|
Packit |
6bd9ab |
/*
|
|
Packit |
6bd9ab |
nslcd.h - file describing client/server protocol
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
Copyright (C) 2006 West Consulting
|
|
Packit |
6bd9ab |
Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
02110-1301 USA
|
|
Packit |
6bd9ab |
*/
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifndef _NSLCD_H
|
|
Packit |
6bd9ab |
#define _NSLCD_H 1
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/*
|
|
Packit |
6bd9ab |
The protocol used between the nslcd client and server is a simple binary
|
|
Packit |
6bd9ab |
protocol. It is request/response based where the client initiates a
|
|
Packit |
6bd9ab |
connection, does a single request and closes the connection again. Any
|
|
Packit |
6bd9ab |
mangled or not understood messages will be silently ignored by the server.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
A request looks like:
|
|
Packit |
6bd9ab |
INT32 NSLCD_VERSION
|
|
Packit |
6bd9ab |
INT32 NSLCD_ACTION_*
|
|
Packit |
6bd9ab |
[request parameters if any]
|
|
Packit |
6bd9ab |
A response looks like:
|
|
Packit |
6bd9ab |
INT32 NSLCD_VERSION
|
|
Packit |
6bd9ab |
INT32 NSLCD_ACTION_* (the original request type)
|
|
Packit |
6bd9ab |
[result(s)]
|
|
Packit |
6bd9ab |
INT32 NSLCD_RESULT_END
|
|
Packit |
6bd9ab |
A single result entry looks like:
|
|
Packit |
6bd9ab |
INT32 NSLCD_RESULT_BEGIN
|
|
Packit |
6bd9ab |
[result value(s)]
|
|
Packit |
6bd9ab |
If a response would return multiple values (e.g. for NSLCD_ACTION_*_ALL
|
|
Packit |
6bd9ab |
functions) each return value will be preceded by a NSLCD_RESULT_BEGIN
|
|
Packit |
6bd9ab |
value. After the last returned result the server sends
|
|
Packit |
6bd9ab |
NSLCD_RESULT_END. If some error occurs (e.g. LDAP server unavailable,
|
|
Packit |
6bd9ab |
error in the request, etc) the server terminates the connection to signal
|
|
Packit |
6bd9ab |
an error condition (breaking the protocol).
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
These are the available basic data types:
|
|
Packit |
6bd9ab |
INT32 - 32-bit integer value
|
|
Packit |
6bd9ab |
TYPE - a typed field that is transferred using sizeof()
|
|
Packit |
6bd9ab |
STRING - a string length (32bit) followed by the string value (not
|
|
Packit |
6bd9ab |
null-terminted) the string itself is assumed to be UTF-8
|
|
Packit |
6bd9ab |
STRINGLIST - a 32-bit number noting the number of strings followed by
|
|
Packit |
6bd9ab |
the strings one at a time
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
Furthermore the ADDRESS compound data type is defined as:
|
|
Packit |
6bd9ab |
INT32 type of address: e.g. AF_INET or AF_INET6
|
|
Packit |
6bd9ab |
INT32 lenght of address
|
|
Packit |
6bd9ab |
RAW the address itself
|
|
Packit |
6bd9ab |
With the ADDRESSLIST using the same construct as with STRINGLIST.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
The protocol uses network byte order for all types.
