xref: /titanic_52/usr/src/lib/libsldap/common/ns_internal.h (revision b35c6776bcf599e80d0bcf7e248313c3e5b4847a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #ifndef	_NS_INTERNAL_H
28 #define	_NS_INTERNAL_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <stdio.h>
37 #include <sys/types.h>
38 #include <sys/time.h>
39 #include <thread.h>
40 #include <lber.h>
41 #include <ldap.h>
42 #include "ns_sldap.h"
43 
44 /*
45  * INTERNALLY USED CONSTANTS
46  */
47 
48 #define	MAXERROR		2000
49 #define	TRUE			1
50 #define	FALSE			0
51 #define	NSLDAPDIRECTORY		"/var/ldap"
52 #define	NSCONFIGFILE		"/var/ldap/ldap_client_file"
53 #define	NSCONFIGREFRESH		"/var/ldap/ldap_client_file.refresh"
54 #define	NSCREDFILE		"/var/ldap/ldap_client_cred"
55 #define	NSCREDREFRESH		"/var/ldap/ldap_client_cred.refresh"
56 #define	ROTORSIZE		256
57 #define	MASK			0377
58 #define	LDAPMAXHARDLOOKUPTIME	256
59 #define	DONOTEDIT		\
60 	"Do not edit this file manually; your changes will be lost." \
61 	"Please use ldapclient (1M) instead."
62 #define	MAXPORTNUMBER		65535
63 #define	MAXPORTNUMBER_STR	"65535"
64 #define	CREDFILE		0
65 #define	CONFIGFILE		1
66 #define	UIDNUMFILTER		"(&(objectclass=posixAccount)(uidnumber=%s))"
67 #define	UIDNUMFILTER_SSD 	"(&(%%s)(uidnumber=%s))"
68 #define	UIDFILTER		"(&(objectclass=posixAccount)(uid=%s))"
69 #define	UIDFILTER_SSD		"(&(%%s)(uid=%s))"
70 #define	HOSTFILTER		"(&(objectclass=ipHost)(cn=%s))"
71 #define	HOSTFILTER_SSD		"(&(%%s)(cn=%s))"
72 
73 #define	SIMPLEPAGECTRLFLAG	1
74 #define	VLVCTRLFLAG		2
75 
76 #define	LISTPAGESIZE		1000
77 #define	ENUMPAGESIZE		100
78 #define	SORTKEYLIST		"cn uid"
79 
80 #define	DEFMAX			8
81 #define	TOKENSEPARATOR		'='
82 #define	QUOTETOK		'"'
83 #define	SPACETOK		' '
84 #define	COMMATOK		','
85 #define	COLONTOK		':'
86 #define	QUESTTOK		'?'
87 #define	SEMITOK			';'
88 #define	TABTOK			'\t'
89 #define	OPARATOK		'('
90 #define	CPARATOK		')'
91 #define	BSLTOK			'\\'
92 #define	DOORLINESEP		"\07"
93 #define	COMMASEP		", "
94 #define	SPACESEP		" "
95 #define	SEMISEP			";"
96 #define	COLONSEP		":"
97 #define	COLSPSEP		": "
98 #define	EQUALSEP		"="
99 #define	EQUSPSEP		"= "
100 #define	LAST_VALUE		(int)NS_LDAP_HOST_CERTPATH_P
101 #define	BUFSIZE			1024
102 #define	DEFAULTCONFIGNAME	"__default_config"
103 #define	EXP_DEFAULT_TTL		"43200"	/* 12 hours TTL */
104 #define	CRYPTMARK		"{NS1}"
105 #define	DOORBUFFERSIZE		8192
106 
107 #define	LDIF_FMT_STR		"%s: %s"
108 #define	FILE_FMT_STR		"%s= %s"
109 #define	DOOR_FMT_STR		"%s=%s"
110 
111 #define	SESSION_CACHE_INC	8
112 #define	CONID_OFFSET		1024
113 #define	NS_DEFAULT_BIND_TIMEOUT		30 /* timeout value in seconds */
114 #define	NS_DEFAULT_SEARCH_TIMEOUT	30 /* timeout value in seconds */
115 
116 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
117 #define	RDNSIZE			256
118 
119 
120 /* Phase 1 profile information */
121 #define	_PROFILE1_OBJECTCLASS	"SolarisNamingProfile"
122 #define	_PROFILE_CONTAINER	"profile"
123 #define	_PROFILE_FILTER		"(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
124 
125 /* Phase 2 profile information */
126 #define	_PROFILE2_OBJECTCLASS		"DUAConfigProfile"
127 
128 /* Common to all profiles */
129 #define	_P_CN			"cn"
130 
131 /* Native LDAP Phase 1 Specific Profile Attributes */
