summaryrefslogtreecommitdiff
path: root/server/providers/ldap/sdap.h
diff options
context:
space:
mode:
Diffstat (limited to 'server/providers/ldap/sdap.h')
-rw-r--r--server/providers/ldap/sdap.h132
1 files changed, 132 insertions, 0 deletions
diff --git a/server/providers/ldap/sdap.h b/server/providers/ldap/sdap.h
new file mode 100644
index 00000000..b3435c8b
--- /dev/null
+++ b/server/providers/ldap/sdap.h
@@ -0,0 +1,132 @@
+/*
+ SSSD
+
+ LDAP Helper routines
+
+ Copyright (C) Simo Sorce <ssorce@redhat.com>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "confdb/confdb.h"
+#include "db/sysdb.h"
+#include <ldap.h>
+
+struct sdap_handle {
+ LDAP *ldap;
+ bool connected;
+ int fd;
+};
+
+enum sdap_result {
+ SDAP_SUCCESS,
+ SDAP_NOT_FOUND,
+ SDAP_UNAVAIL,
+ SDAP_RETRY,
+ SDAP_ERROR,
+ SDAP_AUTH_SUCCESS,
+ SDAP_AUTH_FAILED
+};
+
+struct sdap_msg {
+ LDAPMessage *msg;
+};
+
+#define SDAP_URI 0
+#define SDAP_DEFAULT_BIND_DN 1
+#define SDAP_DEFAULT_AUTHTOK_TYPE 2
+#define SDAP_DEFAULT_AUTHTOK 3
+#define SDAP_NETWROK_TIMEOUT 4
+#define SDAP_OPT_TIMEOUT 5
+#define SDAP_TLS_REQCERT 6
+#define SDAP_USER_SEARCH_BASE 7
+#define SDAP_USER_SEARCH_SCOPE 8
+#define SDAP_USER_SEARCH_FILTER 9
+#define SDAP_GROUP_SEARCH_BASE 10
+#define SDAP_GROUP_SEARCH_SCOPE 11
+#define SDAP_GROUP_SEARCH_FILTER 12
+#define SDAP_SCHEMA 13
+#define SDAP_OFFLINE_TIMEOUT 14
+
+#define SDAP_OPTS_BASIC 15 /* opts counter */
+
+/* the objectclass must be the first attribute.
+ * Functions depend on this */
+#define SDAP_OC_USER 0
+#define SDAP_AT_USER_NAME 1
+#define SDAP_AT_USER_PWD 2
+#define SDAP_AT_USER_UID 3
+#define SDAP_AT_USER_GID 4
+#define SDAP_AT_USER_GECOS 5
+#define SDAP_AT_USER_HOME 6
+#define SDAP_AT_USER_SHELL 7
+#define SDAP_AT_USER_UUID 8
+#define SDAP_AT_USER_PRINC 9
+#define SDAP_AT_USER_FULLNAME 10
+#define SDAP_AT_USER_MEMBEROF 11
+
+#define SDAP_OPTS_USER 12 /* attrs counter */
+
+/* the objectclass must be the first attribute.
+ * Functions depend on this */
+#define SDAP_OC_GROUP 0
+#define SDAP_AT_GROUP_NAME 1
+#define SDAP_AT_GROUP_PWD 2
+#define SDAP_AT_GROUP_GID 3
+#define SDAP_AT_GROUP_MEMBER 4
+#define SDAP_AT_GROUP_UUID 5
+
+#define SDAP_OPTS_GROUP 6 /* attrs counter */
+
+struct sdap_gen_opts {
+ const char *opt_name;
+ const char *def_value;
+ char *value;
+};
+
+struct sdap_id_map {
+ const char *opt_name;
+ const char *def_name;
+ const char *sys_name;
+ char *name;
+};
+
+struct sdap_options {
+ struct sdap_gen_opts *basic;
+ struct sdap_id_map *user_map;
+ struct sdap_id_map *group_map;
+
+ /* transformed for easier consumption */
+ uint32_t default_authtok_size;
+ char *default_authtok; /* todo: turn into uint8_t */
+ int network_timeout;
+ int opt_timeout;
+ int offline_timeout;
+};
+
+int sdap_get_options(TALLOC_CTX *memctx,
+ struct confdb_ctx *cdb,
+ const char *conf_path,
+ struct sdap_options **_opts);
+
+int sdap_parse_user(TALLOC_CTX *memctx, struct sdap_options *opts,
+ struct sdap_handle *sh, struct sdap_msg *sm,
+ struct sysdb_attrs **_attrs, char **_dn);
+
+int sdap_parse_group(TALLOC_CTX *memctx, struct sdap_options *opts,
+ struct sdap_handle *sh, struct sdap_msg *sm,
+ struct sysdb_attrs **_attrs, char **_dn);
+
+int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh,
+ struct sdap_msg *sm, char **_dn);