25
27
#define PAM_SM_ACCOUNT
26
28
#define PAM_SM_PASSWORD
28
#if defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD)
30
#ifndef PAM_WINBIND_CONFIG_FILE
31
#define PAM_WINBIND_CONFIG_FILE "/etc/security/pam_winbind.conf"
34
#include <iniparser.h>
36
#if defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD) || defined(AIX)
30
38
/* Solaris always uses dynamic pam modules */
31
39
#define PAM_EXTERN extern
83
91
#define WINBIND_USE_FIRST_PASS_ARG (1<<4)
84
92
#define WINBIND__OLD_PASSWORD (1<<5)
85
93
#define WINBIND_REQUIRED_MEMBERSHIP (1<<6)
87
#define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
94
#define WINBIND_KRB5_AUTH (1<<7)
95
#define WINBIND_KRB5_CCACHE_TYPE (1<<8)
96
#define WINBIND_CACHED_LOGIN (1<<9)
97
#define WINBIND_CONFIG_FILE (1<<10)
90
100
* here is the string to inform the user that the new passwords they
96
106
#define on(x, y) (x & y)
97
107
#define off(x, y) (!(x & y))
109
#define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
110
#define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
111
#define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT"
112
#define PAM_WINBIND_PROFILEPATH "PAM_WINBIND_PROFILEPATH"
113
#define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET"
115
#define SECONDS_PER_DAY 86400
117
#define DAYS_TO_WARN_BEFORE_PWD_EXPIRES 5
99
119
#include "winbind_client.h"
121
#define PAM_WB_REMARK_DIRECT(h,x)\
123
const char *error_string = NULL; \
124
error_string = _get_ntstatus_error_string(x);\
125
if (error_string != NULL) {\
126
_make_remark(h, PAM_ERROR_MSG, error_string);\
128
_make_remark(h, PAM_ERROR_MSG, x);\
132
#define PAM_WB_REMARK_DIRECT_RET(h,x)\
134
const char *error_string = NULL; \
135
error_string = _get_ntstatus_error_string(x);\
136
if (error_string != NULL) {\
137
_make_remark(h, PAM_ERROR_MSG, error_string);\
140
_make_remark(h, PAM_ERROR_MSG, x);\
144
#define PAM_WB_REMARK_CHECK_RESPONSE_RET(h,x,y)\
146
const char *ntstatus = x.data.auth.nt_status_string; \
147
const char *error_string = NULL; \
148
if (!strcasecmp(ntstatus,y)) {\
149
error_string = _get_ntstatus_error_string(y);\
150
if (error_string != NULL) {\
151
_make_remark(h, PAM_ERROR_MSG, error_string);\
154
if (x.data.auth.error_string[0] != '\0') {\
155
_make_remark(h, PAM_ERROR_MSG, x.data.auth.error_string);\
158
_make_remark(h, PAM_ERROR_MSG, y);\
163
/* from include/rpc_samr.h */
164
#define DOMAIN_PASSWORD_COMPLEX 0x00000001
166
#define REJECT_REASON_OTHER 0x00000000
167
#define REJECT_REASON_TOO_SHORT 0x00000001
168
#define REJECT_REASON_IN_HISTORY 0x00000002
169
#define REJECT_REASON_NOT_COMPLEX 0x00000005
171
/* from include/smb.h */
172
#define ACB_PWNOEXP 0x00000200
174
/* from include/rpc_netlogon.h */
175
#define LOGON_CACHED_ACCOUNT 0x00000004