xref: /illumos-gate/usr/src/lib/libsldap/common/ns_internal.h (revision fe54a78e1aacf39261ad56e9903bce02e3fb6d21)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #ifndef	_NS_INTERNAL_H
28 #define	_NS_INTERNAL_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <stdio.h>
37 #include <sys/types.h>
38 #include <sys/time.h>
39 #include <thread.h>
40 #include <lber.h>
41 #include <ldap.h>
42 #include "ns_sldap.h"
43 #include "ns_cache_door.h"
44 
45 /*
46  * INTERNALLY USED CONSTANTS
47  */
48 
49 #define	MAXERROR		2000
50 #define	TRUE			1
51 #define	FALSE			0
52 #define	NSLDAPDIRECTORY		"/var/ldap"
53 #define	NSCONFIGFILE		"/var/ldap/ldap_client_file"
54 #define	NSCONFIGREFRESH		"/var/ldap/ldap_client_file.refresh"
55 #define	NSCREDFILE		"/var/ldap/ldap_client_cred"
56 #define	NSCREDREFRESH		"/var/ldap/ldap_client_cred.refresh"
57 #define	ROTORSIZE		256
58 #define	MASK			0377
59 #define	LDAPMAXHARDLOOKUPTIME	256
60 #define	DONOTEDIT		\
61 	"Do not edit this file manually; your changes will be lost." \
62 	"Please use ldapclient (1M) instead."
63 #define	MAXPORTNUMBER		65535
64 #define	MAXPORTNUMBER_STR	"65535"
65 #define	CREDFILE		0
66 #define	CONFIGFILE		1
67 #define	UIDNUMFILTER		"(&(objectclass=posixAccount)(uidnumber=%s))"
68 #define	UIDNUMFILTER_SSD 	"(&(%%s)(uidnumber=%s))"
69 #define	UIDFILTER		"(&(objectclass=posixAccount)(uid=%s))"
70 #define	UIDFILTER_SSD		"(&(%%s)(uid=%s))"
71 #define	HOSTFILTER		"(&(objectclass=ipHost)(cn=%s))"
72 #define	HOSTFILTER_SSD		"(&(%%s)(cn=%s))"
73 
74 #define	SIMPLEPAGECTRLFLAG	1
75 #define	VLVCTRLFLAG		2
76 
77 #define	LISTPAGESIZE		1000
78 #define	ENUMPAGESIZE		100
79 #define	SORTKEYLIST		"cn uid"
80 
81 #define	DEFMAX			8
82 #define	TOKENSEPARATOR		'='
83 #define	QUOTETOK		'"'
84 #define	SPACETOK		' '
85 #define	COMMATOK		','
86 #define	COLONTOK		':'
87 #define	QUESTTOK		'?'
88 #define	SEMITOK			';'
89 #define	TABTOK			'\t'
90 #define	OPARATOK		'('
91 #define	CPARATOK		')'
92 #define	BSLTOK			'\\'
93 #define	DOORLINESEP		"\07"
94 #define	DOORLINESEP_CHR		0x7
95 #define	COMMASEP		", "
96 #define	SPACESEP		" "
97 #define	SEMISEP			";"
98 #define	COLONSEP		":"
99 #define	COLSPSEP		": "
100 #define	EQUALSEP		"="
101 #define	EQUSPSEP		"= "
102 #define	LAST_VALUE		(int)NS_LDAP_HOST_CERTPATH_P
103 #define	BUFSIZE			1024
104 #define	DEFAULTCONFIGNAME	"__default_config"
105 #define	EXP_DEFAULT_TTL		"43200"	/* 12 hours TTL */
106 #define	CRYPTMARK		"{NS1}"
107 #define	DOORBUFFERSIZE		8192
108 
109 #define	LDIF_FMT_STR		"%s: %s"
110 #define	FILE_FMT_STR		"%s= %s"
111 #define	DOOR_FMT_STR		"%s=%s"
112 
113 #define	SESSION_CACHE_INC	8
114 #define	CONID_OFFSET		1024
115 #define	NS_DEFAULT_BIND_TIMEOUT		30 /* timeout value in seconds */
116 #define	NS_DEFAULT_SEARCH_TIMEOUT	30 /* timeout value in seconds */
117 
118 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
119 #define	RDNSIZE			256
120 
121 
122 /* Phase 1 profile information */
123 #define	_PROFILE1_OBJECTCLASS	"SolarisNamingProfile"
124 #define	_PROFILE_CONTAINER	"profile"
125 #define	_PROFILE_FILTER		"(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
126 
127 /* Phase 2 profile information */
128 #define	_PROFILE2_OBJECTCLASS		"DUAConfigProfile"
129 
130 /* Common to all profiles */
131 #define	_P_CN			"cn"
132 
133 /* Native LDAP Phase 1 Specific Profile Attributes */
