1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26
27 #ifndef _NS_INTERNAL_H
28 #define _NS_INTERNAL_H
29
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33
34 #include <stdio.h>
35 #include <sys/types.h>
36 #include <sys/time.h>
37 #include <thread.h>
38 #include <lber.h>
39 #include <ldap.h>
40 #include "ns_sldap.h"
41 #include "ns_cache_door.h"
42
43 /*
44 * INTERNALLY USED CONSTANTS
45 */
46
47 #define MAXERROR 2000
48 #define TRUE 1
49 #define FALSE 0
50 #define NSLDAPDIRECTORY "/var/ldap"
51 #define NSCONFIGFILE "/var/ldap/ldap_client_file"
52 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh"
53 #define NSCREDFILE "/var/ldap/ldap_client_cred"
54 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh"
55 #define ROTORSIZE 256
56 #define MASK 0377
57 #define LDAPMAXHARDLOOKUPTIME 256
58 #define DONOTEDIT \
59 "Do not edit this file manually; your changes will be lost." \
60 "Please use ldapclient (1M) instead."
61 #define MAXPORTNUMBER 65535
62 #define MAXPORTNUMBER_STR "65535"
63 #define CREDFILE 0
64 #define CONFIGFILE 1
65 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))"
66 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))"
67 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))"
68 #define UIDFILTER_SSD "(&(%%s)(uid=%s))"
69 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))"
70 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))"
71
72 #define SIMPLEPAGECTRLFLAG 1
73 #define VLVCTRLFLAG 2
74
75 #define LISTPAGESIZE 1000
76 #define ENUMPAGESIZE 100
77
78 #define DEFMAX 8
79 #define TOKENSEPARATOR '='
80 #define QUOTETOK '"'
81 #define SPACETOK ' '
82 #define COMMATOK ','
83 #define COLONTOK ':'
84 #define QUESTTOK '?'
85 #define SEMITOK ';'
86 #define TABTOK '\t'
87 #define OPARATOK '('
88 #define CPARATOK ')'
89 #define BSLTOK '\\'
90 #define DOORLINESEP "\07"
91 #define DOORLINESEP_CHR 0x7
92 #define COMMASEP ", "
93 #define SPACESEP " "
94 #define SEMISEP ";"
95 #define COLONSEP ":"
96 #define COLSPSEP ": "
97 #define EQUALSEP "="
98 #define EQUSPSEP "= "
99 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P
100 #define BUFSIZE BUFSIZ
101 #define DEFAULTCONFIGNAME "__default_config"
102 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */
103 #define CRYPTMARK "{NS1}"
104 #define DOORBUFFERSIZE 8192
105
106 #define LDIF_FMT_STR "%s: %s"
107 #define FILE_FMT_STR "%s= %s"
108 #define DOOR_FMT_STR "%s=%s"
109
110 #define SESSION_CACHE_INC 8
111 #define CONID_OFFSET 1024
112 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */
113 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */
114
115 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
116 #define RDNSIZE 512
117
118 /*
119 * special service used by ldap_cachemgr to indicate a shadow update
120 * is to be done with the credential of the administrator identity
121 */
122 #define NS_ADMIN_SHADOW_UPDATE "shadow__admin_update"
123
124 /* Phase 1 profile information */
125 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile"
126 #define _PROFILE_CONTAINER "profile"
127 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
128
129 /* Phase 2 profile information */
130 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile"
131
132 /* Common to all profiles */
133 #define _P_CN "cn"
134
135 /* Native LDAP Phase 1 Specific Profile Attributes */
136 #define _P1_SERVERS "SolarisLDAPServers"
137 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN"
138 #define _P1_CACHETTL "SolarisCacheTTL"
139 #define _P1_BINDDN "SolarisBindDN"
140 #define _P1_BINDPASSWORD "SolarisBindPassword"
