Print this page
NEX-14547 Get UNIX group info. from AD/LDAP with partial RFC2307 schema
NEX-13132 smbd dumping core in nss_ldap.so.1`getbymember
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libsldap/common/ns_internal.h
+++ new/usr/src/lib/libsldap/common/ns_internal.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
24 + * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
24 25 */
25 26
26 27
27 28 #ifndef _NS_INTERNAL_H
28 29 #define _NS_INTERNAL_H
29 30
30 31 #ifdef __cplusplus
31 32 extern "C" {
32 33 #endif
33 34
34 35 #include <stdio.h>
35 36 #include <sys/types.h>
36 37 #include <sys/time.h>
37 38 #include <thread.h>
38 39 #include <lber.h>
39 40 #include <ldap.h>
40 41 #include "ns_sldap.h"
41 42 #include "ns_cache_door.h"
42 43
43 44 /*
44 45 * INTERNALLY USED CONSTANTS
45 46 */
46 47
47 48 #define MAXERROR 2000
48 49 #define TRUE 1
49 50 #define FALSE 0
50 51 #define NSLDAPDIRECTORY "/var/ldap"
51 52 #define NSCONFIGFILE "/var/ldap/ldap_client_file"
52 53 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh"
53 54 #define NSCREDFILE "/var/ldap/ldap_client_cred"
54 55 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh"
55 56 #define ROTORSIZE 256
56 57 #define MASK 0377
57 58 #define LDAPMAXHARDLOOKUPTIME 256
58 59 #define DONOTEDIT \
|
↓ open down ↓ |
25 lines elided |
↑ open up ↑ |
59 60 "Do not edit this file manually; your changes will be lost." \
60 61 "Please use ldapclient (1M) instead."
61 62 #define MAXPORTNUMBER 65535
62 63 #define MAXPORTNUMBER_STR "65535"
63 64 #define CREDFILE 0
64 65 #define CONFIGFILE 1
65 66 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))"
66 67 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))"
67 68 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))"
68 69 #define UIDFILTER_SSD "(&(%%s)(uid=%s))"
70 +#define UIDDNFILTER "(&(objectclass=posixAccount)(distinguishedName=%s))"
71 +#define UIDDNFILTER_SSD "(&(%%s)(distinguishedName=%s))"
72 +
69 73 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))"
70 74 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))"
71 75
72 76 #define SIMPLEPAGECTRLFLAG 1
73 77 #define VLVCTRLFLAG 2
74 78
75 79 #define LISTPAGESIZE 1000
76 80 #define ENUMPAGESIZE 100
77 81
78 82 #define DEFMAX 8
79 83 #define TOKENSEPARATOR '='
80 84 #define QUOTETOK '"'
81 85 #define SPACETOK ' '
82 86 #define COMMATOK ','
83 87 #define COLONTOK ':'
84 88 #define QUESTTOK '?'
85 89 #define SEMITOK ';'
86 90 #define TABTOK '\t'
87 91 #define OPARATOK '('
88 92 #define CPARATOK ')'
89 93 #define BSLTOK '\\'
90 94 #define DOORLINESEP "\07"
91 95 #define DOORLINESEP_CHR 0x7
92 96 #define COMMASEP ", "
93 97 #define SPACESEP " "
94 98 #define SEMISEP ";"
95 99 #define COLONSEP ":"
96 100 #define COLSPSEP ": "
97 101 #define EQUALSEP "="
98 102 #define EQUSPSEP "= "
99 103 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P
100 104 #define BUFSIZE BUFSIZ
101 105 #define DEFAULTCONFIGNAME "__default_config"
102 106 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */
103 107 #define CRYPTMARK "{NS1}"
104 108 #define DOORBUFFERSIZE 8192
105 109
106 110 #define LDIF_FMT_STR "%s: %s"
107 111 #define FILE_FMT_STR "%s= %s"
108 112 #define DOOR_FMT_STR "%s=%s"
109 113
110 114 #define SESSION_CACHE_INC 8
111 115 #define CONID_OFFSET 1024
112 116 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */
113 117 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */
114 118
115 119 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
116 120 #define RDNSIZE 512
117 121
118 122 /*
119 123 * special service used by ldap_cachemgr to indicate a shadow update
120 124 * is to be done with the credential of the administrator identity
121 125 */
122 126 #define NS_ADMIN_SHADOW_UPDATE "shadow__admin_update"
123 127
124 128 /* Phase 1 profile information */
125 129 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile"
126 130 #define _PROFILE_CONTAINER "profile"
127 131 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
128 132
129 133 /* Phase 2 profile information */
130 134 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile"
131 135
132 136 /* Common to all profiles */
133 137 #define _P_CN "cn"
134 138
135 139 /* Native LDAP Phase 1 Specific Profile Attributes */