134 #define	_P1_SERVERS			"SolarisLDAPServers"
135 #define	_P1_SEARCHBASEDN		"SolarisSearchBaseDN"
136 #define	_P1_CACHETTL			"SolarisCacheTTL"
137 #define	_P1_BINDDN			"SolarisBindDN"
138 #define	_P1_BINDPASSWORD		"SolarisBindPassword"
139 #define	_P1_AUTHMETHOD			"SolarisAuthMethod"
140 #define	_P1_TRANSPORTSECURITY		"SolarisTransportSecurity"
141 #define	_P1_CERTIFICATEPATH		"SolarisCertificatePath"
142 #define	_P1_CERTIFICATEPASSWORD		"SolarisCertificatePassword"
143 #define	_P1_DATASEARCHDN		"SolarisDataSearchDN"
144 #define	_P1_SEARCHSCOPE			"SolarisSearchScope"
145 #define	_P1_SEARCHTIMELIMIT		"SolarisSearchTimeLimit"
146 #define	_P1_PREFERREDSERVER		"SolarisPreferredServer"
147 #define	_P1_PREFERREDSERVERONLY		"SolarisPreferredServerOnly"
148 #define	_P1_SEARCHREFERRAL		"SolarisSearchReferral"
149 #define	_P1_BINDTIMELIMIT		"SolarisBindTimeLimit"
150 
151 /* Native LDAP Phase 2 Specific Profile Attributes */
152 #define	_P2_PREFERREDSERVER		"preferredServerList"
153 #define	_P2_DEFAULTSERVER		"defaultServerList"
154 #define	_P2_SEARCHBASEDN		"defaultSearchBase"
155 #define	_P2_SEARCHSCOPE			"defaultSearchScope"
156 #define	_P2_AUTHMETHOD			"authenticationMethod"
157 #define	_P2_CREDENTIALLEVEL		"credentialLevel"
158 #define	_P2_SERVICESEARCHDESC		"serviceSearchDescriptor"
159 #define	_P2_SEARCHTIMELIMIT		"searchTimeLimit"
160 #define	_P2_BINDTIMELIMIT		"bindTimeLimit"
161 #define	_P2_FOLLOWREFERRALS		"followReferrals"
162 #define	_P2_PROFILETTL			"profileTTL"
163 #define	_P2_ATTRIBUTEMAP		"attributeMap"
164 #define	_P2_OBJECTCLASSMAP		"objectClassMap"
165 #define	_P2_SERVICECREDLEVEL		"serviceCredentialLevel"
166 #define	_P2_SERVICEAUTHMETHOD		"serviceAuthenticationMethod"
167 
168 /* Control & SASL information from RootDSE door call */
169 #define	_SASLMECHANISM			"supportedSASLmechanisms"
170 #define	_SASLMECHANISM_LEN		23
171 #define	_SUPPORTEDCONTROL		"supportedControl"
172 #define	_SUPPORTEDCONTROL_LEN		16
173 
174 #define	NS_HASH_MAX	257
175 #define	NS_HASH_SCHEMA_MAPPING_EXISTED	"=MAPPING EXISTED="
176 #define	NS_HASH_RC_SUCCESS		1
177 #define	NS_HASH_RC_NO_MEMORY		-1
178 #define	NS_HASH_RC_CONFIG_ERROR		-2
179 #define	NS_HASH_RC_EXISTED		-3
180 #define	NS_HASH_RC_SYNTAX_ERROR		-4
181 
182 /* Password management related error message from iDS ldap server */
183 #define	NS_PWDERR_MAXTRIES		\
184 	"Exceed password retry limit."
185 #define	NS_PWDERR_EXPIRED		\
186 	"password expired!"
187 #define	NS_PWDERR_ACCT_INACTIVATED	\
188 	"Account inactivated. Contact system administrator."
189 #define	NS_PWDERR_CHANGE_NOT_ALLOW	\
190 	"user is not allowed to change password"
191 #define	NS_PWDERR_INVALID_SYNTAX	\
192 	"invalid password syntax"
193 #define	NS_PWDERR_TRIVIAL_PASSWD	\
194 	"Password failed triviality check"
195 #define	NS_PWDERR_IN_HISTORY	\
196 	"password in history"
197 #define	NS_PWDERR_WITHIN_MIN_AGE	\
198 	"within password minimum age"
199 
200 /*
201  * INTERNALLY USED MACROS
202  */
203 
204 void	__s_api_debug_pause(int priority, int st, const char *mesg);
205 
206 #define	NULL_OR_STR(str)	(!(str) || *(str) == '\0' ? "<NULL>" : (str))
207 
208 /*
209  * MKERROR: builds the error structure and fills in the status and
210  * the message.  The message must be a freeable (non-static) string.
