passwdutil.h revision 11262:b7ebfbf2359e
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26#ifndef _PASSWDUTIL_H 27#define _PASSWDUTIL_H 28 29#ifdef __cplusplus 30extern "C" { 31#endif 32 33#include <sys/types.h> 34#include <shadow.h> 35#include <crypt.h> /* CRYPT_MAXCIPHERTEXTLEN max crypt length */ 36 37/* DAY_NOW_32 is a 32-bit value, independent of the architecture */ 38#ifdef _LP64 39#include <sys/types32.h> 40#define DAY_NOW_32 ((time32_t)DAY_NOW) 41#else 42#define DAY_NOW_32 ((time_t)DAY_NOW) 43#endif 44 45typedef enum { 46 /* from plain passwd */ 47 ATTR_NAME = 0x1, 48 ATTR_PASSWD = 0x2, 49 ATTR_UID = 0x4, 50 ATTR_GID = 0x8, 51 ATTR_AGE = 0x10, 52 ATTR_COMMENT = 0x20, 53 ATTR_GECOS = 0x40, 54 ATTR_HOMEDIR = 0x80, 55 ATTR_SHELL = 0x100, 56 /* from shadow */ 57 ATTR_LSTCHG = 0x200, 58 ATTR_MIN = 0x400, 59 ATTR_MAX = 0x800, 60 ATTR_WARN = 0x1000, 61 ATTR_INACT = 0x2000, 62 ATTR_EXPIRE = 0x4000, 63 ATTR_FLAG = 0x8000, 64 /* special operations */ 65 ATTR_LOCK_ACCOUNT = 0x10000, 66 ATTR_EXPIRE_PASSWORD = 0x20000, 67 ATTR_NOLOGIN_ACCOUNT = 0x40000, 68 ATTR_UNLOCK_ACCOUNT = 0x80000, 69 /* Query operations */ 70 /* to obtain repository name that contained the info */ 71 ATTR_REP_NAME = 0x100000, 72 /* special attribute */ 73 /* to set password following server policy */ 74 ATTR_PASSWD_SERVER_POLICY = 0x200000, 75 /* get history entry from supporting repositories */ 76 ATTR_HISTORY = 0x400000, 77 /* Failed login bookkeeping */ 78 ATTR_FAILED_LOGINS = 0x800000, /* get # of failed logins */ 79 ATTR_INCR_FAILED_LOGINS = 0x1000000, /* increment + lock if needed */ 80 ATTR_RST_FAILED_LOGINS = 0x2000000 /* reset failed logins */ 81} attrtype; 82 83typedef struct attrlist_s { 84 attrtype type; 85 union { 86 char *val_s; 87 int val_i; 88 } data; 89 struct attrlist_s *next; 90} attrlist; 91 92typedef struct { 93 char *type; 94 void *scope; 95 size_t scope_len; 96} pwu_repository_t; 97 98#define PWU_DEFAULT_REP (pwu_repository_t *)NULL 99 100#define REP_NOREP 0 /* Can't find suitable repository */ 101#define REP_FILES 0x0001 /* /etc/passwd, /etc/shadow */ 102#define REP_NIS 0x0002 103#define REP_LDAP 0x0004 104#define REP_NSS 0x0008 105#define REP_LAST REP_NSS 106#define REP_ERANGE 0x8000 /* Unknown repository specified */ 107 108#define REP_COMPAT_NIS 0x1000 109#define REP_COMPAT_LDAP 0x2000 110 111/* For the time being, these are also defined in pam_*.h */ 112#undef IS_FILES 113#undef IS_NIS 114#undef IS_LDAP 115 116#define IS_FILES(r) (r.type != NULL && strcmp(r.type, "files") == 0) 117#define IS_NIS(r) (r.type != NULL && strcmp(r.type, "nis") == 0) 118#define IS_LDAP(r) (r.type != NULL && strcmp(r.type, "ldap") == 0) 119 120#define MINWEEKS -1 121#define MAXWEEKS -1 122#define WARNWEEKS -1 123 124typedef struct repops { 125 int (*checkhistory)(char *, char *, pwu_repository_t *); 126 int (*getattr)(char *, attrlist *, pwu_repository_t *); 127 int (*getpwnam)(char *, attrlist *, pwu_repository_t *, void **); 128 int (*update)(attrlist *, pwu_repository_t *, void *); 129 int (*putpwnam)(char *, char *, pwu_repository_t *, void *); 