Initial public release: fresh history

include/pam_auth.h

@@ -0,0 +1,48 @@
+#ifndef PAM_AUTH_H
+#define PAM_AUTH_H
+
+#include <security/pam_appl.h>
+
+typedef struct pam_ui_s {
+    void (*info)(const char *msg, void *user);
+    void (*error)(const char *msg, void *user);
+    void *user_ctx;
+} pam_ui_t;
+
+typedef struct {
+    pam_handle_t *pamh;
+    int session_opened; /* 1 if pam_open_session was called successfully */
+} pam_session_t;
+
+/* Full login path: authenticate + acct_mgmt (+chauthtok) + setcred + open_session (if open_session!=0)
+   tty_opt/xdisplay_opt are forwarded as PAM items; env is exported via pam_export_env().
+   Returns PAM_* code (PAM_SUCCESS on success). */
+int pam_begin(const char *service,
+              const char *username,
+              const char *password,
+              const char *tty_opt,
+              const char *xdisplay_opt,
+              const pam_ui_t *ui,
+              int open_session,
+              pam_session_t *out);
+
+/* Open a GREETER session only (no auth). Must be called in a process whose loginuid is unset.
+   Sets PAM_TTY and populates PAM env (XDG_SESSION_CLASS=greeter, XDG_SEAT, XDG_VTNR) before pam_open_session.
+   Returns PAM_* code. */
+int pam_open_greeter_session(const char *service,
+                             const char *tty_opt,
+                             const char *xdisplay_opt,
+                             const pam_ui_t *ui,
+                             pam_session_t *out);
+
+/* Export PAM env into current process. */
+void pam_export_env(pam_session_t *ps);
+
+/* Close session if opened; delete creds; end PAM. Safe to call multiple times. */
+void pam_end_session(pam_session_t *ps);
+
+/* Pretty for logs; never NULL. */
+const char *pam_errstr(int code);
+
+#endif
+