132 #define	_P1_SERVERS			"SolarisLDAPServers"
133 #define	_P1_SEARCHBASEDN		"SolarisSearchBaseDN"
134 #define	_P1_CACHETTL			"SolarisCacheTTL"
135 #define	_P1_BINDDN			"SolarisBindDN"
136 #define	_P1_BINDPASSWORD		"SolarisBindPassword"
137 #define	_P1_AUTHMETHOD			"SolarisAuthMethod"
138 #define	_P1_TRANSPORTSECURITY		"SolarisTransportSecurity"
139 #define	_P1_CERTIFICATEPATH		"SolarisCertificatePath"
140 #define	_P1_CERTIFICATEPASSWORD		"SolarisCertificatePassword"
141 #define	_P1_DATASEARCHDN		"SolarisDataSearchDN"
142 #define	_P1_SEARCHSCOPE			"SolarisSearchScope"
143 #define	_P1_SEARCHTIMELIMIT		"SolarisSearchTimeLimit"
144 #define	_P1_PREFERREDSERVER		"SolarisPreferredServer"
145 #define	_P1_PREFERREDSERVERONLY		"SolarisPreferredServerOnly"
146 #define	_P1_SEARCHREFERRAL		"SolarisSearchReferral"
147 #define	_P1_BINDTIMELIMIT		"SolarisBindTimeLimit"
148 
149 /* Native LDAP Phase 2 Specific Profile Attributes */
150 #define	_P2_PREFERREDSERVER		"preferredServerList"
151 #define	_P2_DEFAULTSERVER		"defaultServerList"
152 #define	_P2_SEARCHBASEDN		"defaultSearchBase"
153 #define	_P2_SEARCHSCOPE			"defaultSearchScope"
154 #define	_P2_AUTHMETHOD			"authenticationMethod"
155 #define	_P2_CREDENTIALLEVEL		"credentialLevel"
156 #define	_P2_SERVICESEARCHDESC		"serviceSearchDescriptor"
157 #define	_P2_SEARCHTIMELIMIT		"searchTimeLimit"
158 #define	_P2_BINDTIMELIMIT		"bindTimeLimit"
159 #define	_P2_FOLLOWREFERRALS		"followReferrals"
160 #define	_P2_PROFILETTL			"profileTTL"
161 #define	_P2_ATTRIBUTEMAP		"attributeMap"
162 #define	_P2_OBJECTCLASSMAP		"objectClassMap"
163 #define	_P2_SERVICECREDLEVEL		"serviceCredentialLevel"
164 #define	_P2_SERVICEAUTHMETHOD		"serviceAuthenticationMethod"
165 
166 /* Control & SASL information from RootDSE door call */
167 #define	_SASLMECHANISM			"supportedSASLmechanisms"
168 #define	_SASLMECHANISM_LEN		23
169 #define	_SUPPORTEDCONTROL		"supportedControl"
170 #define	_SUPPORTEDCONTROL_LEN		16
171 
172 #define	NS_HASH_MAX	257
173 #define	NS_HASH_SCHEMA_MAPPING_EXISTED	"=MAPPING EXISTED="
174 #define	NS_HASH_RC_SUCCESS		1
175 #define	NS_HASH_RC_NO_MEMORY		-1
176 #define	NS_HASH_RC_CONFIG_ERROR		-2
177 #define	NS_HASH_RC_EXISTED		-3
178 #define	NS_HASH_RC_SYNTAX_ERROR		-4
179 
180 /* Password management related error message from iDS ldap server */
181 #define	NS_PWDERR_MAXTRIES		\
182 	"Exceed password retry limit."
183 #define	NS_PWDERR_EXPIRED		\
184 	"password expired!"
185 #define	NS_PWDERR_ACCT_INACTIVATED	\
186 	"Account inactivated. Contact system administrator."
187 #define	NS_PWDERR_CHANGE_NOT_ALLOW	\
188 	"user is not allowed to change password"
189 #define	NS_PWDERR_INVALID_SYNTAX	\
190 	"invalid password syntax"
191 #define	NS_PWDERR_TRIVIAL_PASSWD	\
192 	"Password failed triviality check"
193 #define	NS_PWDERR_IN_HISTORY	\
194 	"password in history"
195 #define	NS_PWDERR_WITHIN_MIN_AGE	\
196 	"within password minimum age"
197 
198 /*
199  * INTERNALLY USED MACROS
200  */
201 
202 void	__s_api_debug_pause(int priority, int st, const char *mesg);
203 
204 #define	NULL_OR_STR(str)	(!(str) || *(str) == '\0' ? "<NULL>" : (str))
205 
206 /*
207  * MKERROR: builds the error structure and fills in the status and
208  * the message.  The message must be a freeable (non-static) string.
