1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 #ifndef _NS_INTERNAL_H 28 #define _NS_INTERNAL_H 29 30 #ifdef __cplusplus 31 extern "C" { 32 #endif 33 34 #include <stdio.h> 35 #include <sys/types.h> 36 #include <sys/time.h> 37 #include <thread.h> 38 #include <lber.h> 39 #include <ldap.h> 40 #include "ns_sldap.h" 41 #include "ns_cache_door.h" 42 43 /* 44 * INTERNALLY USED CONSTANTS 45 */ 46 47 #define MAXERROR 2000 48 #define TRUE 1 49 #define FALSE 0 50 #define NSLDAPDIRECTORY "/var/ldap" 51 #define NSCONFIGFILE "/var/ldap/ldap_client_file" 52 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh" 53 #define NSCREDFILE "/var/ldap/ldap_client_cred" 54 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh" 55 #define ROTORSIZE 256 56 #define MASK 0377 57 #define LDAPMAXHARDLOOKUPTIME 256 58 #define DONOTEDIT \ 59 "Do not edit this file manually; your changes will be lost." \ 60 "Please use ldapclient (1M) instead." 61 #define MAXPORTNUMBER 65535 62 #define MAXPORTNUMBER_STR "65535" 63 #define CREDFILE 0 64 #define CONFIGFILE 1 65 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))" 66 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))" 67 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))" 68 #define UIDFILTER_SSD "(&(%%s)(uid=%s))" 69 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))" 70 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))" 71 72 #define SIMPLEPAGECTRLFLAG 1 73 #define VLVCTRLFLAG 2 74 75 #define LISTPAGESIZE 1000 76 #define ENUMPAGESIZE 100 77 #define SORTKEYLIST "cn uid" 78 79 #define DEFMAX 8 80 #define TOKENSEPARATOR '=' 81 #define QUOTETOK '"' 82 #define SPACETOK ' ' 83 #define COMMATOK ',' 84 #define COLONTOK ':' 85 #define QUESTTOK '?' 86 #define SEMITOK ';' 87 #define TABTOK '\t' 88 #define OPARATOK '(' 89 #define CPARATOK ')' 90 #define BSLTOK '\\' 91 #define DOORLINESEP "\07" 92 #define DOORLINESEP_CHR 0x7 93 #define COMMASEP ", " 94 #define SPACESEP " " 95 #define SEMISEP ";" 96 #define COLONSEP ":" 97 #define COLSPSEP ": " 98 #define EQUALSEP "=" 99 #define EQUSPSEP "= " 100 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P 101 #define BUFSIZE 1024 102 #define DEFAULTCONFIGNAME "__default_config" 103 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */ 104 #define CRYPTMARK "{NS1}" 105 #define DOORBUFFERSIZE 8192 106 107 #define LDIF_FMT_STR "%s: %s" 108 #define FILE_FMT_STR "%s= %s" 109 #define DOOR_FMT_STR "%s=%s" 110 111 #define SESSION_CACHE_INC 8 112 #define CONID_OFFSET 1024 113 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */ 114 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */ 115 116 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ 117 #define RDNSIZE 256 118 119 /* 120 * special service used by ldap_cachemgr to indicate a shadow update 121 * is to be done with the credential of the administrator identity 122 */ 123 #define NS_ADMIN_SHADOW_UPDATE "shadow__admin_update" 124 125 /* Phase 1 profile information */ 126 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile" 127 #define _PROFILE_CONTAINER "profile" 128 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))" 129 130 /* Phase 2 profile information */ 131 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile" 132 133 /* Common to all profiles */ 134 #define _P_CN "cn" 135 136 /* Native LDAP Phase 1 Specific Profile Attributes */ 137 #define _P1_SERVERS "SolarisLDAPServers" 138 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN" 139 #define _P1_CACHETTL "SolarisCacheTTL" 140 #define _P1_BINDDN "SolarisBindDN" 141 #define _P1_BINDPASSWORD "SolarisBindPassword" 142 #define _P1_AUTHMETHOD "SolarisAuthMethod" 143 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity" 144 #define _P1_CERTIFICATEPATH "SolarisCertificatePath" 145 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword" 146 #define _P1_DATASEARCHDN "SolarisDataSearchDN" 147 #define _P1_SEARCHSCOPE "SolarisSearchScope" 148 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit" 149 #define _P1_PREFERREDSERVER "SolarisPreferredServer" 150 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly" 151 #define _P1_SEARCHREFERRAL "SolarisSearchReferral" 152 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit" 153 154 /* Native LDAP Phase 2 Specific Profile Attributes */ 155 #define _P2_PREFERREDSERVER "preferredServerList" 156 #define _P2_DEFAULTSERVER "defaultServerList" 157 #define _P2_SEARCHBASEDN "defaultSearchBase" 158 #define _P2_SEARCHSCOPE "defaultSearchScope" 159 #define _P2_AUTHMETHOD "authenticationMethod" 160 #define _P2_CREDENTIALLEVEL "credentialLevel" 161 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor" 162 #define _P2_SEARCHTIMELIMIT "searchTimeLimit" 163 #define _P2_BINDTIMELIMIT "bindTimeLimit" 164 #define _P2_FOLLOWREFERRALS "followReferrals" 165 #define _P2_PROFILETTL "profileTTL" 166 #define _P2_ATTRIBUTEMAP "attributeMap" 167 #define _P2_OBJECTCLASSMAP "objectClassMap" 168 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel" 169 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod" 170 171 /* Control & SASL information from RootDSE door call */ 172 #define _SASLMECHANISM "supportedSASLmechanisms" 173 #define _SASLMECHANISM_LEN 23 174 #define _SUPPORTEDCONTROL "supportedControl" 175 #define _SUPPORTEDCONTROL_LEN 16 176 177 #define NS_HASH_MAX 257 178 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED=" 179 #define NS_HASH_RC_SUCCESS 1 180 #define NS_HASH_RC_NO_MEMORY -1 181 #define NS_HASH_RC_CONFIG_ERROR -2 182 #define NS_HASH_RC_EXISTED -3 183 #define NS_HASH_RC_SYNTAX_ERROR -4 184 185 /* Password management related error message from iDS ldap server */ 186 #define NS_PWDERR_MAXTRIES \ 187 "Exceed password retry limit." 188 #define NS_PWDERR_EXPIRED \ 189 "password expired!" 190 #define NS_PWDERR_ACCT_INACTIVATED \ 191 "Account inactivated. Contact system administrator." 192 #define NS_PWDERR_CHANGE_NOT_ALLOW \ 193 "user is not allowed to change password" 194 #define NS_PWDERR_INVALID_SYNTAX \ 195 "invalid password syntax" 196 #define NS_PWDERR_TRIVIAL_PASSWD \ 197 "Password failed triviality check" 198 #define NS_PWDERR_IN_HISTORY \ 199 "password in history" 200 #define NS_PWDERR_WITHIN_MIN_AGE \ 201 "within password minimum age" 202 203 /* 204 * INTERNALLY USED MACROS 205 */ 206 207 void __s_api_debug_pause(int priority, int st, const char *mesg); 208 209 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str)) 210 211 /* 212 * MKERROR: builds the error structure and fills in the status and 213 * the message. The message must be a freeable (non-static) string. 214 * If it fails to allocate memory for the error structure, 215 * it will return the retErr. 216 */ 217 #define MKERROR(priority, err, st, mesg, retErr) \ 218 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 219 return (retErr); \ 220 (err)->message = mesg; \ 221 (err)->status = (st); \ 222 __s_api_debug_pause(priority, st, (err)->message); 223 224 /* 225 * MKERROR_PWD_MGMT is almost the same as MKERROR 226 * except that it takes two more inputs to fill in the 227 * password management information part of the 228 * ns_ldap_error structure pointed to by err, 229 * and it does not log a syslog message. 