136 140 #define _P1_SERVERS "SolarisLDAPServers"
137 141 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN"
138 142 #define _P1_CACHETTL "SolarisCacheTTL"
139 143 #define _P1_BINDDN "SolarisBindDN"
140 144 #define _P1_BINDPASSWORD "SolarisBindPassword"
141 145 #define _P1_AUTHMETHOD "SolarisAuthMethod"
142 146 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity"
143 147 #define _P1_CERTIFICATEPATH "SolarisCertificatePath"
144 148 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword"
145 149 #define _P1_DATASEARCHDN "SolarisDataSearchDN"
146 150 #define _P1_SEARCHSCOPE "SolarisSearchScope"
147 151 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit"
148 152 #define _P1_PREFERREDSERVER "SolarisPreferredServer"
149 153 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly"
150 154 #define _P1_SEARCHREFERRAL "SolarisSearchReferral"
151 155 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit"
152 156
153 157 /* Native LDAP Phase 2 Specific Profile Attributes */
154 158 #define _P2_PREFERREDSERVER "preferredServerList"
155 159 #define _P2_DEFAULTSERVER "defaultServerList"
156 160 #define _P2_SEARCHBASEDN "defaultSearchBase"
157 161 #define _P2_SEARCHSCOPE "defaultSearchScope"
158 162 #define _P2_AUTHMETHOD "authenticationMethod"
159 163 #define _P2_CREDENTIALLEVEL "credentialLevel"
160 164 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor"
161 165 #define _P2_SEARCHTIMELIMIT "searchTimeLimit"
162 166 #define _P2_BINDTIMELIMIT "bindTimeLimit"
163 167 #define _P2_FOLLOWREFERRALS "followReferrals"
164 168 #define _P2_PROFILETTL "profileTTL"
165 169 #define _P2_ATTRIBUTEMAP "attributeMap"
166 170 #define _P2_OBJECTCLASSMAP "objectClassMap"
167 171 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel"
168 172 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod"
169 173
170 174 /* Control & SASL information from RootDSE door call */
171 175 #define _SASLMECHANISM "supportedSASLmechanisms"
172 176 #define _SASLMECHANISM_LEN 23
173 177 #define _SUPPORTEDCONTROL "supportedControl"
174 178 #define _SUPPORTEDCONTROL_LEN 16
175 179
176 180 #define NS_HASH_MAX 257
177 181 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED="
178 182 #define NS_HASH_RC_SUCCESS 1
179 183 #define NS_HASH_RC_NO_MEMORY -1
180 184 #define NS_HASH_RC_CONFIG_ERROR -2
181 185 #define NS_HASH_RC_EXISTED -3
182 186 #define NS_HASH_RC_SYNTAX_ERROR -4
183 187
184 188 /* Password management related error message from iDS ldap server */
185 189 #define NS_PWDERR_MAXTRIES \
186 190 "Exceed password retry limit."
187 191 #define NS_PWDERR_EXPIRED \
188 192 "password expired!"
189 193 #define NS_PWDERR_ACCT_INACTIVATED \
190 194 "Account inactivated. Contact system administrator."
191 195 #define NS_PWDERR_CHANGE_NOT_ALLOW \
192 196 "user is not allowed to change password"
193 197 #define NS_PWDERR_INVALID_SYNTAX \
194 198 "invalid password syntax"
195 199 #define NS_PWDERR_TRIVIAL_PASSWD \
196 200 "Password failed triviality check"
197 201 #define NS_PWDERR_IN_HISTORY \
198 202 "password in history"
199 203 #define NS_PWDERR_WITHIN_MIN_AGE \
200 204 "within password minimum age"
201 205
202 206 /*
203 207 * INTERNALLY USED MACROS
204 208 */
205 209
206 210 void __s_api_debug_pause(int priority, int st, const char *mesg);
207 211
208 212 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str))
209 213
210 214 /*
211 215 * MKERROR: builds the error structure and fills in the status and
212 216 * the message. The message must be a freeable (non-static) string.
213 217 * If it fails to allocate memory for the error structure,
214 218 * it will return the retErr.
215 219 */
216 220 #define MKERROR(priority, err, st, mesg, retErr) \
217 221 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
218 222 return (retErr); \
219 223 (err)->message = mesg; \
220 224 (err)->status = (st); \
221 225 __s_api_debug_pause(priority, st, (err)->message);
222 226
223 227 /*
224 228 * MKERROR_PWD_MGMT is almost the same as MKERROR
225 229 * except that it takes two more inputs to fill in the
226 230 * password management information part of the
227 231 * ns_ldap_error structure pointed to by err,
228 232 * and it does not log a syslog message.
