1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 #ifndef _NS_INTERNAL_H 28 #define _NS_INTERNAL_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <stdio.h> 37 #include <sys/types.h> 38 #include <sys/time.h> 39 #include <thread.h> 40 #include <lber.h> 41 #include <ldap.h> 42 #include "ns_sldap.h" 43 44 /* 45 * INTERNALLY USED CONSTANTS 46 */ 47 48 #define MAXERROR 2000 49 #define TRUE 1 50 #define FALSE 0 51 #define NSLDAPDIRECTORY "/var/ldap" 52 #define NSCONFIGFILE "/var/ldap/ldap_client_file" 53 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh" 54 #define NSCREDFILE "/var/ldap/ldap_client_cred" 55 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh" 56 #define ROTORSIZE 256 57 #define MASK 0377 58 #define LDAPMAXHARDLOOKUPTIME 256 59 #define DONOTEDIT \ 60 "Do not edit this file manually; your changes will be lost." \ 61 "Please use ldapclient (1M) instead." 62 #define MAXPORTNUMBER 65535 63 #define MAXPORTNUMBER_STR "65535" 64 #define CREDFILE 0 65 #define CONFIGFILE 1 66 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))" 67 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))" 68 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))" 69 #define UIDFILTER_SSD "(&(%%s)(uid=%s))" 70 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))" 71 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))" 72 73 #define SIMPLEPAGECTRLFLAG 1 74 #define VLVCTRLFLAG 2 75 76 #define LISTPAGESIZE 1000 77 #define ENUMPAGESIZE 100 78 #define SORTKEYLIST "cn uid" 79 80 #define DEFMAX 8 81 #define TOKENSEPARATOR '=' 82 #define QUOTETOK '"' 83 #define SPACETOK ' ' 84 #define COMMATOK ',' 85 #define COLONTOK ':' 86 #define QUESTTOK '?' 87 #define SEMITOK ';' 88 #define TABTOK '\t' 89 #define OPARATOK '(' 90 #define CPARATOK ')' 91 #define BSLTOK '\\' 92 #define DOORLINESEP "\07" 93 #define COMMASEP ", " 94 #define SPACESEP " " 95 #define SEMISEP ";" 96 #define COLONSEP ":" 97 #define COLSPSEP ": " 98 #define EQUALSEP "=" 99 #define EQUSPSEP "= " 100 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P 101 #define BUFSIZE 1024 102 #define DEFAULTCONFIGNAME "__default_config" 103 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */ 104 #define CRYPTMARK "{NS1}" 105 #define DOORBUFFERSIZE 8192 106 107 #define LDIF_FMT_STR "%s: %s" 108 #define FILE_FMT_STR "%s= %s" 109 #define DOOR_FMT_STR "%s=%s" 110 111 #define SESSION_CACHE_INC 8 112 #define CONID_OFFSET 1024 113 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */ 114 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */ 115 116 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ 117 #define RDNSIZE 256 118 119 120 /* Phase 1 profile information */ 121 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile" 122 #define _PROFILE_CONTAINER "profile" 123 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))" 124 125 /* Phase 2 profile information */ 126 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile" 127 128 /* Common to all profiles */ 129 #define _P_CN "cn" 130 131 /* Native LDAP Phase 1 Specific Profile Attributes */ 132 #define _P1_SERVERS "SolarisLDAPServers" 133 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN" 134 #define _P1_CACHETTL "SolarisCacheTTL" 135 #define _P1_BINDDN "SolarisBindDN" 136 #define _P1_BINDPASSWORD "SolarisBindPassword" 137 #define _P1_AUTHMETHOD "SolarisAuthMethod" 138 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity" 139 #define _P1_CERTIFICATEPATH "SolarisCertificatePath" 140 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword" 141 #define _P1_DATASEARCHDN "SolarisDataSearchDN" 142 #define _P1_SEARCHSCOPE "SolarisSearchScope" 143 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit" 144 #define _P1_PREFERREDSERVER "SolarisPreferredServer" 145 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly" 146 #define _P1_SEARCHREFERRAL "SolarisSearchReferral" 147 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit" 148 149 /* Native LDAP Phase 2 Specific Profile Attributes */ 150 #define _P2_PREFERREDSERVER "preferredServerList" 151 #define _P2_DEFAULTSERVER "defaultServerList" 152 #define _P2_SEARCHBASEDN "defaultSearchBase" 153 #define _P2_SEARCHSCOPE "defaultSearchScope" 154 #define _P2_AUTHMETHOD "authenticationMethod" 155 #define _P2_CREDENTIALLEVEL "credentialLevel" 156 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor" 157 #define _P2_SEARCHTIMELIMIT "searchTimeLimit" 158 #define _P2_BINDTIMELIMIT "bindTimeLimit" 159 #define _P2_FOLLOWREFERRALS "followReferrals" 160 #define _P2_PROFILETTL "profileTTL" 161 #define _P2_ATTRIBUTEMAP "attributeMap" 162 #define _P2_OBJECTCLASSMAP "objectClassMap" 163 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel" 164 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod" 165 166 /* Control & SASL information from RootDSE door call */ 167 #define _SASLMECHANISM "supportedSASLmechanisms" 168 #define _SASLMECHANISM_LEN 23 169 #define _SUPPORTEDCONTROL "supportedControl" 170 #define _SUPPORTEDCONTROL_LEN 16 171 172 #define NS_HASH_MAX 257 173 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED=" 174 #define NS_HASH_RC_SUCCESS 1 175 #define NS_HASH_RC_NO_MEMORY -1 176 #define NS_HASH_RC_CONFIG_ERROR -2 177 #define NS_HASH_RC_EXISTED -3 178 #define NS_HASH_RC_SYNTAX_ERROR -4 179 180 /* Password management related error message from iDS ldap server */ 181 #define NS_PWDERR_MAXTRIES \ 182 "Exceed password retry limit." 183 #define NS_PWDERR_EXPIRED \ 184 "password expired!" 185 #define NS_PWDERR_ACCT_INACTIVATED \ 186 "Account inactivated. Contact system administrator." 187 #define NS_PWDERR_CHANGE_NOT_ALLOW \ 188 "user is not allowed to change password" 189 #define NS_PWDERR_INVALID_SYNTAX \ 190 "invalid password syntax" 191 #define NS_PWDERR_TRIVIAL_PASSWD \ 192 "Password failed triviality check" 193 #define NS_PWDERR_IN_HISTORY \ 194 "password in history" 195 #define NS_PWDERR_WITHIN_MIN_AGE \ 196 "within password minimum age" 197 198 /* 199 * INTERNALLY USED MACROS 200 */ 201 202 void __s_api_debug_pause(int priority, int st, const char *mesg); 203 204 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str)) 205 206 /* 207 * MKERROR: builds the error structure and fills in the status and 208 * the message. The message must be a freeable (non-static) string. 209 * If it fails to allocate memory for the error structure, 210 * it will return the retErr. 211 */ 212 #define MKERROR(priority, err, st, mesg, retErr) \ 213 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 214 return (retErr); \ 215 (err)->message = mesg; \ 216 (err)->status = (st); \ 217 __s_api_debug_pause(priority, st, (err)->message); 218 219 /* 220 * MKERROR_PWD_MGMT is almost the same as MKERROR 221 * except that it takes two more inputs to fill in the 222 * password management information part of the 223 * ns_ldap_error structure pointed to by err, 224 * and it does not log a syslog message. 225 */ 226 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \ 227 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 228 return (retErr); \ 229 (err)->message = mesg; \ 230 (err)->status = (st); \ 231 (err)->pwd_mgmt.status = (pwd_status); \ 232 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp); 233 234 #ifdef DEBUG 235 #define NSLDAPTRACE(variable, setequal, message) \ 236 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \ 237 char buf[BUFSIZ]; \ 238 (void) snprintf(buf, BUFSIZ, message); \ 239 (void) write(__ldap_debug_file, buf); \ 240 } 241 #endif 242 243 /* 244 * INTERNAL DATA STRUCTURES 245 */ 246 247 /* 248 * configuration entry type 249 */ 250 251 typedef enum { 252 SERVERCONFIG = 1, 253 CLIENTCONFIG = 2, 254 CREDCONFIG = 3 255 } ns_conftype_t; 256 257 /* 258 * datatype of a config entry 259 */ 260 261 typedef enum { 262 NS_UNKNOWN = 0, 263 CHARPTR = 1, /* Single character pointer */ 264 ARRAYCP = 2, /* comma sep array of char pointers */ 265 ARRAYAUTH = 3, /* Array of auths */ 266 TIMET = 4, /* time relative value (TTL) */ 267 INT = 5, /* single integer */ 268 SSDLIST = 6, /* service search descriptor */ 269 ATTRMAP = 7, /* attribute mapping */ 270 OBJMAP = 8, /* objectclass mapping */ 271 SERVLIST = 9, /* serverlist (SP sep array) */ 272 ARRAYCRED = 10, /* Array of credentialLevels */ 273 SAMLIST = 11, /* serviceAuthenticationMethod */ 274 SCLLIST = 12 /* serviceCredentialLevel */ 275 } ns_datatype_t; 276 277 typedef enum { 278 NS_SUCCESS, 279 NS_NOTFOUND, 280 NS_PARSE_ERR 281 } ns_parse_status; 282 283 typedef enum { 284 NS_DOOR_FMT = 1, 285 NS_LDIF_FMT = 2, 286 NS_FILE_FMT = 3 287 } ns_strfmt_t; 288 289 /* 290 * This enum reduces the number of version string compares 291 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2 292 */ 293 294 typedef enum { 295 NS_LDAP_V1 = 1000, 296 NS_LDAP_V2 = 2000 297 } ns_version_t; 298 299 /* 300 * enum<->string mapping construct 301 */ 302 303 typedef struct ns_enum_map { 304 int value; 305 char *name; 306 } ns_enum_map; 307 308 #define ENUM2INT(x) ((int)(x)) 309 310 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x)) 311 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x)) 312 #define INT2SCOPEENUM(x) ((ScopeType_t)(x)) 313 #define INT2AUTHENUM(x) ((AuthType_t)(x)) 314 #define INT2SECENUM(x) ((TlsType_t)(x)) 315 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x)) 316 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x)) 317 318 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x)) 319 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x)) 320 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x)) 321 322 /* 323 * This structure maps service name to rdn components 324 * for use in __ns_getDNs. It also defines the SSD-to-use 325 * service for use in __s_api_get_SSDtoUse_service. 326 * The idea of an SSD-to-use service is to reduce the configuration 327 * complexity. For a service, which does not have its own entries in 328 * the LDAP directory, SSD for it is useless, and should not be set. 329 * But since this service must share the container with at least 330 * one other service which does have it own entries, the SSD for 331 * this other service will be shared by this service. 332 * This other service is called the SSD-to-use service. 333 * 334 */ 335 336 typedef struct ns_service_map { 337 char *service; 338 char *rdn; 339 char *SSDtoUse_service; 340 } ns_service_map; 341 342 /* 343 * This structure contains a single mapping from: 344 * service:orig -> list of mapped 345 */ 346 347 typedef enum { 348 NS_ATTR_MAP, 349 NS_OBJ_MAP 350 } ns_maptype_t; 351 352 typedef struct ns_mapping { 353 ns_maptype_t type; 354 char *service; 355 char *orig; 356 char **map; 357 } ns_mapping_t; 358 359 /* 360 * The following is the list of internal libsldap configuration data 361 * structures. The configuration is populated normally once per 362 * application. The assumption is that in applications can be 363 * relatively short lived (IE ls via nsswitch) so it is important to 364 * keep configuration to a minimum, but keep lookups fast. 365 * 366 * Assumptions: 367 * 1 configuration entry per domain, and almost always 1 domain 368 * per app. Hooks exist for multiple domains per app. 369 * 370 * Configurations are read in from client file cache or from LDAP. 371 * Attribute/objectclass mappings are hashed to improve lookup 372 * speed. 