Samba: pam_smbpass/general.h ソースファイル

00001 #ifndef LINUX
00002 /* This is only needed by modules in the Sun implementation. */
00003 #include <security/pam_appl.h>
00004 #endif  /* LINUX */
00005 
00006 #include <security/pam_modules.h>
00007 
00008 #ifndef PAM_AUTHTOK_RECOVER_ERR  
00009 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
00010 #endif
00011 
00012 #include <stdio.h>
00013 #include <stdlib.h>
00014 #include <syslog.h>
00015 #include <unistd.h>
00016 #include <sys/types.h>
00017 #include <sys/stat.h>
00018 #include <sys/wait.h>
00019 
00020 /*
00021  * here is the string to inform the user that the new passwords they
00022  * typed were not the same.
00023  */
00024 
00025 #define MISTYPED_PASS "Sorry, passwords do not match"
00026 
00027 /* type definition for the control options */
00028 
00029 typedef struct {
00030      const char *token;
00031      unsigned int mask;            /* shall assume 32 bits of flags */
00032      unsigned int flag;
00033 } SMB_Ctrls;
00034 
00035 #ifndef False
00036 #define False (0)
00037 #endif
00038 
00039 #ifndef True
00040 #define True (1)
00041 #endif
00042 
00043 /* macro to determine if a given flag is on */
00044 #define on(x,ctrl)  (smb_args[x].flag & ctrl)
00045 
00046 /* macro to determine that a given flag is NOT on */
00047 #define off(x,ctrl) (!on(x,ctrl))
00048 
00049 /* macro to turn on/off a ctrl flag manually */
00050 #define set(x,ctrl)   (ctrl = ((ctrl)&smb_args[x].mask)|smb_args[x].flag)
00051 #define unset(x,ctrl) (ctrl &= ~(smb_args[x].flag))
00052 
00053 /* the generic mask */
00054 #define _ALL_ON_  (~0U)
00055 
00056 /* end of macro definitions definitions for the control flags */
00057 
00058 /*
00059  * These are the options supported by the smb password module, very
00060  * similar to the pwdb options
00061  */
00062 
00063 #define SMB__OLD_PASSWD          0      /* internal */
00064 #define SMB__VERIFY_PASSWD       1      /* internal */
00065 
00066 #define SMB_AUDIT                2      /* print more things than debug..
00067                                            some information may be sensitive */
00068 #define SMB_USE_FIRST_PASS       3
00069 #define SMB_TRY_FIRST_PASS       4
00070 #define SMB_NOT_SET_PASS         5      /* don't set the AUTHTOK items */
00071 
00072 #define SMB__NONULL              6      /* internal */
00073 #define SMB__QUIET               7      /* internal */
00074 #define SMB_USE_AUTHTOK          8      /* insist on reading PAM_AUTHTOK */
00075 #define SMB__NULLOK              9      /* Null token ok */
00076 #define SMB_DEBUG               10      /* send more info to syslog(3) */
00077 #define SMB_NODELAY             11      /* admin does not want a fail-delay */
00078 #define SMB_MIGRATE             12      /* Does no authentication, just
00079                                            updates the smb database. */
00080 #define SMB_CONF_FILE           13      /* Alternate location of smb.conf */
00081 
00082 #define SMB_CTRLS_              14      /* number of ctrl arguments defined */
00083 
00084 static const SMB_Ctrls smb_args[SMB_CTRLS_] = {
00085 /* symbol                 token name          ctrl mask      ctrl       *
00086  * ------------------     ------------------  -------------- ---------- */
00087 
00088 /* SMB__OLD_PASSWD */    {  NULL,            _ALL_ON_,              01 },
00089 /* SMB__VERIFY_PASSWD */ {  NULL,            _ALL_ON_,              02 },
00090 /* SMB_AUDIT */          { "audit",          _ALL_ON_,              04 },
00091 /* SMB_USE_FIRST_PASS */ { "use_first_pass", _ALL_ON_^(030),       010 },
00092 /* SMB_TRY_FIRST_PASS */ { "try_first_pass", _ALL_ON_^(030),       020 },
00093 /* SMB_NOT_SET_PASS */   { "not_set_pass",   _ALL_ON_,             040 },
00094 /* SMB__NONULL */        {  "nonull",        _ALL_ON_,            0100 },
00095 /* SMB__QUIET */         {  NULL,            _ALL_ON_,            0200 },
00096 /* SMB_USE_AUTHTOK */    { "use_authtok",    _ALL_ON_,            0400 },
00097 /* SMB__NULLOK */        { "nullok",         _ALL_ON_^(0100),        0 },
00098 /* SMB_DEBUG */          { "debug",          _ALL_ON_,           01000 },
00099 /* SMB_NODELAY */        { "nodelay",        _ALL_ON_,           02000 },
00100 /* SMB_MIGRATE */        { "migrate",        _ALL_ON_^(0100),    04000 },
00101 /* SMB_CONF_FILE */      { "smbconf=",       _ALL_ON_,               0 },
00102 };
00103 
00104 #define SMB_DEFAULTS  (smb_args[SMB__NONULL].flag)
00105 
00106 /*
00107  * the following is used to keep track of the number of times a user fails
00108  * to authenticate themself.
00109  */
00110 
00111 #define FAIL_PREFIX                     "-SMB-FAIL-"
00112 #define SMB_MAX_RETRIES                 3
00113 
00114 struct _pam_failed_auth {
00115     char *user;                 /* user that's failed to be authenticated */
00116     uid_t id;                   /* uid of requested user */
00117     char *agent;                /* attempt from user with name */
00118     int count;                  /* number of failures so far */
00119 };
00120 
00121 /*
00122  * General use functions go here 
00123  */
00124 
00125 /* from support.c */
00126 int make_remark(pam_handle_t *, unsigned int, int, const char *);