xref: /illumos-gate/usr/src/lib/libsldap/common/ns_internal.h (revision 5279807d7e1818eac6f90ac640b7a89cdb37522d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #ifndef	_NS_INTERNAL_H
28 #define	_NS_INTERNAL_H
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 #include <stdio.h>
35 #include <sys/types.h>
36 #include <sys/time.h>
37 #include <thread.h>
38 #include <lber.h>
39 #include <ldap.h>
40 #include "ns_sldap.h"
41 #include "ns_cache_door.h"
42 
43 /*
44  * INTERNALLY USED CONSTANTS
45  */
46 
47 #define	MAXERROR		2000
48 #define	TRUE			1
49 #define	FALSE			0
50 #define	NSLDAPDIRECTORY		"/var/ldap"
51 #define	NSCONFIGFILE		"/var/ldap/ldap_client_file"
52 #define	NSCONFIGREFRESH		"/var/ldap/ldap_client_file.refresh"
53 #define	NSCREDFILE		"/var/ldap/ldap_client_cred"
54 #define	NSCREDREFRESH		"/var/ldap/ldap_client_cred.refresh"
55 #define	ROTORSIZE		256
56 #define	MASK			0377
57 #define	LDAPMAXHARDLOOKUPTIME	256
58 #define	DONOTEDIT		\
59 	"Do not edit this file manually; your changes will be lost." \
60 	"Please use ldapclient (1M) instead."
61 #define	MAXPORTNUMBER		65535
62 #define	MAXPORTNUMBER_STR	"65535"
63 #define	CREDFILE		0
64 #define	CONFIGFILE		1
65 #define	UIDNUMFILTER		"(&(objectclass=posixAccount)(uidnumber=%s))"
66 #define	UIDNUMFILTER_SSD 	"(&(%%s)(uidnumber=%s))"
67 #define	UIDFILTER		"(&(objectclass=posixAccount)(uid=%s))"
68 #define	UIDFILTER_SSD		"(&(%%s)(uid=%s))"
69 #define	HOSTFILTER		"(&(objectclass=ipHost)(cn=%s))"
70 #define	HOSTFILTER_SSD		"(&(%%s)(cn=%s))"
71 
72 #define	SIMPLEPAGECTRLFLAG	1
73 #define	VLVCTRLFLAG		2
74 
75 #define	LISTPAGESIZE		1000
76 #define	ENUMPAGESIZE		100
77 #define	SORTKEYLIST		"cn uid"
78 
79 #define	DEFMAX			8
80 #define	TOKENSEPARATOR		'='
81 #define	QUOTETOK		'"'
82 #define	SPACETOK		' '
83 #define	COMMATOK		','
84 #define	COLONTOK		':'
85 #define	QUESTTOK		'?'
86 #define	SEMITOK			';'
87 #define	TABTOK			'\t'
88 #define	OPARATOK		'('
89 #define	CPARATOK		')'
90 #define	BSLTOK			'\\'
91 #define	DOORLINESEP		"\07"
92 #define	DOORLINESEP_CHR		0x7
93 #define	COMMASEP		", "
94 #define	SPACESEP		" "
95 #define	SEMISEP			";"
96 #define	COLONSEP		":"
97 #define	COLSPSEP		": "
98 #define	EQUALSEP		"="
99 #define	EQUSPSEP		"= "
100 #define	LAST_VALUE		(int)NS_LDAP_HOST_CERTPATH_P
101 #define	BUFSIZE			1024
102 #define	DEFAULTCONFIGNAME	"__default_config"
103 #define	EXP_DEFAULT_TTL		"43200"	/* 12 hours TTL */
104 #define	CRYPTMARK		"{NS1}"
105 #define	DOORBUFFERSIZE		8192
106 
107 #define	LDIF_FMT_STR		"%s: %s"
108 #define	FILE_FMT_STR		"%s= %s"
109 #define	DOOR_FMT_STR		"%s=%s"
110 
111 #define	SESSION_CACHE_INC	8
112 #define	CONID_OFFSET		1024
113 #define	NS_DEFAULT_BIND_TIMEOUT		30 /* timeout value in seconds */
114 #define	NS_DEFAULT_SEARCH_TIMEOUT	30 /* timeout value in seconds */
115 
116 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
117 #define	RDNSIZE			512
118 
119 /*
120  * special service used by ldap_cachemgr to indicate a shadow update
121  * is to be done with the credential of the administrator identity
122  */
123 #define	NS_ADMIN_SHADOW_UPDATE	"shadow__admin_update"
124 
125 /* Phase 1 profile information */
126 #define	_PROFILE1_OBJECTCLASS	"SolarisNamingProfile"
127 #define	_PROFILE_CONTAINER	"profile"
128 #define	_PROFILE_FILTER		"(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
129 
130 /* Phase 2 profile information */
131 #define	_PROFILE2_OBJECTCLASS		"DUAConfigProfile"
