1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2024 OmniOS Community Edition (OmniOSce) Association.
25  */
26 
27 #ifndef	_PASSWDUTIL_H
28 #define	_PASSWDUTIL_H
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 #include <sys/types.h>
35 #include <shadow.h>
36 #include <crypt.h>		/* CRYPT_MAXCIPHERTEXTLEN max crypt length */
37 
38 /* DAY_NOW_32 is a 32-bit value, independent of the architecture */
39 #ifdef _LP64
40 #include <sys/types32.h>
41 #define	DAY_NOW_32	((time32_t)DAY_NOW)
42 #else
43 #define	DAY_NOW_32	((time_t)DAY_NOW)
44 #endif
45 
46 typedef enum {
47 	/* from plain passwd */
48 	ATTR_NAME	= 0x1,
49 	ATTR_PASSWD	= 0x2,
50 	ATTR_UID	= 0x4,
51 	ATTR_GID	= 0x8,
52 	ATTR_AGE	= 0x10,
53 	ATTR_COMMENT	= 0x20,
54 	ATTR_GECOS	= 0x40,
55 	ATTR_HOMEDIR	= 0x80,
56 	ATTR_SHELL	= 0x100,
57 	/* from shadow */
58 	ATTR_LSTCHG	= 0x200,
59 	ATTR_MIN	= 0x400,
60 	ATTR_MAX	= 0x800,
61 	ATTR_WARN	= 0x1000,
62 	ATTR_INACT	= 0x2000,
63 	ATTR_EXPIRE	= 0x4000,
64 	ATTR_FLAG	= 0x8000,
65 	/* special operations */
66 	ATTR_LOCK_ACCOUNT	= 0x10000,
67 	ATTR_EXPIRE_PASSWORD	= 0x20000,
68 	ATTR_NOLOGIN_ACCOUNT	= 0x40000,
69 	ATTR_UNLOCK_ACCOUNT	= 0x80000,
70 	/* Query operations */
71 	/* to obtain repository name that contained the info */
72 	ATTR_REP_NAME		= 0x100000,
73 	/* special attribute */
74 	/* to set password following server policy */
75 	ATTR_PASSWD_SERVER_POLICY	= 0x200000,
76 	/* get history entry from supporting repositories */
77 	ATTR_HISTORY	= 0x400000,
78 	/* Failed login bookkeeping */
79 	ATTR_FAILED_LOGINS	= 0x800000,	/* get # of failed logins */
80 	ATTR_INCR_FAILED_LOGINS = 0x1000000,	/* increment + lock if needed */
81 	ATTR_RST_FAILED_LOGINS	= 0x2000000	/* reset failed logins */
82 } attrtype;
83 
84 typedef struct attrlist_s {
85 	attrtype type;
86 	union {
87 		char *val_s;
88 		int val_i;
89 	} data;
90 	struct attrlist_s *next;
91 } attrlist;
92 
93 typedef struct {
94 	char   *type;
95 	void   *scope;
96 	size_t  scope_len;
97 } pwu_repository_t;
98 
99 #define	PWU_DEFAULT_REP (pwu_repository_t *)NULL
100 
101 #define	REP_NOREP	0		/* Can't find suitable repository */
102 #define	REP_FILES	0x0001		/* /etc/passwd, /etc/shadow */
103 #define	REP_NIS		0x0002
104 #define	REP_LDAP	0x0004
105 #define	REP_NSS		0x0008
106 #define	REP_LAST	REP_NSS
107 #define	REP_ERANGE	0x8000		/* Unknown repository specified */
108 
109 #define	REP_COMPAT_NIS		0x1000
110 #define	REP_COMPAT_LDAP		0x2000
111 
112 /* For the time being, these are also defined in pam_*.h */
113 #undef	IS_FILES
114 #undef	IS_NIS
115 #undef	IS_LDAP
116 
117 #define	IS_FILES(r)	(r.type != NULL && strcmp(r.type, "files") == 0)
118 #define	IS_NIS(r)	(r.type != NULL && strcmp(r.type, "nis") == 0)
119 #define	IS_LDAP(r)	(r.type != NULL && strcmp(r.type, "ldap") == 0)
120 
121 #define	MINWEEKS	-1
122 #define	MAXWEEKS	-1
123 #define	WARNWEEKS	-1
124 
125 typedef struct repops {
126 	int (*checkhistory)(const char *, const char *, pwu_repository_t *);
127 	int (*getattr)(const char *, attrlist *, pwu_repository_t *);
128 	int (*getpwnam)(const char *, attrlist *, pwu_repository_t *, void **);
129 	int (*update)(attrlist *, pwu_repository_t *, void *);
130 	int (*putpwnam)(const char *, const char *, pwu_repository_t *, void *);
