/*
* puidnetd.h -- definitions for PUID reflector net daemon protocol
*
* V. Abell
* Purdue University Computing Center
*/
/*
* Copyright 1999 Purdue Research Foundation, West Lafayette, Indiana
* 47907. All rights reserved.
*
* Written by V. Abell
*
* This software is not subject to any license of the American Telephone
* and Telegraph Company or the Regents of the University of California.
*
* Permission is granted to anyone to use this software for any purpose on
* any computer system, and to alter it and redistribute it freely, subject
* to the following restrictions:
*
* 1. Neither the authors nor Purdue University are responsible for any
* consequences of the use of this software.
*
* 2. The origin of this software must not be misrepresented, either by
* explicit claim or by omission. Credit to the authors and Purdue
* University must appear in documentation and sources.
*
* 3. Altered versions must be plainly marked as such, and must not be
* misrepresented as being the original software.
*
* 4. This notice may not be removed or altered.
*/
#if !defined(PUIDNETD_H)
#define PUIDNETD_H 1
#include "../include/puid_types.h"
/*
* Net daemon PUIDs -- for use by clients to establish that the connected
* server is the correct one
*/
#define PUIDNETD_PUID_OID_I2A2 "1.3.6.1.4.1.4440.4.4.1.1.4"
/* X.509 object ID (OID) for
* PUID in I2A2 OID subtree */
#define PUIDNETD_PUID_OID_PACE "2.16.840.1.113531.5.8.4.1.1"
/* X.509 object ID (OID) for
* PUID in PACE OID subtree --
* this OID is obsolescent and
* is retained until all X.509
* certificates containing it
* have expired. Use
* PUIDNETD_PUID_OID_I2A2
* wherever possible. */
#define PUIDNETD_AUTHC_CSER "E464D63CB3" /* authcnetd's certificate
* serial number */
#define PUIDNETD_AUTHC_PUID 13203467 /* authcnetd's PUID */
#define PUIDNETD_AUTHZ_CSER "E464D63B9A" /* authznetd's certificate
* serial number */
#define PUIDNETD_AUTHZ_PUID 13203475 /* authznetd's PUID */
#define PUIDNETD_REFL_CSER "E464D63A90" /* reflnetd's certificate
* serial number */
#define PUIDNETD_REFL_PUID 13203483 /* reflnetd's PUID */
/*
* Net daemon host names
*/
#define PUIDNETD_HOST_AUTHC "authenticate.i2a2.purdue.edu"
/* authenticator */
#define PUIDNETD_HOST_AUTHZ "authorize.i2a2.purdue.edu"
/* authorizer */
#define PUIDNETD_HOST_REFL "lookup.i2a2.purdue.edu"
/* reflector */
/*
* Net daemon host names for testing
*/
#define PUIDNETD_HOST_AUTHC_TST "dbm-dev.i2a2.purdue.edu"
/* authenticator */
#define PUIDNETD_HOST_AUTHZ_TST "dbm-dev.i2a2.purdue.edu"
/* authorizer */
#define PUIDNETD_HOST_REFL_TST "dbm-dev.i2a2.purdue.edu"
/* reflector */
/*
* Net daemon plain text service names and ports
*
* Note: use getservbyname() on the service name before using the port number.
*/
#define PUIDNETD_SVC_AUTHC "authc" /* authenticator */
#define PUIDNETD_PORT_AUTHC 1561
#define PUIDNETD_SVC_AUTHZ "authz" /* authorizer */
#define PUIDNETD_PORT_AUTHZ 1563
#define PUIDNETD_SVC_REFL "refl" /* reflector */
#define PUIDNETD_PORT_REFL 1565
/*
* Net daemon SSL service names and ports
*
* Note: use getservbyname() on the service name before using the port number.
*/
#define PUIDNETD_SVC_SSL_AUTHC "authcs" /* authenticator */
#define PUIDNETD_PORT_SSL_AUTHC 1562
#define PUIDNETD_SVC_SSL_AUTHZ "authzs" /* authorizer */
#define PUIDNETD_PORT_SSL_AUTHZ 1564
#define PUIDNETD_SVC_SSL_REFL "refls" /* reflector */
#define PUIDNETD_PORT_SSL_REFL 1566
/*
* Default public certificate directory for the default UNIX OpenSSL
* installation
*/
#define PUIDNETD_PUB_CERTS "/opt/openssl/certs"
/*
* Protocol commands:
*
* A protocol command is the first character of the input string. It may
* be followed by an optional PUIDNETD_MSGTERM (terminator) character and
* fields (see PUIDNETD_DATA_*). The input string line must end with a
* PUIDNETD_MSGTERM, an optional '\r', and a required '\n'.
