Vendor import of OpenPAM Calamite

5 files changed, 742 insertions, 0 deletions

diff --git a/contrib/openpam/include/security/openpam.h b/contrib/openpam/include/security/openpam.h
new file mode 100644
index 0000000..5b5497f
--- /dev/null
+++ b/contrib/openpam/include/security/openpam.h
@@ -0,0 +1,210 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _SECURITY_OPENPAM_H_INCLUDED
+#define _SECURITY_OPENPAM_H_INCLUDED
+
+/*
+ * Annoying but necessary header pollution
+ */
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * API extensions
+ */
+int
+pam_error(pam_handle_t *_pamh,
+	const char *_fmt,
+	...);
+
+int
+pam_get_authtok(pam_handle_t *_pamh,
+	const char **_authtok,
+	const char *_prompt);
+
+int
+pam_info(pam_handle_t *_pamh,
+	const char *_fmt,
+	...);
+
+int
+pam_prompt(pam_handle_t *_pamh,
+	int _style,
+	char **_resp,
+	const char *_fmt,
+	...);
+
+int
+pam_setenv(pam_handle_t *_pamh,
+	const char *_name,
+	const char *_value,
+	int _overwrite);
+
+int
+pam_vinfo(pam_handle_t *_pamh,
+	const char *_fmt,
+	va_list _ap);
+
+int
+pam_verror(pam_handle_t *_pamh,
+	const char *_fmt,
+	va_list _ap);
+
+int
+pam_vprompt(pam_handle_t *_pamh,
+	int _style,
+	char **_resp,
+	const char *_fmt,
+	va_list _ap);
+
+/*
+ * Log levels
+ */
+enum {
+	PAM_LOG_DEBUG,
+	PAM_LOG_VERBOSE,
+	PAM_LOG_NOTICE,
+	PAM_LOG_ERROR
+};
+
+/*
+ * Log to syslog
+ */
+void _openpam_log(int _level,
+	const char *_func,
+	const char *_fmt,
+	...);
+
+#if defined(__STDC__) && (__STDC_VERSION__ > 199901L)
+#define openpam_log(lvl, fmt, ...) \
+	_openpam_log((lvl), __func__, fmt, __VA_ARGS__)
+#elif defined(__GNUC__)
+#define openpam_log(lvl, fmt...) \
+	_openpam_log((lvl), __func__, ##fmt)
+#else
+extern openpam_log(int _level, const char *_format, ...);
+#endif
+
+/*
+ * Generic conversation function
+ */
+struct pam_message;
+struct pam_response;
+int openpam_ttyconv(int _n,
+	const struct pam_message **_msg,
+	struct pam_response **_resp,
+	void *_data);
+
+/*
+ * PAM primitives
+ */
+enum {
+	PAM_SM_AUTHENTICATE,
+	PAM_SM_SETCRED,
+	PAM_SM_ACCT_MGMT,
+	PAM_SM_OPEN_SESSION,
+	PAM_SM_CLOSE_SESSION,
+	PAM_SM_CHAUTHTOK,
+	/* keep this last */
+	PAM_NUM_PRIMITIVES
+};
+
+/*
+ * Dummy service module function
+ */
+#define PAM_SM_DUMMY(type)						\
+PAM_EXTERN int								\
+pam_sm_##type(pam_handle_t *pamh, int flags,				\
+    int argc, const char *argv[])					\
+{									\
+	return (PAM_IGNORE);						\
+}
+
+/*
+ * PAM service module functions match this typedef
+ */
+struct pam_handle;
+typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
+
+/*
+ * A struct that describes a module.
+ */
+typedef struct pam_module pam_module_t;
+struct pam_module {
+	const char	*path;
+	pam_func_t	 func[PAM_NUM_PRIMITIVES];
+	void		*dlh;
+	int		 refcount;
+	pam_module_t	*prev;
+	pam_module_t	*next;
+};
+
+/*
+ * Infrastructure for static modules using GCC linker sets.
+ * You are not expected to understand this.
