1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
/*
cfg.h - definition of configuration information
This file contains parts that were part of the nss_ldap
library which has been forked into the nss-pam-ldapd library.
Copyright (C) 1997-2005 Luke Howard
Copyright (C) 2007 West Consulting
Copyright (C) 2007-2017 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
*/
#ifndef NSLCD__CFG_H
#define NSLCD__CFG_H
#include <unistd.h>
#include <sys/types.h>
#include <lber.h>
#include <ldap.h>
#include <regex.h>
#include <time.h>
#include "compat/attrs.h"
#include "common/set.h"
/* values for uid and gid */
#define NOUID ((gid_t)-1)
#define NOGID ((gid_t)-1)
/* maximum number of URIs */
#define NSS_LDAP_CONFIG_MAX_URIS 31
/* maximum number of search bases */
#define NSS_LDAP_CONFIG_MAX_BASES 31
/* maximum number of pam_authz_search options */
#define NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES 8
enum ldap_ssl_options {
SSL_OFF,
SSL_LDAPS,
SSL_START_TLS
};
/* selectors for different maps */
enum ldap_map_selector {
LM_ALIASES,
LM_ETHERS,
LM_GROUP,
LM_HOSTS,
LM_NETGROUP,
LM_NETWORKS,
LM_PASSWD,
LM_PROTOCOLS,
LM_RPC,
LM_SERVICES,
LM_SHADOW,
LM_NFSIDMAP, /* only used for cache invalidation */
LM_NONE
};
struct myldap_uri {
char *uri;
/* time of first failed operation */
time_t firstfail;
/* time of last failed operation */
time_t lastfail;
};
struct ldap_config {
int threads; /* the number of threads to start */
char *uidname; /* the user name specified in the uid option */
uid_t uid; /* the user id nslcd should be run as */
gid_t gid; /* the group id nslcd should be run as */
struct myldap_uri uris[NSS_LDAP_CONFIG_MAX_URIS + 1]; /* NULL terminated list of URIs */
int ldap_version; /* LDAP protocol version */
char *binddn; /* bind DN */
char *bindpw; /* bind cred */
char *rootpwmoddn; /* bind DN for password modification by root */
char *rootpwmodpw; /* bind password for password modification by root */
char *sasl_mech; /* SASL mechanism */
char *sasl_realm; /* SASL realm */
char *sasl_authcid; /* SASL authentication identity */
char *sasl_authzid; /* SASL authorization identity */
char *sasl_secprops; /* SASL security properties */
#ifdef LDAP_OPT_X_SASL_NOCANON
int sasl_canonicalize; /* whether host name should be canonicalised */
#endif /* LDAP_OPT_X_SASL_NOCANON */
const char *bases[NSS_LDAP_CONFIG_MAX_BASES]; /* search bases */
int scope; /* scope for searches */
int deref; /* dereference aliases/links */
int referrals; /* chase referrals */
#if defined(HAVE_LDAP_SASL_BIND) && defined(LDAP_SASL_SIMPLE)
int pam_authc_ppolicy; /* whether to send password policy controls on bind */
#endif
int bind_timelimit; /* bind timelimit */
int timelimit; /* search timelimit */
int idle_timelimit; /* idle timeout */
int reconnect_sleeptime; /* seconds to sleep; doubled until max */
int reconnect_retrytime; /* maximum seconds to sleep */
#ifdef LDAP_OPT_X_TLS
/* SSL enabled */
enum ldap_ssl_options ssl;
#endif /* LDAP_OPT_X_TLS */
int pagesize; /* set to a greater than 0 to enable handling of paged results with the specified size */
SET *nss_initgroups_ignoreusers; /* the users for which no initgroups() searches should be done */
uid_t nss_min_uid; /* minimum uid for users retrieved from LDAP */
uid_t nss_uid_offset; /* offset for uids retrieved from LDAP to avoid local uid clashes */
gid_t nss_gid_offset; /* offset for gids retrieved from LDAP to avoid local gid clashes */
int nss_nested_groups; /* whether to expand nested groups */
int nss_getgrent_skipmembers; /* whether to skip member lookups */
int nss_disable_enumeration; /* enumeration turned on or off */
regex_t validnames; /* the regular expression to determine valid names */
char *validnames_str; /* string version of validnames regexp */
int ignorecase; /* whether or not case should be ignored in lookups */
char *pam_authc_search; /* the search that should be performed post-authentication */
char *pam_authz_searches[NSS_LDAP_CONFIG_MAX_AUTHZ_SEARCHES]; /* the searches that should be performed to do autorisation checks */
char *pam_password_prohibit_message; /* whether password changing should be denied and user prompted with this message */
char reconnect_invalidate[LM_NONE]; /* set to 1 if the corresponding map should be invalidated */
time_t cache_dn2uid_positive;
time_t cache_dn2uid_negative;
};
/* this is a pointer to the global configuration, it should be available
and populated after cfg_init() is called */
extern struct ldap_config *nslcd_cfg;
/* Initialize the configuration in nslcd_cfg. This method will read the
default configuration file and call exit() if an error occurs. */
void cfg_init(const char *fname);
#endif /* NSLCD__CFG_H */
|