handle_t **pamh /* Address to store handle */ | |
159 ); | |
160 | |
161 /* | |
162 * pam_end() is called to end an authentication exchange with PAM. | |
163 */ | |
164 extern int | |
165 pam_end( | |
166 pam_handle_t *pamh, /* handle from pam_start() */ | |
167 int status /* the final status value that */ | |
168 /* gets passed to cleanup functions */ | |
169 ); | |
170 | |
171 /* | |
172 * pam_set_item is called to store an object in PAM handle. | |
173 */ | |
174 extern int | |
175 pam_set_item( | |
176 pam_handle_t *pamh, /* PAM handle */ | |
177 int item_type, /* Type of object - see below */ | |
178 const void *item /* Address of place to put pointer */ | |
179 /* to object */ | |
180 ); | |
181 | |
182 /* | |
183 * pam_get_item is called to retrieve an object from the static data area | |
184 */ | |
185 extern int | |
186 pam_get_item( | |
187 const pam_handle_t *pamh, /* PAM handle */ | |
188 int item_type, /* Type of object - see below */ | |
189 void ** item /* Address of place to put pointer */ | |
190 /* to object */ | |
191 ); | |
192 | |
193 /* Items supported by pam_[sg]et_item() calls */ | |
194 #define PAM_SERVICE 1 /* The program/service name */ | |
195 #define PAM_USER 2 /* The user name */ | |
196 #define PAM_TTY 3 /* The tty name */ | |
197 #define PAM_RHOST 4 /* The remote host name */ | |
198 #define PAM_CONV 5 /* The conversation structure */ | |
199 #define PAM_AUTHTOK 6 /* The authentication token */ | |
200 #define PAM_OLDAUTHTOK 7 /* Old authentication token */ | |
201 #define PAM_RUSER 8 /* The remote user name */ | |
202 #define PAM_USER_PROMPT 9 /* The user prompt */ | |
203 #define PAM_REPOSITORY 10 /* The repository to be updated */ | |
204 #define PAM_RESOURCE 11 /* Resource management info */ | |
2815 | 205 #define PAM_AUSER 12 /* The authenticated user name */ |
0 | 206 |
207 /* pam repository structure */ | |
208 | |
209 struct pam_repository { | |
210 char *type; /* Repository type, e.g., files, nis, ldap */ | |
211 void *scope; /* Optional scope information */ | |
212 size_t scope_len; /* length of scope inforamtion */ | |
213 }; | |
214 | |
215 typedef struct pam_repository pam_repository_t; | |
216 | |
217 /* | |
218 * pam_get_user is called to retrieve the user name (PAM_USER). If PAM_USER | |
219 * is not set then this call will prompt for the user name using the | |
220 * conversation function. This function should only be used by modules, not | |
221 * applications. | |
222 */ | |
223 | |
224 extern int | |
225 pam_get_user( | |
226 pam_handle_t *pamh, /* PAM handle */ | |
227 char **user, /* User Name */ | |
228 const char *prompt /* Prompt */ | |
229 ); | |
230 | |
231 /* | |
232 * PAM equivalent to strerror(); | |
233 */ | |
234 extern const char * | |
235 pam_strerror( | |
236 pam_handle_t *pamh, /* pam handle */ | |
237 int errnum /* error number */ | |
238 ); | |
239 | |
240 /* general flag for pam_* functions */ | |
241 #define PAM_SILENT 0x80000000 | |
242 | |
243 /* | |
244 * pam_authenticate is called to authenticate the current user. | |
245 */ | |
246 extern int | |
247 pam_authenticate( | |
248 pam_handle_t *pamh, | |
249 int flags | |
250 ); | |
251 | |
252 /* | |
253 * Flags for pam_authenticate | |
254 */ | |
255 | |
256 #define PAM_DISALLOW_NULL_AUTHTOK 0x1 /* The password must be non-null */ | |
257 | |
258 /* | |
259 * pam_acct_mgmt is called to perform account management processing | |
260 */ | |
261 extern int | |
262 pam_acct_mgmt( | |
263 pam_handle_t *pamh, | |
264 int flags | |
265 ); | |
266 | |
267 /* | |
268 * pam_open_session is called to note the initiation of new session in the | |
269 * appropriate administrative data bases. | |
270 */ | |
271 extern int | |
272 pam_open_session( | |
273 pam_handle_t *pamh, | |
274 int flags | |
275 ); | |
276 | |
277 /* | |
278 * pam_close_session records the termination of a session. | |
279 */ | |
280 extern int | |
281 pam_close_session( | |
282 pam_handle_t *pamh, | |
283 int flags | |
284 ); | |
285 | |
286 /* pam_setcred is called to set the credentials of the current user */ | |
287 extern int | |
288 pam_setcred( | |
289 pam_handle_t *pamh, | |
290 int flags | |
291 ); | |
292 | |
293 /* flags for pam_setcred() */ | |
294 #define PAM_ESTABLISH_CRED 0x1 /* set scheme specific user id */ | |
295 #define PAM_DELETE_CRED 0x2 /* unset scheme specific user id */ | |
296 #define PAM_REINITIALIZE_CRED 0x4 /* reinitialize user credentials */ | |
297 /* (after a password has changed */ | |
298 #define PAM_REFRESH_CRED 0x8 /* extend lifetime of credentials */ | |
299 | |
300 /* pam_chauthtok is called to change authentication token */ | |
301 | |
302 extern int | |
303 pam_chauthtok( | |
304 pam_handle_t *pamh, | |
305 int flags | |
306 ); | |
307 | |
308 /* | |
309 * Be careful - there are flags defined for pam_sm_chauthtok() in | |
310 * pam_modules.h also: | |
311 * PAM_PRELIM_CHECK 0x1 | |
312 * PAM_UPDATE_AUTHTOK 0x2 | |
313 */ | |
314 #define PAM_CHANGE_EXPIRED_AUTHTOK 0x4 /* update expired passwords only */ | |
315 #define PAM_NO_AUTHTOK_CHECK 0x8 /* bypass password strength tests */ | |
316 | |
317 /* pam_putenv is called to add environment variables to the PAM handle */ | |
318 | |
319 extern int | |
320 pam_putenv( | |
321 pam_handle_t *pamh, | |
322 const char *name_value | |
323 ); | |
324 | |
325 /* pam_getenv is called to retrieve an env variable from the PAM handle */ | |
326 | |
327 extern char * | |
328 pam_getenv( | |
329 pam_handle_t *pamh, | |
330 const char *name | |
331 ); | |
332 | |
333 /* pam_getenvlist is called to retrieve all env variables from the PAM handle */ | |
334 | |
335 extern char ** | |
336 pam_getenvlist( | |
337 pam_handle_t *pamh | |
338 ); | |
339 | |
340 #ifdef __cplusplus | |
341 } | |
342 #endif | |
343 | |
344 #endif /* _PAM_APPL_H */ |