/* * puidnetd.h -- definitions for PUID reflector net daemon protocol * * V. Abell * Purdue University Computing Center */ /* * Copyright 1999 Purdue Research Foundation, West Lafayette, Indiana * 47907. All rights reserved. * * Written by V. Abell * * This software is not subject to any license of the American Telephone * and Telegraph Company or the Regents of the University of California. * * Permission is granted to anyone to use this software for any purpose on * any computer system, and to alter it and redistribute it freely, subject * to the following restrictions: * * 1. Neither the authors nor Purdue University are responsible for any * consequences of the use of this software. * * 2. The origin of this software must not be misrepresented, either by * explicit claim or by omission. Credit to the authors and Purdue * University must appear in documentation and sources. * * 3. Altered versions must be plainly marked as such, and must not be * misrepresented as being the original software. * * 4. This notice may not be removed or altered. */ #if !defined(PUIDNETD_H) #define PUIDNETD_H 1 #include "../include/puid_types.h" /* * Net daemon PUIDs -- for use by clients to establish that the connected * server is the correct one */ #define PUIDNETD_PUID_OID_I2A2 "1.3.6.1.4.1.4440.4.4.1.1.4" /* X.509 object ID (OID) for * PUID in I2A2 OID subtree */ #define PUIDNETD_PUID_OID_PACE "2.16.840.1.113531.5.8.4.1.1" /* X.509 object ID (OID) for * PUID in PACE OID subtree -- * this OID is obsolescent and * is retained until all X.509 * certificates containing it * have expired. Use * PUIDNETD_PUID_OID_I2A2 * wherever possible. */ #define PUIDNETD_AUTHC_CSER "E464D63CB3" /* authcnetd's certificate * serial number */ #define PUIDNETD_AUTHC_PUID 13203467 /* authcnetd's PUID */ #define PUIDNETD_AUTHZ_CSER "E464D63B9A" /* authznetd's certificate * serial number */ #define PUIDNETD_AUTHZ_PUID 13203475 /* authznetd's PUID */ #define PUIDNETD_REFL_CSER "E464D63A90" /* reflnetd's certificate * serial number */ #define PUIDNETD_REFL_PUID 13203483 /* reflnetd's PUID */ /* * Net daemon host names */ #define PUIDNETD_HOST_AUTHC "authenticate.i2a2.purdue.edu" /* authenticator */ #define PUIDNETD_HOST_AUTHZ "authorize.i2a2.purdue.edu" /* authorizer */ #define PUIDNETD_HOST_REFL "lookup.i2a2.purdue.edu" /* reflector */ /* * Net daemon host names for testing */ #define PUIDNETD_HOST_AUTHC_TST "dbm-dev.i2a2.purdue.edu" /* authenticator */ #define PUIDNETD_HOST_AUTHZ_TST "dbm-dev.i2a2.purdue.edu" /* authorizer */ #define PUIDNETD_HOST_REFL_TST "dbm-dev.i2a2.purdue.edu" /* reflector */ /* * Net daemon plain text service names and ports * * Note: use getservbyname() on the service name before using the port number. */ #define PUIDNETD_SVC_AUTHC "authc" /* authenticator */ #define PUIDNETD_PORT_AUTHC 1561 #define PUIDNETD_SVC_AUTHZ "authz" /* authorizer */ #define PUIDNETD_PORT_AUTHZ 1563 #define PUIDNETD_SVC_REFL "refl" /* reflector */ #define PUIDNETD_PORT_REFL 1565 /* * Net daemon SSL service names and ports * * Note: use getservbyname() on the service name before using the port number. */ #define PUIDNETD_SVC_SSL_AUTHC "authcs" /* authenticator */ #define PUIDNETD_PORT_SSL_AUTHC 1562 #define PUIDNETD_SVC_SSL_AUTHZ "authzs" /* authorizer */ #define PUIDNETD_PORT_SSL_AUTHZ 1564 #define PUIDNETD_SVC_SSL_REFL "refls" /* reflector */ #define PUIDNETD_PORT_SSL_REFL 