1 0 stevel /* 2 0 stevel * CDDL HEADER START 3 0 stevel * 4 0 stevel * The contents of this file are subject to the terms of the 5 10008 Ashok * Common Development and Distribution License (the "License"). 6 10008 Ashok * You may not use this file except in compliance with the License. 7 0 stevel * 8 0 stevel * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 0 stevel * or http://www.opensolaris.org/os/licensing. 10 0 stevel * See the License for the specific language governing permissions 11 0 stevel * and limitations under the License. 12 0 stevel * 13 0 stevel * When distributing Covered Code, include this CDDL HEADER in each 14 0 stevel * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 0 stevel * If applicable, add the following below this CDDL HEADER, with the 16 0 stevel * fields enclosed by brackets "[]" replaced with your own identifying 17 0 stevel * information: Portions Copyright [yyyy] [name of copyright owner] 18 0 stevel * 19 0 stevel * CDDL HEADER END 20 0 stevel */ 21 0 stevel /* 22 0 stevel * NIS+ password update protocol 23 0 stevel * 24 10008 Ashok * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25 10008 Ashok * Use is subject to license terms. 26 0 stevel * 27 0 stevel */ 28 10008 Ashok 29 10008 Ashok %#include <limits.h> 30 0 stevel 31 0 stevel /* 32 0 stevel * Protocol description: 33 0 stevel * Request from client: 34 0 stevel * Key_type = DES; CK = common DES key generated from Pub.D and Sec.C 35 0 stevel * Response from daemon: 36 0 stevel * Key_type = DES; CK = common DES key generated from Pub.C and Sec.D 37 0 stevel * 38 0 stevel * Client Daemon 39 0 stevel * 40 0 stevel * -------------------------------------------------------------------> 41 0 stevel * [ Username, Domain, Key_type, Publickey.C, CK(clear_password), ID ] 42 0 stevel * 43 0 stevel * 44 0 stevel * <------------------------------------------------------------------- 45 0 stevel * [NPD_SUCCESS, CK(ID, Random_value) ] 46 0 stevel * [NPD_TRYAGAIN, CK(ID, Random_value) ] 47 0 stevel * [NPD_FAILED, <code> ] 48 0 stevel * 49 0 stevel * { repeat above req/resp as necessary } 50 0 stevel * 51 0 stevel * --------------------------------------------------------------------> 52 0 stevel * [ ID, CK(R, clear_new_passwd), other_passwd_info ] 53 0 stevel * 54 0 stevel * 55 0 stevel * <-------------------------------------------------------------------- 56 0 stevel * [NPD_SUCCESS] 57 0 stevel * [NPD_PARTIALSUCCESS, <field>/<code> ] 58 0 stevel * [NPD_FAILED, <code> ] 59 0 stevel * 60 0 stevel */ 61 0 stevel 62 0 stevel /* 63 0 stevel * status of operation, NPD = NIS+ PASSWD DAEMON 64 0 stevel */ 65 0 stevel enum nispasswd_status { 66 0 stevel NPD_SUCCESS, /* operation succeeded */ 67 0 stevel NPD_TRYAGAIN, /* passwd incorrect, try again */ 68 0 stevel NPD_PARTIALSUCCESS, /* failed to update all the info */ 69 0 stevel NPD_FAILED /* operation failed */ 70 0 stevel }; 71 0 stevel 72 0 stevel /* 73 0 stevel * error codes 74 0 stevel */ 75 0 stevel enum nispasswd_code { 76 0 stevel NPD_NOTMASTER, /* server is not master of this domain */ 77 0 stevel NPD_NOSUCHENTRY, /* no passwd entry exists for this user */ 78 0 stevel NPD_IDENTINVALID, /* identifier invalid */ 79 0 stevel NPD_NOPASSWD, /* no password stored */ 80 0 stevel NPD_NOSHDWINFO, /* no shadow information stored */ 81 0 stevel NPD_SHDWCORRUPT, /* shadow information corrupted */ 82 0 stevel NPD_NOTAGED, /* passwd has not aged sufficiently */ 83 0 stevel NPD_CKGENFAILED, /* common key could not be generated */ 84 0 stevel NPD_VERFINVALID, /* verifier mismatch */ 85 0 stevel NPD_PASSINVALID, /* all auth attempts incorrect */ 86 0 stevel NPD_ENCRYPTFAIL, /* encryption failed */ 87 0 stevel NPD_DECRYPTFAIL, /* decryption failed */ 88 0 stevel NPD_KEYSUPDATED, /* new key-pair generated for user */ 89 0 stevel NPD_KEYNOTREENC, /* could not reencrypt secret key */ 90 0 stevel NPD_PERMDENIED, /* permission denied */ 91 0 stevel NPD_SRVNOTRESP, /* server not responding */ 92 0 stevel NPD_NISERROR, /* NIS+ server error */ 93 0 stevel NPD_SYSTEMERR, /* system error */ 94 0 stevel NPD_BUFTOOSMALL, /* buffer too small */ 95 0 stevel NPD_INVALIDARGS /* invalid args to function */ 96 0 stevel 97 0 stevel /* others */ 98 0 stevel }; 99 0 stevel 100 0 stevel /* 101 0 stevel * other passwd fields that change and secretkey 102 0 stevel */ 103 0 stevel enum nispasswd_field { 104 0 stevel NPD_PASSWD, /* password field */ 105 0 stevel NPD_GECOS, /* gecos field */ 106 0 stevel NPD_SHELL, /* shell field */ 107 0 stevel NPD_SECRETKEY /* secret key */ 108 0 stevel }; 109 0 stevel 110 0 stevel /* 111 0 stevel * error reason 112 0 stevel */ 113 0 stevel 114 0 stevel struct nispasswd_error { 115 0 stevel nispasswd_field npd_field; /* field type */ 116 0 stevel nispasswd_code npd_code; /* error code */ 117 0 stevel struct nispasswd_error *next; /* next pair */ 118 0 stevel }; 119 0 stevel 120 0 stevel /* 121 0 stevel * other passwd information 122 0 stevel */ 123 0 stevel struct passwd_info { 124 0 stevel string pw_gecos<>; /* in real life name */ 125 0 stevel string pw_shell<>; /* default shell */ 126 0 stevel }; 127 0 stevel 128 0 stevel struct npd_request { 129 0 stevel string username<>; /* update req. for username */ 130 0 stevel string domain<>; /* update in domain */ 131 0 stevel string key_type<>; /* DES, RSA, KERB */ 132 0 stevel unsigned char user_pub_key<>; /* generated publickey */ 133 0 stevel unsigned char npd_authpass<>; /* encrypted passwd */ 134 0 stevel unsigned int ident; /* identifier */ 135 0 stevel }; 136 0 stevel 137 0 stevel /* 138 0 stevel * encrypted passwd information 139 0 stevel */ 140 0 stevel const __NPD_MAXPASSBYTES = 12; 141 0 stevel typedef opaque passbuf[__NPD_MAXPASSBYTES]; /* store encrypted pass */ 142 0 stevel 143 0 stevel struct npd_newpass { 144 0 stevel unsigned int npd_xrandval; /* R */ 145 0 stevel passbuf pass; /* "clear" new passwd */ 146 0 stevel }; 147 0 stevel 148 0 stevel struct npd_update { 149 0 stevel unsigned int ident; /* identifier */ 150 0 stevel npd_newpass xnewpass; /* encrypted */ 151 0 stevel passwd_info pass_info; /* other information */ 152 0 stevel }; 153 0 stevel 154 10008 Ashok %#define DESCREDPASSLEN sizeof (des_block) 155 10008 Ashok const __NPD2_MAXPASSBYTES = 256; /* _PASS_MAX */ 156 10008 Ashok 157 10008 Ashok struct npd_newpass2 { 158 10008 Ashok unsigned int npd_xrandval; /* R */ 159 10008 Ashok opaque pass[__NPD2_MAXPASSBYTES]; /* "clear" new passwd */ 160 10008 Ashok unsigned int npd_pad; /* pad size to modulo des_block */ 161 10008 Ashok }; 162 10008 Ashok 163 10008 Ashok struct npd_update2 { 164 10008 Ashok unsigned int ident; /* identifier */ 165 10008 Ashok npd_newpass2 xnewpass; /* encrypted */ 166 10008 Ashok passwd_info pass_info; /* other information */ 167 10008 Ashok }; 168 10008 Ashok 169 0 stevel struct nispasswd_verf { 170 0 stevel unsigned int npd_xid; /* encrypted identifier */ 171 0 stevel unsigned int npd_xrandval; /* encrypted R */ 172 0 stevel }; 173 0 stevel 174 0 stevel /* 175 0 stevel * authentication result 176 0 stevel */ 177 0 stevel union nispasswd_authresult switch (nispasswd_status status) { 178 0 stevel case NPD_SUCCESS: 179 0 stevel case NPD_TRYAGAIN: 180 0 stevel nispasswd_verf npd_verf; /* verifier */ 181 0 stevel default: 182 0 stevel nispasswd_code npd_err; /* error */ 183 0 stevel }; 184 0 stevel 185 0 stevel /* 186 0 stevel * update result 187 0 stevel */ 188 0 stevel union nispasswd_updresult switch (nispasswd_status status) { 189 0 stevel case NPD_PARTIALSUCCESS: 190 0 stevel nispasswd_error reason; /* field/code */ 191 0 stevel case NPD_FAILED: 192 0 stevel nispasswd_code npd_err; /* error */ 193 0 stevel default: 194 0 stevel void; 195 0 stevel }; 196 0 stevel 197 0 stevel program NISPASSWD_PROG { 198 0 stevel version NISPASSWD_VERS { 199 0 stevel /* 200 0 stevel * authenticate passwd update request 201 0 stevel */ 202 0 stevel nispasswd_authresult NISPASSWD_AUTHENTICATE(npd_request) = 1; 203 0 stevel 204 0 stevel /* 205 0 stevel * send new passwd information 206 0 stevel */ 207 0 stevel nispasswd_updresult NISPASSWD_UPDATE(npd_update) = 2; 208 0 stevel } = 1; 209 10008 Ashok 210 10008 Ashok version NISPASSWD_VERS2 { 211 10008 Ashok /* 212 10008 Ashok * authenticate passwd update request 213 10008 Ashok */ 214 10008 Ashok nispasswd_authresult NISPASSWD_AUTHENTICATE(npd_request) = 1; 215 10008 Ashok 216 10008 Ashok /* 217 10008 Ashok * send new passwd information 218 10008 Ashok */ 219 10008 Ashok nispasswd_updresult NISPASSWD_UPDATE(npd_update2) = 2; 220 10008 Ashok } = 2; 221 0 stevel } = 100303; 222
Indexes created Mon Nov 23 21:45:23 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.