xref: /titanic_50/usr/src/lib/passwdutil/passwdutil.h (revision 1e1ddd6cc98ab5af8293f7ebd132be62900730fd)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef	_PASSWDUTIL_H
28 #define	_PASSWDUTIL_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <sys/types.h>
37 #include <shadow.h>
38 #include <crypt.h>		/* CRYPT_MAXCIPHERTEXTLEN max crypt length */
39 
40 /* DAY_NOW_32 is a 32-bit value, independent of the architecture */
41 #ifdef _LP64
42 #include <sys/types32.h>
43 #define	DAY_NOW_32	((time32_t)DAY_NOW)
44 #else
45 #define	DAY_NOW_32	((time_t)DAY_NOW)
46 #endif
47 
48 typedef enum {
49 	/* from plain passwd */
50 	ATTR_NAME	= 0x1,
51 	ATTR_PASSWD	= 0x2,
52 	ATTR_UID	= 0x4,
53 	ATTR_GID	= 0x8,
54 	ATTR_AGE	= 0x10,
55 	ATTR_COMMENT	= 0x20,
56 	ATTR_GECOS	= 0x40,
57 	ATTR_HOMEDIR	= 0x80,
58 	ATTR_SHELL	= 0x100,
59 	/* from shadow */
60 	ATTR_LSTCHG	= 0x200,
61 	ATTR_MIN	= 0x400,
62 	ATTR_MAX	= 0x800,
63 	ATTR_WARN	= 0x1000,
64 	ATTR_INACT	= 0x2000,
65 	ATTR_EXPIRE	= 0x4000,
66 	ATTR_FLAG	= 0x8000,
67 	/* special operations */
68 	ATTR_LOCK_ACCOUNT	= 0x10000,
69 	ATTR_EXPIRE_PASSWORD	= 0x20000,
70 	ATTR_NOLOGIN_ACCOUNT	= 0x40000,
71 	ATTR_UNLOCK_ACCOUNT	= 0x80000,
72 	/* Query operations */
73 	/* to obtain repository name that contained the info */
74 	ATTR_REP_NAME		= 0x100000,
75 	/* special attribute */
76 	/* to set password following server policy */
77 	ATTR_PASSWD_SERVER_POLICY	= 0x200000,
78 	/* get history entry from supporting repositories */
79 	ATTR_HISTORY	= 0x400000,
80 	/* Failed login bookkeeping */
81 	ATTR_FAILED_LOGINS	= 0x800000,	/* get # of failed logins */
82 	ATTR_INCR_FAILED_LOGINS = 0x1000000,	/* increment + lock if needed */
83 	ATTR_RST_FAILED_LOGINS	= 0x2000000	/* reset failed logins */
84 } attrtype;
85 
86 typedef struct attrlist_s {
87 	attrtype type;
88 	union {
89 		char *val_s;
90 		int val_i;
91 	} data;
92 	struct attrlist_s *next;
93 } attrlist;
94 
95 typedef struct {
96 	char   *type;
97 	void   *scope;
98 	size_t  scope_len;
99 } pwu_repository_t;
100 
101 #define	PWU_DEFAULT_REP (pwu_repository_t *)NULL
102 
103 #define	REP_NOREP	0		/* Can't find suitable repository */
104 #define	REP_FILES	0x0001		/* /etc/passwd, /etc/shadow */
105 #define	REP_NIS		0x0002
106 #define	REP_NISPLUS	0x0004
107 #define	REP_LDAP	0x0008
108 #define	REP_NSS		0x0010
109 #define	REP_LAST	REP_NSS
110 #define	REP_ERANGE	0x8000		/* Unknown repository specified */
111 
112 #define	REP_COMPAT_NIS		0x1000
113 #define	REP_COMPAT_NISPLUS	0x2000
114 #define	REP_COMPAT_LDAP		0x4000
115 
116 /* For the time being, these are also defined in pam_*.h */
117 #undef	IS_NISPLUS
118 #undef	IS_FILES
119 #undef	IS_NIS
120 #undef	IS_LDAP
121 
122 #define	IS_FILES(r)	(r.type != NULL && strcmp(r.type, "files") == 0)
123 #define	IS_NIS(r)	(r.type != NULL && strcmp(r.type, "nis") == 0)
124 #define	IS_NISPLUS(r)	(r.type != NULL && strcmp(r.type, "nisplus") == 0)
125 #define	IS_LDAP(r)	(r.type != NULL && strcmp(r.type, "ldap") == 0)
126 
127 #define	MINWEEKS	-1
128 #define	MAXWEEKS	-1
129 #define	WARNWEEKS	-1
130 
131 #define	NISPLUS_LOOKUP	0
132 #define	NISPLUS_UPDATE	1
133 
134 typedef struct repops {
135 	int (*checkhistory)(char *, char *, pwu_repository_t *);
136 	int (*getattr)(char *, attrlist *, pwu_repository_t *);
137 	int (*getpwnam)(char *, attrlist *, pwu_repository_t *, void **);
138 	int (*update)(attrlist *, pwu_repository_t *, void *);
139 	int (*putpwnam)(char *, char *, char *, pwu_repository_t *, void *);
140 	int (*user_to_authenticate)(char *, pwu_repository_t *, char **, int *);
141 	int (*lock)(void);
142 	int (*unlock)(void);
143 } repops_t;
144 
145 extern repops_t files_repops, nis_repops,
146 	nisplus_repops, ldap_repops, nss_repops;
