sss_cli.h revision c9b2b7f3f02bf40b698c70640f151d0113736195
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder Client Interface for NSS and PAM.
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder Simo Sorce <ssorce@redhat.com>
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder Copyright (C) Red Hat, Inc 2007
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder This program is free software; you can redistribute it and/or modify
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder it under the terms of the GNU Lesser General Public License as published by
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder the Free Software Foundation; either version 3 of the License, or
18548c6cc2dff13bf9f5f08b3f6cde6ca914df1dChristian Maeder (at your option) any later version.
25da71ee832b729e33def344a68f59fe21ce9c07Eugen Kuksa This program is distributed in the hope that it will be useful,
25da71ee832b729e33def344a68f59fe21ce9c07Eugen Kuksa but WITHOUT ANY WARRANTY; without even the implied warranty of
950875ac099734b9eaccf4233773e6df00477f22Eugen Kuksa MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
7d0db235b17b2109cd45fa50e6d1bbc77823f81dEugen Kuksa GNU Lesser General Public License for more details.
92ae4d5885ea837ffe3dae9b2de742f871229b94Christian Maeder You should have received a copy of the GNU Lesser General Public License
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder along with this program. If not, see <http://www.gnu.org/licenses/>.
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder * @defgroup sss_cli_command SSS client commands
de8eee2014437ec4020be15cd363257f87e79943Christian Maeder/** The allowed commands a SSS client can send to the SSSD */
5896f38ba2934056542cb7cb3e6359e88a622547Christian Maeder/* netgroup */
275698320a734a6fd647ea6a461d6ce38862da1dChristian Maeder /* SSS_NSS_INNETGR = 0x0064, */
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder/* networks */
6a6689ad6d4c70af2ce3389f39a50982f20fd939Christian Maeder/* protocols */
5fb6343a5a2b4bbc67bc83479c84a92d23d30edfChristian Maeder/* services */
b87fb5d6d5aba8fc6d3c528f7da0af228ca76b02Eugen Kuksa/* PAM related calls */
b87fb5d6d5aba8fc6d3c528f7da0af228ca76b02Eugen Kuksa SSS_PAM_AUTHENTICATE = 0x00F1, /**< see pam_sm_authenticate(3) for
7b21830970250ca6369b0ae60f34c990f9a5c5bfTill Mossakowski * Additionally we allow sssd to send
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski * the return code PAM_NEW_AUTHTOK_REQD
83ce5f14d356cd62e98f4f674da7f11ea1869eb0Till Mossakowski * during authentication if the
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski * authentication was successful but
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski * the authentication token is expired.
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * To meet the standards of libpam we
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa * return PAM_SUCCESS for
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * authentication and set a flag so
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * that the account management module
d3d8d20d41aaaa107cf2dfa4dd0434e6a08b22d5Till Mossakowski * can return PAM_NEW_AUTHTOK_REQD if
d27b1887e61f1dc53d77c37f59dbf5019242a686Christian Maeder * sssd return success for account
31a81edf1285dc338211bfe86ba50a1f4128d9d2Christian Maeder * management. We do this to reduce the
31a81edf1285dc338211bfe86ba50a1f4128d9d2Christian Maeder * communication with external servers,
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * because there are cases, e.g.
