#ifndef __AUTHFILE_H__
#define __AUTHFILE_H__
#include <time.h>
#include <CoreFoundation/CoreFoundation.h>
#ifdef __cplusplus
extern "C" {
#endif
#include "sasl.h"
#define kPWFileSignature 'pwfi'
#define kPWFileVersion 1
#define kPWFileInitialSlots 512
#define kPWFileMaxWeakMethods 25
#define kPWFileMaxDigests 10
#define kPWFileMaxPublicKeyBytes 1024
#define kPWFileMaxPrivateKeyBytes 2048
#define kPWFileMaxHistoryCount 15
#define kPWFileMaxReplicaName 32
#define kSMBNTStorageTag "*cmusaslsecretSMBNT"
#define kPasswordServerErrPrefixStr "-ERR "
#define kPasswordServerAuthErrPrefixStr "-AUTHERR "
#define kPasswordServerSASLErrPrefixStr "SASL "
#define kPWDirPath "/var/db/authserver"
#define kPWFilePath "/var/db/authserver/authservermain"
#define kFreeListFilePath "/var/db/authserver/authserverfree"
#define kPWHistoryFileName "histories"
#define kPWWeakFileStart "/weakpasswords."
#define kTempKeyFile "/tmp/passwordserverKey"
#define kPWReplicaLocalFile "/var/db/authserver/authserverreplicas.local"
#define kPWReplicaPreConfiguredFile "/var/db/authserver/authserverreplicas.manual"
#define kPWPolicyStr_isDisabled "isDisabled"
#define kPWPolicyStr_isAdminUser "isAdminUser"
#define kPWPolicyStr_newPasswordRequired "newPasswordRequired"
#define kPWPolicyStr_usingHistory "usingHistory"
#define kPWPolicyStr_canModifyPasswordforSelf "canModifyPasswordforSelf"
#define kPWPolicyStr_usingExpirationDate "usingExpirationDate"
#define kPWPolicyStr_usingHardExpirationDate "usingHardExpirationDate"
#define kPWPolicyStr_requiresAlpha "requiresAlpha"
#define kPWPolicyStr_requiresNumeric "requiresNumeric"
#define kPWPolicyStr_expirationDateGMT "expirationDateGMT"
#define kPWPolicyStr_hardExpireDateGMT "hardExpireDateGMT"
#define kPWPolicyStr_maxMinutesUntilChangePW "maxMinutesUntilChangePassword"
#define kPWPolicyStr_maxMinutesUntilDisabled "maxMinutesUntilDisabled"
#define kPWPolicyStr_maxMinutesOfNonUse "maxMinutesOfNonUse"
#define kPWPolicyStr_maxFailedLoginAttempts "maxFailedLoginAttempts"
#define kPWPolicyStr_minChars "minChars"
#define kPWPolicyStr_maxChars "maxChars"
#define kPWPolicyStr_passwordCannotBeName "passwordCannotBeName"
#define kPWPolicyStr_isSessionKeyAgent "isSessionKeyAgent"
#define kPWPolicyStr_requiresMixedCase "requiresMixedCase"
#define kPWPolicyStr_notGuessablePattern "notGuessablePattern"
#define kPWPolicyStr_warnOfExpirationMinutes "warnOfExpirationMinutes"
#define kPWPolicyStr_warnOfDisableMinutes "warnOfDisableMinutes"
#define kPWPolicyStr_resetToGlobalDefaults "resetToGlobalDefaults"
#define kPWPolicyStr_logOffTime "logOffTime"
#define kPWPolicyStr_kickOffTime "kickOffTime"
#define kPWPolicyStr_lastLoginTime "lastLoginTime"
#define kPWPolicyStr_passwordLastSetTime "passwordLastSetTime"
#define kPWPolicyStr_minutesUntilFailedLoginReset "minutesUntilFailedLoginReset"
#define kPWPolicyStr_newPasswordRequiredForAll "newPasswordRequiredForAll"
#define kPWPolicyStr_projectedPasswordExpireDate "projectedPasswordExpireDate"