373 */ 374 375 /* 376 * Hash entry types 377 */ 378 typedef enum _ns_hashtype_t { 379 NS_HASH_AMAP = 1, /* attr map */ 380 NS_HASH_RAMAP = 2, /* reverse attr map */ 381 NS_HASH_OMAP = 3, /* oc map */ 382 NS_HASH_ROMAP = 4, /* reverse oc map */ 383 NS_HASH_VOID = 5 384 } ns_hashtype_t; 385 386 typedef struct ns_hash { 387 ns_hashtype_t h_type; 388 ns_mapping_t *h_map; 389 struct ns_hash *h_next; 390 struct ns_hash *h_llnext; 391 } ns_hash_t; 392 393 /* 394 * This structure defines the format of an internal configuration 395 * parameter for ns_ldap client. 396 */ 397 398 typedef struct ns_param { 399 ns_datatype_t ns_ptype; 400 int ns_acnt; 401 union { 402 char **ppc; 403 int *pi; 404 char *pc; 405 int i; 406 time_t tm; 407 } ns_pu; 408 } ns_param_t; 409 410 #define ns_ppc ns_pu.ppc 411 #define ns_pi ns_pu.pi 412 #define ns_pc ns_pu.pc 413 #define ns_i ns_pu.i 414 #define ns_tm ns_pu.tm 415 416 /* 417 * This structure defines an instance of a configuration structure. 418 * paramList contains the current ns_ldap parameter configuration 419 * and hashTbl contain the current attribute/objectclass mappings. 420 * Parameters are indexed by using the value assigned to the parameter 421 * in ParamIndexType. 422 */ 423 424 typedef struct ns_config { 425 char *domainName; 426 ns_version_t version; 427 ns_param_t paramList[NS_LDAP_MAX_PIT_P]; 428 ns_hash_t *hashTbl[NS_HASH_MAX]; 429 ns_hash_t *llHead; 430 ns_ldap_entry_t *RootDSE; 431 boolean_t delete; 432 mutex_t config_mutex; 433 int nUse; 434 } ns_config_t; 435 436 /* 437 * This structure defines the mapping of the NSCONFIGFILE file 438 * statements into their corresponding SolarisNamingProfile, 439 * Posix Mapping LDAP attributes, and to their corresponding 440 * ParamIndexType enum mapping. THe ParamIndexType enum 441 * definitions can be found in ns_ldap.h. This structure also 442 * defines the default values that are used when a value either 443 * does not exist or is undefined. 444 */ 445 446 typedef struct ns_default_config { 447 const char *name; /* config file parameter name */ 448 ParamIndexType index; /* config file enum index */ 449 ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */ 450 ns_datatype_t data_type; /* ppc,pi,pc,int etc... */ 451 int single_valued; /* TRUE OR FALSE */ 452 ns_version_t version; /* Version # for attribute */ 453 const char *profile_name; /* profile schema attribute name */ 454 ns_param_t defval; /* config file parameter default */ 455 int (*ns_verify)(ParamIndexType i, 456 struct ns_default_config *def, 457 ns_param_t *param, 458 char *errbuf); 459 ns_enum_map *allowed; /* allowed values */ 460 } ns_default_config; 461 462 463 /* 464 * This typedef enumerates all the supported authentication 465 * mechanisms currently supported in this library 466 */ 467 468 typedef enum EnumAuthType { 469 NS_LDAP_EA_NONE = 0, 470 NS_LDAP_EA_SIMPLE = 1, 471 NS_LDAP_EA_SASL_NONE = 2, 472 NS_LDAP_EA_SASL_CRAM_MD5 = 3, 473 NS_LDAP_EA_SASL_DIGEST_MD5 = 4, 474 NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5, 475 NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6, 476 NS_LDAP_EA_SASL_EXTERNAL = 7, 477 NS_LDAP_EA_SASL_GSSAPI = 8, 478 NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */ 479 NS_LDAP_EA_TLS_NONE = 10, 480 NS_LDAP_EA_TLS_SIMPLE = 11, 481 NS_LDAP_EA_TLS_SASL_NONE = 12, 482 NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13, 483 NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14, 484 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15, 485 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16, 486 NS_LDAP_EA_TLS_SASL_EXTERNAL = 17, 487 NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */ 488 NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */ 489 } EnumAuthType_t; 490 491 492 /* 493 * this enum lists the various states of the search state machine 494 */ 495 496 typedef enum { 497 INIT = 1, 498 EXIT = 2, 499 NEXT_SEARCH_DESCRIPTOR = 3, 500 GET_SESSION = 4, 501 NEXT_SESSION = 5, 502 RESTART_SESSION = 6, 503 NEXT_SEARCH = 7, 504 NEXT_VLV = 8, 505 NEXT_PAGE = 9, 506 ONE_SEARCH = 10, 507 DO_SEARCH = 11, 508 NEXT_RESULT = 12, 509 MULTI_RESULT = 13, 510 PROCESS_RESULT = 14, 511 END_PROCESS_RESULT = 15, 512 END_RESULT = 16, 513 NEXT_REFERRAL = 17, 514 GET_REFERRAL_SESSION = 18, 515 ERROR = 19, 516 LDAP_ERROR = 20, 517 GET_ACCT_MGMT_INFO = 21, 518 CLEAR_RESULTS = 22 519 } ns_state_t; 520 521 /* 522 * this enum lists the various states of the write state machine 523 */ 524 typedef enum { 525 W_INIT = 1, 526 W_EXIT = 2, 527 GET_CONNECTION = 3, 528 SELECT_OPERATION_SYNC = 4, 529 SELECT_OPERATION_ASYNC = 5, 530 DO_ADD_SYNC = 6, 531 DO_DELETE_SYNC = 7, 532 DO_MODIFY_SYNC = 8, 533 DO_ADD_ASYNC = 9, 534 DO_DELETE_ASYNC = 10, 535 DO_MODIFY_ASYNC = 11, 536 GET_RESULT_SYNC = 12, 537 GET_RESULT_ASYNC = 13, 538 PARSE_RESULT = 14, 539 GET_REFERRAL_CONNECTION = 15, 540 W_LDAP_ERROR = 16, 541 W_ERROR = 17 542 } ns_write_state_t; 543 544 545 typedef int ConnectionID; 546 547 /* 548 * This structure is used by ns_connect to create and manage 549 * one or more ldap connections within the library. 550 */ 551 typedef struct connection { 552 ConnectionID connectionId; 553 boolean_t usedBit; /* true if only used by */ 554 /* one thread and not shared */ 555 /* by other threads */ 556 boolean_t notAvail; /* not sharable, delete */ 557 /* when shared == 0 */ 558 int shared; /* number of threads */ 559 /* using this connection */ 560 pid_t pid; /* process id */ 561 char *serverAddr; 562 ns_cred_t *auth; 563 LDAP *ld; 564 thread_t threadID; /* thread ID using it */ 565 struct ns_ldap_cookie *cookieInfo; 566 char **controls; /* from server_info */ 567 char **saslMechanisms; /* from server_info */ 568 } Connection; 569 570 #define ONE_STEP 1 571 572 /* 573 * This structure is for referrals processing. 574 * The data are from referral URLs returned by 575 * LDAP servers 576 */ 577 typedef struct ns_referral_info { 578 struct ns_referral_info *next; 579 char *refHost; 580 int refScope; 581 char *refDN; 582 char *refFilter; 583 } ns_referral_info_t; 584 585 /* 586 * This structure used internally in searches 587 */ 588 589 typedef struct ns_ldap_cookie { 590 /* INPUTS */ 591 /* server list position */ 592 593 /* service search descriptor list & position */ 594 ns_ldap_search_desc_t **sdlist; 595 ns_ldap_search_desc_t **sdpos; 596 597 /* search filter callback */ 598 int use_filtercb; 599 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 600 char **realfilter, const void *userdata); 601 602 /* user callback */ 603 int use_usercb; 604 int (*callback)(const ns_ldap_entry_t *entry, 605 const void *userdata); 606 const void *userdata; 607 608 int followRef; 609 int use_paging; 610 char *service; 611 char *i_filter; 612 const char * const *i_attr; 613 const ns_cred_t *i_auth; 614 int i_flags; 615 616 /* OUTPUTS */ 617 ns_ldap_result_t *result; 618 ns_ldap_entry_t *nextEntry; 619 /* Error data */ 620 int err_rc; 621 ns_ldap_error_t *errorp; 622 623 /* PRIVATE */ 624 ns_state_t state; 625 ns_state_t new_state; 626 ns_state_t next_state; 627 628 Connection *conn; 629 #define conn_auth_type conn->auth->auth.type 630 ConnectionID connectionId; 631 632 /* paging VLV/SIMPLEPAGE data */ 633 int listType; 634 unsigned long index; 635 LDAPControl **p_serverctrls; 636 637 int scope; 638 char *basedn; 639 char *filter; 640 char **attribute; 641 642 /* RESULT PROCESSING */ 643 int msgId; 644 LDAPMessage *resultMsg; 645 646 char **dns; 647 char *currentdn; 648 int flag; 649 struct berval *ctrlCookie; 650 651 /* REFERRALS PROCESSING */ 652 /* referralinfo list & position */ 653 ns_referral_info_t *reflist; 654 ns_referral_info_t *refpos; 655 /* search timeout value */ 656 struct timeval search_timeout; 657 /* response control to hold account management information */ 658 LDAPControl **resultctrl; 659 /* Flag to