passwdutil.h revision 03c6512857753c00f62e52595dc5def4dd3546e1
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * CDDL HEADER START
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner * The contents of this file are subject to the terms of the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Common Development and Distribution License, Version 1.0 only
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * (the "License"). You may not use this file except in compliance
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin * with the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * See the License for the specific language governing permissions
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * and limitations under the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * When distributing Covered Code, include this CDDL HEADER in each
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * If applicable, add the following below this CDDL HEADER, with the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * fields enclosed by brackets "[]" replaced with your own identifying
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * information: Portions Copyright [yyyy] [name of copyright owner]
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * CDDL HEADER END
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Use is subject to license terms.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#pragma ident "%Z%%M% %I% %E% SMI"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinextern "C" {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#include <crypt.h> /* CRYPT_MAXCIPHERTEXTLEN max crypt length */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* DAY_NOW_32 is a 32-bit value, independent of the architecture */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chintypedef enum {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* from plain passwd */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* from shadow */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* special operations */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Query operations */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* to obtain repository name that contained the info */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* special attribute */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* to set password following server policy */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* get history entry from supporting repositories */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin /* Failed login bookkeeping */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ATTR_FAILED_LOGINS = 0x800000, /* get # of failed logins */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ATTR_INCR_FAILED_LOGINS = 0x1000000, /* increment + lock if needed */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ATTR_RST_FAILED_LOGINS = 0x2000000 /* reset failed logins */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chintypedef struct attrlist_s {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chintypedef struct {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define REP_NOREP 0 /* Can't find suitable repository */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define REP_ERANGE 0x8000 /* Unknown repository specified */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* For the time being, these are also defined in pam_*.h */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define IS_FILES(r) (r.type != NULL && strcmp(r.type, "files") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define IS_NIS(r) (r.type != NULL && strcmp(r.type, "nis") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define IS_NISPLUS(r) (r.type != NULL && strcmp(r.type, "nisplus") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define IS_LDAP(r) (r.type != NULL && strcmp(r.type, "ldap") == 0)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chintypedef struct repops {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int (*checkhistory)(char *, char *, pwu_repository_t *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int (*getattr)(char *, attrlist *, pwu_repository_t *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int (*getpwnam)(char *, attrlist *, pwu_repository_t *, void **);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int (*putpwnam)(char *, char *, char *, pwu_repository_t *, void *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int (*user_to_authenticate)(char *, pwu_repository_t *, char **, int *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int (*lock)(void);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin int (*unlock)(void);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinvoid debug(char *, ...);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinchar *strsep(char **, const char *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_WRITE 1 /* Write (update) access to the repository */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstruct passwd *getpwnam_from(const char *, pwu_repository_t *, int);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstruct passwd *getpwuid_from(uid_t, pwu_repository_t *, int);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinstruct spwd *getspnam_from(const char *, pwu_repository_t *, int);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint __set_authtoken_attr(char *, char *, char *, pwu_repository_t *,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint __get_authtoken_attr(char *, pwu_repository_t *, attrlist *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint __user_to_authenticate(char *, pwu_repository_t *, char **, int *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint __verify_rpc_passwd(char *, char *, pwu_repository_t *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Password history definitions
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define MAXHISTORY 26 /* max depth of history 1 yr every 2 weeks */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint __check_history(char *, char *, pwu_repository_t *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint __incr_failed_count(char *, char *, int);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinint __rst_failed_count(char *, char *);
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin * Error codes
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_STAT_FAILED -2 /* stat of password file failed */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_OPEN_FAILED -3 /* password file open failed */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_WRITE_FAILED -4 /* can't write to password file */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_NOT_FOUND -6 /* user not found in database */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_UPDATE_FAILED -7 /* couldn't update password file */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_SYSTEM_ERROR -10 /* NIS local configuration problem */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_REPOSITORY_ERROR -13 /* Unknown repository specified */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_AGING_DISABLED -14 /* Modifying min/warn while max==-1 */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* NISPLUS specific errors */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_RECOVERY_ERR -15 /* can't recover old auth token */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_CRED_UPDATE_ERR -16 /* failed to update credentials */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_ATTR_UPDATE_ERR -17 /* failed to update attributes */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_CRED_ERROR -18 /* failed to obtain user credentials */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_PARTIAL_SUCCESS -19 /* passwd is updated, creds are not */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_BAD_CREDPASS -20 /* password doesn't decrypt creds */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_NO_PRIV_CRED_UPDATE -21 /* priv. user can't update creds */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_UPDATED_SOME_CREDS -22 /* some, not all, creds were updated */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin/* More errors, not NISPLUS specific */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_PWD_TOO_SHORT -23 /* new passwd too short */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_PWD_INVALID -24 /* new passwd has invalid syntax */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_PWD_IN_HISTORY -25 /* new passwd in history list */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_CHANGE_NOT_ALLOWED -26 /* change not allowed */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#define PWU_WITHIN_MIN_AGE -27 /* change not allowed, within min age */
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#endif /* _PASSWDUTIL_H */