209  * If it fails to allocate memory for the error structure,
210  * it will return the retErr.
211  */
212 #define	MKERROR(priority, err, st, mesg, retErr) \
213 	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
214 		return (retErr); \
215 	(err)->message = mesg; \
216 	(err)->status = (st); \
217 	__s_api_debug_pause(priority, st, (err)->message);
218 
219 /*
220  * MKERROR_PWD_MGMT is almost the same as MKERROR
221  * except that it takes two more inputs to fill in the
222  * password management information part of the
223  * ns_ldap_error structure pointed to by err,
224  * and it does not log a syslog message.
225  */
226 #define	MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
227 	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
228 		return (retErr); \
229 	(err)->message = mesg; \
230 	(err)->status = (st); \
231 	(err)->pwd_mgmt.status = (pwd_status); \
232 	(err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
233 
234 #ifdef DEBUG
235 #define	NSLDAPTRACE(variable, setequal, message) \
236 	if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
237 		char buf[BUFSIZ]; \
238 		(void) snprintf(buf, BUFSIZ, message); \
239 		(void) write(__ldap_debug_file, buf); \
240 	}
241 #endif
242 
243 /*
244  * INTERNAL DATA STRUCTURES
245  */
246 
247 /*
248  * configuration entry type
249  */
250 
251 typedef enum {
252 	SERVERCONFIG	= 1,
253 	CLIENTCONFIG	= 2,
254 	CREDCONFIG	= 3
255 } ns_conftype_t;
256 
257 /*
258  * datatype of a config entry
259  */
260 
261 typedef enum {
262 	NS_UNKNOWN	= 0,
263 	CHARPTR		= 1,		/* Single character pointer */
264 	ARRAYCP		= 2,		/* comma sep array of char pointers */
265 	ARRAYAUTH	= 3,		/* Array of auths */
266 	TIMET		= 4,		/* time relative value (TTL) */
267 	INT		= 5,		/* single integer */
268 	SSDLIST		= 6,		/* service search descriptor */
269 	ATTRMAP		= 7,		/* attribute mapping */
270 	OBJMAP		= 8,		/* objectclass mapping */
271 	SERVLIST	= 9,		/* serverlist (SP sep array) */
272 	ARRAYCRED	= 10,		/* Array of credentialLevels */
273 	SAMLIST		= 11,		/* serviceAuthenticationMethod */
274 	SCLLIST		= 12		/* serviceCredentialLevel */
275 } ns_datatype_t;
276 
277 typedef enum {
278 	NS_SUCCESS,
279 	NS_NOTFOUND,
280 	NS_PARSE_ERR
281 } ns_parse_status;
282 
283 typedef enum {
284 	NS_DOOR_FMT	= 1,
285 	NS_LDIF_FMT	= 2,
286 	NS_FILE_FMT	= 3
287 } ns_strfmt_t;
288 
289 /*
290  * This enum reduces the number of version string compares
291  * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
292  */
293 
294 typedef enum {
295 	NS_LDAP_V1	= 1000,
296 	NS_LDAP_V2	= 2000
297 } ns_version_t;
298 
299 /*
300  * enum<->string mapping construct
301  */
302 
303 typedef struct ns_enum_map {
304 	int	value;
305 	char	*name;
306 } ns_enum_map;
307 
308 #define	ENUM2INT(x)		((int)(x))
309 
310 #define	INT2PARAMINDEXENUM(x)	((ParamIndexType)(x))
311 #define	INT2SEARCHREFENUM(x)	((SearchRef_t)(x))
312 #define	INT2SCOPEENUM(x)	((ScopeType_t)(x))
313 #define	INT2AUTHENUM(x)		((AuthType_t)(x))
314 #define	INT2SECENUM(x)		((TlsType_t)(x))
315 #define	INT2PREFONLYENUM(x)	((PrefOnly_t)(x))
316 #define	INT2CREDLEVELENUM(x)	((CredLevel_t)(x))
317 
318 #define	INT2LDAPRETURN(x)	((ns_ldap_return_code)(x))
319 #define	INT2CONFIGRETURN(x)	((ns_ldap_config_return_code)(x))
320 #define	INT2PARTIALRETURN(x)	((ns_ldap_partial_return_code)(x))
321 
322 /*
323  * This structure maps service name to rdn components
324  * for use in __ns_getDNs. It also defines the SSD-to-use
325  * service for use in __s_api_get_SSDtoUse_service.
