lib/passwdutil/passwdutil.h

	passwdutil.h revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef _PASSWDUTIL_H
#define _PASSWDUTIL_H

#pragma ident   "%Z%%M% %I% %E% SMI"

#ifdef __cplusplus
extern "C" {
#endif

#include <sys/types.h>
#include <shadow.h>
#include <crypt.h>      /* CRYPT_MAXCIPHERTEXTLEN max crypt length */

/* DAY_NOW_32 is a 32-bit value, independent of the architecture */
#ifdef _LP64
#include <sys/types32.h>
#define DAY_NOW_32  ((time32_t)DAY_NOW)
#else
#define DAY_NOW_32  ((time_t)DAY_NOW)
#endif

typedef enum {
    /* from plain passwd */
    ATTR_NAME   = 0x1,
    ATTR_PASSWD = 0x2,
    ATTR_UID    = 0x4,
    ATTR_GID    = 0x8,
    ATTR_AGE    = 0x10,
    ATTR_COMMENT    = 0x20,
    ATTR_GECOS  = 0x40,
    ATTR_HOMEDIR    = 0x80,
    ATTR_SHELL  = 0x100,
    /* from shadow */
    ATTR_LSTCHG = 0x200,
    ATTR_MIN    = 0x400,
    ATTR_MAX    = 0x800,
    ATTR_WARN   = 0x1000,
    ATTR_INACT  = 0x2000,
    ATTR_EXPIRE = 0x4000,
    ATTR_FLAG   = 0x8000,
    /* special operations */
    ATTR_LOCK_ACCOUNT   = 0x10000,
    ATTR_EXPIRE_PASSWORD    = 0x20000,
    ATTR_NOLOGIN_ACCOUNT    = 0x40000,
    ATTR_UNLOCK_ACCOUNT = 0x80000,
    /* Query operations */
    /* to obtain repository name that contained the info */
    ATTR_REP_NAME       = 0x100000,
    /* special attribute */
    /* to set password following server policy */
    ATTR_PASSWD_SERVER_POLICY   = 0x200000,
    /* get history entry from supporting repositories */
    ATTR_HISTORY    = 0x400000,
    /* Failed login bookkeeping */
    ATTR_FAILED_LOGINS  = 0x800000, /* get # of failed logins */
    ATTR_INCR_FAILED_LOGINS = 0x1000000,    /* increment + lock if needed */
    ATTR_RST_FAILED_LOGINS  = 0x2000000 /* reset failed logins */
} attrtype;

typedef struct attrlist_s {
    attrtype type;
    union {
        char *val_s;
        int val_i;
    } data;
    struct attrlist_s *next;
} attrlist;

typedef struct {
    char   *type;
    void   *scope;
    size_t  scope_len;
} pwu_repository_t;

#define PWU_DEFAULT_REP (pwu_repository_t *)NULL

#define REP_NOREP   0       /* Can't find suitable repository */
#define REP_FILES   0x0001      /* /etc/passwd, /etc/shadow */
#define REP_NIS     0x0002
#define REP_NISPLUS 0x0004
#define REP_LDAP    0x0008
#define REP_NSS     0x0010
#define REP_LAST    REP_NSS
#define REP_ERANGE  0x8000      /* Unknown repository specified */

#define REP_COMPAT_NIS      0x1000
#define REP_COMPAT_NISPLUS  0x2000
#define REP_COMPAT_LDAP     0x4000

/* For the time being, these are also defined in pam_*.h */
#undef  IS_NISPLUS
#undef  IS_FILES
#undef  IS_NIS
#undef  IS_LDAP

#define IS_FILES(r) (r.type != NULL && strcmp(r.type, "files") == 0)
#define IS_NIS(r)   (r.type != NULL && strcmp(r.type, "nis") == 0)
#define IS_NISPLUS(r)   (r.type != NULL && strcmp(r.type, "nisplus") == 0)
#define IS_LDAP(r)  (r.type != NULL && strcmp(r.type, "ldap") == 0)

#define MINWEEKS    -1
#define MAXWEEKS    -1
#define WARNWEEKS   -1

#define NISPLUS_LOOKUP  0
#define NISPLUS_UPDATE  1

typedef struct repops {
    int (*checkhistory)(char *, char *, pwu_repository_t *);
    int (*getattr)(char *, attrlist *, pwu_repository_t *);
    int (*getpwnam)(char *, attrlist *, pwu_repository_t *, void **);
    int (*update)(attrlist *, pwu_repository_t *, void *);
    int (*putpwnam)(char *, char *, char *, pwu_repository_t *, void *);
    int (*user_to_authenticate)(char *, pwu_repository_t *, char **, int *);
    int (*lock)(void);
    int (*unlock)(void);
} repops_t;

extern repops_t rops[];

