1 /* pam_winbind header file
2 (Solaris needs some macros from Linux for common PAM code)
16 #include <sys/types.h>
24 #define MODULE_NAME "pam_winbind"
26 #define PAM_SM_ACCOUNT
27 #define PAM_SM_PASSWORD
29 #include <iniparser.h>
31 #if defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD) || defined(AIX)
33 /* Solaris always uses dynamic pam modules */
34 #define PAM_EXTERN extern
35 #include <security/pam_appl.h>
37 #ifndef PAM_AUTHTOK_RECOVER_ERR
38 #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
43 #ifdef HAVE_SECURITY_PAM_MODULES_H
44 #include <security/pam_modules.h>
47 #ifdef HAVE_SECURITY__PAM_MACROS_H
48 #include <security/_pam_macros.h>
50 /* Define required macros from (Linux PAM 0.68) security/_pam_macros.h */
51 #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
55 for (reply_i=0; reply_i<replies; ++reply_i) { \
56 if (reply[reply_i].resp) { \
57 _pam_overwrite(reply[reply_i].resp); \
58 free(reply[reply_i].resp); \
65 #define _pam_overwrite(x) \
67 register char *__xx__; \
74 * Don't just free it, forget it too.
77 #define _pam_drop(X) SAFE_FREE(X)
79 #define x_strdup(s) ( (s) ? strdup(s):NULL )
82 #define WINBIND_DEBUG_ARG (1<<0)
83 #define WINBIND_USE_AUTHTOK_ARG (1<<1)
84 #define WINBIND_UNKNOWN_OK_ARG (1<<2)
85 #define WINBIND_TRY_FIRST_PASS_ARG (1<<3)
86 #define WINBIND_USE_FIRST_PASS_ARG (1<<4)
87 #define WINBIND__OLD_PASSWORD (1<<5)
88 #define WINBIND_REQUIRED_MEMBERSHIP (1<<6)
89 #define WINBIND_KRB5_AUTH (1<<7)
90 #define WINBIND_KRB5_CCACHE_TYPE (1<<8)
91 #define WINBIND_CACHED_LOGIN (1<<9)
92 #define WINBIND_CONFIG_FILE (1<<10)
95 * here is the string to inform the user that the new passwords they
96 * typed were not the same.
99 #define MISTYPED_PASS "Sorry, passwords do not match"
101 #define on(x, y) (x & y)
102 #define off(x, y) (!(x & y))
104 #define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
105 #define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
107 #define SECONDS_PER_DAY 86400
109 #define DAYS_TO_WARN_BEFORE_PWD_EXPIRES 5
111 #include "winbind_client.h"
113 #include <dynconfig.h>
115 #define PAM_WB_REMARK_DIRECT(h,x)\
117 const char *error_string = NULL; \
118 error_string = _get_ntstatus_error_string(x);\
119 if (error_string != NULL) {\
120 _make_remark(h, PAM_ERROR_MSG, error_string);\
122 _make_remark(h, PAM_ERROR_MSG, x);\
126 #define PAM_WB_REMARK_DIRECT_RET(h,x)\
128 const char *error_string = NULL; \
129 error_string = _get_ntstatus_error_string(x);\
130 if (error_string != NULL) {\
131 _make_remark(h, PAM_ERROR_MSG, error_string);\
134 _make_remark(h, PAM_ERROR_MSG, x);\
138 #define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,x,y)\
140 const char *ntstatus = x.data.auth.nt_status_string; \
141 const char *error_string = NULL; \
142 if (!strcasecmp(ntstatus,y)) {\
143 error_string = _get_ntstatus_error_string(y);\
144 if (error_string != NULL) {\
145 _make_remark(h, PAM_ERROR_MSG, error_string);\
148 if (x.data.auth.error_string[0] != '\0') {\
149 _make_remark(h, PAM_ERROR_MSG, x.data.auth.error_string);\
152 _make_remark(h, PAM_ERROR_MSG, y);\
157 /* from include/rpc_samr.h */
158 #define DOMAIN_PASSWORD_COMPLEX 0x00000001
160 #define REJECT_REASON_OTHER 0x00000000
161 #define REJECT_REASON_TOO_SHORT 0x00000001
162 #define REJECT_REASON_IN_HISTORY 0x00000002
163 #define REJECT_REASON_NOT_COMPLEX 0x00000005
165 /* from include/smb.h */
166 #define ACB_PWNOEXP 0x00000200
168 /* from include/rpc_netlogon.h */
169 #define LOGON_CACHED_ACCOUNT 0x00000004