326  * The idea of an SSD-to-use service is to reduce the configuration
327  * complexity. For a service, which does not have its own entries in
328  * the LDAP directory, SSD for it is useless, and should not be set.
329  * But since this service must share the container with at least
330  * one other service which does have it own entries, the SSD for
331  * this other service will be shared by this service.
332  * This other service is called the SSD-to-use service.
333  *
334  */
335 
336 typedef struct ns_service_map {
337 	char	*service;
338 	char	*rdn;
339 	char	*SSDtoUse_service;
340 } ns_service_map;
341 
342 /*
343  * This structure contains a single mapping from:
344  * service:orig -> list of mapped
345  */
346 
347 typedef enum {
348 	NS_ATTR_MAP,
349 	NS_OBJ_MAP
350 } ns_maptype_t;
351 
352 typedef struct ns_mapping {
353 	ns_maptype_t	type;
354 	char		*service;
355 	char		*orig;
356 	char		**map;
357 } ns_mapping_t;
358 
359 /*
360  * The following is the list of internal libsldap configuration data
361  * structures.  The configuration is populated normally once per
362  * application.  The assumption is that in applications can be
363  * relatively short lived (IE ls via nsswitch) so it is important to
364  * keep configuration to a minimum, but keep lookups fast.
365  *
366  * Assumptions:
367  * 1 configuration entry per domain, and almost always 1 domain
368  * per app.  Hooks exist for multiple domains per app.
369  *
370  * Configurations are read in from client file cache or from LDAP.
371  * Attribute/objectclass mappings are hashed to improve lookup
372  * speed.
373  */
374 
375 /*
376  * Hash entry types
377  */
378 typedef enum	_ns_hashtype_t {
379 	NS_HASH_AMAP	= 1,		/* attr map */
380 	NS_HASH_RAMAP	= 2,		/* reverse attr map */
381 	NS_HASH_OMAP	= 3,		/* oc map */
382 	NS_HASH_ROMAP	= 4,		/* reverse oc map */
383 	NS_HASH_VOID	= 5
384 } ns_hashtype_t;
385 
386 typedef struct ns_hash {
387 	ns_hashtype_t	h_type;
388 	ns_mapping_t	*h_map;
389 	struct ns_hash	*h_next;
390 	struct ns_hash	*h_llnext;
391 } ns_hash_t;
392 
393 /*
394  * This structure defines the format of an internal configuration
395  * parameter for ns_ldap client.
396  */
397 
398 typedef struct ns_param {
399 	ns_datatype_t	ns_ptype;
400 	int		ns_acnt;
401 	union {
402 		char	**ppc;
403 		int	*pi;
404 		char	*pc;
405 		int	i;
406 		time_t	tm;
407 	} ns_pu;
408 } ns_param_t;
409 
410 #define	ns_ppc	ns_pu.ppc
411 #define	ns_pi	ns_pu.pi
412 #define	ns_pc	ns_pu.pc
413 #define	ns_i	ns_pu.i
414 #define	ns_tm	ns_pu.tm
415 
416 /*
417  * This structure defines an instance of a configuration structure.
418  * paramList contains the current ns_ldap parameter configuration
419  * and hashTbl contain the current attribute/objectclass mappings.
420  * Parameters are indexed by using the value assigned to the parameter
421  * in ParamIndexType.
422  */
423 
424 typedef struct ns_config {
425 	char			*domainName;
426 	ns_version_t		version;
427 	ns_param_t		paramList[NS_LDAP_MAX_PIT_P];
428 	ns_hash_t		*hashTbl[NS_HASH_MAX];
429 	ns_hash_t		*llHead;
430 	ns_ldap_entry_t		*RootDSE;
431 	boolean_t		delete;
432 	mutex_t			config_mutex;
433 	int			nUse;
434 } ns_config_t;
435 
436 /*
437  * This structure defines the mapping of the NSCONFIGFILE file
438  * statements into their corresponding SolarisNamingProfile,
439  * Posix Mapping LDAP attributes, and to their corresponding
440  * ParamIndexType enum mapping.  THe ParamIndexType enum
441  * definitions can be found in ns_ldap.h.  This structure also
442  * defines the default values that are used when a value either
443  * does not exist or is undefined.
