From 6a74d8dda1ea515c59aebbc1aa0b3093df61244c Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sun, 16 Dec 2012 15:17:42 +0000 Subject: change PAM protocol to be more consistent and simpler git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1865 ef36b2f9-881f-0410-afb5-c4e39611909c --- nslcd.h | 78 ++++++++++++++++++++++++++++++++--------------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) (limited to 'nslcd.h') diff --git a/nslcd.h b/nslcd.h index 4a9e49c..cf5feb2 100644 --- a/nslcd.h +++ b/nslcd.h @@ -191,58 +191,58 @@ /* PAM-related requests. The request parameters for all these requests begin with: STRING user name - STRING DN (if value is known already, otherwise empty) STRING service name - all requests, except the SESSION requests start the result value with: - STRING user name (cannonical name) - STRING DN (can be used to speed up requests) - Some functions may return an authorisation message. This message, if - supplied will be used by the PAM module instead of a message that is - generated by the PAM module itself. */ + STRING ruser + STRING rhost + STRING tty + If the user is not known in LDAP no result may be returned (immediately + return NSLCD_RESULT_END instead of a PAM error code). */ /* PAM authentication check request. The extra request values are: STRING password - and the result value ends with: + and the result value consists of: INT32 authc NSLCD_PAM_* result code + STRING user name (the cannonical user name) INT32 authz NSLCD_PAM_* result code STRING authorisation error message If the username is empty in this request an attempt is made to - authenticate as the administrator (set using rootpwmoddn). The returned DN - is that of the administrator. */ -#define NSLCD_ACTION_PAM_AUTHC 20001 - -/* PAM authorisation check request. The extra request values are: - STRING ruser - STRING rhost - STRING tty - and the result value ends with: + authenticate as the administrator (set using rootpwmoddn). + Some authorisation checks are already done during authentication so the + response also includes authorisation information. */ +#define NSLCD_ACTION_PAM_AUTHC 21001 + +/* PAM authorisation check request. The result value consists of: INT32 authz NSLCD_PAM_* result code - STRING authorisation error message */ -#define NSLCD_ACTION_PAM_AUTHZ 20002 - -/* PAM session open and close requests. These requests have the following - extra request values: - STRING tty - STRING rhost - STRING ruser - INT32 session id (ignored for SESS_O) - and these calls only return the session ID: - INT32 session id - The SESS_C must contain the ID that is retured by SESS_O to close the - correct session. */ -#define NSLCD_ACTION_PAM_SESS_O 20003 -#define NSLCD_ACTION_PAM_SESS_C 20004 + STRING authorisation error message + The authentication check may have already returned some authorisation + information. The authorisation error message, if supplied, will be used + by the PAM module instead of a message that is generated by the PAM + module itself. */ +#define NSLCD_ACTION_PAM_AUTHZ 21002 + +/* PAM session open request. The result value consists of: + STRING session id + This session id may be used to close this session with. */ +#define NSLCD_ACTION_PAM_SESS_O 21003 + +/* PAM session close request. This request has the following + extra request value: + STRING session id + and this calls only returns an empty response value. */ +#define NSLCD_ACTION_PAM_SESS_C 21004 + +/* +Note: I'm not sure whether PAM result codes are required here. +*/ /* PAM password modification request. This requests has the following extra request values: - STRING old password - STRING new password + INT32 asroot: 0=oldpasswd is user passwd, 1=oldpasswd is root passwd + STRING old password + STRING new password and returns there extra result values: - INT32 authz NSLCD_PAM_* result code - STRING authorisation error message - In this request the DN may be set to the administrator's DN. In this - case old password should be the administrator's password. This allows - the administrator to change any user's password. */ + INT32 NSLCD_PAM_* result code + STRING error message */ #define NSLCD_ACTION_PAM_PWMOD 20005 /* Request result codes. */ -- cgit v1.2.3