#define kPWPolicyStr_projectedAccountDisableDate "projectedAccountDisableDate"
enum
{
kPWHashSlotSMB_NT = 0,
kPWHashSlotSMB_LAN_MANAGER = 1,
kPWHashSlotDIGEST_MD5 = 2,
kPWHashSlotCRAM_MD5 = 3,
kPWHashSlotKERBEROS = 4,
kPWHashSlotKERBEROS_NAME = 5
};
typedef enum PWDisableReasonCode {
kPWDisabledNotSet,
kPWDisabledByAdmin,
kPWDisabledExpired,
kPWDisabledInactive,
kPWDisabledTooManyFailedLogins
} PWDisableReasonCode;
typedef struct BSDTimeStructCopy {
int tm_sec;
int tm_min;
int tm_hour;
int tm_mday;
int tm_mon;
int tm_year;
int tm_wday;
int tm_yday;
int tm_isdst;
long tm_gmtoff;
char *tm_zone;
} BSDTimeStructCopy;
typedef struct AuthMethName {
char method[SASL_MECHNAMEMAX + 1];
} AuthMethName;
typedef struct PasswordDigest {
char method[SASL_MECHNAMEMAX + 1];
char digest[256];
} PasswordDigest;
#if TARGET_RT_BIG_ENDIAN
#define GlobalHistoryCount(A) (A).historyCount
#define SetGlobalHistoryCount(A, B) (A).historyCount = (B)
#else
#define GlobalHistoryCount(A) ((A).hcPart1 | ((A).hcPart2 << 3))
#define SetGlobalHistoryCount(A, B) {(A).hcPart1 = ((B) & 0x07); (A).hcPart2 = (((B) & 0x08) != 0);}
#endif
typedef struct PWGlobalAccessFeatures {
#if TARGET_RT_BIG_ENDIAN
unsigned int usingHistory:1; unsigned int usingExpirationDate:1; unsigned int usingHardExpirationDate:1; unsigned int requiresAlpha:1; unsigned int requiresNumeric:1;
unsigned int passwordIsHash:1;
unsigned int passwordCannotBeName:1;
unsigned int historyCount:4;
unsigned int requiresMixedCase:1; unsigned int newPasswordRequired:1; unsigned int noModifyPasswordforSelf:1;
unsigned int requiresSymbol:1;
unsigned int unused:1;
#else
unsigned int hcPart1:3;
unsigned int requiresMixedCase:1; unsigned int newPasswordRequired:1; unsigned int noModifyPasswordforSelf:1; unsigned int requiresSymbol:1;
unsigned int unused:1;
unsigned int usingHistory:1; unsigned int usingExpirationDate:1; unsigned int usingHardExpirationDate:1; unsigned int requiresAlpha:1; unsigned int requiresNumeric:1; unsigned int passwordIsHash:1;
unsigned int passwordCannotBeName:1;
unsigned int hcPart2:1;
#endif
BSDTimeStructCopy expirationDateGMT; BSDTimeStructCopy hardExpireDateGMT;
UInt32 maxMinutesUntilChangePassword; UInt32 maxMinutesUntilDisabled; UInt32 maxMinutesOfNonUse; UInt16 maxFailedLoginAttempts;
UInt16 minChars; UInt16 maxChars;
} PWGlobalAccessFeatures;
typedef struct PWGlobalMoreAccessFeatures {
UInt32 minutesUntilFailedLoginReset; UInt32 notGuessablePattern; } PWGlobalMoreAccessFeatures;
typedef struct PWAccessFeatures {
#if TARGET_RT_BIG_ENDIAN
int isDisabled:1; int isAdminUser:1; int newPasswordRequired:1; int usingHistory:1; int canModifyPasswordforSelf:1; int usingExpirationDate:1; int usingHardExpirationDate:1; int requiresAlpha:1; int requiresNumeric:1;
int passwordIsHash:1;
int passwordCannotBeName:1;
unsigned int historyCount:4;
int isSessionKeyAgent:1; #else
int requiresNumeric:1; int passwordIsHash:1;
int passwordCannotBeName:1;
