1 /* 2 * SPDX-License-Identifier: ISC 3 * 4 * Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #ifndef SUDOERS_LDAP_CONF_H 20 #define SUDOERS_LDAP_CONF_H 21 22 /* Macros for checking strlcpy/strlcat/sudo_ldap_value_cat return value. */ 23 #define CHECK_STRLCPY(d, s, l) do { \ 24 if (strlcpy((d), (s), (l)) >= (l)) { \ 25 goto overflow; \ 26 } \ 27 } while (0) 28 #define CHECK_STRLCAT(d, s, l) do { \ 29 if (strlcat((d), (s), (l)) >= (l)) { \ 30 goto overflow; \ 31 } \ 32 } while (0) 33 #define CHECK_LDAP_VCAT(d, s, l) do { \ 34 if (sudo_ldap_value_cat((d), (s), (l)) >= (l)) { \ 35 goto overflow; \ 36 } \ 37 } while (0) 38 39 #if defined(__GNUC__) && __GNUC__ == 2 40 # define DPRINTF1(fmt...) do { \ 41 sudo_debug_printf(SUDO_DEBUG_DIAG, fmt); \ 42 if (ldap_conf.debug >= 1) { \ 43 sudo_warnx_nodebug(fmt); \ 44 } \ 45 } while (0) 46 # define DPRINTF2(fmt...) do { \ 47 sudo_debug_printf(SUDO_DEBUG_INFO, fmt); \ 48 if (ldap_conf.debug >= 2) { \ 49 sudo_warnx_nodebug(fmt); \ 50 } \ 51 } while (0) 52 #else 53 # define DPRINTF1(...) do { \ 54 sudo_debug_printf(SUDO_DEBUG_DIAG, __VA_ARGS__); \ 55 if (ldap_conf.debug >= 1) { \ 56 sudo_warnx_nodebug(__VA_ARGS__); \ 57 } \ 58 } while (0) 59 # define DPRINTF2(...) do { \ 60 sudo_debug_printf(SUDO_DEBUG_INFO, __VA_ARGS__); \ 61 if (ldap_conf.debug >= 2) { \ 62 sudo_warnx_nodebug(__VA_ARGS__); \ 63 } \ 64 } while (0) 65 #endif 66 67 #define CONF_BOOL 0 68 #define CONF_INT 1 69 #define CONF_STR 2 70 #define CONF_LIST_STR 4 71 #define CONF_DEREF_VAL 5 72 #define CONF_REQCERT_VAL 6 73 74 #define SUDO_LDAP_CLEAR 0 75 #define SUDO_LDAP_SSL 1 76 #define SUDO_LDAP_STARTTLS 2 77 78 struct ldap_config_table { 79 const char *conf_str; /* config file string */ 80 int type; /* CONF_BOOL, CONF_INT, CONF_STR */ 81 int opt_val; /* LDAP_OPT_* (or -1 for sudo internal) */ 82 void *valp; /* pointer into ldap_conf */ 83 }; 84 85 struct ldap_config_str { 86 STAILQ_ENTRY(ldap_config_str) entries; 87 char val[1]; 88 }; 89 STAILQ_HEAD(ldap_config_str_list, ldap_config_str); 90 91 /* LDAP configuration structure */ 92 struct ldap_config { 93 int port; 94 int version; 95 int debug; 96 int ldap_debug; 97 int tls_checkpeer; 98 int tls_reqcert; 99 int timelimit; 100 int timeout; 101 int bind_timelimit; 102 int use_sasl; 103 int rootuse_sasl; 104 int ssl_mode; 105 int timed; 106 int deref; 107 char *host; 108 struct ldap_config_str_list uri; 109 char *binddn; 110 char *bindpw; 111 char *rootbinddn; 112 struct ldap_config_str_list base; 113 struct ldap_config_str_list netgroup_base; 114 char *search_filter; 115 char *netgroup_search_filter; 116 char *ssl; 117 char *tls_cacertfile; 118 char *tls_cacertdir; 119 char *tls_random_file; 120 char *tls_cipher_suite; 121 char *tls_certfile; 122 char *tls_keyfile; 123 char *tls_keypw; 124 char *sasl_mech; 125 char *sasl_auth_id; 126 char *rootsasl_auth_id; 127 char *sasl_secprops; 128 char *krb5_ccname; 129 }; 130 131 extern struct ldap_config ldap_conf; 132 133 const char *sudo_krb5_ccname_path(const char *old_ccname); 134 bool sudo_ldap_read_config(void); 135 int sudo_ldap_set_options_global(void); 136 int sudo_ldap_set_options_conn(LDAP *ld); 137 138 #endif /* SUDOERS_LDAP_CONF_H */ 139