141 #define _P1_AUTHMETHOD "SolarisAuthMethod"
142 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity"
143 #define _P1_CERTIFICATEPATH "SolarisCertificatePath"
144 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword"
145 #define _P1_DATASEARCHDN "SolarisDataSearchDN"
146 #define _P1_SEARCHSCOPE "SolarisSearchScope"
147 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit"
148 #define _P1_PREFERREDSERVER "SolarisPreferredServer"
149 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly"
150 #define _P1_SEARCHREFERRAL "SolarisSearchReferral"
151 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit"
152
153 /* Native LDAP Phase 2 Specific Profile Attributes */
154 #define _P2_PREFERREDSERVER "preferredServerList"
155 #define _P2_DEFAULTSERVER "defaultServerList"
156 #define _P2_SEARCHBASEDN "defaultSearchBase"
157 #define _P2_SEARCHSCOPE "defaultSearchScope"
158 #define _P2_AUTHMETHOD "authenticationMethod"
159 #define _P2_CREDENTIALLEVEL "credentialLevel"
160 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor"
161 #define _P2_SEARCHTIMELIMIT "searchTimeLimit"
162 #define _P2_BINDTIMELIMIT "bindTimeLimit"
163 #define _P2_FOLLOWREFERRALS "followReferrals"
164 #define _P2_PROFILETTL "profileTTL"
165 #define _P2_ATTRIBUTEMAP "attributeMap"
166 #define _P2_OBJECTCLASSMAP "objectClassMap"
167 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel"
168 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod"
169
170 /* Control & SASL information from RootDSE door call */
171 #define _SASLMECHANISM "supportedSASLmechanisms"
172 #define _SASLMECHANISM_LEN 23
173 #define _SUPPORTEDCONTROL "supportedControl"
174 #define _SUPPORTEDCONTROL_LEN 16
175
176 #define NS_HASH_MAX 257
177 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED="
178 #define NS_HASH_RC_SUCCESS 1
179 #define NS_HASH_RC_NO_MEMORY -1
180 #define NS_HASH_RC_CONFIG_ERROR -2
181 #define NS_HASH_RC_EXISTED -3
182 #define NS_HASH_RC_SYNTAX_ERROR -4
183
184 /* Password management related error message from iDS ldap server */
185 #define NS_PWDERR_MAXTRIES \
186 "Exceed password retry limit."
187 #define NS_PWDERR_EXPIRED \
188 "password expired!"
189 #define NS_PWDERR_ACCT_INACTIVATED \
190 "Account inactivated. Contact system administrator."
191 #define NS_PWDERR_CHANGE_NOT_ALLOW \
192 "user is not allowed to change password"
193 #define NS_PWDERR_INVALID_SYNTAX \
194 "invalid password syntax"
195 #define NS_PWDERR_TRIVIAL_PASSWD \
196 "Password failed triviality check"
197 #define NS_PWDERR_IN_HISTORY \
198 "password in history"
199 #define NS_PWDERR_WITHIN_MIN_AGE \
200 "within password minimum age"
201
202 /*
203 * INTERNALLY USED MACROS
204 */
205
206 void __s_api_debug_pause(int priority, int st, const char *mesg);
207
208 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str))
209
210 /*
211 * MKERROR: builds the error structure and fills in the status and
212 * the message. The message must be a freeable (non-static) string.
213 * If it fails to allocate memory for the error structure,
214 * it will return the retErr.
215 */
216 #define MKERROR(priority, err, st, mesg, retErr) \
217 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
218 return (retErr); \
219 (err)->message = mesg; \
220 (err)->status = (st); \
221 __s_api_debug_pause(priority, st, (err)->message);
222
223 /*
224 * MKERROR_PWD_MGMT is almost the same as MKERROR
225 * except that it takes two more inputs to fill in the
226 * password management information part of the
227 * ns_ldap_error structure pointed to by err,
228 * and it does not log a syslog message.