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder * Kerberos authentication, where the
5d3978bb76c33d08d6297f69f10bbc04721ee3a5cmaeder * information that the password is
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * expired is already available during
1f0483f71bad0707f10293d0b4db4649aa93fb35Christian Maeder * authentication. */
1f0483f71bad0707f10293d0b4db4649aa93fb35Christian Maeder SSS_PAM_SETCRED = 0x00F2, /**< see pam_sm_setcred(3) for
c5b8b64377e24bcbf5cc108ca433cfbbd6235ba1Christian Maeder SSS_PAM_ACCT_MGMT = 0x00F3, /**< see pam_sm_acct_mgmt(3) for
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder SSS_PAM_OPEN_SESSION = 0x00F4, /**< see pam_sm_open_session(3) for
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder * details */
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder SSS_PAM_CLOSE_SESSION = 0x00F5, /**< see pam_sm_close_session(3) for
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder SSS_PAM_CHAUTHTOK = 0x00F6, /**< second run of the password change
c5b8b64377e24bcbf5cc108ca433cfbbd6235ba1Christian Maeder * operation where the PAM_UPDATE_AUTHTOK
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder * flag is set and the real change may
293abe6af19382a456dbe612aef45054ef76832fcmaeder * happen, see pam_sm_chauthtok(3) for
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder * details */
8723ec450f2e7a024230467c0c28a3f154905483cmaeder SSS_PAM_CHAUTHTOK_PRELIM = 0x00F7, /**< first run of the password change
7b21830970250ca6369b0ae60f34c990f9a5c5bfTill Mossakowski * operation where the PAM_PRELIM_CHECK
e99cb5db53054d96bb97c9b8b130bd249802450eTill Mossakowski * flag is set, see pam_sm_chauthtok(3)
8e3e7896a1818bb0521674cf4f10403e9f9911b3Till Mossakowski * for details */
e5f71ad96ddbaafd3bf8ae0820df93e0db4b0527cmaeder SSS_CMD_RENEW = 0x00F8, /**< Renew a credential with a limited
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * lifetime, e.g. a Kerberos Ticket
1f0483f71bad0707f10293d0b4db4649aa93fb35Christian Maeder * Granting Ticket (TGT) */
232c13ff6847a6f2bac7163392f80ab692cd7774Christian Maeder * @defgroup sss_pam SSSD and PAM
4bd27a2cb9efd5d8ff00b5cf823487403add724ecmaeder * SSSD offers authentication and authorization via PAM
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder * The SSSD provides a PAM client modules pam_sss which can be called from the
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * PAM stack of the operation system. pam_sss will collect all the data about
26acf851cacd7a31bdc9b25a42af9949942fa7c6Christian Maeder * the user from the PAM stack and sends them via a socket to the PAM
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder * responder of the SSSD. The PAM responder selects the appropriate backend
c5b8b64377e24bcbf5cc108ca433cfbbd6235ba1Christian Maeder * and forwards the data via DBUS to the backend. The backend preforms the
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder * requested operation and sends the result expressed by a PAM return value
99b26e2ab8ba89bc9a050c1524137eb6269e2753Christian Maeder * and optional additional information back to the PAM responder. Finally the
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder * PAM responder forwards the response back to the client.
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * @defgroup sss_authtok_type Authentication Tokens
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * @ingroup sss_pam
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * To indicate to the components of the SSSD how to handle the authentication
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * token the client sends the type of the authentication token to the SSSD.
df24d7f0c79862ffd8189698645e201bf07a4d9cEugen Kuksa/** The different types of authentication tokens */
feb9227bb5c49d5bea1a112500c3b3eba31abdfbcmaeder SSS_AUTHTOK_TYPE_EMPTY = 0x0000, /**< No authentication token
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * available */
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder SSS_AUTHTOK_TYPE_PASSWORD = 0x0001, /**< Authentication token is a
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * password, it may or may no contain
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa * a trailing \\0 */
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa SSS_AUTHTOK_TYPE_CCFILE = 0x0002, /**< Authentication token is a path to
64f5f0a8c38d5b2ba33b09e02e92b0e3f812d6d0Eugen Kuksa * a Kerberos credential cache file,
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * it may or may no contain
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * a trailing \\0 */
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa#define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4)
dfa31ad230c88a66a9722c2a5ab23fe82c33f014Eugen Kuksa const void *data;
d16243f2fd4825f598eee589b68e324e23eb469dEugen Kuksa/* this is in milliseconds, wait up to 300 seconds */
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * @defgroup sss_pam_cli Responses to the PAM client
6f9d360a425bdae3bd15289388e64c14a85eca43cmaeder * @ingroup sss_pam
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * @defgroup response_type Messages from the server
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * @ingroup sss_pam_cli
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * SSSD can send different kind of information back to the client.
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * A response from the SSSD can contain 0 or more messages. Each message
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder * contains a type tag and the size of the message data, both are unsigned
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * 32-bit integer values, followed be the message specific data.
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * If the message is generated by a backend it is send back to the PAM
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * responder via a D-BUS message in an array of D-BUS structs. The struct
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * consists of a DBUS_TYPE_UINT32 for the tag and a DBUS_TYPE_ARRAY to hold
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa * the message.
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * Examples:
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder * - #SSS_PAM_ENV_ITEM,
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * ------------------------------------
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * | uint32_t | uint32_t | uint8_t[4] |
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht * | 0x03 | 0x04 | a=b\\0 |
233754e153e665aa748bf8b45bd8b1938b6c21a7Christian Maeder * ------------------------------------
8723ec450f2e7a024230467c0c28a3f154905483cmaeder/** Types of different messages */
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht SSS_PAM_SYSTEM_INFO = 0x01, /**< Message for the system log.
