summaryrefslogtreecommitdiffstats
path: root/plugins/sudoers/sudo_ldap_conf.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--plugins/sudoers/sudo_ldap_conf.h143
1 files changed, 143 insertions, 0 deletions
diff --git a/plugins/sudoers/sudo_ldap_conf.h b/plugins/sudoers/sudo_ldap_conf.h
new file mode 100644
index 0000000..87ac8c8
--- /dev/null
+++ b/plugins/sudoers/sudo_ldap_conf.h
@@ -0,0 +1,143 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef SUDOERS_LDAP_CONF_H
+#define SUDOERS_LDAP_CONF_H
+
+/* Macros for checking strlcpy/strlcat/sudo_ldap_value_cat return value. */
+#define CHECK_STRLCPY(d, s, l) do { \
+ if (strlcpy((d), (s), (l)) >= (l)) { \
+ goto overflow; \
+ } \
+} while (0)
+#define CHECK_STRLCAT(d, s, l) do { \
+ if (strlcat((d), (s), (l)) >= (l)) { \
+ goto overflow; \
+ } \
+} while (0)
+#define CHECK_LDAP_VCAT(d, s, l) do { \
+ if (sudo_ldap_value_cat((d), (s), (l)) >= (l)) { \
+ goto overflow; \
+ } \
+} while (0)
+
+#if defined(__GNUC__) && __GNUC__ == 2
+# define DPRINTF1(fmt...) do { \
+ sudo_debug_printf(SUDO_DEBUG_DIAG, fmt); \
+ if (ldap_conf.debug >= 1) { \
+ sudo_warnx_nodebug(fmt); \
+ } \
+} while (0)
+# define DPRINTF2(fmt...) do { \
+ sudo_debug_printf(SUDO_DEBUG_INFO, fmt); \
+ if (ldap_conf.debug >= 2) { \
+ sudo_warnx_nodebug(fmt); \
+ } \
+} while (0)
+#else
+# define DPRINTF1(...) do { \
+ sudo_debug_printf(SUDO_DEBUG_DIAG, __VA_ARGS__); \
+ if (ldap_conf.debug >= 1) { \
+ sudo_warnx_nodebug(__VA_ARGS__); \
+ } \
+} while (0)
+# define DPRINTF2(...) do { \
+ sudo_debug_printf(SUDO_DEBUG_INFO, __VA_ARGS__); \
+ if (ldap_conf.debug >= 2) { \
+ sudo_warnx_nodebug(__VA_ARGS__); \
+ } \
+} while (0)
+#endif
+
+/*
+ * Configuration data types.
+ * When adding a new data type, be sure to update sudo_ldap_parse_keyword()
+ * and sudo_ldap_set_options_table().
+ */
+#define CONF_BOOL 0
+#define CONF_INT 1
+#define CONF_STR 2
+#define CONF_LIST_STR 4
+#define CONF_DEREF_VAL 5
+#define CONF_REQCERT_VAL 6
+
+#define SUDO_LDAP_CLEAR 0
+#define SUDO_LDAP_SSL 1
+#define SUDO_LDAP_STARTTLS 2
+
+struct ldap_config_table {
+ const char *conf_str; /* config file string */
+ int type; /* CONF_* value, see above */
+ int opt_val; /* LDAP_OPT_* (or -1 for sudo internal) */
+ void *valp; /* pointer into ldap_conf */
+};
+
+struct ldap_config_str {
+ STAILQ_ENTRY(ldap_config_str) entries;
+ char val[1];
+};
+STAILQ_HEAD(ldap_config_str_list, ldap_config_str);
+
+/* LDAP configuration structure */
+struct ldap_config {
+ int port;
+ int version;
+ int debug;
+ int ldap_debug;
+ int tls_checkpeer;
+ int tls_reqcert;
+ int timelimit;
+ int timeout;
+ int bind_timelimit;
+ int use_sasl;
+ int rootuse_sasl;
+ int ssl_mode;
+ int timed;
+ int deref;
+ char *host;
+ struct ldap_config_str_list uri;
+ char *binddn;
+ char *bindpw;
+ char *rootbinddn;
+ struct ldap_config_str_list base;
+ struct ldap_config_str_list netgroup_base;
+ char *search_filter;
+ char *netgroup_search_filter;
+ char *ssl;
+ char *tls_cacertfile;
+ char *tls_cacertdir;
+ char *tls_random_file;
+ char *tls_cipher_suite;
+ char *tls_certfile;
+ char *tls_keyfile;
+ char *tls_keypw;
+ char *sasl_mech;
+ char *sasl_auth_id;
+ char *rootsasl_auth_id;
+ char *sasl_secprops;
+ char *krb5_ccname;
+};
+
+extern struct ldap_config ldap_conf;
+
+const char *sudo_krb5_ccname_path(const char *old_ccname);
+bool sudo_ldap_read_config(void);
+int sudo_ldap_set_options_global(void);
+int sudo_ldap_set_options_conn(LDAP *ld);
+
+#endif /* SUDOERS_LDAP_CONF_H */