1 /*- 2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc. 3 * Copyright (c) 2004-2017 Dag-Erling Smørgrav 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by ThinkSec AS and 7 * Network Associates Laboratories, the Security Research Division of 8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9 * ("CBOSS"), as part of the DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The name of the author may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #ifdef HAVE_CONFIG_H 37 # include "config.h" 38 #endif 39 40 #include <security/pam_appl.h> 41 42 #include "openpam_impl.h" 43 44 const char *pam_err_name[PAM_NUM_ERRORS] = { 45 [PAM_SUCCESS] = "PAM_SUCCESS", 46 [PAM_OPEN_ERR] = "PAM_OPEN_ERR", 47 [PAM_SYMBOL_ERR] = "PAM_SYMBOL_ERR", 48 [PAM_SERVICE_ERR] = "PAM_SERVICE_ERR", 49 [PAM_SYSTEM_ERR] = "PAM_SYSTEM_ERR", 50 [PAM_BUF_ERR] = "PAM_BUF_ERR", 51 [PAM_CONV_ERR] = "PAM_CONV_ERR", 52 [PAM_PERM_DENIED] = "PAM_PERM_DENIED", 53 [PAM_MAXTRIES] = "PAM_MAXTRIES", 54 [PAM_AUTH_ERR] = "PAM_AUTH_ERR", 55 [PAM_NEW_AUTHTOK_REQD] = "PAM_NEW_AUTHTOK_REQD", 56 [PAM_CRED_INSUFFICIENT] = "PAM_CRED_INSUFFICIENT", 57 [PAM_AUTHINFO_UNAVAIL] = "PAM_AUTHINFO_UNAVAIL", 58 [PAM_USER_UNKNOWN] = "PAM_USER_UNKNOWN", 59 [PAM_CRED_UNAVAIL] = "PAM_CRED_UNAVAIL", 60 [PAM_CRED_EXPIRED] = "PAM_CRED_EXPIRED", 61 [PAM_CRED_ERR] = "PAM_CRED_ERR", 62 [PAM_ACCT_EXPIRED] = "PAM_ACCT_EXPIRED", 63 [PAM_AUTHTOK_EXPIRED] = "PAM_AUTHTOK_EXPIRED", 64 [PAM_SESSION_ERR] = "PAM_SESSION_ERR", 65 [PAM_AUTHTOK_ERR] = "PAM_AUTHTOK_ERR", 66 [PAM_AUTHTOK_RECOVERY_ERR] = "PAM_AUTHTOK_RECOVERY_ERR", 67 [PAM_AUTHTOK_LOCK_BUSY] = "PAM_AUTHTOK_LOCK_BUSY", 68 [PAM_AUTHTOK_DISABLE_AGING] = "PAM_AUTHTOK_DISABLE_AGING", 69 [PAM_NO_MODULE_DATA] = "PAM_NO_MODULE_DATA", 70 [PAM_IGNORE] = "PAM_IGNORE", 71 [PAM_ABORT] = "PAM_ABORT", 72 [PAM_TRY_AGAIN] = "PAM_TRY_AGAIN", 73 [PAM_MODULE_UNKNOWN] = "PAM_MODULE_UNKNOWN", 74 [PAM_DOMAIN_UNKNOWN] = "PAM_DOMAIN_UNKNOWN", 75 [PAM_BAD_HANDLE] = "PAM_BAD_HANDLE", 76 [PAM_BAD_ITEM] = "PAM_BAD_ITEM", 77 [PAM_BAD_FEATURE] = "PAM_BAD_FEATURE", 78 [PAM_BAD_CONSTANT] = "PAM_BAD_CONSTANT", 79 }; 80 81 const char *pam_err_text[PAM_NUM_ERRORS] = { 82 [PAM_SUCCESS] = "Success", 83 [PAM_OPEN_ERR] = "Failed to load module", 84 [PAM_SYMBOL_ERR] = "Invalid symbol", 85 [PAM_SERVICE_ERR] = "Error in service module", 86 [PAM_SYSTEM_ERR] = "System error", 87 [PAM_BUF_ERR] = "Memory buffer error", 88 [PAM_CONV_ERR] = "Conversation failure", 89 [PAM_PERM_DENIED] = "Permission denied", 90 [PAM_MAXTRIES] = "Maximum number of tries exceeded", 91 [PAM_AUTH_ERR] = "Authentication error", 92 [PAM_NEW_AUTHTOK_REQD] = "New authentication token required", 93 [PAM_CRED_INSUFFICIENT] = "Insufficient credentials", 94 [PAM_AUTHINFO_UNAVAIL] = "Authentication information is unavailable", 95 [PAM_USER_UNKNOWN] = "Unknown user", 96 [PAM_CRED_UNAVAIL] = "Failed to retrieve user credentials", 97 [PAM_CRED_EXPIRED] = "User credentials have expired", 98 [PAM_CRED_ERR] = "Failed to set user credentials", 99 [PAM_ACCT_EXPIRED] = "User account has expired", 100 [PAM_AUTHTOK_EXPIRED] = "Password has expired", 101 [PAM_SESSION_ERR] = "Session failure", 102 [PAM_AUTHTOK_ERR] = "Authentication token failure", 103 [PAM_AUTHTOK_RECOVERY_ERR] = "Failed to recover old authentication token", 104 [PAM_AUTHTOK_LOCK_BUSY] = "Authentication token lock busy", 105 [PAM_AUTHTOK_DISABLE_AGING] = "Authentication token aging disabled", 106 [PAM_NO_MODULE_DATA] = "Module data not found", 107 [PAM_IGNORE] = "Ignore this module", 108 [PAM_ABORT] = "General failure", 109 [PAM_TRY_AGAIN] = "Try again", 110 [PAM_MODULE_UNKNOWN] = "Unknown module type", 111 [PAM_DOMAIN_UNKNOWN] = "Unknown authentication domain", 112 [PAM_BAD_HANDLE] = "Invalid PAM handle", 113 [PAM_BAD_ITEM] = "Unrecognized or restricted item", 114 [PAM_BAD_FEATURE] = "Unrecognized or restricted feature", 115 [PAM_BAD_CONSTANT] = "Invalid constant", 116 }; 117 118 const char *pam_item_name[PAM_NUM_ITEMS] = { 119 [PAM_SERVICE] = "PAM_SERVICE", 120 [PAM_USER] = "PAM_USER", 121 [PAM_TTY] = "PAM_TTY", 122 [PAM_RHOST] = "PAM_RHOST", 123 [PAM_CONV] = "PAM_CONV", 124 [PAM_AUTHTOK] = "PAM_AUTHTOK", 125 [PAM_OLDAUTHTOK] = "PAM_OLDAUTHTOK", 126 [PAM_RUSER] = "PAM_RUSER", 127 [PAM_USER_PROMPT] = "PAM_USER_PROMPT", 128 [PAM_REPOSITORY] = "PAM_REPOSITORY", 129 [PAM_AUTHTOK_PROMPT] = "PAM_AUTHTOK_PROMPT", 130 [PAM_OLDAUTHTOK_PROMPT] = "PAM_OLDAUTHTOK_PROMPT", 131 [PAM_HOST] = "PAM_HOST", 132 }; 133 134 const char *pam_facility_name[PAM_NUM_FACILITIES] = { 135 [PAM_ACCOUNT] = "account", 136 [PAM_AUTH] = "auth", 137 [PAM_PASSWORD] = "password", 138 [PAM_SESSION] = "session", 139 }; 140 141 const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = { 142 [PAM_BINDING] = "binding", 143 [PAM_OPTIONAL] = "optional", 144 [PAM_REQUIRED] = "required", 145 [PAM_REQUISITE] = "requisite", 146 [PAM_SUFFICIENT] = "sufficient", 147 }; 148 149 const char *pam_func_name[PAM_NUM_PRIMITIVES] = { 150 [PAM_SM_AUTHENTICATE] = "pam_authenticate", 151 [PAM_SM_SETCRED] = "pam_setcred", 152 [PAM_SM_ACCT_MGMT] = "pam_acct_mgmt", 153 [PAM_SM_OPEN_SESSION] = "pam_open_session", 154 [PAM_SM_CLOSE_SESSION] = "pam_close_session", 155 [PAM_SM_CHAUTHTOK] = "pam_chauthtok" 156 }; 157 158 const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = { 159 [PAM_SM_AUTHENTICATE] = "pam_sm_authenticate", 160 [PAM_SM_SETCRED] = "pam_sm_setcred", 161 [PAM_SM_ACCT_MGMT] = "pam_sm_acct_mgmt", 162 [PAM_SM_OPEN_SESSION] = "pam_sm_open_session", 163 [PAM_SM_CLOSE_SESSION] = "pam_sm_close_session", 164 [PAM_SM_CHAUTHTOK] = "pam_sm_chauthtok" 165 }; 166 167 const char *openpam_policy_path[] = { 168 "/etc/pam.d/", 169 "/etc/pam.conf", 170 "/usr/local/etc/pam.d/", 171 "/usr/local/etc/pam.conf", 172 NULL 173 }; 174 175 const char *openpam_module_path[] = { 176 #ifdef OPENPAM_MODULES_DIRECTORY 177 OPENPAM_MODULES_DIRECTORY, 178 #elif defined(COMPAT_libcompat) 179 "/usr/lib" COMPAT_libcompat, 180 "/usr/local/lib" COMPAT_libcompat, 181 #else 182 "/usr/lib", 183 "/usr/local/lib", 184 #endif 185 NULL 186 }; 187