1 /* $NetBSD: ppm.h,v 1.2 2021/08/14 16:14:53 christos Exp $ */ 2 3 /* 4 * ppm.h for OpenLDAP 5 * 6 * See LICENSE, README and INSTALL files 7 */ 8 9 #ifndef PPM_H_ 10 #define PPM_H_ 11 12 #include <stdlib.h> // for type conversion, such as atoi... 13 #include <regex.h> // for matching allowedParameters / conf file 14 #include <string.h> 15 #include <ctype.h> 16 #include <portable.h> 17 #include <slap.h> 18 19 #if defined(DEBUG) 20 #include <syslog.h> 21 #endif 22 23 //#define PPM_READ_FILE 1 // old deprecated configuration mode 24 // 1: (deprecated) don't read pwdCheckModuleArg 25 // attribute, instead read config file 26 // 0: read pwdCheckModuleArg attribute 27 28 /* config file parameters (DEPRECATED) */ 29 #ifndef CONFIG_FILE 30 #define CONFIG_FILE "/etc/openldap/ppm.example" 31 #endif 32 #define FILENAME_MAX_LEN 512 33 34 #define DEFAULT_QUALITY 3 35 #define MEMORY_MARGIN 50 36 #define MEM_INIT_SZ 64 37 #define DN_MAX_LEN 512 38 39 #define CONF_MAX_SIZE 50 40 #define PARAM_MAX_LEN 32 41 #define VALUE_MAX_LEN 128 42 #define ATTR_NAME_MAX_LEN 150 43 44 #define PARAM_PREFIX_CLASS "class-" 45 #define TOKENS_DELIMITERS " ,;-_£\t" 46 47 48 #define DEBUG_MSG_MAX_LEN 256 49 50 #define PASSWORD_QUALITY_SZ \ 51 "Password for dn=\"%s\" does not pass required number of strength checks (%d of %d)" 52 #define PASSWORD_CRITERIA \ 53 "Password for dn=\"%s\" has not reached the minimum number of characters (%d) for class %s" 54 #define PASSWORD_MAXCONSECUTIVEPERCLASS \ 55 "Password for dn=\"%s\" has reached the maximum number of characters (%d) for class %s" 56 #define PASSWORD_FORBIDDENCHARS \ 57 "Password for dn=\"%s\" contains %d forbidden characters in %s" 58 #define RDN_TOKEN_FOUND \ 59 "Password for dn=\"%s\" contains tokens from the RDN" 60 #define GENERIC_ERROR \ 61 "Error while checking password" 62 #define PASSWORD_CRACKLIB \ 63 "Password for dn=\"%s\" is too weak" 64 #define BAD_PASSWORD_SZ \ 65 "Bad password for dn=\"%s\" because %s" 66 67 68 69 typedef union genValue { 70 int iVal; 71 char sVal[VALUE_MAX_LEN]; 72 } genValue; 73 74 typedef enum { 75 typeInt, 76 typeStr 77 } valueType; 78 79 typedef struct params { 80 char param[PARAM_MAX_LEN]; 81 valueType iType; 82 } params; 83 84 // allowed parameters loaded into configuration structure 85 // it also contains the type of the corresponding value 86 params allowedParameters[7] = { 87 {"^minQuality", typeInt}, 88 {"^checkRDN", typeInt}, 89 {"^forbiddenChars", typeStr}, 90 {"^maxConsecutivePerClass", typeInt}, 91 {"^useCracklib", typeInt}, 92 {"^cracklibDict", typeStr}, 93 {"^class-.*", typeStr} 94 }; 95 96 97 // configuration structure, containing a parameter, a value, 98 // a corresponding min and minForPoint indicators if necessary 99 // and a type for the value (typeInt or typeStr) 100 typedef struct conf { 101 char param[PARAM_MAX_LEN]; 102 valueType iType; 103 genValue value; 104 int min; 105 int minForPoint; 106 } conf; 107 108 void ppm_log(int priority, const char *format, ...); 109 int min(char *str1, char *str2); 110 #ifndef PPM_READ_FILE 111 static void read_config_attr(conf * fileConf, int *numParam, char *ppm_config_attr); 112 #endif 113 #ifdef PPM_READ_FILE 114 static void read_config_file(conf * fileConf, int *numParam, char *ppm_config_file); 115 #endif 116 int check_password(char *pPasswd, char **ppErrStr, Entry *e, void *pArg); 117 int maxConsPerClass(char *password, char *charClass); 118 void storeEntry(char *param, char *value, valueType valType, 119 char *min, char *minForPoint, conf * fileConf, int *numParam); 120 int typeParam(char* param); 121 genValue* getValue(conf *fileConf, int numParam, char* param); 122 void strcpy_safe(char *dest, char *src, int length_dest); 123 124 125 int ppm_test = 0; 126 127 #endif 128