+ */
+#if defined(__GNUC__) && !defined(__PIC__)
+#if defined(__FreeBSD__)
+#define PAM_SOEXT ".so"
+#else
+#error Static linking is not supported on your platform
+#endif
+/* gcc, static linking */
+#include <sys/cdefs.h>
+#include <linker_set.h>
+#define OPENPAM_STATIC_MODULES
+#define PAM_EXTERN static
+#define PAM_MODULE_ENTRY(name)						\
+static struct pam_module _pam_module = { name PAM_SOEXT, {		\
+    pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt,		\
+    pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok },	\
+    NULL, 0, NULL, NULL };						\
+DATA_SET(_openpam_modules, _pam_module)
+#else
+/* normal case */
+#define PAM_EXTERN
+#define PAM_MODULE_ENTRY(name)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/include/security/pam_appl.h b/contrib/openpam/include/security/pam_appl.h
new file mode 100644
index 0000000..f3e7e60
--- /dev/null
+++ b/contrib/openpam/include/security/pam_appl.h
@@ -0,0 +1,180 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _PAM_APPL_H_INCLUDED
+#define _PAM_APPL_H_INCLUDED
+
+#include <security/pam_types.h>
+#include <security/pam_constants.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * XSSO 4.2.1, 6
+ */
+
+int
+pam_acct_mgmt(pam_handle_t *_pamh,
+	int _flags);
+
+int
+pam_authenticate(pam_handle_t *_pamh,
+	int _flags);
+
+int
+pam_chauthtok(pam_handle_t *_pamh,
+	int _flags);
+
+int
+pam_close_session(pam_handle_t *_pamh,
+	int _flags);
+
+int
+pam_end(pam_handle_t *_pamh,
+	int _status);
+
+int
+pam_get_data(pam_handle_t *_pamh,
+	const char *_module_data_name,
+	void **_data);
+
+int
+pam_get_item(pam_handle_t *_pamh,
+	int _item_type,
+	const void **_item);
+
+int
+pam_get_user(pam_handle_t *_pamh,
+	const char **_user,
+	const char *_prompt);
+
+char *
+pam_getenv(pam_handle_t *_pamh,
+	const char *_name);
+
+char **
+pam_getenvlist(pam_handle_t *_pamh);
+
+int
+pam_open_session(pam_handle_t *_pamh,
+	int _flags);
+
+int
+pam_putenv(pam_handle_t *_pamh,
+	const char *_namevalue);
+
+int
+pam_set_data(pam_handle_t *_pamh,
+	const char *_module_data_name,
+	void *_data,
+	void (*_cleanup)(pam_handle_t *_pamh,
+		void *_data,
+		int _pam_end_status));
+
+int
+pam_set_item(pam_handle_t *_pamh,
+	int _item_type,
+	const void *_item);
+
+int
+pam_setcred(pam_handle_t *_pamh,
+	int _flags);
+
+int
+pam_start(const char *_service,
+	const char *_user,
+	const struct pam_conv *_pam_conv,
+	pam_handle_t **_pamh);
+
+const char *
+pam_strerror(pam_handle_t *_pamh,
+	int _error_number);
+
+/*
+ * Single Sign-On extensions
+ */
+#if 0
+int
+pam_authenticate_secondary(pam_handle_t *_pamh,
+	char *_target_username,
+	char *_target_module_type,
+	char *_target_authn_domain,
+	char *_target_supp_data,
+	char *_target_module_authtok,
+	int _flags);
+
+int
+pam_get_mapped_authtok(pam_handle_t *_pamh,
+	const char *_target_module_username,
+	const char *_target_module_type,
+	const char *_target_authn_domain,
+	size_t *_target_authtok_len,
+	unsigned char **_target_module_authtok);
+
+int
+pam_get_mapped_username(pam_handle_t *_pamh,
+	const char *_src_username,