230 */ 231 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \ 232 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 233 return (retErr); \ 234 (err)->message = mesg; \ 235 (err)->status = (st); \ 236 (err)->pwd_mgmt.status = (pwd_status); \ 237 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp); 238 239 #ifdef DEBUG 240 #define NSLDAPTRACE(variable, setequal, message) \ 241 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \ 242 char buf[BUFSIZ]; \ 243 (void) snprintf(buf, BUFSIZ, message); \ 244 (void) write(__ldap_debug_file, buf); \ 245 } 246 #endif 247 248 /* 249 * INTERNAL DATA STRUCTURES 250 */ 251 252 /* 253 * configuration entry type 254 */ 255 256 typedef enum { 257 SERVERCONFIG = 1, 258 CLIENTCONFIG = 2, 259 CREDCONFIG = 3 260 } ns_conftype_t; 261 262 /* 263 * datatype of a config entry 264 */ 265 266 typedef enum { 267 NS_UNKNOWN = 0, 268 CHARPTR = 1, /* Single character pointer */ 269 ARRAYCP = 2, /* comma sep array of char pointers */ 270 ARRAYAUTH = 3, /* Array of auths */ 271 TIMET = 4, /* time relative value (TTL) */ 272 INT = 5, /* single integer */ 273 SSDLIST = 6, /* service search descriptor */ 274 ATTRMAP = 7, /* attribute mapping */ 275 OBJMAP = 8, /* objectclass mapping */ 276 SERVLIST = 9, /* serverlist (SP sep array) */ 277 ARRAYCRED = 10, /* Array of credentialLevels */ 278 SAMLIST = 11, /* serviceAuthenticationMethod */ 279 SCLLIST = 12 /* serviceCredentialLevel */ 280 } ns_datatype_t; 281 282 typedef enum { 283 NS_SUCCESS, 284 NS_NOTFOUND, 285 NS_PARSE_ERR 286 } ns_parse_status; 287 288 typedef enum { 289 NS_DOOR_FMT = 1, 290 NS_LDIF_FMT = 2, 291 NS_FILE_FMT = 3 292 } ns_strfmt_t; 293 294 /* 295 * This enum reduces the number of version string compares 296 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2 297 */ 298 299 typedef enum { 300 NS_LDAP_V1 = 1000, 301 NS_LDAP_V2 = 2000 302 } ns_version_t; 303 304 /* 305 * enum<->string mapping construct 306 */ 307 308 typedef struct ns_enum_map { 309 int value; 310 char *name; 311 } ns_enum_map; 312 313 #define ENUM2INT(x) ((int)(x)) 314 315 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x)) 316 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x)) 317 #define INT2SCOPEENUM(x) ((ScopeType_t)(x)) 318 #define INT2AUTHENUM(x) ((AuthType_t)(x)) 319 #define INT2SECENUM(x) ((TlsType_t)(x)) 320 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x)) 321 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x)) 322 #define INT2SHADOWUPDATENUM(x) ((enableShadowUpdate_t)(x)) 323 324 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x)) 325 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x)) 326 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x)) 327 328 /* 329 * This structure maps service name to rdn components 330 * for use in __ns_getDNs. It also defines the SSD-to-use 331 * service for use in __s_api_get_SSDtoUse_service. 332 * The idea of an SSD-to-use service is to reduce the configuration 333 * complexity. For a service, which does not have its own entries in 334 * the LDAP directory, SSD for it is useless, and should not be set. 335 * But since this service must share the container with at least 336 * one other service which does have it own entries, the SSD for 337 * this other service will be shared by this service. 338 * This other service is called the SSD-to-use service. 