Back to index

openldap  2.4.31
nslcd.h
Go to the documentation of this file.
00001 /*
00002    nslcd.h - file describing client/server protocol
00003 
00004    Copyright (C) 2006 West Consulting
00005    Copyright (C) 2006, 2007, 2009, 2010 Arthur de Jong
00006 
00007    This library is free software; you can redistribute it and/or
00008    modify it under the terms of the GNU Lesser General Public
00009    License as published by the Free Software Foundation; either
00010    version 2.1 of the License, or (at your option) any later version.
00011 
00012    This library is distributed in the hope that it will be useful,
00013    but WITHOUT ANY WARRANTY; without even the implied warranty of
00014    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00015    Lesser General Public License for more details.
00016 
00017    You should have received a copy of the GNU Lesser General Public
00018    License along with this library; if not, write to the Free Software
00019    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
00020    02110-1301 USA
00021 */
00022 
00023 #ifndef _NSLCD_H
00024 #define _NSLCD_H 1
00025 
00026 /*
00027    The protocol used between the nslcd client and server is a simple binary
00028    protocol. It is request/response based where the client initiates a
00029    connection, does a single request and closes the connection again. Any
00030    mangled or not understood messages will be silently ignored by the server.
00031 
00032    A request looks like:
00033      INT32  NSLCD_VERSION
00034      INT32  NSLCD_ACTION_*
00035      [request parameters if any]
00036    A response looks like:
00037      INT32  NSLCD_VERSION
00038      INT32  NSLCD_ACTION_* (the original request type)
00039      [result(s)]
00040      INT32  NSLCD_RESULT_END
00041    A single result entry looks like:
00042      INT32  NSLCD_RESULT_BEGIN
00043      [result value(s)]
00044    If a response would return multiple values (e.g. for NSLCD_ACTION_*_ALL
00045    functions) each return value will be preceded by a NSLCD_RESULT_BEGIN
00046    value. After the last returned result the server sends
00047    NSLCD_RESULT_END. If some error occurs (e.g. LDAP server unavailable,
00048    error in the request, etc) the server terminates the connection to signal
00049    an error condition (breaking the protocol).
00050 
00051    These are the available basic data types:
00052      INT32  - 32-bit integer value
00053      TYPE   - a typed field that is transferred using sizeof()
00054      STRING - a string length (32bit) followed by the string value (not
00055               null-terminted) the string itself is assumed to be UTF-8
00056      STRINGLIST - a 32-bit number noting the number of strings followed by
00057                   the strings one at a time
00058 
00059    Furthermore the ADDRESS compound data type is defined as:
00060      INT32  type of address: e.g. AF_INET or AF_INET6
00061      INT32  lenght of address
00062      RAW    the address itself in network byte order
00063    With the ADDRESSLIST using the same construct as with STRINGLIST.
00064 
00065    The protocol uses host-byte order for all types (except in the raw
00066    address above).
