2 * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
3 * Copyright (c) 2004-2017 Dag-Erling Smørgrav
6 * This software was developed for the FreeBSD Project by ThinkSec AS and
7 * Network Associates Laboratories, the Security Research Division of
8 * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
9 * ("CBOSS"), as part of the DARPA CHATS research program.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of the author may not be used to endorse or promote
20 * products derived from this software without specific prior written
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * $OpenPAM: openpam_constants.c 938 2017-04-30 21:34:42Z des $
42 #include <security/pam_appl.h>
44 #include "openpam_impl.h"
46 const char *pam_err_name[PAM_NUM_ERRORS] = {
47 [PAM_SUCCESS] = "PAM_SUCCESS",
48 [PAM_OPEN_ERR] = "PAM_OPEN_ERR",
49 [PAM_SYMBOL_ERR] = "PAM_SYMBOL_ERR",
50 [PAM_SERVICE_ERR] = "PAM_SERVICE_ERR",
51 [PAM_SYSTEM_ERR] = "PAM_SYSTEM_ERR",
52 [PAM_BUF_ERR] = "PAM_BUF_ERR",
53 [PAM_CONV_ERR] = "PAM_CONV_ERR",
54 [PAM_PERM_DENIED] = "PAM_PERM_DENIED",
55 [PAM_MAXTRIES] = "PAM_MAXTRIES",
56 [PAM_AUTH_ERR] = "PAM_AUTH_ERR",
57 [PAM_NEW_AUTHTOK_REQD] = "PAM_NEW_AUTHTOK_REQD",
58 [PAM_CRED_INSUFFICIENT] = "PAM_CRED_INSUFFICIENT",
59 [PAM_AUTHINFO_UNAVAIL] = "PAM_AUTHINFO_UNAVAIL",
60 [PAM_USER_UNKNOWN] = "PAM_USER_UNKNOWN",
61 [PAM_CRED_UNAVAIL] = "PAM_CRED_UNAVAIL",
62 [PAM_CRED_EXPIRED] = "PAM_CRED_EXPIRED",
63 [PAM_CRED_ERR] = "PAM_CRED_ERR",
64 [PAM_ACCT_EXPIRED] = "PAM_ACCT_EXPIRED",
65 [PAM_AUTHTOK_EXPIRED] = "PAM_AUTHTOK_EXPIRED",
66 [PAM_SESSION_ERR] = "PAM_SESSION_ERR",
67 [PAM_AUTHTOK_ERR] = "PAM_AUTHTOK_ERR",
68 [PAM_AUTHTOK_RECOVERY_ERR] = "PAM_AUTHTOK_RECOVERY_ERR",
69 [PAM_AUTHTOK_LOCK_BUSY] = "PAM_AUTHTOK_LOCK_BUSY",
70 [PAM_AUTHTOK_DISABLE_AGING] = "PAM_AUTHTOK_DISABLE_AGING",
71 [PAM_NO_MODULE_DATA] = "PAM_NO_MODULE_DATA",
72 [PAM_IGNORE] = "PAM_IGNORE",
73 [PAM_ABORT] = "PAM_ABORT",
74 [PAM_TRY_AGAIN] = "PAM_TRY_AGAIN",
75 [PAM_MODULE_UNKNOWN] = "PAM_MODULE_UNKNOWN",
76 [PAM_DOMAIN_UNKNOWN] = "PAM_DOMAIN_UNKNOWN",
77 [PAM_BAD_HANDLE] = "PAM_BAD_HANDLE",
78 [PAM_BAD_ITEM] = "PAM_BAD_ITEM",
79 [PAM_BAD_FEATURE] = "PAM_BAD_FEATURE",
80 [PAM_BAD_CONSTANT] = "PAM_BAD_CONSTANT",
83 const char *pam_err_text[PAM_NUM_ERRORS] = {
84 [PAM_SUCCESS] = "Success",
85 [PAM_OPEN_ERR] = "Failed to load module",
86 [PAM_SYMBOL_ERR] = "Invalid symbol",
87 [PAM_SERVICE_ERR] = "Error in service module",
88 [PAM_SYSTEM_ERR] = "System error",
89 [PAM_BUF_ERR] = "Memory buffer error",
90 [PAM_CONV_ERR] = "Conversation failure",
91 [PAM_PERM_DENIED] = "Permission denied",
92 [PAM_MAXTRIES] = "Maximum number of tries exceeded",
93 [PAM_AUTH_ERR] = "Authentication error",
94 [PAM_NEW_AUTHTOK_REQD] = "New authentication token required",
95 [PAM_CRED_INSUFFICIENT] = "Insufficient credentials",
96 [PAM_AUTHINFO_UNAVAIL] = "Authentication information is unavailable",