339 * 340 */ 341 342 typedef struct ns_service_map { 343 char *service; 344 char *rdn; 345 char *SSDtoUse_service; 346 } ns_service_map; 347 348 /* 349 * This structure contains a single mapping from: 350 * service:orig -> list of mapped 351 */ 352 353 typedef enum { 354 NS_ATTR_MAP, 355 NS_OBJ_MAP 356 } ns_maptype_t; 357 358 typedef struct ns_mapping { 359 ns_maptype_t type; 360 char *service; 361 char *orig; 362 char **map; 363 } ns_mapping_t; 364 365 /* 366 * The following is the list of internal libsldap configuration data 367 * structures. The configuration is populated normally once per 368 * application. The assumption is that in applications can be 369 * relatively short lived (IE ls via nsswitch) so it is important to 370 * keep configuration to a minimum, but keep lookups fast. 371 * 372 * Assumptions: 373 * 1 configuration entry per domain, and almost always 1 domain 374 * per app. Hooks exist for multiple domains per app. 375 * 376 * Configurations are read in from client file cache or from LDAP. 377 * Attribute/objectclass mappings are hashed to improve lookup 378 * speed. 379 */ 380 381 /* 382 * Hash entry types 383 */ 384 typedef enum _ns_hashtype_t { 385 NS_HASH_AMAP = 1, /* attr map */ 386 NS_HASH_RAMAP = 2, /* reverse attr map */ 387 NS_HASH_OMAP = 3, /* oc map */ 388 NS_HASH_ROMAP = 4, /* reverse oc map */ 389 NS_HASH_VOID = 5 390 } ns_hashtype_t; 391 392 typedef struct ns_hash { 393 ns_hashtype_t h_type; 394 ns_mapping_t *h_map; 395 struct ns_hash *h_next; 396 struct ns_hash *h_llnext; 397 } ns_hash_t; 398 399 /* 400 * This structure defines the format of an internal configuration 401 * parameter for ns_ldap client. 402 */ 403 404 typedef struct ns_param { 405 ns_datatype_t ns_ptype; 406 int ns_acnt; 407 union { 408 char **ppc; 409 int *pi; 410 char *pc; 411 int i; 412 time_t tm; 413 } ns_pu; 414 } ns_param_t; 415 416 #define ns_ppc ns_pu.ppc 417 #define ns_pi ns_pu.pi 418 #define ns_pc ns_pu.pc 419 #define ns_i ns_pu.i 420 #define ns_tm ns_pu.tm 421 422 /* 423 * This structure defines an instance of a configuration structure. 424 * paramList contains the current ns_ldap parameter configuration 425 * and hashTbl contain the current attribute/objectclass mappings. 426 * Parameters are indexed by using the value assigned to the parameter 427 * in ParamIndexType. 428 */ 429 430 typedef struct ns_config { 431 char *domainName; 432 ns_version_t version; 433 ns_param_t paramList[NS_LDAP_MAX_PIT_P]; 434 ns_hash_t *hashTbl[NS_HASH_MAX]; 435 ns_hash_t *llHead; 436 ns_ldap_entry_t *RootDSE; 437 boolean_t delete; 438 mutex_t config_mutex; 439 int nUse; 440 ldap_get_chg_cookie_t config_cookie; 441 } ns_config_t; 442 443 /* 444 * This structure defines the mapping of the NSCONFIGFILE file 445 * statements into their corresponding SolarisNamingProfile, 446 * Posix Mapping LDAP attributes, and to their corresponding 447 * ParamIndexType enum mapping. THe ParamIndexType enum 448 * definitions can be found in ns_ldap.h. This structure also 449 * defines the default values that are used when a value either 450 * does not exist or is undefined. 451 */ 452 453 typedef struct ns_default_config { 454 const char *name; /* config file parameter name */ 455 ParamIndexType index; /* config file enum index */ 456 ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */ 457 ns_datatype_t data_type; /* ppc,pi,pc,int etc... */ 458 int single_valued; /* TRUE OR FALSE */ 459 ns_version_t version; /* Version # for attribute */ 460 const char *profile_name; /* profile schema attribute name */ 461 ns_param_t defval; /* config file parameter default */ 462 int (*ns_verify)(ParamIndexType i, 463 struct ns_default_config *def, 464 ns_param_t *param, 465 char *errbuf); 466 ns_enum_map *allowed; /* allowed values */ 467 } ns_default_config; 468 469 470 /* 471 * This typedef enumerates all the supported authentication 472 * mechanisms currently supported in this library 473 */ 474 475 typedef enum EnumAuthType { 476 NS_LDAP_EA_NONE = 0, 477 NS_LDAP_EA_SIMPLE = 1, 478 NS_LDAP_EA_SASL_NONE = 2, 479 NS_LDAP_EA_SASL_CRAM_MD5 = 3, 480 NS_LDAP_EA_SASL_DIGEST_MD5 = 4, 481 NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5, 482 NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6, 483 NS_LDAP_EA_SASL_EXTERNAL = 7, 484 NS_LDAP_EA_SASL_GSSAPI = 8, 485 NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */ 486 NS_LDAP_EA_TLS_NONE = 10, 487 NS_LDAP_EA_TLS_SIMPLE = 11, 488 NS_LDAP_EA_TLS_SASL_NONE = 12, 489 NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13, 490 NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14, 491 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15, 492 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16, 493 NS_LDAP_EA_TLS_SASL_EXTERNAL = 17, 494 NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */ 495 NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */ 496 } EnumAuthType_t; 497 498 499 /* 500 * this enum lists the various states of the search state machine 501 */ 502 503 typedef enum { 504 INIT = 1, 505 EXIT = 2, 506 NEXT_SEARCH_DESCRIPTOR = 3, 507 GET_SESSION = 4, 508 NEXT_SESSION = 5, 509 RESTART_SESSION = 6, 510 NEXT_SEARCH = 7, 511 NEXT_VLV = 8, 512 NEXT_PAGE = 9, 513 ONE_SEARCH = 10, 514 DO_SEARCH = 11, 515 NEXT_RESULT = 12, 516 MULTI_RESULT = 13, 517 PROCESS_RESULT = 14, 518 END_PROCESS_RESULT = 15, 519 END_RESULT = 16, 520 NEXT_REFERRAL = 17, 521 GET_REFERRAL_SESSION = 18, 522 ERROR = 19, 523 LDAP_ERROR = 20, 524 GET_ACCT_MGMT_INFO = 21, 525 CLEAR_RESULTS = 22, 526 REINIT = 23 527 } ns_state_t; 528 529 /* 530 * this enum lists the various states of the write state machine 531 */ 532 typedef enum { 533 W_INIT = 1, 534 W_EXIT = 2, 535 GET_CONNECTION = 3, 536 SELECT_OPERATION_SYNC = 4, 537 SELECT_OPERATION_ASYNC = 5, 538 DO_ADD_SYNC = 6, 539 DO_DELETE_SYNC = 7, 540 DO_MODIFY_SYNC = 8, 541 DO_ADD_ASYNC = 9, 542 DO_DELETE_ASYNC = 10, 543 DO_MODIFY_ASYNC = 11, 544 GET_RESULT_SYNC = 12, 545 GET_RESULT_ASYNC = 13, 546 PARSE_RESULT = 14, 547 GET_REFERRAL_CONNECTION = 15, 548 W_LDAP_ERROR = 16, 549 W_ERROR = 17 550 } ns_write_state_t; 551 552 553 typedef int ConnectionID; 554 555 /* 556 * This structure is used by ns_connect to create and manage 557 * one or more ldap connections within the library. 558 */ 559 typedef struct connection { 560 ConnectionID connectionId; 561 boolean_t usedBit; /* true if only used by */ 562 /* one thread and not shared */ 563 /* by other threads */ 564 pid_t pid; /* process id */ 565 char *serverAddr; 566 ns_cred_t *auth; 567 LDAP *ld; 568 thread_t threadID; /* thread ID using it */ 569 struct ns_ldap_cookie *cookieInfo; 570 char **controls; /* from server_info */ 571 char **saslMechanisms; /* from server_info */ 572 } Connection; 573 574 #define ONE_STEP 1 575 576 /* 577 * This structure is for referrals processing. 578 * The data are from referral URLs returned by 579 * LDAP servers 580 */ 581 typedef struct ns_referral_info { 582 struct ns_referral_info *next; 583 char *refHost; 584 int refScope; 585 char *refDN; 586 char *refFilter; 587 } ns_referral_info_t; 588 589 struct ns_ldap_cookie; 590 591 /* 592 * Batch used by __ns_ldap_list_batch_xxx API 593 */ 594 struct ns_ldap_list_batch { 595 uint32_t nactive; 596 struct ns_ldap_cookie *next_cookie; 597 struct ns_ldap_cookie *cookie_list; 598 }; 599 600 struct ns_conn_user; 601 typedef struct ns_conn_user ns_conn_user_t; 602 603 /* 604 * This structure used internally in searches 605 */ 606 607 typedef struct ns_ldap_cookie { 608 /* INPUTS */ 609 /* server list position */ 610 611 /* service