229 233 */
230 234 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
231 235 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
232 236 return (retErr); \
233 237 (err)->message = mesg; \
234 238 (err)->status = (st); \
235 239 (err)->pwd_mgmt.status = (pwd_status); \
236 240 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
237 241
238 242 #ifdef DEBUG
239 243 #define NSLDAPTRACE(variable, setequal, message) \
240 244 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
241 245 char buf[BUFSIZ]; \
242 246 (void) snprintf(buf, BUFSIZ, message); \
243 247 (void) write(__ldap_debug_file, buf); \
244 248 }
245 249 #endif
246 250
247 251 /*
248 252 * INTERNAL DATA STRUCTURES
249 253 */
250 254
251 255 /*
252 256 * configuration entry type
253 257 */
254 258
255 259 typedef enum {
256 260 SERVERCONFIG = 1,
257 261 CLIENTCONFIG = 2,
258 262 CREDCONFIG = 3
259 263 } ns_conftype_t;
260 264
261 265 /*
262 266 * datatype of a config entry
263 267 */
264 268
265 269 typedef enum {
266 270 NS_UNKNOWN = 0,
267 271 CHARPTR = 1, /* Single character pointer */
268 272 ARRAYCP = 2, /* comma sep array of char pointers */
269 273 ARRAYAUTH = 3, /* Array of auths */
270 274 TIMET = 4, /* time relative value (TTL) */
271 275 INT = 5, /* single integer */
272 276 SSDLIST = 6, /* service search descriptor */
273 277 ATTRMAP = 7, /* attribute mapping */
274 278 OBJMAP = 8, /* objectclass mapping */
275 279 SERVLIST = 9, /* serverlist (SP sep array) */
276 280 ARRAYCRED = 10, /* Array of credentialLevels */
277 281 SAMLIST = 11, /* serviceAuthenticationMethod */
278 282 SCLLIST = 12 /* serviceCredentialLevel */
279 283 } ns_datatype_t;
280 284
281 285 typedef enum {
282 286 NS_SUCCESS,
283 287 NS_NOTFOUND,
284 288 NS_PARSE_ERR
285 289 } ns_parse_status;
286 290
287 291 typedef enum {
288 292 NS_DOOR_FMT = 1,
289 293 NS_LDIF_FMT = 2,
290 294 NS_FILE_FMT = 3
291 295 } ns_strfmt_t;
292 296
293 297 /*
294 298 * This enum reduces the number of version string compares
295 299 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
296 300 */
297 301
298 302 typedef enum {
299 303 NS_LDAP_V1 = 1000,
300 304 NS_LDAP_V2 = 2000
301 305 } ns_version_t;
302 306
303 307 /*
304 308 * enum<->string mapping construct
305 309 */
306 310
307 311 typedef struct ns_enum_map {
308 312 int value;
309 313 char *name;
310 314 } ns_enum_map;
311 315
312 316 #define ENUM2INT(x) ((int)(x))
313 317
314 318 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x))
315 319 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x))
316 320 #define INT2SCOPEENUM(x) ((ScopeType_t)(x))
317 321 #define INT2AUTHENUM(x) ((AuthType_t)(x))
318 322 #define INT2SECENUM(x) ((TlsType_t)(x))
319 323 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x))
320 324 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x))
321 325 #define INT2SHADOWUPDATENUM(x) ((enableShadowUpdate_t)(x))
322 326
323 327 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x))
324 328 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x))
325 329 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x))
326 330
327 331 /*
328 332 * This structure maps service name to rdn components
329 333 * for use in __ns_getDNs. It also defines the SSD-to-use
330 334 * service for use in __s_api_get_SSDtoUse_service.
331 335 * The idea of an SSD-to-use service is to reduce the configuration
332 336 * complexity. For a service, which does not have its own entries in
333 337 * the LDAP directory, SSD for it is useless, and should not be set.
334 338 * But since this service must share the container with at least
335 339 * one other service which does have it own entries, the SSD for
336 340 * this other service will be shared by this service.
337 341 * This other service is called the SSD-to-use service.
338 342 *
339 343 */
340 344
341 345 typedef struct ns_service_map {
342 346 char *service;
343 347 char *rdn;
344 348 char *SSDtoUse_service;
345 349 } ns_service_map;
346 350
347 351 /*
348 352 * This structure contains a single mapping from:
349 353 * service:orig -> list of mapped
350 354 */
351 355
352 356 typedef enum {
353 357 NS_ATTR_MAP,
354 358 NS_OBJ_MAP
355 359 } ns_maptype_t;
356 360
357 361 typedef struct ns_mapping {
358 362 ns_maptype_t type;
359 363 char *service;
360 364 char *orig;
361 365 char **map;
362 366 } ns_mapping_t;
363 367
364 368 /*
365 369 * The following is the list of internal libsldap configuration data
366 370 * structures. The configuration is populated normally once per
367 371 * application. The assumption is that in applications can be
368 372 * relatively short lived (IE ls via nsswitch) so it is important to
369 373 * keep configuration to a minimum, but keep lookups fast.