|
|
Packit |
6bd9ab |
*/
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* The current version of the protocol. This protocol should only be
|
|
Packit |
6bd9ab |
updated with major backwards-incompatible changes. */
|
|
Packit |
6bd9ab |
#define NSLCD_VERSION 0x00000002
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Get a NSLCD configuration option. There is one request parameter:
|
|
Packit |
6bd9ab |
INT32 NSLCD_CONFIG_*
|
|
Packit |
6bd9ab |
the result value is:
|
|
Packit |
6bd9ab |
STRING value, interpretation depending on request */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_CONFIG_GET 0x00010001
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* return the message, if any, that is presented to the user when password
|
|
Packit |
6bd9ab |
modification through PAM is prohibited */
|
|
Packit |
6bd9ab |
#define NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE 1
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Email alias (/etc/aliases) NSS requests. The result values for a
|
|
Packit |
6bd9ab |
single entry are:
|
|
Packit |
6bd9ab |
STRING alias name
|
|
Packit |
6bd9ab |
STRINGLIST alias rcpts */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_ALIAS_BYNAME 0x00020001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_ALIAS_ALL 0x00020008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Ethernet address/name mapping NSS requests. The result values for a
|
|
Packit |
6bd9ab |
single entry are:
|
|
Packit |
6bd9ab |
STRING ether name
|
|
Packit |
6bd9ab |
TYPE(uint8_t[6]) ether address */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_ETHER_BYNAME 0x00030001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_ETHER_BYETHER 0x00030002
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_ETHER_ALL 0x00030008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Group and group membership related NSS requests. The result values
|
|
Packit |
6bd9ab |
for a single entry are:
|
|
Packit |
6bd9ab |
STRING group name
|
|
Packit |
6bd9ab |
STRING group password
|
|
Packit |
6bd9ab |
INT32 group id
|
|
Packit |
6bd9ab |
STRINGLIST members (usernames) of the group
|
|
Packit |
6bd9ab |
(not that the BYMEMER call returns an emtpy members list) */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_GROUP_BYNAME 0x00040001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_GROUP_BYGID 0x00040002
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_GROUP_BYMEMBER 0x00040006
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_GROUP_ALL 0x00040008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Hostname (/etc/hosts) lookup NSS requests. The result values
|
|
Packit |
6bd9ab |
for an entry are:
|
|
Packit |
6bd9ab |
STRING host name
|
|
Packit |
6bd9ab |
STRINGLIST host aliases
|
|
Packit |
6bd9ab |
ADDRESSLIST host addresses */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_HOST_BYNAME 0x00050001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_HOST_BYADDR 0x00050002
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_HOST_ALL 0x00050008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Netgroup NSS result entries contain a number of parts. A result entry
|
|
Packit |
6bd9ab |
starts with:
|
|
Packit |
6bd9ab |
STRING netgroup name
|
|
Packit |
6bd9ab |
followed by zero or more references to other netgroups or netgroup
|
|
Packit |
6bd9ab |
triples. A reference to another netgroup looks like:
|
|
Packit |
6bd9ab |
INT32 NSLCD_NETGROUP_TYPE_NETGROUP
|
|
Packit |
6bd9ab |
STRING other netgroup name
|
|
Packit |
6bd9ab |
A a netgroup triple looks like:
|
|
Packit |
6bd9ab |
INT32 NSLCD_NETGROUP_TYPE_TRIPLE
|
|
Packit |
6bd9ab |
STRING host
|
|
Packit |
6bd9ab |
STRING user
|
|
Packit |
6bd9ab |
STRING domain
|
|
Packit |
6bd9ab |
A netgroup result entry is terminated by:
|
|
Packit |
6bd9ab |
INT32 NSLCD_NETGROUP_TYPE_END
|
|
Packit |
6bd9ab |
*/
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_NETGROUP_BYNAME 0x00060001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_NETGROUP_ALL 0x00060008
|
|
Packit |
6bd9ab |
#define NSLCD_NETGROUP_TYPE_NETGROUP 1
|
|
Packit |
6bd9ab |
#define NSLCD_NETGROUP_TYPE_TRIPLE 2
|
|
Packit |
6bd9ab |
#define NSLCD_NETGROUP_TYPE_END 3
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Network name (/etc/networks) NSS requests. Result values for a single
|
|
Packit |
6bd9ab |
entry are:
|
|
Packit |
6bd9ab |
STRING network name
|
|
Packit |