+	const char *_src_module_type,
+	const char *_src_authn_domain,
+	const char *_target_module_type,
+	const char *_target_authn_domain,
+	char **_target_module_username);
+
+int
+pam_set_mapped_authtok(pam_handle_t *_pamh,
+	const char *_target_module_username,
+	size_t _target_authtok_len,
+	unsigned char *_target_module_authtok,
+	const char *_target_module_type,
+	const char *_target_authn_domain);
+
+int
+pam_set_mapped_username(pam_handle_t *_pamh,
+	char *_src_username,
+	char *_src_module_type,
+	char *_src_authn_domain,
+	char *_target_module_username,
+	char *_target_module_type,
+	char *_target_authn_domain);
+#endif /* 0 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/include/security/pam_constants.h b/contrib/openpam/include/security/pam_constants.h
new file mode 100644
index 0000000..71d6ba8
--- /dev/null
+++ b/contrib/openpam/include/security/pam_constants.h
@@ -0,0 +1,128 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _PAM_CONSTANTS_H_INCLUDED
+#define _PAM_CONSTANTS_H_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * XSSO 5.2
+ */
+enum {
+	PAM_SUCCESS			=   0,
+	PAM_OPEN_ERR			=   1,
+	PAM_SYMBOL_ERR			=   2,
+	PAM_SERVICE_ERR			=   3,
+	PAM_SYSTEM_ERR			=   4,
+	PAM_BUF_ERR			=   5,
+	PAM_CONV_ERR			=   6,
+	PAM_PERM_DENIED			=   7,
+	PAM_MAXTRIES			=   8,
+	PAM_AUTH_ERR			=   9,
+	PAM_NEW_AUTHTOK_REQD		=  10,
+	PAM_CRED_INSUFFICIENT		=  11,
+	PAM_AUTHINFO_UNAVAIL		=  12,
+	PAM_USER_UNKNOWN		=  13,
+	PAM_CRED_UNAVAIL		=  14,
+	PAM_CRED_EXPIRED		=  15,
+	PAM_CRED_ERR			=  16,
+	PAM_ACCT_EXPIRED		=  17,
+	PAM_AUTHTOK_EXPIRED		=  18,
+	PAM_SESSION_ERR			=  19,
+	PAM_AUTHTOK_ERR			=  20,
+	PAM_AUTHTOK_RECOVERY_ERR	=  21,
+	PAM_AUTHTOK_LOCK_BUSY		=  22,
+	PAM_AUTHTOK_DISABLE_AGING	=  23,
+	PAM_NO_MODULE_DATA		=  24,
+	PAM_IGNORE			=  25,
+	PAM_ABORT			=  26,
+	PAM_TRY_AGAIN			=  27,
+	PAM_MODULE_UNKNOWN		=  28,
+	PAM_DOMAIN_UNKNOWN		=  29
+};
+
+/*
+ * XSSO 5.3
+ */
+enum {
+	PAM_PROMPT_ECHO_OFF		=   1,
+	PAM_PROMPT_ECHO_ON		=   2,
+	PAM_ERROR_MSG			=   3,
+	PAM_TEXT_INFO			=   4,
+	PAM_MAX_NUM_MSG			=  32,
+	PAM_MAX_MSG_SIZE		= 512,
+	PAM_MAX_RESP_SIZE		= 512
+};
+
+/*
+ * XSSO 5.4
+ */
+enum {
+	PAM_SILENT			= 0x80000000,
+	PAM_DISALLOW_NULL_AUTHTOK	= 0x1,
+	PAM_ESTABLISH_CRED		= 0x1,
+	PAM_DELETE_CRED			= 0x2,
+	PAM_REINITIALISE_CRED		= 0x4,
+	PAM_REFRESH_CRED		= 0x8,
+	PAM_PRELIM_CHECK		= 0x1,
+	PAM_UPDATE_AUTHTOK		= 0x2,
+	PAM_CHANGE_EXPIRED_AUTHTOK	= 0x4
+};
+
+/*
+ * XSSO 5.5
+ */
+enum {
+	PAM_SERVICE			=   1,
+	PAM_USER			=   2,
+	PAM_TTY				=   3,
+	PAM_RHOST			=   4,
+	PAM_CONV			=   5,
+	PAM_AUTHTOK			=   6,
+	PAM_OLDAUTHTOK			=   7,
+	PAM_RUSER			=   8,
+	PAM_USER_PROMPT			=   9,
+	PAM_AUTHTOK_PROMPT		=  10		/* OpenPAM extension */
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/include/security/pam_modules.h b/contrib/openpam/include/security/pam_modules.h
new file mode 100644
index 0000000..35c8eb9
--- /dev/null
+++ b/contrib/openpam/include/security/pam_modules.h
@@ -0,0 +1,148 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _PAM_MODULES_H_INCLUDED
