1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
25 */
26
27
28#ifndef	_NS_INTERNAL_H
29#define	_NS_INTERNAL_H
30
31#ifdef __cplusplus
32extern "C" {
33#endif
34
35#include <stdio.h>
36#include <sys/types.h>
37#include <sys/time.h>
38#include <thread.h>
39#include <lber.h>
40#include <ldap.h>
41#include "ns_sldap.h"
42#include "ns_cache_door.h"
43
44/*
45 * INTERNALLY USED CONSTANTS
46 */
47
48#define	MAXERROR		2000
49#define	TRUE			1
50#define	FALSE			0
51#define	NSLDAPDIRECTORY		"/var/ldap"
52#define	NSCONFIGFILE		"/var/ldap/ldap_client_file"
53#define	NSCONFIGREFRESH		"/var/ldap/ldap_client_file.refresh"
54#define	NSCREDFILE		"/var/ldap/ldap_client_cred"
55#define	NSCREDREFRESH		"/var/ldap/ldap_client_cred.refresh"
56#define	ROTORSIZE		256
57#define	MASK			0377
58#define	LDAPMAXHARDLOOKUPTIME	256
59#define	DONOTEDIT		\
60	"Do not edit this file manually; your changes will be lost." \
61	"Please use ldapclient (1M) instead."
62#define	MAXPORTNUMBER		65535
63#define	MAXPORTNUMBER_STR	"65535"
64#define	CREDFILE		0
65#define	CONFIGFILE		1
66#define	UIDNUMFILTER		"(&(objectclass=posixAccount)(uidnumber=%s))"
67#define	UIDNUMFILTER_SSD	"(&(%%s)(uidnumber=%s))"
68#define	UIDFILTER		"(&(objectclass=posixAccount)(uid=%s))"
69#define	UIDFILTER_SSD		"(&(%%s)(uid=%s))"
70#define	UIDDNFILTER	"(&(objectclass=posixAccount)(distinguishedName=%s))"
71#define	UIDDNFILTER_SSD		"(&(%%s)(distinguishedName=%s))"
72
73#define	HOSTFILTER		"(&(objectclass=ipHost)(cn=%s))"
74#define	HOSTFILTER_SSD		"(&(%%s)(cn=%s))"
75
76#define	SIMPLEPAGECTRLFLAG	1
77#define	VLVCTRLFLAG		2
78
79#define	LISTPAGESIZE		1000
80#define	ENUMPAGESIZE		100
81
82#define	DEFMAX			8
83#define	TOKENSEPARATOR		'='
84#define	QUOTETOK		'"'
85#define	SPACETOK		' '
86#define	COMMATOK		','
87#define	COLONTOK		':'
88#define	QUESTTOK		'?'
89#define	SEMITOK			';'
90#define	TABTOK			'\t'
91#define	OPARATOK		'('
92#define	CPARATOK		')'
93#define	BSLTOK			'\\'
94#define	DOORLINESEP		"\07"
95#define	DOORLINESEP_CHR		0x7
96#define	COMMASEP		", "
97#define	SPACESEP		" "
98#define	SEMISEP			";"
99#define	COLONSEP		":"
100#define	COLSPSEP		": "
101#define	EQUALSEP		"="
102#define	EQUSPSEP		"= "
103#define	LAST_VALUE		(int)NS_LDAP_HOST_CERTPATH_P
104#define	BUFSIZE			BUFSIZ
105#define	DEFAULTCONFIGNAME	"__default_config"
106#define	EXP_DEFAULT_TTL		"43200"	/* 12 hours TTL */
107#define	CRYPTMARK		"{NS1}"
108#define	DOORBUFFERSIZE		8192
109
110#define	LDIF_FMT_STR		"%s: %s"
111#define	FILE_FMT_STR		"%s= %s"
112#define	DOOR_FMT_STR		"%s=%s"
113
114#define	SESSION_CACHE_INC	8
115#define	CONID_OFFSET		1024
116#define	NS_DEFAULT_BIND_TIMEOUT		30 /* timeout value in seconds */
117#define	NS_DEFAULT_SEARCH_TIMEOUT	30 /* timeout value in seconds */
118
119/* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
120#define	RDNSIZE			512
121
122/*
123 * special service used by ldap_cachemgr to indicate a shadow update
124 * is to be done with the credential of the administrator identity
125 */
126#define	NS_ADMIN_SHADOW_UPDATE	"shadow__admin_update"
127
128/* Phase 1 profile information */
129#define	_PROFILE1_OBJECTCLASS	"SolarisNamingProfile"
130#define	_PROFILE_CONTAINER	"profile"
131#define	_PROFILE_FILTER		"(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
132
133/* Phase 2 profile information */
134#define	_PROFILE2_OBJECTCLASS		"DUAConfigProfile"
135
136/* Common to all profiles */
137#define	_P_CN			"cn"
138
139/* Native LDAP Phase 1 Specific Profile Attributes */
140#define	_P1_SERVERS			"SolarisLDAPServers"
141#define	_P1_SEARCHBASEDN		"SolarisSearchBaseDN"
142#define	_P1_CACHETTL			"SolarisCacheTTL"
143#define	_P1_BINDDN			"SolarisBindDN"
144#define	_P1_BINDPASSWORD		"SolarisBindPassword"
145#define	_P1_AUTHMETHOD			"SolarisAuthMethod"
146#define	_P1_TRANSPORTSECURITY		"SolarisTransportSecurity"
147#define	_P1_CERTIFICATEPATH		"SolarisCertificatePath"
148#define	_P1_CERTIFICATEPASSWORD		"SolarisCertificatePassword"
149#define	_P1_DATASEARCHDN		"SolarisDataSearchDN"
150#define	_P1_SEARCHSCOPE			"SolarisSearchScope"
151#define	_P1_SEARCHTIMELIMIT		"SolarisSearchTimeLimit"
152#define	_P1_PREFERREDSERVER		"SolarisPreferredServer"
153#define	_P1_PREFERREDSERVERONLY		"SolarisPreferredServerOnly"
154#define	_P1_SEARCHREFERRAL		"SolarisSearchReferral"
155#define	_P1_BINDTIMELIMIT		"SolarisBindTimeLimit"
156
157/* Native LDAP Phase 2 Specific Profile Attributes */
158#define	_P2_PREFERREDSERVER		"preferredServerList"
159#define	_P2_DEFAULTSERVER		"defaultServerList"
160#define	_P2_SEARCHBASEDN		"defaultSearchBase"
161#define	_P2_SEARCHSCOPE			"defaultSearchScope"
162#define	_P2_AUTHMETHOD			"authenticationMethod"
163#define	_P2_CREDENTIALLEVEL		"credentialLevel"
164#define	_P2_SERVICESEARCHDESC		"serviceSearchDescriptor"
165#define	_P2_SEARCHTIMELIMIT		"searchTimeLimit"
166#define	_P2_BINDTIMELIMIT		"bindTimeLimit"
167#define	_P2_FOLLOWREFERRALS		"followReferrals"
168#define	_P2_PROFILETTL			"profileTTL"
169#define	_P2_ATTRIBUTEMAP		"attributeMap"
170#define	_P2_OBJECTCLASSMAP		"objectClassMap"
171#define	_P2_SERVICECREDLEVEL		"serviceCredentialLevel"
172#define	_P2_SERVICEAUTHMETHOD		"serviceAuthenticationMethod"
173
174/* Control & SASL information from RootDSE door call */
175#define	_SASLMECHANISM			"supportedSASLmechanisms"
176#define	_SASLMECHANISM_LEN		23
177#define	_SUPPORTEDCONTROL		"supportedControl"
178#define	_SUPPORTEDCONTROL_LEN		16
179
180#define	NS_HASH_MAX	257
181#define	NS_HASH_SCHEMA_MAPPING_EXISTED	"=MAPPING EXISTED="
182#define	NS_HASH_RC_SUCCESS		1
183#define	NS_HASH_RC_NO_MEMORY		-1
184#define	NS_HASH_RC_CONFIG_ERROR		-2
185#define	NS_HASH_RC_EXISTED		-3
186#define	NS_HASH_RC_SYNTAX_ERROR		-4
187
188/* Password management related error message from iDS ldap server */
189#define	NS_PWDERR_MAXTRIES		\
190	"Exceed password retry limit."
191#define	NS_PWDERR_EXPIRED		\
192	"password expired!"
193#define	NS_PWDERR_ACCT_INACTIVATED	\
194	"Account inactivated. Contact system administrator."
195#define	NS_PWDERR_CHANGE_NOT_ALLOW	\
196	"user is not allowed to change password"
197#define	NS_PWDERR_INVALID_SYNTAX	\
198	"invalid password syntax"
199#define	NS_PWDERR_TRIVIAL_PASSWD	\
200	"Password failed triviality check"
201#define	NS_PWDERR_IN_HISTORY	\
202	"password in history"
203#define	NS_PWDERR_WITHIN_MIN_AGE	\
204	"within password minimum age"
205
206/*
207 * INTERNALLY USED MACROS
208 */
209
210void	__s_api_debug_pause(int priority, int st, const char *mesg);
211
212#define	NULL_OR_STR(str)	(!(str) || *(str) == '\0' ? "<NULL>" : (str))
213
214/*
215 * MKERROR: builds the error structure and fills in the status and
216 * the message.  The message must be a freeable (non-static) string.
217 * If it fails to allocate memory for the error structure,
218 * it will return the retErr.
219 */
220#define	MKERROR(priority, err, st, mesg, retErr) \
221	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
222		return (retErr); \
223	(err)->message = mesg; \
224	(err)->status = (st); \
225	__s_api_debug_pause(priority, st, (err)->message);
226
227/*
228 * MKERROR_PWD_MGMT is almost the same as MKERROR
229 * except that it takes two more inputs to fill in the
230 * password management information part of the
231 * ns_ldap_error structure pointed to by err,
232 * and it does not log a syslog message.
233 */
234#define	MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
235	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
236		return (retErr); \
237	(err)->message = mesg; \
238	(err)->status = (st); \
239	(err)->pwd_mgmt.status = (pwd_status); \
240	(err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
241
242#ifdef DEBUG
243#define	NSLDAPTRACE(variable, setequal, message) \
244	if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
245		char buf[BUFSIZ]; \
246		(void) snprintf(buf, BUFSIZ, message); \
247		(void) write(__ldap_debug_file, buf); \
248	}
249#endif
250
251/*
252 * INTERNAL DATA STRUCTURES
253 */
254
255/*
256 * configuration entry type
257 */
258
259typedef enum {
260	SERVERCONFIG	= 1,
261	CLIENTCONFIG	= 2,
262	CREDCONFIG	= 3
263} ns_conftype_t;
264
265/*
266 * datatype of a config entry
267 */
268
269typedef enum {
270	NS_UNKNOWN	= 0,
271	CHARPTR		= 1,		/* Single character pointer */
272	ARRAYCP		= 2,		/* comma sep array of char pointers */
273	ARRAYAUTH	= 3,		/* Array of auths */
274	TIMET		= 4,		/* time relative value (TTL) */
275	INT		= 5,		/* single integer */
276	SSDLIST		= 6,		/* service search descriptor */
277	ATTRMAP		= 7,		/* attribute mapping */
278	OBJMAP		= 8,		/* objectclass mapping */
279	SERVLIST	= 9,		/* serverlist (SP sep array) */
280	ARRAYCRED	= 10,		/* Array of credentialLevels */
281	SAMLIST		= 11,		/* serviceAuthenticationMethod */
282	SCLLIST		= 12		/* serviceCredentialLevel */
283} ns_datatype_t;
284
285typedef enum {
286	NS_SUCCESS,
287	NS_NOTFOUND,
288	NS_PARSE_ERR
289} ns_parse_status;
290
291typedef enum {
292	NS_DOOR_FMT	= 1,
293	NS_LDIF_FMT	= 2,
294	NS_FILE_FMT	= 3
295} ns_strfmt_t;
296
297/*
298 * This enum reduces the number of version string compares
299 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
300 */
301
302typedef enum {
303	NS_LDAP_V1	= 1000,
304	NS_LDAP_V2	= 2000
305} ns_version_t;
306
307/*
308 * enum<->string mapping construct
309 */
310
311typedef struct ns_enum_map {
312	int	value;
313	char	*name;
314} ns_enum_map;
315
316#define	ENUM2INT(x)		((int)(x))
317
318#define	INT2PARAMINDEXENUM(x)	((ParamIndexType)(x))
319#define	INT2SEARCHREFENUM(x)	((SearchRef_t)(x))
320#define	INT2SCOPEENUM(x)	((ScopeType_t)(x))
321#define	INT2AUTHENUM(x)		((AuthType_t)(x))
322#define	INT2SECENUM(x)		((TlsType_t)(x))
323#define	INT2PREFONLYENUM(x)	((PrefOnly_t)(x))
324#define	INT2CREDLEVELENUM(x)	((CredLevel_t)(x))
325#define	INT2SHADOWUPDATENUM(x)	((enableShadowUpdate_t)(x))
326
327#define	INT2LDAPRETURN(x)	((ns_ldap_return_code)(x))
328#define	INT2CONFIGRETURN(x)	((ns_ldap_config_return_code)(x))
329#define	INT2PARTIALRETURN(x)	((ns_ldap_partial_return_code)(x))
330
331/*
332 * This structure maps service name to rdn components
333 * for use in __ns_getDNs. It also defines the SSD-to-use
334 * service for use in __s_api_get_SSDtoUse_service.
335 * The idea of an SSD-to-use service is to reduce the configuration
336 * complexity. For a service, which does not have its own entries in
337 * the LDAP directory, SSD for it is useless, and should not be set.
338 * But since this service must share the container with at least
339 * one other service which does have it own entries, the SSD for
340 * this other service will be shared by this service.
341 * This other service is called the SSD-to-use service.
342 *
343 */
344
345typedef struct ns_service_map {
346	char	*service;
347	char	*rdn;
348	char	*SSDtoUse_service;
349} ns_service_map;
350
351/*
352 * This structure contains a single mapping from:
353 * service:orig -> list of mapped
354 */
355
356typedef enum {
357	NS_ATTR_MAP,
358	NS_OBJ_MAP
359} ns_maptype_t;
360
361typedef struct ns_mapping {
362	ns_maptype_t	type;
363	char		*service;
364	char		*orig;
365	char		**map;
366} ns_mapping_t;
367
368/*
369 * The following is the list of internal libsldap configuration data
370 * structures.  The configuration is populated normally once per
371 * application.  The assumption is that in applications can be
372 * relatively short lived (IE ls via nsswitch) so it is important to
373 * keep configuration to a minimum, but keep lookups fast.
374 *
375 * Assumptions:
376 * 1 configuration entry per domain, and almost always 1 domain
377 * per app.  Hooks exist for multiple domains per app.
378 *
379 * Configurations are read in from client file cache or from LDAP.
380 * Attribute/objectclass mappings are hashed to improve lookup
381 * speed.
382 */
383
384/*
385 * Hash entry types
386 */
387typedef enum	_ns_hashtype_t {
388	NS_HASH_AMAP	= 1,		/* attr map */
389	NS_HASH_RAMAP	= 2,		/* reverse attr map */
390	NS_HASH_OMAP	= 3,		/* oc map */
391	NS_HASH_ROMAP	= 4,		/* reverse oc map */
392	NS_HASH_VOID	= 5
393} ns_hashtype_t;
394
395typedef struct ns_hash {
396	ns_hashtype_t	h_type;
397	ns_mapping_t	*h_map;
398	struct ns_hash	*h_next;
399	struct ns_hash	*h_llnext;
400} ns_hash_t;
401
402/*
403 * This structure defines the format of an internal configuration
404 * parameter for ns_ldap client.
405 */
406
407typedef struct ns_param {
408	ns_datatype_t	ns_ptype;
409	int		ns_acnt;
410	union {
411		char	**ppc;
412		int	*pi;
413		char	*pc;
414		int	i;
415		time_t	tm;
416	} ns_pu;
417} ns_param_t;
418
419#define	ns_ppc	ns_pu.ppc
420#define	ns_pi	ns_pu.pi
421#define	ns_pc	ns_pu.pc
422#define	ns_i	ns_pu.i
423#define	ns_tm	ns_pu.tm
424
425/*
426 * This structure defines an instance of a configuration structure.
427 * paramList contains the current ns_ldap parameter configuration
428 * and hashTbl contain the current attribute/objectclass mappings.
429 * Parameters are indexed by using the value assigned to the parameter
430 * in ParamIndexType.
431 */
432
433typedef struct ns_config {
434	char			*domainName;
435	ns_version_t		version;
436	ns_param_t		paramList[NS_LDAP_MAX_PIT_P];
437	ns_hash_t		*hashTbl[NS_HASH_MAX];
438	ns_hash_t		*llHead;
439	ns_ldap_entry_t		*RootDSE;
440	boolean_t		delete;
441	mutex_t			config_mutex;
442	int			nUse;
443	ldap_get_chg_cookie_t	config_cookie;
444} ns_config_t;
445
446/*
447 * This structure defines the mapping of the NSCONFIGFILE file
448 * statements into their corresponding SolarisNamingProfile,
449 * Posix Mapping LDAP attributes, and to their corresponding
450 * ParamIndexType enum mapping.  THe ParamIndexType enum
451 * definitions can be found in ns_ldap.h.  This structure also
452 * defines the default values that are used when a value either
453 * does not exist or is undefined.
454 */
455
456typedef struct ns_default_config {
457	const char	*name;		/* config file parameter name */
458	ParamIndexType	index;		/* config file enum index */
459	ns_conftype_t	config_type;	/* CLIENT/SERVER/CREDCONFIG */
460	ns_datatype_t	data_type;	/* ppc,pi,pc,int etc... */
461	int		single_valued;	/* TRUE OR FALSE */
462	ns_version_t	version;	/* Version # for attribute */
463	const char	*profile_name;	/* profile schema attribute name */
464	ns_param_t	defval;		/* config file parameter default */
465	int		(*ns_verify)(ParamIndexType i,
466				struct ns_default_config *def,
467				ns_param_t *param,
468				char *errbuf);
469	ns_enum_map	*allowed;	/* allowed values */
470} ns_default_config;
471
472
473/*
474 * This typedef enumerates all the supported authentication
475 * mechanisms currently supported in this library
476 */
477
478typedef enum EnumAuthType {
479	NS_LDAP_EA_NONE				= 0,
480	NS_LDAP_EA_SIMPLE			= 1,
481	NS_LDAP_EA_SASL_NONE			= 2,
482	NS_LDAP_EA_SASL_CRAM_MD5		= 3,
483	NS_LDAP_EA_SASL_DIGEST_MD5		= 4,
484	NS_LDAP_EA_SASL_DIGEST_MD5_INT		= 5,
485	NS_LDAP_EA_SASL_DIGEST_MD5_CONF		= 6,
486	NS_LDAP_EA_SASL_EXTERNAL		= 7,
487	NS_LDAP_EA_SASL_GSSAPI			= 8,
488	NS_LDAP_EA_SASL_SPNEGO			= 9,	/* unsupported */
489	NS_LDAP_EA_TLS_NONE			= 10,
490	NS_LDAP_EA_TLS_SIMPLE			= 11,
491	NS_LDAP_EA_TLS_SASL_NONE		= 12,
492	NS_LDAP_EA_TLS_SASL_CRAM_MD5		= 13,
493	NS_LDAP_EA_TLS_SASL_DIGEST_MD5		= 14,
494	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT	= 15,
495	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF	= 16,
496	NS_LDAP_EA_TLS_SASL_EXTERNAL		= 17,
497	NS_LDAP_EA_TLS_SASL_GSSAPI		= 18,	/* unsupported */
498	NS_LDAP_EA_TLS_SASL_SPNEGO		= 19	/* unsupported */
499} EnumAuthType_t;
500
501
502/*
503 * this enum lists the various states of the search state machine
504 */
505
506typedef enum {
507	INIT			= 1,
508	EXIT			= 2,
509	NEXT_SEARCH_DESCRIPTOR	= 3,
510	GET_SESSION		= 4,
511	NEXT_SESSION		= 5,
512	RESTART_SESSION		= 6,
513	NEXT_SEARCH		= 7,
514	NEXT_VLV		= 8,
515	NEXT_PAGE		= 9,
516	ONE_SEARCH		= 10,
517	DO_SEARCH		= 11,
518	NEXT_RESULT		= 12,
519	MULTI_RESULT		= 13,
520	PROCESS_RESULT		= 14,
521	END_PROCESS_RESULT	= 15,
522	END_RESULT		= 16,
523	NEXT_REFERRAL		= 17,
524	GET_REFERRAL_SESSION	= 18,
525	ERROR			= 19,
526	LDAP_ERROR		= 20,
527	GET_ACCT_MGMT_INFO	= 21,
528	CLEAR_RESULTS		= 22,
529	REINIT			= 23
530} ns_state_t;
531
532/*
533 * this enum lists the various states of the write state machine
534 */
535typedef enum {
536	W_INIT			= 1,
537	W_EXIT			= 2,
538	GET_CONNECTION		= 3,
539	SELECT_OPERATION_SYNC	= 4,
540	SELECT_OPERATION_ASYNC	= 5,
541	DO_ADD_SYNC		= 6,
542	DO_DELETE_SYNC		= 7,
543	DO_MODIFY_SYNC		= 8,
544	DO_ADD_ASYNC		= 9,
545	DO_DELETE_ASYNC		= 10,
546	DO_MODIFY_ASYNC		= 11,
547	GET_RESULT_SYNC		= 12,
548	GET_RESULT_ASYNC	= 13,
549	PARSE_RESULT		= 14,
550	GET_REFERRAL_CONNECTION	= 15,
551	W_LDAP_ERROR		= 16,
552	W_ERROR			= 17
553} ns_write_state_t;
554
555
556typedef int ConnectionID;
557
558/*
559 * Server side sort type. Orginally the server side sort
560 * was set to "cn uid". This did not work with AD and
561 * hence single sort attribute was odopted. We dont
562 * know which server side sort will work with the
563 * Directory and hence we discover which method works.
564 */
565typedef enum {
566	SSS_UNKNOWN		= 0,
567	SSS_SINGLE_ATTR		= 1,
568	SSS_CN_UID_ATTRS	= 2
569} ns_srvsidesort_t;
570
571/*
572 * This structure is used by ns_connect to create and manage
573 * one or more ldap connections within the library.
574 */
575typedef struct connection {
576	ConnectionID		connectionId;
577	boolean_t		usedBit;	/* true if only used by */
578						/* one thread and not shared */
579						/* by other threads */
580	pid_t			pid;		/* process id */
581	char			*serverAddr;
582	ns_cred_t		*auth;
583	LDAP			*ld;
584	thread_t		threadID;	/* thread ID using it */
585	struct ns_ldap_cookie	*cookieInfo;
586	char			**controls;		/* from server_info */
587	char			**saslMechanisms;	/* from server_info */
588} Connection;
589
590#define	ONE_STEP			1
591
592/*
593 * This structure is for referrals processing.
594 * The data are from referral URLs returned by
595 * LDAP servers
596 */
597typedef struct ns_referral_info {
598	struct ns_referral_info	*next;
599	char			*refHost;
600	int			refScope;
601	char			*refDN;
602	char			*refFilter;
603} ns_referral_info_t;
604
605struct ns_ldap_cookie;
606
607/*
608 * Batch used by __ns_ldap_list_batch_xxx API
609 */
610struct ns_ldap_list_batch {
611	uint32_t		nactive;
612	struct ns_ldap_cookie	*next_cookie;
613	struct ns_ldap_cookie	*cookie_list;
614};
615
616struct ns_conn_user;
617typedef struct ns_conn_user ns_conn_user_t;
618
619/*
620 * This structure used internally in searches
621 */
622
623typedef struct ns_ldap_cookie {
624	/* INPUTS */
625		/* server list position */
626
627		/* service search descriptor list & position */
628	ns_ldap_search_desc_t  **sdlist;
629	ns_ldap_search_desc_t  **sdpos;
630
631		/* search filter callback */
632	int			use_filtercb;
633	int	(*init_filter_cb)(const ns_ldap_search_desc_t *desc,
634			char **realfilter, const void *userdata);
635
636		/* user callback */
637	int			use_usercb;
638	int	(*callback)(const ns_ldap_entry_t *entry,
639			const void *userdata);
640	const void		*userdata;
641
642	int			followRef;
643	int			use_paging;
644	char			*service;
645	char			*i_filter;
646	const char * const	*i_attr;
647	const char		*i_sortattr;
648	const ns_cred_t		*i_auth;
649	int			i_flags;
650
651	/* OUTPUTS */
652	ns_ldap_result_t	*result;
653	ns_ldap_entry_t		*nextEntry;
654		/* Error data */
655	int			err_rc;
656	ns_ldap_error_t		*errorp;
657
658	/* PRIVATE */
659	ns_state_t		state;
660	ns_state_t		new_state;
661	ns_state_t		next_state;
662
663	Connection		*conn;
664#define	conn_auth_type	conn->auth->auth.type
665	ConnectionID		connectionId;
666
667	/* paging VLV/SIMPLEPAGE data */
668	int			listType;
669	unsigned long		index;
670	LDAPControl		**p_serverctrls;
671	ns_srvsidesort_t	sortTypeTry;
672	int			entryCount;
673
674	int			scope;
675	char			*basedn;
676	char			*filter;
677	char			**attribute;
678
679	/* RESULT PROCESSING */
680	int			msgId;
681	LDAPMessage		*resultMsg;
682
683	char			**dns;
684	char			*currentdn;
685	int			flag;
686	struct berval		*ctrlCookie;
687
688	/* REFERRALS PROCESSING */
689	/* referralinfo list & position */
690	ns_referral_info_t	*reflist;
691	ns_referral_info_t	*refpos;
692	/* search timeout value */
693	struct timeval		search_timeout;
694	/* response control to hold account management information */
695	LDAPControl		**resultctrl;
696	/* Flag to indicate password less account management is required */
697	int			nopasswd_acct_mgmt;
698	int			err_from_result;
699	ns_conn_user_t		*conn_user;
700
701	/* BATCH PROCESSING */
702	ns_ldap_list_batch_t	*batch;
703	boolean_t		no_wait;
704	boolean_t		reinit_on_retriable_err;
705	int			retries;
706	ns_ldap_result_t	**caller_result;
707	ns_ldap_error_t		**caller_errorp;
708	int			*caller_rc;
709	struct ns_ldap_cookie	*next_cookie_in_batch;
710} ns_ldap_cookie_t;
711
712/*
713 * This structure is part of the return value information for
714 * __s_api_requestServer.  The routine that requests a new server
715 * from the cache manager
716 */
717typedef struct ns_server_info {
718	char	*server;
719	char	*serverFQDN;
720	char	**controls;
721	char	**saslMechanisms;
722} ns_server_info_t;
723
724/*
725 * sasl callback function parameters
726 */
727typedef struct ns_sasl_cb_param {
728	char	*mech;
729	char	*authid;
730	char	*authzid;
731	char	*passwd;
732	char	*realm;
733} ns_sasl_cb_param_t;
734
735/* Multiple threads per connection variable */
736extern int MTperConn;
737
738/*
739 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
740 */
741
742#ifdef DEBUG
743extern int	__ldap_debug_file;
744extern int	__ldap_debug_api;
745extern int	__ldap_debug_ldap;
746extern int	__ldap_debug_servers;
747#endif
748
749/* internal connection APIs */
750void DropConnection(ConnectionID, int);
751int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
752
753int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
754char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
755char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
756char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
757char *__s_get_pref_name(PrefOnly_t type);
758char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
759char *__s_get_shadowupdate_name(enableShadowUpdate_t type);
760char *__s_get_hostcertpath(void);
761void __s_api_free_sessionPool();
762int __s_api_requestServer(const char *request, const char *server,
763	ns_server_info_t *ret, ns_ldap_error_t **error,  const char *addrType);
764
765
766/* ************ internal sldap-api functions *********** */
767void	__ns_ldap_freeEntry(ns_ldap_entry_t *ep);
768void	__s_api_split_key_value(char *buffer, char **name, char **value);
769int	__s_api_printResult(ns_ldap_result_t *);
770int	__s_api_getSearchScope(int *, ns_ldap_error_t **);
771int	__s_api_getDNs(char ***, const char *,
772	ns_ldap_error_t **);
773int	__s_api_get_search_DNs_v1(char ***, const char *,
774	ns_ldap_error_t **);
775int	__s_api_getConnection(const char *, const int,
776	const ns_cred_t *, int *,
777	Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
778char	**__s_api_cp2dArray(char **);
779void	__s_api_free2dArray(char **);
780
781int	__s_api_isCtrlSupported(Connection *, char *);
782ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
783ns_auth_t  *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
784boolean_t __s_api_peruser_proc(void);
785boolean_t __s_api_nscd_proc(void);
786char	*dvalue(char *);
787char	*evalue(char *);
788ns_ldap_error_t *__s_api_make_error(int, char *);
789ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
790
791/* ************ specific 'Standalone' functions ********** */
792ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
793struct hostent *__s_api_hostname2ip(const char *name,
794				    struct hostent *result,
795				    char *buffer,
796				    int buflen,
797				    int *h_errnop);
798void	__s_api_setInitMode();
799void	__s_api_unsetInitMode();
800int	__s_api_isStandalone(void);
801int __s_api_isInitializing();
802ns_ldap_return_code __s_api_findRootDSE(const char *request,
803					const char *server,
804					const char *addrType,
805					ns_server_info_t *ret,
806					ns_ldap_error_t	**error);
807ns_config_t *__s_api_create_config_door_str(char *config,
808				ns_ldap_error_t **errorp);
809
810extern void	get_environment();
811
812/* internal Param APIs */
813int		__ns_ldap_setParamValue(ns_config_t *ptr,
814			const ParamIndexType type,
815			const void *data, ns_ldap_error_t **error);
816int		__s_api_get_type(const char *value, ParamIndexType *type);
817int		__s_api_get_versiontype(ns_config_t *ptr, char *value,
818					ParamIndexType *type);
819int		__s_api_get_profiletype(char *value, ParamIndexType *type);
820void		__s_api_init_config(ns_config_t *ptr);
821void		__s_api_init_config_global(ns_config_t *ptr);
822ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
823					int check_dn);
824ns_config_t	*__s_api_create_config(void);
825ns_config_t	*__s_api_get_default_config(void);
826ns_config_t	*__s_api_get_default_config_global(void);
827ns_config_t	*__s_api_loadrefresh_config();
828ns_config_t	*__s_api_loadrefresh_config_global();
829void		__s_api_destroy_config(ns_config_t *ptr);
830int		__s_api_get_configtype(ParamIndexType type);
831const char	*__s_api_get_configname(ParamIndexType type);
832char		*__s_api_strValue(ns_config_t *ptr, ParamIndexType i,
833			ns_strfmt_t fmt);
834void		__s_api_release_config(ns_config_t *cfg);
835
836/* internal attribute/objectclass mapping api's */
837int		 __s_api_add_map2hash(ns_config_t *config,
838				ns_hashtype_t type, ns_mapping_t *map);
839void		__s_api_destroy_hash(ns_config_t *config);
840int		__s_api_parse_map(char *cp, char **sid,
841				char **origA, char ***mapA);
842char		**__ns_ldap_mapAttributeList(const char *service,
843				const char * const *origAttrList);
844char		*__ns_ldap_mapAttribute(const char *service,
845				const char *origAttr);
846
847/* internal configuration APIs */
848void		__ns_ldap_setServer(int set);
849ns_ldap_error_t	*__ns_ldap_LoadConfiguration();
850ns_ldap_error_t	*__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
851				ns_config_t *new, int cred_only);
852ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
853ns_ldap_error_t	*__ns_ldap_DumpLdif(char *filename);
854int		__ns_ldap_cache_ping();
855ns_ldap_error_t *__ns_ldap_print_config(int);
856void		__ns_ldap_default_config();
857int		__ns_ldap_download(const char *, char *, char *,
858				ns_ldap_error_t **);
859int
860__ns_ldap_check_dns_preq(int foreground,
861		int mode_verbose,
862		int mode_quiet,
863		const char *fname,
864		ns_ldap_self_gssapi_config_t config,
865		ns_ldap_error_t **errpp);
866int
867__ns_ldap_check_gssapi_preq(int foreground,
868		int mode_verbose,
869		int mode_quiet,
870		ns_ldap_self_gssapi_config_t config,
871		ns_ldap_error_t **errpp);
872int
873__ns_ldap_check_all_preq(int foreground,
874		int mode_verbose,
875		int mode_quiet,
876		ns_ldap_self_gssapi_config_t config,
877		ns_ldap_error_t **errpp);
878
879/* internal un-exposed APIs */
880ns_cred_t	*__ns_ldap_dupAuth(const ns_cred_t *authp);
881boolean_t	__s_api_is_auth_matched(const ns_cred_t *auth1,
882		    const ns_cred_t *auth2);
883int		__s_api_get_SSD_from_SSDtoUse_service(const char *service,
884			ns_ldap_search_desc_t ***SSDlist,
885			ns_ldap_error_t **errorp);
886int		__s_api_prepend_automountmapname(const char *service,
887			ns_ldap_search_desc_t ***SSDlist,
888			ns_ldap_error_t ** errorp);
889int		__s_api_prepend_automountmapname_to_dn(const char *service,
890			char **basedn,
891			ns_ldap_error_t ** errorp);
892int		__s_api_convert_automountmapname(const char *service,
893			char **dn, ns_ldap_error_t ** errorp);
894int		__s_api_replace_mapped_attr_in_dn(
895			const char *orig_attr, const char *mapped_attr,
896			const char *dn, char **new_dn);
897int		__s_api_append_default_basedn(
898			const char *dn,
899			char **new_dn,
900			int *allocated,
901			ns_ldap_error_t ** errorp);
902int		__s_api_removeServer(const char *server);
903void		__s_api_removeBadServers(char **server);
904void		__s_api_free_server_info(ns_server_info_t *sinfo);
905void		__s_api_freeConnection(Connection *con);
906
907/* internal referrals APIs */
908int		__s_api_toFollowReferrals(const int flags,
909			int *toFollow,
910			ns_ldap_error_t **errorp);
911int		__s_api_addRefInfo(ns_referral_info_t **head,
912			char *url, char *baseDN, int *scope,
913			char *filter, LDAP *ld);
914void		__s_api_deleteRefInfo(ns_referral_info_t *head);
915
916/* callback routine for SSD filters */
917int		__s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
918			char **realfilter,
919			const void *userdata);
920
921/* network address verification api */
922int		__s_api_isipv4(char *addr);
923int		__s_api_isipv6(char *addr);
924int		__s_api_ishost(char *addr);
925
926/* password management routine */
927ns_ldap_passwd_status_t
928		__s_api_set_passwd_status(int errnum, char *errmsg);
929int		__s_api_contain_passwd_control_oid(char **oids);
930
931/* password less account management routine */
932int		__s_api_contain_account_usable_control_oid(char **oids);
933
934/* RFC 2307 section 5.6. Get a canonical name from entry */
935char		*__s_api_get_canonical_name(ns_ldap_entry_t *entry,
936			ns_ldap_attr_t *attrptr, int case_ignore);
937
938/* self/sasl/gssapi functions */
939int		__s_api_sasl_bind_callback(
940			LDAP		*ld,
941			unsigned	flags,
942			void		*defaults,
943			void		*in);
944
945int		__s_api_self_gssapi_only_get(void);
946
947int		__print2buf(LineBuf *line, const char *toprint, char *sep);
948
949#ifdef __cplusplus
950}
951#endif
952
953#endif /* _NS_INTERNAL_H */
954