search descriptor list & position */ 612 ns_ldap_search_desc_t **sdlist; 613 ns_ldap_search_desc_t **sdpos; 614 615 /* search filter callback */ 616 int use_filtercb; 617 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 618 char **realfilter, const void *userdata); 619 620 /* user callback */ 621 int use_usercb; 622 int (*callback)(const ns_ldap_entry_t *entry, 623 const void *userdata); 624 const void *userdata; 625 626 int followRef; 627 int use_paging; 628 char *service; 629 char *i_filter; 630 const char * const *i_attr; 631 const ns_cred_t *i_auth; 632 int i_flags; 633 634 /* OUTPUTS */ 635 ns_ldap_result_t *result; 636 ns_ldap_entry_t *nextEntry; 637 /* Error data */ 638 int err_rc; 639 ns_ldap_error_t *errorp; 640 641 /* PRIVATE */ 642 ns_state_t state; 643 ns_state_t new_state; 644 ns_state_t next_state; 645 646 Connection *conn; 647 #define conn_auth_type conn->auth->auth.type 648 ConnectionID connectionId; 649 650 /* paging VLV/SIMPLEPAGE data */ 651 int listType; 652 unsigned long index; 653 LDAPControl **p_serverctrls; 654 655 int scope; 656 char *basedn; 657 char *filter; 658 char **attribute; 659 660 /* RESULT PROCESSING */ 661 int msgId; 662 LDAPMessage *resultMsg; 663 664 char **dns; 665 char *currentdn; 666 int flag; 667 struct berval *ctrlCookie; 668 669 /* REFERRALS PROCESSING */ 670 /* referralinfo list & position */ 671 ns_referral_info_t *reflist; 672 ns_referral_info_t *refpos; 673 /* search timeout value */ 674 struct timeval search_timeout; 675 /* response control to hold account management information */ 676 LDAPControl **resultctrl; 677 /* Flag to indicate password less account management is required */ 678 int nopasswd_acct_mgmt; 679 int err_from_result; 680 ns_conn_user_t *conn_user; 681 682 /* BATCH PROCESSING */ 683 ns_ldap_list_batch_t *batch; 684 boolean_t no_wait; 685 boolean_t reinit_on_retriable_err; 686 int retries; 687 ns_ldap_result_t **caller_result; 688 ns_ldap_error_t **caller_errorp; 689 int *caller_rc; 690 struct ns_ldap_cookie *next_cookie_in_batch; 691 } ns_ldap_cookie_t; 692 693 /* 694 * This structure is part of the return value information for 695 * __s_api_requestServer. The routine that requests a new server 696 * from the cache manager 697 */ 698 typedef struct ns_server_info { 699 char *server; 700 char *serverFQDN; 701 char **controls; 702 char **saslMechanisms; 703 } ns_server_info_t; 704 705 /* 706 * sasl callback function parameters 707 */ 708 typedef struct ns_sasl_cb_param { 709 char *mech; 710 char *authid; 711 char *authzid; 712 char *passwd; 713 char *realm; 714 } ns_sasl_cb_param_t; 715 716 /* self/sasl/gssapi variable */ 717 extern int sasl_gssapi_inited; 718 719 /* Multiple threads per connection variable */ 720 extern int MTperConn; 721 722 /* 723 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS 724 */ 725 726 #ifdef DEBUG 727 extern int __ldap_debug_file; 728 extern int __ldap_debug_api; 729 extern int __ldap_debug_ldap; 730 extern int __ldap_debug_servers; 731 #endif 732 733 /* internal connection APIs */ 734 void DropConnection(ConnectionID, int); 735 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error); 736 737 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i); 738 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type); 739 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type); 740 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type); 741 char *__s_get_pref_name(PrefOnly_t type); 742 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type); 743 char *__s_get_shadowupdate_name(enableShadowUpdate_t type); 744 char *__s_get_hostcertpath(void); 