/*
 * utils.c
 */
void turn_on_default_aging(struct spwd *);
int def_getint(char *name, int defvalue);

/*
 * debug.c
 */
void debug_init(void);
void debug(char *, ...);

/*
 * bsd-strsep.c
 */
char *strsep(char **, const char *);

/*
 * switch_utils.c
 */
#define PWU_READ    0 /* Read access to the repository */
#define PWU_WRITE   1 /* Write (update) access to the repository */

int get_ns(pwu_repository_t *, int);
struct passwd *getpwnam_from(const char *, pwu_repository_t *, int);
struct passwd *getpwuid_from(uid_t, pwu_repository_t *, int);
struct spwd *getspnam_from(const char *, pwu_repository_t *, int);

/*
 * __set_authtok_attr.c
 */
int __set_authtoken_attr(char *, char *, char *, pwu_repository_t *,
    attrlist *, int *);
/*
 * __get_authtokenn_attr.c
 */
int __get_authtoken_attr(char *, pwu_repository_t *, attrlist *);

/*
 * __user_to_authenticate.c
 */
int __user_to_authenticate(char *, pwu_repository_t *, char **, int *);

/*
 * __verify_rpc_passwd.c
 */
int __verify_rpc_passwd(char *, char *, pwu_repository_t *);

/*
 *  Password history definitions
 */
#define DEFHISTORY  0   /* default history depth */
#define MAXHISTORY  26  /* max depth of history 1 yr every 2 weeks */

/*
 * __check_history.c
 */
int __check_history(char *, char *, pwu_repository_t *);

int __incr_failed_count(char *, char *, int);
int __rst_failed_count(char *, char *);

/*
 * Error codes
 */
#define PWU_SUCCESS      0  /* update succeeded */
#define PWU_BUSY        -1  /* Password database busy */
#define PWU_STAT_FAILED     -2  /* stat of password file failed */
#define PWU_OPEN_FAILED     -3  /* password file open failed */
#define PWU_WRITE_FAILED    -4  /* can't write to password file */
#define PWU_CLOSE_FAILED    -5  /* close returned error */
#define PWU_NOT_FOUND       -6  /* user not found in database */
#define PWU_UPDATE_FAILED   -7  /* couldn't update password file */
#define PWU_NOMEM       -8  /* Not enough memory */
#define PWU_SERVER_ERROR    -9  /* NIS server errors */
#define PWU_SYSTEM_ERROR    -10 /* NIS local configuration problem */
#define PWU_DENIED      -11 /* NIS update denied */
#define PWU_NO_CHANGE       -12 /* Data hasn't changed */
#define PWU_REPOSITORY_ERROR    -13 /* Unknown repository specified */
#define PWU_AGING_DISABLED  -14 /* Modifying min/warn while max==-1 */

/* NISPLUS specific errors */

#define PWU_RECOVERY_ERR    -15 /* can't recover old auth token */
#define PWU_CRED_UPDATE_ERR -16 /* failed to update credentials */
#define PWU_ATTR_UPDATE_ERR -17 /* failed to update attributes */
#define PWU_CRED_ERROR      -18 /* failed to obtain user credentials */
#define PWU_PARTIAL_SUCCESS -19 /* passwd is updated, creds are not */
#define PWU_BAD_CREDPASS    -20 /* password doesn't decrypt creds */
#define PWU_NO_PRIV_CRED_UPDATE -21 /* priv. user can't update creds */
#define PWU_UPDATED_SOME_CREDS  -22 /* some, not all, creds were updated */

/* More errors, not NISPLUS specific */

#define PWU_PWD_TOO_SHORT   -23 /* new passwd too short */
#define PWU_PWD_INVALID     -24 /* new passwd has invalid syntax */
#define PWU_PWD_IN_HISTORY  -25 /* new passwd in history list */
#define PWU_CHANGE_NOT_ALLOWED  -26 /* change not allowed */
#define PWU_WITHIN_MIN_AGE  -27 /* change not allowed, within min age */

#ifdef __cplusplus
}
#endif

#endif  /* _PASSWDUTIL_H */