indicate password less account management is required */ 660 int nopasswd_acct_mgmt; 661 int err_from_result; 662 } ns_ldap_cookie_t; 663 664 /* 665 * This structure is part of the return value information for 666 * __s_api_requestServer. The routine that requests a new server 667 * from the cache manager 668 */ 669 typedef struct ns_server_info { 670 char *server; 671 char *serverFQDN; 672 char **controls; 673 char **saslMechanisms; 674 } ns_server_info_t; 675 676 /* 677 * sasl callback function parameters 678 */ 679 typedef struct ns_sasl_cb_param { 680 char *mech; 681 char *authid; 682 char *authzid; 683 char *passwd; 684 char *realm; 685 } ns_sasl_cb_param_t; 686 687 /* self/sasl/gssapi variable */ 688 extern int sasl_gssapi_inited; 689 690 /* Multiple threads per connection variable */ 691 extern int MTperConn; 692 693 /* 694 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS 695 */ 696 697 #ifdef DEBUG 698 extern int __ldap_debug_file; 699 extern int __ldap_debug_api; 700 extern int __ldap_debug_ldap; 701 extern int __ldap_debug_servers; 702 #endif 703 704 /* internal connection APIs */ 705 void DropConnection(ConnectionID, int); 706 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error); 707 708 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i); 709 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type); 710 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type); 711 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type); 712 char *__s_get_pref_name(PrefOnly_t type); 713 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type); 714 char *__s_get_hostcertpath(void); 715 716 717 /* ************ internal sldap-api functions *********** */ 718 void __ns_ldap_freeEntry(ns_ldap_entry_t *ep); 719 void __s_api_split_key_value(char *buffer, char **name, char **value); 720 int __s_api_printResult(ns_ldap_result_t *); 721 int __s_api_getSearchScope(int *, ns_ldap_error_t **); 722 int __s_api_getDNs(char ***, const char *, 723 ns_ldap_error_t **); 724 int __s_api_get_search_DNs_v1(char ***, const char *, 725 ns_ldap_error_t **); 726 int __s_api_getConnection(const char *, const int, 727 const ns_cred_t *, int *, 728 Connection **, ns_ldap_error_t **, int, int); 729 char **__s_api_cp2dArray(char **); 730 void __s_api_free2dArray(char **); 731 732 int __s_api_isCtrlSupported(Connection *, char *); 733 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result); 734 ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i); 735 int __s_api_peruser_proc(void); 736 int __s_api_nscd_proc(void); 737 char *dvalue(char *); 738 char *evalue(char *); 739 740 extern void get_environment(); 741 742 /* internal Param APIs */ 743 int __ns_ldap_setParamValue(ns_config_t *ptr, 744 const ParamIndexType type, 745 const void *data, ns_ldap_error_t **error); 746 int __s_api_get_type(const char *value, ParamIndexType *type); 747 int __s_api_get_versiontype(ns_config_t *ptr, char *value, 748 ParamIndexType *type); 749 int __s_api_get_profiletype(char *value, ParamIndexType *type); 750 void __s_api_init_config(ns_config_t *ptr); 751 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr, 752 int check_dn); 753 ns_config_t *__s_api_create_config(void); 754 ns_config_t *__s_api_get_default_config(void); 755 ns_config_t *__s_api_loadrefresh_config(); 756 void __s_api_destroy_config(ns_config_t *ptr); 757 int __s_api_get_configtype(ParamIndexType type); 758 const char *__s_api_get_configname(ParamIndexType type); 759 char *__s_api_strValue(ns_config_t *ptr, char *str, 760 int bufsz, ParamIndexType i, 761 ns_strfmt_t fmt); 762 void __s_api_release_config(ns_config_t *cfg); 763 764 /* internal attribute/objectclass mapping api's */ 765 int __s_api_add_map2hash(ns_config_t *config, 766 ns_hashtype_t type, ns_mapping_t *map); 767 void __s_api_destroy_hash(ns_config_t *config); 768 int __s_api_parse_map(char *cp, char **sid, 769 char **origA, char ***mapA); 770 char **__ns_ldap_mapAttributeList(const char *service, 771 const char * const *origAttrList); 772 773 /* internal configuration APIs */ 774 void __ns_ldap_setServer(int set); 775 ns_ldap_error_t *__ns_ldap_LoadConfiguration(); 776 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname); 777 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename); 778 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename); 779 int __ns_ldap_cache_ping(); 780 ns_ldap_error_t *__ns_ldap_print_config(int); 781 void __ns_ldap_default_config(); 782 int __ns_ldap_download(const char *, char *, char *, 783 ns_ldap_error_t **); 784 int 785 __ns_ldap_check_dns_preq(int foreground, 786 int mode_verbose, 787 int mode_quiet, 788 const char *fname, 789 ns_ldap_self_gssapi_config_t config, 790 ns_ldap_error_t **errpp); 791 int 792 __ns_ldap_check_gssapi_preq(int foreground, 793 int mode_verbose, 794 int mode_quiet, 795 ns_ldap_self_gssapi_config_t config, 796 ns_ldap_error_t **errpp); 797 int 798 __ns_ldap_check_all_preq(int foreground, 799 int mode_verbose, 800 int mode_quiet, 801 ns_ldap_self_gssapi_config_t config, 802 ns_ldap_error_t **errpp); 803 804 /* internal un-exposed APIs */ 805 ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp); 806 int __s_api_get_SSD_from_SSDtoUse_service(const char *service, 807 ns_ldap_search_desc_t ***SSDlist, 808 ns_ldap_error_t **errorp); 809 int __s_api_prepend_automountmapname(const char *service, 810 ns_ldap_search_desc_t ***SSDlist, 811 ns_ldap_error_t ** errorp); 812 int __s_api_prepend_automountmapname_to_dn(const char *service, 813 char **basedn, 814 ns_ldap_error_t ** errorp); 815 int __s_api_convert_automountmapname(const char *service, 816 char **dn, ns_ldap_error_t ** errorp); 817 int __s_api_replace_mapped_attr_in_dn( 818 const char *orig_attr, const char *mapped_attr, 819 const char *dn, char **new_dn); 820 int __s_api_append_default_basedn( 821 const char *dn, 822 char **new_dn, 823 int *allocated, 824 ns_ldap_error_t ** errorp); 825 int __s_api_removeServer(const char *server); 826 void __s_api_removeBadServers(char **server); 827 void __s_api_free_server_info(ns_server_info_t *sinfo); 828 829 /* internal referrals APIs */ 830 int __s_api_toFollowReferrals(const int flags, 831 int *toFollow, 832 ns_ldap_error_t **errorp); 833 int __s_api_addRefInfo(ns_referral_info_t **head, 834 char *url, char *baseDN, int *scope, 835 char *filter, LDAP *ld); 836 void __s_api_deleteRefInfo(ns_referral_info_t *head); 837 838 /* callback routine for SSD filters */ 839 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc, 840 char **realfilter, 841 const void *userdata); 842 843 /* network address verification api */ 844 int __s_api_isipv4(char *addr); 845 int __s_api_isipv6(char *addr); 846 int __s_api_ishost(char *addr); 847 848 /* password management routine */ 849 ns_ldap_passwd_status_t 850 __s_api_set_passwd_status(int errnum, char *errmsg); 851 int __s_api_contain_passwd_control_oid(char **oids); 852 853 /* password less account management routine */ 854 int __s_api_contain_account_usable_control_oid(char **oids); 855 856 /* RFC 2307 section 5.6. Get a canonical name from entry */ 857 char *__s_api_get_canonical_name(ns_ldap_entry_t *entry, 858 ns_ldap_attr_t *attrptr, int case_ignore); 859 860 /* self/sasl/gssapi functions */ 861 int __s_api_sasl_bind_callback( 862 LDAP *ld, 863 unsigned flags, 864 void *defaults, 865 void *in); 866 867 int __s_api_self_gssapi_only_get(void); 868 int __s_api_sasl_gssapi_init(void); 869 int __s_api_check_MTC_tsd(); 870 871 /* Multiple threads per connection functions */ 872 void ns_tsd_cleanup(void *); 873 874 #ifdef __cplusplus 875 } 876 #endif 877 878 #endif /* _NS_INTERNAL_H */ 879