*
* The input string should contain no non-printable characters other than
* PUIDNETD_MSGTERM, '\r, and '\n'. The net daemons perform backspace ('\b'
* and '\177`) processing in case input is coming from telnet clients that
* don't already do that before sending lines.
*
* Clients of the net daemons need not do backspace processing, but they
* may want to strip incoming line string of their trailing '\r' and '\n'
* characters. (The '\r' is a DOS concession.)
*
* Here is a quit command string:
*
* "q\t\n"
*
* Also see the section of comments titled "Record length and continuations:".
*/
#define PUIDNETD_CMD_AUTHC 'a' /* AUTHentiCate */
#define PUIDNETD_CMD_CHLKUP 'C' /* look up authorization characteristic
* name or number */
#define PUIDNETD_CMD_CONT '+' /* continue previous command */
#define PUIDNETD_CMD_GETINFO 'i' /* get DBM info -- see PUIDNETD_GIFO_*
* symbols */
#define PUIDNETD_CMD_JOIN 'j' /* join (to a realm) */
#define PUIDNETD_CMD_LOOKUP 'l' /* lookup */
#define PUIDNETD_CMD_LSTCH 'L' /* get authorization characteristic
* list (may require PUID_ACL_M_LSTCH
* ACL permission) */
#define PUIDNETD_CMD_MODIFY 'm' /* modify */
#define PUIDNETD_CMD_MINE 'I' /* mIne */
#define PUIDNETD_CMD_QUIT 'q' /* quit */
#define PUIDNETD_CMD_UNJOIN 'u' /* unjoin (from a realm) */
/*
* Get-info sub-commands, delivered in a PUIDNETD_DATA_MSG field of a
* PUIDNETD_CMD_GETINFO command.
*
* If no PUIDNETD_DATA_MSG field accompanies a PUID_CMD_GETINFO command,
* the command is rejected.
*/
#define PUIDNETD_GIFO_ALL 'A' /* get all statistics */
#define PUIDNETD_GIFO_AKA 'a' /* get alias statistics */
#define PUIDNETD_GIFO_CN 'n' /* get common name statistics */
#define PUIDNETD_GIFO_GETACL 'b' /* get a PUID's ACL bits */
#define PUIDNETD_GIFO_ID 's' /* get SID|SSN statistics */
#define PUIDNETD_GIFO_PUID 'p' /* get PUID statistics */
#define PUIDNETD_GIFO_REALMS 'r' /* get statistics for authentication
* realms */
#define PUIDNETD_GIFO_Q 'q' /* get queue statistics */
/*
* DBM ACL mode symbols
*/
#define PUIDNETD_ACL_M_RD 0x1 /* read permission */
#define PUIDNETD_ACL_M_WRM 0x2 /* write|modify permission */
#define PUIDNETD_ACL_M_DIS 0x4 /* disable|enable permission */
#define PUIDNETD_ACL_M_BKR 0x8 /* backup and rebuild permission */
#define PUIDNETD_ACL_M_CR 0x10 /* create permission */
#define PUIDNETD_ACL_M_DBM 0x20 /* can run DBM */
#define PUIDNETD_ACL_M_PDMP 0x40 /* can dump a person's record */
#define PUIDNETD_ACL_M_SLKU 0x80 /* can look up by or display HRID|SID
* (needed with PUIDNETD_ACL_M_MINE
* to "mine" * HRID|SID) */
#define PUIDNETD_ACL_M_MINE 0x100 /* can "mine" a person's record, but not
* necessarily its HRID|SID (that
* requires PUIDNETD_ACL_M_SLKU) */
#define PUIDNETD_ACL_M_CH 0x200 /* can replace global characteristics */
#define PUIDNETD_ACL_M_DEL 0x400 /* delete permission */
#define PUIDNETD_ACL_M_CNMR 0x800 /* can get multiple results from a
* reflector common name search */
#define PUIDNETD_ACL_M_CCRL 0x1000 /* can change regular expression lookup
* limits above defaults */
#define PUIDNETD_ACL_M_EPUID 0x2000 /* can set an effective PUID */
#define PUIDNETD_ACL_M_GETACL 0x4000 /* can get a PUID's ACL bits */
#define PUIDNETD_ACL_M_ALL (PUIDNETD_ACL_M_RD | PUIDNETD_ACL_M_WRM | \
PUIDNETD_ACL_M_DIS | PUIDNETD_ACL_M_BKR | \
PUIDNETD_ACL_M_CR | PUIDNETD_ACL_M_DBM | \
PUIDNETD_ACL_M_PDMP | PUIDNETD_ACL_M_SLKU | \
PUIDNETD_ACL_M_MINE | PUIDNETD_ACL_M_CH | \
PUIDNETD_ACL_M_DEL | PUIDNETD_ACL_M_CNMR | \
PUIDNETD_ACL_M_CCRL | PUIDNETD_ACL_M_EPUID | \
PUIDNETD_ACL_M_GETACL)
/*
* Error codes
*
* These codes appear in a PUIDNETD_DATA_ERRC field.