370 374 *
371 375 * Assumptions:
372 376 * 1 configuration entry per domain, and almost always 1 domain
373 377 * per app. Hooks exist for multiple domains per app.
374 378 *
375 379 * Configurations are read in from client file cache or from LDAP.
376 380 * Attribute/objectclass mappings are hashed to improve lookup
377 381 * speed.
378 382 */
379 383
380 384 /*
381 385 * Hash entry types
382 386 */
383 387 typedef enum _ns_hashtype_t {
384 388 NS_HASH_AMAP = 1, /* attr map */
385 389 NS_HASH_RAMAP = 2, /* reverse attr map */
386 390 NS_HASH_OMAP = 3, /* oc map */
387 391 NS_HASH_ROMAP = 4, /* reverse oc map */
388 392 NS_HASH_VOID = 5
389 393 } ns_hashtype_t;
390 394
391 395 typedef struct ns_hash {
392 396 ns_hashtype_t h_type;
393 397 ns_mapping_t *h_map;
394 398 struct ns_hash *h_next;
395 399 struct ns_hash *h_llnext;
396 400 } ns_hash_t;
397 401
398 402 /*
399 403 * This structure defines the format of an internal configuration
400 404 * parameter for ns_ldap client.
401 405 */
402 406
403 407 typedef struct ns_param {
404 408 ns_datatype_t ns_ptype;
405 409 int ns_acnt;
406 410 union {
407 411 char **ppc;
408 412 int *pi;
409 413 char *pc;
410 414 int i;
411 415 time_t tm;
412 416 } ns_pu;
413 417 } ns_param_t;
414 418
415 419 #define ns_ppc ns_pu.ppc
416 420 #define ns_pi ns_pu.pi
417 421 #define ns_pc ns_pu.pc
418 422 #define ns_i ns_pu.i
419 423 #define ns_tm ns_pu.tm
420 424
421 425 /*
422 426 * This structure defines an instance of a configuration structure.
423 427 * paramList contains the current ns_ldap parameter configuration
424 428 * and hashTbl contain the current attribute/objectclass mappings.
425 429 * Parameters are indexed by using the value assigned to the parameter
426 430 * in ParamIndexType.
427 431 */
428 432
429 433 typedef struct ns_config {
430 434 char *domainName;
431 435 ns_version_t version;
432 436 ns_param_t paramList[NS_LDAP_MAX_PIT_P];
433 437 ns_hash_t *hashTbl[NS_HASH_MAX];
434 438 ns_hash_t *llHead;
435 439 ns_ldap_entry_t *RootDSE;
436 440 boolean_t delete;
437 441 mutex_t config_mutex;
438 442 int nUse;
439 443 ldap_get_chg_cookie_t config_cookie;
440 444 } ns_config_t;
441 445
442 446 /*
443 447 * This structure defines the mapping of the NSCONFIGFILE file
444 448 * statements into their corresponding SolarisNamingProfile,
445 449 * Posix Mapping LDAP attributes, and to their corresponding
446 450 * ParamIndexType enum mapping. THe ParamIndexType enum
447 451 * definitions can be found in ns_ldap.h. This structure also
448 452 * defines the default values that are used when a value either
449 453 * does not exist or is undefined.
