2011-06-10 17:02:47 +04:00
/*
* Copyright ( c ) Andrew Tridgell < tridge @ samba . org > 2000
* Copyright ( c ) Tim Potter < tpot @ samba . org > 2000
* Copyright ( c ) Andrew Bartlettt < abartlet @ samba . org > 2002
* Copyright ( c ) Guenther Deschner < gd @ samba . org > 2005 - 2008
* Copyright ( c ) Jan Rêkorajski 1999.
* Copyright ( c ) Andrew G . Morgan 1996 - 8.
* Copyright ( c ) Alex O . Yuriev , 1996.
* Copyright ( c ) Cristian Gafton 1996.
* Copyright ( C ) Elliot Lee < sopwith @ redhat . com > 1996 , Red Hat Software .
*
* Redistribution and use in source and binary forms , with or without
* modification , are permitted provided that the following conditions
* are met :
* 1. Redistributions of source code must retain the above copyright
* notice , and the entire permission notice in its entirety ,
* including the disclaimer of warranties .
* 2. Redistributions in binary form must reproduce the above copyright
* notice , this list of conditions and the following disclaimer in the
* documentation and / or other materials provided with the distribution .
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission .
*
* ALTERNATIVELY , this product may be distributed under the terms of
* the GNU Public License , in which case the provisions of the GPL are
* required INSTEAD OF the above restrictions . ( This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD - style copyright . )
*
* THIS SOFTWARE IS PROVIDED ` AS IS ' ' AND ANY EXPRESS OR IMPLIED
* WARRANTIES , INCLUDING , BUT NOT LIMITED TO , THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED . IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT ,
* INDIRECT , INCIDENTAL , SPECIAL , EXEMPLARY , OR CONSEQUENTIAL DAMAGES
* ( INCLUDING , BUT NOT LIMITED TO , PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES ; LOSS OF USE , DATA , OR PROFITS ; OR BUSINESS INTERRUPTION )
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY , WHETHER IN CONTRACT ,
* STRICT LIABILITY , OR TORT ( INCLUDING NEGLIGENCE OR OTHERWISE )
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE , EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE .
*/
2008-12-16 11:30:16 +03:00
/* pam_winbind header file
2001-05-07 09:03:40 +04:00
( Solaris needs some macros from Linux for common PAM code )
Shirish Kalele 2000
*/
2011-06-10 17:02:47 +04:00
# ifndef _NSSWITCH_PAM_WINBIND_H_
# define _NSSWITCH_PAM_WINBIND_H_
2008-09-17 17:00:50 +04:00
# include "../lib/replace/replace.h"
2006-09-22 02:24:53 +04:00
# include "system/syslog.h"
# include "system/time.h"
2008-08-14 18:53:51 +04:00
# include <talloc.h>
2008-08-14 20:15:00 +04:00
# include "libwbclient/wbclient.h"
2014-08-14 03:36:28 +04:00
# include "lib/util/tiniparser.h"
2001-05-07 09:03:40 +04:00
# define MODULE_NAME "pam_winbind"
# define PAM_SM_AUTH
# define PAM_SM_ACCOUNT
# define PAM_SM_PASSWORD
2008-02-01 15:03:39 +03:00
# define PAM_SM_SESSION
2001-05-07 09:03:40 +04:00
2006-04-11 19:18:46 +04:00
# ifndef PAM_WINBIND_CONFIG_FILE
# define PAM_WINBIND_CONFIG_FILE " / etc / security / pam_winbind.conf"
# endif
2008-10-30 12:53:52 +03:00
# ifdef HAVE_LIBINTL_H
# include <libintl.h>
# endif
2008-12-17 17:39:35 +03:00
# if defined(LINUX)
/* newer versions of PAM have this in _pam_compat.h */
