root/source3/pam_smbpass/general.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM


   1 #ifndef LINUX
   2 /* This is only needed by modules in the Sun implementation. */
   3 #if defined(HAVE_SECURITY_PAM_APPL_H)
   4 #include <security/pam_appl.h>
   5 #elif defined(HAVE_PAM_PAM_APPL_H)
   6 #include <pam/pam_appl.h>
   7 #endif
   8 #endif  /* LINUX */
   9 
  10 #if defined(HAVE_SECURITY_PAM_MODULES_H)
  11 #include <security/pam_modules.h>
  12 #elif defined(HAVE_PAM_PAM_MODULES_H)
  13 #include <pam/pam_modules.h>
  14 #endif
  15 
  16 #ifndef PAM_AUTHTOK_RECOVER_ERR  
  17 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
  18 #endif
  19 
  20 #include <stdio.h>
  21 #include <stdlib.h>
  22 #include <syslog.h>
  23 #include <unistd.h>
  24 #include <sys/types.h>
  25 #include <sys/stat.h>
  26 #include <sys/wait.h>
  27 
  28 /*
  29  * here is the string to inform the user that the new passwords they
  30  * typed were not the same.
  31  */
  32 
  33 #define MISTYPED_PASS "Sorry, passwords do not match"
  34 
  35 /* type definition for the control options */
  36 
  37 typedef struct {
  38      const char *token;
  39      unsigned int mask;            /* shall assume 32 bits of flags */
  40      unsigned int flag;
  41 } SMB_Ctrls;
  42 
  43 #ifndef False
  44 #define False (0)
  45 #endif
  46 
  47 #ifndef True
  48 #define True (1)
  49 #endif
  50 
  51 /* macro to determine if a given flag is on */
  52 #define on(x,ctrl)  (smb_args[x].flag & ctrl)
  53 
  54 /* macro to determine that a given flag is NOT on */
  55 #define off(x,ctrl) (!on(x,ctrl))
  56 
  57 /* macro to turn on/off a ctrl flag manually */
  58 #define set(x,ctrl)   (ctrl = ((ctrl)&smb_args[x].mask)|smb_args[x].flag)
  59 #define unset(x,ctrl) (ctrl &= ~(smb_args[x].flag))
  60 
  61 /* the generic mask */
  62 #define _ALL_ON_  (~0U)
  63 
  64 /* end of macro definitions definitions for the control flags */
  65 
  66 /*
  67  * These are the options supported by the smb password module, very
  68  * similar to the pwdb options
  69  */
  70 
  71 #define SMB__OLD_PASSWD          0      /* internal */
  72 #define SMB__VERIFY_PASSWD       1      /* internal */
  73 
  74 #define SMB_AUDIT                2      /* print more things than debug..
  75                                            some information may be sensitive */
  76 #define SMB_USE_FIRST_PASS       3
  77 #define SMB_TRY_FIRST_PASS       4
  78 #define SMB_NOT_SET_PASS         5      /* don't set the AUTHTOK items */
  79 
  80 #define SMB__NONULL              6      /* internal */
  81 #define SMB__QUIET               7      /* internal */
  82 #define SMB_USE_AUTHTOK          8      /* insist on reading PAM_AUTHTOK */
  83 #define SMB__NULLOK              9      /* Null token ok */
  84 #define SMB_DEBUG               10      /* send more info to syslog(3) */
  85 #define SMB_NODELAY             11      /* admin does not want a fail-delay */
  86 #define SMB_MIGRATE             12      /* Does no authentication, just
  87                                            updates the smb database. */
  88 #define SMB_CONF_FILE           13      /* Alternate location of smb.conf */
  89 
  90 #define SMB_CTRLS_              14      /* number of ctrl arguments defined */
  91 
  92 static const SMB_Ctrls smb_args[SMB_CTRLS_] = {
  93 /* symbol                 token name          ctrl mask      ctrl       *
  94  * ------------------     ------------------  -------------- ---------- */
  95 
  96 /* SMB__OLD_PASSWD */    {  NULL,            _ALL_ON_,              01 },
  97 /* SMB__VERIFY_PASSWD */ {  NULL,            _ALL_ON_,              02 },
  98 /* SMB_AUDIT */          { "audit",          _ALL_ON_,              04 },
  99 /* SMB_USE_FIRST_PASS */ { "use_first_pass", _ALL_ON_^(030),       010 },
 100 /* SMB_TRY_FIRST_PASS */ { "try_first_pass", _ALL_ON_^(030),       020 },
 101 /* SMB_NOT_SET_PASS */   { "not_set_pass",   _ALL_ON_,             040 },
 102 /* SMB__NONULL */        {  "nonull",        _ALL_ON_,            0100 },
 103 /* SMB__QUIET */         {  NULL,            _ALL_ON_,            0200 },
 104 /* SMB_USE_AUTHTOK */    { "use_authtok",    _ALL_ON_,            0400 },
 105 /* SMB__NULLOK */        { "nullok",         _ALL_ON_^(0100),        0 },
 106 /* SMB_DEBUG */          { "debug",          _ALL_ON_,           01000 },
 107 /* SMB_NODELAY */        { "nodelay",        _ALL_ON_,           02000 },
 108 /* SMB_MIGRATE */        { "migrate",        _ALL_ON_^(0100),    04000 },
 109 /* SMB_CONF_FILE */      { "smbconf=",       _ALL_ON_,               0 },
 110 };
 111 
 112 #define SMB_DEFAULTS  (smb_args[SMB__NONULL].flag)
 113 
 114 /*
 115  * the following is used to keep track of the number of times a user fails
 116  * to authenticate themself.
 117  */
 118 
 119 #define FAIL_PREFIX                     "-SMB-FAIL-"
 120 #define SMB_MAX_RETRIES                 3
 121 
 122 struct _pam_failed_auth {
 123     char *user;                 /* user that's failed to be authenticated */
 124     uid_t id;                   /* uid of requested user */
 125     char *agent;                /* attempt from user with name */
 126     int count;                  /* number of failures so far */
 127 };
 128 
 129 /*
 130  * General use functions go here 
 131  */
 132 
 133 /* from support.c */
 134 int make_remark(pam_handle_t *, unsigned int, int, const char *);

/* [<][>][^][v][top][bottom][index][help] */