xref: /netbsd-src/crypto/external/bsd/openssh/dist/ldapauth.h (revision f5a3e1b0221655db9f9a8f38b0311a438f5544ec) 
1 /*	$NetBSD: ldapauth.h,v 1.6 2021/08/14 16:17:57 christos Exp $	*/
2 
3 /*
4  *
5  * Copyright (c) 2005, Eric AUGE <eau@phear.org>
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
9  *
10  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
11  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
12  * Neither the name of the phear.org nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
15  * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16  * IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
17  * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
18  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
19  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
20  *
21  *
22  */
23 
24 #ifndef LDAPAUTH_H
25 #define LDAPAUTH_H
26 
27 #define LDAP_DEPRECATED 1
28 
29 #include <string.h>
30 #include <time.h>
31 #include <ldap.h>
32 #include <lber.h>
33 
34 /* tokens in use for config */
35 #define _DEFAULT_LPK_TOKEN "UseLPK"
36 #define _DEFAULT_SRV_TOKEN "LpkServers"
37 #define _DEFAULT_USR_TOKEN "LpkUserDN"
38 #define _DEFAULT_GRP_TOKEN "LpkGroupDN"
39 #define _DEFAULT_BDN_TOKEN "LpkBindDN"
40 #define _DEFAULT_BPW_TOKEN "LpkBindPw"
41 #define _DEFAULT_MYG_TOKEN "LpkServerGroup"
42 #define _DEFAULT_FIL_TOKEN "LpkFilter"
43 #define _DEFAULT_TLS_TOKEN "LpkForceTLS"
44 #define _DEFAULT_BTI_TOKEN "LpkBindTimelimit"
45 #define _DEFAULT_STI_TOKEN "LpkSearchTimelimit"
46 #define _DEFAULT_LDP_TOKEN "LpkLdapConf"
47 
48 #define _DEFAULT_PUB_TOKEN "LpkPubKeyAttr"
49 
50 /* default options */
51 #define _DEFAULT_LPK_ON 0
52 #define _DEFAULT_LPK_SERVERS NULL
53 #define _DEFAULT_LPK_UDN NULL
54 #define _DEFAULT_LPK_GDN NULL
55 #define _DEFAULT_LPK_BINDDN NULL
56 #define _DEFAULT_LPK_BINDPW NULL
57 #define _DEFAULT_LPK_SGROUP NULL
58 #define _DEFAULT_LPK_FILTER NULL
59 #define _DEFAULT_LPK_TLS -1
60 #define _DEFAULT_LPK_BTIMEOUT 10
61 #define _DEFAULT_LPK_STIMEOUT 10
62 #define _DEFAULT_LPK_LDP NULL
63 #define _DEFAULT_LPK_PUB "sshPublicKey"
64 
65 /* flags */
66 #define FLAG_EMPTY	    0x00000000
67 #define FLAG_CONNECTED	    0x00000001
68 
69 /* flag macros */
70 #define FLAG_SET_EMPTY(x)		x&=(FLAG_EMPTY)
71 #define FLAG_SET_CONNECTED(x)		x|=(FLAG_CONNECTED)
72 #define FLAG_SET_DISCONNECTED(x)	x&=~(FLAG_CONNECTED)
73 
74 /* defines */
75 #define FAILURE -1
76 #define SUCCESS 0
77 
78 /*
79  *
80  * defined files path
81  * (should be relocated to pathnames.h,
82  * if one day it's included within the tree)
83  *
84  */
85 #define _PATH_LDAP_CONFIG_FILE "/etc/ldap.conf"
86 
87 /* structures */
88 typedef struct ldap_options {
89     int on;			/* Use it or NOT */
90     LDAP * ld;			/* LDAP file desc */
91     char * servers;		/* parsed servers for ldaplib failover handling */
92     char * u_basedn;		/* user basedn */
93     char * g_basedn;		/* group basedn */
94     char * binddn;		/* binddn */
95     char * bindpw;		/* bind password */
96     char * sgroup;		/* server group */
97     char * fgroup;		/* group filter */
98     char * filter;		/* additional filter */
99     char * l_conf;		/* use ldap.conf */
100     int tls;			/* TLS only */
101     struct timeval b_timeout;   /* bind timeout */
102     struct timeval s_timeout;   /* search timeout */
103     unsigned int flags;		/* misc flags (reconnection, future use?) */
104     char * pub_key_attr;	/* Pubkey-Attribute */
105 } ldap_opt_t;
106 
107 typedef struct ldap_keys {
108     struct berval ** keys;	/* the public keys retrieved */
109     unsigned int num;		/* number of keys */
110 } ldap_key_t;
111 
112 
113 /* function headers */
114 void ldap_close(ldap_opt_t *);
115 int ldap_xconnect(ldap_opt_t *);
116 char * ldap_parse_groups(const char *);
117 char * ldap_parse_servers(const char *);
118 void ldap_options_print(ldap_opt_t *);
119 void ldap_options_free(ldap_opt_t *);
120 void ldap_keys_free(ldap_key_t *);
121 int ldap_parse_lconf(ldap_opt_t *);
122 ldap_key_t * ldap_getuserkey(ldap_opt_t *, const char *);
123 int ldap_ismember(ldap_opt_t *, const char *);
124 
125 #endif
126