1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _PASSWDUTIL_H 28 #define _PASSWDUTIL_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <sys/types.h> 37 #include <shadow.h> 38 #include <crypt.h> /* CRYPT_MAXCIPHERTEXTLEN max crypt length */ 39 40 /* DAY_NOW_32 is a 32-bit value, independent of the architecture */ 41 #ifdef _LP64 42 #include <sys/types32.h> 43 #define DAY_NOW_32 ((time32_t)DAY_NOW) 44 #else 45 #define DAY_NOW_32 ((time_t)DAY_NOW) 46 #endif 47 48 typedef enum { 49 /* from plain passwd */ 50 ATTR_NAME = 0x1, 51 ATTR_PASSWD = 0x2, 52 ATTR_UID = 0x4, 53 ATTR_GID = 0x8, 54 ATTR_AGE = 0x10, 55 ATTR_COMMENT = 0x20, 56 ATTR_GECOS = 0x40, 57 ATTR_HOMEDIR = 0x80, 58 ATTR_SHELL = 0x100, 59 /* from shadow */ 60 ATTR_LSTCHG = 0x200, 61 ATTR_MIN = 0x400, 62 ATTR_MAX = 0x800, 63 ATTR_WARN = 0x1000, 64 ATTR_INACT = 0x2000, 65 ATTR_EXPIRE = 0x4000, 66 ATTR_FLAG = 0x8000, 67 /* special operations */ 68 ATTR_LOCK_ACCOUNT = 0x10000, 69 ATTR_EXPIRE_PASSWORD = 0x20000, 70 ATTR_NOLOGIN_ACCOUNT = 0x40000, 71 ATTR_UNLOCK_ACCOUNT = 0x80000, 72 /* Query operations */ 73 /* to obtain repository name that contained the info */ 74 ATTR_REP_NAME = 0x100000, 75 /* special attribute */ 76 /* to set password following server policy */ 77 ATTR_PASSWD_SERVER_POLICY = 0x200000, 78 /* get history entry from supporting repositories */ 79 ATTR_HISTORY = 0x400000, 80 /* Failed login bookkeeping */ 81 ATTR_FAILED_LOGINS = 0x800000, /* get # of failed logins */ 82 ATTR_INCR_FAILED_LOGINS = 0x1000000, /* increment + lock if needed */ 83 ATTR_RST_FAILED_LOGINS = 0x2000000 /* reset failed logins */ 84 } attrtype; 85 86 typedef struct attrlist_s { 87 attrtype type; 88 union { 89 char *val_s; 90 int val_i; 91 } data; 92 struct attrlist_s *next; 93 } attrlist; 94 95 typedef struct { 96 char *type; 97 void *scope; 98 size_t scope_len; 99 } pwu_repository_t; 100 101 #define PWU_DEFAULT_REP (pwu_repository_t *)NULL 102 103 #define REP_NOREP 0 /* Can't find suitable repository */ 104 #define REP_FILES 0x0001 /* /etc/passwd, /etc/shadow */ 105 #define REP_NIS 0x0002 106 #define REP_NISPLUS 0x0004 107 #define REP_LDAP 0x0008 108 #define REP_NSS 0x0010 109 #define REP_LAST REP_NSS 110 #define REP_ERANGE 0x8000 /* Unknown repository specified */ 111 112 #define REP_COMPAT_NIS 0x1000 113 #define REP_COMPAT_NISPLUS 0x2000 114 #define REP_COMPAT_LDAP 0x4000 115 116 /* For the time being, these are also defined in pam_*.h */ 117 #undef IS_NISPLUS 118 #undef IS_FILES 119 #undef IS_NIS 120 #undef IS_LDAP 121 122 #define IS_FILES(r) (r.type != NULL && strcmp(r.type, "files") == 0) 123 #define IS_NIS(r) (r.type != NULL && strcmp(r.type, "nis") == 0) 124 #define IS_NISPLUS(r) (r.type != NULL && strcmp(r.type, "nisplus") == 0) 125 #define IS_LDAP(r) (r.type != NULL && strcmp(r.type, "ldap") == 0) 126 127 #define MINWEEKS -1 128 #define MAXWEEKS -1 129 #define WARNWEEKS -1 130 131 #define NISPLUS_LOOKUP 0 132 #define NISPLUS_UPDATE 1 133 134 typedef struct repops { 135 int (*checkhistory)(char *, char *, pwu_repository_t *); 136 int (*getattr)(char *, attrlist *, pwu_repository_t *); 137 int (*getpwnam)(char *, attrlist *, pwu_repository_t *, void **); 138 int (*update)(attrlist *, pwu_repository_t *, void *); 139 int (*putpwnam)(char *, char *, char *, pwu_repository_t *, void *); 140 int (*user_to_authenticate)(char *, pwu_repository_t *, char **, int *); 141 int (*lock)(void); 142 int (*unlock)(void); 143 } repops_t; 144 145 extern repops_t files_repops, nis_repops, 146 nisplus_repops, ldap_repops, nss_repops; 147 148 extern repops_t *rops[]; 149 150 /* 151 * utils.c 152 */ 