xref: /openbsd-src/libexec/login_ldap/login_ldap.h (revision f95714a45af87f6d8b907be4b389c9683b45d161) 
1 /*
2  * $OpenBSD: login_ldap.h,v 1.1 2020/09/12 15:06:12 martijn Exp $
3  * Copyright (c) 2002 Institute for Open Systems Technology Australia (IFOST)
4  * Copyright (c) 2007 Michael Erdely <merdely@openbsd.org>
5  * Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org>
6  *
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. The name of the author may not be used to endorse or promote products
18  *    derived from this software without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
23  * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
26  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
28  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 #ifndef __login_ldap_h
32 #define __login_ldap_h
33 
34 #include <sys/queue.h>
35 
36 #define DEFTIMEOUT	60 /* number of seconds to wait before a timeout */
37 
38 struct aldap_urlq {
39 	struct aldap_url	 s;
40 	TAILQ_ENTRY(aldap_urlq)	 entries;
41 };
42 
43 struct auth_ctx {
44 	char		*user; 	/* the user to authenticate */
45 	struct aldap	*ld;	/* ldap server connection */
46 	TAILQ_HEAD(, aldap_urlq) s;	/* info about the servers */
47 	char		*basedn;/* base dn for search, may be null */
48 	char		*binddn;/* bind dn for search, may be null */
49 	char		*bindpw;/* bind password for search, may be null */
50 	char		*cacert; /* path to CA ssl certificate */
51 	char		*cacertdir;
52 	char		*userdn; /* dn as returned from search */
53 	char		*filter;
54 	int		 scope;
55 	int		 timeout;
56 	char		*gbasedn;
57 	char		*gfilter;
58 	int		 gscope;
59 };
60 
61 /* util.c */
62 extern int debug;
63 
64 void	dlog(int, char *, ...);
65 int	parse_conf(struct auth_ctx *, const char *);
66 int	conn(struct auth_ctx *);
67 int	do_conn(struct auth_ctx *, struct aldap_url *);
68 char *	parse_filter(struct auth_ctx *, const char *);
69 const char *ldap_resultcode(enum result_code code);
70 
71 /* bind.c */
72 int 	bind_password(struct auth_ctx *, char *, char *);
73 int	unbind(struct auth_ctx *);
74 
75 /* search.c */
76 char * search(struct auth_ctx *, char *, char *, enum scope);
77 #endif /* __login_ldap_h */
78