*/
#define PUIDNETD_ECCDBM 1 /* Can't contact DBM */
#define PUIDNETD_EUCMD 2 /* Unknown command */
#define PUIDNETD_EPNF 3 /* Person not found */
#define PUIDNETD_ENOSEP 4 /* Missing separator */
#define PUIDNETD_EINTERNAL 5 /* Internal error */
#define PUIDNETD_ENOMEM 6 /* No memory */
#define PUIDNETD_EMSHT 7 /* Message too short */
#define PUIDNETD_EFLDSHT 8 /* Field too short */
#define PUIDNETD_EFLDTL 9 /* Field too long */
#define PUIDNETD_EILLCH 10 /* Illegal character in string */
#define PUIDNETD_EILLFT 11 /* Illegal field terminator */
#define PUIDNETD_EUPNF 12 /* Unpack structure not found */
#define PUIDNETD_EUDTY 13 /* Unknown data type */
#define PUIDNETD_EDUPFLD 14 /* Duplicate field */
#define PUIDNETD_ECONT 15 /* Continuation missing or unexpected */
#define PUIDNETD_ENOCMD 16 /* No command */
#define PUIDNETD_EDBME 17 /* DBM returned an error */
#define PUIDNETD_EWRDBM 18 /* Error writing to DBM */
#define PUIDNETD_ERDDBM 19 /* Error reading from DBM */
#define PUIDNETD_EUNPDBM 20 /* Error unpacking DBM reply */
#define PUIDNETD_EUNDBMR 21 /* Unknown DBM response */
#define PUIDNETD_ERECFLD 22 /* Illegal record field */
#define PUIDNETD_ECHTY 23 /* Illegal characteristic type */
#define PUIDNETD_ECHFMT 24 /* Characteristic field format error */
#define PUIDNETD_ECHVAL 25 /* Illegal characteristic value */
#define PUIDNETD_ECHCRIT 26 /* Illegal characteristic creation */
#define PUIDNETD_ESYSCALL 27 /* UNIX system call failure */
#define PUIDNETD_EGIFO 28 /* Error in GIFO sub-command */
#define PUIDNETD_ECKDF 29 /* PUID check digit error */
#define PUIDNETD_EILLPUID 30 /* Illegal PUID */
#define PUIDNETD_EILLTM 31 /* Illegal time value */
#define PUIDNETD_EAUTHRNC 32 /* Authentication record not closed */
#define PUIDNETD_EIAUTHACLR 33 /* Illegal authentication ACL record */
#define PUIDNETD_EIAUTHACLPM 34 /* Illegal authentication ACL mask */
#define PUIDNETD_EAUTHACLNC 35 /* Authentication ACL not closed */
#define PUIDNETD_ECERTSER 36 /* Certificate serial number error */
#define PUIDNETD_EIRR 37 /* Incomplete realm record */
#define PUIDNETD_EMPOA 38 /* Missing PUID or AKA */
#define PUIDNETD_ENSAR 39 /* No such authentication realm */
#define PUIDNETD_EENOTIMP 40 /* Encryption type not implemented */
#define PUIDNETD_EUAE 41 /* Unspecified authentication error */
#define PUIDNETD_EPORSSL 42 /* Password operations require SSL */
#define PUIDNETD_EILLB64CH 43 /* Illegal base 64 character */
#define PUIDNETD_EDB64S 44 /* Error decoding base 64 string */
#define PUIDNETD_EMRN 45 /* Missing realm name */
#define PUIDNETD_EREMU 46 /* Realm encryption method undefined */
#define PUIDNETD_EICD 47 /* Illegal client data */
#define PUIDNETD_ECERTERR 48 /* Certificate error */
#define PUIDNETD_ENRETD 49 /* No realm encryption type defined */
/*
* Field characters
*
* After the first characters of the string, which may be a command (see the
* PUIDNETD_CMD_* definitions) or a reply (see the PUIDNETD_REPLY_*
* definitions) and a PUIDNETD_MSGTERM, input and output data may be present in
* fields.