211  * If it fails to allocate memory for the error structure,
212  * it will return the retErr.
213  */
214 #define	MKERROR(priority, err, st, mesg, retErr) \
215 	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
216 		return (retErr); \
217 	(err)->message = mesg; \
218 	(err)->status = (st); \
219 	__s_api_debug_pause(priority, st, (err)->message);
220 
221 /*
222  * MKERROR_PWD_MGMT is almost the same as MKERROR
223  * except that it takes two more inputs to fill in the
224  * password management information part of the
225  * ns_ldap_error structure pointed to by err,
226  * and it does not log a syslog message.
227  */
228 #define	MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
229 	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
230 		return (retErr); \
231 	(err)->message = mesg; \
232 	(err)->status = (st); \
233 	(err)->pwd_mgmt.status = (pwd_status); \
234 	(err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
235 
236 #ifdef DEBUG
237 #define	NSLDAPTRACE(variable, setequal, message) \
238 	if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
239 		char buf[BUFSIZ]; \
240 		(void) snprintf(buf, BUFSIZ, message); \
241 		(void) write(__ldap_debug_file, buf); \
242 	}
243 #endif
244 
245 /*
246  * INTERNAL DATA STRUCTURES
247  */
248 
249 /*
250  * configuration entry type
251  */
252 
253 typedef enum {
254 	SERVERCONFIG	= 1,
255 	CLIENTCONFIG	= 2,
256 	CREDCONFIG	= 3
257 } ns_conftype_t;
258 
259 /*
260  * datatype of a config entry
261  */
262 
263 typedef enum {
264 	NS_UNKNOWN	= 0,
265 	CHARPTR		= 1,		/* Single character pointer */
266 	ARRAYCP		= 2,		/* comma sep array of char pointers */
267 	ARRAYAUTH	= 3,		/* Array of auths */
268 	TIMET		= 4,		/* time relative value (TTL) */
269 	INT		= 5,		/* single integer */
270 	SSDLIST		= 6,		/* service search descriptor */
271 	ATTRMAP		= 7,		/* attribute mapping */
272 	OBJMAP		= 8,		/* objectclass mapping */
273 	SERVLIST	= 9,		/* serverlist (SP sep array) */
274 	ARRAYCRED	= 10,		/* Array of credentialLevels */
275 	SAMLIST		= 11,		/* serviceAuthenticationMethod */
276 	SCLLIST		= 12		/* serviceCredentialLevel */
277 } ns_datatype_t;
278 
279 typedef enum {
280 	NS_SUCCESS,
281 	NS_NOTFOUND,
282 	NS_PARSE_ERR
283 } ns_parse_status;
284 
285 typedef enum {
286 	NS_DOOR_FMT	= 1,
287 	NS_LDIF_FMT	= 2,
288 	NS_FILE_FMT	= 3
289 } ns_strfmt_t;
290 
291 /*
292  * This enum reduces the number of version string compares
293  * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
294  */
295 
296 typedef enum {
297 	NS_LDAP_V1	= 1000,
298 	NS_LDAP_V2	= 2000
299 } ns_version_t;
300 
301 /*
302  * enum<->string mapping construct
303  */
304 
305 typedef struct ns_enum_map {
306 	int	value;
307 	char	*name;
308 } ns_enum_map;
309 
310 #define	ENUM2INT(x)		((int)(x))
311 
312 #define	INT2PARAMINDEXENUM(x)	((ParamIndexType)(x))
313 #define	INT2SEARCHREFENUM(x)	((SearchRef_t)(x))
314 #define	INT2SCOPEENUM(x)	((ScopeType_t)(x))
315 #define	INT2AUTHENUM(x)		((AuthType_t)(x))
316 #define	INT2SECENUM(x)		((TlsType_t)(x))
317 #define	INT2PREFONLYENUM(x)	((PrefOnly_t)(x))
318 #define	INT2CREDLEVELENUM(x)	((CredLevel_t)(x))
319 
320 #define	INT2LDAPRETURN(x)	((ns_ldap_return_code)(x))
321 #define	INT2CONFIGRETURN(x)	((ns_ldap_config_return_code)(x))
322 #define	INT2PARTIALRETURN(x)	((ns_ldap_partial_return_code)(x))
323 
324 /*
325  * This structure maps service name to rdn components
326  * for use in __ns_getDNs. It also defines the SSD-to-use
327  * service for use in __s_api_get_SSDtoUse_service.
328  * The idea of an SSD-to-use service is to reduce the configuration
329  * complexity. For a service, which does not have its own entries in
330  * the LDAP directory, SSD for it is useless, and should not be set.
