1#ifndef LINUX 2/* This is only needed by modules in the Sun implementation. */ 3#if defined(HAVE_SECURITY_PAM_APPL_H) 4#include <security/pam_appl.h> 5#elif defined(HAVE_PAM_PAM_APPL_H) 6#include <pam/pam_appl.h> 7#endif 8#endif /* LINUX */ 9 10#if defined(HAVE_SECURITY_PAM_MODULES_H) 11#include <security/pam_modules.h> 12#elif defined(HAVE_PAM_PAM_MODULES_H) 13#include <pam/pam_modules.h> 14#endif 15 16#ifndef PAM_AUTHTOK_RECOVER_ERR 17#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR 18#endif 19 20#include <stdio.h> 21#include <stdlib.h> 22#include <syslog.h> 23#include <unistd.h> 24#include <sys/types.h> 25#include <sys/stat.h> 26#include <sys/wait.h> 27 28/* 29 * here is the string to inform the user that the new passwords they 30 * typed were not the same. 31 */ 32 33#define MISTYPED_PASS "Sorry, passwords do not match" 34 35/* type definition for the control options */ 36 37typedef struct { 38 const char *token; 39 unsigned int mask; /* shall assume 32 bits of flags */ 40 unsigned int flag; 41} SMB_Ctrls; 42 43#ifndef False 44#define False (0) 45#endif 46 47#ifndef True 48#define True (1) 49#endif 50 51/* macro to determine if a given flag is on */ 52#define on(x,ctrl) (smb_args[x].flag & ctrl) 53 54/* macro to determine that a given flag is NOT on */ 55#define off(x,ctrl) (!on(x,ctrl)) 56 57/* macro to turn on/off a ctrl flag manually */ 58#define set(x,ctrl) (ctrl = ((ctrl)&smb_args[x].mask)|smb_args[x].flag) 59#define unset(x,ctrl) (ctrl &= ~(smb_args[x].flag)) 60 61/* the generic mask */ 62#define _ALL_ON_ (~0U) 63 64/* end of macro definitions definitions for the control flags */ 65 66/* 67 * These are the options supported by the smb password module, very 68 * similar to the pwdb options 69 */ 70 71#define SMB__OLD_PASSWD 0 /* internal */ 72#define SMB__VERIFY_PASSWD 1 /* internal */ 73 74#define SMB_AUDIT 2 /* print more things than debug.. 75 some information may be sensitive */ 76#define SMB_USE_FIRST_PASS 3 77#define SMB_TRY_FIRST_PASS 4 78#define SMB_NOT_SET_PASS 5 /* don't set the AUTHTOK items */ 79 80#define SMB__NONULL 6 /* internal */ 81#define SMB__QUIET 7 /* internal */ 82#define SMB_USE_AUTHTOK 8 /* insist on reading PAM_AUTHTOK */ 83#define SMB__NULLOK 9 /* Null token ok */ 84#define SMB_DEBUG 10 /* send more info to syslog(3) */ 85#define SMB_NODELAY 11 /* admin does not want a fail-delay */ 86#define SMB_MIGRATE 12 /* Does no authentication, just 87 updates the smb database. */ 88#define SMB_CONF_FILE 13 /* Alternate location of smb.conf */ 89 90#define SMB_CTRLS_ 14 /* number of ctrl arguments defined */ 91 92static const SMB_Ctrls smb_args[SMB_CTRLS_] = { 93/* symbol token name ctrl mask ctrl * 94 * ------------------ ------------------ -------------- ---------- */ 95 96/* SMB__OLD_PASSWD */ { NULL, _ALL_ON_, 01 }, 97/* SMB__VERIFY_PASSWD */ { NULL, _ALL_ON_, 02 }, 98/* SMB_AUDIT */ { "audit", _ALL_ON_, 04 }, 99/* SMB_USE_FIRST_PASS */ { "use_first_pass", _ALL_ON_^(030), 010 }, 100/* SMB_TRY_FIRST_PASS */ { "try_first_pass", _ALL_ON_^(030), 020 }, 101/* SMB_NOT_SET_PASS */ { "not_set_pass", _ALL_ON_, 040 }, 102/* SMB__NONULL */ { "nonull", _ALL_ON_, 0100 }, 103/* SMB__QUIET */ { NULL, _ALL_ON_, 0200 }, 104/* SMB_USE_AUTHTOK */ { "use_authtok", _ALL_ON_, 0400 }, 105/* SMB__NULLOK */ { "nullok", _ALL_ON_^(0100), 0 }, 106/* SMB_DEBUG */ { "debug", _ALL_ON_, 01000 }, 107/* SMB_NODELAY */ { "nodelay", _ALL_ON_, 02000 }, 108/* SMB_MIGRATE */ { "migrate", _ALL_ON_^(0100), 04000 }, 109/* SMB_CONF_FILE */ { "smbconf=", _ALL_ON_, 0 }, 110}; 111 112#define SMB_DEFAULTS (smb_args[SMB__NONULL].flag) 113 114/* 115 * the following is used to keep track of the number of times a user fails 116 * to authenticate themself. 117 */ 118 119#define FAIL_PREFIX "-SMB-FAIL-" 120#define SMB_MAX_RETRIES 3 121 122struct _pam_failed_auth { 123 char *user; /* user that's failed to be authenticated */ 124 uid_t id; /* uid of requested user */ 125 char *agent; /* attempt from user with name */ 126 int count; /* number of failures so far */ 127}; 128 129/* 130 * General use functions go here 131 */ 132 133/* from support.c */ 134int make_remark(pam_handle_t *, unsigned int, int, const char *); 135