+#define _PAM_MODULES_H_INCLUDED
+
+#include <security/pam_types.h>
+#include <security/pam_constants.h>
+#include <security/openpam.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * XSSO 4.2.2, 6
+ */
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *_pamh,
+	int _flags,
+	int _argc,
+	const char **_argv);
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *_pamh,
+	int _flags,
+	int _argc,
+	const char **_argv);
+
+PAM_EXTERN int
+pam_sm_chauthtok(pam_handle_t *_pamh,
+	int _flags,
+	int _argc,
+	const char **_argv);
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *_pamh,
+	int _flags,
+	int _args,
+	const char **_argv);
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *_pamh,
+	int _flags,
+	int _argc,
+	const char **_argv);
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *_pamh,
+	int _flags,
+	int _argc,
+	const char **_argv);
+
+/*
+ * Single Sign-On extensions
+ */
+#if 0
+PAM_EXTERN int
+pam_sm_authenticate_secondary(pam_handle_t *_pamh,
+	char *_target_username,
+	char *_target_module_type,
+	char *_target_authn_domain,
+	char *_target_supp_data,
+	unsigned char *_target_module_authtok,
+	int _flags,
+	int _argc,
+	const char **_argv);
+
+PAM_EXTERN int
+pam_sm_get_mapped_authtok(pam_handle_t *_pamh,
+	char *_target_module_username,
+	char *_target_module_type,
+	char *_target_authn_domain,
+	size_t *_target_authtok_len,
+	unsigned char **_target_module_authtok,
+	int _argc,
+	char *_argv);
+
+PAM_EXTERN int
+pam_sm_get_mapped_username(pam_handle_t *_pamh,
+	char *_src_username,
+	char *_src_module_type,
+	char *_src_authn_domain,
+	char *_target_module_type,
+	char *_target_authn_domain,
+	char **_target_module_username,
+	int _argc,
+	const char **_argv);
+
+PAM_EXTERN int
+pam_sm_set_mapped_authtok(pam_handle_t *_pamh,
+	char *_target_module_username,
+	size_t _target_authtok_len,
+	unsigned char *_target_module_authtok,
+	char *_target_module_type,
+	char *_target_authn_domain,
+	int _argc,
+	const char *_argv);
+
+PAM_EXTERN int
+pam_sm_set_mapped_username(pam_handle_t *_pamh,
+	char *_target_module_username,
+	char *_target_module_type,
+	char *_target_authn_domain,
+	int _argc,
+	const char **_argv);
+
+#endif /* 0 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/openpam/include/security/pam_types.h b/contrib/openpam/include/security/pam_types.h
new file mode 100644
index 0000000..d8ba80b
--- /dev/null
+++ b/contrib/openpam/include/security/pam_types.h
@@ -0,0 +1,76 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ */
+
+#ifndef _PAM_TYPES_H_INCLUDED
+#define _PAM_TYPES_H_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * XSSO 5.1.1
+ */
+struct pam_message {
+	int	 msg_style;
+	char	*msg;
+};
+
+struct pam_response {
+	char	*resp;
+	int	 resp_retcode;
+};
+
+/*
+ * XSSO 5.1.2
+ */
+struct pam_conv {
+	int	(*conv)(int, const struct pam_message **,
+	    struct pam_response **, void *);
+	void	*appdata_ptr;
+};
+
+/*
+ * XSSO 5.1.3
+ */
+struct pam_handle;
+typedef struct pam_handle pam_handle_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif