1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 26 #ifndef _NS_INTERNAL_H 27 #define _NS_INTERNAL_H 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #include <stdio.h> 34 #include <sys/types.h> 35 #include <sys/time.h> 36 #include <thread.h> 37 #include <lber.h> 38 #include <ldap.h> 39 #include "ns_sldap.h" 40 #include "ns_cache_door.h" 41 42 /* 43 * INTERNALLY USED CONSTANTS 44 */ 45 46 #define MAXERROR 2000 47 #define TRUE 1 48 #define FALSE 0 49 #define NSLDAPDIRECTORY "/var/ldap" 50 #define NSCONFIGFILE "/var/ldap/ldap_client_file" 51 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh" 52 #define NSCREDFILE "/var/ldap/ldap_client_cred" 53 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh" 54 #define ROTORSIZE 256 55 #define MASK 0377 56 #define LDAPMAXHARDLOOKUPTIME 256 57 #define DONOTEDIT \ 58 "Do not edit this file manually; your changes will be lost." \ 59 "Please use ldapclient (1M) instead." 60 #define MAXPORTNUMBER 65535 61 #define MAXPORTNUMBER_STR "65535" 62 #define CREDFILE 0 63 #define CONFIGFILE 1 64 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))" 65 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))" 66 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))" 67 #define UIDFILTER_SSD "(&(%%s)(uid=%s))" 68 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))" 69 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))" 70 71 #define SIMPLEPAGECTRLFLAG 1 72 #define VLVCTRLFLAG 2 73 74 #define LISTPAGESIZE 1000 75 #define ENUMPAGESIZE 100 76 77 #define DEFMAX 8 78 #define TOKENSEPARATOR '=' 79 #define QUOTETOK '"' 80 #define SPACETOK ' ' 81 #define COMMATOK ',' 82 #define COLONTOK ':' 83 #define QUESTTOK '?' 84 #define SEMITOK ';' 85 #define TABTOK '\t' 86 #define OPARATOK '(' 87 #define CPARATOK ')' 88 #define BSLTOK '\\' 89 #define DOORLINESEP "\07" 90 #define DOORLINESEP_CHR 0x7 91 #define COMMASEP ", " 92 #define SPACESEP " " 93 #define SEMISEP ";" 94 #define COLONSEP ":" 95 #define COLSPSEP ": " 96 #define EQUALSEP "=" 97 #define EQUSPSEP "= " 98 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P 99 #define BUFSIZE BUFSIZ 100 #define DEFAULTCONFIGNAME "__default_config" 101 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */ 102 #define CRYPTMARK "{NS1}" 103 #define DOORBUFFERSIZE 8192 104 105 #define LDIF_FMT_STR "%s: %s" 106 #define FILE_FMT_STR "%s= %s" 107 #define DOOR_FMT_STR "%s=%s" 108 109 #define SESSION_CACHE_INC 8 110 #define CONID_OFFSET 1024 111 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */ 112 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */ 113 114 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ 115 #define RDNSIZE 512 116 117 /* 118 * special service used by ldap_cachemgr to indicate a shadow update 119 * is to be done with the credential of the administrator identity 120 */ 121 #define NS_ADMIN_SHADOW_UPDATE "shadow__admin_update" 122 123 /* Phase 1 profile information */ 124 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile" 125 #define _PROFILE_CONTAINER "profile" 126 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))" 127 128 /* Phase 2 profile information */ 129 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile" 130 131 /* Common to all profiles */ 132 #define _P_CN "cn" 133 134 /* Native LDAP Phase 1 Specific Profile Attributes */ 135 #define _P1_SERVERS "SolarisLDAPServers" 136 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN" 137 #define _P1_CACHETTL "SolarisCacheTTL" 138 #define _P1_BINDDN "SolarisBindDN" 139 #define _P1_BINDPASSWORD "SolarisBindPassword" 140 #define _P1_AUTHMETHOD "SolarisAuthMethod" 141 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity" 142 #define _P1_CERTIFICATEPATH "SolarisCertificatePath" 143 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword" 144 #define _P1_DATASEARCHDN "SolarisDataSearchDN" 145 #define _P1_SEARCHSCOPE "SolarisSearchScope" 146 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit" 147 #define _P1_PREFERREDSERVER "SolarisPreferredServer" 148 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly" 149 #define _P1_SEARCHREFERRAL "SolarisSearchReferral" 150 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit" 151 152 /* Native LDAP Phase 2 Specific Profile Attributes */ 153 #define _P2_PREFERREDSERVER "preferredServerList" 154 #define _P2_DEFAULTSERVER "defaultServerList" 155 #define _P2_SEARCHBASEDN "defaultSearchBase" 156 #define _P2_SEARCHSCOPE "defaultSearchScope" 157 #define _P2_AUTHMETHOD "authenticationMethod" 158 #define _P2_CREDENTIALLEVEL "credentialLevel" 159 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor" 160 #define _P2_SEARCHTIMELIMIT "searchTimeLimit" 161 #define _P2_BINDTIMELIMIT "bindTimeLimit" 162 #define _P2_FOLLOWREFERRALS "followReferrals" 163 #define _P2_PROFILETTL "profileTTL" 164 #define _P2_ATTRIBUTEMAP "attributeMap" 165 #define _P2_OBJECTCLASSMAP "objectClassMap" 166 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel" 167 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod" 168 169 /* Control & SASL information from RootDSE door call */ 170 #define _SASLMECHANISM "supportedSASLmechanisms" 171 #define _SASLMECHANISM_LEN 23 172 #define _SUPPORTEDCONTROL "supportedControl" 173 #define _SUPPORTEDCONTROL_LEN 16 174 175 #define NS_HASH_MAX 257 176 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED=" 177 #define NS_HASH_RC_SUCCESS 1 178 #define NS_HASH_RC_NO_MEMORY -1 179 #define NS_HASH_RC_CONFIG_ERROR -2 180 #define NS_HASH_RC_EXISTED -3 181 #define NS_HASH_RC_SYNTAX_ERROR -4 182 183 /* Password management related error message from iDS ldap server */ 184 #define NS_PWDERR_MAXTRIES \ 185 "Exceed password retry limit." 186 #define NS_PWDERR_EXPIRED \ 187 "password expired!" 188 #define NS_PWDERR_ACCT_INACTIVATED \ 189 "Account inactivated. Contact system administrator." 190 #define NS_PWDERR_CHANGE_NOT_ALLOW \ 191 "user is not allowed to change password" 192 #define NS_PWDERR_INVALID_SYNTAX \ 193 "invalid password syntax" 194 #define NS_PWDERR_TRIVIAL_PASSWD \ 195 "Password failed triviality check" 196 #define NS_PWDERR_IN_HISTORY \ 197 "password in history" 198 #define NS_PWDERR_WITHIN_MIN_AGE \ 199 "within password minimum age" 200 201 /* 202 * INTERNALLY USED MACROS 203 */ 204 205 void __s_api_debug_pause(int priority, int st, const char *mesg); 206 207 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str)) 208 209 /* 210 * MKERROR: builds the error structure and fills in the status and 211 * the message. The message must be a freeable (non-static) string. 212 * If it fails to allocate memory for the error structure, 213 * it will return the retErr. 214 */ 215 #define MKERROR(priority, err, st, mesg, retErr) \ 216 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 217 return (retErr); \ 218 (err)->message = mesg; \ 219 (err)->status = (st); \ 220 __s_api_debug_pause(priority, st, (err)->message); 221 222 /* 223 * MKERROR_PWD_MGMT is almost the same as MKERROR 224 * except that it takes two more inputs to fill in the 225 * password management information part of the 226 * ns_ldap_error structure pointed to by err, 227 * and it does not log a syslog message. 