1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 #ifndef _NS_INTERNAL_H 28 #define _NS_INTERNAL_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <stdio.h> 37 #include <sys/types.h> 38 #include <sys/time.h> 39 #include <thread.h> 40 #include <lber.h> 41 #include <ldap.h> 42 #include "ns_sldap.h" 43 #include "ns_cache_door.h" 44 45 /* 46 * INTERNALLY USED CONSTANTS 47 */ 48 49 #define MAXERROR 2000 50 #define TRUE 1 51 #define FALSE 0 52 #define NSLDAPDIRECTORY "/var/ldap" 53 #define NSCONFIGFILE "/var/ldap/ldap_client_file" 54 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh" 55 #define NSCREDFILE "/var/ldap/ldap_client_cred" 56 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh" 57 #define ROTORSIZE 256 58 #define MASK 0377 59 #define LDAPMAXHARDLOOKUPTIME 256 60 #define DONOTEDIT \ 61 "Do not edit this file manually; your changes will be lost." \ 62 "Please use ldapclient (1M) instead." 63 #define MAXPORTNUMBER 65535 64 #define MAXPORTNUMBER_STR "65535" 65 #define CREDFILE 0 66 #define CONFIGFILE 1 67 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))" 68 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))" 69 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))" 70 #define UIDFILTER_SSD "(&(%%s)(uid=%s))" 71 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))" 72 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))" 73 74 #define SIMPLEPAGECTRLFLAG 1 75 #define VLVCTRLFLAG 2 76 77 #define LISTPAGESIZE 1000 78 #define ENUMPAGESIZE 100 79 #define SORTKEYLIST "cn uid" 80 81 #define DEFMAX 8 82 #define TOKENSEPARATOR '=' 83 #define QUOTETOK '"' 84 #define SPACETOK ' ' 85 #define COMMATOK ',' 86 #define COLONTOK ':' 87 #define QUESTTOK '?' 88 #define SEMITOK ';' 89 #define TABTOK '\t' 90 #define OPARATOK '(' 91 #define CPARATOK ')' 92 #define BSLTOK '\\' 93 #define DOORLINESEP "\07" 94 #define DOORLINESEP_CHR 0x7 95 #define COMMASEP ", " 96 #define SPACESEP " " 97 #define SEMISEP ";" 98 #define COLONSEP ":" 99 #define COLSPSEP ": " 100 #define EQUALSEP "=" 101 #define EQUSPSEP "= " 102 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P 103 #define BUFSIZE 1024 104 #define DEFAULTCONFIGNAME "__default_config" 105 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */ 106 #define CRYPTMARK "{NS1}" 107 #define DOORBUFFERSIZE 8192 108 109 #define LDIF_FMT_STR "%s: %s" 110 #define FILE_FMT_STR "%s= %s" 111 #define DOOR_FMT_STR "%s=%s" 112 113 #define SESSION_CACHE_INC 8 114 #define CONID_OFFSET 1024 115 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */ 116 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */ 117 118 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ 119 #define RDNSIZE 256 120 121 122 /* Phase 1 profile information */ 123 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile" 124 #define _PROFILE_CONTAINER "profile" 125 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))" 126 127 /* Phase 2 profile information */ 128 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile" 129 130 /* Common to all profiles */ 131 #define _P_CN "cn" 132 133 /* Native LDAP Phase 1 Specific Profile Attributes */ 134 #define _P1_SERVERS "SolarisLDAPServers" 135 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN" 136 #define _P1_CACHETTL "SolarisCacheTTL" 137 #define _P1_BINDDN "SolarisBindDN" 138 #define _P1_BINDPASSWORD "SolarisBindPassword" 139 #define _P1_AUTHMETHOD "SolarisAuthMethod" 140 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity" 141 #define _P1_CERTIFICATEPATH "SolarisCertificatePath" 142 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword" 