# ifndef PAM_AUTHTOK_RECOVERY_ERR
# define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR
# endif
# else /* !LINUX */
2001-05-07 09:03:40 +04:00
/* Solaris always uses dynamic pam modules */
# define PAM_EXTERN extern
2007-05-24 00:31:28 +04:00
# if defined(HAVE_SECURITY_PAM_APPL_H)
2008-12-16 11:30:16 +03:00
# include <security/pam_appl.h>
2007-05-24 00:31:28 +04:00
# elif defined(HAVE_PAM_PAM_APPL_H)
# include <pam/pam_appl.h>
# endif
2001-05-07 09:03:40 +04:00
2003-09-04 07:28:40 +04:00
# ifndef PAM_AUTHTOK_RECOVER_ERR
2001-05-07 09:03:40 +04:00
# define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
# endif
2013-06-21 15:26:18 +04:00
# endif /* (!)LINUX */
2003-09-04 07:28:40 +04:00
2007-05-24 00:31:28 +04:00
# if defined(HAVE_SECURITY_PAM_MODULES_H)
2001-05-07 09:03:40 +04:00
# include <security/pam_modules.h>
2007-05-24 00:31:28 +04:00
# elif defined(HAVE_PAM_PAM_MODULES_H)
# include <pam/pam_modules.h>
2001-05-23 01:47:11 +04:00
# endif
2001-05-07 09:03:40 +04:00
2007-05-24 00:31:28 +04:00
# if defined(HAVE_SECURITY__PAM_MACROS_H)
2001-05-07 09:03:40 +04:00
# include <security/_pam_macros.h>
2007-05-24 00:31:28 +04:00
# elif defined(HAVE_PAM__PAM_MACROS_H)
# include <pam/_pam_macros.h>
2001-05-07 09:03:40 +04:00
# else
/* Define required macros from (Linux PAM 0.68) security/_pam_macros.h */
# define _pam_drop_reply( /* struct pam_response * */ reply, /* int */ replies) \
do { \
int reply_i ; \
\
for ( reply_i = 0 ; reply_i < replies ; + + reply_i ) { \
if ( reply [ reply_i ] . resp ) { \
_pam_overwrite ( reply [ reply_i ] . resp ) ; \
free ( reply [ reply_i ] . resp ) ; \
} \
} \
if ( reply ) \
free ( reply ) ; \
} while ( 0 )
# define _pam_overwrite(x) \
do { \
register char * __xx__ ; \
if ( ( __xx__ = ( x ) ) ) \
while ( * __xx__ ) \
* __xx__ + + = ' \0 ' ; \
} while ( 0 )
/*
* Don ' t just free it , forget it too .
*/
2001-09-17 08:52:45 +04:00
# define _pam_drop(X) SAFE_FREE(X)
2001-05-07 09:03:40 +04:00
2008-12-16 11:30:16 +03:00
# define x_strdup(s) ( (s) ? strdup(s):NULL )
2006-09-13 20:39:52 +04:00
# endif /* HAVE_SECURITY__PAM_MACROS_H */
# ifdef HAVE_SECURITY_PAM_EXT_H
# include <security/pam_ext.h>
2001-05-07 09:03:40 +04:00
# endif
2008-08-14 15:07:51 +04:00
# define WINBIND_DEBUG_ARG 0x00000001
# define WINBIND_USE_AUTHTOK_ARG 0x00000002
# define WINBIND_UNKNOWN_OK_ARG 0x00000004
# define WINBIND_TRY_FIRST_PASS_ARG 0x00000008
# define WINBIND_USE_FIRST_PASS_ARG 0x00000010
# define WINBIND__OLD_PASSWORD 0x00000020
# define WINBIND_REQUIRED_MEMBERSHIP 0x00000040
# define WINBIND_KRB5_AUTH 0x00000080
# define WINBIND_KRB5_CCACHE_TYPE 0x00000100
# define WINBIND_CACHED_LOGIN 0x00000200
# define WINBIND_CONFIG_FILE 0x00000400
# define WINBIND_SILENT 0x00000800
# define WINBIND_DEBUG_STATE 0x00001000
# define WINBIND_WARN_PWD_EXPIRE 0x00002000
2008-08-14 16:39:52 +04:00
# define WINBIND_MKHOMEDIR 0x00004000
2006-01-13 14:11:23 +03:00
2008-10-30 12:53:52 +03:00
# if defined(HAVE_GETTEXT) && !defined(__LCLINT__)
# define _(string) dgettext(MODULE_NAME, string)
# else
# define _(string) string
# endif
# define N_(string) string
2002-02-05 12:40:36 +03:00
/*
* here is the string to inform the user that the new passwords they
* typed were not the same .