*
* Each field is identified with a leading character from the following
* PUIDNETD_DATA_* definitions. Optional data follows. The field must be
* terminated with the PUIDNETD_MSGTERM character and must not contain it.
*
* Multiple fields may be present, each identified with its PUIDNETD_DATA_*
* character, followed by optional data, and a PUIDNETD_MSGTERM.
*
* Here's an example of a lookup command (PUIDNETD_CMD_LOOKUP) that is
* accompanied by PUID 1234567 (PUIDNETD_DATA_PUID).
*
* "l\tp1234567\t\n"
* or
* "lp1234567\t\n"
*
* This lookup command is accompanied by an alias and a boolean expression.
*
* "l\taabcdef\tX(01 & (~02))\t\n"
* or
* "laabcdef\tX(01 & (~02))\t\n"
*
* Also see the section of comments titled "Record length and continuations:".
*/
#define PUIDNETD_DATA_AKA 'a' /* alias */
#define PUIDNETD_DATA_ATTR 'i' /* attributes */
#define PUIDNETD_DATA_CNM 'N' /* common name */
#define PUIDNETD_DATA_CRID 'c' /* creator PUID */
#define PUIDNETD_DATA_CRTM '>' /* creation time */
#define PUIDNETD_DATA_EPUID 'V' /* effectiVe PUID */
#define PUIDNETD_DATA_ERRC 'e' /* error code */
#define PUIDNETD_DATA_FMSG 'f' /* freeze message (RADIUS) */
#define PUIDNETD_DATA_HRID 'h' /* Human Resources ID */
#define PUIDNETD_DATA_MDFY 'Y' /* modificatioN record */
#define PUIDNETD_DATA_MSG 'M' /* message */
#define PUIDNETD_DATA_NEW 'n' /* new data */
#define PUIDNETD_DATA_OLD 'o' /* old data */
#define PUIDNETD_DATA_PUID 'p' /* PUID */
#define PUIDNETD_DATA_SEQ 'q' /* seQuence */
#define PUIDNETD_DATA_RE 'r' /* name search regular expression */
#define PUIDNETD_DATA_SID 's' /* Student ID */
#define PUIDNETD_DATA_UPUID 'u' /* updater's PUID */
#define PUIDNETD_DATA_UTM 'U' /* update time */
/* Field characters specific to the authentication DBM. */
#define PUIDNETD_DATA_AUTHC_CERT 'B' /* X.509 certificate (base 64) */
#define PUIDNETD_DATA_AUTHC_PWD 'P' /* clear-text password (base 64) */
#define PUIDNETD_DATA_AUTHC_PHASH 'H' /* password hash (base 64) */
#define PUIDNETD_DATA_AUTHC_PHASH_MODTM '.' /* password hash mod time */
#define PUIDNETD_DATA_AUTHC_REC '@' /* realm record delimiter */
#define PUIDNETD_DATA_AUTHC_RID 'I' /* realm ID (numeric) */
#define PUIDNETD_DATA_AUTHC_RNAME 'R' /* realm name */
#define PUIDNETD_DATA_AUTHC_ACLR '!' /* realm/person ACL record */
#define PUIDNETD_DATA_AUTHC_ACLPM '#' /* realm/person ACL permission mask */
#define PUIDNETD_DATA_AUTHC_TAB 'T' /* per-realm auth. session table */
#define PUIDNETD_DATA_AUTHC_BA '`' /* Bad auth. attempts since last good */
#define PUIDNETD_DATA_AUTHC_CBA '}' /* Cumulative bad auth. attempts */
#define PUIDNETD_DATA_AUTHC_CGA '{' /* Cumulative good auth. attempts */
#define PUIDNETD_DATA_AUTHC_LGA '~' /* Time of last good authentication */
#define PUIDNETD_DATA_AUTHC_FRZ '*' /* Time account was "frozen" */
/* Field characters specific to the authorization DBM. */
#define PUIDNETD_DATA_AUTHZ_CH 'E' /* authorization charactEristics */
#define PUIDNETD_DATA_AUTHZ_CHL 'L' /* comma-separated characteristic
* number list */
#define PUIDNETD_DATA_AUTHZ_CHNM 'z' /* authoriZation characteristic name */
#define PUIDNETD_DATA_AUTHZ_CHNR 'Z' /* authoriZation characteristic
* number */
#define PUIDNETD_DATA_AUTHZ_EXPV 'v' /* authorization expression value */
#define PUIDNETD_DATA_AUTHZ_EXP 'X' /* authorization expression */
#define PUIDNETD_DATA_CONT '+' /* continuation */
/*
* Field terminator:
*/
#define PUIDNETD_MSGTERM '\t' /* field terminator */
/*
* Protocol reply codes:
*
* One of these response codes begins every reply. It may be optionally
* followed by a PUIDNETD_MSGTERM and a field (identifier character, optional
* data, and terminator). It will end with a PUIDNETD_MSGTERM, a '\r', and a
* '\n'.
