1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 28 #ifndef _NS_INTERNAL_H 29 #define _NS_INTERNAL_H 30 31 #pragma ident "%Z%%M% %I% %E% SMI" 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 #include <stdio.h> 38 #include <sys/types.h> 39 #include <sys/time.h> 40 #include <thread.h> 41 #include <lber.h> 42 #include <ldap.h> 43 #include "ns_sldap.h" 44 45 /* 46 * INTERNALLY USED CONSTANTS 47 */ 48 49 #define MAXERROR 2000 50 #define TRUE 1 51 #define FALSE 0 52 #define NSLDAPDIRECTORY "/var/ldap" 53 #define NSCONFIGFILE "/var/ldap/ldap_client_file" 54 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh" 55 #define NSCREDFILE "/var/ldap/ldap_client_cred" 56 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh" 57 #define ROTORSIZE 256 58 #define MASK 0377 59 #define LDAPMAXHARDLOOKUPTIME 256 60 #define DONOTEDIT \ 61 "Do not edit this file manually; your changes will be lost." \ 62 "Please use ldapclient (1M) instead." 63 #define MAXPORTNUMBER 65535 64 #define MAXPORTNUMBER_STR "65535" 65 #define CREDFILE 0 66 #define CONFIGFILE 1 67 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))" 68 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))" 69 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))" 70 #define UIDFILTER_SSD "(&(%%s)(uid=%s))" 71 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))" 72 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))" 73 74 #define SIMPLEPAGECTRLFLAG 1 75 #define VLVCTRLFLAG 2 76 77 #define LISTPAGESIZE 1000 78 #define ENUMPAGESIZE 100 79 #define SORTKEYLIST "cn uid" 80 81 #define DEFMAX 8 82 #define TOKENSEPARATOR '=' 83 #define QUOTETOK '"' 84 #define SPACETOK ' ' 85 #define COMMATOK ',' 86 #define COLONTOK ':' 87 #define QUESTTOK '?' 88 #define SEMITOK ';' 89 #define TABTOK '\t' 90 #define OPARATOK '(' 91 #define CPARATOK ')' 92 #define BSLTOK '\\' 93 #define DOORLINESEP "\07" 94 #define COMMASEP ", " 95 #define SPACESEP " " 96 #define SEMISEP ";" 97 #define COLONSEP ":" 98 #define COLSPSEP ": " 99 #define EQUALSEP "=" 100 #define EQUSPSEP "= " 101 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P 102 #define BUFSIZE 1024 103 #define DEFAULTCONFIGNAME "__default_config" 104 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */ 105 #define CRYPTMARK "{NS1}" 106 #define DOORBUFFERSIZE 8192 107 108 #define LDIF_FMT_STR "%s: %s" 109 #define FILE_FMT_STR "%s= %s" 110 #define DOOR_FMT_STR "%s=%s" 111 112 #define SESSION_CACHE_INC 8 113 #define CONID_OFFSET 1024 114 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */ 115 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */ 116 117 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ 118 #define RDNSIZE 256 119 120 121 /* Phase 1 profile information */ 122 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile" 123 #define _PROFILE_CONTAINER "profile" 124 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))" 125 126 /* Phase 2 profile information */ 127 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile" 128 129 /* Common to all profiles */ 130 #define _P_CN "cn" 131 132 /* Native LDAP Phase 1 Specific Profile Attributes */ 133 #define _P1_SERVERS "SolarisLDAPServers" 134 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN" 135 #define _P1_CACHETTL "SolarisCacheTTL" 136 #define _P1_BINDDN "SolarisBindDN" 137 #define _P1_BINDPASSWORD "SolarisBindPassword" 138 #define _P1_AUTHMETHOD "SolarisAuthMethod" 139 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity" 140 #define _P1_CERTIFICATEPATH "SolarisCertificatePath" 141 