143 #define _P1_DATASEARCHDN "SolarisDataSearchDN" 144 #define _P1_SEARCHSCOPE "SolarisSearchScope" 145 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit" 146 #define _P1_PREFERREDSERVER "SolarisPreferredServer" 147 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly" 148 #define _P1_SEARCHREFERRAL "SolarisSearchReferral" 149 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit" 150 151 /* Native LDAP Phase 2 Specific Profile Attributes */ 152 #define _P2_PREFERREDSERVER "preferredServerList" 153 #define _P2_DEFAULTSERVER "defaultServerList" 154 #define _P2_SEARCHBASEDN "defaultSearchBase" 155 #define _P2_SEARCHSCOPE "defaultSearchScope" 156 #define _P2_AUTHMETHOD "authenticationMethod" 157 #define _P2_CREDENTIALLEVEL "credentialLevel" 158 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor" 159 #define _P2_SEARCHTIMELIMIT "searchTimeLimit" 160 #define _P2_BINDTIMELIMIT "bindTimeLimit" 161 #define _P2_FOLLOWREFERRALS "followReferrals" 162 #define _P2_PROFILETTL "profileTTL" 163 #define _P2_ATTRIBUTEMAP "attributeMap" 164 #define _P2_OBJECTCLASSMAP "objectClassMap" 165 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel" 166 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod" 167 168 /* Control & SASL information from RootDSE door call */ 169 #define _SASLMECHANISM "supportedSASLmechanisms" 170 #define _SASLMECHANISM_LEN 23 171 #define _SUPPORTEDCONTROL "supportedControl" 172 #define _SUPPORTEDCONTROL_LEN 16 173 174 #define NS_HASH_MAX 257 175 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED=" 176 #define NS_HASH_RC_SUCCESS 1 177 #define NS_HASH_RC_NO_MEMORY -1 178 #define NS_HASH_RC_CONFIG_ERROR -2 179 #define NS_HASH_RC_EXISTED -3 180 #define NS_HASH_RC_SYNTAX_ERROR -4 181 182 /* Password management related error message from iDS ldap server */ 183 #define NS_PWDERR_MAXTRIES \ 184 "Exceed password retry limit." 185 #define NS_PWDERR_EXPIRED \ 186 "password expired!" 187 #define NS_PWDERR_ACCT_INACTIVATED \ 188 "Account inactivated. Contact system administrator." 189 #define NS_PWDERR_CHANGE_NOT_ALLOW \ 190 "user is not allowed to change password" 191 #define NS_PWDERR_INVALID_SYNTAX \ 192 "invalid password syntax" 193 #define NS_PWDERR_TRIVIAL_PASSWD \ 194 "Password failed triviality check" 195 #define NS_PWDERR_IN_HISTORY \ 196 "password in history" 197 #define NS_PWDERR_WITHIN_MIN_AGE \ 198 "within password minimum age" 199 200 /* 201 * INTERNALLY USED MACROS 202 */ 203 204 void __s_api_debug_pause(int priority, int st, const char *mesg); 205 206 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str)) 207 208 /* 209 * MKERROR: builds the error structure and fills in the status and 210 * the message. The message must be a freeable (non-static) string. 211 * If it fails to allocate memory for the error structure, 212 * it will return the retErr. 213 */ 214 #define MKERROR(priority, err, st, mesg, retErr) \ 215 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 216 return (retErr); \ 217 (err)->message = mesg; \ 218 (err)->status = (st); \ 219 __s_api_debug_pause(priority, st, (err)->message); 220 221 /* 222 * MKERROR_PWD_MGMT is almost the same as MKERROR 223 * except that it takes two more inputs to fill in the 224 * password management information part of the 225 * ns_ldap_error structure pointed to by err, 226 * and it does not log a syslog message. 