2 * CDE - Common Desktop Environment
4 * Copyright (c) 1993-2012, The Open Group. All rights reserved.
6 * These libraries and programs are free software; you can
7 * redistribute them and/or modify them under the terms of the GNU
8 * Lesser General Public License as published by the Free Software
9 * Foundation; either version 2 of the License, or (at your option)
12 * These libraries and programs are distributed in the hope that
13 * they will be useful, but WITHOUT ANY WARRANTY; without even the
14 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
15 * PURPOSE. See the GNU Lesser General Public License for more
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with these librararies and programs; if not, write
20 * to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
21 * Floor, Boston, MA 02110-1301 USA
23 /* $XConsortium: pam_appl.h /main/5 1996/05/09 04:24:28 drk $ */
25 * Copyright (c) 1992-1995, by Sun Microsystems, Inc.
26 * All rights reserved.
32 #pragma ident "@(#)pam_appl.h 1.45 96/02/15 SMI" /* PAM 2.6 */
40 /* Generic PAM errors */
41 #define PAM_SUCCESS 0 /* Normal function return */
42 #define PAM_OPEN_ERR 1 /* Dlopen failure */
43 #define PAM_SYMBOL_ERR 2 /* Symbol not found */
44 #define PAM_SERVICE_ERR 3 /* Error in underlying service module */
45 #define PAM_SYSTEM_ERR 4 /* System error */
46 #define PAM_BUF_ERR 5 /* Memory buffer error */
47 #define PAM_CONV_ERR 6 /* Conversation failure */
48 #define PAM_PERM_DENIED 7 /* Permission denied */
50 /* Errors returned by pam_authenticate, pam_acct_mgmt(), and pam_setcred() */
51 #define PAM_MAXTRIES 8 /* Maximum number of tries exceeded */
52 #define PAM_AUTH_ERR 9 /* Authentication failure */
53 #define PAM_NEW_AUTHTOK_REQD 10 /* Get new auth token from the user */
54 #define PAM_AUTHTOKEN_REQD PAM_NEW_AUTHTOK_REQD /* backward compatible */
55 #define PAM_CRED_INSUFFICIENT 11 /* can not access auth data b/c */
56 /* of insufficient credentials */
57 #define PAM_AUTHINFO_UNAVAIL 12 /* Can not retrieve auth information */
58 #define PAM_USER_UNKNOWN 13 /* No account present for user */
60 /* Errors returned by pam_setcred() */
61 #define PAM_CRED_UNAVAIL 14 /* can not retrieve user credentials */
62 #define PAM_CRED_EXPIRED 15 /* user credentials expired */
63 #define PAM_CRED_ERR 16 /* failure setting user credentials */
65 /* Errors returned by pam_acct_mgmt() */
66 #define PAM_ACCT_EXPIRED 17 /* user account has expired */
67 #define PAM_AUTHTOK_EXPIRED 18 /* Password expired and no longer */
70 /* Errors returned by pam_open/close_session() */
71 #define PAM_SESSION_ERR 19 /* can not make/remove entry for */
72 /* specified session */
74 /* Errors returned by pam_chauthtok() */
75 #define PAM_AUTHTOK_ERR 20 /* Authentication token */
76 /* manipulation error */
77 #define PAM_AUTHTOK_RECOVERY_ERR 21 /* Old authentication token */
78 /* cannot be recovered */
79 #define PAM_AUTHTOK_LOCK_BUSY 22 /* Authentication token */
81 #define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging */
84 /* Errors returned by pam_get_data */
85 #define PAM_NO_MODULE_DATA 24 /* module data not found */
87 /* Errors returned by modules */
88 #define PAM_IGNORE 25 /* ignore module */
90 #define PAM_ABORT 26 /* General PAM failure */
91 #define PAM_TRY_AGAIN 27 /* Unable to update password */
92 /* Try again another time */
95 * XXX: Make sure that PAM_TOTAL_ERRNUM = 28 in pam_impl.h
99 * structure pam_message is used to pass prompt, error message,
100 * or any text information from scheme to application/user.
104 int msg_style; /* Msg_style - see below */
105 char *msg; /* Message string */
109 * msg_style defines the interaction style between the
110 * scheme and the application.
