1/* $NetBSD: ldapauth.h,v 1.6 2021/08/14 16:17:57 christos Exp $ */ 2 3/* 4 * 5 * Copyright (c) 2005, Eric AUGE <eau@phear.org> 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 9 * 10 * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 11 * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 12 * Neither the name of the phear.org nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 15 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 17 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 18 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 19 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 20 * 21 * 22 */ 23 24#ifndef LDAPAUTH_H 25#define LDAPAUTH_H 26 27#define LDAP_DEPRECATED 1 28 29#include <string.h> 30#include <time.h> 31#include <ldap.h> 32#include <lber.h> 33 34/* tokens in use for config */ 35#define _DEFAULT_LPK_TOKEN "UseLPK" 36#define _DEFAULT_SRV_TOKEN "LpkServers" 37#define _DEFAULT_USR_TOKEN "LpkUserDN" 38#define _DEFAULT_GRP_TOKEN "LpkGroupDN" 39#define _DEFAULT_BDN_TOKEN "LpkBindDN" 40#define _DEFAULT_BPW_TOKEN "LpkBindPw" 41#define _DEFAULT_MYG_TOKEN "LpkServerGroup" 42#define _DEFAULT_FIL_TOKEN "LpkFilter" 43#define _DEFAULT_TLS_TOKEN "LpkForceTLS" 44#define _DEFAULT_BTI_TOKEN "LpkBindTimelimit" 45#define _DEFAULT_STI_TOKEN "LpkSearchTimelimit" 46#define _DEFAULT_LDP_TOKEN "LpkLdapConf" 47 48#define _DEFAULT_PUB_TOKEN "LpkPubKeyAttr" 49 50/* default options */ 51#define _DEFAULT_LPK_ON 0 52#define _DEFAULT_LPK_SERVERS NULL 53#define _DEFAULT_LPK_UDN NULL 54#define _DEFAULT_LPK_GDN NULL 55#define _DEFAULT_LPK_BINDDN NULL 56#define _DEFAULT_LPK_BINDPW NULL 57#define _DEFAULT_LPK_SGROUP NULL 58#define _DEFAULT_LPK_FILTER NULL 59#define _DEFAULT_LPK_TLS -1 60#define _DEFAULT_LPK_BTIMEOUT 10 61#define _DEFAULT_LPK_STIMEOUT 10 62#define _DEFAULT_LPK_LDP NULL 63#define _DEFAULT_LPK_PUB "sshPublicKey" 64 65/* flags */ 66#define FLAG_EMPTY 0x00000000 67#define FLAG_CONNECTED 0x00000001 68 69/* flag macros */ 70#define FLAG_SET_EMPTY(x) x&=(FLAG_EMPTY) 71#define FLAG_SET_CONNECTED(x) x|=(FLAG_CONNECTED) 72#define FLAG_SET_DISCONNECTED(x) x&=~(FLAG_CONNECTED) 73 74/* defines */ 75#define FAILURE -1 76#define SUCCESS 0 77 78/* 79 * 80 * defined files path 81 * (should be relocated to pathnames.h, 82 * if one day it's included within the tree) 83 * 84 */ 85#define _PATH_LDAP_CONFIG_FILE "/etc/ldap.conf" 86 87/* structures */ 88typedef struct ldap_options { 89 int on; /* Use it or NOT */ 90 LDAP * ld; /* LDAP file desc */ 91 char * servers; /* parsed servers for ldaplib failover handling */ 92 char * u_basedn; /* user basedn */ 93 char * g_basedn; /* group basedn */ 94 char * binddn; /* binddn */ 95 char * bindpw; /* bind password */ 96 char * sgroup; /* server group */ 97 char * fgroup; /* group filter */ 98 char * filter; /* additional filter */ 99 char * l_conf; /* use ldap.conf */ 100 int tls; /* TLS only */ 101 struct timeval b_timeout; /* bind timeout */ 102 struct timeval s_timeout; /* search timeout */ 103 unsigned int flags; /* misc flags (reconnection, future use?) */ 104 char * pub_key_attr; /* Pubkey-Attribute */ 105} ldap_opt_t; 106 107typedef struct ldap_keys { 108 struct berval ** keys; /* the public keys retrieved */ 109 unsigned int num; /* number of keys */ 110} ldap_key_t; 111 112 113/* function headers */ 114void ldap_close(ldap_opt_t *); 115int ldap_xconnect(ldap_opt_t *); 116char * ldap_parse_groups(const char *); 117char * ldap_parse_servers(const char *); 118void ldap_options_print(ldap_opt_t *); 119void ldap_options_free(ldap_opt_t *); 120void ldap_keys_free(ldap_key_t *); 121int ldap_parse_lconf(ldap_opt_t *); 122ldap_key_t * ldap_getuserkey(ldap_opt_t *, const char *); 123int ldap_ismember(ldap_opt_t *, const char *); 124 125#endif 126