5 #ifndef _PAM_UNIX_SUPPORT_H
6 #define _PAM_UNIX_SUPPORT_H
10 * here is the string to inform the user that the new passwords they
11 * typed were not the same.
14 #define MISTYPED_PASS "Sorry, passwords do not match"
16 /* type definition for the control options */
20 unsigned int mask; /* shall assume 32 bits of flags */
25 * macro to determine if a given flag is on
28 #define on(x,ctrl) (unix_args[x].flag & ctrl)
31 * macro to determine that a given flag is NOT on
34 #define off(x,ctrl) (!on(x,ctrl))
37 * macro to turn on/off a ctrl flag manually
40 #define set(x,ctrl) (ctrl = ((ctrl)&unix_args[x].mask)|unix_args[x].flag)
41 #define unset(x,ctrl) (ctrl &= ~(unix_args[x].flag))
43 /* the generic mask */
45 #define _ALL_ON_ (~0U)
47 /* end of macro definitions definitions for the control flags */
49 /* ****************************************************************** *
54 * here are the various options recognized by the unix module. They
55 * are enumerated here and then defined below. Internal arguments are
59 #define UNIX__OLD_PASSWD 0 /* internal */
60 #define UNIX__VERIFY_PASSWD 1 /* internal */
61 #define UNIX__IAMROOT 2 /* internal */
63 #define UNIX_AUDIT 3 /* print more things than debug..
64 some information may be sensitive */
65 #define UNIX_USE_FIRST_PASS 4
66 #define UNIX_TRY_FIRST_PASS 5
67 #define UNIX_NOT_SET_PASS 6 /* don't set the AUTHTOK items */
69 #define UNIX__PRELIM 7 /* internal */
70 #define UNIX__UPDATE 8 /* internal */
71 #define UNIX__NONULL 9 /* internal */
72 #define UNIX__QUIET 10 /* internal */
73 #define UNIX_USE_AUTHTOK 11 /* insist on reading PAM_AUTHTOK */
74 #define UNIX_SHADOW 12 /* signal shadow on */
75 #define UNIX_MD5_PASS 13 /* force the use of MD5 passwords */
76 #define UNIX__NULLOK 14 /* Null token ok */
77 #define UNIX_DEBUG 15 /* send more info to syslog(3) */
78 #define UNIX_NODELAY 16 /* admin does not want a fail-delay */
79 #define UNIX_NIS 17 /* wish to use NIS for pwd */
80 #define UNIX_BIGCRYPT 18 /* use DEC-C2 crypt()^x function */
81 #define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */
82 #define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */
83 #define UNIX_NOREAP 21 /* don't reap child process */
84 #define UNIX_BROKEN_SHADOW 22 /* ignore errors reading password aging
85 * information during acct management */
87 #define UNIX_CTRLS_ 23 /* number of ctrl arguments defined */
90 static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
92 /* symbol token name ctrl mask ctrl *
93 * ----------------------- ------------------- --------------------- -------- */
95 /* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01},
96 /* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02},
97 /* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04},
98 /* UNIX_AUDIT */ {"audit", _ALL_ON_, 010},
99 /* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020},
100 /* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040},
101 /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100},
102 /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200},
103 /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400},
104 /* UNIX__NONULL */ {NULL, _ALL_ON_, 01000},
105 /* UNIX__QUIET */ {NULL, _ALL_ON_, 02000},
106 /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000},
107 /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000},
108 /* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0400000), 020000},
109 /* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0},
110 /* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000},
111 /* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000},
112 /* UNIX_NIS */ {"nis", _ALL_ON_^(010000), 0200000},
113 /* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(020000), 0400000},
114 /* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000},
115 /* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000},
116 /* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000},
117 /* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000},
120 #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
123 /* use this to free strings. ESPECIALLY password strings */
125 #define _pam_delete(xx) \
127 _pam_overwrite(xx); \
131 extern void _log_err(int err, pam_handle_t *pamh, const char *format,...);
132 extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl
133 ,int type, const char *text);
134 extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int argc,
136 extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl,
138 extern int _unix_verify_password(pam_handle_t * pamh, const char *name
139 ,const char *p, unsigned int ctrl);
140 extern int _unix_read_password(pam_handle_t * pamh
145 ,const char *data_name
148 #endif /* _PAM_UNIX_SUPPORT_H */