*
* For example,
*
* "n\te22\t\r\n"
* or
* "ne22\t\r\n"
*
* contains a negative acknowledgement ('n'), followed by a PUIDNETD_MSGTERM
* and an error code field ('e') whose error code value is "22". The error
* code field is terminated with PUIDNETD_MSGTERM, followed by '\r' and '\n'.
*
* Also see the section of comments titled "Record length and continuations:".
*/
#define PUIDNETD_REPL_ACK 'a' /* positive acknowledgement */
#define PUIDNETD_REPL_CONT PUIDNETD_CMD_CONT
/* continue acknowledgement */
#define PUIDNETD_REPL_NAK 'n' /* negative acknowledgement */
#define PUIDNETD_REPL_WELCOME 'w' /* welcome (ready) */
/*
* Record length and continuations:
*
* Records may not be longer than (when issued by a net daemon are guaranteed
* not to be longer than) PUIDNETD_MAXMSGL characters, including the ending
* '\r' and '\n'. The user should allocate a buffer of (PUIDNETD_MAXMSGL + 1)
* characters to receive input, and use length-limiting functions like read(),
* fread(), or fgets() to transfer no more than PUIDNETD_MAXMSGL characters to
* the buffer. With fgets(), for example, that space allocation should allow
* for the string-ending '\n' and the string-terminating NUL. A message longer
* than PUIDNETD_MAXMSG is considered an error.
*
* No single field can be longer than PUIDNETD_MAXFLDL. When the total to be
* transmitted in a single command or reply is larger than PUIDNETD_MAXMSGL,
* command and reply messages must be continued.
*
* The message to be continued must end with the PUIDNETD_DATA_CONT field
* character, followed immediately by '\r' and '\n'. PUIDNETD_DATA_CONT should
* follow the PUIDNETD_MSGTERM of the last field of the message and should NOT
* be followed by a PUIDNETD_MSGTERM of its own. The immediately following
* message should begin with a PUIDNETD_CMD_CONT command and may end with
* PUIDNETD_DATA_CONT, if it is also continued. The last message of a
* continuation sequence should end normally -- i.e., no PUIDNETD_DATA_CONT
* character after the last PUIDNETD_MSGTERM and before the '\r' and '\n'.
*
* Continued command messages always require a reply -- e. g., a positive
* (PUIDNETD_REPL_ACL) or negative (PUIDNETD_REPL_NAK) acknowledgement.
*
* Continued reply messages come in sequence and no commands may be sent
* until all continuations have been sent.
*
* Here's an example of a continued command:
*
* Command sent: Reply received:
* "l\t+\r\n" "a\r\r\n"
* "+\t+\r\n" "a\t\r\n"
* "+NFoo Bar\t\r\n" "n\te13\r\n"
*
* Here's an example of a continued reply:
*
* "n\te22\tMThis is the first message. More follow.\t+\r\n"
* "+\tMThis is the second message. One more follows.\t+\r\n"
* "+\tMThis is the last message. No more follow.\t\r\n"
*
* Note that the command or reply (a negative acknowledgement of 'n' in
* the second example) must be preserved by the receiver of continued
* messages. (The puidnetd_unpk() function preserves the command or reply
* in the nu_cmd member of its puidnetd_unpk_t structure.)
