xref: /netbsd-src/crypto/external/bsd/openssh/dist/ldapauth.h (revision 6a493d6bc668897c91594964a732d38505b70cbb) 
1 /*	$NetBSD: ldapauth.h,v 1.1 2010/11/21 18:59:04 adam Exp $	*/
2 /* $Id: ldapauth.h,v 1.1 2010/11/21 18:59:04 adam Exp $
3  */
4 
5 /*
6  *
7  * Copyright (c) 2005, Eric AUGE <eau@phear.org>
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
11  *
12  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
13  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
14  * Neither the name of the phear.org nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
17  * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
19  * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
20  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
21  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
22  *
23  *
24  */
25 
26 #ifndef LDAPAUTH_H
27 #define LDAPAUTH_H
28 
29 #define LDAP_DEPRECATED 1
30 
31 #include <string.h>
32 #include <time.h>
33 #include <ldap.h>
34 #include <lber.h>
35 
36 /* tokens in use for config */
37 #define _DEFAULT_LPK_TOKEN "UseLPK"
38 #define _DEFAULT_SRV_TOKEN "LpkServers"
39 #define _DEFAULT_USR_TOKEN "LpkUserDN"
40 #define _DEFAULT_GRP_TOKEN "LpkGroupDN"
41 #define _DEFAULT_BDN_TOKEN "LpkBindDN"
42 #define _DEFAULT_BPW_TOKEN "LpkBindPw"
43 #define _DEFAULT_MYG_TOKEN "LpkServerGroup"
44 #define _DEFAULT_FIL_TOKEN "LpkFilter"
45 #define _DEFAULT_TLS_TOKEN "LpkForceTLS"
46 #define _DEFAULT_BTI_TOKEN "LpkBindTimelimit"
47 #define _DEFAULT_STI_TOKEN "LpkSearchTimelimit"
48 #define _DEFAULT_LDP_TOKEN "LpkLdapConf"
49 
50 #define _DEFAULT_PUB_TOKEN "LpkPubKeyAttr"
51 
52 /* default options */
53 #define _DEFAULT_LPK_ON 0
54 #define _DEFAULT_LPK_SERVERS NULL
55 #define _DEFAULT_LPK_UDN NULL
56 #define _DEFAULT_LPK_GDN NULL
57 #define _DEFAULT_LPK_BINDDN NULL
58 #define _DEFAULT_LPK_BINDPW NULL
59 #define _DEFAULT_LPK_SGROUP NULL
60 #define _DEFAULT_LPK_FILTER NULL
61 #define _DEFAULT_LPK_TLS -1
62 #define _DEFAULT_LPK_BTIMEOUT 10
63 #define _DEFAULT_LPK_STIMEOUT 10
64 #define _DEFAULT_LPK_LDP NULL
65 #define _DEFAULT_LPK_PUB "sshPublicKey"
66 
67 /* flags */
68 #define FLAG_EMPTY	    0x00000000
69 #define FLAG_CONNECTED	    0x00000001
70 
71 /* flag macros */
72 #define FLAG_SET_EMPTY(x)		x&=(FLAG_EMPTY)
73 #define FLAG_SET_CONNECTED(x)		x|=(FLAG_CONNECTED)
74 #define FLAG_SET_DISCONNECTED(x)	x&=~(FLAG_CONNECTED)
75 
76 /* defines */
77 #define FAILURE -1
78 #define SUCCESS 0
79 
80 /*
81  *
82  * defined files path
83  * (should be relocated to pathnames.h,
84  * if one day it's included within the tree)
85  *
86  */
87 #define _PATH_LDAP_CONFIG_FILE "/etc/ldap.conf"
88 
89 /* structures */
90 typedef struct ldap_options {
91     int on;			/* Use it or NOT */
92     LDAP * ld;			/* LDAP file desc */
93     char * servers;		/* parsed servers for ldaplib failover handling */
94     char * u_basedn;		/* user basedn */
95     char * g_basedn;		/* group basedn */
96     char * binddn;		/* binddn */
97     char * bindpw;		/* bind password */
98     char * sgroup;		/* server group */
99     char * fgroup;		/* group filter */
100     char * filter;		/* additional filter */
101     char * l_conf;		/* use ldap.conf */
102     int tls;			/* TLS only */
103     struct timeval b_timeout;   /* bind timeout */
104     struct timeval s_timeout;   /* search timeout */
105     unsigned int flags;		/* misc flags (reconnection, future use?) */
106     char * pub_key_attr;	/* Pubkey-Attribute */
107 } ldap_opt_t;
108 
109 typedef struct ldap_keys {
110     struct berval ** keys;	/* the public keys retrieved */
111     unsigned int num;		/* number of keys */
112 } ldap_key_t;
113 
114 
115 /* function headers */
116 void ldap_close(ldap_opt_t *);
117 int ldap_connect(ldap_opt_t *);
118 char * ldap_parse_groups(const char *);
119 char * ldap_parse_servers(const char *);
120 void ldap_options_print(ldap_opt_t *);
121 void ldap_options_free(ldap_opt_t *);
122 void ldap_keys_free(ldap_key_t *);
123 int ldap_parse_lconf(ldap_opt_t *);
124 ldap_key_t * ldap_getuserkey(ldap_opt_t *, const char *);
125 int ldap_ismember(ldap_opt_t *, const char *);
126 
127 #endif
128