1566 /* * Default public certificate directory for the default UNIX OpenSSL * installation */ #define PUIDNETD_PUB_CERTS "/opt/openssl/certs" /* * Protocol commands: * * A protocol command is the first character of the input string. It may * be followed by an optional PUIDNETD_MSGTERM (terminator) character and * fields (see PUIDNETD_DATA_*). The input string line must end with a * PUIDNETD_MSGTERM, an optional '\r', and a required '\n'. * * The input string should contain no non-printable characters other than * PUIDNETD_MSGTERM, '\r, and '\n'. The net daemons perform backspace ('\b' * and '\177`) processing in case input is coming from telnet clients that * don't already do that before sending lines. * * Clients of the net daemons need not do backspace processing, but they * may want to strip incoming line string of their trailing '\r' and '\n' * characters. (The '\r' is a DOS concession.) * * Here is a quit command string: * * "q\t\n" * * Also see the section of comments titled "Record length and continuations:". */ #define PUIDNETD_CMD_AUTHC 'a' /* AUTHentiCate */ #define PUIDNETD_CMD_CHLKUP 'C' /* look up authorization characteristic * name or number */ #define PUIDNETD_CMD_CONT '+' /* continue previous command */ #define PUIDNETD_CMD_GETINFO 'i' /* get DBM info -- see PUIDNETD_GIFO_* * symbols */ #define PUIDNETD_CMD_JOIN 'j' /* join (to a realm) */ #define PUIDNETD_CMD_LOOKUP 'l' /* lookup */ #define PUIDNETD_CMD_LSTCH 'L' /* get authorization characteristic * list (may require PUID_ACL_M_LSTCH * ACL permission) */ #define PUIDNETD_CMD_MODIFY 'm' /* modify */ #define PUIDNETD_CMD_MINE 'I' /* mIne */ #define PUIDNETD_CMD_QUIT 'q' /* quit */ #define PUIDNETD_CMD_UNJOIN 'u' /* unjoin (from a realm) */ /* * Get-info sub-commands, delivered in a PUIDNETD_DATA_MSG field of a * PUIDNETD_CMD_GETINFO command. * * If no PUIDNETD_DATA_MSG field accompanies a PUID_CMD_GETINFO command, * the command is rejected. */ #define PUIDNETD_GIFO_ALL 'A' /* get all statistics */ #define PUIDNETD_GIFO_AKA 'a' /* get alias statistics */ #define PUIDNETD_GIFO_CN 'n' /* get common name statistics */ #define PUIDNETD_GIFO_GETACL 'b' /* get a PUID's ACL bits */ #define PUIDNETD_GIFO_ID 's' /* get SID|SSN statistics */ #define PUIDNETD_GIFO_PUID 'p' /* get PUID statistics */ #define PUIDNETD_GIFO_REALMS 'r' /* get statistics for authentication * realms */ #define PUIDNETD_GIFO_Q 'q' /* get queue statistics */ /* * DBM ACL mode symbols */ #define PUIDNETD_ACL_M_RD 0x1 /* read permission */ #define PUIDNETD_ACL_M_WRM 0x2 /* write|modify permission */ #define PUIDNETD_ACL_M_DIS 0x4 /* disable|enable permission */ #define PUIDNETD_ACL_M_BKR 0x8 /* backup and rebuild permission */ #define PUIDNETD_ACL_M_CR 0x10 /* create permission */ #define PUIDNETD_ACL_M_DBM 0x20 /* can run DBM */ #define PUIDNETD_ACL_M_PDMP 0x40 /* can dump a person's record */ #define PUIDNETD_ACL_M_SLKU 0x80 /* can look up by or display HRID|SID * (needed with PUIDNETD_ACL_M_MINE * to "mine" * HRID|SID) */ #define PUIDNETD_ACL_M_MINE 0x100 /* can "mine" a person's record, but not * necessarily its HRID|SID (that * requires PUIDNETD_ACL_M_SLKU) */ #define PUIDNETD_ACL_M_CH 0x200 /* can replace global characteristics */ #define PUIDNETD_ACL_M_DEL 0x400 /* delete permission */ #define PUIDNETD_ACL_M_CNMR 0x800 /* can get multiple results from a * reflector common name search */ #define PUIDNETD_ACL_M_CCRL 0x1000 /* can change regular expression lookup * limits above defaults */ #define PUIDNETD_ACL_M_EPUID 0x2000 /* can set an effective PUID */ #define PUIDNETD_ACL_M_GETACL 0x4000 /* can get a PUID's ACL bits */ #define PUIDNETD_ACL_M_ALL (PUIDNETD_ACL_M_RD | PUIDNETD_ACL_M_WRM | \ PUIDNETD_ACL_M_DIS | PUIDNETD_ACL_M_BKR | \ PUIDNETD_ACL_M_CR | PUIDNETD_ACL_M_DBM | \ PUIDNETD_ACL_M_PDMP | PUIDNETD_ACL_M_SLKU | \ PUIDNETD_ACL_M_MINE | PUIDNETD_ACL_M_CH | \ PUIDNETD_ACL_M_DEL | PUIDNETD_ACL_M_CNMR | \ PUIDNETD_ACL_M_CCRL | PUIDNETD_ACL_M_EPUID | \ PUIDNETD_ACL_M_GETACL) /* * Error codes * * These codes appear in a PUIDNETD_DATA_ERRC field. */ #define PUIDNETD_ECCDBM 1 /* Can't contact DBM */ #define PUIDNETD_EUCMD 2 /* Unknown command */ #define PUIDNETD_EPNF 3 /* Person not found */ #define PUIDNETD_ENOSEP 4 /* Missing separator */ #define PUIDNETD_EINTERNAL 5 /* Internal error */ #define PUIDNETD_ENOMEM 6 /* No memory */ #define PUIDNETD_EMSHT 7 /* Message too short */ #define PUIDNETD_EFLDSHT 8 /* Field too short */ #define PUIDNETD_EFLDTL 9 /* Field too long */ #define PUIDNETD_EILLCH 10 /* Illegal character in string */ #define PUIDNETD_EILLFT 11 /* Illegal field terminator */ #define PUIDNETD_EUPNF 12 /* Unpack structure not found */ #define PUIDNETD_EUDTY 13 /* Unknown data type */ #define PUIDNETD_EDUPFLD 14 /* Duplicate field */ #define PUIDNETD_ECONT 15 /* Continuation missing or unexpected */ #define PUIDNETD_ENOCMD 16 /* No command */ #define PUIDNETD_EDBME 17 /* DBM returned an error */ #define PUIDNETD_EWRDBM 18 /* Error writing to DBM */ #define PUIDNETD_ERDDBM 19 /* Error reading from DBM */ #define PUIDNETD_EUNPDBM 20 /* Error unpacking DBM reply */ #define PUIDNETD_EUNDBMR 21 /* Unknown DBM response */ #define PUIDNETD_ERECFLD 22 /* Illegal record field */ #define PUIDNETD_ECHTY 23 /* Illegal characteristic type */ #define PUIDNETD_ECHFMT 24 /* Characteristic field format error */ #define PUIDNETD_ECHVAL 25 /* Illegal characteristic value */ #define PUIDNETD_ECHCRIT 26 /* Illegal characteristic creation */ #define PUIDNETD_ESYSCALL 27 /* UNIX system call failure */ #define PUIDNETD_EGIFO 28 /* Error in GIFO sub-command */ #define PUIDNETD_ECKDF 29 /* PUID check digit error */ #define PUIDNETD_EILLPUID 30 /* Illegal PUID */ #define PUIDNETD_EILLTM 31 /* Illegal time value */ #define PUIDNETD_EAUTHRNC 32 /* Authentication record not closed */ #define PUIDNETD_EIAUTHACLR 33 /* Illegal authentication ACL record */ #define PUIDNETD_EIAUTHACLPM 34 /* Illegal authentication ACL mask */ #define PUIDNETD_EAUTHACLNC 35 /* Authentication ACL not closed */ #define PUIDNETD_ECERTSER 36 /* Certificate serial number error */ #define PUIDNETD_EIRR 37 /* Incomplete realm record */ #define PUIDNETD_EMPOA 38 /* Missing PUID or AKA */ #define PUIDNETD_ENSAR 39 /* No such authentication realm */ #define PUIDNETD_EENOTIMP 40 /* Encryption type not implemented */ #define PUIDNETD_EUAE 41 /* Unspecified authentication error */ #define PUIDNETD_EPORSSL 42 /* Password operations require SSL */ #define PUIDNETD_EILLB64CH 43 /* Illegal base 64 character */ #define PUIDNETD_EDB64S 44 /* Error decoding base 64 string */ #define PUIDNETD_EMRN 45 /* Missing realm name */ #define PUIDNETD_EREMU 46 /* Realm encryption method undefined */ #define PUIDNETD_EICD 47 /* Illegal client data */ #define PUIDNETD_ECERTERR 