17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5689c2bf4Sjanga * Common Development and Distribution License (the "License"). 6689c2bf4Sjanga * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 21442384bbSJulian Pullen 227c478bd9Sstevel@tonic-gate /* 239f2fd570SJulian Pullen * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 24695ef821SGordon Ross * Copyright 2017 Nexenta Systems, Inc. All rights reserved. 25d7ab8532SJason King * Copyright 2020 Joyent, Inc. 267c478bd9Sstevel@tonic-gate */ 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #ifndef _NS_INTERNAL_H 307c478bd9Sstevel@tonic-gate #define _NS_INTERNAL_H 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #ifdef __cplusplus 337c478bd9Sstevel@tonic-gate extern "C" { 347c478bd9Sstevel@tonic-gate #endif 357c478bd9Sstevel@tonic-gate 367c478bd9Sstevel@tonic-gate #include <stdio.h> 377c478bd9Sstevel@tonic-gate #include <sys/types.h> 387c478bd9Sstevel@tonic-gate #include <sys/time.h> 397c478bd9Sstevel@tonic-gate #include <thread.h> 407c478bd9Sstevel@tonic-gate #include <lber.h> 417c478bd9Sstevel@tonic-gate #include <ldap.h> 427c478bd9Sstevel@tonic-gate #include "ns_sldap.h" 43e1dd0a2fSth #include "ns_cache_door.h" 447c478bd9Sstevel@tonic-gate 457c478bd9Sstevel@tonic-gate /* 467c478bd9Sstevel@tonic-gate * INTERNALLY USED CONSTANTS 477c478bd9Sstevel@tonic-gate */ 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate #define MAXERROR 2000 507c478bd9Sstevel@tonic-gate #define TRUE 1 517c478bd9Sstevel@tonic-gate #define FALSE 0 527c478bd9Sstevel@tonic-gate #define NSLDAPDIRECTORY "/var/ldap" 537c478bd9Sstevel@tonic-gate #define NSCONFIGFILE "/var/ldap/ldap_client_file" 547c478bd9Sstevel@tonic-gate #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh" 557c478bd9Sstevel@tonic-gate #define NSCREDFILE "/var/ldap/ldap_client_cred" 567c478bd9Sstevel@tonic-gate #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh" 577c478bd9Sstevel@tonic-gate #define ROTORSIZE 256 587c478bd9Sstevel@tonic-gate #define MASK 0377 597c478bd9Sstevel@tonic-gate #define LDAPMAXHARDLOOKUPTIME 256 607c478bd9Sstevel@tonic-gate #define DONOTEDIT \ 617c478bd9Sstevel@tonic-gate "Do not edit this file manually; your changes will be lost." \ 62*bbf21555SRichard Lowe "Please use ldapclient(8) instead." 637c478bd9Sstevel@tonic-gate #define MAXPORTNUMBER 65535 647c478bd9Sstevel@tonic-gate #define MAXPORTNUMBER_STR "65535" 657c478bd9Sstevel@tonic-gate #define CREDFILE 0 667c478bd9Sstevel@tonic-gate #define CONFIGFILE 1 677c478bd9Sstevel@tonic-gate #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))" 68695ef821SGordon Ross #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))" 697c478bd9Sstevel@tonic-gate #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))" 707c478bd9Sstevel@tonic-gate #define UIDFILTER_SSD "(&(%%s)(uid=%s))" 71d7ab8532SJason King #define UIDDNFILTER "(objectclass=posixAccount)" 72695ef821SGordon Ross 737c478bd9Sstevel@tonic-gate #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))" 747c478bd9Sstevel@tonic-gate #define HOSTFILTER_SSD "(&(%%s)(cn=%s))" 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate #define SIMPLEPAGECTRLFLAG 1 777c478bd9Sstevel@tonic-gate #define VLVCTRLFLAG 2 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate #define LISTPAGESIZE 1000 807c478bd9Sstevel@tonic-gate #define ENUMPAGESIZE 100 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate #define DEFMAX 8 837c478bd9Sstevel@tonic-gate #define TOKENSEPARATOR '=' 847c478bd9Sstevel@tonic-gate #define QUOTETOK '"' 857c478bd9Sstevel@tonic-gate #define SPACETOK ' ' 867c478bd9Sstevel@tonic-gate #define COMMATOK ',' 877c478bd9Sstevel@tonic-gate #define COLONTOK ':' 887c478bd9Sstevel@tonic-gate #define QUESTTOK '?' 897c478bd9Sstevel@tonic-gate #define SEMITOK ';' 907c478bd9Sstevel@tonic-gate #define TABTOK '\t' 917c478bd9Sstevel@tonic-gate #define OPARATOK '(' 927c478bd9Sstevel@tonic-gate #define CPARATOK ')' 937c478bd9Sstevel@tonic-gate #define BSLTOK '\\' 947c478bd9Sstevel@tonic-gate #define DOORLINESEP "\07" 95e1dd0a2fSth #define DOORLINESEP_CHR 0x7 967c478bd9Sstevel@tonic-gate #define COMMASEP ", " 977c478bd9Sstevel@tonic-gate #define SPACESEP " " 987c478bd9Sstevel@tonic-gate #define SEMISEP ";" 997c478bd9Sstevel@tonic-gate #define COLONSEP ":" 1007c478bd9Sstevel@tonic-gate #define COLSPSEP ": " 1017c478bd9Sstevel@tonic-gate #define EQUALSEP "=" 1027c478bd9Sstevel@tonic-gate #define EQUSPSEP "= " 1037c478bd9Sstevel@tonic-gate #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P 104434c5a06SMilan Jurik #define BUFSIZE BUFSIZ 1057c478bd9Sstevel@tonic-gate #define DEFAULTCONFIGNAME "__default_config" 1067c478bd9Sstevel@tonic-gate #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */ 1077c478bd9Sstevel@tonic-gate #define CRYPTMARK "{NS1}" 1087c478bd9Sstevel@tonic-gate #define DOORBUFFERSIZE 8192 1097c478bd9Sstevel@tonic-gate 1107c478bd9Sstevel@tonic-gate #define LDIF_FMT_STR "%s: %s" 1117c478bd9Sstevel@tonic-gate #define FILE_FMT_STR "%s= %s" 1127c478bd9Sstevel@tonic-gate #define DOOR_FMT_STR "%s=%s" 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate #define SESSION_CACHE_INC 8 1157c478bd9Sstevel@tonic-gate #define CONID_OFFSET 1024 1167c478bd9Sstevel@tonic-gate #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */ 1177c478bd9Sstevel@tonic-gate #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */ 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ 12050b7bd51SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India #define RDNSIZE 512 1217c478bd9Sstevel@tonic-gate 122dd1104fbSMichen Chang /* 123dd1104fbSMichen Chang * special service used by ldap_cachemgr to indicate a shadow update 124dd1104fbSMichen Chang * is to be done with the credential of the administrator identity 125dd1104fbSMichen Chang */ 126dd1104fbSMichen Chang #define NS_ADMIN_SHADOW_UPDATE "shadow__admin_update" 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate /* Phase 1 profile information */ 1297c478bd9Sstevel@tonic-gate #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile" 1307c478bd9Sstevel@tonic-gate #define _PROFILE_CONTAINER "profile" 1317c478bd9Sstevel@tonic-gate #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))" 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate /* Phase 