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * @param String, zero terminated. */
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder SSS_PAM_DOMAIN_NAME, /**< Name of the domain the user belongs too.
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht * This messages is generated by the PAM responder.
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * @param String, zero terminated, with the domain
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht SSS_PAM_ENV_ITEM, /**< Set and environment variable with pam_putenv(3).
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * @param String, zero terminated, of the form
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * name=value. See pam_putenv(3) for details. */
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht SSS_ENV_ITEM, /**< Set and environment variable with putenv(3).
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder * @param String, zero terminated, of the form
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht * name=value. See putenv(3) for details. */
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht SSS_ALL_ENV_ITEM, /**< Set and environment variable with putenv(3) and
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * pam_putenv(3).
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * @param String, zero terminated, of the form
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht * name=value. See putenv(3) and pam_putenv(3) for
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht * details. */
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht SSS_PAM_USER_INFO, /**< A message which should be displayed to the user.
8723ec450f2e7a024230467c0c28a3f154905483cmaeder * @param User info message, see #user_info_type
de8983abdf4b35af1ed1fdee2de4dff13c2368bacmaeder * for details. */
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht SSS_PAM_TEXT_MSG, /**< A plain text message which should be displayed to
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht * the user.This should only be used in the case where
12882fa70d12d9b56cbd850ccb4b724feb3c62d5Christian Maeder * it is not possile to use SSS_PAM_USER_INFO.
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * @param A zero terminated string. */
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * @defgroup user_info_type User info messages
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht * @ingroup response_type
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht * To achieve a consistent user experience and to facilitate
ccd9cf19d129595770d592d3d0d80c6619f7a141Eugen Kuksa * internationalization all messages show to the user are generate by the PAM
465c6b72e8e480969b5f08658e394992bcc08bfcSimon Ulbricht * client and not by the SSSD server components. To indicate what message the
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * client should display to the user SSSD can send a #SSS_PAM_USER_INFO message
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * where the data part contains one of the following tags as an unsigned
0a46a4d711eca869ad75b4df84dabd72783ebdd2Simon Ulbricht * 32-bit integer value and optional data.
0b144823976d79a34bff62f7f9ec032e80b8ce85Simon Ulbricht * - #SSS_PAM_USER_INFO_OFFLINE_CHPASS
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa * ----------------------------------
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa * | uint32_t | uint32_t | uint32_t |
4f820114168836fb05b720c429866baa5665690eChristian Maeder * | 0x06 | 0x01 | 0x03 |
4bd27a2cb9efd5d8ff00b5cf823487403add724ecmaeder * ----------------------------------
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht * - #SSS_PAM_USER_INFO_CHPASS_ERROR
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa * ----------------------------------------------------------
1698621aea64f7a2b04a4084984eed1437e22771Christian Maeder * | uint32_t | uint32_t | uint32_t | uint32_t | uint8_t[3] |
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder * | 0x06 | 0x05 | 0x04 | 0x03 | abc |
1d65a799298f6b1253d774c22f61029e6eb99cadcmaeder * ----------------------------------------------------------
6fb590a3747600c145abfd7c3483039fb03af032Christian Maeder/** Different types of user messages */
c24f7998fe7dfca4277f83076a119aabfe6186a0mcodescu SSS_PAM_USER_INFO_OFFLINE_AUTH = 0x01, /**< Inform the user that the
1ab66a7e4234c760be9689b05ab4c34ce99dba23Simon Ulbricht * authentication happened offline.
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * This message is generated by the
986888e7f4d8ed681272a79c63f329ce8037063dcmaeder * PAM responder.
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * @param Time when the cached
fcd8dd6d9029180ae5e777e94a973c5e355a55cfcmaeder * password will expire in seconds
fcd8dd6d9029180ae5e777e94a973c5e355a55cfcmaeder * since the UNIX Epoch as returned
fcd8dd6d9029180ae5e777e94a973c5e355a55cfcmaeder * by time(2) as int64_t. A value
fcd8dd6d9029180ae5e777e94a973c5e355a55cfcmaeder * of zero indicates that the
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * cached password will never
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * expire. */
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED, /**< Tell the user how low a new
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa * authentication is delayed. This
4937a0e373f619dc520799923acec42db5da5eb3Eugen Kuksa * message is generated by the PAM
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * responder.