745 void __s_api_free_sessionPool(); 746 int __s_api_requestServer(const char *request, const char *server, 747 ns_server_info_t *ret, ns_ldap_error_t **error, const char *addrType); 748 749 750 /* ************ internal sldap-api functions *********** */ 751 void __ns_ldap_freeEntry(ns_ldap_entry_t *ep); 752 void __s_api_split_key_value(char *buffer, char **name, char **value); 753 int __s_api_printResult(ns_ldap_result_t *); 754 int __s_api_getSearchScope(int *, ns_ldap_error_t **); 755 int __s_api_getDNs(char ***, const char *, 756 ns_ldap_error_t **); 757 int __s_api_get_search_DNs_v1(char ***, const char *, 758 ns_ldap_error_t **); 759 int __s_api_getConnection(const char *, const int, 760 const ns_cred_t *, int *, 761 Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *); 762 char **__s_api_cp2dArray(char **); 763 void __s_api_free2dArray(char **); 764 765 int __s_api_isCtrlSupported(Connection *, char *); 766 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result); 767 ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i); 768 boolean_t __s_api_peruser_proc(void); 769 boolean_t __s_api_nscd_proc(void); 770 char *dvalue(char *); 771 char *evalue(char *); 772 ns_ldap_error_t *__s_api_make_error(int, char *); 773 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *); 774 775 /* ************ specific 'Standalone' functions ********** */ 776 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname); 777 struct hostent *__s_api_hostname2ip(const char *name, 778 struct hostent *result, 779 char *buffer, 780 int buflen, 781 int *h_errnop); 782 void __s_api_setInitMode(); 783 void __s_api_unsetInitMode(); 784 int __s_api_isStandalone(void); 785 int __s_api_isInitializing(); 786 ns_ldap_return_code __s_api_findRootDSE(const char *request, 787 const char *server, 788 const char *addrType, 789 ns_server_info_t *ret, 790 ns_ldap_error_t **error); 791 ns_config_t *__s_api_create_config_door_str(char *config, 792 ns_ldap_error_t **errorp); 793 794 extern void get_environment(); 795 796 /* internal Param APIs */ 797 int __ns_ldap_setParamValue(ns_config_t *ptr, 798 const ParamIndexType type, 799 const void *data, ns_ldap_error_t **error); 800 int __s_api_get_type(const char *value, ParamIndexType *type); 801 int __s_api_get_versiontype(ns_config_t *ptr, char *value, 802 ParamIndexType *type); 803 int __s_api_get_profiletype(char *value, ParamIndexType *type); 804 void __s_api_init_config(ns_config_t *ptr); 805 void __s_api_init_config_global(ns_config_t *ptr); 806 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr, 807 int check_dn); 808 ns_config_t *__s_api_create_config(void); 809 ns_config_t *__s_api_get_default_config(void); 810 ns_config_t *__s_api_get_default_config_global(void); 811 ns_config_t *__s_api_loadrefresh_config(); 812 ns_config_t *__s_api_loadrefresh_config_global(); 813 void __s_api_destroy_config(ns_config_t *ptr); 814 int __s_api_get_configtype(ParamIndexType type); 815 const char *__s_api_get_configname(ParamIndexType type); 816 char *__s_api_strValue(ns_config_t *ptr, char *str, 817 int bufsz, ParamIndexType i, 818 ns_strfmt_t fmt); 819 void __s_api_release_config(ns_config_t *cfg); 820 821 /* internal attribute/objectclass mapping api's */ 822 int __s_api_add_map2hash(ns_config_t *config, 823 ns_hashtype_t type, ns_mapping_t *map); 824 void __s_api_destroy_hash(ns_config_t *config); 825 int __s_api_parse_map(char *cp, char **sid, 826 char **origA, char ***mapA); 827 char **__ns_ldap_mapAttributeList(const char *service, 828 const char * const *origAttrList); 829 830 /* internal configuration APIs */ 831 