Home | History | Annotate | Download | only in rpcsvc
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 /*
     22  * NIS+ password update protocol
     23  *
     24  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     25  * Use is subject to license terms.
     26  *
     27  */
     28 
     29 %#include <limits.h>
     30 
     31 /*
     32  * Protocol description:
     33  * 	Request from client:
     34  * Key_type = DES; CK = common DES key generated from Pub.D and Sec.C
     35  *	Response from daemon:
     36  * Key_type = DES; CK = common DES key generated from Pub.C and Sec.D
     37  *
     38  * Client							Daemon
     39  *
     40  *  ------------------------------------------------------------------->
     41  *  [ Username, Domain, Key_type, Publickey.C, CK(clear_password), ID ]
     42  *
     43  *
     44  *  <-------------------------------------------------------------------
     45  *		[NPD_SUCCESS, CK(ID, Random_value) ]
     46  *		[NPD_TRYAGAIN, CK(ID, Random_value) ]
     47  *		[NPD_FAILED, <code> ]
     48  *
     49  *		{ repeat above req/resp as necessary }
     50  *
     51  *  -------------------------------------------------------------------->
     52  *		[ ID, CK(R, clear_new_passwd), other_passwd_info ]
     53  *
     54  *
     55  *  <--------------------------------------------------------------------
     56  *		[NPD_SUCCESS]
     57  *		[NPD_PARTIALSUCCESS, <field>/<code> ]
     58  *		[NPD_FAILED, <code> ]
     59  *
     60  */
     61 
     62 /*
     63  * status of operation, NPD = NIS+ PASSWD DAEMON
     64  */
     65 enum nispasswd_status {
     66 	NPD_SUCCESS,		/* operation succeeded */
     67 	NPD_TRYAGAIN,		/* passwd incorrect, try again */
     68 	NPD_PARTIALSUCCESS,	/* failed to update all the info */
     69 	NPD_FAILED		/* operation failed */
     70 };
     71 
     72 /*
     73  * error codes
     74  */
     75 enum nispasswd_code {
     76 	NPD_NOTMASTER,		/* server is not master of this domain */
     77 	NPD_NOSUCHENTRY,	/* no passwd entry exists for this user */
     78 	NPD_IDENTINVALID,	/* identifier invalid */
     79 	NPD_NOPASSWD,		/* no password stored */
     80 	NPD_NOSHDWINFO,		/* no shadow information stored */
     81 	NPD_SHDWCORRUPT,	/* shadow information corrupted */
     82 	NPD_NOTAGED,		/* passwd has not aged sufficiently */
     83 	NPD_CKGENFAILED,	/* common key could not be generated */
     84 	NPD_VERFINVALID,	/* verifier mismatch */
     85 	NPD_PASSINVALID,	/* all auth attempts incorrect */
     86 	NPD_ENCRYPTFAIL,	/* encryption failed */
     87 	NPD_DECRYPTFAIL,	/* decryption failed */
     88 	NPD_KEYSUPDATED,	/* new key-pair generated for user */
     89 	NPD_KEYNOTREENC,	/* could not reencrypt secret key */
     90 	NPD_PERMDENIED,		/* permission denied */
     91 	NPD_SRVNOTRESP,		/* server not responding */
     92 	NPD_NISERROR,		/* NIS+ server error */
     93 	NPD_SYSTEMERR,		/* system error */
     94 	NPD_BUFTOOSMALL,	/* buffer too small */
     95 	NPD_INVALIDARGS		/* invalid args to function */
     96 
     97 	/* others */
     98 };
     99 
    100 /*
    101  * other passwd fields that change and secretkey
    102  */
    103 enum nispasswd_field {
    104 	NPD_PASSWD,		/* password field */
    105 	NPD_GECOS,		/* gecos field */
    106 	NPD_SHELL,		/* shell field */
    107 	NPD_SECRETKEY		/* secret key */
    108 };
    109 
    110 /*
    111  * error reason
    112  */
