| blob | e99c8abe53174b44d8225ae0669a287a5dce8d1d |
1 /* pam_winbind header file
2 (Solaris needs some macros from Linux for common PAM code)
4 Shirish Kalele 2000
5 */
13 #define PAM_SM_AUTH
14 #define PAM_SM_ACCOUNT
15 #define PAM_SM_PASSWORD
16 #define PAM_SM_SESSION
18 #ifndef PAM_WINBIND_CONFIG_FILE
20 #endif
22 #include <iniparser.h>
24 #ifdef HAVE_LIBINTL_H
25 #include <libintl.h>
26 #endif
28 #ifndef LINUX
30 /* Solaris always uses dynamic pam modules */
31 #define PAM_EXTERN extern
32 #if defined(HAVE_SECURITY_PAM_APPL_H)
33 #include <security/pam_appl.h>
34 #elif defined(HAVE_PAM_PAM_APPL_H)
35 #include <pam/pam_appl.h>
36 #endif
38 #ifndef PAM_AUTHTOK_RECOVER_ERR
39 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
40 #endif
42 #endif /* defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD) || defined(AIX) */
44 #if defined(HAVE_SECURITY_PAM_MODULES_H)
45 #include <security/pam_modules.h>
46 #elif defined(HAVE_PAM_PAM_MODULES_H)
47 #include <pam/pam_modules.h>
48 #endif
50 #if defined(HAVE_SECURITY__PAM_MACROS_H)
51 #include <security/_pam_macros.h>
52 #elif defined(HAVE_PAM__PAM_MACROS_H)
53 #include <pam/_pam_macros.h>
54 #else
55 /* Define required macros from (Linux PAM 0.68) security/_pam_macros.h */
57 do { \
58 int reply_i; \
59 \
60 for (reply_i=0; reply_i<replies; ++reply_i) { \
61 if (reply[reply_i].resp) { \
62 _pam_overwrite(reply[reply_i].resp); \
63 free(reply[reply_i].resp); \
64 } \
65 } \
66 if (reply) \
67 free(reply); \
68 } while (0)
70 #define _pam_overwrite(x) \
71 do { \
72 register char *__xx__; \
73 if ((__xx__=(x))) \
74 while (*__xx__) \
76 } while (0)
78 /*
79 * Don't just free it, forget it too.
80 */
82 #define _pam_drop(X) SAFE_FREE(X)
84 #define x_strdup(s) ( (s) ? strdup(s):NULL )
87 #ifdef HAVE_SECURITY_PAM_EXT_H
88 #include <security/pam_ext.h>
89 #endif
91 #define WINBIND_DEBUG_ARG 0x00000001
92 #define WINBIND_USE_AUTHTOK_ARG 0x00000002
93 #define WINBIND_UNKNOWN_OK_ARG 0x00000004
94 #define WINBIND_TRY_FIRST_PASS_ARG 0x00000008
95 #define WINBIND_USE_FIRST_PASS_ARG 0x00000010
96 #define WINBIND__OLD_PASSWORD 0x00000020
97 #define WINBIND_REQUIRED_MEMBERSHIP 0x00000040
98 #define WINBIND_KRB5_AUTH 0x00000080
99 #define WINBIND_KRB5_CCACHE_TYPE 0x00000100
100 #define WINBIND_CACHED_LOGIN 0x00000200
101 #define WINBIND_CONFIG_FILE 0x00000400
102 #define WINBIND_SILENT 0x00000800
103 #define WINBIND_DEBUG_STATE 0x00001000
104 #define WINBIND_WARN_PWD_EXPIRE 0x00002000
106 #if defined(HAVE_GETTEXT) && !defined(__LCLINT__)
107 #define _(string) dgettext(MODULE_NAME, string)
108 #else
109 #define _(string) string
110 #endif
112 #define N_(string) string
114 /*
115 * here is the string to inform the user that the new passwords they
116 * typed were not the same.
117 */
121 #define on(x, y) (x & y)
122 #define off(x, y) (!(x & y))
132 #define SECONDS_PER_DAY 86400
134 #define DEFAULT_DAYS_TO_WARN_BEFORE_PWD_EXPIRES 14
138 #define PAM_WB_REMARK_DIRECT(c,x)\
139 {\
140 const char *error_string = NULL; \
141 error_string = _get_ntstatus_error_string(x);\
142 if (error_string != NULL) {\
143 _make_remark(c, PAM_ERROR_MSG, error_string);\
144 } else {\
145 _make_remark(c, PAM_ERROR_MSG, x);\
146 };\
147 };
149 #define PAM_WB_REMARK_DIRECT_RET(h,f,x)\
150 {\
151 const char *error_string = NULL; \
152 error_string = _get_ntstatus_error_string(x);\
153 if (error_string != NULL) {\
154 _make_remark(h, f, PAM_ERROR_MSG, error_string);\
155 return ret;\
156 };\
157 _make_remark(h, f, PAM_ERROR_MSG, x);\
158 return ret;\
159 };
161 #define PAM_WB_REMARK_CHECK_RESPONSE(c,x,y)\
162 {\
163 const char *ntstatus = x.data.auth.nt_status_string; \
164 const char *error_string = NULL; \
165 if (!strcasecmp(ntstatus,y)) {\
166 error_string = _get_ntstatus_error_string(y);\
167 if (error_string != NULL) {\
168 _make_remark(c, PAM_ERROR_MSG, error_string);\
169 };\
171 _make_remark(c, PAM_ERROR_MSG, x.data.auth.error_string);\
172 };\
173 _make_remark(c, PAM_ERROR_MSG, y);\
174 };\
175 };
177 #define PAM_WB_REMARK_CHECK_RESPONSE_RET(c,x,y)\
178 {\
179 const char *ntstatus = x.data.auth.nt_status_string; \
180 const char *error_string = NULL; \
181 if (!strcasecmp(ntstatus,y)) {\
182 error_string = _get_ntstatus_error_string(y);\
183 if (error_string != NULL) {\
184 _make_remark(c, PAM_ERROR_MSG, error_string);\
185 return ret;\
186 };\
188 _make_remark(c, PAM_ERROR_MSG, x.data.auth.error_string);\
189 return ret;\
190 };\
191 _make_remark(c, PAM_ERROR_MSG, y);\
192 return ret;\
193 };\
194 };
196 /* from samr.idl */
197 #define DOMAIN_PASSWORD_COMPLEX 0x00000001
199 #define SAMR_REJECT_OTHER 0x00000000
200 #define SAMR_REJECT_TOO_SHORT 0x00000001
201 #define SAMR_REJECT_IN_HISTORY 0x00000002
202 #define SAMR_REJECT_COMPLEXITY 0x00000005
204 #define ACB_PWNOEXP 0x00000200
206 /* from netlogon.idl */
207 #define NETLOGON_CACHED_ACCOUNT 0x00000004
208 #define NETLOGON_GRACE_LOGON 0x01000000
210 /* from include/rpc_netlogon.h */
211 #define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000
213 #define PAM_WB_CACHED_LOGON(x) (x & NETLOGON_CACHED_ACCOUNT)
214 #define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW)
215 #define PAM_WB_GRACE_LOGON(x) ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON) == ( x & (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON)))
224 };