132 
133 /* Common to all profiles */
134 #define	_P_CN			"cn"
135 
136 /* Native LDAP Phase 1 Specific Profile Attributes */
137 #define	_P1_SERVERS			"SolarisLDAPServers"
138 #define	_P1_SEARCHBASEDN		"SolarisSearchBaseDN"
139 #define	_P1_CACHETTL			"SolarisCacheTTL"
140 #define	_P1_BINDDN			"SolarisBindDN"
141 #define	_P1_BINDPASSWORD		"SolarisBindPassword"
142 #define	_P1_AUTHMETHOD			"SolarisAuthMethod"
143 #define	_P1_TRANSPORTSECURITY		"SolarisTransportSecurity"
144 #define	_P1_CERTIFICATEPATH		"SolarisCertificatePath"
145 #define	_P1_CERTIFICATEPASSWORD		"SolarisCertificatePassword"
146 #define	_P1_DATASEARCHDN		"SolarisDataSearchDN"
147 #define	_P1_SEARCHSCOPE			"SolarisSearchScope"
148 #define	_P1_SEARCHTIMELIMIT		"SolarisSearchTimeLimit"
149 #define	_P1_PREFERREDSERVER		"SolarisPreferredServer"
150 #define	_P1_PREFERREDSERVERONLY		"SolarisPreferredServerOnly"
151 #define	_P1_SEARCHREFERRAL		"SolarisSearchReferral"
152 #define	_P1_BINDTIMELIMIT		"SolarisBindTimeLimit"
153 
154 /* Native LDAP Phase 2 Specific Profile Attributes */
155 #define	_P2_PREFERREDSERVER		"preferredServerList"
156 #define	_P2_DEFAULTSERVER		"defaultServerList"
157 #define	_P2_SEARCHBASEDN		"defaultSearchBase"
158 #define	_P2_SEARCHSCOPE			"defaultSearchScope"
159 #define	_P2_AUTHMETHOD			"authenticationMethod"
160 #define	_P2_CREDENTIALLEVEL		"credentialLevel"
161 #define	_P2_SERVICESEARCHDESC		"serviceSearchDescriptor"
162 #define	_P2_SEARCHTIMELIMIT		"searchTimeLimit"
163 #define	_P2_BINDTIMELIMIT		"bindTimeLimit"
164 #define	_P2_FOLLOWREFERRALS		"followReferrals"
165 #define	_P2_PROFILETTL			"profileTTL"
166 #define	_P2_ATTRIBUTEMAP		"attributeMap"
167 #define	_P2_OBJECTCLASSMAP		"objectClassMap"
168 #define	_P2_SERVICECREDLEVEL		"serviceCredentialLevel"
169 #define	_P2_SERVICEAUTHMETHOD		"serviceAuthenticationMethod"
170 
171 /* Control & SASL information from RootDSE door call */
172 #define	_SASLMECHANISM			"supportedSASLmechanisms"
173 #define	_SASLMECHANISM_LEN		23
174 #define	_SUPPORTEDCONTROL		"supportedControl"
175 #define	_SUPPORTEDCONTROL_LEN		16
176 
177 #define	NS_HASH_MAX	257
178 #define	NS_HASH_SCHEMA_MAPPING_EXISTED	"=MAPPING EXISTED="
179 #define	NS_HASH_RC_SUCCESS		1
180 #define	NS_HASH_RC_NO_MEMORY		-1
181 #define	NS_HASH_RC_CONFIG_ERROR		-2
182 #define	NS_HASH_RC_EXISTED		-3
183 #define	NS_HASH_RC_SYNTAX_ERROR		-4
184 
185 /* Password management related error message from iDS ldap server */
186 #define	NS_PWDERR_MAXTRIES		\
187 	"Exceed password retry limit."
188 #define	NS_PWDERR_EXPIRED		\
189 	"password expired!"
190 #define	NS_PWDERR_ACCT_INACTIVATED	\
191 	"Account inactivated. Contact system administrator."
192 #define	NS_PWDERR_CHANGE_NOT_ALLOW	\
193 	"user is not allowed to change password"
194 #define	NS_PWDERR_INVALID_SYNTAX	\
195 	"invalid password syntax"
196 #define	NS_PWDERR_TRIVIAL_PASSWD	\
197 	"Password failed triviality check"
198 #define	NS_PWDERR_IN_HISTORY	\
199 	"password in history"
200 #define	NS_PWDERR_WITHIN_MIN_AGE	\
201 	"within password minimum age"
202 
203 /*
204  * INTERNALLY USED MACROS
205  */
206 
207 void	__s_api_debug_pause(int priority, int st, const char *mesg);
208 
209 #define	NULL_OR_STR(str)	(!(str) || *(str) == '\0' ? "<NULL>" : (str))
210 
211 /*
212  * MKERROR: builds the error structure and fills in the status and
213  * the message.  The message must be a freeable (non-static) string.