227 */ 228 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \ 229 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 230 return (retErr); \ 231 (err)->message = mesg; \ 232 (err)->status = (st); \ 233 (err)->pwd_mgmt.status = (pwd_status); \ 234 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp); 235 236 #ifdef DEBUG 237 #define NSLDAPTRACE(variable, setequal, message) \ 238 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \ 239 char buf[BUFSIZ]; \ 240 (void) snprintf(buf, BUFSIZ, message); \ 241 (void) write(__ldap_debug_file, buf); \ 242 } 243 #endif 244 245 /* 246 * INTERNAL DATA STRUCTURES 247 */ 248 249 /* 250 * configuration entry type 251 */ 252 253 typedef enum { 254 SERVERCONFIG = 1, 255 CLIENTCONFIG = 2, 256 CREDCONFIG = 3 257 } ns_conftype_t; 258 259 /* 260 * datatype of a config entry 261 */ 262 263 typedef enum { 264 NS_UNKNOWN = 0, 265 CHARPTR = 1, /* Single character pointer */ 266 ARRAYCP = 2, /* comma sep array of char pointers */ 267 ARRAYAUTH = 3, /* Array of auths */ 268 TIMET = 4, /* time relative value (TTL) */ 269 INT = 5, /* single integer */ 270 SSDLIST = 6, /* service search descriptor */ 271 ATTRMAP = 7, /* attribute mapping */ 272 OBJMAP = 8, /* objectclass mapping */ 273 SERVLIST = 9, /* serverlist (SP sep array) */ 274 ARRAYCRED = 10, /* Array of credentialLevels */ 275 SAMLIST = 11, /* serviceAuthenticationMethod */ 276 SCLLIST = 12 /* serviceCredentialLevel */ 277 } ns_datatype_t; 278 279 typedef enum { 280 NS_SUCCESS, 281 NS_NOTFOUND, 282 NS_PARSE_ERR 283 } ns_parse_status; 284 285 typedef enum { 286 NS_DOOR_FMT = 1, 287 NS_LDIF_FMT = 2, 288 NS_FILE_FMT = 3 289 } ns_strfmt_t; 290 291 /* 292 * This enum reduces the number of version string compares 293 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2 294 */ 295 296 typedef enum { 297 NS_LDAP_V1 = 1000, 298 NS_LDAP_V2 = 2000 299 } ns_version_t; 300 301 /* 302 * enum<->string mapping construct 303 */ 304 305 typedef struct ns_enum_map { 306 int value; 307 char *name; 308 } ns_enum_map; 309 310 #define ENUM2INT(x) ((int)(x)) 311 312 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x)) 313 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x)) 314 #define INT2SCOPEENUM(x) ((ScopeType_t)(x)) 315 #define INT2AUTHENUM(x) ((AuthType_t)(x)) 316 #define INT2SECENUM(x) ((TlsType_t)(x)) 317 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x)) 318 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x)) 319 320 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x)) 321 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x)) 322 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x)) 323 324 /* 325 * This structure maps service name to rdn components 326 * for use in __ns_getDNs. It also defines the SSD-to-use 327 * service for use in __s_api_get_SSDtoUse_service. 328 * The idea of an SSD-to-use service is to reduce the configuration 329 * complexity. For a service, which does not have its own entries in 330 * the LDAP directory, SSD for it is useless, and should not be set. 331 * But since this service must share the container with at least 332 * one other service which does have it own entries, the SSD for 333 * this other service will be shared by this service. 334 * This other service is called the SSD-to-use service. 