00067 */
00068 
00069 /* The current version of the protocol. Note that version 1
00070    is experimental and this version will be used until a
00071    1.0 release of nss-pam-ldapd is made. */
00072 #define NSLCD_VERSION 1
00073 
00074 /* Email alias (/etc/aliases) NSS requests. The result values for a
00075    single entry are:
00076      STRING      alias name
00077      STRINGLIST  alias rcpts */
00078 #define NSLCD_ACTION_ALIAS_BYNAME       4001
00079 #define NSLCD_ACTION_ALIAS_ALL          4002
00080 
00081 /* Ethernet address/name mapping NSS requests. The result values for a
00082    single entry are:
00083      STRING            ether name
00084      TYPE(uint8_t[6])  ether address */
00085 #define NSLCD_ACTION_ETHER_BYNAME       3001
00086 #define NSLCD_ACTION_ETHER_BYETHER      3002
00087 #define NSLCD_ACTION_ETHER_ALL          3005
00088 
00089 /* Group and group membership related NSS requests. The result values
00090    for a single entry are:
00091      STRING       group name
00092      STRING       group password
00093      TYPE(gid_t)  group id
00094      STRINGLIST   members (usernames) of the group
00095      (not that the BYMEMER call returns an emtpy members list) */
00096 #define NSLCD_ACTION_GROUP_BYNAME       5001
00097 #define NSLCD_ACTION_GROUP_BYGID        5002
00098 #define NSLCD_ACTION_GROUP_BYMEMBER     5003
00099 #define NSLCD_ACTION_GROUP_ALL          5004
00100 
00101 /* Hostname (/etc/hosts) lookup NSS requests. The result values
00102    for an entry are:
00103      STRING       host name
00104      STRINGLIST   host aliases
00105      ADDRESSLIST  host addresses */
00106 #define NSLCD_ACTION_HOST_BYNAME        6001
00107 #define NSLCD_ACTION_HOST_BYADDR        6002
00108 #define NSLCD_ACTION_HOST_ALL           6005
00109 
00110 /* Netgroup NSS request return a number of results. Result values
00111    can be either a reference to another netgroup:
00112      INT32   NSLCD_NETGROUP_TYPE_NETGROUP
00113      STRING  other netgroup name
00114    or a netgroup triple:
00115      INT32   NSLCD_NETGROUP_TYPE_TRIPLE
00116      STRING  host
00117      STRING  user
00118      STRING  domain */
00119 #define NSLCD_ACTION_NETGROUP_BYNAME   12001
00120 #define NSLCD_NETGROUP_TYPE_NETGROUP 123
00121 #define NSLCD_NETGROUP_TYPE_TRIPLE   456
00122 
00123 /* Network name (/etc/networks) NSS requests. Result values for a single
00124    entry are:
00125      STRING       network name
00126      STRINGLIST   network aliases
00127      ADDRESSLIST  network addresses */
00128 #define NSLCD_ACTION_NETWORK_BYNAME     8001
00129 #define NSLCD_ACTION_NETWORK_BYADDR     8002
00130 #define NSLCD_ACTION_NETWORK_ALL        8005
00131 
00132 /* User account (/etc/passwd) NSS requests. Result values are:
00133      STRING       user name
00134      STRING       user password
00135      TYPE(uid_t)  user id
00136      TYPE(gid_t)  group id
00137      STRING       gecos information
00138      STRING       home directory
00139      STRING       login shell */
00140 #define NSLCD_ACTION_PASSWD_BYNAME      1001
00141 #define NSLCD_ACTION_PASSWD_BYUID       1002
00142 #define NSLCD_ACTION_PASSWD_ALL         1004
00143 
00144 /* Protocol information requests. Result values are:
00145      STRING      protocol name
00146      STRINGLIST  protocol aliases
00147      INT32       protocol number */
00148 #define NSLCD_ACTION_PROTOCOL_BYNAME    9001
00149 #define NSLCD_ACTION_PROTOCOL_BYNUMBER  9002
00150 #define NSLCD_ACTION_PROTOCOL_ALL       9003
00151 
00152 /* RPC information requests. Result values are:
00153      STRING      rpc name
00154      STRINGLIST  rpc aliases
00155      INT32       rpc number */
00156 #define NSLCD_ACTION_RPC_BYNAME        10001
00157 #define NSLCD_ACTION_RPC_BYNUMBER      10002
00158 #define NSLCD_ACTION_RPC_ALL           10003
00159 
00160 /* Service (/etc/services) information requests. Result values are:
00161      STRING      service name
00162      STRINGLIST  service aliases
00163      INT32       service (port) number
00164      STRING      service protocol */
00165 #define NSLCD_ACTION_SERVICE_BYNAME    11001