444  */
445 
446 typedef struct ns_default_config {
447 	const char	*name;		/* config file parameter name */
448 	ParamIndexType	index;		/* config file enum index */
449 	ns_conftype_t	config_type;	/* CLIENT/SERVER/CREDCONFIG */
450 	ns_datatype_t	data_type;	/* ppc,pi,pc,int etc... */
451 	int		single_valued;	/* TRUE OR FALSE */
452 	ns_version_t 	version;	/* Version # for attribute */
453 	const char	*profile_name;	/* profile schema attribute name */
454 	ns_param_t	defval;		/* config file parameter default */
455 	int		(*ns_verify)(ParamIndexType i,
456 				struct ns_default_config *def,
457 				ns_param_t *param,
458 				char *errbuf);
459 	ns_enum_map	*allowed;	/* allowed values */
460 } ns_default_config;
461 
462 
463 /*
464  * This typedef enumerates all the supported authentication
465  * mechanisms currently supported in this library
466  */
467 
468 typedef enum EnumAuthType {
469 	NS_LDAP_EA_NONE				= 0,
470 	NS_LDAP_EA_SIMPLE			= 1,
471 	NS_LDAP_EA_SASL_NONE			= 2,
472 	NS_LDAP_EA_SASL_CRAM_MD5		= 3,
473 	NS_LDAP_EA_SASL_DIGEST_MD5		= 4,
474 	NS_LDAP_EA_SASL_DIGEST_MD5_INT		= 5,
475 	NS_LDAP_EA_SASL_DIGEST_MD5_CONF		= 6,
476 	NS_LDAP_EA_SASL_EXTERNAL		= 7,
477 	NS_LDAP_EA_SASL_GSSAPI			= 8,
478 	NS_LDAP_EA_SASL_SPNEGO			= 9,	/* unsupported */
479 	NS_LDAP_EA_TLS_NONE			= 10,
480 	NS_LDAP_EA_TLS_SIMPLE			= 11,
481 	NS_LDAP_EA_TLS_SASL_NONE		= 12,
482 	NS_LDAP_EA_TLS_SASL_CRAM_MD5		= 13,
483 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5		= 14,
484 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT	= 15,
485 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF	= 16,
486 	NS_LDAP_EA_TLS_SASL_EXTERNAL		= 17,
487 	NS_LDAP_EA_TLS_SASL_GSSAPI		= 18,	/* unsupported */
488 	NS_LDAP_EA_TLS_SASL_SPNEGO		= 19	/* unsupported */
489 } EnumAuthType_t;
490 
491 
492 /*
493  * this enum lists the various states of the search state machine
494  */
495 
496 typedef enum {
497 	INIT			= 1,
498 	EXIT			= 2,
499 	NEXT_SEARCH_DESCRIPTOR	= 3,
500 	GET_SESSION		= 4,
501 	NEXT_SESSION		= 5,
502 	RESTART_SESSION		= 6,
503 	NEXT_SEARCH		= 7,
504 	NEXT_VLV		= 8,
505 	NEXT_PAGE		= 9,
506 	ONE_SEARCH		= 10,
507 	DO_SEARCH		= 11,
508 	NEXT_RESULT		= 12,
509 	MULTI_RESULT		= 13,
510 	PROCESS_RESULT		= 14,
511 	END_PROCESS_RESULT	= 15,
512 	END_RESULT		= 16,
513 	NEXT_REFERRAL		= 17,
514 	GET_REFERRAL_SESSION	= 18,
515 	ERROR			= 19,
516 	LDAP_ERROR		= 20,
517 	GET_ACCT_MGMT_INFO	= 21,
518 	CLEAR_RESULTS		= 22
519 } ns_state_t;
520 
521 /*
522  * this enum lists the various states of the write state machine
523  */
524 typedef enum {
525 	W_INIT			= 1,
526 	W_EXIT			= 2,
527 	GET_CONNECTION		= 3,
528 	SELECT_OPERATION_SYNC	= 4,
529 	SELECT_OPERATION_ASYNC	= 5,
530 	DO_ADD_SYNC		= 6,
531 	DO_DELETE_SYNC		= 7,
532 	DO_MODIFY_SYNC		= 8,
533 	DO_ADD_ASYNC		= 9,
534 	DO_DELETE_ASYNC		= 10,
535 	DO_MODIFY_ASYNC		= 11,
536 	GET_RESULT_SYNC		= 12,
537 	GET_RESULT_ASYNC	= 13,
538 	PARSE_RESULT		= 14,
539 	GET_REFERRAL_CONNECTION	= 15,
540 	W_LDAP_ERROR		= 16,
541 	W_ERROR			= 17
542 } ns_write_state_t;
543 
544 
545 typedef int ConnectionID;
546 
547 /*
548  * This structure is used by ns_connect to create and manage
549  * one or more ldap connections within the library.