unsigned int historyCount:4;
int isSessionKeyAgent:1; int isDisabled:1; int isAdminUser:1; int newPasswordRequired:1; int usingHistory:1; int canModifyPasswordforSelf:1; int usingExpirationDate:1; int usingHardExpirationDate:1; int requiresAlpha:1; #endif
BSDTimeStructCopy expirationDateGMT; BSDTimeStructCopy hardExpireDateGMT;
UInt32 maxMinutesUntilChangePassword; UInt32 maxMinutesUntilDisabled; UInt32 maxMinutesOfNonUse; UInt16 maxFailedLoginAttempts;
UInt16 minChars; UInt16 maxChars;
} PWAccessFeatures;
typedef struct PWMoreAccessFeatures {
UInt32 minutesUntilFailedLoginReset; UInt32 notGuessablePattern; char userkey[64]; UInt32 logOffTime; UInt32 kickOffTime;
#if TARGET_RT_BIG_ENDIAN
unsigned int recordIsDead:1; unsigned int doNotReplicate:1; unsigned int doNotMerge:1; unsigned int requiresMixedCase:1; int unused511:12; #else
int unused511:8; unsigned int recordIsDead:1; unsigned int doNotReplicate:1; unsigned int doNotMerge:1; unsigned int requiresMixedCase:1; unsigned int unused510:4;
#endif
} PWMoreAccessFeatures;
typedef struct PWFileHeader {
UInt32 signature; UInt32 version; UInt32 entrySize; UInt32 sequenceNumber; UInt32 numberOfSlotsCurrentlyInFile; UInt32 deepestSlotUsed;
PWGlobalAccessFeatures access; AuthMethName weakAuthMethods[kPWFileMaxWeakMethods];
unsigned long publicKeyLen;
unsigned char publicKey[kPWFileMaxPublicKeyBytes];
unsigned long privateKeyLen;
unsigned char privateKey[kPWFileMaxPrivateKeyBytes];
char replicationName[kPWFileMaxReplicaName]; UInt32 deepestSlotUsedByThisServer; UInt32 accessModDate; PWGlobalMoreAccessFeatures extraAccess; UInt32 fExtraData[244]; } PWFileHeader;
typedef struct PWFileEntry {
UInt32 time; UInt32 rnd; UInt32 sequenceNumber; UInt32 slot;
BSDTimeStructCopy creationDate; BSDTimeStructCopy modificationDate; BSDTimeStructCopy modDateOfPassword; BSDTimeStructCopy lastLogin; UInt16 failedLoginAttempts;
PWAccessFeatures access;
char passwordStr[512];
PasswordDigest digest[kPWFileMaxDigests];
char usernameStr[256]; char userdata[426]; PWDisableReasonCode disableReason; PWMoreAccessFeatures extraAccess; } PWFileEntry;
int TimeIsStale( BSDTimeStructCopy *inTime );
int LoginTimeIsStale( BSDTimeStructCopy *inLastLogin, unsigned long inMaxMinutesOfNonUse );
void PWGlobalAccessFeaturesToString( PWGlobalAccessFeatures *inAccessFeatures, char *outString );
void PWGlobalAccessFeaturesToStringExtra( PWGlobalAccessFeatures *inAccessFeatures, PWGlobalMoreAccessFeatures *inExtraFeatures, int inMaxLen, char *outString );
void PWAccessFeaturesToString( PWAccessFeatures *inAccessFeatures, char *outString );
void PWAccessFeaturesToStringExtra( PWAccessFeatures *inAccessFeatures, PWMoreAccessFeatures *inExtraFeatures, int inMaxLen, char *outString );
void PWActualAccessFeaturesToString( PWGlobalAccessFeatures *inGAccessFeatures, PWAccessFeatures *inAccessFeatures, char *outString );