void __ns_ldap_setServer(int set); 832 ns_ldap_error_t *__ns_ldap_LoadConfiguration(); 833 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname, 834 ns_config_t *new); 835 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename); 836 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename); 837 int __ns_ldap_cache_ping(); 838 ns_ldap_error_t *__ns_ldap_print_config(int); 839 void __ns_ldap_default_config(); 840 int __ns_ldap_download(const char *, char *, char *, 841 ns_ldap_error_t **); 842 int 843 __ns_ldap_check_dns_preq(int foreground, 844 int mode_verbose, 845 int mode_quiet, 846 const char *fname, 847 ns_ldap_self_gssapi_config_t config, 848 ns_ldap_error_t **errpp); 849 int 850 __ns_ldap_check_gssapi_preq(int foreground, 851 int mode_verbose, 852 int mode_quiet, 853 ns_ldap_self_gssapi_config_t config, 854 ns_ldap_error_t **errpp); 855 int 856 __ns_ldap_check_all_preq(int foreground, 857 int mode_verbose, 858 int mode_quiet, 859 ns_ldap_self_gssapi_config_t config, 860 ns_ldap_error_t **errpp); 861 862 /* internal un-exposed APIs */ 863 ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp); 864 boolean_t __s_api_is_auth_matched(const ns_cred_t *auth1, 865 const ns_cred_t *auth2); 866 int __s_api_get_SSD_from_SSDtoUse_service(const char *service, 867 ns_ldap_search_desc_t ***SSDlist, 868 ns_ldap_error_t **errorp); 869 int __s_api_prepend_automountmapname(const char *service, 870 ns_ldap_search_desc_t ***SSDlist, 871 ns_ldap_error_t ** errorp); 872 int __s_api_prepend_automountmapname_to_dn(const char *service, 873 char **basedn, 874 ns_ldap_error_t ** errorp); 875 int __s_api_convert_automountmapname(const char *service, 876 char **dn, ns_ldap_error_t ** errorp); 877 int __s_api_replace_mapped_attr_in_dn( 878 const char *orig_attr, const char *mapped_attr, 879 const char *dn, char **new_dn); 880 int __s_api_append_default_basedn( 881 const char *dn, 882 char **new_dn, 883 int *allocated, 884 ns_ldap_error_t ** errorp); 885 int __s_api_removeServer(const char *server); 886 void __s_api_removeBadServers(char **server); 887 void __s_api_free_server_info(ns_server_info_t *sinfo); 888 void __s_api_freeConnection(Connection *con); 889 890 /* internal referrals APIs */ 891 int __s_api_toFollowReferrals(const int flags, 892 int *toFollow, 893 ns_ldap_error_t **errorp); 894 int __s_api_addRefInfo(ns_referral_info_t **head, 895 char *url, char *baseDN, int *scope, 896 char *filter, LDAP *ld); 897 void __s_api_deleteRefInfo(ns_referral_info_t *head); 898 899 /* callback routine for SSD filters */ 900 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc, 901 char **realfilter, 902 const void *userdata); 903 904 /* network address verification api */ 905 int __s_api_isipv4(char *addr); 906 int __s_api_isipv6(char *addr); 907 int __s_api_ishost(char *addr); 908 909 /* password management routine */ 910 ns_ldap_passwd_status_t 911 __s_api_set_passwd_status(int errnum, char *errmsg); 912 int __s_api_contain_passwd_control_oid(char **oids); 913 914 /* password less account management routine */ 915 int __s_api_contain_account_usable_control_oid(char **oids); 916 917 /* RFC 2307 section 5.6. Get a canonical name from entry */ 918 char *__s_api_get_canonical_name(ns_ldap_entry_t *entry, 919 ns_ldap_attr_t *attrptr, int case_ignore); 920 921 /* self/sasl/gssapi functions */ 922 int __s_api_sasl_bind_callback( 923 LDAP *ld, 924 unsigned flags, 925 void *defaults, 926 void *in); 927 928 int __s_api_self_gssapi_only_get(void); 929 int __s_api_sasl_gssapi_init(void); 930 931 #ifdef __cplusplus 932 } 933 #endif 934 935 #endif /* _NS_INTERNAL_H */ 936