nsswitch/pam_winbind.h

説明を見る。
00001 /* pam_winbind header file 
00002    (Solaris needs some macros from Linux for common PAM code)
00003 
00004    Shirish Kalele 2000
00005 */
00006 
00007 #include "lib/replace/replace.h"
00008 #include "system/syslog.h"
00009 #include "system/time.h"
00010 
00011 #define MODULE_NAME "pam_winbind"
00012 #define PAM_SM_AUTH
00013 #define PAM_SM_ACCOUNT
00014 #define PAM_SM_PASSWORD
00015 
00016 #ifndef PAM_WINBIND_CONFIG_FILE
00017 #define PAM_WINBIND_CONFIG_FILE "/etc/security/pam_winbind.conf"
00018 #endif
00019 
00020 #include <iniparser.h>
00021 
00022 #ifndef LINUX
00023 
00024 /* Solaris always uses dynamic pam modules */
00025 #define PAM_EXTERN extern
00026 #include <security/pam_appl.h> 
00027 
00028 #ifndef PAM_AUTHTOK_RECOVER_ERR
00029 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
00030 #endif
00031 
00032 #endif /* defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD) || defined(AIX) */
00033 
00034 #ifdef HAVE_SECURITY_PAM_MODULES_H
00035 #include <security/pam_modules.h>
00036 #endif
00037 
00038 #ifdef HAVE_SECURITY__PAM_MACROS_H
00039 #include <security/_pam_macros.h>
00040 #else
00041 /* Define required macros from (Linux PAM 0.68) security/_pam_macros.h */
00042 #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
00043 do {                                              \
00044     int reply_i;                                  \
00045                                                   \
00046     for (reply_i=0; reply_i<replies; ++reply_i) { \
00047         if (reply[reply_i].resp) {                \
00048             _pam_overwrite(reply[reply_i].resp);  \
00049             free(reply[reply_i].resp);            \
00050         }                                         \
00051     }                                             \
00052     if (reply)                                    \
00053         free(reply);                              \
00054 } while (0)
00055 
00056 #define _pam_overwrite(x)        \
00057 do {                             \
00058      register char *__xx__;      \
00059      if ((__xx__=(x)))           \
00060           while (*__xx__)        \
00061                *__xx__++ = '\0'; \
00062 } while (0)
00063 
00064 /*
00065  * Don't just free it, forget it too.
00066  */
00067 
00068 #define _pam_drop(X) SAFE_FREE(X)
00069 
00070 #define  x_strdup(s)  ( (s) ? strdup(s):NULL )     
00071 #endif /* HAVE_SECURITY__PAM_MACROS_H */
00072 
00073 #ifdef HAVE_SECURITY_PAM_EXT_H
00074 #include <security/pam_ext.h>
00075 #endif
00076 
00077 #define WINBIND_DEBUG_ARG (1<<0)
00078 #define WINBIND_USE_AUTHTOK_ARG (1<<1)
00079 #define WINBIND_UNKNOWN_OK_ARG (1<<2)
00080 #define WINBIND_TRY_FIRST_PASS_ARG (1<<3)
00081 #define WINBIND_USE_FIRST_PASS_ARG (1<<4)
00082 #define WINBIND__OLD_PASSWORD (1<<5)
00083 #define WINBIND_REQUIRED_MEMBERSHIP (1<<6)
00084 #define WINBIND_KRB5_AUTH (1<<7)
00085 #define WINBIND_KRB5_CCACHE_TYPE (1<<8)
00086 #define WINBIND_CACHED_LOGIN (1<<9)
00087 #define WINBIND_CONFIG_FILE (1<<10)
00088 #define WINBIND_SILENT (1<<11)
00089 #define WINBIND_DEBUG_STATE (1<<12)
00090 
00091 /*
00092  * here is the string to inform the user that the new passwords they
00093  * typed were not the same.