335 * 336 */ 337 338 typedef struct ns_service_map { 339 char *service; 340 char *rdn; 341 char *SSDtoUse_service; 342 } ns_service_map; 343 344 /* 345 * This structure contains a single mapping from: 346 * service:orig -> list of mapped 347 */ 348 349 typedef enum { 350 NS_ATTR_MAP, 351 NS_OBJ_MAP 352 } ns_maptype_t; 353 354 typedef struct ns_mapping { 355 ns_maptype_t type; 356 char *service; 357 char *orig; 358 char **map; 359 } ns_mapping_t; 360 361 /* 362 * The following is the list of internal libsldap configuration data 363 * structures. The configuration is populated normally once per 364 * application. The assumption is that in applications can be 365 * relatively short lived (IE ls via nsswitch) so it is important to 366 * keep configuration to a minimum, but keep lookups fast. 367 * 368 * Assumptions: 369 * 1 configuration entry per domain, and almost always 1 domain 370 * per app. Hooks exist for multiple domains per app. 371 * 372 * Configurations are read in from client file cache or from LDAP. 373 * Attribute/objectclass mappings are hashed to improve lookup 374 * speed. 375 */ 376 377 /* 378 * Hash entry types 379 */ 380 typedef enum _ns_hashtype_t { 381 NS_HASH_AMAP = 1, /* attr map */ 382 NS_HASH_RAMAP = 2, /* reverse attr map */ 383 NS_HASH_OMAP = 3, /* oc map */ 384 NS_HASH_ROMAP = 4, /* reverse oc map */ 385 NS_HASH_VOID = 5 386 } ns_hashtype_t; 387 388 typedef struct ns_hash { 389 ns_hashtype_t h_type; 390 ns_mapping_t *h_map; 391 struct ns_hash *h_next; 392 struct ns_hash *h_llnext; 393 } ns_hash_t; 394 395 /* 396 * This structure defines the format of an internal configuration 397 * parameter for ns_ldap client. 398 */ 399 400 typedef struct ns_param { 401 ns_datatype_t ns_ptype; 402 int ns_acnt; 403 union { 404 char **ppc; 405 int *pi; 406 char *pc; 407 int i; 408 time_t tm; 409 } ns_pu; 410 } ns_param_t; 411 412 #define ns_ppc ns_pu.ppc 413 #define ns_pi ns_pu.pi 414 #define ns_pc ns_pu.pc 415 #define ns_i ns_pu.i 416 #define ns_tm ns_pu.tm 417 418 /* 419 * This structure defines an instance of a configuration structure. 420 * paramList contains the current ns_ldap parameter configuration 421 * and hashTbl contain the current attribute/objectclass mappings. 422 * Parameters are indexed by using the value assigned to the parameter 423 * in ParamIndexType. 424 */ 425 426 typedef struct ns_config { 427 char *domainName; 428 ns_version_t version; 429 ns_param_t paramList[NS_LDAP_MAX_PIT_P]; 430 ns_hash_t *hashTbl[NS_HASH_MAX]; 431 ns_hash_t *llHead; 432 ns_ldap_entry_t *RootDSE; 433 boolean_t delete; 434 mutex_t config_mutex; 435 int nUse; 436 ldap_get_chg_cookie_t config_cookie; 437 } ns_config_t; 438 439 /* 440 * This structure defines the mapping of the NSCONFIGFILE file 441 * statements into their corresponding SolarisNamingProfile, 442 * Posix Mapping LDAP attributes, and to their corresponding 443 * ParamIndexType enum mapping. THe ParamIndexType enum 444 * definitions can be found in ns_ldap.h. This structure also 445 * defines the default values that are used when a value either 446 * does not exist or is undefined. 447 */ 448 449 typedef struct ns_default_config { 450 const char *name; /* config file parameter name */ 451 ParamIndexType index; /* config file enum index */ 452 ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */ 453 ns_datatype_t data_type; /* ppc,pi,pc,int etc... */ 454 int single_valued; /* TRUE OR FALSE */ 455 ns_version_t version; /* Version # for attribute */ 456 const char *profile_name; /* profile schema attribute name */ 457 ns_param_t defval; /* config file parameter default */ 458 int (*ns_verify)(ParamIndexType i, 459 struct ns_default_config *def, 460 ns_param_t *param, 461 char *errbuf); 462 ns_enum_map *allowed; /* allowed values */ 463 } ns_default_config; 464 465 466 /* 467 * This typedef enumerates all the supported authentication 468 * mechanisms currently supported in this library 469 */ 470 471 typedef enum EnumAuthType { 472 NS_LDAP_EA_NONE = 0, 473 NS_LDAP_EA_SIMPLE = 1, 474 NS_LDAP_EA_SASL_NONE = 2, 475 NS_LDAP_EA_SASL_CRAM_MD5 = 3, 476 NS_LDAP_EA_SASL_DIGEST_MD5 = 4, 477 NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5, 478 NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6, 479 NS_LDAP_EA_SASL_EXTERNAL = 7, 480 NS_LDAP_EA_SASL_GSSAPI = 8, 481 NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */ 482 NS_LDAP_EA_TLS_NONE = 10, 483 NS_LDAP_EA_TLS_SIMPLE = 11, 484 NS_LDAP_EA_TLS_SASL_NONE = 12, 485 NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13, 486 NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14, 487 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15, 488 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16, 489 NS_LDAP_EA_TLS_SASL_EXTERNAL = 17, 490 NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */ 491 NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */ 492 } EnumAuthType_t; 493 494 495 /* 496 * this enum lists the various states of the search state machine 497 */ 498 499 typedef enum { 500 INIT = 1, 501 EXIT = 2, 502 NEXT_SEARCH_DESCRIPTOR = 3, 503 GET_SESSION = 4, 504 NEXT_SESSION = 5, 505 RESTART_SESSION = 6, 506 NEXT_SEARCH = 7, 507 NEXT_VLV = 8, 508 NEXT_PAGE = 9, 509 ONE_SEARCH = 10, 510 DO_SEARCH = 11, 511 NEXT_RESULT = 12, 512 MULTI_RESULT = 13, 513 PROCESS_RESULT = 14, 514 END_PROCESS_RESULT = 15, 515 END_RESULT = 16, 516 NEXT_REFERRAL = 17, 517 GET_REFERRAL_SESSION = 18, 518 ERROR = 19, 519 LDAP_ERROR = 20, 520 GET_ACCT_MGMT_INFO = 21, 521 CLEAR_RESULTS = 22, 522 REINIT = 23 523 } ns_state_t; 524 525 /* 526 * this enum lists the various states of the write state machine 527 */ 528 typedef enum { 529 W_INIT = 1, 530 W_EXIT = 2, 531 GET_CONNECTION = 3, 532 SELECT_OPERATION_SYNC = 4, 533 SELECT_OPERATION_ASYNC = 5, 534 DO_ADD_SYNC = 6, 535 DO_DELETE_SYNC = 7, 536 DO_MODIFY_SYNC = 8, 537 DO_ADD_ASYNC = 9, 538 DO_DELETE_ASYNC = 10, 539 DO_MODIFY_ASYNC = 11, 540 GET_RESULT_SYNC = 12, 541 GET_RESULT_ASYNC = 13, 542 PARSE_RESULT = 14, 543 GET_REFERRAL_CONNECTION = 15, 544 W_LDAP_ERROR = 16, 545 W_ERROR = 17 546 } ns_write_state_t; 547 548 549 typedef int ConnectionID; 550 551 /* 552 * This structure is used by ns_connect to create and manage 553 * one or more ldap connections within the library. 554 */ 555 typedef struct connection { 556 ConnectionID connectionId; 557 boolean_t usedBit; /* true if only used by */ 558 /* one thread and not shared */ 559 /* by other threads */ 560 pid_t pid; /* process id */ 561 char *serverAddr; 562 ns_cred_t *auth; 563 LDAP *ld; 564 thread_t threadID; /* thread ID using it */ 565 struct ns_ldap_cookie *cookieInfo; 566 char **controls; /* from server_info */ 567 char **saslMechanisms; /* from server_info */ 568 } Connection; 569 570 #define ONE_STEP 1 571 572 /* 573 * This structure is for referrals processing. 574 * The data are from referral URLs returned by 575 * LDAP servers 576 */ 577 typedef struct ns_referral_info { 578 struct ns_referral_info *next; 579 char *refHost; 580 int refScope; 581 char *refDN; 582 char *refFilter; 583 } ns_referral_info_t; 584 585 struct ns_ldap_cookie; 586 587 /* 588 * Batch used by __ns_ldap_list_batch_xxx API 589 */ 590 struct ns_ldap_list_batch { 591 uint32_t nactive; 592 struct ns_ldap_cookie *next_cookie; 593 struct ns_ldap_cookie *cookie_list; 594 }; 595 596 struct ns_conn_user; 597 typedef struct ns_conn_user ns_conn_user_t; 598 599 /* 600 * This structure used internally in searches 601 */ 602 603 typedef struct ns_ldap_cookie { 604 /* INPUTS */ 605 /* server list position */ 606 607 /* service search descriptor list & position */ 608 ns_ldap_search_desc_t **sdlist; 609 ns_ldap_search_desc_t **sdpos; 610 611 /* search filter callback */ 612 int use_filtercb; 613 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 614 char **realfilter, const void *userdata); 615 616 /* user callback */ 617 int use_usercb; 618 int (*callback)(const ns_ldap_entry_t *entry, 619 const void *userdata); 620 const void *userdata; 621 622 int followRef; 623 int use_paging; 624 char *service; 625 char *i_filter; 626 const char * const *i_attr; 627 const ns_cred_t *i_auth; 628 int i_flags; 629 630 /* OUTPUTS */ 631 ns_ldap_result_t *result; 632 ns_ldap_entry_t *nextEntry; 633 /* Error data */ 634 int err_rc; 635 ns_ldap_error_t *errorp; 636 637 /* PRIVATE */ 638 ns_state_t state; 639 ns_state_t new_state; 640 ns_state_t next_state; 641 642 Connection *conn; 643 #define conn_auth_type conn->auth->auth.type 644 ConnectionID connectionId; 645 646 /* paging VLV/SIMPLEPAGE data */ 647 int listType; 648 unsigned long index; 649 LDAPControl **p_serverctrls; 650 651 int scope; 652 char *basedn; 653 char *filter; 654 char **attribute; 655 656 /* RESULT PROCESSING */ 657 int msgId; 658 LDAPMessage *resultMsg; 659 660 char **dns; 661 char *currentdn; 662 int flag; 663 struct berval *ctrlCookie; 664 665 /* REFERRALS PROCESSING */ 666 /* referralinfo list & position */ 667 ns_referral_info_t *reflist; 668 ns_referral_info_t *refpos; 669 /* search timeout value */ 670 struct timeval search_timeout; 671 /* response control to hold account management information */ 672 LDAPControl **resultctrl; 673 /* Flag to indicate password less account management is required */ 674 int nopasswd_acct_mgmt; 675 int err_from_result; 676 ns_conn_user_t *conn_user; 677 678 /* BATCH PROCESSING */ 679 ns_ldap_list_batch_t *batch; 680 boolean_t no_wait; 681 boolean_t reinit_on_retriable_err; 682 int retries; 683 ns_ldap_result_t **caller_result; 684 ns_ldap_error_t **caller_errorp; 685 int *caller_rc; 686 struct ns_ldap_cookie *next_cookie_in_batch; 687 } ns_ldap_cookie_t; 688 689 /* 690 * This structure is part of the return value information for 691 * __s_api_requestServer. The routine that requests a new server 692 * from the cache manager 693 */ 694 typedef struct ns_server_info { 695 char *server; 696 char *serverFQDN; 697 char **controls; 698 char **saslMechanisms; 699 } ns_server_info_t; 700 701 /* 702 * sasl callback function parameters 703 */ 704 typedef struct ns_sasl_cb_param { 705 char *mech; 706 char *authid; 707 char *authzid; 708 char *passwd; 709 char *realm; 710 } ns_sasl_cb_param_t; 711 712 /* self/sasl/gssapi variable */ 713 extern int sasl_gssapi_inited; 714 715 /* Multiple threads per connection variable */ 716 extern int MTperConn; 717 718 /* 719 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS 720 */ 721 722 #ifdef DEBUG 723 extern int __ldap_debug_file; 724 extern int __ldap_debug_api; 725 extern int __ldap_debug_ldap; 726 extern int __ldap_debug_servers; 727 #endif 728 729 /* internal connection APIs */ 730 void DropConnection(ConnectionID, int); 731 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error); 732 733 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i); 734 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type); 735 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type); 736 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type); 737 char *__s_get_pref_name(PrefOnly_t type); 738 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type); 739 char *__s_get_hostcertpath(void); 740 void __s_api_free_sessionPool(); 741 int __s_api_requestServer(const char *request, const char *server, 742 ns_server_info_t *ret, ns_ldap_error_t **error, const char *addrType); 743 744 745 /* ************ internal sldap-api functions *********** */ 746 void __ns_ldap_freeEntry(ns_ldap_entry_t *ep); 747 void __s_api_split_key_value(char *buffer, char **name, char **value); 748 int __s_api_printResult(ns_ldap_result_t *); 749 int __s_api_getSearchScope(int *, ns_ldap_error_t **); 750 int __s_api_getDNs(char ***, const char *, 751 ns_ldap_error_t **); 752 int __s_api_get_search_DNs_v1(char ***, const char *, 753 ns_ldap_error_t **); 754 int __s_api_getConnection(const char *, const int, 755 const ns_cred_t *, int *, 756 Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *); 757 char **__s_api_cp2dArray(char **); 758 void __s_api_free2dArray(char **); 759 760 int __s_api_isCtrlSupported(Connection *, char *); 761 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result); 762 ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i); 763 boolean_t __s_api_peruser_proc(void); 764 boolean_t __s_api_nscd_proc(void); 765 char *dvalue(char *); 766 char *evalue(char *); 767 ns_ldap_error_t *__s_api_make_error(int, char *); 768 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *); 769 770 /* ************ specific 'Standalone' functions ********** */ 771 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname); 772 struct hostent *__s_api_hostname2ip(const char *name, 773 struct hostent *result, 774 char *buffer, 775 int buflen, 776 int *h_errnop); 777 void __s_api_setInitMode(); 778 void __s_api_unsetInitMode(); 779 int __s_api_isStandalone(void); 780 int __s_api_isInitializing(); 781 ns_ldap_return_code __s_api_findRootDSE(const char *request, 782 const char *server, 783 const char *addrType, 784 ns_server_info_t *ret, 785 ns_ldap_error_t **error); 786 ns_config_t *__s_api_create_config_door_str(char *config, 787 ns_ldap_error_t **errorp); 788 789 extern void get_environment(); 790 791 /* internal Param APIs */ 792 int __ns_ldap_setParamValue(ns_config_t *ptr, 793 const ParamIndexType type, 794 const void *data, ns_ldap_error_t **error); 795 int __s_api_get_type(const char *value, ParamIndexType *type); 796 int __s_api_get_versiontype(ns_config_t *ptr, char *value, 797 ParamIndexType *type); 798 int __s_api_get_profiletype(char *value, ParamIndexType *type); 799 void __s_api_init_config(ns_config_t *ptr); 800 void __s_api_init_config_global(ns_config_t *ptr); 801 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr, 802 int check_dn); 803 ns_config_t *__s_api_create_config(void); 804 ns_config_t *__s_api_get_default_config(void); 805 ns_config_t *__s_api_get_default_config_global(void); 806 ns_config_t *__s_api_loadrefresh_config(); 807 ns_config_t *__s_api_loadrefresh_config_global(); 808 void __s_api_destroy_config(ns_config_t *ptr); 809 int __s_api_get_configtype(ParamIndexType type); 810 const char *__s_api_get_configname(ParamIndexType type); 811 char *__s_api_strValue(ns_config_t *ptr, char *str, 812 int bufsz, ParamIndexType i, 813 ns_strfmt_t fmt); 814 void __s_api_release_config(ns_config_t *cfg); 815 816 /* internal attribute/objectclass mapping api's */ 817 int __s_api_add_map2hash(ns_config_t *config, 818 ns_hashtype_t type, ns_mapping_t *map); 819 void __s_api_destroy_hash(ns_config_t *config); 820 int __s_api_parse_map(char *cp, char **sid, 821 char **origA, char ***mapA); 822 char **__ns_ldap_mapAttributeList(const char *service, 823 const char * const *origAttrList); 824 825 /* internal configuration APIs */ 826 void __ns_ldap_setServer(int set); 827 