229 */
230 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
231 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
232 return (retErr); \
233 (err)->message = mesg; \
234 (err)->status = (st); \
235 (err)->pwd_mgmt.status = (pwd_status); \
236 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
237
238 #ifdef DEBUG
239 #define NSLDAPTRACE(variable, setequal, message) \
240 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
241 char buf[BUFSIZ]; \
242 (void) snprintf(buf, BUFSIZ, message); \
243 (void) write(__ldap_debug_file, buf); \
244 }
245 #endif
246
247 /*
248 * INTERNAL DATA STRUCTURES
249 */
250
251 /*
252 * configuration entry type
253 */
254
255 typedef enum {
256 SERVERCONFIG = 1,
257 CLIENTCONFIG = 2,
258 CREDCONFIG = 3
259 } ns_conftype_t;
260
261 /*
262 * datatype of a config entry
263 */
264
265 typedef enum {
266 NS_UNKNOWN = 0,
267 CHARPTR = 1, /* Single character pointer */
268 ARRAYCP = 2, /* comma sep array of char pointers */
269 ARRAYAUTH = 3, /* Array of auths */
270 TIMET = 4, /* time relative value (TTL) */
271 INT = 5, /* single integer */
272 SSDLIST = 6, /* service search descriptor */
273 ATTRMAP = 7, /* attribute mapping */
274 OBJMAP = 8, /* objectclass mapping */
275 SERVLIST = 9, /* serverlist (SP sep array) */
276 ARRAYCRED = 10, /* Array of credentialLevels */
277 SAMLIST = 11, /* serviceAuthenticationMethod */
278 SCLLIST = 12 /* serviceCredentialLevel */
279 } ns_datatype_t;
280
281 typedef enum {
282 NS_SUCCESS,
283 NS_NOTFOUND,
284 NS_PARSE_ERR
285 } ns_parse_status;
286
287 typedef enum {
288 NS_DOOR_FMT = 1,
289 NS_LDIF_FMT = 2,
290 NS_FILE_FMT = 3
291 } ns_strfmt_t;
292
293 /*
294 * This enum reduces the number of version string compares
295 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
296 */
297
298 typedef enum {
299 NS_LDAP_V1 = 1000,
300 NS_LDAP_V2 = 2000
301 } ns_version_t;
302
303 /*
304 * enum<->string mapping construct
305 */
306
307 typedef struct ns_enum_map {
308 int value;
309 char *name;
310 } ns_enum_map;
311
312 #define ENUM2INT(x) ((int)(x))
313
314 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x))
315 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x))
316 #define INT2SCOPEENUM(x) ((ScopeType_t)(x))
317 #define INT2AUTHENUM(x) ((AuthType_t)(x))
318 #define INT2SECENUM(x) ((TlsType_t)(x))
319 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x))
320 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x))
321 #define INT2SHADOWUPDATENUM(x) ((enableShadowUpdate_t)(x))
322
323 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x))
324 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x))
325 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x))
326
327 /*
328 * This structure maps service name to rdn components
329 * for use in __ns_getDNs. It also defines the SSD-to-use
330 * service for use in __s_api_get_SSDtoUse_service.
331 * The idea of an SSD-to-use service is to reduce the configuration
332 * complexity. For a service, which does not have its own entries in
333 * the LDAP directory, SSD for it is useless, and should not be set.
334 * But since this service must share the container with at least
335 * one other service which does have it own entries, the SSD for
336 * this other service will be shared by this service.
337 * This other service is called the SSD-to-use service.
338 *
339 */
340
341 typedef struct ns_service_map {
342 char *service;
343 char *rdn;
344 char *SSDtoUse_service;
345 } ns_service_map;
346
347 /*
348 * This structure contains a single mapping from:
349 * service:orig -> list of mapped
350 */
351
352 typedef enum {
353 NS_ATTR_MAP,
354 NS_OBJ_MAP
355 } ns_maptype_t;
356
357 typedef struct ns_mapping {
358 ns_maptype_t type;
359 char *service;
360 char *orig;
361 char **map;
362 } ns_mapping_t;
363
364 /*
365 * The following is the list of internal libsldap configuration data
366 * structures. The configuration is populated normally once per
367 * application. The assumption is that in applications can be
368 * relatively short lived (IE ls via nsswitch) so it is important to
369 * keep configuration to a minimum, but keep lookups fast.
370 *
371 * Assumptions:
372 * 1 configuration entry per domain, and almost always 1 domain
373 * per app. Hooks exist for multiple domains per app.