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa * @param Time when an
d35249e8b76e34d3cbb6adf7d89e9111226a49d6Eugen Kuksa * authentication is allowed again
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht * in seconds since the UNIX Epoch
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht * as returned by time(2) as
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * int64_t. */
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa SSS_PAM_USER_INFO_OFFLINE_CHPASS, /**< * Tell the user that it is not
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * possible to change the password while
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * the system is offline. This message
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * is generated by the PAM responder. */
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa SSS_PAM_USER_INFO_CHPASS_ERROR, /**< Tell the user that a password change
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * failed and optionally give a reason.
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * @param Size of the message as unsigned
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * 32-bit integer value. A value of 0
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * indicates that no message is following.
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * @param String with the specified
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * length. */
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa SSS_PAM_USER_INFO_GRACE_LOGIN, /**< Warn the user that the password is
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * expired and inform about the remaining
f345dca8aecfdbc7137a28dda45f9a5574d1fd14Eugen Kuksa * number of grace logins.
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * @param The number of remaining grace
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * logins as uint32_t */
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa SSS_PAM_USER_INFO_EXPIRE_WARN /**< Warn the user that the password will
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * expire soon.
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * @param Number of seconds before the user's
728bd6bf3eb21b95a5e83db746a3c6ab5e8a6de1Eugen Kuksa * password will expire. */
4ded733c298c9fd95db25858b897da482f4ab3e7Eugen Kuksaenum nss_status sss_nss_make_request(enum sss_cli_command cmd,
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maederint sss_pam_make_request(enum sss_cli_command cmd,
986888e7f4d8ed681272a79c63f329ce8037063dcmaederstatic inline void
d1c667fd9445963d9d31e2cf5d0ead15e77082a4cmaedersafealign_memcpy(void *dest, const void *src, size_t n, size_t *counter)
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht#define SAFEALIGN_SET_VALUE(dest, value, type, pctr) do { \
8723ec450f2e7a024230467c0c28a3f154905483cmaeder safealign_memcpy(dest, &CV_MACRO_val, sizeof(type), pctr); \
7463a1bf64cfa90917e2afb6a5017ec411d2b3dbSimon Ulbricht safealign_memcpy(dest, src, sizeof(uint32_t), pctr)
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder#define SAFEALIGN_SET_UINT16(dest, value, pctr) \
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht SAFEALIGN_SET_VALUE(dest, value, uint16_t, pctr)
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder#define SAFEALIGN_COPY_UINT16(dest, src, pctr) \
f382d86a384743a770cd5490a641e38ed1069c5cChristian Maeder safealign_memcpy(dest, src, sizeof(uint16_t), pctr)
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht/* GETSPNAM Request:
f6a562e28240e4f9107c199ba7a8e500ccfbfa55Simon Ulbricht * 0-X: string with name
9a5e6e537c43a631facd9d87ce1a6c76f4b0af6dSimon Ulbricht * 0-3: 32bit unsigned number of results
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht * 4-7: 32bit unsigned (reserved/padding)
bf51e183eda8e66f16795b35ce9a62468974b8e3Christian Maeder * For each result:
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder * 0-7: 64bit unsigned with Date of last change
7f150d7930b47c297e184638ecd811b3656b0dadChristian Maeder * 8-15: 64bit unsigned with Min #days between changes
2e76bbbed1c936bb0aee1753837e1c50416847a2Simon Ulbricht * 16-23: 64bit unsigned with Max #days between changes
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder * 24-31: 64bit unsigned with #days before pwd expires
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder * 32-39: 64bit unsigned with #days after pwd expires until account is disabled
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder * 40-47: 64bit unsigned with expiration date in days since 1970-01-01
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder * 48-55: 64bit unsigned (flags/reserved)
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder * 56-X: sequence of 2, 0 terminated, strings (name, pwd) 64bit padded
b532acc045cf5e26beb0691acc136d11188cce87Christian Maeder/* Return strlen(str) or maxlen, whichever is shorter
0a26144c20fa9cdcd05011ca5019cbac8e4afae0cmaeder * Returns EINVAL if str is NULL, EFBIG if str is longer than maxlen
30ccae9374798a92124e1b294404f7b55ffbb412Christian Maeder * _len will return the result
d1c667fd9445963d9d31e2cf5d0ead15e77082a4cmaedererrno_t sss_strnlen(const char *str, size_t maxlen, size_t *len);
22bb4a9063684a0f37dd7d0e6b21086adcc1e789Christian Maeder#endif /* _SSSCLI_H */