48 /* Certificate error */ #define PUIDNETD_ENRETD 49 /* No realm encryption type defined */ /* * Field characters * * After the first characters of the string, which may be a command (see the * PUIDNETD_CMD_* definitions) or a reply (see the PUIDNETD_REPLY_* * definitions) and a PUIDNETD_MSGTERM, input and output data may be present in * fields. * * Each field is identified with a leading character from the following * PUIDNETD_DATA_* definitions. Optional data follows. The field must be * terminated with the PUIDNETD_MSGTERM character and must not contain it. * * Multiple fields may be present, each identified with its PUIDNETD_DATA_* * character, followed by optional data, and a PUIDNETD_MSGTERM. * * Here's an example of a lookup command (PUIDNETD_CMD_LOOKUP) that is * accompanied by PUID 1234567 (PUIDNETD_DATA_PUID). * * "l\tp1234567\t\n" * or * "lp1234567\t\n" * * This lookup command is accompanied by an alias and a boolean expression. * * "l\taabcdef\tX(01 & (~02))\t\n" * or * "laabcdef\tX(01 & (~02))\t\n" * * Also see the section of comments titled "Record length and continuations:". */ #define PUIDNETD_DATA_AKA 'a' /* alias */ #define PUIDNETD_DATA_ATTR 'i' /* attributes */ #define PUIDNETD_DATA_CNM 'N' /* common name */ #define PUIDNETD_DATA_CRID 'c' /* creator PUID */ #define PUIDNETD_DATA_CRTM '>' /* creation time */ #define PUIDNETD_DATA_EPUID 'V' /* effectiVe PUID */ #define PUIDNETD_DATA_ERRC 'e' /* error code */ #define PUIDNETD_DATA_FMSG 'f' /* freeze message (RADIUS) */ #define PUIDNETD_DATA_HRID 'h' /* Human Resources ID */ #define PUIDNETD_DATA_MDFY 'Y' /* modificatioN record */ #define PUIDNETD_DATA_MSG 'M' /* message */ #define PUIDNETD_DATA_NEW 'n' /* new data */ #define PUIDNETD_DATA_OLD 'o' /* old data */ #define PUIDNETD_DATA_PUID 'p' /* PUID */ #define PUIDNETD_DATA_SEQ 'q' /* seQuence */ #define PUIDNETD_DATA_RE 'r' /* name search regular expression */ #define PUIDNETD_DATA_SID 's' /* Student ID */ #define PUIDNETD_DATA_UPUID 'u' /* updater's PUID */ #define PUIDNETD_DATA_UTM 'U' /* update time */ /* Field characters specific to the authentication DBM. */ #define PUIDNETD_DATA_AUTHC_CERT 'B' /* X.509 certificate (base 64) */ #define PUIDNETD_DATA_AUTHC_PWD 'P' /* clear-text password (base 64) */ #define PUIDNETD_DATA_AUTHC_PHASH 'H' /* password hash (base 64) */ #define PUIDNETD_DATA_AUTHC_PHASH_MODTM '.' /* password hash mod time */ #define PUIDNETD_DATA_AUTHC_REC '@' /* realm record delimiter */ #define PUIDNETD_DATA_AUTHC_RID 'I' /* realm ID (numeric) */ #define PUIDNETD_DATA_AUTHC_RNAME 'R' /* realm name */ #define PUIDNETD_DATA_AUTHC_ACLR '!' /* realm/person ACL record */ #define PUIDNETD_DATA_AUTHC_ACLPM '#' /* realm/person ACL permission mask */ #define PUIDNETD_DATA_AUTHC_TAB 'T' /* per-realm auth. session table */ #define PUIDNETD_DATA_AUTHC_BA '`' /* Bad auth. attempts since last good */ #define PUIDNETD_DATA_AUTHC_CBA '}' /* Cumulative bad auth. attempts */ #define PUIDNETD_DATA_AUTHC_CGA '{' /* Cumulative good auth. attempts */ #define PUIDNETD_DATA_AUTHC_LGA '~' /* Time of last good authentication */ #define PUIDNETD_DATA_AUTHC_FRZ '*' /* Time account was "frozen" */ /* Field characters specific to the authorization DBM. */ #define PUIDNETD_DATA_AUTHZ_CH 'E' /* authorization charactEristics */ #define PUIDNETD_DATA_AUTHZ_CHL 'L' /* comma-separated characteristic * number list */ #define