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword" 142 #define _P1_DATASEARCHDN "SolarisDataSearchDN" 143 #define _P1_SEARCHSCOPE "SolarisSearchScope" 144 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit" 145 #define _P1_PREFERREDSERVER "SolarisPreferredServer" 146 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly" 147 #define _P1_SEARCHREFERRAL "SolarisSearchReferral" 148 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit" 149 150 /* Native LDAP Phase 2 Specific Profile Attributes */ 151 #define _P2_PREFERREDSERVER "preferredServerList" 152 #define _P2_DEFAULTSERVER "defaultServerList" 153 #define _P2_SEARCHBASEDN "defaultSearchBase" 154 #define _P2_SEARCHSCOPE "defaultSearchScope" 155 #define _P2_AUTHMETHOD "authenticationMethod" 156 #define _P2_CREDENTIALLEVEL "credentialLevel" 157 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor" 158 #define _P2_SEARCHTIMELIMIT "searchTimeLimit" 159 #define _P2_BINDTIMELIMIT "bindTimeLimit" 160 #define _P2_FOLLOWREFERRALS "followReferrals" 161 #define _P2_PROFILETTL "profileTTL" 162 #define _P2_ATTRIBUTEMAP "attributeMap" 163 #define _P2_OBJECTCLASSMAP "objectClassMap" 164 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel" 165 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod" 166 167 /* Control & SASL information from RootDSE door call */ 168 #define _SASLMECHANISM "supportedSASLmechanisms" 169 #define _SASLMECHANISM_LEN 23 170 #define _SUPPORTEDCONTROL "supportedControl" 171 #define _SUPPORTEDCONTROL_LEN 16 172 173 #define NS_HASH_MAX 257 174 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED=" 175 #define NS_HASH_RC_SUCCESS 1 176 #define NS_HASH_RC_NO_MEMORY -1 177 #define NS_HASH_RC_CONFIG_ERROR -2 178 #define NS_HASH_RC_EXISTED -3 179 #define NS_HASH_RC_SYNTAX_ERROR -4 180 181 /* Password management related error message from iDS ldap server */ 182 #define NS_PWDERR_MAXTRIES \ 183 "Exceed password retry limit." 184 #define NS_PWDERR_EXPIRED \ 185 "password expired!" 186 #define NS_PWDERR_ACCT_INACTIVATED \ 187 "Account inactivated. Contact system administrator." 188 #define NS_PWDERR_CHANGE_NOT_ALLOW \ 189 "user is not allowed to change password" 190 #define NS_PWDERR_INVALID_SYNTAX \ 191 "invalid password syntax" 192 #define NS_PWDERR_TRIVIAL_PASSWD \ 193 "Password failed triviality check" 194 #define NS_PWDERR_IN_HISTORY \ 195 "password in history" 196 #define NS_PWDERR_WITHIN_MIN_AGE \ 197 "within password minimum age" 198 199 /* 200 * INTERNALLY USED MACROS 201 */ 202 203 void __s_api_debug_pause(int priority, int st, const char *mesg); 204 205 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str)) 206 207 /* 208 * MKERROR: builds the error structure and fills in the status and 209 * the message. The message must be a freeable (non-static) string. 210 * If it fails to allocate memory for the error structure, 211 * it will return the retErr. 212 */ 213 #define MKERROR(priority, err, st, mesg, retErr) \ 214 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 215 return (retErr); \ 216 (err)->message = mesg; \ 217 (err)->status = (st); \ 218 __s_api_debug_pause(priority, st, (err)->message); 219 220 /* 221 * MKERROR_PWD_MGMT is almost the same as MKERROR 222 * except that it takes two more inputs to fill in the 223 * password management information part of the 224 * ns_ldap_error structure pointed to by err, 225 * and it does not log a syslog message. 