ns_ldap_error_t *__ns_ldap_LoadConfiguration(); 828 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname, 829 ns_config_t *new); 830 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename); 831 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename); 832 int __ns_ldap_cache_ping(); 833 ns_ldap_error_t *__ns_ldap_print_config(int); 834 void __ns_ldap_default_config(); 835 int __ns_ldap_download(const char *, char *, char *, 836 ns_ldap_error_t **); 837 int 838 __ns_ldap_check_dns_preq(int foreground, 839 int mode_verbose, 840 int mode_quiet, 841 const char *fname, 842 ns_ldap_self_gssapi_config_t config, 843 ns_ldap_error_t **errpp); 844 int 845 __ns_ldap_check_gssapi_preq(int foreground, 846 int mode_verbose, 847 int mode_quiet, 848 ns_ldap_self_gssapi_config_t config, 849 ns_ldap_error_t **errpp); 850 int 851 __ns_ldap_check_all_preq(int foreground, 852 int mode_verbose, 853 int mode_quiet, 854 ns_ldap_self_gssapi_config_t config, 855 ns_ldap_error_t **errpp); 856 857 /* internal un-exposed APIs */ 858 ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp); 859 boolean_t __s_api_is_auth_matched(const ns_cred_t *auth1, 860 const ns_cred_t *auth2); 861 int __s_api_get_SSD_from_SSDtoUse_service(const char *service, 862 ns_ldap_search_desc_t ***SSDlist, 863 ns_ldap_error_t **errorp); 864 int __s_api_prepend_automountmapname(const char *service, 865 ns_ldap_search_desc_t ***SSDlist, 866 ns_ldap_error_t ** errorp); 867 int __s_api_prepend_automountmapname_to_dn(const char *service, 868 char **basedn, 869 ns_ldap_error_t ** errorp); 870 int __s_api_convert_automountmapname(const char *service, 871 char **dn, ns_ldap_error_t ** errorp); 872 int __s_api_replace_mapped_attr_in_dn( 873 const char *orig_attr, const char *mapped_attr, 874 const char *dn, char **new_dn); 875 int __s_api_append_default_basedn( 876 const char *dn, 877 char **new_dn, 878 int *allocated, 879 ns_ldap_error_t ** errorp); 880 int __s_api_removeServer(const char *server); 881 void __s_api_removeBadServers(char **server); 882 void __s_api_free_server_info(ns_server_info_t *sinfo); 883 void __s_api_freeConnection(Connection *con); 884 885 /* internal referrals APIs */ 886 int __s_api_toFollowReferrals(const int flags, 887 int *toFollow, 888 ns_ldap_error_t **errorp); 889 int __s_api_addRefInfo(ns_referral_info_t **head, 890 char *url, char *baseDN, int *scope, 891 char *filter, LDAP *ld); 892 void __s_api_deleteRefInfo(ns_referral_info_t *head); 893 894 /* callback routine for SSD filters */ 895 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc, 896 char **realfilter, 897 const void *userdata); 898 899 /* network address verification api */ 900 int __s_api_isipv4(char *addr); 901 int __s_api_isipv6(char *addr); 902 int __s_api_ishost(char *addr); 903 904 /* password management routine */ 905 ns_ldap_passwd_status_t 906 __s_api_set_passwd_status(int errnum, char *errmsg); 907 int __s_api_contain_passwd_control_oid(char **oids); 908 909 /* password less account management routine */ 910 int __s_api_contain_account_usable_control_oid(char **oids); 911 912 /* RFC 2307 section 5.6. Get a canonical name from entry */ 913 char *__s_api_get_canonical_name(ns_ldap_entry_t *entry, 914 ns_ldap_attr_t *attrptr, int case_ignore); 915 916 /* self/sasl/gssapi functions */ 917 int __s_api_sasl_bind_callback( 918 LDAP *ld, 919 unsigned flags, 920 void *defaults, 921 void *in); 922 923 int __s_api_self_gssapi_only_get(void); 924 int __s_api_sasl_gssapi_init(void); 925 926 #ifdef __cplusplus 927 } 928 #endif 929 930 #endif /* _NS_INTERNAL_H */ 931