search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[GLUE] Rsync SAMBA_3_0 SVN r25598 in order to create the v3-0-test branch.
[Samba.git] / source / nsswitch / pam_winbind.h
blob73da2826cabb3d133b5ee3e636830176b431b485
1 /* pam_winbind header file
2 (Solaris needs some macros from Linux for common PAM code)
3
4 Shirish Kalele 2000
5 */
6
7 #include "lib/replace/replace.h"
8 #include "system/syslog.h"
9 #include "system/time.h"
10
11 #define MODULE_NAME "pam_winbind"
12 #define PAM_SM_AUTH
13 #define PAM_SM_ACCOUNT
14 #define PAM_SM_PASSWORD
15
16 #ifndef PAM_WINBIND_CONFIG_FILE
17 #define PAM_WINBIND_CONFIG_FILE "/etc/security/pam_winbind.conf"
18 #endif
19
20 #include <iniparser.h>
21
22 #ifndef LINUX
23
24 /* Solaris always uses dynamic pam modules */
25 #define PAM_EXTERN extern
26 #include <security/pam_appl.h>
27
28 #ifndef PAM_AUTHTOK_RECOVER_ERR
29 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
30 #endif
31
32 #endif /* defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD) || defined(AIX) */
33
34 #ifdef HAVE_SECURITY_PAM_MODULES_H
35 #include <security/pam_modules.h>
36 #endif
37
38 #ifdef HAVE_SECURITY__PAM_MACROS_H
39 #include <security/_pam_macros.h>
40 #else
41 /* Define required macros from (Linux PAM 0.68) security/_pam_macros.h */
42 #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
43 do { \
44 int reply_i; \
45 \
46 for (reply_i=0; reply_i<replies; ++reply_i) { \
47 if (reply[reply_i].resp) { \
48 _pam_overwrite(reply[reply_i].resp); \
49 free(reply[reply_i].resp); \
50 } \
51 } \
52 if (reply) \
53 free(reply); \
54 } while (0)
55
56 #define _pam_overwrite(x) \
57 do { \
58 register char *__xx__; \
59 if ((__xx__=(x))) \
60 while (*__xx__) \
61 *__xx__++ = '\0'; \
62 } while (0)
63
64 /*
65 * Don't just free it, forget it too.
66 */
67
68 #define _pam_drop(X) SAFE_FREE(X)
69
70 #define x_strdup(s) ( (s) ? strdup(s):NULL )
71 #endif /* HAVE_SECURITY__PAM_MACROS_H */
72
73 #ifdef HAVE_SECURITY_PAM_EXT_H
74 #include <security/pam_ext.h>
75 #endif
76
77 #define WINBIND_DEBUG_ARG (1<<0)
78 #define WINBIND_USE_AUTHTOK_ARG (1<<1)
79 #define WINBIND_UNKNOWN_OK_ARG (1<<2)
80 #define WINBIND_TRY_FIRST_PASS_ARG (1<<3)
81 #define WINBIND_USE_FIRST_PASS_ARG (1<<4)
82 #define WINBIND__OLD_PASSWORD (1<<5)
83 #define WINBIND_REQUIRED_MEMBERSHIP (1<<6)
84 #define WINBIND_KRB5_AUTH (1<<7)
85 #define WINBIND_KRB5_CCACHE_TYPE (1<<8)
86 #define WINBIND_CACHED_LOGIN (1<<9)
87 #define WINBIND_CONFIG_FILE (1<<10)
88 #define WINBIND_SILENT (1<<11)
89 #define WINBIND_DEBUG_STATE (1<<12)
90
91 /*
92 * here is the string to inform the user that the new passwords they
93 * typed were not the same.
94 */
95
96 #define MISTYPED_PASS "Sorry, passwords do not match"
97
98 #define on(x, y) (x & y)
99 #define off(x, y) (!(x & y))
100
101 #define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
102 #define PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH "PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH"
103 #define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
104 #define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT"
105 #define PAM_WINBIND_LOGONSERVER "PAM_WINBIND_LOGONSERVER"
106 #define PAM_WINBIND_PROFILEPATH "PAM_WINBIND_PROFILEPATH"
107 #define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET"
108
109 #define SECONDS_PER_DAY 86400
110
111 #define DAYS_TO_WARN_BEFORE_PWD_EXPIRES 5
112
113 #include "winbind_client.h"
114
115 #define PAM_WB_REMARK_DIRECT(h,f,x)\
116 {\
117 const char *error_string = NULL; \
118 error_string = _get_ntstatus_error_string(x);\
119 if (error_string != NULL) {\
120 _make_remark(h, f, PAM_ERROR_MSG, error_string);\
121 } else {\
122 _make_remark(h, f, PAM_ERROR_MSG, x);\
123 };\
124 };
125
126 #define PAM_WB_REMARK_DIRECT_RET(h,f,x)\
127 {\
128 const char *error_string = NULL; \
129 error_string = _get_ntstatus_error_string(x);\
130 if (error_string != NULL) {\
131 _make_remark(h, f, PAM_ERROR_MSG, error_string);\
132 return ret;\
133 };\
134 _make_remark(h, f, PAM_ERROR_MSG, x);\
135 return ret;\
136 };
137
138 #define PAM_WB_REMARK_CHECK_RESPONSE(h,f,x,y)\
139 {\
140 const char *ntstatus = x.data.auth.nt_status_string; \
141 const char *error_string = NULL; \
142 if (!strcasecmp(ntstatus,y)) {\
143 error_string = _get_ntstatus_error_string(y);\
144 if (error_string != NULL) {\
145 _make_remark(h, f, PAM_ERROR_MSG, error_string);\
146 };\
147 if (x.data.auth.error_string[0] != '\0') {\
148 _make_remark(h, f, PAM_ERROR_MSG, x.data.auth.error_string);\
149 };\
150 _make_remark(h, f, PAM_ERROR_MSG, y);\
151 };\
152 };
153
154 #define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,f,x,y)\
155 {\
156 const char *ntstatus = x.data.auth.nt_status_string; \
157 const char *error_string = NULL; \
158 if (!strcasecmp(ntstatus,y)) {\
159 error_string = _get_ntstatus_error_string(y);\
160 if (error_string != NULL) {\
161 _make_remark(h, f, PAM_ERROR_MSG, error_string);\
162 return ret;\
163 };\
164 if (x.data.auth.error_string[0] != '\0') {\
165 _make_remark(h, f, PAM_ERROR_MSG, x.data.auth.error_string);\
166 return ret;\
167 };\
168 _make_remark(h, f, PAM_ERROR_MSG, y);\
169 return ret;\
170 };\
171 };
172
173 /* from include/rpc_samr.h */
174 #define DOMAIN_PASSWORD_COMPLEX 0x00000001
175
176 #define REJECT_REASON_OTHER 0x00000000
177 #define REJECT_REASON_TOO_SHORT 0x00000001
178 #define REJECT_REASON_IN_HISTORY 0x00000002
179 #define REJECT_REASON_NOT_COMPLEX 0x00000005
180
181 /* from include/smb.h */
182 #define ACB_PWNOEXP 0x00000200
183
184 /* from include/rpc_netlogon.h */
185 #define LOGON_CACHED_ACCOUNT 0x00000004
186 #define LOGON_GRACE_LOGON 0x01000000
187
188 #define PAM_WB_CACHED_LOGON(x) (x & LOGON_CACHED_ACCOUNT)
189 #define PAM_WB_GRACE_LOGON(x) ((LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON) == ( x & (LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON)))
Samba GIT mirror