450 454 */
451 455
452 456 typedef struct ns_default_config {
453 457 const char *name; /* config file parameter name */
454 458 ParamIndexType index; /* config file enum index */
455 459 ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */
456 460 ns_datatype_t data_type; /* ppc,pi,pc,int etc... */
457 461 int single_valued; /* TRUE OR FALSE */
458 462 ns_version_t version; /* Version # for attribute */
459 463 const char *profile_name; /* profile schema attribute name */
460 464 ns_param_t defval; /* config file parameter default */
461 465 int (*ns_verify)(ParamIndexType i,
462 466 struct ns_default_config *def,
463 467 ns_param_t *param,
464 468 char *errbuf);
465 469 ns_enum_map *allowed; /* allowed values */
466 470 } ns_default_config;
467 471
468 472
469 473 /*
470 474 * This typedef enumerates all the supported authentication
471 475 * mechanisms currently supported in this library
472 476 */
473 477
474 478 typedef enum EnumAuthType {
475 479 NS_LDAP_EA_NONE = 0,
476 480 NS_LDAP_EA_SIMPLE = 1,
477 481 NS_LDAP_EA_SASL_NONE = 2,
478 482 NS_LDAP_EA_SASL_CRAM_MD5 = 3,
479 483 NS_LDAP_EA_SASL_DIGEST_MD5 = 4,
480 484 NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5,
481 485 NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6,
482 486 NS_LDAP_EA_SASL_EXTERNAL = 7,
483 487 NS_LDAP_EA_SASL_GSSAPI = 8,
484 488 NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */
485 489 NS_LDAP_EA_TLS_NONE = 10,
486 490 NS_LDAP_EA_TLS_SIMPLE = 11,
487 491 NS_LDAP_EA_TLS_SASL_NONE = 12,
488 492 NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13,
489 493 NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14,
490 494 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15,
491 495 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16,
492 496 NS_LDAP_EA_TLS_SASL_EXTERNAL = 17,
493 497 NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */
494 498 NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */
495 499 } EnumAuthType_t;
496 500
497 501
498 502 /*
499 503 * this enum lists the various states of the search state machine
500 504 */
501 505
502 506 typedef enum {
503 507 INIT = 1,
504 508 EXIT = 2,
505 509 NEXT_SEARCH_DESCRIPTOR = 3,
506 510 GET_SESSION = 4,
507 511 NEXT_SESSION = 5,
508 512 RESTART_SESSION = 6,
509 513 NEXT_SEARCH = 7,
510 514 NEXT_VLV = 8,
511 515 NEXT_PAGE = 9,
512 516 ONE_SEARCH = 10,
513 517 DO_SEARCH = 11,
514 518 NEXT_RESULT = 12,
515 519 MULTI_RESULT = 13,
516 520 PROCESS_RESULT = 14,
517 521 END_PROCESS_RESULT = 15,
518 522 END_RESULT = 16,
519 523 NEXT_REFERRAL = 17,
520 524 GET_REFERRAL_SESSION = 18,
521 525 ERROR = 19,
522 526 LDAP_ERROR = 20,
523 527 GET_ACCT_MGMT_INFO = 21,
524 528 CLEAR_RESULTS = 22,
525 529 REINIT = 23
526 530 } ns_state_t;
527 531
528 532 /*
529 533 * this enum lists the various states of the write state machine
530 534 */
531 535 typedef enum {
532 536 W_INIT = 1,
533 537 W_EXIT = 2,
534 538 GET_CONNECTION = 3,
535 539 SELECT_OPERATION_SYNC = 4,
536 540 SELECT_OPERATION_ASYNC = 5,
537 541 DO_ADD_SYNC = 6,
538 542 DO_DELETE_SYNC = 7,
539 543 DO_MODIFY_SYNC = 8,
540 544 DO_ADD_ASYNC = 9,
541 545 DO_DELETE_ASYNC = 10,
542 546 DO_MODIFY_ASYNC = 11,
543 547 GET_RESULT_SYNC = 12,
544 548 GET_RESULT_ASYNC = 13,
545 549 PARSE_RESULT = 14,
546 550 GET_REFERRAL_CONNECTION = 15,
547 551 W_LDAP_ERROR = 16,
548 552 W_ERROR = 17
549 553 } ns_write_state_t;
550 554
551 555
552 556 typedef int ConnectionID;
553 557
554 558 /*
555 559 * Server side sort type. Orginally the server side sort
556 560 * was set to "cn uid". This did not work with AD and
557 561 * hence single sort attribute was odopted. We dont
558 562 * know which server side sort will work with the
559 563 * Directory and hence we discover which method works.
560 564 */
561 565 typedef enum {
562 566 SSS_UNKNOWN = 0,
563 567 SSS_SINGLE_ATTR = 1,
564 568 SSS_CN_UID_ATTRS = 2
565 569 } ns_srvsidesort_t;
566 570
567 571 /*
568 572 * This structure is used by ns_connect to create and manage
569 573 * one or more ldap connections within the library.
570 574 */
571 575 typedef struct connection {
572 576 ConnectionID connectionId;
573 577 boolean_t usedBit; /* true if only used by */
574 578 /* one thread and not shared */
575 579 /* by other threads */
576 580 pid_t pid; /* process id */
577 581 char *serverAddr;
578 582 ns_cred_t *auth;
579 583 LDAP *ld;
580 584 thread_t threadID; /* thread ID using it */
581 585 struct ns_ldap_cookie *cookieInfo;
582 586 char **controls; /* from server_info */
583 587 char **saslMechanisms; /* from server_info */
584 588 } Connection;
585 589
586 590 #define ONE_STEP 1
587 591
588 592 /*
589 593 * This structure is for referrals processing.