112 #define PAM_PROMPT_ECHO_OFF 1 /* Echo off when getting response */
113 #define PAM_PROMPT_ECHO_ON 2 /* Echo on when getting response */
114 #define PAM_ERROR_MSG 3 /* Error message */
115 #define PAM_TEXT_INFO 4 /* Textual information */
117 /* max # of authentication token attributes */
118 #define PAM_MAX_NUM_ATTR 10
120 /* max size (in chars) of an authentication token attribute */
121 #define PAM_MAX_ATTR_SIZE 80
124 * max # of messages passed to the application through the
125 * conversation function call
127 #define PAM_MAX_NUM_MSG 32
130 * max size (in chars) of each messages passed to the application
131 * through the conversation function call
133 #define PAM_MAX_MSG_SIZE 512
136 * max size (in chars) of each response passed from the application
137 * through the conversation function call
139 #define PAM_MAX_RESP_SIZE 512
142 * structure pam_response is used by the scheme to get the user's
143 * response back from the application/user.
146 struct pam_response {
147 char *resp; /* Response string */
148 int resp_retcode; /* Return code - for future use */
152 * structure pam_conv is used by authentication applications for passing
153 * call back function pointers and application data pointers to the scheme
156 int (*conv)(int, struct pam_message **,
157 struct pam_response **, void *);
158 void *appdata_ptr; /* Application data ptr */
162 typedef struct pam_handle pam_handle_t;
165 * pam_start() is called to initiate an authentication exchange
170 const char *service_name, /* Service Name */
171 const char *user, /* User Name */
172 const struct pam_conv *pam_conv, /* Conversation structure */
173 pam_handle_t **pamh /* Address to store handle */
177 * pam_end() is called to end an authentication exchange with PAM.
181 pam_handle_t *pamh, /* handle from pam_start() */
182 int status /* the final status value that */
183 /* gets passed to cleanup functions */
187 * pam_set_item is called to store an object in PAM handle.
191 pam_handle_t *pamh, /* PAM handle */
192 int item_type, /* Type of object - see below */
193 const void *item /* Address of place to put pointer */
198 * pam_get_item is called to retrieve an object from the static data area
202 const pam_handle_t *pamh, /* PAM handle */
203 int item_type, /* Type of object - see below */
204 void ** item /* Address of place to put pointer */
208 /* Items supported by pam_[sg]et_item() calls */
209 #define PAM_SERVICE 1 /* The program/service name */
210 #define PAM_USER 2 /* The user name */
211 #define PAM_TTY 3 /* The tty name */
212 #define PAM_RHOST 4 /* The remote host name */
213 #define PAM_CONV 5 /* The conversation structure */
214 #define PAM_AUTHTOK 6 /* The authentication token */
215 #define PAM_OLDAUTHTOK 7 /* Old authentication token */
216 #define PAM_RUSER 8 /* The remote user name */
217 #define PAM_USER_PROMPT 9 /* The user prompt */
220 * pam_get_user is called to retrieve the user name (PAM_USER). If PAM_USER
221 * is not set then this call will prompt for the user name using the
222 * conversation function. This function should only be used by modules, not
228 pam_handle_t *pamh, /* PAM handle */
229 char **user, /* User Name */
230 const char *prompt /* Prompt */
234 * pam_set_data is used to create module specific data, and
235 * to optionally add a cleanup handler that gets called by pam_end.
240 pam_handle_t *pamh, /* PAM handle */
241 const char *module_data_name, /* unique module data name */
242 const void *data, /* the module specific data */
243 void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)
247 * get module specific data set by pam_set_scheme_data.
248 * returns PAM_NO_MODULE_DATA if specified module data was not found.
252 const pam_handle_t *pamh,
253 const char *module_data_name,
258 * PAM equivalent to strerror();
262 pam_handle_t *pamh, /* pam handle */
263 int errnum /* error number */
266 /* general flag for pam_* functions */
267 #define PAM_SILENT 0x80000000
270 * pam_authenticate is called to authenticate the current user.
279 * Flags for pam_authenticate
282 #define PAM_DISALLOW_NULL_AUTHTOK 2 /* The password must be non-null */
285 * pam_acct_mgmt is called to perform account management processing
294 * pam_open_session is called to note the initiation of new session in the
295 * appropriate administrative data bases.
304 * pam_close_session records the termination of a session.
312 /* pam_setcred is called to set the credentials of the current user */
319 /* flags for pam_setcred() */
320 #define PAM_ESTABLISH_CRED 1 /* set scheme specific user id */
321 #define PAM_DELETE_CRED 2 /* unset scheme specific user id */
322 #define PAM_REINITIALIZE_CRED 4 /* reinitialize user credentials */
323 /* (after a password has changed */
324 #define PAM_REFRESH_CRED 8 /* extend lifetime of credentials */
326 /* pam_chauthtok is called to change authentication token */
335 * Be careful - there are flags defined for pam_sm_chauthtok() in
336 * pam_modules.h also.
338 #define PAM_CHANGE_EXPIRED_AUTHTOK 4 /* update expired passwords only */
344 #endif /* _PAM_APPL_H */