*/
/*
* Unpacked input string structure, produced by the puidnetd_unpfld() function
* from an input string that is formed of a PUIDNETD_CMD_* or PUIDNETD_REPL_*,
* optionally followed by fields identified with a PUID_DATA_* character,
* terminated with PUIDNETD_MSGTERM. The entire string will end with a
* PUIDNETD_MSGTERM or a PUIDNETD_DATA_CONT, and a NUL.
*
* !!!!NOTE!!!! The preceding paragraph specifically excludes the ending '\r'
* and '\n' characters from input to puidnetd_unpfld(), and
* requires that the input to puidnetd_unpfld() be NUL-terminated.
* The '\r' and '\n' must be removed before the string is
* supplied to puidnetd_unpfld() and the string supplied to
* puidnetd_unpfld() must be terminated with a NUL character
* ('\0'). Both operations can be accomplished by replacing the
* ending '\r' and|or '\n' with NUL characters -- e.g.,
*
* char buf[PUIDNETD_MAXMSGL + 1], *cp;
* size_t bufl = sizeof(buf) - 1;
* int cont, pcont;
* puidnetd_unpk_t = u;
*
* pcont = 0;
* (void) memset((void *)&un, 0, sizeof(puidnetd_unpk_t));
* if (fgets(buf, bufl, stdin)) {
* if ((cp = strchr(buf, '\n')))
* *cp = '\0';
* if ((cont = puidnetd_unpfld(buf, u, pcont)) < 0) {
* Process puidnetd_unpfld() error.
* }
* Process unpacked input. Handle continuation.
* }
*
*
*
* For example:
*
* "l\tNAlfred E Newmann\taenum\t\r\n"
* or
* "lNAlfred E Newmann\taenum\t\r\n"
*
* Would be converted to the strings:
*
* "l\tNAlfred E Newmann\taenum\t\0"
* or
* "lNAlfred E Newmann\taenum\t\0"
*
* and supplied to puidnetd_unpfld(). It would unpack the strings into a
* puidnetd_unpk_t structure having a command character element of 'l', a
* common name element ('N') of "Alfred E Newman", and an alias element ('a')
* of "enum".
*/
#define PUIDNETD_MAXFLDL 2048 /* maximum field length */
#define PUIDNETD_MAXMSGL 4095 /* maximum message length */
typedef struct puidnetd_fld { /* basic field */
char *nf_ch; /* character string address */
size_t nf_len; /* string length */
} puidnetd_fld_t;
typedef struct puidnetd_authc_acl_fld { /* Access Control List (ACL) entry */
char na_op; /* operation: add, delete, modify */
puidnetd_fld_t na_puid; /* PUID to whom ACL grants permission */
unsigned long na_perms; /* permissions granted to na_puid */
puidnetd_fld_t na_crid; /* creator of this ACL entry */
puidnetd_fld_t na_crtm; /* creation time of this ACL entry */
puidnetd_fld_t na_modid; /* last modifier */
puidnetd_fld_t na_modtm; /* last modification time */
struct puidnetd_authc_acl_fld *na_nxt; /* next ACL entry */
} puidnetd_authc_acl_fld_t;
/* definitions for puidnetd_authc_acl_fld_t->na_op (ACL operation type) */
#define PUIDNETD_AUTHC_ACL_OP_ADD 'a' /* Add an ACL entry */
#define PUIDNETD_AUTHC_ACL_OP_DEL 'd' /* Delete an ACL entry */
#define PUIDNETD_AUTHC_ACL_OP_MDFY 'm' /* Modify an ACL entry */
/* definitions for puidnetd_authc_acl_fld_t->na_perms (ACL permission mask */
#define PUIDNETD_AUTHC_ACLP_MP 0x1 /* modify password */