590 594 * The data are from referral URLs returned by
591 595 * LDAP servers
592 596 */
593 597 typedef struct ns_referral_info {
594 598 struct ns_referral_info *next;
595 599 char *refHost;
596 600 int refScope;
597 601 char *refDN;
598 602 char *refFilter;
599 603 } ns_referral_info_t;
600 604
601 605 struct ns_ldap_cookie;
602 606
603 607 /*
604 608 * Batch used by __ns_ldap_list_batch_xxx API
605 609 */
606 610 struct ns_ldap_list_batch {
607 611 uint32_t nactive;
608 612 struct ns_ldap_cookie *next_cookie;
609 613 struct ns_ldap_cookie *cookie_list;
610 614 };
611 615
612 616 struct ns_conn_user;
613 617 typedef struct ns_conn_user ns_conn_user_t;
614 618
615 619 /*
616 620 * This structure used internally in searches
617 621 */
618 622
619 623 typedef struct ns_ldap_cookie {
620 624 /* INPUTS */
621 625 /* server list position */
622 626
623 627 /* service search descriptor list & position */
624 628 ns_ldap_search_desc_t **sdlist;
625 629 ns_ldap_search_desc_t **sdpos;
626 630
627 631 /* search filter callback */
628 632 int use_filtercb;
629 633 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
630 634 char **realfilter, const void *userdata);
631 635
632 636 /* user callback */
633 637 int use_usercb;
634 638 int (*callback)(const ns_ldap_entry_t *entry,
635 639 const void *userdata);
636 640 const void *userdata;
637 641
638 642 int followRef;
639 643 int use_paging;
640 644 char *service;
641 645 char *i_filter;
642 646 const char * const *i_attr;
643 647 const char *i_sortattr;
644 648 const ns_cred_t *i_auth;
645 649 int i_flags;
646 650
647 651 /* OUTPUTS */
648 652 ns_ldap_result_t *result;
649 653 ns_ldap_entry_t *nextEntry;
650 654 /* Error data */
651 655 int err_rc;
652 656 ns_ldap_error_t *errorp;
653 657
654 658 /* PRIVATE */
655 659 ns_state_t state;
656 660 ns_state_t new_state;
657 661 ns_state_t next_state;
658 662
659 663 Connection *conn;
660 664 #define conn_auth_type conn->auth->auth.type
661 665 ConnectionID connectionId;
662 666
663 667 /* paging VLV/SIMPLEPAGE data */
664 668 int listType;
665 669 unsigned long index;
666 670 LDAPControl **p_serverctrls;
667 671 ns_srvsidesort_t sortTypeTry;
668 672 int entryCount;
669 673
670 674 int scope;
671 675 char *basedn;
672 676 char *filter;
673 677 char **attribute;
674 678
675 679 /* RESULT PROCESSING */
676 680 int msgId;
677 681 LDAPMessage *resultMsg;
678 682
679 683 char **dns;
680 684 char *currentdn;
681 685 int flag;
682 686 struct berval *ctrlCookie;
683 687
684 688 /* REFERRALS PROCESSING */
685 689 /* referralinfo list & position */
686 690 ns_referral_info_t *reflist;
687 691 ns_referral_info_t *refpos;
688 692 /* search timeout value */
689 693 struct timeval search_timeout;
690 694 /* response control to hold account management information */
691 695 LDAPControl **resultctrl;
692 696 /* Flag to indicate password less account management is required */
693 697 int nopasswd_acct_mgmt;
694 698 int err_from_result;
695 699 ns_conn_user_t *conn_user;
696 700
697 701 /* BATCH PROCESSING */
698 702 ns_ldap_list_batch_t *batch;
699 703 boolean_t no_wait;
700 704 boolean_t reinit_on_retriable_err;
701 705 int retries;
702 706 ns_ldap_result_t **caller_result;
703 707 ns_ldap_error_t **caller_errorp;
704 708 int *caller_rc;
705 709 struct ns_ldap_cookie *next_cookie_in_batch;
706 710 } ns_ldap_cookie_t;
707 711
708 712 /*
709 713 * This structure is part of the return value information for
710 714 * __s_api_requestServer. The routine that requests a new server
711 715 * from the cache manager
712 716 */
713 717 typedef struct ns_server_info {
714 718 char *server;
715 719 char *serverFQDN;
716 720 char **controls;
717 721 char **saslMechanisms;
718 722 } ns_server_info_t;
719 723
720 724 /*
721 725 * sasl callback function parameters
722 726 */
723 727 typedef struct ns_sasl_cb_param {
724 728 char *mech;
725 729 char *authid;
726 730 char *authzid;
727 731 char *passwd;
728 732 char *realm;
729 733 } ns_sasl_cb_param_t;
730 734
731 735 /* Multiple threads per connection variable */
732 736 extern int MTperConn;
733 737
734 738 /*
735 739 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
736 740 */
737 741
738 742 #ifdef DEBUG
739 743 extern int __ldap_debug_file;
740 744 extern int __ldap_debug_api;
741 745 extern int __ldap_debug_ldap;
742 746 extern int __ldap_debug_servers;
743 747 #endif
744 748
