|
Packit |
6bd9ab |
/*
|
|
Packit |
6bd9ab |
cfg.h - definition of configuration information
|
|
Packit |
6bd9ab |
This file contains parts that were part of the nss_ldap
|
|
Packit |
6bd9ab |
library which has been forked into the nss-pam-ldapd library.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
Copyright (C) 1997-2005 Luke Howard
|
|
Packit |
6bd9ab |
Copyright (C) 2007 West Consulting
|
|
Packit |
6bd9ab |
Copyright (C) 2007-2017 Arthur de Jong
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
02110-1301 USA
|
|
Packit |
6bd9ab |
*/
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifndef NSLCD__CFG_H
|
|
Packit |
6bd9ab |
#define NSLCD__CFG_H
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include <unistd.h>
|
|
Packit |
6bd9ab |
#include <sys/types.h>
|
|
Packit |
6bd9ab |
#include <lber.h>
|
|
Packit |
6bd9ab |
#include <ldap.h>
|
|
Packit |
6bd9ab |
#include <regex.h>
|
|
Packit |
6bd9ab |
#include <time.h>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#include "compat/attrs.h"
|
|
Packit |
6bd9ab |
#include "common/set.h"
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* values for uid and gid */
|
|
Packit |
6bd9ab |
#define NOUID ((gid_t)-1)
|
|
Packit |
6bd9ab |
#define NOGID ((gid_t)-1)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* maximum number of URIs */
|
|
Packit |
6bd9ab |
#define NSS_LDAP_CONFIG_MAX_URIS 31
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* maximum number of search bases */
|
|
Packit |
6bd9ab |
#define NSS_LDAP_CONFIG_MAX_BASES 31
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* maximum number of pam_authz_search options */
|
|
Packit |
6bd9ab |
#define NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES 8
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
enum ldap_ssl_options {
|
|
Packit |
6bd9ab |
SSL_OFF,
|
|
Packit |
6bd9ab |
SSL_LDAPS,
|
|
Packit |
6bd9ab |
SSL_START_TLS
|
|
Packit |
6bd9ab |
};
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* selectors for different maps */
|
|
Packit |
6bd9ab |
enum ldap_map_selector {
|
|
Packit |
6bd9ab |
LM_ALIASES,
|
|
Packit |
6bd9ab |
LM_ETHERS,
|
|
Packit |
6bd9ab |
LM_GROUP,
|
|
Packit |
6bd9ab |
LM_HOSTS,
|
|
Packit |
6bd9ab |
LM_NETGROUP,
|
|
Packit |
6bd9ab |
LM_NETWORKS,
|
|
Packit |
6bd9ab |
LM_PASSWD,
|
|
Packit |
6bd9ab |
LM_PROTOCOLS,
|
|
Packit |
6bd9ab |
LM_RPC,
|
|
Packit |
6bd9ab |
LM_SERVICES,
|
|
Packit |
6bd9ab |
LM_SHADOW,
|
|
Packit |
6bd9ab |
LM_NFSIDMAP, /* only used for cache invalidation */
|
|
Packit |
6bd9ab |
LM_NONE
|
|
Packit |
6bd9ab |
};
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
struct myldap_uri {
|
|
Packit |
6bd9ab |
char *uri;
|
|
Packit |
6bd9ab |
/* time of first failed operation */
|
|
Packit |
6bd9ab |
time_t firstfail;
|
|
Packit |
6bd9ab |
/* time of last failed operation */
|
|
Packit |
6bd9ab |
time_t lastfail;
|
|
Packit |
6bd9ab |
};
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
struct ldap_config {
|
|
Packit |
6bd9ab |
int threads; /* the number of threads to start */
|
|
Packit |
6bd9ab |
char *uidname; /* the user name specified in the uid option */
|
|
Packit |
6bd9ab |
uid_t uid; /* the user id nslcd should be run as */
|
|
Packit |
6bd9ab |
gid_t gid; /* the group id nslcd should be run as */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
struct myldap_uri uris[NSS_LDAP_CONFIG_MAX_URIS + 1]; /* NULL terminated list of URIs */
|
|
Packit |
6bd9ab |
int ldap_version; /* LDAP protocol version */
|
|
Packit |
6bd9ab |
char *binddn; /* bind DN */
|
|
Packit |
6bd9ab |
char *bindpw; /* bind cred */
|
|
Packit |
6bd9ab |
char *rootpwmoddn; /* bind DN for password modification by root */
|
|
Packit |
6bd9ab |
char *rootpwmodpw; /* bind password for password modification by root */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
char *sasl_mech; /* SASL mechanism */
|
|
Packit |
6bd9ab |
char *sasl_realm; /* SASL realm */
|
|
Packit |
6bd9ab |
char *sasl_authcid; /* SASL authentication identity */
|
|
Packit |
6bd9ab |
char *sasl_authzid; /* SASL authorization identity */
|
|
Packit |
6bd9ab |
char *sasl_secprops; /* SASL security properties */
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_SASL_NOCANON
|
|
Packit |
6bd9ab |
int sasl_canonicalize; /* whether host name should be canonicalised */
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_SASL_NOCANON */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
const char *bases[NSS_LDAP_CONFIG_MAX_BASES]; /* search bases */
|
|
Packit |
6bd9ab |
int scope; /* scope for searches */
|
|
Packit |
6bd9ab |
int deref; /* dereference aliases/links */
|
|
Packit |
6bd9ab |
int referrals; /* chase referrals */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
|
|
Packit |
6bd9ab |
int pam_authc_ppolicy; /* whether to send password policy controls on bind */
|
|
Packit |
6bd9ab |
#endif
|
|
Packit |
6bd9ab |
int bind_timelimit; /* bind timelimit */
|
|
Packit |
6bd9ab |
int timelimit; /* search timelimit */
|
|
Packit |
6bd9ab |
int idle_timelimit; /* idle timeout */
|
|
Packit |
6bd9ab |
int reconnect_sleeptime; /* seconds to sleep; doubled until max */
|
|
Packit |
6bd9ab |
int reconnect_retrytime; /* maximum seconds to sleep */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#ifdef LDAP_OPT_X_TLS
|
|
Packit |
6bd9ab |
/* SSL enabled */
|
|
Packit |
6bd9ab |
enum ldap_ssl_options ssl;
|
|
Packit |
6bd9ab |
#endif /* LDAP_OPT_X_TLS */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
int pagesize; /* set to a greater than 0 to enable handling of paged results with the specified size */
|
|
Packit |
6bd9ab |
SET *nss_initgroups_ignoreusers; /* the users for which no initgroups() searches should be done */
|
|
Packit |
6bd9ab |
uid_t nss_min_uid; /* minimum uid for users retrieved from LDAP */
|
|
Packit |
6bd9ab |
uid_t nss_uid_offset; /* offset for uids retrieved from LDAP to avoid local uid clashes */
|
|
Packit |
6bd9ab |
gid_t nss_gid_offset; /* offset for gids retrieved from LDAP to avoid local gid clashes */
|
|
Packit |
6bd9ab |
int nss_nested_groups; /* whether to expand nested groups */
|
|
Packit |
6bd9ab |
int nss_getgrent_skipmembers; /* whether to skip member lookups */
|
|
Packit |
6bd9ab |
int nss_disable_enumeration; /* enumeration turned on or off */
|
|
Packit |
6bd9ab |
regex_t validnames; /* the regular expression to determine valid names */
|
|
Packit |
6bd9ab |
char *validnames_str; /* string version of validnames regexp */
|
|
Packit |
6bd9ab |
int ignorecase; /* whether or not case should be ignored in lookups */
|
|
Packit |
6bd9ab |
char *pam_authc_search; /* the search that should be performed post-authentication */
|
|
Packit |
6bd9ab |
char *pam_authz_searches[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; /* the searches that should be performed to do autorisation checks */
|
|
Packit |
6bd9ab |
char *pam_password_prohibit_message; /* whether password changing should be denied and user prompted with this message */
|
|
Packit |
6bd9ab |
char reconnect_invalidate[LM_NONE]; /* set to 1 if the corresponding map should be invalidated */
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
time_t cache_dn2uid_positive;
|
|
Packit |
6bd9ab |
time_t cache_dn2uid_negative;
|
|
Packit |
6bd9ab |
};
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* this is a pointer to the global configuration, it should be available
|
|
Packit |
6bd9ab |
and populated after cfg_init() is called */
|
|
Packit |
6bd9ab |
extern struct ldap_config *nslcd_cfg;
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
/* Initialize the configuration in nslcd_cfg. This method will read the
|
|
Packit |
6bd9ab |
default configuration file and call exit() if an error occurs. */
|
|
Packit |
6bd9ab |
void cfg_init(const char *fname);
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
#endif /* NSLCD__CFG_H */
|