#define PUIDNETD_AUTHC_ACLP_MC 0x2 /* modify certificate */
#define PUIDNETD_AUTHC_ACLP_MAC 0x4 /* modify acl, create */
#define PUIDNETD_AUTHC_ACLP_MAD 0x8 /* modify acl, delete */
#define PUIDNETD_AUTHC_ACLP_MAM 0x10 /* modify acl, modify */
/* permission mask */
#define PUIDNETD_AUTHC_ACLP_ALL \
(PUIDNETD_AUTHC_ACLP_MP | \
PUIDNETD_AUTHC_ACLP_MC | \
PUIDNETD_AUTHC_ACLP_MAC | \
PUIDNETD_AUTHC_ACLP_MAD | \
PUIDNETD_AUTHC_ACLP_MAM )
typedef struct puidnetd_authc_fld { /* authentication realm field */
puidnetd_fld_t na_realm_id; /* numeric realm ID */
puidnetd_fld_t na_realm_name; /* character realm name */
puidnetd_fld_t na_password; /* clear text password (base 64) */
puidnetd_fld_t na_passhash; /* password hash (base 64) */
puidnetd_fld_t na_passhash_modtm; /* password hash mod time */
puidnetd_fld_t na_certificate; /* certificate (base 64) */
puidnetd_fld_t na_crid; /* creator's PUID */
puidnetd_fld_t na_crtm; /* creation time */
puidnetd_fld_t na_modid; /* last modifier's PUID */
puidnetd_fld_t na_modtm; /* last modification time */
puidnetd_fld_t na_cbadatts; /* cumulative bad auth. attempts */
puidnetd_fld_t na_cgoodatts; /* cumulative good auth. attempts */
puidnetd_fld_t na_badatts; /* number of bad auth. attempts since */
/* last successful authentication */
puidnetd_fld_t na_lastgoodauth; /* time of last successful */
/* authentication */
puidnetd_fld_t na_frozenat; /* time account was "frozen" */
puidnetd_fld_t na_attr; /* attributes */
puidnetd_authc_acl_fld_t *na_acl; /* linked list of ACL entries */
struct puidnetd_authc_fld *na_nxt; /* next record in linked list */
} puidnetd_authc_fld_t;
typedef struct puidnetd_msg_fld { /* message field */
struct puidnetd_msg_fld *nm_nxt;
/* next message link */
puidnetd_fld_t nm_msg; /* message */
} puidnetd_msg_fld_t;
typedef struct puidnetd_rec_fld { /* general record field list */
char *nr_ch; /* field start */
size_t nr_len; /* length, including start of record
* characters, but excluding end of
* record characters */
struct puidnetd_rec_fld *nr_nxt;
/* next general field */
} puidnetd_rec_fld_t;
typedef struct puidnetd_zch_fld { /* authorization charactEristics */
puidnetd_fld_t nz_char; /* charactEristic code -- a list of
* basic word values in the forms:
*
* + starting a characteristic list
* field indicates it is a
* a continuation of a previous
* field.
* (+ = PUIDNETDZ_CHTY_CONT)
*
* <dec> = decimal characteristic
* number (global)
*
* g<dec> = decimal characteristic
* number (global)
* (g = PUIDNETDZ_CHTY_GLOB)
*
* p<dec> = decimal characteristic
* number (private)
* (p = PUIDNETDZ_CHTY_PRIV)
*
* w<x>|<x>... = set of hexidecimal
* values for the basic
* characteristics words
* (All words must be
* represented.)
* (w = PUIDNETDZ_CHTY_BWD)
*
* The above forms may be optionally
* followed by this suffix:
*
* (<crid>,<crtm>) = creator PUID
* (crid) and
* creation time
* (crtm). The
* enclosing
* parentheses are
* required.
*
* Multiple values may be separated by
* commas.