void PWActualAccessFeaturesToStringExtra( PWGlobalAccessFeatures *inGAccessFeatures, PWAccessFeatures *inAccessFeatures, PWMoreAccessFeatures *inExtraFeatures, int inMaxLen, char *outString );
void PWAccessFeaturesToStringWithoutStateInfo( PWAccessFeatures *inAccessFeatures, char *outString );
void PWAccessFeaturesToStringWithoutStateInfoExtra( PWAccessFeatures *inAccessFeatures, PWMoreAccessFeatures *inExtraFeatures, int inMaxLen, char *outString );
Boolean StringToPWGlobalAccessFeatures( const char *inString, PWGlobalAccessFeatures *inOutAccessFeatures );
Boolean StringToPWGlobalAccessFeaturesExtra( const char *inString, PWGlobalAccessFeatures *inOutAccessFeatures, PWGlobalMoreAccessFeatures *inOutExtraFeatures );
Boolean StringToPWAccessFeatures( const char *inString, PWAccessFeatures *inOutAccessFeatures );
Boolean StringToPWAccessFeaturesExtra( const char *inString, PWAccessFeatures *inOutAccessFeatures, PWMoreAccessFeatures *inOutExtraFeatures );
Boolean StringToPWAccessFeatures_GetValue( const char *inString, unsigned long *outValue );
void CrashIfBuiltWrong(void);
void pwsf_PreserveUnrepresentedPolicies( const char *inOriginalStr, int inMaxLen, char *inOutString );
int pwsf_GetPublicKey( char *outPublicKey );
int pwsf_GetPublicKeyFromFile( const char *inFile, char *outPublicKey );
void pwsf_CreateReplicaFile( const char *inIPStr, const char *inDNSStr, const char *inPublicKey );
void pwsf_ResetReplicaFile( const char *inPublicKey );
char* pwsf_GetPrincName( PWFileEntry *userRec );
int pwsf_ShadowHashDataToArray( const char *inAAData, CFMutableArrayRef *outHashTypeArray );
char * pwsf_ShadowHashArrayToData( CFArrayRef inHashTypeArray, long *outResultLen );
void pwsf_AppendUTF8StringToArray( const char *inUTF8Str, CFMutableArrayRef inArray );
void pwsf_EndianAdjustTimeStruct( BSDTimeStructCopy *inOutTimeStruct, int native );
void pwsf_EndianAdjustPWFileHeader( PWFileHeader *inOutHeader, int native );
int pwsf_TestDisabledStatus( PWAccessFeatures *inAccess, PWGlobalAccessFeatures *inGAccess, struct tm *inCreationDate, struct tm *inLastLoginTime, UInt16 *inOutFailedLoginAttempts );
int pwsf_TestDisabledStatusWithReasonCode( PWAccessFeatures *inAccess, PWGlobalAccessFeatures *inGAccess, struct tm *inCreationDate, struct tm *inLastLoginTime, UInt16 *inOutFailedLoginAttempts, PWDisableReasonCode *outReasonCode );
int pwsf_ChangePasswordStatus( PWAccessFeatures *inAccess, PWGlobalAccessFeatures *inGAccess, struct tm *inModDateOfPassword );
int pwsf_RequiredCharacterStatus(PWAccessFeatures *access, PWGlobalAccessFeatures *inGAccess, const char *inUsername, const char *inPassword);
int pwsf_RequiredCharacterStatusExtra(PWAccessFeatures *access, PWGlobalAccessFeatures *inGAccess, const char *inUsername, const char *inPassword, PWMoreAccessFeatures *inExtraFeatures );
void pwsf_getHashCramMD5(const unsigned char *inPassword, long inPasswordLen, unsigned char *outHash, unsigned long *outHashLen );
CFDictionaryRef pwsf_GetStatusForReplicas( void );
#ifdef __cplusplus
};
#endif
#endif