214  * If it fails to allocate memory for the error structure,
215  * it will return the retErr.
216  */
217 #define	MKERROR(priority, err, st, mesg, retErr) \
218 	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
219 		return (retErr); \
220 	(err)->message = mesg; \
221 	(err)->status = (st); \
222 	__s_api_debug_pause(priority, st, (err)->message);
223 
224 /*
225  * MKERROR_PWD_MGMT is almost the same as MKERROR
226  * except that it takes two more inputs to fill in the
227  * password management information part of the
228  * ns_ldap_error structure pointed to by err,
229  * and it does not log a syslog message.
230  */
231 #define	MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
232 	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
233 		return (retErr); \
234 	(err)->message = mesg; \
235 	(err)->status = (st); \
236 	(err)->pwd_mgmt.status = (pwd_status); \
237 	(err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
238 
239 #ifdef DEBUG
240 #define	NSLDAPTRACE(variable, setequal, message) \
241 	if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
242 		char buf[BUFSIZ]; \
243 		(void) snprintf(buf, BUFSIZ, message); \
244 		(void) write(__ldap_debug_file, buf); \
245 	}
246 #endif
247 
248 /*
249  * INTERNAL DATA STRUCTURES
250  */
251 
252 /*
253  * configuration entry type
254  */
255 
256 typedef enum {
257 	SERVERCONFIG	= 1,
258 	CLIENTCONFIG	= 2,
259 	CREDCONFIG	= 3
260 } ns_conftype_t;
261 
262 /*
263  * datatype of a config entry
264  */
265 
266 typedef enum {
267 	NS_UNKNOWN	= 0,
268 	CHARPTR		= 1,		/* Single character pointer */
269 	ARRAYCP		= 2,		/* comma sep array of char pointers */
270 	ARRAYAUTH	= 3,		/* Array of auths */
271 	TIMET		= 4,		/* time relative value (TTL) */
272 	INT		= 5,		/* single integer */
273 	SSDLIST		= 6,		/* service search descriptor */
274 	ATTRMAP		= 7,		/* attribute mapping */
275 	OBJMAP		= 8,		/* objectclass mapping */
276 	SERVLIST	= 9,		/* serverlist (SP sep array) */
277 	ARRAYCRED	= 10,		/* Array of credentialLevels */
278 	SAMLIST		= 11,		/* serviceAuthenticationMethod */
279 	SCLLIST		= 12		/* serviceCredentialLevel */
280 } ns_datatype_t;
281 
282 typedef enum {
283 	NS_SUCCESS,
284 	NS_NOTFOUND,
285 	NS_PARSE_ERR
286 } ns_parse_status;
287 
288 typedef enum {
289 	NS_DOOR_FMT	= 1,
290 	NS_LDIF_FMT	= 2,
291 	NS_FILE_FMT	= 3
292 } ns_strfmt_t;
293 
294 /*
295  * This enum reduces the number of version string compares
296  * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
297  */
298 
299 typedef enum {
300 	NS_LDAP_V1	= 1000,
301 	NS_LDAP_V2	= 2000
302 } ns_version_t;
303 
304 /*
305  * enum<->string mapping construct
306  */
307 
308 typedef struct ns_enum_map {
309 	int	value;
310 	char	*name;
311 } ns_enum_map;
312 
313 #define	ENUM2INT(x)		((int)(x))
314 
315 #define	INT2PARAMINDEXENUM(x)	((ParamIndexType)(x))
316 #define	INT2SEARCHREFENUM(x)	((SearchRef_t)(x))
317 #define	INT2SCOPEENUM(x)	((ScopeType_t)(x))
318 #define	INT2AUTHENUM(x)		((AuthType_t)(x))
319 #define	INT2SECENUM(x)		((TlsType_t)(x))
320 #define	INT2PREFONLYENUM(x)	((PrefOnly_t)(x))
321 #define	INT2CREDLEVELENUM(x)	((CredLevel_t)(x))
322 #define	INT2SHADOWUPDATENUM(x)	((enableShadowUpdate_t)(x))
323 
324 #define	INT2LDAPRETURN(x)	((ns_ldap_return_code)(x))
325 #define	INT2CONFIGRETURN(x)	((ns_ldap_config_return_code)(x))
326 #define	INT2PARTIALRETURN(x)	((ns_ldap_partial_return_code)(x))
327 
328 /*
329  * This structure maps service name to rdn components
330  * for use in __ns_getDNs. It also defines the SSD-to-use
331  * service for use in __s_api_get_SSDtoUse_service.