550  */
551 typedef struct connection {
552 	ConnectionID		connectionId;
553 	boolean_t		usedBit;	/* true if only used by */
554 						/* one thread and not shared */
555 						/* by other threads */
556 	boolean_t		notAvail;	/* not sharable, delete */
557 						/* when shared == 0 */
558 	int			shared;		/* number of threads */
559 						/* using this connection */
560 	pid_t			pid;		/* process id */
561 	char			*serverAddr;
562 	ns_cred_t		*auth;
563 	LDAP			*ld;
564 	thread_t		threadID;	/* thread ID using it */
565 	struct ns_ldap_cookie	*cookieInfo;
566 	char 			**controls;		/* from server_info */
567 	char			**saslMechanisms;	/* from server_info */
568 } Connection;
569 
570 #define	ONE_STEP			1
571 
572 /*
573  * This structure is for referrals processing.
574  * The data are from referral URLs returned by
575  * LDAP servers
576  */
577 typedef struct ns_referral_info {
578 	struct ns_referral_info	*next;
579 	char			*refHost;
580 	int			refScope;
581 	char			*refDN;
582 	char			*refFilter;
583 } ns_referral_info_t;
584 
585 struct ns_ldap_cookie;
586 
587 /*
588  * Batch used by __ns_ldap_list_batch_xxx API
589  */
590 struct ns_ldap_list_batch {
591 	uint32_t		nactive;
592 	struct ns_ldap_cookie	*next_cookie;
593 	struct ns_ldap_cookie	*cookie_list;
594 };
595 
596 /*
597  * This structure used internally in searches
598  */
599 
600 typedef struct ns_ldap_cookie {
601 	/* INPUTS */
602 		/* server list position */
603 
604 		/* service search descriptor list & position */
605 	ns_ldap_search_desc_t  **sdlist;
606 	ns_ldap_search_desc_t  **sdpos;
607 
608 		/* search filter callback */
609 	int			use_filtercb;
610 	int 	(*init_filter_cb)(const ns_ldap_search_desc_t *desc,
611 			char **realfilter, const void *userdata);
612 
613 		/* user callback */
614 	int			use_usercb;
615 	int	(*callback)(const ns_ldap_entry_t *entry,
616 			const void *userdata);
617 	const void		*userdata;
618 
619 	int			followRef;
620 	int			use_paging;
621 	char			*service;
622 	char			*i_filter;
623 	const char * const	*i_attr;
624 	const ns_cred_t		*i_auth;
625 	int 			i_flags;
626 
627 	/* OUTPUTS */
628 	ns_ldap_result_t	*result;
629 	ns_ldap_entry_t		*nextEntry;
630 		/* Error data */
631 	int			err_rc;
632 	ns_ldap_error_t		*errorp;
633 
634 	/* PRIVATE */
635 	ns_state_t		state;
636 	ns_state_t		new_state;
637 	ns_state_t		next_state;
638 
639 	Connection		*conn;
640 #define	conn_auth_type	conn->auth->auth.type
641 	ConnectionID		connectionId;
642 
643 	/* paging VLV/SIMPLEPAGE data */
644 	int			listType;
645 	unsigned long		index;
646 	LDAPControl		**p_serverctrls;
647 
648 	int			scope;
649 	char			*basedn;
650 	char			*filter;
651 	char			**attribute;
652 
653 	/* RESULT PROCESSING */
654 	int			msgId;
655 	LDAPMessage		*resultMsg;
656 
657 	char			**dns;
658 	char			*currentdn;
659 	int			flag;
660 	struct berval   	*ctrlCookie;
661 
662 	/* REFERRALS PROCESSING */
663 	/* referralinfo list & position */
664 	ns_referral_info_t  	*reflist;
665 	ns_referral_info_t  	*refpos;
666 	/* search timeout value */
667 	struct timeval		search_timeout;
668 	/* response control to hold account management information */
669 	LDAPControl		**resultctrl;
670 	/* Flag to indicate password less account management is required */
671 	int			nopasswd_acct_mgmt;
672 	int			err_from_result;
673 
674 	/* BATCH PROCESSING */
675 	ns_ldap_list_batch_t	*batch;
676 	boolean_t		no_wait;
677 	ns_ldap_result_t	**caller_result;
678 	ns_ldap_error_t		**caller_errorp;
679 	int			*caller_rc;
680 	struct ns_ldap_cookie	*next_cookie_in_batch;
681 } ns_ldap_cookie_t;
682 
683 /*
684  * This structure is part of the return value information for
685  * __s_api_requestServer.  The routine that requests a new server
686  * from the cache manager