374 *
375 * Configurations are read in from client file cache or from LDAP.
376 * Attribute/objectclass mappings are hashed to improve lookup
377 * speed.
378 */
379
380 /*
381 * Hash entry types
382 */
383 typedef enum _ns_hashtype_t {
384 NS_HASH_AMAP = 1, /* attr map */
385 NS_HASH_RAMAP = 2, /* reverse attr map */
386 NS_HASH_OMAP = 3, /* oc map */
387 NS_HASH_ROMAP = 4, /* reverse oc map */
388 NS_HASH_VOID = 5
389 } ns_hashtype_t;
390
391 typedef struct ns_hash {
392 ns_hashtype_t h_type;
393 ns_mapping_t *h_map;
394 struct ns_hash *h_next;
395 struct ns_hash *h_llnext;
396 } ns_hash_t;
397
398 /*
399 * This structure defines the format of an internal configuration
400 * parameter for ns_ldap client.
401 */
402
403 typedef struct ns_param {
404 ns_datatype_t ns_ptype;
405 int ns_acnt;
406 union {
407 char **ppc;
408 int *pi;
409 char *pc;
410 int i;
411 time_t tm;
412 } ns_pu;
413 } ns_param_t;
414
415 #define ns_ppc ns_pu.ppc
416 #define ns_pi ns_pu.pi
417 #define ns_pc ns_pu.pc
418 #define ns_i ns_pu.i
419 #define ns_tm ns_pu.tm
420
421 /*
422 * This structure defines an instance of a configuration structure.
423 * paramList contains the current ns_ldap parameter configuration
424 * and hashTbl contain the current attribute/objectclass mappings.
425 * Parameters are indexed by using the value assigned to the parameter
426 * in ParamIndexType.
427 */
428
429 typedef struct ns_config {
430 char *domainName;
431 ns_version_t version;
432 ns_param_t paramList[NS_LDAP_MAX_PIT_P];
433 ns_hash_t *hashTbl[NS_HASH_MAX];
434 ns_hash_t *llHead;
435 ns_ldap_entry_t *RootDSE;
436 boolean_t delete;
437 mutex_t config_mutex;
438 int nUse;
439 ldap_get_chg_cookie_t config_cookie;
440 } ns_config_t;
441
442 /*
443 * This structure defines the mapping of the NSCONFIGFILE file
444 * statements into their corresponding SolarisNamingProfile,
445 * Posix Mapping LDAP attributes, and to their corresponding
446 * ParamIndexType enum mapping. THe ParamIndexType enum
447 * definitions can be found in ns_ldap.h. This structure also
448 * defines the default values that are used when a value either
449 * does not exist or is undefined.
450 */
451
452 typedef struct ns_default_config {
453 const char *name; /* config file parameter name */
454 ParamIndexType index; /* config file enum index */
455 ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */
456 ns_datatype_t data_type; /* ppc,pi,pc,int etc... */
457 int single_valued; /* TRUE OR FALSE */
458 ns_version_t version; /* Version # for attribute */
459 const char *profile_name; /* profile schema attribute name */
460 ns_param_t defval; /* config file parameter default */
461 int (*ns_verify)(ParamIndexType i,
462 struct ns_default_config *def,
463 ns_param_t *param,
464 char *errbuf);
465 ns_enum_map *allowed; /* allowed values */
466 } ns_default_config;
467
468
469 /*
470 * This typedef enumerates all the supported authentication
471 * mechanisms currently supported in this library
472 */
473
474 typedef enum EnumAuthType {
475 NS_LDAP_EA_NONE = 0,
476 NS_LDAP_EA_SIMPLE = 1,
477 NS_LDAP_EA_SASL_NONE = 2,
478 NS_LDAP_EA_SASL_CRAM_MD5 = 3,
