diff options
Diffstat (limited to 'plugins/sudoers/sudo_ldap_conf.h')
-rw-r--r-- | plugins/sudoers/sudo_ldap_conf.h | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/plugins/sudoers/sudo_ldap_conf.h b/plugins/sudoers/sudo_ldap_conf.h new file mode 100644 index 0000000..87ac8c8 --- /dev/null +++ b/plugins/sudoers/sudo_ldap_conf.h @@ -0,0 +1,143 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDOERS_LDAP_CONF_H +#define SUDOERS_LDAP_CONF_H + +/* Macros for checking strlcpy/strlcat/sudo_ldap_value_cat return value. */ +#define CHECK_STRLCPY(d, s, l) do { \ + if (strlcpy((d), (s), (l)) >= (l)) { \ + goto overflow; \ + } \ +} while (0) +#define CHECK_STRLCAT(d, s, l) do { \ + if (strlcat((d), (s), (l)) >= (l)) { \ + goto overflow; \ + } \ +} while (0) +#define CHECK_LDAP_VCAT(d, s, l) do { \ + if (sudo_ldap_value_cat((d), (s), (l)) >= (l)) { \ + goto overflow; \ + } \ +} while (0) + +#if defined(__GNUC__) && __GNUC__ == 2 +# define DPRINTF1(fmt...) do { \ + sudo_debug_printf(SUDO_DEBUG_DIAG, fmt); \ + if (ldap_conf.debug >= 1) { \ + sudo_warnx_nodebug(fmt); \ + } \ +} while (0) +# define DPRINTF2(fmt...) do { \ + sudo_debug_printf(SUDO_DEBUG_INFO, fmt); \ + if (ldap_conf.debug >= 2) { \ + sudo_warnx_nodebug(fmt); \ + } \ +} while (0) +#else +# define DPRINTF1(...) do { \ + sudo_debug_printf(SUDO_DEBUG_DIAG, __VA_ARGS__); \ + if (ldap_conf.debug >= 1) { \ + sudo_warnx_nodebug(__VA_ARGS__); \ + } \ +} while (0) +# define DPRINTF2(...) do { \ + sudo_debug_printf(SUDO_DEBUG_INFO, __VA_ARGS__); \ + if (ldap_conf.debug >= 2) { \ + sudo_warnx_nodebug(__VA_ARGS__); \ + } \ +} while (0) +#endif + +/* + * Configuration data types. + * When adding a new data type, be sure to update sudo_ldap_parse_keyword() + * and sudo_ldap_set_options_table(). + */ +#define CONF_BOOL 0 +#define CONF_INT 1 +#define CONF_STR 2 +#define CONF_LIST_STR 4 +#define CONF_DEREF_VAL 5 +#define CONF_REQCERT_VAL 6 + +#define SUDO_LDAP_CLEAR 0 +#define SUDO_LDAP_SSL 1 +#define SUDO_LDAP_STARTTLS 2 + +struct ldap_config_table { + const char *conf_str; /* config file string */ + int type; /* CONF_* value, see above */ + int opt_val; /* LDAP_OPT_* (or -1 for sudo internal) */ + void *valp; /* pointer into ldap_conf */ +}; + +struct ldap_config_str { + STAILQ_ENTRY(ldap_config_str) entries; + char val[1]; +}; +STAILQ_HEAD(ldap_config_str_list, ldap_config_str); + +/* LDAP configuration structure */ +struct ldap_config { + int port; + int version; + int debug; + int ldap_debug; + int tls_checkpeer; + int tls_reqcert; + int timelimit; + int timeout; + int bind_timelimit; + int use_sasl; + int rootuse_sasl; + int ssl_mode; + int timed; + int deref; + char *host; + struct ldap_config_str_list uri; + char *binddn; + char *bindpw; + char *rootbinddn; + struct ldap_config_str_list base; + struct ldap_config_str_list netgroup_base; + char *search_filter; + char *netgroup_search_filter; + char *ssl; + char *tls_cacertfile; + char *tls_cacertdir; + char *tls_random_file; + char *tls_cipher_suite; + char *tls_certfile; + char *tls_keyfile; + char *tls_keypw; + char *sasl_mech; + char *sasl_auth_id; + char *rootsasl_auth_id; + char *sasl_secprops; + char *krb5_ccname; +}; + +extern struct ldap_config ldap_conf; + +const char *sudo_krb5_ccname_path(const char *old_ccname); +bool sudo_ldap_read_config(void); +int sudo_ldap_set_options_global(void); +int sudo_ldap_set_options_conn(LDAP *ld); + +#endif /* SUDOERS_LDAP_CONF_H */ |