331  * But since this service must share the container with at least
332  * one other service which does have it own entries, the SSD for
333  * this other service will be shared by this service.
334  * This other service is called the SSD-to-use service.
335  *
336  */
337 
338 typedef struct ns_service_map {
339 	char	*service;
340 	char	*rdn;
341 	char	*SSDtoUse_service;
342 } ns_service_map;
343 
344 /*
345  * This structure contains a single mapping from:
346  * service:orig -> list of mapped
347  */
348 
349 typedef enum {
350 	NS_ATTR_MAP,
351 	NS_OBJ_MAP
352 } ns_maptype_t;
353 
354 typedef struct ns_mapping {
355 	ns_maptype_t	type;
356 	char		*service;
357 	char		*orig;
358 	char		**map;
359 } ns_mapping_t;
360 
361 /*
362  * The following is the list of internal libsldap configuration data
363  * structures.  The configuration is populated normally once per
364  * application.  The assumption is that in applications can be
365  * relatively short lived (IE ls via nsswitch) so it is important to
366  * keep configuration to a minimum, but keep lookups fast.
367  *
368  * Assumptions:
369  * 1 configuration entry per domain, and almost always 1 domain
370  * per app.  Hooks exist for multiple domains per app.
371  *
372  * Configurations are read in from client file cache or from LDAP.
373  * Attribute/objectclass mappings are hashed to improve lookup
374  * speed.
375  */
376 
377 /*
378  * Hash entry types
379  */
380 typedef enum	_ns_hashtype_t {
381 	NS_HASH_AMAP	= 1,		/* attr map */
382 	NS_HASH_RAMAP	= 2,		/* reverse attr map */
383 	NS_HASH_OMAP	= 3,		/* oc map */
384 	NS_HASH_ROMAP	= 4,		/* reverse oc map */
385 	NS_HASH_VOID	= 5
386 } ns_hashtype_t;
387 
388 typedef struct ns_hash {
389 	ns_hashtype_t	h_type;
390 	ns_mapping_t	*h_map;
391 	struct ns_hash	*h_next;
392 	struct ns_hash	*h_llnext;
393 } ns_hash_t;
394 
395 /*
396  * This structure defines the format of an internal configuration
397  * parameter for ns_ldap client.
398  */
399 
400 typedef struct ns_param {
401 	ns_datatype_t	ns_ptype;
402 	int		ns_acnt;
403 	union {
404 		char	**ppc;
405 		int	*pi;
406 		char	*pc;
407 		int	i;
408 		time_t	tm;
409 	} ns_pu;
410 } ns_param_t;
411 
412 #define	ns_ppc	ns_pu.ppc
413 #define	ns_pi	ns_pu.pi
414 #define	ns_pc	ns_pu.pc
415 #define	ns_i	ns_pu.i
416 #define	ns_tm	ns_pu.tm
417 
418 /*
419  * This structure defines an instance of a configuration structure.
420  * paramList contains the current ns_ldap parameter configuration
421  * and hashTbl contain the current attribute/objectclass mappings.
422  * Parameters are indexed by using the value assigned to the parameter
423  * in ParamIndexType.
424  */
425 
426 typedef struct ns_config {
427 	char			*domainName;
428 	ns_version_t		version;
429 	ns_param_t		paramList[NS_LDAP_MAX_PIT_P];
430 	ns_hash_t		*hashTbl[NS_HASH_MAX];
431 	ns_hash_t		*llHead;
432 	ns_ldap_entry_t		*RootDSE;
433 	boolean_t		delete;
434 	mutex_t			config_mutex;
435 	int			nUse;
436 	ldap_get_chg_cookie_t	config_cookie;
437 } ns_config_t;
438 
439 /*
440  * This structure defines the mapping of the NSCONFIGFILE file
441  * statements into their corresponding SolarisNamingProfile,
442  * Posix Mapping LDAP attributes, and to their corresponding
443  * ParamIndexType enum mapping.  THe ParamIndexType enum
444  * definitions can be found in ns_ldap.h.  This structure also
445  * defines the default values that are used when a value either
446  * does not exist or is undefined.
