From dcccbaacd873fac9ec9b01589172726b4c98d55b Mon Sep 17 00:00:00 2001
From: "Joe Richey joerichey@google.com" <joerichey@google.com>
Date: Mon, 17 Jul 2017 15:44:57 -0700
Subject: [PATCH] pam: Add PAM Items and Flags

Code pulled from github.com/msteinert/pam
---
 pam/constants.go | 110 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 110 insertions(+)
 create mode 100644 pam/constants.go

diff --git a/pam/constants.go b/pam/constants.go
new file mode 100644
index 0000000..5c57e06
--- /dev/null
+++ b/pam/constants.go
@@ -0,0 +1,110 @@
+/*
+ * constants.go - PAM flags and item types from github.com/msteinert/pam
+ *
+ * Modifications Copyright 2017 Google Inc.
+ * Modifications Author: Joe Richey (joerichey@google.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * Copyright 2011, krockot
+ * Copyright 2015, Michael Steinert <mike.steinert@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ *   list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package pam
+
+/*
+#cgo LDFLAGS: -lpam
+
+#include <security/pam_modules.h>
+*/
+import "C"
+
+// Item is a an PAM information type.
+type Item int
+
+// PAM Item types.
+const (
+	// Service is the name which identifies the PAM stack.
+	Service Item = C.PAM_SERVICE
+	// User identifies the username identity used by a service.
+	User = C.PAM_USER
+	// Tty is the terminal name.
+	Tty = C.PAM_TTY
+	// Rhost is the requesting host name.
+	Rhost = C.PAM_RHOST
+	// Authtok is the currently active authentication token.
+	Authtok = C.PAM_AUTHTOK
+	// Oldauthtok is the old authentication token.
+	Oldauthtok = C.PAM_OLDAUTHTOK
+	// Ruser is the requesting user name.
+	Ruser = C.PAM_RUSER
+	// UserPrompt is the string use to prompt for a username.
+	UserPrompt = C.PAM_USER_PROMPT
+)
+
+// Flag is used as input to various PAM functions. Flags can be combined with a
+// bitwise or. Refer to the official PAM documentation for which flags are
+// accepted by which functions.
+type Flag int
+
+// PAM Flag types.
+const (
+	// Silent indicates that no messages should be emitted.
+	Silent Flag = C.PAM_SILENT
+	// DisallowNullAuthtok indicates that authorization should fail
+	// if the user does not have a registered authentication token.
+	DisallowNullAuthtok = C.PAM_DISALLOW_NULL_AUTHTOK
+	// EstablishCred indicates that credentials should be established
+	// for the user.
+	EstablishCred = C.PAM_ESTABLISH_CRED
+	// DeleteCred inidicates that credentials should be deleted.
+	DeleteCred = C.PAM_DELETE_CRED
+	// ReinitializeCred indicates that credentials should be fully
+	// reinitialized.
+	ReinitializeCred = C.PAM_REINITIALIZE_CRED
+	// RefreshCred indicates that the lifetime of existing credentials
+	// should be extended.
+	RefreshCred = C.PAM_REFRESH_CRED
+	// ChangeExpiredAuthtok indicates that the authentication token
+	// should be changed if it has expired.
+	ChangeExpiredAuthtok = C.PAM_CHANGE_EXPIRED_AUTHTOK
+	// PrelimCheck indicates that the modules are being probed as to their
+	// ready status for altering the user's authentication token.
+	PrelimCheck = C.PAM_PRELIM_CHECK
+	// UpdateAuthtok informs the module that this is the call it should
+	// change the authorization tokens.
+	UpdateAuthtok = C.PAM_UPDATE_AUTHTOK
+)
-- 
2.39.5