479 NS_LDAP_EA_SASL_DIGEST_MD5 = 4,
480 NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5,
481 NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6,
482 NS_LDAP_EA_SASL_EXTERNAL = 7,
483 NS_LDAP_EA_SASL_GSSAPI = 8,
484 NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */
485 NS_LDAP_EA_TLS_NONE = 10,
486 NS_LDAP_EA_TLS_SIMPLE = 11,
487 NS_LDAP_EA_TLS_SASL_NONE = 12,
488 NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13,
489 NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14,
490 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15,
491 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16,
492 NS_LDAP_EA_TLS_SASL_EXTERNAL = 17,
493 NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */
494 NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */
495 } EnumAuthType_t;
496
497
498 /*
499 * this enum lists the various states of the search state machine
500 */
501
502 typedef enum {
503 INIT = 1,
504 EXIT = 2,
505 NEXT_SEARCH_DESCRIPTOR = 3,
506 GET_SESSION = 4,
507 NEXT_SESSION = 5,
508 RESTART_SESSION = 6,
509 NEXT_SEARCH = 7,
510 NEXT_VLV = 8,
511 NEXT_PAGE = 9,
512 ONE_SEARCH = 10,
513 DO_SEARCH = 11,
514 NEXT_RESULT = 12,
515 MULTI_RESULT = 13,
516 PROCESS_RESULT = 14,
517 END_PROCESS_RESULT = 15,
518 END_RESULT = 16,
519 NEXT_REFERRAL = 17,
520 GET_REFERRAL_SESSION = 18,
521 ERROR = 19,
522 LDAP_ERROR = 20,
523 GET_ACCT_MGMT_INFO = 21,
524 CLEAR_RESULTS = 22,
525 REINIT = 23
526 } ns_state_t;
527
528 /*
529 * this enum lists the various states of the write state machine
530 */
531 typedef enum {
532 W_INIT = 1,
533 W_EXIT = 2,
534 GET_CONNECTION = 3,
535 SELECT_OPERATION_SYNC = 4,
536 SELECT_OPERATION_ASYNC = 5,
537 DO_ADD_SYNC = 6,
538 DO_DELETE_SYNC = 7,
539 DO_MODIFY_SYNC = 8,
540 DO_ADD_ASYNC = 9,
541 DO_DELETE_ASYNC = 10,
542 DO_MODIFY_ASYNC = 11,
543 GET_RESULT_SYNC = 12,
544 GET_RESULT_ASYNC = 13,
545 PARSE_RESULT = 14,
546 GET_REFERRAL_CONNECTION = 15,
547 W_LDAP_ERROR = 16,
548 W_ERROR = 17
549 } ns_write_state_t;
550
551
552 typedef int ConnectionID;
553
554 /*
555 * Server side sort type. Orginally the server side sort
556 * was set to "cn uid". This did not work with AD and
557 * hence single sort attribute was odopted. We dont
558 * know which server side sort will work with the
559 * Directory and hence we discover which method works.
560 */
561 typedef enum {
562 SSS_UNKNOWN = 0,
563 SSS_SINGLE_ATTR = 1,
564 SSS_CN_UID_ATTRS = 2
565 } ns_srvsidesort_t;
566
567 /*
568 * This structure is used by ns_connect to create and manage
569 * one or more ldap connections within the library.
570 */
571 typedef struct connection {
572 ConnectionID connectionId;
573 boolean_t usedBit; /* true if only used by */
574 /* one thread and not shared */
575 /* by other threads */
576 pid_t pid; /* process id */
577 char *serverAddr;
578 ns_cred_t *auth;
579 LDAP *ld;
580 thread_t threadID; /* thread ID using it */
581 struct ns_ldap_cookie *cookieInfo;
582 char **controls; /* from server_info */
583 char **saslMechanisms; /* from server_info */
584 } Connection;
585
586 #define ONE_STEP 1
587
588 /*
589 * This structure is for referrals processing.