447  */
448 
449 typedef struct ns_default_config {
450 	const char	*name;		/* config file parameter name */
451 	ParamIndexType	index;		/* config file enum index */
452 	ns_conftype_t	config_type;	/* CLIENT/SERVER/CREDCONFIG */
453 	ns_datatype_t	data_type;	/* ppc,pi,pc,int etc... */
454 	int		single_valued;	/* TRUE OR FALSE */
455 	ns_version_t 	version;	/* Version # for attribute */
456 	const char	*profile_name;	/* profile schema attribute name */
457 	ns_param_t	defval;		/* config file parameter default */
458 	int		(*ns_verify)(ParamIndexType i,
459 				struct ns_default_config *def,
460 				ns_param_t *param,
461 				char *errbuf);
462 	ns_enum_map	*allowed;	/* allowed values */
463 } ns_default_config;
464 
465 
466 /*
467  * This typedef enumerates all the supported authentication
468  * mechanisms currently supported in this library
469  */
470 
471 typedef enum EnumAuthType {
472 	NS_LDAP_EA_NONE				= 0,
473 	NS_LDAP_EA_SIMPLE			= 1,
474 	NS_LDAP_EA_SASL_NONE			= 2,
475 	NS_LDAP_EA_SASL_CRAM_MD5		= 3,
476 	NS_LDAP_EA_SASL_DIGEST_MD5		= 4,
477 	NS_LDAP_EA_SASL_DIGEST_MD5_INT		= 5,
478 	NS_LDAP_EA_SASL_DIGEST_MD5_CONF		= 6,
479 	NS_LDAP_EA_SASL_EXTERNAL		= 7,
480 	NS_LDAP_EA_SASL_GSSAPI			= 8,
481 	NS_LDAP_EA_SASL_SPNEGO			= 9,	/* unsupported */
482 	NS_LDAP_EA_TLS_NONE			= 10,
483 	NS_LDAP_EA_TLS_SIMPLE			= 11,
484 	NS_LDAP_EA_TLS_SASL_NONE		= 12,
485 	NS_LDAP_EA_TLS_SASL_CRAM_MD5		= 13,
486 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5		= 14,
487 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT	= 15,
488 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF	= 16,
489 	NS_LDAP_EA_TLS_SASL_EXTERNAL		= 17,
490 	NS_LDAP_EA_TLS_SASL_GSSAPI		= 18,	/* unsupported */
491 	NS_LDAP_EA_TLS_SASL_SPNEGO		= 19	/* unsupported */
492 } EnumAuthType_t;
493 
494 
495 /*
496  * this enum lists the various states of the search state machine
497  */
498 
499 typedef enum {
500 	INIT			= 1,
501 	EXIT			= 2,
502 	NEXT_SEARCH_DESCRIPTOR	= 3,
503 	GET_SESSION		= 4,
504 	NEXT_SESSION		= 5,
505 	RESTART_SESSION		= 6,
506 	NEXT_SEARCH		= 7,
507 	NEXT_VLV		= 8,
508 	NEXT_PAGE		= 9,
509 	ONE_SEARCH		= 10,
510 	DO_SEARCH		= 11,
511 	NEXT_RESULT		= 12,
512 	MULTI_RESULT		= 13,
513 	PROCESS_RESULT		= 14,
514 	END_PROCESS_RESULT	= 15,
515 	END_RESULT		= 16,
516 	NEXT_REFERRAL		= 17,
517 	GET_REFERRAL_SESSION	= 18,
518 	ERROR			= 19,
519 	LDAP_ERROR		= 20,
520 	GET_ACCT_MGMT_INFO	= 21,
521 	CLEAR_RESULTS		= 22,
522 	REINIT			= 23
523 } ns_state_t;
524 
525 /*
526  * this enum lists the various states of the write state machine
527  */
528 typedef enum {
529 	W_INIT			= 1,
530 	W_EXIT			= 2,
531 	GET_CONNECTION		= 3,
532 	SELECT_OPERATION_SYNC	= 4,
533 	SELECT_OPERATION_ASYNC	= 5,
534 	DO_ADD_SYNC		= 6,
535 	DO_DELETE_SYNC		= 7,
536 	DO_MODIFY_SYNC		= 8,
537 	DO_ADD_ASYNC		= 9,
538 	DO_DELETE_ASYNC		= 10,
539 	DO_MODIFY_ASYNC		= 11,
540 	GET_RESULT_SYNC		= 12,
541 	GET_RESULT_ASYNC	= 13,
542 	PARSE_RESULT		= 14,
543 	GET_REFERRAL_CONNECTION	= 15,
544 	W_LDAP_ERROR		= 16,
545 	W_ERROR			= 17
546 } ns_write_state_t;
547 
548 
549 typedef int ConnectionID;
550 
551 /*
552  * This structure is used by ns_connect to create and manage
553  * one or more ldap connections within the library.
554  */
555 typedef struct connection {
556 	ConnectionID		connectionId;
557 	boolean_t		usedBit;	/* true if only used by */
558 						/* one thread and not shared */
559 						/* by other threads */
560 	pid_t			pid;		/* process id */
561 	char			*serverAddr;
562 	ns_cred_t		*auth;
563 	LDAP			*ld;
564 	thread_t		threadID;	/* thread ID using it */
565 	struct ns_ldap_cookie	*cookieInfo;
566 	char 			**controls;		/* from server_info */
567 	char			**saslMechanisms;	/* from server_info */
568 } Connection;
569 
570 #define	ONE_STEP			1
571 
572 /*
573  * This structure is for referrals processing.