97 [PAM_USER_UNKNOWN] = "Unknown user",
98 [PAM_CRED_UNAVAIL] = "Failed to retrieve user credentials",
99 [PAM_CRED_EXPIRED] = "User credentials have expired",
100 [PAM_CRED_ERR] = "Failed to set user credentials",
101 [PAM_ACCT_EXPIRED] = "User account has expired",
102 [PAM_AUTHTOK_EXPIRED] = "Password has expired",
103 [PAM_SESSION_ERR] = "Session failure",
104 [PAM_AUTHTOK_ERR] = "Authentication token failure",
105 [PAM_AUTHTOK_RECOVERY_ERR] = "Failed to recover old authentication token",
106 [PAM_AUTHTOK_LOCK_BUSY] = "Authentication token lock busy",
107 [PAM_AUTHTOK_DISABLE_AGING] = "Authentication token aging disabled",
108 [PAM_NO_MODULE_DATA] = "Module data not found",
109 [PAM_IGNORE] = "Ignore this module",
110 [PAM_ABORT] = "General failure",
111 [PAM_TRY_AGAIN] = "Try again",
112 [PAM_MODULE_UNKNOWN] = "Unknown module type",
113 [PAM_DOMAIN_UNKNOWN] = "Unknown authentication domain",
114 [PAM_BAD_HANDLE] = "Invalid PAM handle",
115 [PAM_BAD_ITEM] = "Unrecognized or restricted item",
116 [PAM_BAD_FEATURE] = "Unrecognized or restricted feature",
117 [PAM_BAD_CONSTANT] = "Invalid constant",
120 const char *pam_item_name[PAM_NUM_ITEMS] = {
121 [PAM_SERVICE] = "PAM_SERVICE",
122 [PAM_USER] = "PAM_USER",
123 [PAM_TTY] = "PAM_TTY",
124 [PAM_RHOST] = "PAM_RHOST",
125 [PAM_CONV] = "PAM_CONV",
126 [PAM_AUTHTOK] = "PAM_AUTHTOK",
127 [PAM_OLDAUTHTOK] = "PAM_OLDAUTHTOK",
128 [PAM_RUSER] = "PAM_RUSER",
129 [PAM_USER_PROMPT] = "PAM_USER_PROMPT",
130 [PAM_REPOSITORY] = "PAM_REPOSITORY",
131 [PAM_AUTHTOK_PROMPT] = "PAM_AUTHTOK_PROMPT",
132 [PAM_OLDAUTHTOK_PROMPT] = "PAM_OLDAUTHTOK_PROMPT",
133 [PAM_HOST] = "PAM_HOST",
136 const char *pam_facility_name[PAM_NUM_FACILITIES] = {
137 [PAM_ACCOUNT] = "account",
139 [PAM_PASSWORD] = "password",
140 [PAM_SESSION] = "session",
143 const char *pam_control_flag_name[PAM_NUM_CONTROL_FLAGS] = {
144 [PAM_BINDING] = "binding",
145 [PAM_OPTIONAL] = "optional",
146 [PAM_REQUIRED] = "required",
147 [PAM_REQUISITE] = "requisite",
148 [PAM_SUFFICIENT] = "sufficient",
151 const char *pam_func_name[PAM_NUM_PRIMITIVES] = {
152 [PAM_SM_AUTHENTICATE] = "pam_authenticate",
153 [PAM_SM_SETCRED] = "pam_setcred",
154 [PAM_SM_ACCT_MGMT] = "pam_acct_mgmt",
155 [PAM_SM_OPEN_SESSION] = "pam_open_session",
156 [PAM_SM_CLOSE_SESSION] = "pam_close_session",
157 [PAM_SM_CHAUTHTOK] = "pam_chauthtok"
160 const char *pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
161 [PAM_SM_AUTHENTICATE] = "pam_sm_authenticate",
162 [PAM_SM_SETCRED] = "pam_sm_setcred",
163 [PAM_SM_ACCT_MGMT] = "pam_sm_acct_mgmt",
164 [PAM_SM_OPEN_SESSION] = "pam_sm_open_session",
165 [PAM_SM_CLOSE_SESSION] = "pam_sm_close_session",
166 [PAM_SM_CHAUTHTOK] = "pam_sm_chauthtok"
169 const char *openpam_policy_path[] = {
172 "/usr/local/etc/pam.d/",
173 "/usr/local/etc/pam.conf",
177 const char *openpam_module_path[] = {
178 #ifdef OPENPAM_MODULES_DIRECTORY
179 OPENPAM_MODULES_DIRECTORY,