131 	int (*user_to_authenticate)(const char *, pwu_repository_t *, char **,
132 	    int *);
133 	int (*lock)(void);
134 	int (*unlock)(void);
135 } repops_t;
136 
137 extern repops_t files_repops, nis_repops, ldap_repops, nss_repops;
138 
139 extern repops_t *rops[];
140 
141 /*
142  * utils.c
143  */
144 void turn_on_default_aging(struct spwd *);
145 int def_getint(char *name, int defvalue);
146 
147 /*
148  * debug.c
149  */
150 void debug_init(void);
151 void debug(char *, ...);
152 
153 /*
154  * switch_utils.c
155  */
156 #define	PWU_READ	0 /* Read access to the repository */
157 #define	PWU_WRITE	1 /* Write (update) access to the repository */
158 
159 int get_ns(pwu_repository_t *, int);
160 struct passwd *getpwnam_from(const char *, pwu_repository_t *, int);
161 struct passwd *getpwuid_from(uid_t, pwu_repository_t *, int);
162 struct spwd *getspnam_from(const char *, pwu_repository_t *, int);
163 int name_to_int(char *);
164 
165 /*
166  * __set_authtok_attr.c
167  */
168 int __set_authtoken_attr(const char *, const char *, pwu_repository_t *,
169     attrlist *, int *);
170 /*
171  * __get_authtokenn_attr.c
172  */
173 int __get_authtoken_attr(const char *, pwu_repository_t *, attrlist *);
174 
175 /*
176  * __user_to_authenticate.c
177  */
178 int __user_to_authenticate(const char *, pwu_repository_t *, char **, int *);
179 
180 /*
181  *	Password history definitions
182  */
183 #define	DEFHISTORY	0	/* default history depth */
184 #define	MAXHISTORY	26	/* max depth of history 1 yr every 2 weeks */
185 
186 /*
187  * __check_history.c
188  */
189 int __check_history(const char *, const char *, pwu_repository_t *);
190 
191 int __incr_failed_count(const char *, char *, int);
192 int __rst_failed_count(const char *, char *);
193 
194 /*
195  * Error / return codes
196  */
197 #define	PWU_SUCCESS		 0	/* update succeeded */
198 #define	PWU_BUSY		-1	/* Password database busy */
199 #define	PWU_STAT_FAILED		-2	/* stat of password file failed */
200 #define	PWU_OPEN_FAILED		-3	/* password file open failed */
201 #define	PWU_WRITE_FAILED	-4	/* can't write to password file */
202 #define	PWU_CLOSE_FAILED	-5	/* close returned error */
203 #define	PWU_NOT_FOUND		-6	/* user not found in database */
204 #define	PWU_UPDATE_FAILED	-7	/* couldn't update password file */
205 #define	PWU_NOMEM		-8	/* Not enough memory */
206 #define	PWU_SERVER_ERROR	-9	/* NIS server errors */
207 #define	PWU_SYSTEM_ERROR	-10	/* NIS local configuration problem */
208 #define	PWU_DENIED		-11	/* NIS update denied */
209 #define	PWU_NO_CHANGE		-12	/* Data hasn't changed */
210 #define	PWU_REPOSITORY_ERROR	-13	/* Unknown repository specified */
211 #define	PWU_AGING_DISABLED	-14	/* Modifying min/warn while max==-1 */
212 
213 /* More errors */
214 
215 #define	PWU_PWD_TOO_SHORT	-15	/* new passwd too short */
216 #define	PWU_PWD_INVALID		-16	/* new passwd has invalid syntax */
217 #define	PWU_PWD_IN_HISTORY	-17	/* new passwd in history list */
218 #define	PWU_CHANGE_NOT_ALLOWED	-18	/* change not allowed */
219 #define	PWU_WITHIN_MIN_AGE	-19	/* change not allowed, within min age */
220 #define	PWU_ACCOUNT_LOCKED	-20	/* account successfully locked */
221 
222 #ifdef __cplusplus
223 }
224 #endif
225 
226 #endif	/* _PASSWDUTIL_H */
227