226 */ 227 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \ 228 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 229 return (retErr); \ 230 (err)->message = mesg; \ 231 (err)->status = (st); \ 232 (err)->pwd_mgmt.status = (pwd_status); \ 233 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp); 234 235 #ifdef DEBUG 236 #define NSLDAPTRACE(variable, setequal, message) \ 237 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \ 238 char buf[BUFSIZ]; \ 239 (void) snprintf(buf, BUFSIZ, message); \ 240 (void) write(__ldap_debug_file, buf); \ 241 } 242 #endif 243 244 /* 245 * INTERNAL DATA STRUCTURES 246 */ 247 248 /* 249 * configuration entry type 250 */ 251 252 typedef enum { 253 SERVERCONFIG = 1, 254 CLIENTCONFIG = 2, 255 CREDCONFIG = 3 256 } ns_conftype_t; 257 258 /* 259 * datatype of a config entry 260 */ 261 262 typedef enum { 263 NS_UNKNOWN = 0, 264 CHARPTR = 1, /* Single character pointer */ 265 ARRAYCP = 2, /* comma sep array of char pointers */ 266 ARRAYAUTH = 3, /* Array of auths */ 267 TIMET = 4, /* time relative value (TTL) */ 268 INT = 5, /* single integer */ 269 SSDLIST = 6, /* service search descriptor */ 270 ATTRMAP = 7, /* attribute mapping */ 271 OBJMAP = 8, /* objectclass mapping */ 272 SERVLIST = 9, /* serverlist (SP sep array) */ 273 ARRAYCRED = 10, /* Array of credentialLevels */ 274 SAMLIST = 11, /* serviceAuthenticationMethod */ 275 SCLLIST = 12 /* serviceCredentialLevel */ 276 } ns_datatype_t; 277 278 typedef enum { 279 NS_SUCCESS, 280 NS_NOTFOUND, 281 NS_PARSE_ERR 282 } ns_parse_status; 283 284 typedef enum { 285 NS_DOOR_FMT = 1, 286 NS_LDIF_FMT = 2, 287 NS_FILE_FMT = 3 288 } ns_strfmt_t; 289 290 /* 291 * This enum reduces the number of version string compares 292 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2 293 */ 294 295 typedef enum { 296 NS_LDAP_V1 = 1000, 297 NS_LDAP_V2 = 2000 298 } ns_version_t; 299 300 /* 301 * enum<->string mapping construct 302 */ 303 304 typedef struct ns_enum_map { 305 int value; 306 char *name; 307 } ns_enum_map; 308 309 #define ENUM2INT(x) ((int)(x)) 310 311 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x)) 312 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x)) 313 #define INT2SCOPEENUM(x) ((ScopeType_t)(x)) 314 #define INT2AUTHENUM(x) ((AuthType_t)(x)) 315 #define INT2SECENUM(x) ((TlsType_t)(x)) 316 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x)) 317 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x)) 318 319 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x)) 320 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x)) 321 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x)) 322 323 /* 324 * This structure maps service name to rdn components 325 * for use in __ns_getDNs. It also defines the SSD-to-use 326 * service for use in __s_api_get_SSDtoUse_service. 327 * The idea of an SSD-to-use service is to reduce the configuration 328 * complexity. For a service, which does not have its own entries in 329 * the LDAP directory, SSD for it is useless, and should not be set. 330 * But since this service must share the container with at least 331 * one other service which does have it own entries, the SSD for 332 * this other service will be shared by this service. 333 * This other service is called the SSD-to-use service. 