PUIDNETD_DATA_AUTHZ_CHNM 'z' /* authoriZation characteristic name */ #define PUIDNETD_DATA_AUTHZ_CHNR 'Z' /* authoriZation characteristic * number */ #define PUIDNETD_DATA_AUTHZ_EXPV 'v' /* authorization expression value */ #define PUIDNETD_DATA_AUTHZ_EXP 'X' /* authorization expression */ #define PUIDNETD_DATA_CONT '+' /* continuation */ /* * Field terminator: */ #define PUIDNETD_MSGTERM '\t' /* field terminator */ /* * Protocol reply codes: * * One of these response codes begins every reply. It may be optionally * followed by a PUIDNETD_MSGTERM and a field (identifier character, optional * data, and terminator). It will end with a PUIDNETD_MSGTERM, a '\r', and a * '\n'. * * For example, * * "n\te22\t\r\n" * or * "ne22\t\r\n" * * contains a negative acknowledgement ('n'), followed by a PUIDNETD_MSGTERM * and an error code field ('e') whose error code value is "22". The error * code field is terminated with PUIDNETD_MSGTERM, followed by '\r' and '\n'. * * Also see the section of comments titled "Record length and continuations:". */ #define PUIDNETD_REPL_ACK 'a' /* positive acknowledgement */ #define PUIDNETD_REPL_CONT PUIDNETD_CMD_CONT /* continue acknowledgement */ #define PUIDNETD_REPL_NAK 'n' /* negative acknowledgement */ #define PUIDNETD_REPL_WELCOME 'w' /* welcome (ready) */ /* * Record length and continuations: * * Records may not be longer than (when issued by a net daemon are guaranteed * not to be longer than) PUIDNETD_MAXMSGL characters, including the ending * '\r' and '\n'. The user should allocate a buffer of (PUIDNETD_MAXMSGL + 1) * characters to receive input, and use length-limiting functions like read(), * fread(), or fgets() to transfer no more than PUIDNETD_MAXMSGL characters to * the buffer. With fgets(), for example, that space allocation should allow * for the string-ending '\n' and the string-terminating NUL. A message longer * than PUIDNETD_MAXMSG is considered an error. * * No single field can be longer than PUIDNETD_MAXFLDL. When the total to be * transmitted in a single command or reply is larger than PUIDNETD_MAXMSGL, * command and reply messages must be continued. * * The message to be continued must end with the PUIDNETD_DATA_CONT field * character, followed immediately by '\r' and '\n'. PUIDNETD_DATA_CONT should * follow the PUIDNETD_MSGTERM of the last field of the message and should NOT * be followed by a PUIDNETD_MSGTERM of its own. The immediately following * message should begin with a PUIDNETD_CMD_CONT command and may end with * PUIDNETD_DATA_CONT, if it is also continued. The last message of a * continuation sequence should end normally -- i.e., no PUIDNETD_DATA_CONT * character after the last PUIDNETD_MSGTERM and before the '\r' and '\n'. * * Continued command messages always require a reply -- e. g., a positive * (PUIDNETD_REPL_ACL) or negative (PUIDNETD_REPL_NAK) acknowledgement. * * Continued reply messages come in sequence and no commands may be sent * until all continuations have been sent. * * Here's an example of a continued command: * * Command sent: Reply received: * "l\t+\r\n" "a\r\r\n" * "+\t+\r\n" "a\t\r\n" * "+NFoo Bar\t\r\n" "n\te13\r\n" * * Here's an example of a continued reply: * * "n\te22\tMThis is the first message. More follow.\t+\r\n" * "+\tMThis is the second message. One more follows.\t+\r\n" * "+\tMThis is the last message. No more follow.