130 int (*user_to_authenticate)(char *, pwu_repository_t *, char **, int *); 131 int (*lock)(void); 132 int (*unlock)(void); 133} repops_t; 134 135extern repops_t files_repops, nis_repops, ldap_repops, nss_repops; 136 137extern repops_t *rops[]; 138 139/* 140 * utils.c 141 */ 142void turn_on_default_aging(struct spwd *); 143int def_getint(char *name, int defvalue); 144 145/* 146 * debug.c 147 */ 148void debug_init(void); 149void debug(char *, ...); 150 151/* 152 * switch_utils.c 153 */ 154#define PWU_READ 0 /* Read access to the repository */ 155#define PWU_WRITE 1 /* Write (update) access to the repository */ 156 157int get_ns(pwu_repository_t *, int); 158struct passwd *getpwnam_from(const char *, pwu_repository_t *, int); 159struct passwd *getpwuid_from(uid_t, pwu_repository_t *, int); 160struct spwd *getspnam_from(const char *, pwu_repository_t *, int); 161int name_to_int(char *); 162 163/* 164 * __set_authtok_attr.c 165 */ 166int __set_authtoken_attr(char *, char *, pwu_repository_t *, attrlist *, int *); 167/* 168 * __get_authtokenn_attr.c 169 */ 170int __get_authtoken_attr(char *, pwu_repository_t *, attrlist *); 171 172/* 173 * __user_to_authenticate.c 174 */ 175int __user_to_authenticate(char *, pwu_repository_t *, char **, int *); 176 177/* 178 * Password history definitions 179 */ 180#define DEFHISTORY 0 /* default history depth */ 181#define MAXHISTORY 26 /* max depth of history 1 yr every 2 weeks */ 182 183/* 184 * __check_history.c 185 */ 186int __check_history(char *, char *, pwu_repository_t *); 187 188int __incr_failed_count(char *, char *, int); 189int __rst_failed_count(char *, char *); 190 191/* 192 * Error / return codes 193 */ 194#define PWU_SUCCESS 0 /* update succeeded */ 195#define PWU_BUSY -1 /* Password database busy */ 196#define PWU_STAT_FAILED -2 /* stat of password file failed */ 197#define PWU_OPEN_FAILED -3 /* password file open failed */ 198#define PWU_WRITE_FAILED -4 /* can't write to password file */ 199#define PWU_CLOSE_FAILED -5 /* close returned error */ 200#define PWU_NOT_FOUND -6 /* user not found in database */ 201#define PWU_UPDATE_FAILED -7 /* couldn't update password file */ 202#define PWU_NOMEM -8 /* Not enough memory */ 203#define PWU_SERVER_ERROR -9 /* NIS server errors */ 204#define PWU_SYSTEM_ERROR -10 /* NIS local configuration problem */ 205#define PWU_DENIED -11 /* NIS update denied */ 206#define PWU_NO_CHANGE -12 /* Data hasn't changed */ 207#define PWU_REPOSITORY_ERROR -13 /* Unknown repository specified */ 208#define PWU_AGING_DISABLED -14 /* Modifying min/warn while max==-1 */ 209 210/* More errors */ 211 212#define PWU_PWD_TOO_SHORT -15 /* new passwd too short */ 213#define PWU_PWD_INVALID -16 /* new passwd has invalid syntax */ 214#define PWU_PWD_IN_HISTORY -17 /* new passwd in history list */ 215#define PWU_CHANGE_NOT_ALLOWED -18 /* change not allowed */ 216#define PWU_WITHIN_MIN_AGE -19 /* change not allowed, within min age */ 217#define PWU_ACCOUNT_LOCKED -20 /* account successfully locked */ 218 219#ifdef __cplusplus 220} 221#endif 222 223#endif /* _PASSWDUTIL_H */ 224