*/
2008-10-30 12:53:52 +03:00
# define MISTYPED_PASS _("Sorry, passwords do not match")
2002-02-05 12:40:36 +03:00
# define on(x, y) (x & y)
# define off(x, y) (!(x & y))
2001-05-07 09:03:40 +04:00
2006-02-04 01:19:41 +03:00
# define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
2007-02-22 16:35:01 +03:00
# define PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH "PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH"
2006-02-04 01:19:41 +03:00
# define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
2006-08-01 19:31:16 +04:00
# define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT"
2007-02-05 20:12:13 +03:00
# define PAM_WINBIND_LOGONSERVER "PAM_WINBIND_LOGONSERVER"
2006-10-17 03:13:56 +04:00
# define PAM_WINBIND_PROFILEPATH "PAM_WINBIND_PROFILEPATH"
2006-05-02 23:22:39 +04:00
# define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET"
2006-02-04 01:19:41 +03:00
# define SECONDS_PER_DAY 86400
2007-07-04 18:03:10 +04:00
# define DEFAULT_DAYS_TO_WARN_BEFORE_PWD_EXPIRES 14
2006-02-04 01:19:41 +03:00
2002-09-25 19:19:00 +04:00
# include "winbind_client.h"
2006-02-04 01:19:41 +03:00
2008-04-03 19:23:22 +04:00
# define PAM_WB_REMARK_DIRECT(c,x)\
2006-02-04 01:19:41 +03:00
{ \
const char * error_string = NULL ; \
error_string = _get_ntstatus_error_string ( x ) ; \
if ( error_string ! = NULL ) { \
2008-04-03 19:23:22 +04:00
_make_remark ( c , PAM_ERROR_MSG , error_string ) ; \
2006-02-04 01:19:41 +03:00
} else { \
2008-04-03 19:23:22 +04:00
_make_remark ( c , PAM_ERROR_MSG , x ) ; \
2006-02-04 01:19:41 +03:00
} ; \
} ;
2007-05-07 00:33:33 +04:00
# define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000
2006-04-11 18:40:53 +04:00
2008-08-19 16:51:31 +04:00
# define PAM_WB_CACHED_LOGON(x) (x & WBC_AUTH_USER_INFO_CACHED_ACCOUNT)
2007-05-07 00:33:33 +04:00
# define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW)
2008-08-19 16:51:31 +04:00
# define PAM_WB_GRACE_LOGON(x) ((WBC_AUTH_USER_INFO_CACHED_ACCOUNT|WBC_AUTH_USER_INFO_GRACE_LOGON) == ( x & (WBC_AUTH_USER_INFO_CACHED_ACCOUNT|WBC_AUTH_USER_INFO_GRACE_LOGON)))
2008-04-03 15:19:46 +04:00
struct pwb_context {
2008-04-03 19:23:22 +04:00
pam_handle_t * pamh ;
2008-04-03 15:19:46 +04:00
int flags ;
int argc ;
const char * * argv ;
2014-08-14 03:36:28 +04:00
struct tiniparser_dictionary * dict ;
2008-04-03 15:19:46 +04:00
uint32_t ctrl ;
2016-03-24 11:38:56 +03:00
struct wbcContext * wbc_ctx ;
2008-04-03 15:19:46 +04:00
} ;
2008-08-14 18:53:51 +04:00
2009-03-16 12:13:08 +03:00
# ifndef TALLOC_FREE
2009-01-24 04:29:21 +03:00
# define TALLOC_FREE(ctx) do { talloc_free(ctx); ctx=NULL; } while(0)
2009-03-16 12:13:08 +03:00
# endif
2008-08-14 18:53:51 +04:00
# define TALLOC_ZERO_P(ctx, type) (type *)_talloc_zero(ctx, sizeof(type), #type)
# define TALLOC_P(ctx, type) (type *)talloc_named_const(ctx, sizeof(type), #type)
2011-06-10 17:02:47 +04:00
# endif /* _NSSWITCH_PAM_WINBIND_H_ */