6bd9ab |
STRINGLIST network aliases
|
|
Packit |
6bd9ab |
ADDRESSLIST network addresses */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_NETWORK_BYNAME 0x00070001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_NETWORK_BYADDR 0x00070002
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_NETWORK_ALL 0x00070008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* User account (/etc/passwd) NSS requests. Result values are:
|
|
Packit |
6bd9ab |
STRING user name
|
|
Packit |
6bd9ab |
STRING user password
|
|
Packit |
6bd9ab |
INT32 user id
|
|
Packit |
6bd9ab |
INT32 group id
|
|
Packit |
6bd9ab |
STRING gecos information
|
|
Packit |
6bd9ab |
STRING home directory
|
|
Packit |
6bd9ab |
STRING login shell */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PASSWD_BYNAME 0x00080001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PASSWD_BYUID 0x00080002
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PASSWD_ALL 0x00080008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Protocol information requests. Result values are:
|
|
Packit |
6bd9ab |
STRING protocol name
|
|
Packit |
6bd9ab |
STRINGLIST protocol aliases
|
|
Packit |
6bd9ab |
INT32 protocol number */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PROTOCOL_BYNAME 0x00090001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PROTOCOL_BYNUMBER 0x00090002
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PROTOCOL_ALL 0x00090008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* RPC information requests. Result values are:
|
|
Packit |
6bd9ab |
STRING rpc name
|
|
Packit |
6bd9ab |
STRINGLIST rpc aliases
|
|
Packit |
6bd9ab |
INT32 rpc number */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_RPC_BYNAME 0x000a0001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_RPC_BYNUMBER 0x000a0002
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_RPC_ALL 0x000a0008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Service (/etc/services) information requests. The BYNAME and BYNUMBER
|
|
Packit |
6bd9ab |
requests contain an extra protocol string in the request which, if not
|
|
Packit |
6bd9ab |
blank, will filter the services by this protocol. Result values are:
|
|
Packit |
6bd9ab |
STRING service name
|
|
Packit |
6bd9ab |
STRINGLIST service aliases
|
|
Packit |
6bd9ab |
INT32 service (port) number
|
|
Packit |
6bd9ab |
STRING service protocol */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_SERVICE_BYNAME 0x000b0001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_SERVICE_BYNUMBER 0x000b0002
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_SERVICE_ALL 0x000b0008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Extended user account (/etc/shadow) information requests. Result
|
|
Packit |
6bd9ab |
values for a single entry are:
|
|
Packit |
6bd9ab |
STRING user name
|
|
Packit |
6bd9ab |
STRING user password
|
|
Packit |
6bd9ab |
INT32 last password change
|
|
Packit |
6bd9ab |
INT32 mindays
|
|
Packit |
6bd9ab |
INT32 maxdays
|
|
Packit |
6bd9ab |
INT32 warn
|
|
Packit |
6bd9ab |
INT32 inact
|
|
Packit |
6bd9ab |
INT32 expire
|
|
Packit |
6bd9ab |
INT32 flag */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_SHADOW_BYNAME 0x000c0001
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_SHADOW_ALL 0x000c0008
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* PAM-related requests. The request parameters for all these requests
|
|
Packit |
6bd9ab |
begin with:
|
|
Packit |
6bd9ab |
STRING user name
|
|
Packit |
6bd9ab |
STRING service name
|
|
Packit |
6bd9ab |
STRING ruser
|
|
Packit |
6bd9ab |
STRING rhost
|
|
Packit |
6bd9ab |
STRING tty
|
|
Packit |
6bd9ab |
If the user is not known in LDAP no result may be returned (immediately
|
|
Packit |
6bd9ab |
return NSLCD_RESULT_END instead of a PAM error code). */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* PAM authentication check request. The extra request values are:
|
|
Packit |
6bd9ab |
STRING password
|
|
Packit |
6bd9ab |
and the result value consists of:
|
|
Packit |
6bd9ab |
INT32 authc NSLCD_PAM_* result code
|
|
Packit |
6bd9ab |
STRING user name (the cannonical user name)
|
|
Packit |
6bd9ab |
INT32 authz NSLCD_PAM_* result code
|
|
Packit |
6bd9ab |
STRING authorisation error message
|
|
Packit |
6bd9ab |
If the username is empty in this request an attempt is made to
|
|
Packit |
6bd9ab |
authenticate as the administrator (set using rootpwmoddn).