332  * The idea of an SSD-to-use service is to reduce the configuration
333  * complexity. For a service, which does not have its own entries in
334  * the LDAP directory, SSD for it is useless, and should not be set.
335  * But since this service must share the container with at least
336  * one other service which does have it own entries, the SSD for
337  * this other service will be shared by this service.
338  * This other service is called the SSD-to-use service.
339  *
340  */
341 
342 typedef struct ns_service_map {
343 	char	*service;
344 	char	*rdn;
345 	char	*SSDtoUse_service;
346 } ns_service_map;
347 
348 /*
349  * This structure contains a single mapping from:
350  * service:orig -> list of mapped
351  */
352 
353 typedef enum {
354 	NS_ATTR_MAP,
355 	NS_OBJ_MAP
356 } ns_maptype_t;
357 
358 typedef struct ns_mapping {
359 	ns_maptype_t	type;
360 	char		*service;
361 	char		*orig;
362 	char		**map;
363 } ns_mapping_t;
364 
365 /*
366  * The following is the list of internal libsldap configuration data
367  * structures.  The configuration is populated normally once per
368  * application.  The assumption is that in applications can be
369  * relatively short lived (IE ls via nsswitch) so it is important to
370  * keep configuration to a minimum, but keep lookups fast.
371  *
372  * Assumptions:
373  * 1 configuration entry per domain, and almost always 1 domain
374  * per app.  Hooks exist for multiple domains per app.
375  *
376  * Configurations are read in from client file cache or from LDAP.
377  * Attribute/objectclass mappings are hashed to improve lookup
378  * speed.
379  */
380 
381 /*
382  * Hash entry types
383  */
384 typedef enum	_ns_hashtype_t {
385 	NS_HASH_AMAP	= 1,		/* attr map */
386 	NS_HASH_RAMAP	= 2,		/* reverse attr map */
387 	NS_HASH_OMAP	= 3,		/* oc map */
388 	NS_HASH_ROMAP	= 4,		/* reverse oc map */
389 	NS_HASH_VOID	= 5
390 } ns_hashtype_t;
391 
392 typedef struct ns_hash {
393 	ns_hashtype_t	h_type;
394 	ns_mapping_t	*h_map;
395 	struct ns_hash	*h_next;
396 	struct ns_hash	*h_llnext;
397 } ns_hash_t;
398 
399 /*
400  * This structure defines the format of an internal configuration
401  * parameter for ns_ldap client.
402  */
403 
404 typedef struct ns_param {
405 	ns_datatype_t	ns_ptype;
406 	int		ns_acnt;
407 	union {
408 		char	**ppc;
409 		int	*pi;
410 		char	*pc;
411 		int	i;
412 		time_t	tm;
413 	} ns_pu;
414 } ns_param_t;
415 
416 #define	ns_ppc	ns_pu.ppc
417 #define	ns_pi	ns_pu.pi
418 #define	ns_pc	ns_pu.pc
419 #define	ns_i	ns_pu.i
420 #define	ns_tm	ns_pu.tm
421 
422 /*
423  * This structure defines an instance of a configuration structure.
424  * paramList contains the current ns_ldap parameter configuration
425  * and hashTbl contain the current attribute/objectclass mappings.
426  * Parameters are indexed by using the value assigned to the parameter
427  * in ParamIndexType.
428  */
429 
430 typedef struct ns_config {
431 	char			*domainName;
432 	ns_version_t		version;
433 	ns_param_t		paramList[NS_LDAP_MAX_PIT_P];
434 	ns_hash_t		*hashTbl[NS_HASH_MAX];
435 	ns_hash_t		*llHead;
436 	ns_ldap_entry_t		*RootDSE;
437 	boolean_t		delete;
438 	mutex_t			config_mutex;
439 	int			nUse;
440 	ldap_get_chg_cookie_t	config_cookie;
441 } ns_config_t;
442 
443 /*
444  * This structure defines the mapping of the NSCONFIGFILE file
445  * statements into their corresponding SolarisNamingProfile,
446  * Posix Mapping LDAP attributes, and to their corresponding
447  * ParamIndexType enum mapping.  THe ParamIndexType enum
448  * definitions can be found in ns_ldap.h.  This structure also
449  * defines the default values that are used when a value either
450  * does not exist or is undefined.