334 * 335 */ 336 337 typedef struct ns_service_map { 338 char *service; 339 char *rdn; 340 char *SSDtoUse_service; 341 } ns_service_map; 342 343 /* 344 * This structure contains a single mapping from: 345 * service:orig -> list of mapped 346 */ 347 348 typedef enum { 349 NS_ATTR_MAP, 350 NS_OBJ_MAP 351 } ns_maptype_t; 352 353 typedef struct ns_mapping { 354 ns_maptype_t type; 355 char *service; 356 char *orig; 357 char **map; 358 } ns_mapping_t; 359 360 /* 361 * The following is the list of internal libsldap configuration data 362 * structures. The configuration is populated normally once per 363 * application. The assumption is that in applications can be 364 * relatively short lived (IE ls via nsswitch) so it is important to 365 * keep configuration to a minimum, but keep lookups fast. 366 * 367 * Assumptions: 368 * 1 configuration entry per domain, and almost always 1 domain 369 * per app. Hooks exist for multiple domains per app. 370 * 371 * Configurations are read in from client file cache or from LDAP. 372 * Attribute/objectclass mappings are hashed to improve lookup 373 * speed. 374 */ 375 376 /* 377 * Hash entry types 378 */ 379 typedef enum _ns_hashtype_t { 380 NS_HASH_AMAP = 1, /* attr map */ 381 NS_HASH_RAMAP = 2, /* reverse attr map */ 382 NS_HASH_OMAP = 3, /* oc map */ 383 NS_HASH_ROMAP = 4, /* reverse oc map */ 384 NS_HASH_VOID = 5 385 } ns_hashtype_t; 386 387 typedef struct ns_hash { 388 ns_hashtype_t h_type; 389 ns_mapping_t *h_map; 390 struct ns_hash *h_next; 391 struct ns_hash *h_llnext; 392 } ns_hash_t; 393 394 /* 395 * This structure defines the format of an internal configuration 396 * parameter for ns_ldap client. 397 */ 398 399 typedef struct ns_param { 400 ns_datatype_t ns_ptype; 401 int ns_acnt; 402 union { 403 char **ppc; 404 int *pi; 405 char *pc; 406 int i; 407 time_t tm; 408 } ns_pu; 409 } ns_param_t; 410 411 #define ns_ppc ns_pu.ppc 412 #define ns_pi ns_pu.pi 413 #define ns_pc ns_pu.pc 414 #define ns_i ns_pu.i 415 #define ns_tm ns_pu.tm 416 417 /* 418 * This structure defines an instance of a configuration structure. 419 * paramList contains the current ns_ldap parameter configuration 420 * and hashTbl contain the current attribute/objectclass mappings. 421 * Parameters are indexed by using the value assigned to the parameter 422 * in ParamIndexType. 423 */ 424 425 typedef struct ns_config { 426 char *domainName; 427 ns_version_t version; 428 ns_param_t paramList[NS_LDAP_MAX_PIT_P]; 429 ns_hash_t *hashTbl[NS_HASH_MAX]; 430 ns_hash_t *llHead; 431 ns_ldap_entry_t *RootDSE; 432 boolean_t delete; 433 mutex_t config_mutex; 434 int nUse; 435 } ns_config_t; 436 437 /* 438 * This structure defines the mapping of the NSCONFIGFILE file 439 * statements into their corresponding SolarisNamingProfile, 440 * Posix Mapping LDAP attributes, and to their corresponding 441 * ParamIndexType enum mapping. THe ParamIndexType enum 442 * definitions can be found in ns_ldap.h. This structure also 443 * defines the default values that are used when a value either 444 * does not exist or is undefined. 445 */ 446 447 typedef struct ns_default_config { 448 const char *name; /* config file parameter name */ 449 ParamIndexType index; /* config file enum index */ 450 ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */ 451 ns_datatype_t data_type; /* ppc,pi,pc,int etc... */ 452 int single_valued; /* TRUE OR FALSE */ 453 ns_version_t version; /* Version # for attribute */ 454 const char *profile_name; /* profile schema attribute name */ 455 ns_param_t defval; /* config file parameter default */ 456 int (*ns_verify)(ParamIndexType i, 457 struct ns_default_config *def, 458 ns_param_t *param, 459 char *errbuf); 460 ns_enum_map *allowed; /* allowed values */ 461 } ns_default_config; 462 463 464 /* 465 * This typedef enumerates all the supported authentication 466 * mechanisms currently supported in this library 467 */ 468 469 typedef enum EnumAuthType { 470 NS_LDAP_EA_NONE = 0, 471 NS_LDAP_EA_SIMPLE = 1, 472 