745 749 /* internal connection APIs */
746 750 void DropConnection(ConnectionID, int);
747 751 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
748 752
749 753 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
750 754 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
751 755 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
752 756 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
753 757 char *__s_get_pref_name(PrefOnly_t type);
754 758 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
755 759 char *__s_get_shadowupdate_name(enableShadowUpdate_t type);
756 760 char *__s_get_hostcertpath(void);
757 761 void __s_api_free_sessionPool();
758 762 int __s_api_requestServer(const char *request, const char *server,
759 763 ns_server_info_t *ret, ns_ldap_error_t **error, const char *addrType);
760 764
761 765
762 766 /* ************ internal sldap-api functions *********** */
763 767 void __ns_ldap_freeEntry(ns_ldap_entry_t *ep);
764 768 void __s_api_split_key_value(char *buffer, char **name, char **value);
765 769 int __s_api_printResult(ns_ldap_result_t *);
766 770 int __s_api_getSearchScope(int *, ns_ldap_error_t **);
767 771 int __s_api_getDNs(char ***, const char *,
768 772 ns_ldap_error_t **);
769 773 int __s_api_get_search_DNs_v1(char ***, const char *,
770 774 ns_ldap_error_t **);
771 775 int __s_api_getConnection(const char *, const int,
772 776 const ns_cred_t *, int *,
773 777 Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
774 778 char **__s_api_cp2dArray(char **);
775 779 void __s_api_free2dArray(char **);
776 780
777 781 int __s_api_isCtrlSupported(Connection *, char *);
778 782 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
779 783 ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
780 784 boolean_t __s_api_peruser_proc(void);
781 785 boolean_t __s_api_nscd_proc(void);
782 786 char *dvalue(char *);
783 787 char *evalue(char *);
784 788 ns_ldap_error_t *__s_api_make_error(int, char *);
785 789 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
786 790
787 791 /* ************ specific 'Standalone' functions ********** */
788 792 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
789 793 struct hostent *__s_api_hostname2ip(const char *name,
790 794 struct hostent *result,
791 795 char *buffer,
792 796 int buflen,
793 797 int *h_errnop);
794 798 void __s_api_setInitMode();
795 799 void __s_api_unsetInitMode();
796 800 int __s_api_isStandalone(void);
797 801 int __s_api_isInitializing();
798 802 ns_ldap_return_code __s_api_findRootDSE(const char *request,
799 803 const char *server,
800 804 const char *addrType,
801 805 ns_server_info_t *ret,
802 806 ns_ldap_error_t **error);
803 807 ns_config_t *__s_api_create_config_door_str(char *config,
804 808 ns_ldap_error_t **errorp);
805 809
806 810 extern void get_environment();
807 811
808 812 /* internal Param APIs */
809 813 int __ns_ldap_setParamValue(ns_config_t *ptr,
810 814 const ParamIndexType type,
811 815 const void *data, ns_ldap_error_t **error);
812 816 int __s_api_get_type(const char *value, ParamIndexType *type);
813 817 int __s_api_get_versiontype(ns_config_t *ptr, char *value,
814 818 ParamIndexType *type);
815 819 int __s_api_get_profiletype(char *value, ParamIndexType *type);
816 820 void __s_api_init_config(ns_config_t *ptr);
817 821 void __s_api_init_config_global(ns_config_t *ptr);
818 822 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
819 823 int check_dn);
820 824 ns_config_t *__s_api_create_config(void);
821 825 ns_config_t *__s_api_get_default_config(void);
822 826 ns_config_t *__s_api_get_default_config_global(void);
823 827 ns_config_t *__s_api_loadrefresh_config();
824 828 ns_config_t *__s_api_loadrefresh_config_global();
825 829 void __s_api_destroy_config(ns_config_t *ptr);
826 830 int __s_api_get_configtype(ParamIndexType type);
827 831 const char *__s_api_get_configname(ParamIndexType type);
828 832 char *__s_api_strValue(ns_config_t *ptr, ParamIndexType i,
829 833 ns_strfmt_t fmt);
830 834 void __s_api_release_config(ns_config_t *cfg);
831 835
832 836 /* internal attribute/objectclass mapping api's */
833 837 int __s_api_add_map2hash(ns_config_t *config,
834 838 ns_hashtype_t type, ns_mapping_t *map);
835 839 void __s_api_destroy_hash(ns_config_t *config);
836 840 int __s_api_parse_map(char *cp, char **sid,
837 841 char **origA, char ***mapA);