451  */
452 
453 typedef struct ns_default_config {
454 	const char	*name;		/* config file parameter name */
455 	ParamIndexType	index;		/* config file enum index */
456 	ns_conftype_t	config_type;	/* CLIENT/SERVER/CREDCONFIG */
457 	ns_datatype_t	data_type;	/* ppc,pi,pc,int etc... */
458 	int		single_valued;	/* TRUE OR FALSE */
459 	ns_version_t 	version;	/* Version # for attribute */
460 	const char	*profile_name;	/* profile schema attribute name */
461 	ns_param_t	defval;		/* config file parameter default */
462 	int		(*ns_verify)(ParamIndexType i,
463 				struct ns_default_config *def,
464 				ns_param_t *param,
465 				char *errbuf);
466 	ns_enum_map	*allowed;	/* allowed values */
467 } ns_default_config;
468 
469 
470 /*
471  * This typedef enumerates all the supported authentication
472  * mechanisms currently supported in this library
473  */
474 
475 typedef enum EnumAuthType {
476 	NS_LDAP_EA_NONE				= 0,
477 	NS_LDAP_EA_SIMPLE			= 1,
478 	NS_LDAP_EA_SASL_NONE			= 2,
479 	NS_LDAP_EA_SASL_CRAM_MD5		= 3,
480 	NS_LDAP_EA_SASL_DIGEST_MD5		= 4,
481 	NS_LDAP_EA_SASL_DIGEST_MD5_INT		= 5,
482 	NS_LDAP_EA_SASL_DIGEST_MD5_CONF		= 6,
483 	NS_LDAP_EA_SASL_EXTERNAL		= 7,
484 	NS_LDAP_EA_SASL_GSSAPI			= 8,
485 	NS_LDAP_EA_SASL_SPNEGO			= 9,	/* unsupported */
486 	NS_LDAP_EA_TLS_NONE			= 10,
487 	NS_LDAP_EA_TLS_SIMPLE			= 11,
488 	NS_LDAP_EA_TLS_SASL_NONE		= 12,
489 	NS_LDAP_EA_TLS_SASL_CRAM_MD5		= 13,
490 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5		= 14,
491 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT	= 15,
492 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF	= 16,
493 	NS_LDAP_EA_TLS_SASL_EXTERNAL		= 17,
494 	NS_LDAP_EA_TLS_SASL_GSSAPI		= 18,	/* unsupported */
495 	NS_LDAP_EA_TLS_SASL_SPNEGO		= 19	/* unsupported */
496 } EnumAuthType_t;
497 
498 
499 /*
500  * this enum lists the various states of the search state machine
501  */
502 
503 typedef enum {
504 	INIT			= 1,
505 	EXIT			= 2,
506 	NEXT_SEARCH_DESCRIPTOR	= 3,
507 	GET_SESSION		= 4,
508 	NEXT_SESSION		= 5,
509 	RESTART_SESSION		= 6,
510 	NEXT_SEARCH		= 7,
511 	NEXT_VLV		= 8,
512 	NEXT_PAGE		= 9,
513 	ONE_SEARCH		= 10,
514 	DO_SEARCH		= 11,
515 	NEXT_RESULT		= 12,
516 	MULTI_RESULT		= 13,
517 	PROCESS_RESULT		= 14,
518 	END_PROCESS_RESULT	= 15,
519 	END_RESULT		= 16,
520 	NEXT_REFERRAL		= 17,
521 	GET_REFERRAL_SESSION	= 18,
522 	ERROR			= 19,
523 	LDAP_ERROR		= 20,
524 	GET_ACCT_MGMT_INFO	= 21,
525 	CLEAR_RESULTS		= 22,
526 	REINIT			= 23
527 } ns_state_t;
528 
529 /*
530  * this enum lists the various states of the write state machine
531  */
532 typedef enum {
533 	W_INIT			= 1,
534 	W_EXIT			= 2,
535 	GET_CONNECTION		= 3,
536 	SELECT_OPERATION_SYNC	= 4,
537 	SELECT_OPERATION_ASYNC	= 5,
538 	DO_ADD_SYNC		= 6,
539 	DO_DELETE_SYNC		= 7,
540 	DO_MODIFY_SYNC		= 8,
541 	DO_ADD_ASYNC		= 9,
542 	DO_DELETE_ASYNC		= 10,
543 	DO_MODIFY_ASYNC		= 11,
544 	GET_RESULT_SYNC		= 12,
545 	GET_RESULT_ASYNC	= 13,
546 	PARSE_RESULT		= 14,
547 	GET_REFERRAL_CONNECTION	= 15,
548 	W_LDAP_ERROR		= 16,
549 	W_ERROR			= 17
550 } ns_write_state_t;
551 
552 
553 typedef int ConnectionID;
554 
555 /*
556  * This structure is used by ns_connect to create and manage
557  * one or more ldap connections within the library.
