/*
cfg.h - definition of configuration information
This file contains parts that were part of the nss_ldap
library which has been forked into the nss-pam-ldapd library.
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2007 West Consulting
Copyright (C) 2007-2017 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
*/
#ifndef NSLCD__CFG_H
#define NSLCD__CFG_H
#include <unistd.h>
#include <sys/types.h>
#include <lber.h>
#include <ldap.h>
#include <regex.h>
#include <time.h>
#include "compat/attrs.h"
#include "common/set.h"
/* values for uid and gid */
#define NOUID ((gid_t)-1)
#define NOGID ((gid_t)-1)
/* maximum number of URIs */
#define NSS_LDAP_CONFIG_MAX_URIS 31
/* maximum number of search bases */
#define NSS_LDAP_CONFIG_MAX_BASES 31
/* maximum number of pam_authz_search options */
#define NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES 8
enum ldap_ssl_options {
SSL_OFF,
SSL_LDAPS,
SSL_START_TLS
};
/* selectors for different maps */
enum ldap_map_selector {
LM_ALIASES,
LM_ETHERS,
LM_GROUP,
LM_HOSTS,
LM_NETGROUP,
LM_NETWORKS,
LM_PASSWD,
LM_PROTOCOLS,
LM_RPC,
LM_SERVICES,
LM_SHADOW,
LM_NFSIDMAP, /* only used for cache invalidation */
LM_NONE
};
struct myldap_uri {
char *uri;
/* time of first failed operation */
time_t firstfail;
/* time of last failed operation */
time_t lastfail;
};
struct ldap_config {
int threads; /* the number of threads to start */
char *uidname; /* the user name specified in the uid option */
uid_t uid; /* the user id nslcd should be run as */
gid_t gid; /* the group id nslcd should be run as */
struct myldap_uri uris[NSS_LDAP_CONFIG_MAX_URIS + 1]; /* NULL terminated list of URIs */
int ldap_version; /* LDAP protocol version */
char *binddn; /* bind DN */
char *bindpw; /* bind cred */
char *rootpwmoddn; /* bind DN for password modification by root */
char *rootpwmodpw; /* bind password for password modification by root */
char *sasl_mech; /* SASL mechanism */
char *sasl_realm; /* SASL realm */
char *sasl_authcid; /* SASL authentication identity */
char *sasl_authzid; /* SASL authorization identity */
char *sasl_secprops; /* SASL security properties */
#ifdef LDAP_OPT_X_SASL_NOCANON
int sasl_canonicalize; /* whether host name should be canonicalised */
#endif /* LDAP_OPT_X_SASL_NOCANON */
const char *bases[NSS_LDAP_CONFIG_MAX_BASES]; /* search bases */
int scope; /* scope for searches */
int deref; /* dereference aliases/links */
int referrals; /* chase referrals */
#if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
int pam_authc_ppolicy; /* whether to send password policy controls on bind */
#endif
int bind_timelimit; /* bind timelimit */
int timelimit; /* search timelimit */
int idle_timelimit; /* idle timeout */
int reconnect_sleeptime; /* seconds to sleep; doubled until max */
int reconnect_retrytime; /* maximum seconds to sleep */
#ifdef LDAP_OPT_X_TLS
/* SSL enabled */
enum ldap_ssl_options ssl;
#endif /* LDAP_OPT_X_TLS */
int pagesize; /* set to a greater than 0 to enable handling of paged results with the specified size */
SET *nss_initgroups_ignoreusers; /* the users for which no initgroups() searches should be done */
uid_t nss_min_uid; /* minimum uid for users retrieved from LDAP */
uid_t nss_uid_offset; /* offset for uids retrieved from LDAP to avoid local uid clashes */
gid_t nss_gid_offset; /* offset for gids retrieved from LDAP to avoid local gid clashes */
int nss_nested_groups; /* whether to expand nested groups */
int nss_getgrent_skipmembers; /* whether to skip member lookups */
int nss_disable_enumeration; /* enumeration turned on or off */
regex_t validnames; /* the regular expression to determine valid names */
char *validnames_str; /* string version of validnames regexp */
int ignorecase; /* whether or not case should be ignored in lookups */
char *pam_authc_search; /* the search that should be performed post-authentication */
char *pam_authz_searches[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; /* the searches that should be performed to do autorisation checks */
char *pam_password_prohibit_message; /* whether password changing should be denied and user prompted with this message */
char reconnect_invalidate[LM_NONE]; /* set to 1 if the corresponding map should be invalidated */
time_t cache_dn2uid_positive;
time_t cache_dn2uid_negative;
};
/* this is a pointer to the global configuration, it should be available
and populated after cfg_init() is called */
extern struct ldap_config *nslcd_cfg;
/* Initialize the configuration in nslcd_cfg. This method will read the
default configuration file and call exit() if an error occurs. */
void cfg_init(const char *fname);
#endif /* NSLCD__CFG_H */