|
|
Packit |
6bd9ab |
Some authorisation checks are already done during authentication so the
|
|
Packit |
6bd9ab |
response also includes authorisation information. */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PAM_AUTHC 0x000d0001
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* PAM authorisation check request. The result value consists of:
|
|
Packit |
6bd9ab |
INT32 authz NSLCD_PAM_* result code
|
|
Packit |
6bd9ab |
STRING authorisation error message
|
|
Packit |
6bd9ab |
The authentication check may have already returned some authorisation
|
|
Packit |
6bd9ab |
information. The authorisation error message, if supplied, will be used
|
|
Packit |
6bd9ab |
by the PAM module instead of a message that is generated by the PAM
|
|
Packit |
6bd9ab |
module itself. */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PAM_AUTHZ 0x000d0002
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* PAM session open request. The result value consists of:
|
|
Packit |
6bd9ab |
STRING session id
|
|
Packit |
6bd9ab |
This session id may be used to close this session with. */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PAM_SESS_O 0x000d0003
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* PAM session close request. This request has the following
|
|
Packit |
6bd9ab |
extra request value:
|
|
Packit |
6bd9ab |
STRING session id
|
|
Packit |
6bd9ab |
and this calls only returns an empty response value. */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PAM_SESS_C 0x000d0004
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* PAM password modification request. This requests has the following extra
|
|
Packit |
6bd9ab |
request values:
|
|
Packit |
6bd9ab |
INT32 asroot: 0=oldpasswd is user passwd, 1=oldpasswd is root passwd
|
|
Packit |
6bd9ab |
STRING old password
|
|
Packit |
6bd9ab |
STRING new password
|
|
Packit |
6bd9ab |
and returns there extra result values:
|
|
Packit |
6bd9ab |
INT32 NSLCD_PAM_* result code
|
|
Packit |
6bd9ab |
STRING error message */
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_PAM_PWMOD 0x000d0005
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* User information change request. This request allows one to change
|
|
Packit |
6bd9ab |
their full name and other information. The request parameters for this
|
|
Packit |
6bd9ab |
request are:
|
|
Packit |
6bd9ab |
STRING user name
|
|
Packit |
6bd9ab |
INT32 asroot: 0=passwd is user passwd, 1=passwd is root passwd
|
|
Packit |
6bd9ab |
STRING password
|
|
Packit |
6bd9ab |
followed by one or more of the below, terminated by NSLCD_USERMOD_END
|
|
Packit |
6bd9ab |
INT32 NSLCD_USERMOD_*
|
|
Packit |
6bd9ab |
STRING new value
|
|
Packit |
6bd9ab |
the response consists of one or more of the entries below, terminated
|
|
Packit |
6bd9ab |
by NSLCD_USERMOD_END:
|
|
Packit |
6bd9ab |
INT32 NSLCD_USERMOD_*
|
|
Packit |
6bd9ab |
STRING response
|
|
Packit |
6bd9ab |
(if the response is blank, the change went OK, otherwise the string
|
|
Packit |
6bd9ab |
contains an error message)
|
|
Packit |
6bd9ab |
*/
|
|
Packit |
6bd9ab |
#define NSLCD_ACTION_USERMOD 0x000e0001
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* These are the possible values for the NSLCD_ACTION_USERMOD operation
|
|
Packit |
6bd9ab |
above. */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_END 0 /* end of change values */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_RESULT 1 /* global result value */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_FULLNAME 2 /* full name */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_ROOMNUMBER 3 /* room number */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_WORKPHONE 4 /* office phone number */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_HOMEPHONE 5 /* home phone number */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_OTHER 6 /* other info */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_HOMEDIR 7 /* home directory */
|
|
Packit |
6bd9ab |
#define NSLCD_USERMOD_SHELL 8 /* login shell */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Request result codes. */
|
|
Packit |
6bd9ab |
#define NSLCD_RESULT_BEGIN 1
|
|
Packit |
6bd9ab |
#define NSLCD_RESULT_END 2
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Partial list of PAM result codes. */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_SUCCESS 0 /* everything ok */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_PERM_DENIED 6 /* Permission denied */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_AUTH_ERR 7 /* Authc failure */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_CRED_INSUFFICIENT 8 /* Cannot access authc data */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_AUTHINFO_UNAVAIL 9 /* Cannot retrieve authc info */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_USER_UNKNOWN 10 /* User not known */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_MAXTRIES 11 /* Retry limit reached */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_NEW_AUTHTOK_REQD 12 /* Password expired */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_ACCT_EXPIRED 13 /* Account expired */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_SESSION_ERR 14 /* Cannot make/remove session record */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_AUTHTOK_ERR 20 /* Authentication token manipulation error */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_IGNORE 25 /* Ignore module */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_ABORT 26 /* Fatal error */
|
|
Packit |
6bd9ab |
#define NSLCD_PAM_AUTHTOK_EXPIRED 27 /* authentication token has expired */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#endif /* not _NSLCD_H */
|