590 * The data are from referral URLs returned by
591 * LDAP servers
592 */
593 typedef struct ns_referral_info {
594 struct ns_referral_info *next;
595 char *refHost;
596 int refScope;
597 char *refDN;
598 char *refFilter;
599 } ns_referral_info_t;
600
601 struct ns_ldap_cookie;
602
603 /*
604 * Batch used by __ns_ldap_list_batch_xxx API
605 */
606 struct ns_ldap_list_batch {
607 uint32_t nactive;
608 struct ns_ldap_cookie *next_cookie;
609 struct ns_ldap_cookie *cookie_list;
610 };
611
612 struct ns_conn_user;
613 typedef struct ns_conn_user ns_conn_user_t;
614
615 /*
616 * This structure used internally in searches
617 */
618
619 typedef struct ns_ldap_cookie {
620 /* INPUTS */
621 /* server list position */
622
623 /* service search descriptor list & position */
624 ns_ldap_search_desc_t **sdlist;
625 ns_ldap_search_desc_t **sdpos;
626
627 /* search filter callback */
628 int use_filtercb;
629 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
630 char **realfilter, const void *userdata);
631
632 /* user callback */
633 int use_usercb;
634 int (*callback)(const ns_ldap_entry_t *entry,
635 const void *userdata);
636 const void *userdata;
637
638 int followRef;
639 int use_paging;
640 char *service;
641 char *i_filter;
642 const char * const *i_attr;
643 const char *i_sortattr;
644 const ns_cred_t *i_auth;
645 int i_flags;
646
647 /* OUTPUTS */
648 ns_ldap_result_t *result;
649 ns_ldap_entry_t *nextEntry;
650 /* Error data */
651 int err_rc;
652 ns_ldap_error_t *errorp;
653
654 /* PRIVATE */
655 ns_state_t state;
656 ns_state_t new_state;
657 ns_state_t next_state;
658
659 Connection *conn;
660 #define conn_auth_type conn->auth->auth.type
661 ConnectionID connectionId;
662
663 /* paging VLV/SIMPLEPAGE data */
664 int listType;
665 unsigned long index;
666 LDAPControl **p_serverctrls;
667 ns_srvsidesort_t sortTypeTry;
668 int entryCount;
669
670 int scope;
671 char *basedn;
672 char *filter;
673 char **attribute;
674
675 /* RESULT PROCESSING */
676 int msgId;
677 LDAPMessage *resultMsg;
678
679 char **dns;
680 char *currentdn;
681 int flag;
682 struct berval *ctrlCookie;
683
684 /* REFERRALS PROCESSING */
685 /* referralinfo list & position */
686 ns_referral_info_t *reflist;
687 ns_referral_info_t *refpos;
688 /* search timeout value */
689 struct timeval search_timeout;
690 /* response control to hold account management information */
691 LDAPControl **resultctrl;
692 /* Flag to indicate password less account management is required */
693 int nopasswd_acct_mgmt;
694 int err_from_result;
695 ns_conn_user_t *conn_user;
696
697 /* BATCH PROCESSING */
698 ns_ldap_list_batch_t *batch;
699 boolean_t no_wait;
700 boolean_t reinit_on_retriable_err;
701 int retries;
702 ns_ldap_result_t **caller_result;
703 ns_ldap_error_t **caller_errorp;
704 int *caller_rc;
705 struct ns_ldap_cookie *next_cookie_in_batch;
706 } ns_ldap_cookie_t;
707
708 /*
709 * This structure is part of the return value information for
710 * __s_api_requestServer. The routine that requests a new server
711 * from the cache manager
712 */
713 typedef struct ns_server_info {
714 char *server;
715 char *serverFQDN;
716 char **controls;
717 char **saslMechanisms;
718 } ns_server_info_t;
719
720 /*
721 * sasl callback function parameters
722 */
723 typedef struct ns_sasl_cb_param {
724 char *mech;
725 char *authid;
726 char *authzid;
727 char *passwd;
728 char *realm;
729 } ns_sasl_cb_param_t;
730
731 /* Multiple threads per connection variable */
732 extern int MTperConn;
733
734 /*
735 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
736 */
737
738 #ifdef DEBUG
739 extern int __ldap_debug_file;
740 extern int __ldap_debug_api;
741 extern int __ldap_debug_ldap;
742 extern int __ldap_debug_servers;
743 #endif
744
745 /* internal connection APIs */
746 void DropConnection(ConnectionID, int);
747 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