\t\r\n" * * Note that the command or reply (a negative acknowledgement of 'n' in * the second example) must be preserved by the receiver of continued * messages. (The puidnetd_unpk() function preserves the command or reply * in the nu_cmd member of its puidnetd_unpk_t structure.) */ /* * Unpacked input string structure, produced by the puidnetd_unpfld() function * from an input string that is formed of a PUIDNETD_CMD_* or PUIDNETD_REPL_*, * optionally followed by fields identified with a PUID_DATA_* character, * terminated with PUIDNETD_MSGTERM. The entire string will end with a * PUIDNETD_MSGTERM or a PUIDNETD_DATA_CONT, and a NUL. * * !!!!NOTE!!!! The preceding paragraph specifically excludes the ending '\r' * and '\n' characters from input to puidnetd_unpfld(), and * requires that the input to puidnetd_unpfld() be NUL-terminated. * The '\r' and '\n' must be removed before the string is * supplied to puidnetd_unpfld() and the string supplied to * puidnetd_unpfld() must be terminated with a NUL character * ('\0'). Both operations can be accomplished by replacing the * ending '\r' and|or '\n' with NUL characters -- e.g., * * char buf[PUIDNETD_MAXMSGL + 1], *cp; * size_t bufl = sizeof(buf) - 1; * int cont, pcont; * puidnetd_unpk_t = u; * * pcont = 0; * (void) memset((void *)&un, 0, sizeof(puidnetd_unpk_t)); * if (fgets(buf, bufl, stdin)) { * if ((cp = strchr(buf, '\n'))) * *cp = '\0'; * if ((cont = puidnetd_unpfld(buf, u, pcont)) < 0) { * Process puidnetd_unpfld() error. * } * Process unpacked input. Handle continuation. * } * * * * For example: * * "l\tNAlfred E Newmann\taenum\t\r\n" * or * "lNAlfred E Newmann\taenum\t\r\n" * * Would be converted to the strings: * * "l\tNAlfred E Newmann\taenum\t\0" * or * "lNAlfred E Newmann\taenum\t\0" * * and supplied to puidnetd_unpfld(). It would unpack the strings into a * puidnetd_unpk_t structure having a command character element of 'l', a * common name element ('N') of "Alfred E Newman", and an alias element ('a') * of "enum". */ #define PUIDNETD_MAXFLDL 2048 /* maximum field length */ #define PUIDNETD_MAXMSGL 4095 /* maximum message length */ typedef struct puidnetd_fld { /* basic field */ char *nf_ch; /* character string address */ size_t nf_len; /* string length */ } puidnetd_fld_t; typedef struct puidnetd_authc_acl_fld { /* Access Control List (ACL) entry */ char na_op; /* operation: add, delete, modify */ puidnetd_fld_t na_puid; /* PUID to whom ACL grants permission */ unsigned long na_perms; /* permissions granted to na_puid */ puidnetd_fld_t na_crid; /* creator of this ACL entry */ puidnetd_fld_t na_crtm; /* creation time of this ACL entry */ puidnetd_fld_t na_modid; /* last modifier */ puidnetd_fld_t na_modtm; /* last modification time */ struct puidnetd_authc_acl_fld *na_nxt; /* next ACL entry */ } puidnetd_authc_acl_fld_t; /* definitions for puidnetd_authc_acl_fld_t->na_op (ACL operation type) */ #define PUIDNETD_AUTHC_ACL_OP_ADD 'a' /* Add an ACL entry */ #define PUIDNETD_AUTHC_ACL_OP_DEL 'd' /* Delete an ACL entry */ #define PUIDNETD_AUTHC_ACL_OP_MDFY 'm' /* Modify an ACL entry */ /* definitions for puidnetd_authc_acl_fld_t->na_perms (ACL permission mask */ #define PUIDNETD_AUTHC_ACLP_MP 0x1 /* modify password */ #define PUIDNETD_AUTHC_ACLP_MC 0x2 /* modify certificate */ #define PUIDNETD_AUTHC_ACLP_MAC 0x4 /* modify acl, create */ #define PUIDNETD_AUTHC_ACLP_MAD 0x8 /* modify acl, delete */ #define PUIDNETD_AUTHC_ACLP_MAM 0x10 /* modify acl, modify */ /* permission mask */ #define PUIDNETD_AUTHC_ACLP_ALL \ (PUIDNETD_AUTHC_ACLP_MP | \ PUIDNETD_AUTHC_ACLP_MC | \ PUIDNETD_AUTHC_ACLP_MAC | \ PUIDNETD_AUTHC_ACLP_MAD | \ PUIDNETD_AUTHC_ACLP_MAM ) typedef struct puidnetd_authc_fld { /* authentication realm field */ puidnetd_fld_t na_realm_id; /* numeric realm ID */ puidnetd_fld_t na_realm_name; /* character realm name */ puidnetd_fld_t na_password; /* clear text password (base 64) */ puidnetd_fld_t na_passhash; /* password hash (base 64) */ puidnetd_fld_t na_passhash_modtm; /* password hash mod time */ puidnetd_fld_t na_certificate; /* certificate (base 64) */ puidnetd_fld_t na_crid; /* creator's PUID */ puidnetd_fld_t na_crtm; /* creation time */ puidnetd_fld_t na_modid; /* last modifier's PUID */ puidnetd_fld_t na_modtm; /* last modification time */ puidnetd_fld_t na_cbadatts; /* cumulative bad auth. attempts */ puidnetd_fld_t na_cgoodatts; /* cumulative good auth. attempts */ puidnetd_fld_t na_badatts; /* number of bad auth. attempts since */ /* last successful authentication */ puidnetd_fld_t na_lastgoodauth; /* time of last successful */ /* authentication */ puidnetd_fld_t na_frozenat; /* time account was "frozen" */ puidnetd_fld_t na_attr; /* attributes */ puidnetd_authc_acl_fld_t *na_acl; /* linked list of ACL entries */ struct puidnetd_authc_fld *na_nxt; /* next record in linked list */ } puidnetd_authc_fld_t; typedef struct puidnetd_msg_fld { /* message field */ struct puidnetd_msg_fld *nm_nxt; /* next message link */ puidnetd_fld_t nm_msg; /* message */ } puidnetd_msg_fld_t; typedef struct puidnetd_rec_fld { /* general record field list */ char *nr_ch; /* field start */ size_t nr_len; /* length, including start of record * characters, but excluding end of * record characters */ struct puidnetd_rec_fld *nr_nxt; /* next general field */ } puidnetd_rec_fld_t; typedef struct puidnetd_zch_fld { /* authorization charactEristics */ puidnetd_fld_t nz_char; /* charactEristic code -- a list of * basic word values in the forms: * * + starting a characteristic list * field indicates it is a * a continuation of a previous * field. * (+ = PUIDNETDZ_CHTY_CONT) * * <dec> = decimal characteristic * number (global) * * g<dec> = decimal characteristic * number (global) * (g = PUIDNETDZ_CHTY_GLOB) * * p<dec> = decimal characteristic * number (private) * (p = PUIDNETDZ_CHTY_PRIV) * * w<x>|<x>... = set of hexidecimal * values for the basic * characteristics words * (All words must be * represented.) * (w = PUIDNETDZ_CHTY_BWD) * * The above forms may be optionally * followed by this suffix: * * (<crid>,<crtm>) = creator PUID * (crid) and * creation time * (crtm). The * enclosing * parentheses are * required. * * Multiple values may be separated by * commas. */ struct puidnetd_zch_fld *nz_nxt; /* next charactEristic */ } puidnetd_zch_fld_t; typedef struct puidnetd_zchl_fld { puidnetd_fld_t zl_num; /* comma-separated characteristic * number list */ struct puidnetd_zchl_fld *zl_nxt; /* next list entry */ } puidnetd_zchl_fld_t; typedef struct puidnetd_unpk { puidnetd_fld_t nu_aka; /* alias */ puidnetd_fld_t nu_attr; /* attributes */ puidnetd_authc_fld_t *nu_auth; /* authentication realm records */ puidnetd_fld_t nu_chnm; /* characteristic name */ puidnetd_fld_t nu_chnr; /* characteristic number */ char nu_cmd; /* command */ puidnetd_fld_t