/* Solaris always uses dynamic pam modules */
#define PAM_EXTERN extern
+#if defined(HAVE_SECURITY_PAM_APPL_H)
#include <security/pam_appl.h>
+#elif defined(HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
#ifndef PAM_AUTHTOK_RECOVER_ERR
#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
#endif /* defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD) || defined(AIX) */
-#ifdef HAVE_SECURITY_PAM_MODULES_H
+#if defined(HAVE_SECURITY_PAM_MODULES_H)
#include <security/pam_modules.h>
+#elif defined(HAVE_PAM_PAM_MODULES_H)
+#include <pam/pam_modules.h>
#endif
-#ifdef HAVE_SECURITY__PAM_MACROS_H
+#if defined(HAVE_SECURITY__PAM_MACROS_H)
#include <security/_pam_macros.h>
+#elif defined(HAVE_PAM__PAM_MACROS_H)
+#include <pam/_pam_macros.h>
#else
/* Define required macros from (Linux PAM 0.68) security/_pam_macros.h */
#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
#define off(x, y) (!(x & y))
#define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
+#define PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH "PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH"
#define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
#define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT"
+#define PAM_WINBIND_LOGONSERVER "PAM_WINBIND_LOGONSERVER"
#define PAM_WINBIND_PROFILEPATH "PAM_WINBIND_PROFILEPATH"
#define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET"
#define SECONDS_PER_DAY 86400
-#define DAYS_TO_WARN_BEFORE_PWD_EXPIRES 5
+#define DEFAULT_DAYS_TO_WARN_BEFORE_PWD_EXPIRES 14
#include "winbind_client.h"
-#define PAM_WB_REMARK_DIRECT(h,x)\
+#define PAM_WB_REMARK_DIRECT(h,f,x)\
{\
const char *error_string = NULL; \
error_string = _get_ntstatus_error_string(x);\
if (error_string != NULL) {\
- _make_remark(h, PAM_ERROR_MSG, error_string);\
+ _make_remark(h, f, PAM_ERROR_MSG, error_string);\
} else {\
- _make_remark(h, PAM_ERROR_MSG, x);\
+ _make_remark(h, f, PAM_ERROR_MSG, x);\
};\
};
-#define PAM_WB_REMARK_DIRECT_RET(h,x)\
+#define PAM_WB_REMARK_DIRECT_RET(h,f,x)\
{\
const char *error_string = NULL; \
error_string = _get_ntstatus_error_string(x);\
if (error_string != NULL) {\
- _make_remark(h, PAM_ERROR_MSG, error_string);\
+ _make_remark(h, f, PAM_ERROR_MSG, error_string);\
return ret;\
};\
- _make_remark(h, PAM_ERROR_MSG, x);\
+ _make_remark(h, f, PAM_ERROR_MSG, x);\
return ret;\
};
-
-#define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,x,y)\
+
+#define PAM_WB_REMARK_CHECK_RESPONSE(h,f,x,y)\
+{\
+ const char *ntstatus = x.data.auth.nt_status_string; \
+ const char *error_string = NULL; \
+ if (!strcasecmp(ntstatus,y)) {\
+ error_string = _get_ntstatus_error_string(y);\
+ if (error_string != NULL) {\
+ _make_remark(h, f, PAM_ERROR_MSG, error_string);\
+ };\
+ if (x.data.auth.error_string[0] != '\0') {\
+ _make_remark(h, f, PAM_ERROR_MSG, x.data.auth.error_string);\
+ };\
+ _make_remark(h, f, PAM_ERROR_MSG, y);\
+ };\
+};
+
+#define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,f,x,y)\
{\
const char *ntstatus = x.data.auth.nt_status_string; \
const char *error_string = NULL; \
if (!strcasecmp(ntstatus,y)) {\
error_string = _get_ntstatus_error_string(y);\
if (error_string != NULL) {\
- _make_remark(h, PAM_ERROR_MSG, error_string);\
+ _make_remark(h, f, PAM_ERROR_MSG, error_string);\
return ret;\
};\
if (x.data.auth.error_string[0] != '\0') {\
- _make_remark(h, PAM_ERROR_MSG, x.data.auth.error_string);\
+ _make_remark(h, f, PAM_ERROR_MSG, x.data.auth.error_string);\
return ret;\
};\
- _make_remark(h, PAM_ERROR_MSG, y);\
+ _make_remark(h, f, PAM_ERROR_MSG, y);\
return ret;\
};\
};
/* from include/rpc_netlogon.h */
#define LOGON_CACHED_ACCOUNT 0x00000004
#define LOGON_GRACE_LOGON 0x01000000
+#define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000
#define PAM_WB_CACHED_LOGON(x) (x & LOGON_CACHED_ACCOUNT)
+#define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW)
#define PAM_WB_GRACE_LOGON(x) ((LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON) == ( x & (LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON)))