1/* $NetBSD: ppm.h,v 1.2 2021/08/14 16:14:53 christos Exp $ */ 2 3/* 4 * ppm.h for OpenLDAP 5 * 6 * See LICENSE, README and INSTALL files 7 */ 8 9#ifndef PPM_H_ 10#define PPM_H_ 11 12#include <stdlib.h> // for type conversion, such as atoi... 13#include <regex.h> // for matching allowedParameters / conf file 14#include <string.h> 15#include <ctype.h> 16#include <portable.h> 17#include <slap.h> 18 19#if defined(DEBUG) 20#include <syslog.h> 21#endif 22 23//#define PPM_READ_FILE 1 // old deprecated configuration mode 24 // 1: (deprecated) don't read pwdCheckModuleArg 25 // attribute, instead read config file 26 // 0: read pwdCheckModuleArg attribute 27 28/* config file parameters (DEPRECATED) */ 29#ifndef CONFIG_FILE 30#define CONFIG_FILE "/etc/openldap/ppm.example" 31#endif 32#define FILENAME_MAX_LEN 512 33 34#define DEFAULT_QUALITY 3 35#define MEMORY_MARGIN 50 36#define MEM_INIT_SZ 64 37#define DN_MAX_LEN 512 38 39#define CONF_MAX_SIZE 50 40#define PARAM_MAX_LEN 32 41#define VALUE_MAX_LEN 128 42#define ATTR_NAME_MAX_LEN 150 43 44#define PARAM_PREFIX_CLASS "class-" 45#define TOKENS_DELIMITERS " ,;-_��\t" 46 47 48#define DEBUG_MSG_MAX_LEN 256 49 50#define PASSWORD_QUALITY_SZ \ 51 "Password for dn=\"%s\" does not pass required number of strength checks (%d of %d)" 52#define PASSWORD_CRITERIA \ 53 "Password for dn=\"%s\" has not reached the minimum number of characters (%d) for class %s" 54#define PASSWORD_MAXCONSECUTIVEPERCLASS \ 55 "Password for dn=\"%s\" has reached the maximum number of characters (%d) for class %s" 56#define PASSWORD_FORBIDDENCHARS \ 57 "Password for dn=\"%s\" contains %d forbidden characters in %s" 58#define RDN_TOKEN_FOUND \ 59 "Password for dn=\"%s\" contains tokens from the RDN" 60#define GENERIC_ERROR \ 61 "Error while checking password" 62#define PASSWORD_CRACKLIB \ 63 "Password for dn=\"%s\" is too weak" 64#define BAD_PASSWORD_SZ \ 65 "Bad password for dn=\"%s\" because %s" 66 67 68 69typedef union genValue { 70 int iVal; 71 char sVal[VALUE_MAX_LEN]; 72} genValue; 73 74typedef enum { 75 typeInt, 76 typeStr 77} valueType; 78 79typedef struct params { 80 char param[PARAM_MAX_LEN]; 81 valueType iType; 82} params; 83 84// allowed parameters loaded into configuration structure 85// it also contains the type of the corresponding value 86params allowedParameters[7] = { 87 {"^minQuality", typeInt}, 88 {"^checkRDN", typeInt}, 89 {"^forbiddenChars", typeStr}, 90 {"^maxConsecutivePerClass", typeInt}, 91 {"^useCracklib", typeInt}, 92 {"^cracklibDict", typeStr}, 93 {"^class-.*", typeStr} 94}; 95 96 97// configuration structure, containing a parameter, a value, 98// a corresponding min and minForPoint indicators if necessary 99// and a type for the value (typeInt or typeStr) 100typedef struct conf { 101 char param[PARAM_MAX_LEN]; 102 valueType iType; 103 genValue value; 104 int min; 105 int minForPoint; 106} conf; 107 108void ppm_log(int priority, const char *format, ...); 109int min(char *str1, char *str2); 110#ifndef PPM_READ_FILE 111 static void read_config_attr(conf * fileConf, int *numParam, char *ppm_config_attr); 112#endif 113#ifdef PPM_READ_FILE 114 static void read_config_file(conf * fileConf, int *numParam, char *ppm_config_file); 115#endif 116int check_password(char *pPasswd, char **ppErrStr, Entry *e, void *pArg); 117int maxConsPerClass(char *password, char *charClass); 118void storeEntry(char *param, char *value, valueType valType, 119 char *min, char *minForPoint, conf * fileConf, int *numParam); 120int typeParam(char* param); 121genValue* getValue(conf *fileConf, int numParam, char* param); 122void strcpy_safe(char *dest, char *src, int length_dest); 123 124 125int ppm_test = 0; 126 127#endif 128