574  * The data are from referral URLs returned by
575  * LDAP servers
576  */
577 typedef struct ns_referral_info {
578 	struct ns_referral_info	*next;
579 	char			*refHost;
580 	int			refScope;
581 	char			*refDN;
582 	char			*refFilter;
583 } ns_referral_info_t;
584 
585 struct ns_ldap_cookie;
586 
587 /*
588  * Batch used by __ns_ldap_list_batch_xxx API
589  */
590 struct ns_ldap_list_batch {
591 	uint32_t		nactive;
592 	struct ns_ldap_cookie	*next_cookie;
593 	struct ns_ldap_cookie	*cookie_list;
594 };
595 
596 struct ns_conn_user;
597 typedef struct ns_conn_user ns_conn_user_t;
598 
599 /*
600  * This structure used internally in searches
601  */
602 
603 typedef struct ns_ldap_cookie {
604 	/* INPUTS */
605 		/* server list position */
606 
607 		/* service search descriptor list & position */
608 	ns_ldap_search_desc_t  **sdlist;
609 	ns_ldap_search_desc_t  **sdpos;
610 
611 		/* search filter callback */
612 	int			use_filtercb;
613 	int 	(*init_filter_cb)(const ns_ldap_search_desc_t *desc,
614 			char **realfilter, const void *userdata);
615 
616 		/* user callback */
617 	int			use_usercb;
618 	int	(*callback)(const ns_ldap_entry_t *entry,
619 			const void *userdata);
620 	const void		*userdata;
621 
622 	int			followRef;
623 	int			use_paging;
624 	char			*service;
625 	char			*i_filter;
626 	const char * const	*i_attr;
627 	const ns_cred_t		*i_auth;
628 	int 			i_flags;
629 
630 	/* OUTPUTS */
631 	ns_ldap_result_t	*result;
632 	ns_ldap_entry_t		*nextEntry;
633 		/* Error data */
634 	int			err_rc;
635 	ns_ldap_error_t		*errorp;
636 
637 	/* PRIVATE */
638 	ns_state_t		state;
639 	ns_state_t		new_state;
640 	ns_state_t		next_state;
641 
642 	Connection		*conn;
643 #define	conn_auth_type	conn->auth->auth.type
644 	ConnectionID		connectionId;
645 
646 	/* paging VLV/SIMPLEPAGE data */
647 	int			listType;
648 	unsigned long		index;
649 	LDAPControl		**p_serverctrls;
650 
651 	int			scope;
652 	char			*basedn;
653 	char			*filter;
654 	char			**attribute;
655 
656 	/* RESULT PROCESSING */
657 	int			msgId;
658 	LDAPMessage		*resultMsg;
659 
660 	char			**dns;
661 	char			*currentdn;
662 	int			flag;
663 	struct berval   	*ctrlCookie;
664 
665 	/* REFERRALS PROCESSING */
666 	/* referralinfo list & position */
667 	ns_referral_info_t  	*reflist;
668 	ns_referral_info_t  	*refpos;
669 	/* search timeout value */
670 	struct timeval		search_timeout;
671 	/* response control to hold account management information */
672 	LDAPControl		**resultctrl;
673 	/* Flag to indicate password less account management is required */
674 	int			nopasswd_acct_mgmt;
675 	int			err_from_result;
676 	ns_conn_user_t		*conn_user;
677 
678 	/* BATCH PROCESSING */
679 	ns_ldap_list_batch_t	*batch;
680 	boolean_t		no_wait;
681 	boolean_t		reinit_on_retriable_err;
682 	int			retries;
683 	ns_ldap_result_t	**caller_result;
684 	ns_ldap_error_t		**caller_errorp;
685 	int			*caller_rc;
686 	struct ns_ldap_cookie	*next_cookie_in_batch;
687 } ns_ldap_cookie_t;
688 
689 /*
690  * This structure is part of the return value information for
691  * __s_api_requestServer.  The routine that requests a new server
692  * from the cache manager
693  */
694 typedef struct ns_server_info {
695 	char	*server;
696 	char	*serverFQDN;
697 	char 	**controls;
698 	char	**saslMechanisms;
699 } ns_server_info_t;
700 
701 /*
702  * sasl callback function parameters
703  */
704 typedef struct ns_sasl_cb_param {
705 	char	*mech;
706 	char	*authid;
707 	char	*authzid;
708 	char	*passwd;
709 	char	*realm;
710 } ns_sasl_cb_param_t;
711 
712 /* self/sasl/gssapi variable */
713 extern int sasl_gssapi_inited;
714 
715 /* Multiple threads per connection variable */
716 extern int MTperConn;
717 
718 /*
719  * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
720  */
721 
722 #ifdef DEBUG
723 extern int	__ldap_debug_file;
724 extern int	__ldap_debug_api;
725 extern int	__ldap_debug_ldap;
726 extern int	__ldap_debug_servers;
727 #endif
728 
729 /* internal connection APIs */
