passwdutil.h revision 11262:b7ebfbf2359e 
1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 */
25
26#ifndef	_PASSWDUTIL_H
27#define	_PASSWDUTIL_H
28
29#ifdef __cplusplus
30extern "C" {
31#endif
32
33#include <sys/types.h>
34#include <shadow.h>
35#include <crypt.h>		/* CRYPT_MAXCIPHERTEXTLEN max crypt length */
36
37/* DAY_NOW_32 is a 32-bit value, independent of the architecture */
38#ifdef _LP64
39#include <sys/types32.h>
40#define	DAY_NOW_32	((time32_t)DAY_NOW)
41#else
42#define	DAY_NOW_32	((time_t)DAY_NOW)
43#endif
44
45typedef enum {
46	/* from plain passwd */
47	ATTR_NAME	= 0x1,
48	ATTR_PASSWD	= 0x2,
49	ATTR_UID	= 0x4,
50	ATTR_GID	= 0x8,
51	ATTR_AGE	= 0x10,
52	ATTR_COMMENT	= 0x20,
53	ATTR_GECOS	= 0x40,
54	ATTR_HOMEDIR	= 0x80,
55	ATTR_SHELL	= 0x100,
56	/* from shadow */
57	ATTR_LSTCHG	= 0x200,
58	ATTR_MIN	= 0x400,
59	ATTR_MAX	= 0x800,
60	ATTR_WARN	= 0x1000,
61	ATTR_INACT	= 0x2000,
62	ATTR_EXPIRE	= 0x4000,
63	ATTR_FLAG	= 0x8000,
64	/* special operations */
65	ATTR_LOCK_ACCOUNT	= 0x10000,
66	ATTR_EXPIRE_PASSWORD	= 0x20000,
67	ATTR_NOLOGIN_ACCOUNT	= 0x40000,
68	ATTR_UNLOCK_ACCOUNT	= 0x80000,
69	/* Query operations */
70	/* to obtain repository name that contained the info */
71	ATTR_REP_NAME		= 0x100000,
72	/* special attribute */
73	/* to set password following server policy */
74	ATTR_PASSWD_SERVER_POLICY	= 0x200000,
75	/* get history entry from supporting repositories */
76	ATTR_HISTORY	= 0x400000,
77	/* Failed login bookkeeping */
78	ATTR_FAILED_LOGINS	= 0x800000,	/* get # of failed logins */
79	ATTR_INCR_FAILED_LOGINS = 0x1000000,	/* increment + lock if needed */
80	ATTR_RST_FAILED_LOGINS	= 0x2000000	/* reset failed logins */
81} attrtype;
82
83typedef struct attrlist_s {
84	attrtype type;
85	union {
86		char *val_s;
87		int val_i;
88	} data;
89	struct attrlist_s *next;
90} attrlist;
91
92typedef struct {
93	char   *type;
94	void   *scope;
95	size_t  scope_len;
96} pwu_repository_t;
97
98#define	PWU_DEFAULT_REP (pwu_repository_t *)NULL
99
100#define	REP_NOREP	0		/* Can't find suitable repository */
101#define	REP_FILES	0x0001		/* /etc/passwd, /etc/shadow */
102#define	REP_NIS		0x0002
103#define	REP_LDAP	0x0004
104#define	REP_NSS		0x0008
105#define	REP_LAST	REP_NSS
106#define	REP_ERANGE	0x8000		/* Unknown repository specified */
107
108#define	REP_COMPAT_NIS		0x1000
109#define	REP_COMPAT_LDAP		0x2000
110
111/* For the time being, these are also defined in pam_*.h */
112#undef	IS_FILES
113#undef	IS_NIS
114#undef	IS_LDAP
115
116#define	IS_FILES(r)	(r.type != NULL && strcmp(r.type, "files") == 0)
117#define	IS_NIS(r)	(r.type != NULL && strcmp(r.type, "nis") == 0)
118#define	IS_LDAP(r)	(r.type != NULL && strcmp(r.type, "ldap") == 0)
119
120#define	MINWEEKS	-1
121#define	MAXWEEKS	-1
122#define	WARNWEEKS	-1
123
124typedef struct repops {
125	int (*checkhistory)(char *, char *, pwu_repository_t *);
126	int (*getattr)(char *, attrlist *, pwu_repository_t *);
127	int (*getpwnam)(char *, attrlist *, pwu_repository_t *, void **);
128	int (*update)(attrlist *, pwu_repository_t *, void *);
129	int (*putpwnam)(char *, char *, pwu_repository_t *, void *);