*/
struct puidnetd_zch_fld *nz_nxt; /* next charactEristic */
} puidnetd_zch_fld_t;
typedef struct puidnetd_zchl_fld {
puidnetd_fld_t zl_num; /* comma-separated characteristic
* number list */
struct puidnetd_zchl_fld *zl_nxt;
/* next list entry */
} puidnetd_zchl_fld_t;
typedef struct puidnetd_unpk {
puidnetd_fld_t nu_aka; /* alias */
puidnetd_fld_t nu_attr; /* attributes */
puidnetd_authc_fld_t *nu_auth; /* authentication realm records */
puidnetd_fld_t nu_chnm; /* characteristic name */
puidnetd_fld_t nu_chnr; /* characteristic number */
char nu_cmd; /* command */
puidnetd_fld_t nu_cnm; /* common name */
puidnetd_fld_t nu_crid; /* creator PUID */
puidnetd_fld_t nu_crtm; /* creation time */
puidnetd_fld_t nu_epuid; /* effective PUID */
puidnetd_fld_t nu_errc; /* error code */
puidnetd_fld_t nu_exp; /* authorization expression */
puidnetd_fld_t nu_expv; /* authorization expression value */
puidnetd_fld_t nu_fmsg; /* freeze message (RADIUS) */
puidnetd_fld_t nu_hrid; /* Human Resources ID */
puidnetd_fld_t nu_modid; /* last updater's PUID */
puidnetd_fld_t nu_modtm; /* last update time */
puidnetd_msg_fld_t *nu_msg; /* messages */
puidnetd_fld_t nu_puid; /* PUID */
puidnetd_fld_t nu_re; /* name search regular expression */
puidnetd_rec_fld_t *nu_rec; /* general record fields */
puidnetd_fld_t nu_seq; /* seQuence */
puidnetd_fld_t nu_sid; /* Student ID */
puidnetd_zch_fld_t *nu_zch; /* authorization charactEristics */
puidnetd_zchl_fld_t *nu_zchl; /* comma-separated characteristic
* number list */
} puidnetd_unpk_t;
#define PUIDNETD_MCBINCR 4 /* PuidnetdMcb[] allocation increment */
typedef struct puidnetd_mcbuf { /* message copy buffer allocation */
char *buf; /* buffer address */
size_t bufl; /* buffer length */
puidnetd_unpk_t *u; /* assigned to this unpack structure
* (NULL if unassigned)
* 1 == assigned */
} puidnetd_mcbuf_t;
#define PUIDNETD_UPQINCR 4 /* PuidetdUpQ[] allocation increment */
typedef struct puidnetd_upqueue { /* unpack queue entry */
int st; /* status: 0 = available, 1 = in use */
puidnetd_unpk_t *u; /* associated unpack structure */
} puidnetd_upqueue_t;
/*
* Characteristics definitions and structures
*/
#define PUIDNETDZ_CHTY_BWD 'w' /* basic words */
#define PUIDNETDZ_CHTY_CONT '+' /* continuation */
#define PUIDNETDZ_CHTY_GLOB 'g' /* global */
#define PUIDNETDZ_CHTY_PRIV 'p' /* private */
#define PUIDNETDZ_MINCH 0 /* minimum characteristic number */
#define PUIDNETDZ_MAXCH 0x3fffffff /* maximum characteristic number */
#define PUIDNETDZ_MAXCHD 9 /* maximum digits in a characteristic */
#define PUIDNETDZ_BCBPW 32 /* basic characteristics bits/word */
#define PUIDNETDZ_BCMAX 32 /* maximum basic characteristic */
#define PUIDNETDZ_BCWORDS ((PUIDNETDZ_BCMAX - PUIDNETDZ_MINCH + 31) / 32)
/* number of basic 32 bit words */
typedef struct puidnetdz_chasm {
int ch; /* characteristic number -- -1 if this
* is an entry for basic
* characteristics word values */
puid_t crid; /* creator's PUID */
puidtm_t crtm; /* creation time */
char ot; /* origination type -- see the
* PUIDNETDZ_CHTY* symbols */
PUID_UINT32_T wv[PUIDNETDZ_BCWORDS];
/* word values */
} puidnetdz_chasm_t;
/*
* Externals:
*
* These are found in the PUID library, libpuid.a, and in the
* library source files puidnetd_errlist.c and puidnetd_unpk.c.
*/
extern puidnetd_unpk_t *puidnetd_allocup(void);
extern int puidnetd_ckcd(char *pc, size_t pcl, puid_t pb);
extern void puidnetd_clrunp(puidnetd_unpk_t *u, int d);
extern int puidnetd_cvtpuid(char *c, size_t l, puid_t *p);
extern int puidnetd_errno;
extern puidnetd_unpk_t *puidnetd_findup(void);
extern int puidnetd_freeup(puidnetd_unpk_t *u);
extern char *puidnetd_puid2str(puid_t puid, char *abuf, size_t abufl);
extern char *puidnetd_strerror(int e);
extern int puidnetd_unpfld(char *m, puidnetd_unpk_t *r, int t);
extern int puidnetd_unptm(char *c, size_t l, puidtm_t *r);
extern int puidnetdz_asmch(char *z, size_t l, puidnetdz_chasm_t **c, int *n);
#endif /* !defined(PUIDNETD_H) */
Feedback |
Contact Purdue
Maintained by: IAMO Team
Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University |
An equal access/equal opportunity university |
Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at itap@purdue.edu or (765) 494-4000.