730 void DropConnection(ConnectionID, int);
731 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
732 
733 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
734 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
735 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
736 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
737 char *__s_get_pref_name(PrefOnly_t type);
738 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
739 char *__s_get_hostcertpath(void);
740 void __s_api_free_sessionPool();
741 int __s_api_requestServer(const char *request, const char *server,
742 	ns_server_info_t *ret, ns_ldap_error_t **error,  const char *addrType);
743 
744 
745 /* ************ internal sldap-api functions *********** */
746 void	__ns_ldap_freeEntry(ns_ldap_entry_t *ep);
747 void	__s_api_split_key_value(char *buffer, char **name, char **value);
748 int	__s_api_printResult(ns_ldap_result_t *);
749 int	__s_api_getSearchScope(int *, ns_ldap_error_t **);
750 int	__s_api_getDNs(char ***, const char *,
751 	ns_ldap_error_t **);
752 int	__s_api_get_search_DNs_v1(char ***, const char *,
753 	ns_ldap_error_t **);
754 int	__s_api_getConnection(const char *, const int,
755 	const ns_cred_t *, int *,
756 	Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
757 char	**__s_api_cp2dArray(char **);
758 void	__s_api_free2dArray(char **);
759 
760 int	__s_api_isCtrlSupported(Connection *, char *);
761 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
762 ns_auth_t  *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
763 boolean_t __s_api_peruser_proc(void);
764 boolean_t __s_api_nscd_proc(void);
765 char	*dvalue(char *);
766 char	*evalue(char *);
767 ns_ldap_error_t *__s_api_make_error(int, char *);
768 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
769 
770 /* ************ specific 'Standalone' functions ********** */
771 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
772 struct hostent *__s_api_hostname2ip(const char *name,
773 				    struct hostent *result,
774 				    char *buffer,
775 				    int buflen,
776 				    int *h_errnop);
777 void	__s_api_setInitMode();
778 void	__s_api_unsetInitMode();
779 int	__s_api_isStandalone(void);
780 int __s_api_isInitializing();
781 ns_ldap_return_code __s_api_findRootDSE(const char *request,
782 					const char *server,
783 					const char *addrType,
784 					ns_server_info_t *ret,
785 					ns_ldap_error_t	**error);
786 ns_config_t *__s_api_create_config_door_str(char *config,
787 				ns_ldap_error_t **errorp);
788 
789 extern void	get_environment();
790 
791 /* internal Param APIs */
792 int		__ns_ldap_setParamValue(ns_config_t *ptr,
793 			const ParamIndexType type,
794 			const void *data, ns_ldap_error_t **error);
795 int		__s_api_get_type(const char *value, ParamIndexType *type);
796 int		__s_api_get_versiontype(ns_config_t *ptr, char *value,
797 					ParamIndexType *type);
798 int		__s_api_get_profiletype(char *value, ParamIndexType *type);
799 void		__s_api_init_config(ns_config_t *ptr);
800 void		__s_api_init_config_global(ns_config_t *ptr);
801 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
802 					int check_dn);
803 ns_config_t	*__s_api_create_config(void);
804 ns_config_t	*__s_api_get_default_config(void);
805 ns_config_t	*__s_api_get_default_config_global(void);
806 ns_config_t	*__s_api_loadrefresh_config();
807 ns_config_t	*__s_api_loadrefresh_config_global();
808 void		__s_api_destroy_config(ns_config_t *ptr);
809 int		__s_api_get_configtype(ParamIndexType type);
810 const char	*__s_api_get_configname(ParamIndexType type);
811 char		*__s_api_strValue(ns_config_t *ptr, char *str,
812 			int bufsz, ParamIndexType i,
813 			ns_strfmt_t fmt);
814 void		__s_api_release_config(ns_config_t *cfg);
815 
816 /* internal attribute/objectclass mapping api's */
817 int		 __s_api_add_map2hash(ns_config_t *config,
818 				ns_hashtype_t type, ns_mapping_t *map);
819 void		__s_api_destroy_hash(ns_config_t *config);