NS_LDAP_EA_SASL_NONE = 2, 473 NS_LDAP_EA_SASL_CRAM_MD5 = 3, 474 NS_LDAP_EA_SASL_DIGEST_MD5 = 4, 475 NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5, 476 NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6, 477 NS_LDAP_EA_SASL_EXTERNAL = 7, 478 NS_LDAP_EA_SASL_GSSAPI = 8, /* unsupported */ 479 NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */ 480 NS_LDAP_EA_TLS_NONE = 10, 481 NS_LDAP_EA_TLS_SIMPLE = 11, 482 NS_LDAP_EA_TLS_SASL_NONE = 12, 483 NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13, 484 NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14, 485 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15, 486 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16, 487 NS_LDAP_EA_TLS_SASL_EXTERNAL = 17, 488 NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */ 489 NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */ 490 } EnumAuthType_t; 491 492 493 /* 494 * this enum lists the various states of the search state machine 495 */ 496 497 typedef enum { 498 INIT = 1, 499 EXIT = 2, 500 NEXT_SEARCH_DESCRIPTOR = 3, 501 GET_SESSION = 4, 502 NEXT_SESSION = 5, 503 RESTART_SESSION = 6, 504 NEXT_SEARCH = 7, 505 NEXT_VLV = 8, 506 NEXT_PAGE = 9, 507 ONE_SEARCH = 10, 508 DO_SEARCH = 11, 509 NEXT_RESULT = 12, 510 MULTI_RESULT = 13, 511 PROCESS_RESULT = 14, 512 END_PROCESS_RESULT = 15, 513 END_RESULT = 16, 514 NEXT_REFERRAL = 17, 515 GET_REFERRAL_SESSION = 18, 516 ERROR = 19, 517 LDAP_ERROR = 20, 518 GET_ACCT_MGMT_INFO = 21 519 } ns_state_t; 520 521 /* 522 * this enum lists the various states of the write state machine 523 */ 524 typedef enum { 525 W_INIT = 1, 526 W_EXIT = 2, 527 GET_CONNECTION = 3, 528 SELECT_OPERATION_SYNC = 4, 529 SELECT_OPERATION_ASYNC = 5, 530 DO_ADD_SYNC = 6, 531 DO_DELETE_SYNC = 7, 532 DO_MODIFY_SYNC = 8, 533 DO_ADD_ASYNC = 9, 534 DO_DELETE_ASYNC = 10, 535 DO_MODIFY_ASYNC = 11, 536 GET_RESULT_SYNC = 12, 537 GET_RESULT_ASYNC = 13, 538 PARSE_RESULT = 14, 539 GET_REFERRAL_CONNECTION = 15, 540 W_LDAP_ERROR = 16, 541 W_ERROR = 17 542 } ns_write_state_t; 543 544 545 typedef int ConnectionID; 546 547 /* 548 * This structure is used by ns_connect to create and manage 549 * one or more ldap connections within the library. 550 */ 551 typedef struct connection { 552 ConnectionID connectionId; 553 boolean_t usedBit; 554 char *serverAddr; 555 ns_cred_t *auth; 556 LDAP *ld; 557 thread_t threadID; /* thread ID using it */ 558 struct ns_ldap_cookie *cookieInfo; 559 char **controls; /* from server_info */ 560 char **saslMechanisms; /* from server_info */ 561 } Connection; 562 563 #define ONE_STEP 1 564 565 /* 566 * This structure is for referrals processing. 567 * The data are from referral URLs returned by 568 * LDAP servers 569 */ 570 typedef struct ns_referral_info { 571 struct ns_referral_info *next; 572 char *refHost; 573 int refScope; 574 char *refDN; 575 char *refFilter; 576 } ns_referral_info_t; 577 578 /* 579 * This structure used internally in searches 580 */ 581 582 typedef struct ns_ldap_cookie { 583 /* INPUTS */ 584 /* server list position */ 585 586 /* service search descriptor list & position */ 587 ns_ldap_search_desc_t **sdlist; 588 ns_ldap_search_desc_t **sdpos; 589 590 /* search filter callback */ 591 int use_filtercb; 592 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 593 char **realfilter, const void *userdata); 594 595 /* user callback */ 596 int use_usercb; 597 int (*callback)(const ns_ldap_entry_t *entry, 598 const void *userdata); 599 const void *userdata; 600 601 int followRef; 602 int use_paging; 603 char *service; 604 char *i_filter; 605 const char * const *i_attr; 606 const ns_cred_t *i_auth; 607 int i_flags; 608 609 /* OUTPUTS */ 610 ns_ldap_result_t *result; 611 ns_ldap_entry_t *nextEntry; 612 /* Error data */ 613 int err_rc; 614 ns_ldap_error_t *errorp; 615 616 /* PRIVATE */ 617 ns_state_t state; 618 ns_state_t new_state; 619 ns_state_t next_state; 620 621 Connection *conn; 622 #define conn_auth_type conn->auth->auth.type 623 ConnectionID connectionId; 624 625 /* paging VLV/SIMPLEPAGE data */ 626 int listType; 627 unsigned long index; 628 LDAPControl **p_serverctrls; 629 630 int scope; 631 char *basedn; 632 char *filter; 633 char **attribute; 634 635 /* RESULT PROCESSING */ 636 int msgId; 637 LDAPMessage *resultMsg; 638 639 char **dns; 640 char *currentdn; 641 int flag; 642 struct berval *ctrlCookie; 643 644 /* REFERRALS PROCESSING */ 645 /* referralinfo list & position */ 646 ns_referral_info_t *reflist; 647 ns_referral_info_t *refpos; 648 /* search timeout value */ 649 struct timeval search_timeout; 650 /* response control to hold account management information */ 651 LDAPControl **resultctrl; 652 /* Flag to indicate password less account management is required */ 653 int nopasswd_acct_mgmt; 654 } ns_ldap_cookie_t; 655 656 /* 657 * This structure is part of the return value information for 658 * __s_api_requestServer. The routine that requests a new server 659 * from the cache manager 660 */ 661 typedef struct ns_server_info { 662 char *server; 663 char **controls; 664 char **saslMechanisms; 665 } ns_server_info_t; 666 667 /* 668 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS 669 */ 670 671 #ifdef DEBUG 672 extern int __ldap_debug_file; 673 extern int __ldap_debug_api; 674 extern int __ldap_debug_ldap; 675 extern int __ldap_debug_servers; 676 #endif 677 678 /* internal connection APIs */ 679 void DropConnection(ConnectionID, int); 680 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error); 681 682 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i); 683 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type); 684 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type); 685 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type); 686 char *__s_get_pref_name(PrefOnly_t type); 687 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type); 688 char *__s_get_hostcertpath(void); 689 690 691 /* ************ internal sldap-api functions *********** */ 692 void __ns_ldap_freeEntry(ns_ldap_entry_t *ep); 693 void __s_api_split_key_value(char *buffer, char **name, char **value); 694 int __s_api_printResult(ns_ldap_result_t *); 695 int __s_api_getSearchScope(int *, ns_ldap_error_t **); 696 int __s_api_getDNs(char ***, const char *, 697 ns_ldap_error_t **); 698 int __s_api_get_search_DNs_v1(char ***, const char *, 699 ns_ldap_error_t **); 700 int __s_api_getConnection(const char *, const int, 701 const ns_cred_t *, int *, 702 Connection **, ns_ldap_error_t **, int, int); 703 char **__s_api_cp2dArray(char **); 704 void __s_api_free2dArray(char **); 705 706 int __s_api_isCtrlSupported(Connection *, char *); 707 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result); 708 ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i); 709 char *dvalue(char *); 710 char *evalue(char *); 711 712 extern void get_environment(); 713 714 /* internal Param APIs */ 715 int __ns_ldap_setParamValue(ns_config_t *ptr, 716 const ParamIndexType type, 717 const void *data, ns_ldap_error_t **error); 718 int __s_api_get_type(const char *value, ParamIndexType *type); 719 int __s_api_get_versiontype(ns_config_t *ptr, char *value, 720 ParamIndexType *type); 721 int __s_api_get_profiletype(char *value, ParamIndexType *type); 722 void __s_api_init_config(ns_config_t *ptr); 723 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr, 724 int check_dn); 725 ns_config_t *__s_api_create_config(void); 726 ns_config_t *__s_api_get_default_config(void); 727 ns_config_t *__s_api_loadrefresh_config(); 728 void __s_api_destroy_config(ns_config_t *ptr); 729 int __s_api_get_configtype(ParamIndexType type); 730 const char *__s_api_get_configname(ParamIndexType type); 731 char *__s_api_strValue(ns_config_t *ptr, char *str, 732 int bufsz, ParamIndexType i, 733 ns_strfmt_t fmt); 734 void __s_api_release_config(ns_config_t *cfg); 735 736 /* internal attribute/objectclass mapping api's */ 737 int __s_api_add_map2hash(ns_config_t *config, 738 ns_hashtype_t type, ns_mapping_t *map); 739 void __s_api_destroy_hash(ns_config_t *config); 740 int __s_api_parse_map(char *cp, char **sid, 741 char **origA, char ***mapA); 742 char **__ns_ldap_mapAttributeList(const char *service, 743 const char * const *origAttrList); 744 745 /* internal configuration APIs */ 746 void __ns_ldap_setServer(int set); 747 ns_ldap_error_t *__ns_ldap_LoadConfiguration(); 748 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname); 749 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename); 750 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename); 751 int __ns_ldap_cache_ping(); 752 753 /* internal un-exposed APIs */ 754 ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp); 755 int __s_api_get_SSD_from_SSDtoUse_service(const char *service, 756 ns_ldap_search_desc_t ***SSDlist, 757 ns_ldap_error_t **errorp); 758 int __s_api_prepend_automountmapname(const char *service, 759 ns_ldap_search_desc_t ***SSDlist, 760 ns_ldap_error_t ** errorp); 761 int __s_api_prepend_automountmapname_to_dn(const char *service, 762 char **basedn, 763 ns_ldap_error_t ** errorp); 764 int __s_api_convert_automountmapname(const char *service, 765 char **dn, ns_ldap_error_t ** errorp); 766 int __s_api_replace_mapped_attr_in_dn( 767 const char *orig_attr, const char *mapped_attr, 768 const char *dn, char **new_dn); 769 int __s_api_append_default_basedn( 770 const char *dn, 771 char **new_dn, 772 int *allocated, 773 ns_ldap_error_t ** errorp); 774 int __s_api_removeServer(const char *server); 775 776 /* internal referrals APIs */ 777 int __s_api_toFollowReferrals(const int flags, 778 int *toFollow, 779 ns_ldap_error_t **errorp); 780 int __s_api_addRefInfo(ns_referral_info_t **head, 781 char *url, char *baseDN, int *scope, 782 char *filter, LDAP *ld); 783 void __s_api_deleteRefInfo(ns_referral_info_t *head); 784 785 /* callback routine for SSD filters */ 786 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc, 787 char **realfilter, 788 const void *userdata); 789 790 /* network address verification api */ 791 int __s_api_isipv4(char *addr); 792 int __s_api_isipv6(char *addr); 793 int __s_api_ishost(char *addr); 794 795 /* password management routine */ 796 ns_ldap_passwd_status_t 797 __s_api_set_passwd_status(int errnum, char *errmsg); 798 int __s_api_contain_passwd_control_oid(char **oids); 799 800 /* password less account management routine */ 801 int __s_api_contain_account_usable_control_oid(char **oids); 802 803 /* RFC 2307 section 5.6. Get a canonical name from entry */ 804 char *__s_api_get_canonical_name(ns_ldap_entry_t *entry, 805 ns_ldap_attr_t *attrptr, int case_ignore); 806 807 #ifdef __cplusplus 808 } 809 #endif 810 811 #endif /* _NS_INTERNAL_H */ 812