558  */
559 typedef struct connection {
560 	ConnectionID		connectionId;
561 	boolean_t		usedBit;	/* true if only used by */
562 						/* one thread and not shared */
563 						/* by other threads */
564 	pid_t			pid;		/* process id */
565 	char			*serverAddr;
566 	ns_cred_t		*auth;
567 	LDAP			*ld;
568 	thread_t		threadID;	/* thread ID using it */
569 	struct ns_ldap_cookie	*cookieInfo;
570 	char 			**controls;		/* from server_info */
571 	char			**saslMechanisms;	/* from server_info */
572 } Connection;
573 
574 #define	ONE_STEP			1
575 
576 /*
577  * This structure is for referrals processing.
578  * The data are from referral URLs returned by
579  * LDAP servers
580  */
581 typedef struct ns_referral_info {
582 	struct ns_referral_info	*next;
583 	char			*refHost;
584 	int			refScope;
585 	char			*refDN;
586 	char			*refFilter;
587 } ns_referral_info_t;
588 
589 struct ns_ldap_cookie;
590 
591 /*
592  * Batch used by __ns_ldap_list_batch_xxx API
593  */
594 struct ns_ldap_list_batch {
595 	uint32_t		nactive;
596 	struct ns_ldap_cookie	*next_cookie;
597 	struct ns_ldap_cookie	*cookie_list;
598 };
599 
600 struct ns_conn_user;
601 typedef struct ns_conn_user ns_conn_user_t;
602 
603 /*
604  * This structure used internally in searches
605  */
606 
607 typedef struct ns_ldap_cookie {
608 	/* INPUTS */
609 		/* server list position */
610 
611 		/* service search descriptor list & position */
612 	ns_ldap_search_desc_t  **sdlist;
613 	ns_ldap_search_desc_t  **sdpos;
614 
615 		/* search filter callback */
616 	int			use_filtercb;
617 	int 	(*init_filter_cb)(const ns_ldap_search_desc_t *desc,
618 			char **realfilter, const void *userdata);
619 
620 		/* user callback */
621 	int			use_usercb;
622 	int	(*callback)(const ns_ldap_entry_t *entry,
623 			const void *userdata);
624 	const void		*userdata;
625 
626 	int			followRef;
627 	int			use_paging;
628 	char			*service;
629 	char			*i_filter;
630 	const char * const	*i_attr;
631 	const ns_cred_t		*i_auth;
632 	int 			i_flags;
633 
634 	/* OUTPUTS */
635 	ns_ldap_result_t	*result;
636 	ns_ldap_entry_t		*nextEntry;
637 		/* Error data */
638 	int			err_rc;
639 	ns_ldap_error_t		*errorp;
640 
641 	/* PRIVATE */
642 	ns_state_t		state;
643 	ns_state_t		new_state;
644 	ns_state_t		next_state;
645 
646 	Connection		*conn;
647 #define	conn_auth_type	conn->auth->auth.type
648 	ConnectionID		connectionId;
649 
650 	/* paging VLV/SIMPLEPAGE data */
651 	int			listType;
652 	unsigned long		index;
653 	LDAPControl		**p_serverctrls;
654 
655 	int			scope;
656 	char			*basedn;
657 	char			*filter;
658 	char			**attribute;
659 
660 	/* RESULT PROCESSING */
661 	int			msgId;
662 	LDAPMessage		*resultMsg;
663 
664 	char			**dns;
665 	char			*currentdn;
666 	int			flag;
667 	struct berval   	*ctrlCookie;
668 
669 	/* REFERRALS PROCESSING */
670 	/* referralinfo list & position */
671 	ns_referral_info_t  	*reflist;
672 	ns_referral_info_t  	*refpos;
673 	/* search timeout value */
674 	struct timeval		search_timeout;
675 	/* response control to hold account management information */
676 	LDAPControl		**resultctrl;
677 	/* Flag to indicate password less account management is required */
678 	int			nopasswd_acct_mgmt;
679 	int			err_from_result;
680 	ns_conn_user_t		*conn_user;
681 
682 	/* BATCH PROCESSING */
683 	ns_ldap_list_batch_t	*batch;
684 	boolean_t		no_wait;
685 	boolean_t		reinit_on_retriable_err;
686 	int			retries;
687 	ns_ldap_result_t	**caller_result;
688 	ns_ldap_error_t		**caller_errorp;
689 	int			*caller_rc;
690 	struct ns_ldap_cookie	*next_cookie_in_batch;
691 } ns_ldap_cookie_t;
692 
693 /*
694  * This structure is part of the return value information for
695  * __s_api_requestServer.  The routine that requests a new server
696  * from the cache manager
697  */
698 typedef struct ns_server_info {
699 	char	*server;
700 	char	*serverFQDN;
701 	char 	**controls;
702 	char	**saslMechanisms;
703 } ns_server_info_t;
704 
705 /*
706  * sasl callback function parameters
707  */
708 typedef struct ns_sasl_cb_param {
709 	char	*mech;
710 	char	*authid;
711 	char	*authzid;
712 	char	*passwd;
713 	char	*realm;
714 } ns_sasl_cb_param_t;
715 
716 /* self/sasl/gssapi variable */
717 extern int sasl_gssapi_inited;
718 
719 /* Multiple threads per connection variable */
720 extern int MTperConn;
721 
722 /*
723  * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
724  */
725 
726 #ifdef DEBUG
727 extern int	__ldap_debug_file;
728 extern int	__ldap_debug_api;
729 extern int	__ldap_debug_ldap;
730 extern int	__ldap_debug_servers;
731 #endif
732 
733 /* internal connection APIs */
734 void DropConnection(ConnectionID, int);
735 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
736 
737 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
738 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
739 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
740 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
741 char *__s_get_pref_name(PrefOnly_t type);
742 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
743 char *__s_get_shadowupdate_name(enableShadowUpdate_t type);
744 char *__s_get_hostcertpath(void);
745 void __s_api_free_sessionPool();
746 int __s_api_requestServer(const char *request, const char *server,
747 	ns_server_info_t *ret, ns_ldap_error_t **error,  const char *addrType);
748 
749 
750 /* ************ internal sldap-api functions *********** */
751 void	__ns_ldap_freeEntry(ns_ldap_entry_t *ep);
752 void	__s_api_split_key_value(char *buffer, char **name, char **value);
753 int	__s_api_printResult(ns_ldap_result_t *);
754 int	__s_api_getSearchScope(int *, ns_ldap_error_t **);
755 int	__s_api_getDNs(char ***, const char *,
756 	ns_ldap_error_t **);
757 int	__s_api_get_search_DNs_v1(char ***, const char *,
758 	ns_ldap_error_t **);
759 int	__s_api_getConnection(const char *, const int,
760 	const ns_cred_t *, int *,
761 	Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
762 char	**__s_api_cp2dArray(char **);
763 void	__s_api_free2dArray(char **);
764 
765 int	__s_api_isCtrlSupported(Connection *, char *);
766 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
767 ns_auth_t  *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
768 boolean_t __s_api_peruser_proc(void);
769 boolean_t __s_api_nscd_proc(void);
770 char	*dvalue(char *);
771 char	*evalue(char *);
772 ns_ldap_error_t *__s_api_make_error(int, char *);
773 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
774 
775 /* ************ specific 'Standalone' functions ********** */
776 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
777 struct hostent *__s_api_hostname2ip(const char *name,
778 				    struct hostent *result,
779 				    char *buffer,
780 				    int buflen,
781 				    int *h_errnop);
782 void	__s_api_setInitMode();
783 void	__s_api_unsetInitMode();
784 int	__s_api_isStandalone(void);
785 int __s_api_isInitializing();
786 ns_ldap_return_code __s_api_findRootDSE(const char *request,
787 					const char *server,
788 					const char *addrType,
789 					ns_server_info_t *ret,
790 					ns_ldap_error_t	**error);
791 ns_config_t *__s_api_create_config_door_str(char *config,
792 				ns_ldap_error_t **errorp);
793 
794 extern void	get_environment();
795 
796 /* internal Param APIs */
797 int		__ns_ldap_setParamValue(ns_config_t *ptr,
798 			const ParamIndexType type,
799 			const void *data, ns_ldap_error_t **error);
800 int		__s_api_get_type(const char *value, ParamIndexType *type);
801 int		__s_api_get_versiontype(ns_config_t *ptr, char *value,
802 					ParamIndexType *type);
803 int		__s_api_get_profiletype(char *value, ParamIndexType *type);
804 void		__s_api_init_config(ns_config_t *ptr);
805 void		__s_api_init_config_global(ns_config_t *ptr);
806 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
807 					int check_dn);
808 ns_config_t	*__s_api_create_config(void);
809 ns_config_t	*__s_api_get_default_config(void);
810 ns_config_t	*__s_api_get_default_config_global(void);
811 ns_config_t	*__s_api_loadrefresh_config();
812 ns_config_t	*__s_api_loadrefresh_config_global();
813 void		__s_api_destroy_config(ns_config_t *ptr);
814 int		__s_api_get_configtype(ParamIndexType type);
815 const char	*__s_api_get_configname(ParamIndexType type);
816 char		*__s_api_strValue(ns_config_t *ptr, char *str,
817 			int bufsz, ParamIndexType i,
818 			ns_strfmt_t fmt);
819 void		__s_api_release_config(ns_config_t *cfg);
820 