153 void turn_on_default_aging(struct spwd *); 154 int def_getint(char *name, int defvalue); 155 156 /* 157 * debug.c 158 */ 159 void debug_init(void); 160 void debug(char *, ...); 161 162 /* 163 * bsd-strsep.c 164 */ 165 char *strsep(char **, const char *); 166 167 /* 168 * switch_utils.c 169 */ 170 #define PWU_READ 0 /* Read access to the repository */ 171 #define PWU_WRITE 1 /* Write (update) access to the repository */ 172 173 int get_ns(pwu_repository_t *, int); 174 struct passwd *getpwnam_from(const char *, pwu_repository_t *, int); 175 struct passwd *getpwuid_from(uid_t, pwu_repository_t *, int); 176 struct spwd *getspnam_from(const char *, pwu_repository_t *, int); 177 178 /* 179 * __set_authtok_attr.c 180 */ 181 int __set_authtoken_attr(char *, char *, char *, pwu_repository_t *, 182 attrlist *, int *); 183 /* 184 * __get_authtokenn_attr.c 185 */ 186 int __get_authtoken_attr(char *, pwu_repository_t *, attrlist *); 187 188 /* 189 * __user_to_authenticate.c 190 */ 191 int __user_to_authenticate(char *, pwu_repository_t *, char **, int *); 192 193 /* 194 * __verify_rpc_passwd.c 195 */ 196 int __verify_rpc_passwd(char *, char *, pwu_repository_t *); 197 198 /* 199 * Password history definitions 200 */ 201 #define DEFHISTORY 0 /* default history depth */ 202 #define MAXHISTORY 26 /* max depth of history 1 yr every 2 weeks */ 203 204 /* 205 * __check_history.c 206 */ 207 int __check_history(char *, char *, pwu_repository_t *); 208 209 int __incr_failed_count(char *, char *, int); 210 int __rst_failed_count(char *, char *); 211 212 /* 213 * Error codes 214 */ 215 #define PWU_SUCCESS 0 /* update succeeded */ 216 #define PWU_BUSY -1 /* Password database busy */ 217 #define PWU_STAT_FAILED -2 /* stat of password file failed */ 218 #define PWU_OPEN_FAILED -3 /* password file open failed */ 219 #define PWU_WRITE_FAILED -4 /* can't write to password file */ 220 #define PWU_CLOSE_FAILED -5 /* close returned error */ 221 #define PWU_NOT_FOUND -6 /* user not found in database */ 222 #define PWU_UPDATE_FAILED -7 /* couldn't update password file */ 223 #define PWU_NOMEM -8 /* Not enough memory */ 224 #define PWU_SERVER_ERROR -9 /* NIS server errors */ 225 #define PWU_SYSTEM_ERROR -10 /* NIS local configuration problem */ 226 #define PWU_DENIED -11 /* NIS update denied */ 227 #define PWU_NO_CHANGE -12 /* Data hasn't changed */ 228 #define PWU_REPOSITORY_ERROR -13 /* Unknown repository specified */ 229 #define PWU_AGING_DISABLED -14 /* Modifying min/warn while max==-1 */ 230 231 /* NISPLUS specific errors */ 232 233 #define PWU_RECOVERY_ERR -15 /* can't recover old auth token */ 234 #define PWU_CRED_UPDATE_ERR -16 /* failed to update credentials */ 235 #define PWU_ATTR_UPDATE_ERR -17 /* failed to update attributes */ 236 #define PWU_CRED_ERROR -18 /* failed to obtain user credentials */ 237 #define PWU_PARTIAL_SUCCESS -19 /* passwd is updated, creds are not */ 238 #define PWU_BAD_CREDPASS -20 /* password doesn't decrypt creds */ 239 #define PWU_NO_PRIV_CRED_UPDATE -21 /* priv. user can't update creds */ 240 #define PWU_UPDATED_SOME_CREDS -22 /* some, not all, creds were updated */ 241 242 /* More errors, not NISPLUS specific */ 243 244 #define PWU_PWD_TOO_SHORT -23 /* new passwd too short */ 245 #define PWU_PWD_INVALID -24 /* new passwd has invalid syntax */ 246 #define PWU_PWD_IN_HISTORY -25 /* new passwd in history list */ 247 #define PWU_CHANGE_NOT_ALLOWED -26 /* change not allowed */ 248 #define PWU_WITHIN_MIN_AGE -27 /* change not allowed, within min age */ 249 250 #ifdef __cplusplus 251 } 252 #endif 253 254 #endif /* _PASSWDUTIL_H */ 255