228 */ 229 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \ 230 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 231 return (retErr); \ 232 (err)->message = mesg; \ 233 (err)->status = (st); \ 234 (err)->pwd_mgmt.status = (pwd_status); \ 235 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp); 236 237 #ifdef DEBUG 238 #define NSLDAPTRACE(variable, setequal, message) \ 239 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \ 240 char buf[BUFSIZ]; \ 241 (void) snprintf(buf, BUFSIZ, message); \ 242 (void) write(__ldap_debug_file, buf); \ 243 } 244 #endif 245 246 /* 247 * INTERNAL DATA STRUCTURES 248 */ 249 250 /* 251 * configuration entry type 252 */ 253 254 typedef enum { 255 SERVERCONFIG = 1, 256 CLIENTCONFIG = 2, 257 CREDCONFIG = 3 258 } ns_conftype_t; 259 260 /* 261 * datatype of a config entry 262 */ 263 264 typedef enum { 265 NS_UNKNOWN = 0, 266 CHARPTR = 1, /* Single character pointer */ 267 ARRAYCP = 2, /* comma sep array of char pointers */ 268 ARRAYAUTH = 3, /* Array of auths */ 269 TIMET = 4, /* time relative value (TTL) */ 270 INT = 5, /* single integer */ 271 SSDLIST = 6, /* service search descriptor */ 272 ATTRMAP = 7, /* attribute mapping */ 273 OBJMAP = 8, /* objectclass mapping */ 274 SERVLIST = 9, /* serverlist (SP sep array) */ 275 ARRAYCRED = 10, /* Array of credentialLevels */ 276 SAMLIST = 11, /* serviceAuthenticationMethod */ 277 SCLLIST = 12 /* serviceCredentialLevel */ 278 } ns_datatype_t; 279 280 typedef enum { 281 NS_SUCCESS, 282 NS_NOTFOUND, 283 NS_PARSE_ERR 284 } ns_parse_status; 285 286 typedef enum { 287 NS_DOOR_FMT = 1, 288 NS_LDIF_FMT = 2, 289 NS_FILE_FMT = 3 290 } ns_strfmt_t; 291 292 /* 293 * This enum reduces the number of version string compares 294 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2 295 */ 296 297 typedef enum { 298 NS_LDAP_V1 = 1000, 299 NS_LDAP_V2 = 2000 300 } ns_version_t; 301 302 /* 303 * enum<->string mapping construct 304 */ 305 306 typedef struct ns_enum_map { 307 int value; 308 char *name; 309 } ns_enum_map; 310 311 #define ENUM2INT(x) ((int)(x)) 312 313 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x)) 314 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x)) 315 #define INT2SCOPEENUM(x) ((ScopeType_t)(x)) 316 #define INT2AUTHENUM(x) ((AuthType_t)(x)) 317 #define INT2SECENUM(x) ((TlsType_t)(x)) 318 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x)) 319 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x)) 320 #define INT2SHADOWUPDATENUM(x) ((enableShadowUpdate_t)(x)) 321 322 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x)) 323 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x)) 324 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x)) 325 326 /* 327 * This structure maps service name to rdn components 328 * for use in __ns_getDNs. It also defines the SSD-to-use 329 * service for use in __s_api_get_SSDtoUse_service. 330 * The idea of an SSD-to-use service is to reduce the configuration 331 * complexity. For a service, which does not have its own entries in 332 * the LDAP directory, SSD for it is useless, and should not be set. 333 * But since this service must share the container with at least 334 * one other service which does have it own entries, the SSD for 335 * this other service will be shared by this service. 336 * This other service is called the SSD-to-use service. 337 * 338 */ 339 340 typedef struct ns_service_map { 341 char *service; 342 char *rdn; 343 char *SSDtoUse_service; 344 } ns_service_map; 345 346 /* 347 * This structure contains a single mapping from: 348 * service:orig -> list of mapped 349 */ 350 351 typedef enum { 352 NS_ATTR_MAP, 353 NS_OBJ_MAP 354 } ns_maptype_t; 355 356 typedef struct ns_mapping { 357 ns_maptype_t type; 358 char *service; 359 char *orig; 360 char **map; 361 } ns_mapping_t; 362 363 /* 364 * The following is the list of internal libsldap configuration data 365 * structures. The configuration is populated normally once per 366 * application. The assumption is that in applications can be 367 * relatively short lived (IE ls via nsswitch) so it is important to 368 * keep configuration to a minimum, but keep lookups fast. 369 * 370 * Assumptions: 371 * 1 configuration entry per domain, and almost always 1 domain 372 * per app. Hooks exist for multiple domains per app. 373 * 374 * Configurations are read in from client file cache or from LDAP. 375 * Attribute/objectclass mappings are hashed to improve lookup 376 * speed. 