1/*	$NetBSD: ldapauth.h,v 1.6 2021/08/14 16:17:57 christos Exp $	*/
2
3/*
4 *
5 * Copyright (c) 2005, Eric AUGE <eau@phear.org>
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
9 *
10 * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
11 * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
12 * Neither the name of the phear.org nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
15 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
17 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
18 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
19 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
20 *
21 *
22 */
23
24#ifndef LDAPAUTH_H
25#define LDAPAUTH_H
26
27#define LDAP_DEPRECATED 1
28
29#include <string.h>
30#include <time.h>
31#include <ldap.h>
32#include <lber.h>
33
34/* tokens in use for config */
35#define _DEFAULT_LPK_TOKEN "UseLPK"
36#define _DEFAULT_SRV_TOKEN "LpkServers"
37#define _DEFAULT_USR_TOKEN "LpkUserDN"
38#define _DEFAULT_GRP_TOKEN "LpkGroupDN"
39#define _DEFAULT_BDN_TOKEN "LpkBindDN"
40#define _DEFAULT_BPW_TOKEN "LpkBindPw"
41#define _DEFAULT_MYG_TOKEN "LpkServerGroup"
42#define _DEFAULT_FIL_TOKEN "LpkFilter"
43#define _DEFAULT_TLS_TOKEN "LpkForceTLS"
44#define _DEFAULT_BTI_TOKEN "LpkBindTimelimit"
45#define _DEFAULT_STI_TOKEN "LpkSearchTimelimit"
46#define _DEFAULT_LDP_TOKEN "LpkLdapConf"
47
48#define _DEFAULT_PUB_TOKEN "LpkPubKeyAttr"
49
50/* default options */
51#define _DEFAULT_LPK_ON 0
52#define _DEFAULT_LPK_SERVERS NULL
53#define _DEFAULT_LPK_UDN NULL
54#define _DEFAULT_LPK_GDN NULL
55#define _DEFAULT_LPK_BINDDN NULL
56#define _DEFAULT_LPK_BINDPW NULL
57#define _DEFAULT_LPK_SGROUP NULL
58#define _DEFAULT_LPK_FILTER NULL
59#define _DEFAULT_LPK_TLS -1
60#define _DEFAULT_LPK_BTIMEOUT 10
61#define _DEFAULT_LPK_STIMEOUT 10
62#define _DEFAULT_LPK_LDP NULL
63#define _DEFAULT_LPK_PUB "sshPublicKey"
64
65/* flags */
66#define FLAG_EMPTY	    0x00000000
67#define FLAG_CONNECTED	    0x00000001
68
69/* flag macros */
70#define FLAG_SET_EMPTY(x)		x&=(FLAG_EMPTY)
71#define FLAG_SET_CONNECTED(x)		x|=(FLAG_CONNECTED)
72#define FLAG_SET_DISCONNECTED(x)	x&=~(FLAG_CONNECTED)
73
74/* defines */
75#define FAILURE -1
76#define SUCCESS 0
77
78/*
79 *
80 * defined files path
81 * (should be relocated to pathnames.h,
82 * if one day it's included within the tree)
83 *
84 */
85#define _PATH_LDAP_CONFIG_FILE "/etc/ldap.conf"
86
87/* structures */
88typedef struct ldap_options {
89    int on;			/* Use it or NOT */
90    LDAP * ld;			/* LDAP file desc */
91    char * servers;		/* parsed servers for ldaplib failover handling */
92    char * u_basedn;		/* user basedn */
93    char * g_basedn;		/* group basedn */
94    char * binddn;		/* binddn */
95    char * bindpw;		/* bind password */
96    char * sgroup;		/* server group */
97    char * fgroup;		/* group filter */
98    char * filter;		/* additional filter */
99    char * l_conf;		/* use ldap.conf */
100    int tls;			/* TLS only */
101    struct timeval b_timeout;   /* bind timeout */
102    struct timeval s_timeout;   /* search timeout */
103    unsigned int flags;		/* misc flags (reconnection, future use?) */
104    char * pub_key_attr;	/* Pubkey-Attribute */
105} ldap_opt_t;
106
107typedef struct ldap_keys {
108    struct berval ** keys;	/* the public keys retrieved */
109    unsigned int num;		/* number of keys */
110} ldap_key_t;
111
112
113/* function headers */
114void ldap_close(ldap_opt_t *);
115int ldap_xconnect(ldap_opt_t *);
116char * ldap_parse_groups(const char *);
117char * ldap_parse_servers(const char *);
118void ldap_options_print(ldap_opt_t *);
119void ldap_options_free(ldap_opt_t *);
120void ldap_keys_free(ldap_key_t *);
121int ldap_parse_lconf(ldap_opt_t *);
122ldap_key_t * ldap_getuserkey(ldap_opt_t *, const char *);
123int ldap_ismember(ldap_opt_t *, const char *);
124
125#endif
126