pam_appl.h revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _PAM_APPL_H
#define _PAM_APPL_H
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef __cplusplus
extern "C" {
#endif
/* Generic PAM errors */
#define PAM_SUCCESS 0 /* Normal function return */
/* Errors returned by pam_authenticate, pam_acct_mgmt(), and pam_setcred() */
/* of insufficient credentials */
/* Errors returned by pam_setcred() */
/* Errors returned by pam_acct_mgmt() */
/* usable */
/* Errors returned by pam_open/close_session() */
/* specified session */
/* Errors returned by pam_chauthtok() */
/* manipulation error */
/* cannot be recovered */
/* lock busy */
/* is disabled */
/* Errors returned by pam_get_data */
/* Errors returned by modules */
/* Try again another time */
#define PAM_TOTAL_ERRNUM 28
/*
* structure pam_message is used to pass prompt, error message,
* or any text information from scheme to application/user.
*/
struct pam_message {
int msg_style; /* Msg_style - see below */
char *msg; /* Message string */
};
/*
* msg_style defines the interaction style between the
* scheme and the application.
*/
/*
* Sun's proprietary message types
* Can these new new message types supported in version 2
* have the numbers like -XXX (ie., negative numbers).
*/
/*
* max # of messages passed to the application through the
* conversation function call
*/
#define PAM_MAX_NUM_MSG 32
/*
* max size (in chars) of each messages passed to the application
* through the conversation function call
*/
#define PAM_MAX_MSG_SIZE 512
/*
* max size (in chars) of each response passed from the application
* through the conversation function call
*/
#define PAM_MAX_RESP_SIZE 512
/*
* structure pam_response is used by the scheme to get the user's
* response back from the application/user.
*/
struct pam_response {
char *resp; /* Response string */
int resp_retcode; /* Return code - for future use */
};
/*
* structure pam_conv is used by authentication applications for passing
* call back function pointers and application data pointers to the scheme
*/
struct pam_conv {
int (*conv)(int, struct pam_message **,
struct pam_response **, void *);
void *appdata_ptr; /* Application data ptr */
};
/* the pam handle */
typedef struct pam_handle pam_handle_t;
/*
* pam_start() is called to initiate an authentication exchange
* with PAM.
*/
extern int
const char *service_name, /* Service Name */
const char *user, /* User Name */
);
/*
* pam_end() is called to end an authentication exchange with PAM.
*/
extern int
int status /* the final status value that */
/* gets passed to cleanup functions */
);
/*
* pam_set_item is called to store an object in PAM handle.
*/
extern int
int item_type, /* Type of object - see below */
const void *item /* Address of place to put pointer */
/* to object */
);
/*
* pam_get_item is called to retrieve an object from the static data area
*/
extern int
int item_type, /* Type of object - see below */
void ** item /* Address of place to put pointer */
/* to object */
);
/* Items supported by pam_[sg]et_item() calls */
/* pam repository structure */
struct pam_repository {
char *type; /* Repository type, e.g., files, nis, ldap */
void *scope; /* Optional scope information */
};
typedef struct pam_repository pam_repository_t;
/*
* PAM message version.
* Sun proprietary pam_[sg]et_item() extension
*/
/*
* pam_get_user is called to retrieve the user name (PAM_USER). If PAM_USER
* is not set then this call will prompt for the user name using the
* conversation function. This function should only be used by modules, not
* applications.
*/
extern int
char **user, /* User Name */
const char *prompt /* Prompt */
);
/*
* PAM equivalent to strerror();
*/
extern const char *
int errnum /* error number */
);
/* general flag for pam_* functions */
#define PAM_SILENT 0x80000000
/*
* pam_authenticate is called to authenticate the current user.
*/
extern int
int flags
);
/*
* Flags for pam_authenticate
*/
/*
* pam_acct_mgmt is called to perform account management processing
*/
extern int
int flags
);
/*
* pam_open_session is called to note the initiation of new session in the
* appropriate administrative data bases.
*/
extern int
int flags
);
/*
* pam_close_session records the termination of a session.
*/
extern int
int flags
);
/* pam_setcred is called to set the credentials of the current user */
extern int
int flags
);
/* flags for pam_setcred() */
/* (after a password has changed */
/* pam_chauthtok is called to change authentication token */
extern int
int flags
);
/*
* Be careful - there are flags defined for pam_sm_chauthtok() in
* pam_modules.h also:
* PAM_PRELIM_CHECK 0x1
* PAM_UPDATE_AUTHTOK 0x2
*/
/* pam_putenv is called to add environment variables to the PAM handle */
extern int
const char *name_value
);
/* pam_getenv is called to retrieve an env variable from the PAM handle */
extern char *
const char *name
);
/* pam_getenvlist is called to retrieve all env variables from the PAM handle */
extern char **
);
#ifdef __cplusplus
}
#endif
#endif /* _PAM_APPL_H */