00166 #define NSLCD_ACTION_SERVICE_BYNUMBER  11002
00167 #define NSLCD_ACTION_SERVICE_ALL       11005
00168 
00169 /* Extended user account (/etc/shadow) information requests. Result
00170    values for a single entry are:
00171      STRING  user name
00172      STRING  user password
00173      INT32   last password change
00174      INT32   mindays
00175      INT32   maxdays
00176      INT32   warn
00177      INT32   inact
00178      INT32   expire
00179      INT32   flag */
00180 #define NSLCD_ACTION_SHADOW_BYNAME      2001
00181 #define NSLCD_ACTION_SHADOW_ALL         2005
00182 
00183 /* PAM-related requests. The request parameters for all these requests
00184    begin with:
00185      STRING  user name
00186      STRING  DN (if value is known already, otherwise empty)
00187      STRING  service name
00188    all requests, except the SESSION requests start the result value with:
00189      STRING  user name (cannonical name)
00190      STRING  DN (can be used to speed up requests) */
00191 
00192 /* PAM authentication check request. The extra request values are:
00193      STRING  password
00194    and the result value ends with:
00195      INT32   authc NSLCD_PAM_* result code
00196      INT32   authz NSLCD_PAM_* result code
00197      STRING  authorisation error message
00198    If the username is empty in this request an attempt is made to
00199    authenticate as the administrator (set using rootpwmoddn). The returned DN
00200    is that of the administrator. */
00201 #define NSLCD_ACTION_PAM_AUTHC         20001
00202 
00203 /* PAM authorisation check request. The extra request values are:
00204      STRING ruser
00205      STRING rhost
00206      STRING tty
00207    and the result value ends with:
00208      INT32   authz NSLCD_PAM_* result code
00209      STRING  authorisation error message */
00210 #define NSLCD_ACTION_PAM_AUTHZ         20002
00211 
00212 /* PAM session open and close requests. These requests have the following
00213    extra request values:
00214      STRING tty
00215      STRING rhost
00216      STRING ruser
00217      INT32 session id (ignored for SESS_O)
00218    and these calls only return the session ID:
00219      INT32 session id
00220    The SESS_C must contain the ID that is retured by SESS_O to close the
00221    correct session. */
00222 #define NSLCD_ACTION_PAM_SESS_O        20003
00223 #define NSLCD_ACTION_PAM_SESS_C        20004
00224 
00225 /* PAM password modification request. This requests has the following extra
00226    request values:
00227      STRING old password
00228      STRING new password
00229    and returns there extra result values:
00230      INT32   authz NSLCD_PAM_* result code
00231      STRING  authorisation error message
00232    In this request the DN may be set to the administrator's DN. In this
00233    case old password should be the administrator's password. This allows
00234    the administrator to change any user's password. */
00235 #define NSLCD_ACTION_PAM_PWMOD         20005
00236 
00237 /* Request result codes. */
00238 #define NSLCD_RESULT_BEGIN                 0
00239 #define NSLCD_RESULT_END                   3
00240 
00241 /* Partial list of PAM result codes. */
00242 #define NSLCD_PAM_SUCCESS             0 /* everything ok */
00243 #define NSLCD_PAM_PERM_DENIED         6 /* Permission denied */
00244 #define NSLCD_PAM_AUTH_ERR            7 /* Authc failure */
00245 #define NSLCD_PAM_CRED_INSUFFICIENT   8 /* Cannot access authc data */
00246 #define NSLCD_PAM_AUTHINFO_UNAVAIL    9 /* Cannot retrieve authc info */
00247 #define NSLCD_PAM_USER_UNKNOWN       10 /* User not known */
00248 #define NSLCD_PAM_MAXTRIES           11 /* Retry limit reached */
00249 #define NSLCD_PAM_NEW_AUTHTOK_REQD   12 /* Password expired */
00250 #define NSLCD_PAM_ACCT_EXPIRED       13 /* Account expired */
00251 #define NSLCD_PAM_SESSION_ERR        14 /* Cannot make/remove session record */
00252 #define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */
00253 #define NSLCD_PAM_IGNORE             25 /* Ignore module */
00254 #define NSLCD_PAM_ABORT              26 /* Fatal error */
00255 
00256 #endif /* not _NSLCD_H */