821 /* internal attribute/objectclass mapping api's */
822 int		 __s_api_add_map2hash(ns_config_t *config,
823 				ns_hashtype_t type, ns_mapping_t *map);
824 void		__s_api_destroy_hash(ns_config_t *config);
825 int		__s_api_parse_map(char *cp, char **sid,
826 				char **origA, char ***mapA);
827 char		**__ns_ldap_mapAttributeList(const char *service,
828 				const char * const *origAttrList);
829 
830 /* internal configuration APIs */
831 void		__ns_ldap_setServer(int set);
832 ns_ldap_error_t	*__ns_ldap_LoadConfiguration();
833 ns_ldap_error_t	*__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
834 				ns_config_t *new, int cred_only);
835 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
836 ns_ldap_error_t	*__ns_ldap_DumpLdif(char *filename);
837 int		__ns_ldap_cache_ping();
838 ns_ldap_error_t *__ns_ldap_print_config(int);
839 void		__ns_ldap_default_config();
840 int		__ns_ldap_download(const char *, char *, char *,
841 				ns_ldap_error_t **);
842 int
843 __ns_ldap_check_dns_preq(int foreground,
844 		int mode_verbose,
845 		int mode_quiet,
846 		const char *fname,
847 		ns_ldap_self_gssapi_config_t config,
848 		ns_ldap_error_t **errpp);
849 int
850 __ns_ldap_check_gssapi_preq(int foreground,
851 		int mode_verbose,
852 		int mode_quiet,
853 		ns_ldap_self_gssapi_config_t config,
854 		ns_ldap_error_t **errpp);
855 int
856 __ns_ldap_check_all_preq(int foreground,
857 		int mode_verbose,
858 		int mode_quiet,
859 		ns_ldap_self_gssapi_config_t config,
860 		ns_ldap_error_t **errpp);
861 
862 /* internal un-exposed APIs */
863 ns_cred_t 	*__ns_ldap_dupAuth(const ns_cred_t *authp);
864 boolean_t	__s_api_is_auth_matched(const ns_cred_t *auth1,
865 		    const ns_cred_t *auth2);
866 int		__s_api_get_SSD_from_SSDtoUse_service(const char *service,
867 			ns_ldap_search_desc_t ***SSDlist,
868 			ns_ldap_error_t **errorp);
869 int		__s_api_prepend_automountmapname(const char *service,
870 			ns_ldap_search_desc_t ***SSDlist,
871 			ns_ldap_error_t ** errorp);
872 int		__s_api_prepend_automountmapname_to_dn(const char *service,
873 			char **basedn,
874 			ns_ldap_error_t ** errorp);
875 int		__s_api_convert_automountmapname(const char *service,
876 			char **dn, ns_ldap_error_t ** errorp);
877 int		__s_api_replace_mapped_attr_in_dn(
878 			const char *orig_attr, const char *mapped_attr,
879 			const char *dn, char **new_dn);
880 int		__s_api_append_default_basedn(
881 			const char *dn,
882 			char **new_dn,
883 			int *allocated,
884 			ns_ldap_error_t ** errorp);
885 int		__s_api_removeServer(const char *server);
886 void		__s_api_removeBadServers(char **server);
887 void		__s_api_free_server_info(ns_server_info_t *sinfo);
888 void		__s_api_freeConnection(Connection *con);
889 
890 /* internal referrals APIs */
891 int 		__s_api_toFollowReferrals(const int flags,
892 			int *toFollow,
893 			ns_ldap_error_t **errorp);
894 int 		__s_api_addRefInfo(ns_referral_info_t **head,
895 			char *url, char *baseDN, int *scope,
896 			char *filter, LDAP *ld);
897 void		__s_api_deleteRefInfo(ns_referral_info_t *head);
898 
899 /* callback routine for SSD filters */
900 int		__s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
901 			char **realfilter,
902 			const void *userdata);
903 
904 /* network address verification api */
905 int		__s_api_isipv4(char *addr);
906 int		__s_api_isipv6(char *addr);
907 int		__s_api_ishost(char *addr);
908 
909 /* password management routine */
910 ns_ldap_passwd_status_t
911 		__s_api_set_passwd_status(int errnum, char *errmsg);
912 int		__s_api_contain_passwd_control_oid(char **oids);
913 
914 /* password less account management routine */
915 int		__s_api_contain_account_usable_control_oid(char **oids);
916 
917 /* RFC 2307 section 5.6. Get a canonical name from entry */
918 char		*__s_api_get_canonical_name(ns_ldap_entry_t *entry,
919 			ns_ldap_attr_t *attrptr, int case_ignore);
920 
921 /* self/sasl/gssapi functions */
922 int		__s_api_sasl_bind_callback(
923 			LDAP		*ld,
924 			unsigned	flags,
925 			void		*defaults,
926 			void		*in);
927 
928 int		__s_api_self_gssapi_only_get(void);
929 int		__s_api_sasl_gssapi_init(void);
930 
931 #ifdef __cplusplus
932 }
933 #endif
934 
935 #endif /* _NS_INTERNAL_H */
936