1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
/*
* System Security Services Daemon. NSS Interface
*
* Copyright (C) Simo Sorce 2007
*
* You can used this header file in any way you see fit provided copyright
* notices are preserved.
*
*/
#ifndef _SSSNSS_H
#define _SSSNSS_H
#include <nss.h>
#include <pwd.h>
#include <grp.h>
/* SELinux will have a better way to regulate access if they are seprate
* Also a change in one of the pipes will not affect the others */
#define SSS_NSS_SOCKET_NAME "/var/lib/sss/pipes/nss"
#define SSS_NSS_VERSION 0
enum sss_nss_command {
/* null */
SSS_NSS_NULL = 0x0000,
/* version */
SSS_NSS_GET_VERSION = 0x0001,
/* passwd */
SSS_NSS_GETPWNAM = 0x0011,
SSS_NSS_GETPWUID = 0x0012,
SSS_NSS_SETPWENT = 0x0013,
SSS_NSS_GETPWENT = 0x0014,
SSS_NSS_ENDPWENT = 0x0015,
/* group */
SSS_NSS_GETGRNAM = 0x0021,
SSS_NSS_GETGRGID = 0x0022,
SSS_NSS_SETGRENT = 0x0023,
SSS_NSS_GETGRENT = 0x0024,
SSS_NSS_ENDGRENT = 0x0025,
SSS_NSS_INITGR = 0x0026,
#if 0
/* aliases */
SSS_NSS_GETALIASBYNAME = 0x0031,
SSS_NSS_GETALIASBYPORT = 0x0032,
SSS_NSS_SETALIASENT = 0x0033,
SSS_NSS_GETALIASENT = 0x0034,
SSS_NSS_ENDALIASENT = 0x0035,
/* ethers */
SSS_NSS_GETHOSTTON = 0x0041,
SSS_NSS_GETNTOHOST = 0x0042,
SSS_NSS_SETETHERENT = 0x0043,
SSS_NSS_GETETHERENT = 0x0044,
SSS_NSS_ENDETHERENT = 0x0045,
/* hosts */
SSS_NSS_GETHOSTBYNAME = 0x0051,
SSS_NSS_GETHOSTBYNAME2 = 0x0052,
SSS_NSS_GETHOSTBYADDR = 0x0053,
SSS_NSS_SETHOSTENT = 0x0054,
SSS_NSS_GETHOSTENT = 0x0055,
SSS_NSS_ENDHOSTENT = 0x0056,
/* netgroup */
SSS_NSS_SETNETGRENT = 0x0061,
SSS_NSS_GETNETGRENT = 0x0062,
SSS_NSS_ENDNETGRENT = 0x0063,
/* SSS_NSS_INNETGR = 0x0064, */
/* networks */
SSS_NSS_GETNETBYNAME = 0x0071,
SSS_NSS_GETNETBYADDR = 0x0072,
SSS_NSS_SETNETENT = 0x0073,
SSS_NSS_GETNETENT = 0x0074,
SSS_NSS_ENDNETENT = 0x0075,
/* protocols */
SSS_NSS_GETPROTOBYNAME = 0x0081,
SSS_NSS_GETPROTOBYNUM = 0x0082,
SSS_NSS_SETPROTOENT = 0x0083,
SSS_NSS_GETPROTOENT = 0x0084,
SSS_NSS_ENDPROTOENT = 0x0085,
/* rpc */
SSS_NSS_GETRPCBYNAME = 0x0091,
SSS_NSS_GETRPCBYNUM = 0x0092,
SSS_NSS_SETRPCENT = 0x0093,
SSS_NSS_GETRPCENT = 0x0094,
SSS_NSS_ENDRPCENT = 0x0095,
/* services */
SSS_NSS_GETSERVBYNAME = 0x00A1,
SSS_NSS_GETSERVBYPORT = 0x00A2,
SSS_NSS_SETSERVENT = 0x00A3,
SSS_NSS_GETSERVENT = 0x00A4,
SSS_NSS_ENDSERVENT = 0x00A5,
/* shadow */
SSS_NSS_GETSPNAM = 0x00B1,
SSS_NSS_GETSPUID = 0x00B2,
SSS_NSS_SETSPENT = 0x00B3,
SSS_NSS_GETSPENT = 0x00B4,
SSS_NSS_ENDSPENT = 0x00B5,
#endif
};
#define SSS_NSS_MAX_ENTRIES 256
#define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4)
struct sss_nss_req_data {
size_t len;
const void *data;
};
/* this is in milliseconds, wait up to 300 seconds */
#define SSS_NSS_SOCKET_TIMEOUT 300000
enum nss_status sss_nss_make_request(enum sss_nss_command cmd,
struct sss_nss_req_data *rd,
uint8_t **repbuf, size_t *replen,
int *errnop);
#endif /* _SSSNSS_H */
#if 0
/* GETSPNAM Request:
*
* 0-X: string with name
*
* Replies:
*
* 0-3: 32bit unsigned number of results
* 4-7: 32bit unsigned (reserved/padding)
* For each result:
* 0-7: 64bit unsigned with Date of last change
* 8-15: 64bit unsigned with Min #days between changes
* 16-23: 64bit unsigned with Max #days between changes
* 24-31: 64bit unsigned with #days before pwd expires
* 32-39: 64bit unsigned with #days after pwd expires until account is disabled
* 40-47: 64bit unsigned with expiration date in days since 1970-01-01
* 48-55: 64bit unsigned (flags/reserved)
* 56-X: sequence of 2, 0 terminated, strings (name, pwd) 64bit padded
*/
#endif
|