00094  */
00095 
00096 #define MISTYPED_PASS "Sorry, passwords do not match"
00097 
00098 #define on(x, y) (x & y)
00099 #define off(x, y) (!(x & y))
00100 
00101 #define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
00102 #define PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH "PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH"
00103 #define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
00104 #define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT"
00105 #define PAM_WINBIND_LOGONSERVER "PAM_WINBIND_LOGONSERVER"
00106 #define PAM_WINBIND_PROFILEPATH "PAM_WINBIND_PROFILEPATH"
00107 #define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET"
00108 
00109 #define SECONDS_PER_DAY 86400
00110 
00111 #define DAYS_TO_WARN_BEFORE_PWD_EXPIRES 5
00112 
00113 #include "winbind_client.h"
00114 
00115 #define PAM_WB_REMARK_DIRECT(h,f,x)\
00116 {\
00117         const char *error_string = NULL; \
00118         error_string = _get_ntstatus_error_string(x);\
00119         if (error_string != NULL) {\
00120                 _make_remark(h, f, PAM_ERROR_MSG, error_string);\
00121         } else {\
00122                 _make_remark(h, f, PAM_ERROR_MSG, x);\
00123         };\
00124 };
00125 
00126 #define PAM_WB_REMARK_DIRECT_RET(h,f,x)\
00127 {\
00128         const char *error_string = NULL; \
00129         error_string = _get_ntstatus_error_string(x);\
00130         if (error_string != NULL) {\
00131                 _make_remark(h, f, PAM_ERROR_MSG, error_string);\
00132                 return ret;\
00133         };\
00134         _make_remark(h, f, PAM_ERROR_MSG, x);\
00135         return ret;\
00136 };
00137 
00138 #define PAM_WB_REMARK_CHECK_RESPONSE(h,f,x,y)\
00139 {\
00140         const char *ntstatus = x.data.auth.nt_status_string; \
00141         const char *error_string = NULL; \
00142         if (!strcasecmp(ntstatus,y)) {\
00143                 error_string = _get_ntstatus_error_string(y);\
00144                 if (error_string != NULL) {\
00145                         _make_remark(h, f, PAM_ERROR_MSG, error_string);\
00146                 };\
00147                 if (x.data.auth.error_string[0] != '\0') {\
00148                         _make_remark(h, f, PAM_ERROR_MSG, x.data.auth.error_string);\
00149                 };\
00150                 _make_remark(h, f, PAM_ERROR_MSG, y);\
00151         };\
00152 };
00153 
00154 #define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,f,x,y)\
00155 {\
00156         const char *ntstatus = x.data.auth.nt_status_string; \
00157         const char *error_string = NULL; \
00158         if (!strcasecmp(ntstatus,y)) {\
00159                 error_string = _get_ntstatus_error_string(y);\
00160                 if (error_string != NULL) {\
00161                         _make_remark(h, f, PAM_ERROR_MSG, error_string);\
00162                         return ret;\
00163                 };\
00164                 if (x.data.auth.error_string[0] != '\0') {\
00165                         _make_remark(h, f, PAM_ERROR_MSG, x.data.auth.error_string);\
00166                         return ret;\
00167                 };\
00168                 _make_remark(h, f, PAM_ERROR_MSG, y);\
00169                 return ret;\
00170         };\
00171 };
00172 
00173 /* from include/rpc_samr.h */
00174 #define DOMAIN_PASSWORD_COMPLEX            0x00000001
00175 
00176 #define REJECT_REASON_OTHER             0x00000000
00177 #define REJECT_REASON_TOO_SHORT         0x00000001
00178 #define REJECT_REASON_IN_HISTORY        0x00000002
00179 #define REJECT_REASON_NOT_COMPLEX       0x00000005
00180 
00181 /* from include/smb.h */
00182 #define ACB_PWNOEXP                     0x00000200
00183 
00184 /* from include/rpc_netlogon.h */
00185 #define LOGON_CACHED_ACCOUNT            0x00000004
00186 #define LOGON_GRACE_LOGON               0x01000000
00187 
00188 #define PAM_WB_CACHED_LOGON(x) (x & LOGON_CACHED_ACCOUNT)
00189 #define PAM_WB_GRACE_LOGON(x)  ((LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON) == ( x & (LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON)))
Sambaに対してSat Aug 29 21:23:09 2009に生成されました。  doxygen 1.4.7