147 
148 extern repops_t *rops[];
149 
150 /*
151  * utils.c
152  */
153 void turn_on_default_aging(struct spwd *);
154 int def_getint(char *name, int defvalue);
155 
156 /*
157  * debug.c
158  */
159 void debug_init(void);
160 void debug(char *, ...);
161 
162 /*
163  * bsd-strsep.c
164  */
165 char *strsep(char **, const char *);
166 
167 /*
168  * switch_utils.c
169  */
170 #define	PWU_READ	0 /* Read access to the repository */
171 #define	PWU_WRITE	1 /* Write (update) access to the repository */
172 
173 int get_ns(pwu_repository_t *, int);
174 struct passwd *getpwnam_from(const char *, pwu_repository_t *, int);
175 struct passwd *getpwuid_from(uid_t, pwu_repository_t *, int);
176 struct spwd *getspnam_from(const char *, pwu_repository_t *, int);
177 
178 /*
179  * __set_authtok_attr.c
180  */
181 int __set_authtoken_attr(char *, char *, char *, pwu_repository_t *,
182     attrlist *, int *);
183 /*
184  * __get_authtokenn_attr.c
185  */
186 int __get_authtoken_attr(char *, pwu_repository_t *, attrlist *);
187 
188 /*
189  * __user_to_authenticate.c
190  */
191 int __user_to_authenticate(char *, pwu_repository_t *, char **, int *);
192 
193 /*
194  * __verify_rpc_passwd.c
195  */
196 int __verify_rpc_passwd(char *, char *, pwu_repository_t *);
197 
198 /*
199  *	Password history definitions
200  */
201 #define	DEFHISTORY	0	/* default history depth */
202 #define	MAXHISTORY	26	/* max depth of history 1 yr every 2 weeks */
203 
204 /*
205  * __check_history.c
206  */
207 int __check_history(char *, char *, pwu_repository_t *);
208 
209 int __incr_failed_count(char *, char *, int);
210 int __rst_failed_count(char *, char *);
211 
212 /*
213  * Error codes
214  */
215 #define	PWU_SUCCESS		 0	/* update succeeded */
216 #define	PWU_BUSY		-1	/* Password database busy */
217 #define	PWU_STAT_FAILED		-2	/* stat of password file failed */
218 #define	PWU_OPEN_FAILED		-3	/* password file open failed */
219 #define	PWU_WRITE_FAILED	-4	/* can't write to password file */
220 #define	PWU_CLOSE_FAILED	-5	/* close returned error */
221 #define	PWU_NOT_FOUND		-6	/* user not found in database */
222 #define	PWU_UPDATE_FAILED	-7	/* couldn't update password file */
223 #define	PWU_NOMEM		-8	/* Not enough memory */
224 #define	PWU_SERVER_ERROR	-9	/* NIS server errors */
225 #define	PWU_SYSTEM_ERROR	-10	/* NIS local configuration problem */
226 #define	PWU_DENIED		-11	/* NIS update denied */
227 #define	PWU_NO_CHANGE		-12	/* Data hasn't changed */
228 #define	PWU_REPOSITORY_ERROR	-13	/* Unknown repository specified */
229 #define	PWU_AGING_DISABLED	-14	/* Modifying min/warn while max==-1 */
230 
231 /* NISPLUS specific errors */
232 
233 #define	PWU_RECOVERY_ERR	-15	/* can't recover old auth token */
234 #define	PWU_CRED_UPDATE_ERR	-16	/* failed to update credentials */
235 #define	PWU_ATTR_UPDATE_ERR	-17	/* failed to update attributes */
236 #define	PWU_CRED_ERROR		-18	/* failed to obtain user credentials */
237 #define	PWU_PARTIAL_SUCCESS	-19	/* passwd is updated, creds are not */
238 #define	PWU_BAD_CREDPASS	-20	/* password doesn't decrypt creds */
239 #define	PWU_NO_PRIV_CRED_UPDATE	-21	/* priv. user can't update creds */
240 #define	PWU_UPDATED_SOME_CREDS	-22	/* some, not all, creds were updated */
241 
242 /* More errors, not NISPLUS specific */
243 
244 #define	PWU_PWD_TOO_SHORT	-23	/* new passwd too short */
245 #define	PWU_PWD_INVALID		-24	/* new passwd has invalid syntax */
246 #define	PWU_PWD_IN_HISTORY	-25	/* new passwd in history list */
247 #define	PWU_CHANGE_NOT_ALLOWED	-26	/* change not allowed */
248 #define	PWU_WITHIN_MIN_AGE	-27	/* change not allowed, within min age */
249 
250 #ifdef __cplusplus
251 }
252 #endif
253 
254 #endif	/* _PASSWDUTIL_H */
255