contrib/slapd-modules/ppm/ppm.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

/*
 * ppm.h for OpenLDAP
 *
 * See LICENSE, README and INSTALL files
 */

#ifndef PPM_H_
#define PPM_H_

#include <stdlib.h>             // for type conversion, such as atoi...
#include <regex.h>              // for matching allowedParameters / conf file
#include <string.h>
#include <ctype.h>
#include <portable.h>
#include <slap.h>

#if defined(DEBUG)
#include <syslog.h>
#endif

// Get OpenLDAP version
#define OLDAP_VERSION ((LDAP_VENDOR_VERSION_MAJOR << 8) | LDAP_VENDOR_VERSION_MINOR)
// OLDAP_VERSION = 0x0205 // (v2.5)
// OLDAP_VERSION = 0x0206 // (v2.6)

//#define PPM_READ_FILE 1       // old deprecated configuration mode
                                // 1: (deprecated) don't read pwdCheckModuleArg
                                //    attribute, instead read config file
                                // 0: read pwdCheckModuleArg attribute

/* config file parameters (DEPRECATED) */
#ifndef CONFIG_FILE
#define CONFIG_FILE                       "/etc/openldap/ppm.example"
#endif
#define FILENAME_MAX_LEN                  512

#define DEFAULT_QUALITY                   3
#define MEMORY_MARGIN                     50
#if OLDAP_VERSION == 0x0205
  #define MEM_INIT_SZ                     64
#endif
#define DN_MAX_LEN                        512

#define CONF_MAX_SIZE                      50
#define PARAM_MAX_LEN                      32
#define VALUE_MAX_LEN                      512
#define ATTR_NAME_MAX_LEN                  150

#define PARAM_PREFIX_CLASS                "class-"
#define TOKENS_DELIMITERS                 " ,;-_£\t"
#define ATTR_TOKENS_DELIMITERS            " ,;-_@\t"


#define DEBUG_MSG_MAX_LEN                 256

#define PASSWORD_QUALITY_SZ \
  "Password for dn=\"%s\" does not pass required number of strength checks (%d of %d)"
#define PASSWORD_MIN_CRITERIA \
  "Password for dn=\"%s\" has not reached the minimum number of characters (%d) for class %s"
#define PASSWORD_MAX_CRITERIA \
  "Password for dn=\"%s\" has reached the maximum number of characters (%d) for class %s"
#define PASSWORD_MAXCONSECUTIVEPERCLASS \
  "Password for dn=\"%s\" has reached the maximum number of characters (%d) for class %s"
#define PASSWORD_FORBIDDENCHARS \
  "Password for dn=\"%s\" contains %d forbidden characters in %s"
#define RDN_TOKEN_FOUND \
  "Password for dn=\"%s\" contains tokens from the RDN"
#define ATTR_TOKEN_FOUND \
  "Password for dn=\"%s\" is too simple: it contains part of an attribute"
#define GENERIC_ERROR \
  "Error while checking password"
#define PASSWORD_CRACKLIB \
  "Password for dn=\"%s\" is too weak"
#define BAD_PASSWORD_SZ \
  "Bad password for dn=\"%s\" because %s"


typedef union genValue {
    int iVal;
    char sVal[VALUE_MAX_LEN];
} genValue;

typedef enum {
    typeInt,
    typeStr
} valueType;

typedef struct params {
    char param[PARAM_MAX_LEN];
    valueType iType;
} params;

// allowed parameters loaded into configuration structure
// it also contains the type of the corresponding value
params allowedParameters[8] = {
    {"^minQuality", typeInt},
    {"^checkRDN", typeInt},
    {"^checkAttributes", typeStr},
    {"^forbiddenChars", typeStr},
    {"^maxConsecutivePerClass", typeInt},
    {"^useCracklib", typeInt},
    {"^cracklibDict", typeStr},
    {"^class-.*", typeStr}
};


// configuration structure, containing a parameter, a value,
// a corresponding min and minForPoint indicators if necessary
// and a type for the value (typeInt or typeStr)
typedef struct conf {
    char param[PARAM_MAX_LEN];
    valueType iType;
    genValue value;
    int min;
    int minForPoint;
    int max;
} conf;

void ppm_log(int priority, const char *format, ...);
int min(char *str1, char *str2);
#ifndef PPM_READ_FILE
  static void read_config_attr(conf * fileConf, int *numParam, char *ppm_config_attr);
#endif
#ifdef PPM_READ_FILE
  static void read_config_file(conf * fileConf, int *numParam, char *ppm_config_file);
#endif

#if OLDAP_VERSION == 0x0205
  int check_password(char *pPasswd, char **ppErrStr, Entry *e, void *pArg);
#else
  int check_password(char *pPasswd, struct berval *ppErrmsg, Entry *e, void *pArg);
#endif
int maxConsPerClass(char *password, char *charClass);
void storeEntry(char *param, char *value, valueType valType, 
           char *min, char *minForPoint, char *max, conf * fileConf,
           int *numParam);
int typeParam(char* param);
genValue* getValue(conf *fileConf, int numParam, char* param);
void strcpy_safe(char *dest, char *src, int length_dest);


int ppm_test = 0;

#endif