687  */
688 typedef struct ns_server_info {
689 	char	*server;
690 	char	*serverFQDN;
691 	char 	**controls;
692 	char	**saslMechanisms;
693 } ns_server_info_t;
694 
695 /*
696  * sasl callback function parameters
697  */
698 typedef struct ns_sasl_cb_param {
699 	char	*mech;
700 	char	*authid;
701 	char	*authzid;
702 	char	*passwd;
703 	char	*realm;
704 } ns_sasl_cb_param_t;
705 
706 /* self/sasl/gssapi variable */
707 extern int sasl_gssapi_inited;
708 
709 /* Multiple threads per connection variable */
710 extern int MTperConn;
711 
712 /*
713  * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
714  */
715 
716 #ifdef DEBUG
717 extern int	__ldap_debug_file;
718 extern int	__ldap_debug_api;
719 extern int	__ldap_debug_ldap;
720 extern int	__ldap_debug_servers;
721 #endif
722 
723 /* internal connection APIs */
724 void DropConnection(ConnectionID, int);
725 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
726 
727 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
728 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
729 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
730 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
731 char *__s_get_pref_name(PrefOnly_t type);
732 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
733 char *__s_get_hostcertpath(void);
734 
735 
736 /* ************ internal sldap-api functions *********** */
737 void	__ns_ldap_freeEntry(ns_ldap_entry_t *ep);
738 void	__s_api_split_key_value(char *buffer, char **name, char **value);
739 int	__s_api_printResult(ns_ldap_result_t *);
740 int	__s_api_getSearchScope(int *, ns_ldap_error_t **);
741 int	__s_api_getDNs(char ***, const char *,
742 	ns_ldap_error_t **);
743 int	__s_api_get_search_DNs_v1(char ***, const char *,
744 	ns_ldap_error_t **);
745 int	__s_api_getConnection(const char *, const int,
746 	const ns_cred_t *, int *,
747 	Connection **, ns_ldap_error_t **, int, int);
748 char	**__s_api_cp2dArray(char **);
749 void	__s_api_free2dArray(char **);
750 
751 int	__s_api_isCtrlSupported(Connection *, char *);
752 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
753 ns_auth_t  *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
754 int	__s_api_peruser_proc(void);
755 int	__s_api_nscd_proc(void);
756 char	*dvalue(char *);
757 char	*evalue(char *);
758 
759 extern void	get_environment();
760 
761 /* internal Param APIs */
762 int		__ns_ldap_setParamValue(ns_config_t *ptr,
763 			const ParamIndexType type,
764 			const void *data, ns_ldap_error_t **error);
765 int		__s_api_get_type(const char *value, ParamIndexType *type);
766 int		__s_api_get_versiontype(ns_config_t *ptr, char *value,
767 					ParamIndexType *type);
768 int		__s_api_get_profiletype(char *value, ParamIndexType *type);
769 void		__s_api_init_config(ns_config_t *ptr);
770 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
771 					int check_dn);
772 ns_config_t	*__s_api_create_config(void);
773 ns_config_t	*__s_api_get_default_config(void);
774 ns_config_t	*__s_api_loadrefresh_config();
775 void		__s_api_destroy_config(ns_config_t *ptr);
776 int		__s_api_get_configtype(ParamIndexType type);
777 const char	*__s_api_get_configname(ParamIndexType type);
778 char		*__s_api_strValue(ns_config_t *ptr, char *str,
779 			int bufsz, ParamIndexType i,
780 			ns_strfmt_t fmt);
781 void		__s_api_release_config(ns_config_t *cfg);
782 
783 /* internal attribute/objectclass mapping api's */
784 int		 __s_api_add_map2hash(ns_config_t *config,
785 				ns_hashtype_t type, ns_mapping_t *map);
786 void		__s_api_destroy_hash(ns_config_t *config);
787 int		__s_api_parse_map(char *cp, char **sid,
788 				char **origA, char ***mapA);
789 char		**__ns_ldap_mapAttributeList(const char *service,
790 				const char * const *origAttrList);
791 