nu_cnm; /* common name */ puidnetd_fld_t nu_crid; /* creator PUID */ puidnetd_fld_t nu_crtm; /* creation time */ puidnetd_fld_t nu_epuid; /* effective PUID */ puidnetd_fld_t nu_errc; /* error code */ puidnetd_fld_t nu_exp; /* authorization expression */ puidnetd_fld_t nu_expv; /* authorization expression value */ puidnetd_fld_t nu_fmsg; /* freeze message (RADIUS) */ puidnetd_fld_t nu_hrid; /* Human Resources ID */ puidnetd_fld_t nu_modid; /* last updater's PUID */ puidnetd_fld_t nu_modtm; /* last update time */ puidnetd_msg_fld_t *nu_msg; /* messages */ puidnetd_fld_t nu_puid; /* PUID */ puidnetd_fld_t nu_re; /* name search regular expression */ puidnetd_rec_fld_t *nu_rec; /* general record fields */ puidnetd_fld_t nu_seq; /* seQuence */ puidnetd_fld_t nu_sid; /* Student ID */ puidnetd_zch_fld_t *nu_zch; /* authorization charactEristics */ puidnetd_zchl_fld_t *nu_zchl; /* comma-separated characteristic * number list */ } puidnetd_unpk_t; #define PUIDNETD_MCBINCR 4 /* PuidnetdMcb[] allocation increment */ typedef struct puidnetd_mcbuf { /* message copy buffer allocation */ char *buf; /* buffer address */ size_t bufl; /* buffer length */ puidnetd_unpk_t *u; /* assigned to this unpack structure * (NULL if unassigned) * 1 == assigned */ } puidnetd_mcbuf_t; #define PUIDNETD_UPQINCR 4 /* PuidetdUpQ[] allocation increment */ typedef struct puidnetd_upqueue { /* unpack queue entry */ int st; /* status: 0 = available, 1 = in use */ puidnetd_unpk_t *u; /* associated unpack structure */ } puidnetd_upqueue_t; /* * Characteristics definitions and structures */ #define PUIDNETDZ_CHTY_BWD 'w' /* basic words */ #define PUIDNETDZ_CHTY_CONT '+' /* continuation */ #define PUIDNETDZ_CHTY_GLOB 'g' /* global */ #define PUIDNETDZ_CHTY_PRIV 'p' /* private */ #define PUIDNETDZ_MINCH 0 /* minimum characteristic number */ #define PUIDNETDZ_MAXCH 0x3fffffff /* maximum characteristic number */ #define PUIDNETDZ_MAXCHD 9 /* maximum digits in a characteristic */ #define PUIDNETDZ_BCBPW 32 /* basic characteristics bits/word */ #define PUIDNETDZ_BCMAX 32 /* maximum basic characteristic */ #define PUIDNETDZ_BCWORDS ((PUIDNETDZ_BCMAX - PUIDNETDZ_MINCH + 31) / 32) /* number of basic 32 bit words */ typedef struct puidnetdz_chasm { int ch; /* characteristic number -- -1 if this * is an entry for basic * characteristics word values */ puid_t crid; /* creator's PUID */ puidtm_t crtm; /* creation time */ char ot; /* origination type -- see the * PUIDNETDZ_CHTY* symbols */ PUID_UINT32_T wv[PUIDNETDZ_BCWORDS]; /* word values */ } puidnetdz_chasm_t; /* * Externals: * * These are found in the PUID library, libpuid.a, and in the * library source files puidnetd_errlist.c and puidnetd_unpk.c. */ extern puidnetd_unpk_t *puidnetd_allocup(void); extern int puidnetd_ckcd(char *pc, size_t pcl, puid_t pb); extern void puidnetd_clrunp(puidnetd_unpk_t *u, int d); extern int puidnetd_cvtpuid(char *c, size_t l, puid_t *p); extern int puidnetd_errno; extern puidnetd_unpk_t *puidnetd_findup(void); extern int puidnetd_freeup(puidnetd_unpk_t *u); extern char *puidnetd_puid2str(puid_t puid, char *abuf, size_t abufl); extern char *puidnetd_strerror(int e); extern int puidnetd_unpfld(char *m, puidnetd_unpk_t *r, int t); extern int puidnetd_unptm(char *c, size_t l, puidtm_t *r); extern int puidnetdz_asmch(char *z, size_t l, puidnetdz_chasm_t **c, int *n); #endif /* !defined(PUIDNETD_H) */