748
749 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
750 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
751 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
752 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
753 char *__s_get_pref_name(PrefOnly_t type);
754 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
755 char *__s_get_shadowupdate_name(enableShadowUpdate_t type);
756 char *__s_get_hostcertpath(void);
757 void __s_api_free_sessionPool();
758 int __s_api_requestServer(const char *request, const char *server,
759 ns_server_info_t *ret, ns_ldap_error_t **error, const char *addrType);
760
761
762 /* ************ internal sldap-api functions *********** */
763 void __ns_ldap_freeEntry(ns_ldap_entry_t *ep);
764 void __s_api_split_key_value(char *buffer, char **name, char **value);
765 int __s_api_printResult(ns_ldap_result_t *);
766 int __s_api_getSearchScope(int *, ns_ldap_error_t **);
767 int __s_api_getDNs(char ***, const char *,
768 ns_ldap_error_t **);
769 int __s_api_get_search_DNs_v1(char ***, const char *,
770 ns_ldap_error_t **);
771 int __s_api_getConnection(const char *, const int,
772 const ns_cred_t *, int *,
773 Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
774 char **__s_api_cp2dArray(char **);
775 void __s_api_free2dArray(char **);
776
777 int __s_api_isCtrlSupported(Connection *, char *);
778 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
779 ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
780 boolean_t __s_api_peruser_proc(void);
781 boolean_t __s_api_nscd_proc(void);
782 char *dvalue(char *);
783 char *evalue(char *);
784 ns_ldap_error_t *__s_api_make_error(int, char *);
785 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
786
787 /* ************ specific 'Standalone' functions ********** */
788 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
789 struct hostent *__s_api_hostname2ip(const char *name,
790 struct hostent *result,
791 char *buffer,
792 int buflen,
793 int *h_errnop);
794 void __s_api_setInitMode();
795 void __s_api_unsetInitMode();
796 int __s_api_isStandalone(void);
797 int __s_api_isInitializing();
798 ns_ldap_return_code __s_api_findRootDSE(const char *request,
799 const char *server,
800 const char *addrType,
801 ns_server_info_t *ret,
802 ns_ldap_error_t **error);
803 ns_config_t *__s_api_create_config_door_str(char *config,
804 ns_ldap_error_t **errorp);
805
806 extern void get_environment();
807
808 /* internal Param APIs */
809 int __ns_ldap_setParamValue(ns_config_t *ptr,
810 const ParamIndexType type,
811 const void *data, ns_ldap_error_t **error);
812 int __s_api_get_type(const char *value, ParamIndexType *type);
813 int __s_api_get_versiontype(ns_config_t *ptr, char *value,
814 ParamIndexType *type);
815 int __s_api_get_profiletype(char *value, ParamIndexType *type);
816 void __s_api_init_config(ns_config_t *ptr);
817 void __s_api_init_config_global(ns_config_t *ptr);
818 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
819 int check_dn);
820 ns_config_t *__s_api_create_config(void);
821 ns_config_t *__s_api_get_default_config(void);
822 ns_config_t *__s_api_get_default_config_global(void);
823 ns_config_t *__s_api_loadrefresh_config();
824 ns_config_t *__s_api_loadrefresh_config_global();
825 void __s_api_destroy_config(ns_config_t *ptr);
826 int __s_api_get_configtype(ParamIndexType type);
827 const char *__s_api_get_configname(ParamIndexType type);
828 char *__s_api_strValue(ns_config_t *ptr, ParamIndexType i,
829 ns_strfmt_t fmt);
830 void __s_api_release_config(ns_config_t *cfg);
831
832 /* internal attribute/objectclass mapping api's */
833 int __s_api_add_map2hash(ns_config_t *config,
834 ns_hashtype_t type, ns_mapping_t *map);
835 void __s_api_destroy_hash(ns_config_t *config);
836 int __s_api_parse_map(char *cp, char **sid,
837 char **origA, char ***mapA);
