1219732Sume/* $NetBSD: ldap_rbac.h,v 1.2 2021/08/14 16:14:53 christos Exp $ */ 2282746Sgjb 3219732Sume#ifndef LDAP_RBAC_H 4219732Sume#define LDAP_RBAC_H 5219732Sume 6219732Sume/* extended operations for RBAC */ 7219732Sume#define LDAP_RBAC_EXOP_CREATE_SESSION "1.3.6.1.4.1.4203.555.1" /* RFC xxxx */ 8219732Sume#define LDAP_RBAC_EXOP_CHECK_ACCESS "1.3.6.1.4.1.4203.555.2" 9219732Sume#define LDAP_RBAC_EXOP_ADD_ACTIVE_ROLE "1.3.6.1.4.1.4203.555.3" 10219732Sume#define LDAP_RBAC_EXOP_DROP_ACTIVE_ROLE "1.3.6.1.4.1.4203.555.4" 11219732Sume#define LDAP_RBAC_EXOP_DELETE_SESSION "1.3.6.1.4.1.4203.555.5" 12219732Sume#define LDAP_RBAC_EXOP_SESSION_ROLES "1.3.6.1.4.1.4203.555.6" 13219732Sume#define LDAP_RBAC_EXOP_SESSION_PERMISSIONS "1.3.6.1.4.1.4203.555.7" 14219732Sume 15219732Sume#define LDAP_TAG_EXOP_RBAC_SESSION_ID ((ber_tag_t)0x80U) 16219732Sume#define LDAP_TAG_EXOP_RBAC_TENANT_ID ((ber_tag_t)0x81U) 17219732Sume#define LDAP_TAG_EXOP_RBAC_USER_ID ((ber_tag_t)0x82U) 18219732Sume#define LDAP_TAG_EXOP_RBAC_USER ((ber_tag_t)0x80U) 19219732Sume#define LDAP_TAG_EXOP_RBAC_AUTHTOK ((ber_tag_t)0x83U) 20219732Sume#define LDAP_TAG_EXOP_RBAC_ACTIVE_ROLE ((ber_tag_t)0xA4U) 21219732Sume#define LDAP_TAG_EXOP_RBAC_OPNAME ((ber_tag_t)0x81U) 22219732Sume#define LDAP_TAG_EXOP_RBAC_OBJNAME ((ber_tag_t)0x82U) 23219732Sume#define LDAP_TAG_EXOP_RBAC_OBJID ((ber_tag_t)0x83U) 24219732Sume#define LDAP_TAG_EXOP_RBAC_PWPOLICY_STATE ((ber_tag_t)0x85U) 25219732Sume#define LDAP_TAG_EXOP_RBAC_PWPOLICY_VALUE ((ber_tag_t)0x86U) 26219732Sume#define LDAP_TAG_EXOP_RBAC_ROLES ((ber_tag_t)0x04U) 27219732Sume 28219732Sume#define LDAP_TAG_EXOP_RBAC_USER_ID_SESS ((ber_tag_t)0x80U) 29219732Sume#define LDAP_TAG_EXOP_RBAC_SESSION_ID_SESS ((ber_tag_t)0x81U) 30219732Sume#define LDAP_TAG_EXOP_RBAC_ROLE_NM_SESS ((ber_tag_t)0x82U) 31219732Sume 32282746Sgjb#define RBAC_REQ_CREATE_SESSION 0 33225524Shrs#define RBAC_REQ_CHECK_ACCESS 1 34225524Shrs#define RBAC_REQ_ADD_ACTIVE_ROLE 2 35219732Sume#define RBAC_REQ_DROP_ACTIVE_ROLE 3 36219732Sume#define RBAC_REQ_DELETE_SESSION 4 37219732Sume#define RBAC_REQ_SESSION_PERMISSIONS 5 38219732Sume#define RBAC_REQ_SESSION_ROLES 6 39219732Sume 40219732Sume/* defines for password policy */ 41219732Sume#define RBAC_BIND_NEW_AUTHTOK_REQD 1 42219732Sume 43282746Sgjb#define RBAC_PASSWORD_GOOD 0 44282746Sgjb#define RBAC_PASSWORD_EXPIRATION_WARNING 11 45282746Sgjb#define RBAC_PASSWORD_GRACE_WARNING 12 46219732Sume#define RBAC_PASSWORD_HAS_EXPIRED 100 47219732Sume#define RBAC_ACCOUNT_LOCKED 101 48219732Sume#define RBAC_CHANGE_AFTER_RESET 102 49219732Sume#define RBAC_NO_MODIFICATIONS 103 50225524Shrs#define RBAC_MUST_SUPPLY_OLD 104 51219732Sume#define RBAC_INSUFFICIENT_QUALITY 105 52219732Sume#define RBAC_PASSWORD_TOO_SHORT 106 53219732Sume#define RBAC_PASSWORD_TOO_YOUNG 107 54219732Sume#define RBAC_HISTORY_VIOLATION 108 55219732Sume#define RBAC_ACCOUNT_LOCKED_CONSTRAINTS 109 56225524Shrs 57225524Shrs#endif /* LDAP_RBAC_H */ 58219732Sume