820 int		__s_api_parse_map(char *cp, char **sid,
821 				char **origA, char ***mapA);
822 char		**__ns_ldap_mapAttributeList(const char *service,
823 				const char * const *origAttrList);
824 
825 /* internal configuration APIs */
826 void		__ns_ldap_setServer(int set);
827 ns_ldap_error_t	*__ns_ldap_LoadConfiguration();
828 ns_ldap_error_t	*__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
829 				ns_config_t *new);
830 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
831 ns_ldap_error_t	*__ns_ldap_DumpLdif(char *filename);
832 int		__ns_ldap_cache_ping();
833 ns_ldap_error_t *__ns_ldap_print_config(int);
834 void		__ns_ldap_default_config();
835 int		__ns_ldap_download(const char *, char *, char *,
836 				ns_ldap_error_t **);
837 int
838 __ns_ldap_check_dns_preq(int foreground,
839 		int mode_verbose,
840 		int mode_quiet,
841 		const char *fname,
842 		ns_ldap_self_gssapi_config_t config,
843 		ns_ldap_error_t **errpp);
844 int
845 __ns_ldap_check_gssapi_preq(int foreground,
846 		int mode_verbose,
847 		int mode_quiet,
848 		ns_ldap_self_gssapi_config_t config,
849 		ns_ldap_error_t **errpp);
850 int
851 __ns_ldap_check_all_preq(int foreground,
852 		int mode_verbose,
853 		int mode_quiet,
854 		ns_ldap_self_gssapi_config_t config,
855 		ns_ldap_error_t **errpp);
856 
857 /* internal un-exposed APIs */
858 ns_cred_t 	*__ns_ldap_dupAuth(const ns_cred_t *authp);
859 boolean_t	__s_api_is_auth_matched(const ns_cred_t *auth1,
860 		    const ns_cred_t *auth2);
861 int		__s_api_get_SSD_from_SSDtoUse_service(const char *service,
862 			ns_ldap_search_desc_t ***SSDlist,
863 			ns_ldap_error_t **errorp);
864 int		__s_api_prepend_automountmapname(const char *service,
865 			ns_ldap_search_desc_t ***SSDlist,
866 			ns_ldap_error_t ** errorp);
867 int		__s_api_prepend_automountmapname_to_dn(const char *service,
868 			char **basedn,
869 			ns_ldap_error_t ** errorp);
870 int		__s_api_convert_automountmapname(const char *service,
871 			char **dn, ns_ldap_error_t ** errorp);
872 int		__s_api_replace_mapped_attr_in_dn(
873 			const char *orig_attr, const char *mapped_attr,
874 			const char *dn, char **new_dn);
875 int		__s_api_append_default_basedn(
876 			const char *dn,
877 			char **new_dn,
878 			int *allocated,
879 			ns_ldap_error_t ** errorp);
880 int		__s_api_removeServer(const char *server);
881 void		__s_api_removeBadServers(char **server);
882 void		__s_api_free_server_info(ns_server_info_t *sinfo);
883 void		__s_api_freeConnection(Connection *con);
884 
885 /* internal referrals APIs */
886 int 		__s_api_toFollowReferrals(const int flags,
887 			int *toFollow,
888 			ns_ldap_error_t **errorp);
889 int 		__s_api_addRefInfo(ns_referral_info_t **head,
890 			char *url, char *baseDN, int *scope,
891 			char *filter, LDAP *ld);
892 void		__s_api_deleteRefInfo(ns_referral_info_t *head);
893 
894 /* callback routine for SSD filters */
895 int		__s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
896 			char **realfilter,
897 			const void *userdata);
898 
899 /* network address verification api */
900 int		__s_api_isipv4(char *addr);
901 int		__s_api_isipv6(char *addr);
902 int		__s_api_ishost(char *addr);
903 
904 /* password management routine */
905 ns_ldap_passwd_status_t
906 		__s_api_set_passwd_status(int errnum, char *errmsg);
907 int		__s_api_contain_passwd_control_oid(char **oids);
908 
909 /* password less account management routine */
910 int		__s_api_contain_account_usable_control_oid(char **oids);
911 
912 /* RFC 2307 section 5.6. Get a canonical name from entry */
913 char		*__s_api_get_canonical_name(ns_ldap_entry_t *entry,
914 			ns_ldap_attr_t *attrptr, int case_ignore);
915 
916 /* self/sasl/gssapi functions */
917 int		__s_api_sasl_bind_callback(
918 			LDAP		*ld,
919 			unsigned	flags,
920 			void		*defaults,
921 			void		*in);
922 
923 int		__s_api_self_gssapi_only_get(void);
924 int		__s_api_sasl_gssapi_init(void);
925 
926 #ifdef __cplusplus
927 }
928 #endif
929 
930 #endif /* _NS_INTERNAL_H */
931