    113 
    114 struct nispasswd_error {
    115 	nispasswd_field		npd_field;	/* field type */
    116 	nispasswd_code		npd_code;	/* error code */
    117 	struct nispasswd_error	*next;		/* next pair */
    118 };
    119 
    120 /*
    121  * other passwd information
    122  */
    123 struct passwd_info {
    124 	string	pw_gecos<>;	/* in real life name */
    125 	string	pw_shell<>;	/* default shell */
    126 };
    127 
    128 struct npd_request {
    129 	string		username<>;	/* update req. for username */
    130 	string		domain<>;	/* update in domain */
    131 	string		key_type<>;	/* DES, RSA, KERB */
    132 	unsigned char	user_pub_key<>;	/* generated publickey */
    133 	unsigned char	npd_authpass<>;	/* encrypted passwd */
    134 	unsigned int	ident;		/* identifier */
    135 };
    136 
    137 /*
    138  * encrypted passwd information
    139  */
    140 const __NPD_MAXPASSBYTES = 12;
    141 typedef opaque passbuf[__NPD_MAXPASSBYTES];	/* store encrypted pass */
    142 
    143 struct npd_newpass {
    144 	unsigned int	npd_xrandval;	/* R */
    145 	passbuf	pass;			/* "clear" new passwd */
    146 };
    147 
    148 struct npd_update {
    149 	unsigned int	ident;			/* identifier */
    150 	npd_newpass	xnewpass;		/* encrypted */
    151 	passwd_info	pass_info;		/* other information */
    152 };
    153 
    154 %#define DESCREDPASSLEN sizeof (des_block)
    155 const __NPD2_MAXPASSBYTES = 256;		/* _PASS_MAX */
    156 
    157 struct npd_newpass2 {
    158 	unsigned int	npd_xrandval;		/* R */
    159 	opaque	pass[__NPD2_MAXPASSBYTES];	/* "clear" new passwd */
    160 	unsigned int	npd_pad;	/* pad size to modulo des_block */
    161 };
    162 
    163 struct npd_update2 {
    164 	unsigned int	ident;			/* identifier */
    165 	npd_newpass2	xnewpass;		/* encrypted */
    166 	passwd_info	pass_info;		/* other information */
    167 };
    168 
    169 struct nispasswd_verf {
    170 	unsigned int	npd_xid;		/* encrypted identifier */
    171 	unsigned int	npd_xrandval;		/* encrypted R */
    172 };
    173 
    174 /*
    175  * authentication result
    176  */
    177 union nispasswd_authresult switch (nispasswd_status status) {
    178 case NPD_SUCCESS:
    179 case NPD_TRYAGAIN:
    180 	nispasswd_verf		npd_verf;	/* verifier */
    181 default:
    182 	nispasswd_code		npd_err;	/* error */
    183 };
    184 
    185 /*
    186  * update result
    187  */
    188 union nispasswd_updresult switch (nispasswd_status status) {
    189 case NPD_PARTIALSUCCESS:
    190 	nispasswd_error		reason;		/* field/code */
    191 case NPD_FAILED:
    192 	nispasswd_code		npd_err;	/* error */
    193 default:
    194 	void;
    195 };
    196 
    197 program NISPASSWD_PROG {
    198 	version NISPASSWD_VERS {
    199 		/*
    200 		 * authenticate passwd update request
    201 		 */
    202 		nispasswd_authresult NISPASSWD_AUTHENTICATE(npd_request) = 1;
    203 
    204 		/*
    205 		 * send new passwd information
    206 		 */
    207 		nispasswd_updresult	NISPASSWD_UPDATE(npd_update) = 2;
    208 	} = 1;
    209 
    210 	version NISPASSWD_VERS2 {
    211 		/*
    212 		 * authenticate passwd update request
    213 		 */
    214 		nispasswd_authresult NISPASSWD_AUTHENTICATE(npd_request) = 1;
    215 
    216 		/*
    217 		 * send new passwd information
    218 		 */
    219 		nispasswd_updresult	NISPASSWD_UPDATE(npd_update2) = 2;
    220 	} = 2;
    221 } = 100303;
    222