838 char **__ns_ldap_mapAttributeList(const char *service,
839 const char * const *origAttrList);
840 char *__ns_ldap_mapAttribute(const char *service,
841 const char *origAttr);
842
843 /* internal configuration APIs */
844 void __ns_ldap_setServer(int set);
845 ns_ldap_error_t *__ns_ldap_LoadConfiguration();
846 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
847 ns_config_t *new, int cred_only);
848 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
849 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename);
850 int __ns_ldap_cache_ping();
851 ns_ldap_error_t *__ns_ldap_print_config(int);
852 void __ns_ldap_default_config();
853 int __ns_ldap_download(const char *, char *, char *,
854 ns_ldap_error_t **);
855 int
856 __ns_ldap_check_dns_preq(int foreground,
857 int mode_verbose,
858 int mode_quiet,
859 const char *fname,
860 ns_ldap_self_gssapi_config_t config,
861 ns_ldap_error_t **errpp);
862 int
863 __ns_ldap_check_gssapi_preq(int foreground,
864 int mode_verbose,
865 int mode_quiet,
866 ns_ldap_self_gssapi_config_t config,
867 ns_ldap_error_t **errpp);
868 int
869 __ns_ldap_check_all_preq(int foreground,
870 int mode_verbose,
871 int mode_quiet,
872 ns_ldap_self_gssapi_config_t config,
873 ns_ldap_error_t **errpp);
874
875 /* internal un-exposed APIs */
876 ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp);
877 boolean_t __s_api_is_auth_matched(const ns_cred_t *auth1,
878 const ns_cred_t *auth2);
879 int __s_api_get_SSD_from_SSDtoUse_service(const char *service,
880 ns_ldap_search_desc_t ***SSDlist,
881 ns_ldap_error_t **errorp);
882 int __s_api_prepend_automountmapname(const char *service,
883 ns_ldap_search_desc_t ***SSDlist,
884 ns_ldap_error_t ** errorp);
885 int __s_api_prepend_automountmapname_to_dn(const char *service,
886 char **basedn,
887 ns_ldap_error_t ** errorp);
888 int __s_api_convert_automountmapname(const char *service,
889 char **dn, ns_ldap_error_t ** errorp);
890 int __s_api_replace_mapped_attr_in_dn(
891 const char *orig_attr, const char *mapped_attr,
892 const char *dn, char **new_dn);
893 int __s_api_append_default_basedn(
894 const char *dn,
895 char **new_dn,
896 int *allocated,
897 ns_ldap_error_t ** errorp);
898 int __s_api_removeServer(const char *server);
899 void __s_api_removeBadServers(char **server);
900 void __s_api_free_server_info(ns_server_info_t *sinfo);
901 void __s_api_freeConnection(Connection *con);
902
903 /* internal referrals APIs */
904 int __s_api_toFollowReferrals(const int flags,
905 int *toFollow,
906 ns_ldap_error_t **errorp);
907 int __s_api_addRefInfo(ns_referral_info_t **head,
908 char *url, char *baseDN, int *scope,
909 char *filter, LDAP *ld);
910 void __s_api_deleteRefInfo(ns_referral_info_t *head);
911
912 /* callback routine for SSD filters */
913 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
914 char **realfilter,
915 const void *userdata);
916
917 /* network address verification api */
918 int __s_api_isipv4(char *addr);
919 int __s_api_isipv6(char *addr);
920 int __s_api_ishost(char *addr);
921
922 /* password management routine */
923 ns_ldap_passwd_status_t
924 __s_api_set_passwd_status(int errnum, char *errmsg);
925 int __s_api_contain_passwd_control_oid(char **oids);
926
927 /* password less account management routine */
928 int __s_api_contain_account_usable_control_oid(char **oids);
929
930 /* RFC 2307 section 5.6. Get a canonical name from entry */
931 char *__s_api_get_canonical_name(ns_ldap_entry_t *entry,
932 ns_ldap_attr_t *attrptr, int case_ignore);
933
934 /* self/sasl/gssapi functions */
935 int __s_api_sasl_bind_callback(
936 LDAP *ld,
937 unsigned flags,
938 void *defaults,
939 void *in);
940
941 int __s_api_self_gssapi_only_get(void);
942
943 int __print2buf(LineBuf *line, const char *toprint, char *sep);
944
945 #ifdef __cplusplus
946 }
947 #endif
948
949 #endif /* _NS_INTERNAL_H */