130	int (*user_to_authenticate)(char *, pwu_repository_t *, char **, int *);
131	int (*lock)(void);
132	int (*unlock)(void);
133} repops_t;
134
135extern repops_t files_repops, nis_repops, ldap_repops, nss_repops;
136
137extern repops_t *rops[];
138
139/*
140 * utils.c
141 */
142void turn_on_default_aging(struct spwd *);
143int def_getint(char *name, int defvalue);
144
145/*
146 * debug.c
147 */
148void debug_init(void);
149void debug(char *, ...);
150
151/*
152 * switch_utils.c
153 */
154#define	PWU_READ	0 /* Read access to the repository */
155#define	PWU_WRITE	1 /* Write (update) access to the repository */
156
157int get_ns(pwu_repository_t *, int);
158struct passwd *getpwnam_from(const char *, pwu_repository_t *, int);
159struct passwd *getpwuid_from(uid_t, pwu_repository_t *, int);
160struct spwd *getspnam_from(const char *, pwu_repository_t *, int);
161int name_to_int(char *);
162
163/*
164 * __set_authtok_attr.c
165 */
166int __set_authtoken_attr(char *, char *, pwu_repository_t *, attrlist *, int *);
167/*
168 * __get_authtokenn_attr.c
169 */
170int __get_authtoken_attr(char *, pwu_repository_t *, attrlist *);
171
172/*
173 * __user_to_authenticate.c
174 */
175int __user_to_authenticate(char *, pwu_repository_t *, char **, int *);
176
177/*
178 *	Password history definitions
179 */
180#define	DEFHISTORY	0	/* default history depth */
181#define	MAXHISTORY	26	/* max depth of history 1 yr every 2 weeks */
182
183/*
184 * __check_history.c
185 */
186int __check_history(char *, char *, pwu_repository_t *);
187
188int __incr_failed_count(char *, char *, int);
189int __rst_failed_count(char *, char *);
190
191/*
192 * Error / return codes
193 */
194#define	PWU_SUCCESS		 0	/* update succeeded */
195#define	PWU_BUSY		-1	/* Password database busy */
196#define	PWU_STAT_FAILED		-2	/* stat of password file failed */
197#define	PWU_OPEN_FAILED		-3	/* password file open failed */
198#define	PWU_WRITE_FAILED	-4	/* can't write to password file */
199#define	PWU_CLOSE_FAILED	-5	/* close returned error */
200#define	PWU_NOT_FOUND		-6	/* user not found in database */
201#define	PWU_UPDATE_FAILED	-7	/* couldn't update password file */
202#define	PWU_NOMEM		-8	/* Not enough memory */
203#define	PWU_SERVER_ERROR	-9	/* NIS server errors */
204#define	PWU_SYSTEM_ERROR	-10	/* NIS local configuration problem */
205#define	PWU_DENIED		-11	/* NIS update denied */
206#define	PWU_NO_CHANGE		-12	/* Data hasn't changed */
207#define	PWU_REPOSITORY_ERROR	-13	/* Unknown repository specified */
208#define	PWU_AGING_DISABLED	-14	/* Modifying min/warn while max==-1 */
209
210/* More errors */
211
212#define	PWU_PWD_TOO_SHORT	-15	/* new passwd too short */
213#define	PWU_PWD_INVALID		-16	/* new passwd has invalid syntax */
214#define	PWU_PWD_IN_HISTORY	-17	/* new passwd in history list */
215#define	PWU_CHANGE_NOT_ALLOWED	-18	/* change not allowed */
216#define	PWU_WITHIN_MIN_AGE	-19	/* change not allowed, within min age */
217#define	PWU_ACCOUNT_LOCKED	-20	/* account successfully locked */
218
219#ifdef __cplusplus
220}
221#endif
222
223#endif	/* _PASSWDUTIL_H */
224