838 842 char **__ns_ldap_mapAttributeList(const char *service,
839 843 const char * const *origAttrList);
840 844 char *__ns_ldap_mapAttribute(const char *service,
841 845 const char *origAttr);
842 846
843 847 /* internal configuration APIs */
844 848 void __ns_ldap_setServer(int set);
845 849 ns_ldap_error_t *__ns_ldap_LoadConfiguration();
846 850 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
847 851 ns_config_t *new, int cred_only);
848 852 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
849 853 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename);
850 854 int __ns_ldap_cache_ping();
851 855 ns_ldap_error_t *__ns_ldap_print_config(int);
852 856 void __ns_ldap_default_config();
853 857 int __ns_ldap_download(const char *, char *, char *,
854 858 ns_ldap_error_t **);
855 859 int
856 860 __ns_ldap_check_dns_preq(int foreground,
857 861 int mode_verbose,
858 862 int mode_quiet,
859 863 const char *fname,
860 864 ns_ldap_self_gssapi_config_t config,
861 865 ns_ldap_error_t **errpp);
862 866 int
863 867 __ns_ldap_check_gssapi_preq(int foreground,
864 868 int mode_verbose,
865 869 int mode_quiet,
866 870 ns_ldap_self_gssapi_config_t config,
867 871 ns_ldap_error_t **errpp);
868 872 int
869 873 __ns_ldap_check_all_preq(int foreground,
870 874 int mode_verbose,
871 875 int mode_quiet,
872 876 ns_ldap_self_gssapi_config_t config,
873 877 ns_ldap_error_t **errpp);
874 878
875 879 /* internal un-exposed APIs */
876 880 ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp);
877 881 boolean_t __s_api_is_auth_matched(const ns_cred_t *auth1,
878 882 const ns_cred_t *auth2);
879 883 int __s_api_get_SSD_from_SSDtoUse_service(const char *service,
880 884 ns_ldap_search_desc_t ***SSDlist,
881 885 ns_ldap_error_t **errorp);
882 886 int __s_api_prepend_automountmapname(const char *service,
883 887 ns_ldap_search_desc_t ***SSDlist,
884 888 ns_ldap_error_t ** errorp);
885 889 int __s_api_prepend_automountmapname_to_dn(const char *service,
886 890 char **basedn,
887 891 ns_ldap_error_t ** errorp);
888 892 int __s_api_convert_automountmapname(const char *service,
889 893 char **dn, ns_ldap_error_t ** errorp);
890 894 int __s_api_replace_mapped_attr_in_dn(
891 895 const char *orig_attr, const char *mapped_attr,
892 896 const char *dn, char **new_dn);
893 897 int __s_api_append_default_basedn(
894 898 const char *dn,
895 899 char **new_dn,
896 900 int *allocated,
897 901 ns_ldap_error_t ** errorp);
898 902 int __s_api_removeServer(const char *server);
899 903 void __s_api_removeBadServers(char **server);
900 904 void __s_api_free_server_info(ns_server_info_t *sinfo);
901 905 void __s_api_freeConnection(Connection *con);
902 906
903 907 /* internal referrals APIs */
904 908 int __s_api_toFollowReferrals(const int flags,
905 909 int *toFollow,
906 910 ns_ldap_error_t **errorp);
907 911 int __s_api_addRefInfo(ns_referral_info_t **head,
908 912 char *url, char *baseDN, int *scope,
909 913 char *filter, LDAP *ld);
910 914 void __s_api_deleteRefInfo(ns_referral_info_t *head);
911 915
912 916 /* callback routine for SSD filters */
913 917 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
914 918 char **realfilter,
915 919 const void *userdata);
916 920
917 921 /* network address verification api */
918 922 int __s_api_isipv4(char *addr);
919 923 int __s_api_isipv6(char *addr);
920 924 int __s_api_ishost(char *addr);
921 925
922 926 /* password management routine */
923 927 ns_ldap_passwd_status_t
924 928 __s_api_set_passwd_status(int errnum, char *errmsg);
925 929 int __s_api_contain_passwd_control_oid(char **oids);
926 930
927 931 /* password less account management routine */
928 932 int __s_api_contain_account_usable_control_oid(char **oids);
929 933
930 934 /* RFC 2307 section 5.6. Get a canonical name from entry */
931 935 char *__s_api_get_canonical_name(ns_ldap_entry_t *entry,
932 936 ns_ldap_attr_t *attrptr, int case_ignore);
933 937
934 938 /* self/sasl/gssapi functions */
935 939 int __s_api_sasl_bind_callback(
936 940 LDAP *ld,
937 941 unsigned flags,
938 942 void *defaults,
939 943 void *in);
940 944
941 945 int __s_api_self_gssapi_only_get(void);
942 946
943 947 int __print2buf(LineBuf *line, const char *toprint, char *sep);
944 948
945 949 #ifdef __cplusplus
946 950 }
947 951 #endif
948 952
949 953 #endif /* _NS_INTERNAL_H */
|
↓ open down ↓ |
871 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX