#ifndef __AUTHFILE_H__
#define __AUTHFILE_H__
#include <time.h>
#include <Carbon/Carbon.h>
#ifdef __cplusplus
extern "C" {
#endif
#include "sasl.h"
#define kPWFileSignature 'pwfi'
#define kPWFileVersion 1
#define kPWFileInitialSlots 512
#define kPWFileMaxWeakMethods 25
#define kPWFileMaxDigests 10
#define kPWFileMaxPublicKeyBytes 1024
#define kPWFileMaxPrivateKeyBytes 2048
#define kPWFileMaxHistoryCount 15
#define kPWFileMaxReplicaName 32
#define kSMBNTStorageTag "*cmusaslsecretSMBNT"
#define kPasswordServerErrPrefixStr "-ERR "
#define kPasswordServerAuthErrPrefixStr "-AUTHERR "
#define kPasswordServerSASLErrPrefixStr "SASL "
#define kPWDirPath "/var/db/authserver"
#define kPWFilePath "/var/db/authserver/authservermain"
#define kFreeListFilePath "/var/db/authserver/authserverfree"
#define kPWHistoryFileName "histories"
#define kPWWeakFileStart "/weakpasswords."
#define kTempKeyFile "/tmp/passwordserverKey"
#define kPWReplicaLocalFile "/var/db/authserver/authserverreplicas.local"
#define kPWReplicaPreConfiguredFile "/var/db/authserver/authserverreplicas.manual"
#define kPWPolicyStr_isDisabled "isDisabled"
#define kPWPolicyStr_isAdminUser "isAdminUser"
#define kPWPolicyStr_newPasswordRequired "newPasswordRequired"
#define kPWPolicyStr_usingHistory "usingHistory"
#define kPWPolicyStr_canModifyPasswordforSelf "canModifyPasswordforSelf"
#define kPWPolicyStr_usingExpirationDate "usingExpirationDate"
#define kPWPolicyStr_usingHardExpirationDate "usingHardExpirationDate"
#define kPWPolicyStr_requiresAlpha "requiresAlpha"
#define kPWPolicyStr_requiresNumeric "requiresNumeric"
#define kPWPolicyStr_expirationDateGMT "expirationDateGMT"
#define kPWPolicyStr_hardExpireDateGMT "hardExpireDateGMT"
#define kPWPolicyStr_maxMinutesUntilChangePW "maxMinutesUntilChangePassword"
#define kPWPolicyStr_maxMinutesUntilDisabled "maxMinutesUntilDisabled"
#define kPWPolicyStr_maxMinutesOfNonUse "maxMinutesOfNonUse"
#define kPWPolicyStr_maxFailedLoginAttempts "maxFailedLoginAttempts"
#define kPWPolicyStr_minChars "minChars"
#define kPWPolicyStr_maxChars "maxChars"
#define kPWPolicyStr_passwordCannotBeName "passwordCannotBeName"
#define kPWPolicyStr_isSessionKeyAgent "isSessionKeyAgent"
#define kPWPolicyStr_resetToGlobalDefaults "resetToGlobalDefaults"
#define kPWPolicyStr_logOffTime "logOffTime"
#define kPWPolicyStr_kickOffTime "kickOffTime"
#define kPWPolicyStr_lastLoginTime "lastLoginTime"
#define kPWPolicyStr_passwordLastSetTime "passwordLastSetTime"
typedef struct BSDTimeStructCopy {
int tm_sec;
int tm_min;
int tm_hour;
int tm_mday;
int tm_mon;
int tm_year;
int tm_wday;
int tm_yday;
int tm_isdst;
long tm_gmtoff;
char *tm_zone;
} BSDTimeStructCopy;
typedef struct AuthMethName {
char method[SASL_MECHNAMEMAX + 1];
} AuthMethName;
typedef struct PasswordDigest {
char method[SASL_MECHNAMEMAX + 1];
char digest[256];
} PasswordDigest;
typedef struct PWGlobalAccessFeatures {
unsigned int usingHistory:1; unsigned int usingExpirationDate:1; unsigned int usingHardExpirationDate:1; unsigned int requiresAlpha:1; unsigned int requiresNumeric:1;
unsigned int passwordIsHash:1;
unsigned int passwordCannotBeName:1;
unsigned int historyCount:4;
int unused:5;
BSDTimeStructCopy expirationDateGMT; BSDTimeStructCopy hardExpireDateGMT;