377 */ 378 379 /* 380 * Hash entry types 381 */ 382 typedef enum _ns_hashtype_t { 383 NS_HASH_AMAP = 1, /* attr map */ 384 NS_HASH_RAMAP = 2, /* reverse attr map */ 385 NS_HASH_OMAP = 3, /* oc map */ 386 NS_HASH_ROMAP = 4, /* reverse oc map */ 387 NS_HASH_VOID = 5 388 } ns_hashtype_t; 389 390 typedef struct ns_hash { 391 ns_hashtype_t h_type; 392 ns_mapping_t *h_map; 393 struct ns_hash *h_next; 394 struct ns_hash *h_llnext; 395 } ns_hash_t; 396 397 /* 398 * This structure defines the format of an internal configuration 399 * parameter for ns_ldap client. 400 */ 401 402 typedef struct ns_param { 403 ns_datatype_t ns_ptype; 404 int ns_acnt; 405 union { 406 char **ppc; 407 int *pi; 408 char *pc; 409 int i; 410 time_t tm; 411 } ns_pu; 412 } ns_param_t; 413 414 #define ns_ppc ns_pu.ppc 415 #define ns_pi ns_pu.pi 416 #define ns_pc ns_pu.pc 417 #define ns_i ns_pu.i 418 #define ns_tm ns_pu.tm 419 420 /* 421 * This structure defines an instance of a configuration structure. 422 * paramList contains the current ns_ldap parameter configuration 423 * and hashTbl contain the current attribute/objectclass mappings. 424 * Parameters are indexed by using the value assigned to the parameter 425 * in ParamIndexType. 426 */ 427 428 typedef struct ns_config { 429 char *domainName; 430 ns_version_t version; 431 ns_param_t paramList[NS_LDAP_MAX_PIT_P]; 432 ns_hash_t *hashTbl[NS_HASH_MAX]; 433 ns_hash_t *llHead; 434 ns_ldap_entry_t *RootDSE; 435 boolean_t delete; 436 mutex_t config_mutex; 437 int nUse; 438 ldap_get_chg_cookie_t config_cookie; 439 } ns_config_t; 440 441 /* 442 * This structure defines the mapping of the NSCONFIGFILE file 443 * statements into their corresponding SolarisNamingProfile, 444 * Posix Mapping LDAP attributes, and to their corresponding 445 * ParamIndexType enum mapping. THe ParamIndexType enum 446 * definitions can be found in ns_ldap.h. This structure also 447 * defines the default values that are used when a value either 448 * does not exist or is undefined. 449 */ 450 451 typedef struct ns_default_config { 452 const char *name; /* config file parameter name */ 453 ParamIndexType index; /* config file enum index */ 454 ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */ 455 ns_datatype_t data_type; /* ppc,pi,pc,int etc... */ 456 int single_valued; /* TRUE OR FALSE */ 457 ns_version_t version; /* Version # for attribute */ 458 const char *profile_name; /* profile schema attribute name */ 459 ns_param_t defval; /* config file parameter default */ 460 int (*ns_verify)(ParamIndexType i, 461 struct ns_default_config *def, 462 ns_param_t *param, 463 char *errbuf); 464 ns_enum_map *allowed; /* allowed values */ 465 } ns_default_config; 466 467 468 /* 469 * This typedef enumerates all the supported authentication 470 * mechanisms currently supported in this library 471 */ 472 473 typedef enum EnumAuthType { 474 NS_LDAP_EA_NONE = 0, 475 NS_LDAP_EA_SIMPLE = 1, 476 NS_LDAP_EA_SASL_NONE = 2, 477 NS_LDAP_EA_SASL_CRAM_MD5 = 3, 478 NS_LDAP_EA_SASL_DIGEST_MD5 = 4, 479 NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5, 480 NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6, 481 NS_LDAP_EA_SASL_EXTERNAL = 7, 482 NS_LDAP_EA_SASL_GSSAPI = 8, 483 NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */ 484 NS_LDAP_EA_TLS_NONE = 10, 485 NS_LDAP_EA_TLS_SIMPLE = 11, 486 NS_LDAP_EA_TLS_SASL_NONE = 12, 487 NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13, 488 NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14, 489 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15, 490 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16, 491 NS_LDAP_EA_TLS_SASL_EXTERNAL = 17, 492 NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */ 493 NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */ 494 } EnumAuthType_t; 495 496 497 /* 498 * this enum lists the various states of the search state machine 499 */ 500 501 typedef enum { 502 INIT = 1, 503 EXIT = 2, 504 NEXT_SEARCH_DESCRIPTOR = 3, 505 GET_SESSION = 4, 506 NEXT_SESSION = 5, 507 RESTART_SESSION = 6, 508 NEXT_SEARCH = 7, 509 NEXT_VLV = 8, 510 NEXT_PAGE = 9, 511 ONE_SEARCH = 10, 512 DO_SEARCH = 11, 513 NEXT_RESULT = 12, 514 MULTI_RESULT = 13, 515 PROCESS_RESULT = 14, 516 END_PROCESS_RESULT = 15, 517 END_RESULT = 16, 518 NEXT_REFERRAL = 17, 519 GET_REFERRAL_SESSION = 18, 520 ERROR = 19, 521 LDAP_ERROR = 20, 522 GET_ACCT_MGMT_INFO = 21, 523 CLEAR_RESULTS = 22, 524 REINIT = 23 525 } ns_state_t; 526 527 /* 528 * this enum lists the various states of the write state machine 529 */ 530 typedef enum { 531 W_INIT = 1, 532 W_EXIT = 2, 533 GET_CONNECTION = 3, 534 SELECT_OPERATION_SYNC = 4, 535 SELECT_OPERATION_ASYNC = 5, 536 DO_ADD_SYNC = 6, 537 DO_DELETE_SYNC = 7, 538 DO_MODIFY_SYNC = 8, 539 DO_ADD_ASYNC = 9, 540 DO_DELETE_ASYNC = 10, 541 DO_MODIFY_ASYNC = 11, 542 GET_RESULT_SYNC = 12, 543 GET_RESULT_ASYNC = 13, 544 PARSE_RESULT = 14, 545 GET_REFERRAL_CONNECTION = 15, 546 W_LDAP_ERROR = 16, 547 W_ERROR = 17 548 } ns_write_state_t; 549 550 551 typedef int ConnectionID; 552 553 /* 554 * Server side sort type. Orginally the server side sort 555 * was set to "cn uid". This did not work with AD and 556 * hence single sort attribute was odopted. We dont 557 * know which server side sort will work with the 558 * Directory and hence we discover which method works. 559 */ 560 typedef enum { 561 SSS_UNKNOWN = 0, 562 SSS_SINGLE_ATTR = 1, 563 SSS_CN_UID_ATTRS = 2 564 } ns_srvsidesort_t; 565 566 /* 567 * This structure is used by ns_connect to create and manage 568 * one or more ldap connections within the library. 569 */ 570 typedef struct connection { 571 ConnectionID connectionId; 572 boolean_t usedBit; /* true if only used by */ 573 /* one thread and not shared */ 574 /* by other threads */ 575 pid_t pid; /* process id */ 576 char *serverAddr; 577 ns_cred_t *auth; 578 LDAP *ld; 579 thread_t threadID; /* thread ID using it */ 580 struct ns_ldap_cookie *cookieInfo; 581 char **controls; /* from server_info */ 582 char **saslMechanisms; /* from server_info */ 583 } Connection; 584 585 #define ONE_STEP 1 586 587 /* 588 * This structure is for referrals processing. 589 * The data are from referral URLs returned by 590 * LDAP servers 591 */ 592 typedef struct ns_referral_info { 593 struct ns_referral_info *next; 594 char *refHost; 595 int refScope; 596 char *refDN; 597 char *refFilter; 598 } ns_referral_info_t; 599 600 struct ns_ldap_cookie; 601 602 /* 603 * Batch used by __ns_ldap_list_batch_xxx API 604 */ 605 struct ns_ldap_list_batch { 606 uint32_t nactive; 607 struct ns_ldap_cookie *next_cookie; 608 struct ns_ldap_cookie *cookie_list; 609 }; 610 611 struct ns_conn_user; 612 typedef struct ns_conn_user ns_conn_user_t; 613 614 /* 615 * This structure used internally in searches 616 */ 617 618 typedef struct ns_ldap_cookie { 619 /* INPUTS */ 620 /* server list position */ 621 622 /* service search descriptor list & position */ 623 ns_ldap_search_desc_t **sdlist; 624 ns_ldap_search_desc_t **sdpos; 625 626 /* search filter callback */ 627 int use_filtercb; 628 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 629 char **realfilter, const void *userdata); 630 631 /* user callback */ 632 int use_usercb; 633 int (*callback)(const ns_ldap_entry_t *entry, 634 const void *userdata); 635 const void *userdata; 636 637 int followRef; 638 int use_paging; 639 char *service; 640 char *i_filter; 641 const char * const *i_attr; 642 const char *i_sortattr; 643 const ns_cred_t *i_auth; 644 int i_flags; 645 646 /* OUTPUTS */ 647 ns_ldap_result_t *result; 648 ns_ldap_entry_t *nextEntry; 649 /* Error data */ 650 int err_rc; 651 ns_ldap_error_t *errorp; 652 653 /* PRIVATE */ 654 ns_state_t state; 655 ns_state_t new_state; 656 ns_state_t next_state; 657 658 Connection *conn; 659 #define conn_auth_type conn->auth->auth.type 660 ConnectionID connectionId; 661 662 /* paging VLV/SIMPLEPAGE data */ 663 int listType; 664 unsigned long index; 665 LDAPControl **p_serverctrls; 666 ns_srvsidesort_t sortTypeTry; 667 int entryCount; 668 669 int scope; 670 char *basedn; 671 char *filter; 672 char **attribute; 673 674 /* RESULT PROCESSING */ 675 int msgId; 676 LDAPMessage *resultMsg; 677 678 char **dns; 679 char *currentdn; 680 int flag; 681 struct berval *ctrlCookie; 682 683 /* REFERRALS PROCESSING */ 684 /* referralinfo list & position */ 685 ns_referral_info_t *reflist; 686 ns_referral_info_t *refpos; 687 /* search timeout value */ 688 struct timeval search_timeout; 689 /* response control to hold account management information */ 690 LDAPControl **resultctrl; 691 /* Flag to indicate password less account management is required */ 692 int nopasswd_acct_mgmt; 693 int err_from_result; 694 ns_conn_user_t *conn_user; 695 696 /* BATCH PROCESSING */ 697 ns_ldap_list_batch_t *batch; 698 boolean_t no_wait; 699 boolean_t reinit_on_retriable_err; 700 int retries; 701 ns_ldap_result_t **caller_result; 702 ns_ldap_error_t **caller_errorp; 703 int *caller_rc; 704 struct ns_ldap_cookie *next_cookie_in_batch; 705 } ns_ldap_cookie_t; 706 707 /* 708 * This structure is part of the return value information for 709 * __s_api_requestServer. The routine that requests a new server 710 * from the cache manager 711 */ 712 typedef struct ns_server_info { 713 char *server; 714 char *serverFQDN; 715 char **controls; 716 char **saslMechanisms; 717 } ns_server_info_t; 718 719 /* 720 * sasl callback function parameters 721 */ 722 typedef struct ns_sasl_cb_param { 723 char *mech; 724 char *authid; 725 char *authzid; 726 char *passwd; 727 char *realm; 728 } ns_sasl_cb_param_t; 729 730 /* self/sasl/gssapi variable */ 731 extern int sasl_gssapi_inited; 732 733 /* Multiple threads per connection variable */ 734 extern int MTperConn; 735 736 /* 737 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS 738 */ 739 740 #ifdef DEBUG 741 extern int __ldap_debug_file; 742 extern int __ldap_debug_api; 743 extern int __ldap_debug_ldap; 744 extern int __ldap_debug_servers; 745 #endif 746 747 /* internal connection APIs */ 748 void DropConnection(ConnectionID, int); 749 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error); 750 751 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i); 752 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type); 753 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type); 754 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type); 755 char *__s_get_pref_name(PrefOnly_t type); 756 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type); 757 char *__s_get_shadowupdate_name(enableShadowUpdate_t type); 758 char *__s_get_hostcertpath(void); 759 void __s_api_free_sessionPool(); 760 int __s_api_requestServer(const char *request, const char *server, 761 ns_server_info_t *ret, ns_ldap_error_t **error, const char *addrType); 762 763 764 /* ************ internal sldap-api functions *********** */ 765 void __ns_ldap_freeEntry(ns_ldap_entry_t *ep); 766 void __s_api_split_key_value(char *buffer, char **name, char **value); 767 int __s_api_printResult(ns_ldap_result_t *); 768 int __s_api_getSearchScope(int *, ns_ldap_error_t **); 769 int __s_api_getDNs(char ***, const char *, 770 ns_ldap_error_t **); 771 int __s_api_get_search_DNs_v1(char ***, const char *, 772 ns_ldap_error_t **); 773 int __s_api_getConnection(const char *, const int, 774 const ns_cred_t *, int *, 775 Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *); 776 char **__s_api_cp2dArray(char **); 777 void __s_api_free2dArray(char **); 778 779 int __s_api_isCtrlSupported(Connection *, char *); 780 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result); 781 ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i); 782 boolean_t __s_api_peruser_proc(void); 783 boolean_t __s_api_nscd_proc(void); 784 char *dvalue(char *); 785 char *evalue(char *); 786 ns_ldap_error_t *__s_api_make_error(int, char *); 787 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *); 788 789 /* ************ specific 'Standalone' functions ********** */ 790 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname); 791 struct hostent *__s_api_hostname2ip(const char *name, 792 struct hostent *result, 793 char *buffer, 794 int buflen, 795 int *h_errnop); 796 void __s_api_setInitMode(); 797 void __s_api_unsetInitMode(); 798 int __s_api_isStandalone(void); 799 int __s_api_isInitializing(); 800 ns_ldap_return_code __s_api_findRootDSE(const char *request, 801 const char *server, 802 const char *addrType, 803 ns_server_info_t *ret, 804 ns_ldap_error_t **error); 805 ns_config_t *__s_api_create_config_door_str(char *config, 806 ns_ldap_error_t **errorp); 807 808 extern void get_environment(); 809 810 /* internal Param APIs */ 811 int __ns_ldap_setParamValue(ns_config_t *ptr, 812 const ParamIndexType type, 813 const void *data, ns_ldap_error_t **error); 814 int __s_api_get_type(const char *value, ParamIndexType *type); 815 int __s_api_get_versiontype(ns_config_t *ptr, char *value, 816 ParamIndexType *type); 817 int __s_api_get_profiletype(char *value, ParamIndexType *type); 818 void __s_api_init_config(ns_config_t *ptr); 819 void __s_api_init_config_global(ns_config_t *ptr); 820 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr, 821 int check_dn); 822 ns_config_t *__s_api_create_config(void); 823 ns_config_t *__s_api_get_default_config(void); 824 ns_config_t *__s_api_get_default_config_global(void); 825 ns_config_t *__s_api_loadrefresh_config(); 826 ns_config_t *__s_api_loadrefresh_config_global(); 827 void __s_api_destroy_config(ns_config_t *ptr); 828 int __s_api_get_configtype(ParamIndexType type); 829 const char *__s_api_get_configname(ParamIndexType type); 830 char *__s_api_strValue(ns_config_t *ptr, ParamIndexType i, 831 ns_strfmt_t fmt); 832 void __s_api_release_config(ns_config_t *cfg); 833 834 /* internal attribute/objectclass mapping api's */ 835 int __s_api_add_map2hash(ns_config_t *config, 836 ns_hashtype_t type, ns_mapping_t *map); 837 void __s_api_destroy_hash(ns_config_t *config); 838 int __s_api_parse_map(char *cp, char **sid, 839 char **origA, char ***mapA); 840 char **__ns_ldap_mapAttributeList(const char *service, 841 const char * const *origAttrList); 842 char *__ns_ldap_mapAttribute(const char *service, 843 const char *origAttr); 844 845 /* internal configuration APIs */ 846 void __ns_ldap_setServer(int set); 847 ns_ldap_error_t *__ns_ldap_LoadConfiguration(); 848 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname, 849 ns_config_t *new, int cred_only); 850 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename); 851 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename); 852 int __ns_ldap_cache_ping(); 853 ns_ldap_error_t *__ns_ldap_print_config(int); 854 void __ns_ldap_default_config(); 855 int __ns_ldap_download(const char *, char *, char *, 856 ns_ldap_error_t **); 857 int 858 __ns_ldap_check_dns_preq(int foreground, 859 int mode_verbose, 860 int mode_quiet, 861 const char *fname, 862 ns_ldap_self_gssapi_config_t config, 863 ns_ldap_error_t **errpp); 864 int 865 __ns_ldap_check_gssapi_preq(int foreground, 866 int mode_verbose, 867 int mode_quiet, 868 ns_ldap_self_gssapi_config_t config, 869 ns_ldap_error_t **errpp); 870 int 871 __ns_ldap_check_all_preq(int foreground, 872 int mode_verbose, 873 int mode_quiet, 874 ns_ldap_self_gssapi_config_t config, 875 ns_ldap_error_t **errpp); 876 877 /* internal un-exposed APIs */ 878 ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp); 879 boolean_t __s_api_is_auth_matched(const ns_cred_t *auth1, 880 const ns_cred_t *auth2); 881 int __s_api_get_SSD_from_SSDtoUse_service(const char *service, 882 ns_ldap_search_desc_t ***SSDlist, 883 ns_ldap_error_t **errorp); 884 int __s_api_prepend_automountmapname(const char *service, 885 ns_ldap_search_desc_t ***SSDlist, 886 ns_ldap_error_t ** errorp); 887 int __s_api_prepend_automountmapname_to_dn(const char *service, 888 char **basedn, 889 ns_ldap_error_t ** errorp); 890 int __s_api_convert_automountmapname(const char *service, 891 char **dn, ns_ldap_error_t ** errorp); 892 int __s_api_replace_mapped_attr_in_dn( 893 const char *orig_attr, const char *mapped_attr, 894 const char *dn, char **new_dn); 895 int __s_api_append_default_basedn( 896 const char *dn, 897 char **new_dn, 898 int *allocated, 899 ns_ldap_error_t ** errorp); 900 int __s_api_removeServer(const char *server); 901 void __s_api_removeBadServers(char **server); 902 void __s_api_free_server_info(ns_server_info_t *sinfo); 903 void __s_api_freeConnection(Connection *con); 904 905 /* internal referrals APIs */ 906 int __s_api_toFollowReferrals(const int flags, 907 int *toFollow, 908 ns_ldap_error_t **errorp); 909 int __s_api_addRefInfo(ns_referral_info_t **head, 910 char *url, char *baseDN, int *scope, 911 char *filter, LDAP *ld); 912 void __s_api_deleteRefInfo(ns_referral_info_t *head); 913 914 /* callback routine for SSD filters */ 915 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc, 916 char **realfilter, 917 const void *userdata); 918 919 /* network address verification api */ 920 int __s_api_isipv4(char *addr); 921 int __s_api_isipv6(char *addr); 922 int __s_api_ishost(char *addr); 923 924 /* password management routine */ 925 ns_ldap_passwd_status_t 926 __s_api_set_passwd_status(int errnum, char *errmsg); 927 int __s_api_contain_passwd_control_oid(char **oids); 928 929 /* password less account management routine */ 930 int __s_api_contain_account_usable_control_oid(char **oids); 931 932 /* RFC 2307 section 5.6. Get a canonical name from entry */ 933 char *__s_api_get_canonical_name(ns_ldap_entry_t *entry, 934 ns_ldap_attr_t *attrptr, int case_ignore); 935 936 /* self/sasl/gssapi functions */ 937 int __s_api_sasl_bind_callback( 938 LDAP *ld, 939 unsigned flags, 940 void *defaults, 941 void *in); 942 943 int __s_api_self_gssapi_only_get(void); 944 int __s_api_sasl_gssapi_init(void); 945 946 int __print2buf(LineBuf *line, const char *toprint, char *sep); 947 948 #ifdef __cplusplus 949 } 950 #endif 951 952 #endif /* _NS_INTERNAL_H */ 953