792 /* internal configuration APIs */
793 void		__ns_ldap_setServer(int set);
794 ns_ldap_error_t	*__ns_ldap_LoadConfiguration();
795 ns_ldap_error_t	*__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname);
796 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
797 ns_ldap_error_t	*__ns_ldap_DumpLdif(char *filename);
798 int		__ns_ldap_cache_ping();
799 ns_ldap_error_t *__ns_ldap_print_config(int);
800 void		__ns_ldap_default_config();
801 int		__ns_ldap_download(const char *, char *, char *,
802 				ns_ldap_error_t **);
803 int
804 __ns_ldap_check_dns_preq(int foreground,
805 		int mode_verbose,
806 		int mode_quiet,
807 		const char *fname,
808 		ns_ldap_self_gssapi_config_t config,
809 		ns_ldap_error_t **errpp);
810 int
811 __ns_ldap_check_gssapi_preq(int foreground,
812 		int mode_verbose,
813 		int mode_quiet,
814 		ns_ldap_self_gssapi_config_t config,
815 		ns_ldap_error_t **errpp);
816 int
817 __ns_ldap_check_all_preq(int foreground,
818 		int mode_verbose,
819 		int mode_quiet,
820 		ns_ldap_self_gssapi_config_t config,
821 		ns_ldap_error_t **errpp);
822 
823 /* internal un-exposed APIs */
824 ns_cred_t 	*__ns_ldap_dupAuth(const ns_cred_t *authp);
825 int		__s_api_get_SSD_from_SSDtoUse_service(const char *service,
826 			ns_ldap_search_desc_t ***SSDlist,
827 			ns_ldap_error_t **errorp);
828 int		__s_api_prepend_automountmapname(const char *service,
829 			ns_ldap_search_desc_t ***SSDlist,
830 			ns_ldap_error_t ** errorp);
831 int		__s_api_prepend_automountmapname_to_dn(const char *service,
832 			char **basedn,
833 			ns_ldap_error_t ** errorp);
834 int		__s_api_convert_automountmapname(const char *service,
835 			char **dn, ns_ldap_error_t ** errorp);
836 int		__s_api_replace_mapped_attr_in_dn(
837 			const char *orig_attr, const char *mapped_attr,
838 			const char *dn, char **new_dn);
839 int		__s_api_append_default_basedn(
840 			const char *dn,
841 			char **new_dn,
842 			int *allocated,
843 			ns_ldap_error_t ** errorp);
844 int		__s_api_removeServer(const char *server);
845 void		__s_api_removeBadServers(char **server);
846 void		__s_api_free_server_info(ns_server_info_t *sinfo);
847 
848 /* internal referrals APIs */
849 int 		__s_api_toFollowReferrals(const int flags,
850 			int *toFollow,
851 			ns_ldap_error_t **errorp);
852 int 		__s_api_addRefInfo(ns_referral_info_t **head,
853 			char *url, char *baseDN, int *scope,
854 			char *filter, LDAP *ld);
855 void		__s_api_deleteRefInfo(ns_referral_info_t *head);
856 
857 /* callback routine for SSD filters */
858 int		__s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
859 			char **realfilter,
860 			const void *userdata);
861 
862 /* network address verification api */
863 int		__s_api_isipv4(char *addr);
864 int		__s_api_isipv6(char *addr);
865 int		__s_api_ishost(char *addr);
866 
867 /* password management routine */
868 ns_ldap_passwd_status_t
869 		__s_api_set_passwd_status(int errnum, char *errmsg);
870 int		__s_api_contain_passwd_control_oid(char **oids);
871 
872 /* password less account management routine */
873 int		__s_api_contain_account_usable_control_oid(char **oids);
874 
875 /* RFC 2307 section 5.6. Get a canonical name from entry */
876 char		*__s_api_get_canonical_name(ns_ldap_entry_t *entry,
877 			ns_ldap_attr_t *attrptr, int case_ignore);
878 
879 /* self/sasl/gssapi functions */
880 int		__s_api_sasl_bind_callback(
881 			LDAP		*ld,
882 			unsigned	flags,
883 			void		*defaults,
884 			void		*in);
885 
886 int		__s_api_self_gssapi_only_get(void);
887 int		__s_api_sasl_gssapi_init(void);
888 int		__s_api_check_MTC_tsd();
889 
890 /* Multiple threads per connection functions */
891 void ns_tsd_cleanup(void *);
892 
893 #ifdef __cplusplus
894 }
895 #endif
896 
897 #endif /* _NS_INTERNAL_H */
898