UInt32 maxMinutesUntilChangePassword; UInt32 maxMinutesUntilDisabled; UInt32 maxMinutesOfNonUse; UInt16 maxFailedLoginAttempts;
UInt16 minChars; UInt16 maxChars;
} PWGlobalAccessFeatures;
typedef struct PWAccessFeatures {
int isDisabled:1; int isAdminUser:1; int newPasswordRequired:1; int usingHistory:1; int canModifyPasswordforSelf:1; int usingExpirationDate:1; int usingHardExpirationDate:1; int requiresAlpha:1; int requiresNumeric:1;
int passwordIsHash:1;
int passwordCannotBeName:1;
unsigned int historyCount:4;
int isSessionKeyAgent:1;
BSDTimeStructCopy expirationDateGMT; BSDTimeStructCopy hardExpireDateGMT;
UInt32 maxMinutesUntilChangePassword; UInt32 maxMinutesUntilDisabled; UInt32 maxMinutesOfNonUse; UInt16 maxFailedLoginAttempts;
UInt16 minChars; UInt16 maxChars;
} PWAccessFeatures;
typedef struct PWFileHeader {
UInt32 signature; UInt32 version; UInt32 entrySize; UInt32 sequenceNumber; UInt32 numberOfSlotsCurrentlyInFile; UInt32 deepestSlotUsed;
PWGlobalAccessFeatures access; AuthMethName weakAuthMethods[kPWFileMaxWeakMethods];
unsigned long publicKeyLen;
unsigned char publicKey[kPWFileMaxPublicKeyBytes];
unsigned long privateKeyLen;
unsigned char privateKey[kPWFileMaxPrivateKeyBytes];
char replicationName[kPWFileMaxReplicaName]; UInt32 deepestSlotUsedByThisServer; UInt32 accessModDate; UInt32 fExtraData[246]; } PWFileHeader;
typedef struct PWFileEntry {
UInt32 time; UInt32 rnd; UInt32 sequenceNumber; UInt32 slot;
BSDTimeStructCopy creationDate; BSDTimeStructCopy modificationDate; BSDTimeStructCopy modDateOfPassword; BSDTimeStructCopy lastLogin; UInt16 failedLoginAttempts;
PWAccessFeatures access;
char passwordStr[512];
PasswordDigest digest[kPWFileMaxDigests];
char usernameStr[256]; char userdata[438]; char userkey[64]; UInt32 logOffTime; UInt32 kickOffTime; int recordIsDead:1; int doNotReplicate:1; int unused511:14; } PWFileEntry;
int TimeIsStale( BSDTimeStructCopy *inTime );
int LoginTimeIsStale( BSDTimeStructCopy *inLastLogin, unsigned long inMaxMinutesOfNonUse );
void PWGlobalAccessFeaturesToString( PWGlobalAccessFeatures *inAccessFeatures, char *outString );
void PWAccessFeaturesToString( PWAccessFeatures *inAccessFeatures, char *outString );
void PWActualAccessFeaturesToString( PWGlobalAccessFeatures *inGAccessFeatures, PWAccessFeatures *inAccessFeatures, char *outString );
void PWAccessFeaturesToStringWithoutStateInfo( PWAccessFeatures *inAccessFeatures, char *outString );
Boolean StringToPWGlobalAccessFeatures( const char *inString, PWGlobalAccessFeatures *inOutAccessFeatures );
Boolean StringToPWAccessFeatures( const char *inString, PWAccessFeatures *inOutAccessFeatures );
Boolean StringToPWAccessFeatures_GetValue( const char *inString, unsigned long *outValue );
void CrashIfBuiltWrong(void);
int pwsf_TestDisabledStatus( PWAccessFeatures *inAccess, PWGlobalAccessFeatures *inGAccess, struct tm *inCreationDate, struct tm *inLastLoginTime, UInt16 *inOutFailedLoginAttempts );
int pwsf_ChangePasswordStatus( PWAccessFeatures *inAccess, PWGlobalAccessFeatures *inGAccess, struct tm *inModDateOfPassword );
int pwsf_RequiredCharacterStatus(PWAccessFeatures *access, PWGlobalAccessFeatures *inGAccess, const char *inUsername, const char *inPassword);
#ifdef __cplusplus
};
#endif
#endif