2 profile information */ 1347c478bd9Sstevel@tonic-gate #define _PROFILE2_OBJECTCLASS "DUAConfigProfile" 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate /* Common to all profiles */ 1377c478bd9Sstevel@tonic-gate #define _P_CN "cn" 1387c478bd9Sstevel@tonic-gate 1397c478bd9Sstevel@tonic-gate /* Native LDAP Phase 1 Specific Profile Attributes */ 1407c478bd9Sstevel@tonic-gate #define _P1_SERVERS "SolarisLDAPServers" 1417c478bd9Sstevel@tonic-gate #define _P1_SEARCHBASEDN "SolarisSearchBaseDN" 1427c478bd9Sstevel@tonic-gate #define _P1_CACHETTL "SolarisCacheTTL" 1437c478bd9Sstevel@tonic-gate #define _P1_BINDDN "SolarisBindDN" 1447c478bd9Sstevel@tonic-gate #define _P1_BINDPASSWORD "SolarisBindPassword" 1457c478bd9Sstevel@tonic-gate #define _P1_AUTHMETHOD "SolarisAuthMethod" 1467c478bd9Sstevel@tonic-gate #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity" 1477c478bd9Sstevel@tonic-gate #define _P1_CERTIFICATEPATH "SolarisCertificatePath" 1487c478bd9Sstevel@tonic-gate #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword" 1497c478bd9Sstevel@tonic-gate #define _P1_DATASEARCHDN "SolarisDataSearchDN" 1507c478bd9Sstevel@tonic-gate #define _P1_SEARCHSCOPE "SolarisSearchScope" 1517c478bd9Sstevel@tonic-gate #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit" 1527c478bd9Sstevel@tonic-gate #define _P1_PREFERREDSERVER "SolarisPreferredServer" 1537c478bd9Sstevel@tonic-gate #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly" 1547c478bd9Sstevel@tonic-gate #define _P1_SEARCHREFERRAL "SolarisSearchReferral" 1557c478bd9Sstevel@tonic-gate #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit" 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate /* Native LDAP Phase 2 Specific Profile Attributes */ 1587c478bd9Sstevel@tonic-gate #define _P2_PREFERREDSERVER "preferredServerList" 1597c478bd9Sstevel@tonic-gate #define _P2_DEFAULTSERVER "defaultServerList" 1607c478bd9Sstevel@tonic-gate #define _P2_SEARCHBASEDN "defaultSearchBase" 1617c478bd9Sstevel@tonic-gate #define _P2_SEARCHSCOPE "defaultSearchScope" 1627c478bd9Sstevel@tonic-gate #define _P2_AUTHMETHOD "authenticationMethod" 1637c478bd9Sstevel@tonic-gate #define _P2_CREDENTIALLEVEL "credentialLevel" 1647c478bd9Sstevel@tonic-gate #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor" 1657c478bd9Sstevel@tonic-gate #define _P2_SEARCHTIMELIMIT "searchTimeLimit" 1667c478bd9Sstevel@tonic-gate #define _P2_BINDTIMELIMIT "bindTimeLimit" 1677c478bd9Sstevel@tonic-gate #define _P2_FOLLOWREFERRALS "followReferrals" 1687c478bd9Sstevel@tonic-gate #define _P2_PROFILETTL "profileTTL" 1697c478bd9Sstevel@tonic-gate #define _P2_ATTRIBUTEMAP "attributeMap" 1707c478bd9Sstevel@tonic-gate #define _P2_OBJECTCLASSMAP "objectClassMap" 1717c478bd9Sstevel@tonic-gate #define _P2_SERVICECREDLEVEL "serviceCredentialLevel" 1727c478bd9Sstevel@tonic-gate #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod" 1737c478bd9Sstevel@tonic-gate 1747c478bd9Sstevel@tonic-gate /* Control & SASL information from RootDSE door call */ 1757c478bd9Sstevel@tonic-gate #define _SASLMECHANISM "supportedSASLmechanisms" 1767c478bd9Sstevel@tonic-gate #define _SASLMECHANISM_LEN 23 1777c478bd9Sstevel@tonic-gate #define _SUPPORTEDCONTROL "supportedControl" 1787c478bd9Sstevel@tonic-gate #define _SUPPORTEDCONTROL_LEN 16 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate #define NS_HASH_MAX 257 1817c478bd9Sstevel@tonic-gate #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED=" 1827c478bd9Sstevel@tonic-gate #define NS_HASH_RC_SUCCESS 1 1837c478bd9Sstevel@tonic-gate #define NS_HASH_RC_NO_MEMORY -1 1847c478bd9Sstevel@tonic-gate #define NS_HASH_RC_CONFIG_ERROR -2 1857c478bd9Sstevel@tonic-gate #define NS_HASH_RC_EXISTED -3 1867c478bd9Sstevel@tonic-gate #define NS_HASH_RC_SYNTAX_ERROR -4 1877c478bd9Sstevel@tonic-gate 1887c478bd9Sstevel@tonic-gate /* Password management related error message from iDS ldap server */ 1897c478bd9Sstevel@tonic-gate #define NS_PWDERR_MAXTRIES \ 1907c478bd9Sstevel@tonic-gate "Exceed password retry limit." 1917c478bd9Sstevel@tonic-gate #define NS_PWDERR_EXPIRED \ 1927c478bd9Sstevel@tonic-gate "password expired!" 1937c478bd9Sstevel@tonic-gate #define NS_PWDERR_ACCT_INACTIVATED \ 1947c478bd9Sstevel@tonic-gate "Account inactivated. Contact system administrator." 1957c478bd9Sstevel@tonic-gate #define NS_PWDERR_CHANGE_NOT_ALLOW \ 1967c478bd9Sstevel@tonic-gate "user is not allowed to change password" 1977c478bd9Sstevel@tonic-gate #define NS_PWDERR_INVALID_SYNTAX \ 1987c478bd9Sstevel@tonic-gate "invalid password syntax" 1997c478bd9Sstevel@tonic-gate #define NS_PWDERR_TRIVIAL_PASSWD \ 2007c478bd9Sstevel@tonic-gate "Password failed triviality check" 2017c478bd9Sstevel@tonic-gate #define NS_PWDERR_IN_HISTORY \ 2027c478bd9Sstevel@tonic-gate "password in history" 2037c478bd9Sstevel@tonic-gate #define NS_PWDERR_WITHIN_MIN_AGE \ 2047c478bd9Sstevel@tonic-gate "within password minimum age" 2057c478bd9Sstevel@tonic-gate 2067c478bd9Sstevel@tonic-gate /* 2077c478bd9Sstevel@tonic-gate * INTERNALLY USED MACROS 2087c478bd9Sstevel@tonic-gate */ 2097c478bd9Sstevel@tonic-gate 2107c478bd9Sstevel@tonic-gate void __s_api_debug_pause(int priority, int st, const char *mesg); 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str)) 2137c478bd9Sstevel@tonic-gate 2147c478bd9Sstevel@tonic-gate /* 2157c478bd9Sstevel@tonic-gate * MKERROR: builds the error structure and fills in the status and 2167c478bd9Sstevel@tonic-gate * the message. The message must be a freeable (non-static) string. 2177c478bd9Sstevel@tonic-gate * If it fails to allocate memory for the error structure, 2187c478bd9Sstevel@tonic-gate * it will return the retErr. 2197c478bd9Sstevel@tonic-gate */ 2207c478bd9Sstevel@tonic-gate #define MKERROR(priority, err, st, mesg, retErr) \ 2217c478bd9Sstevel@tonic-gate if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 2227c478bd9Sstevel@tonic-gate return (retErr); \ 2237c478bd9Sstevel@tonic-gate (err)->message = mesg; \ 2247c478bd9Sstevel@tonic-gate (err)->status = (st); \ 2257c478bd9Sstevel@tonic-gate __s_api_debug_pause(priority, st, (err)->message); 2267c478bd9Sstevel@tonic-gate 2277c478bd9Sstevel@tonic-gate /* 2287c478bd9Sstevel@tonic-gate * MKERROR_PWD_MGMT is almost the same as MKERROR 2297c478bd9Sstevel@tonic-gate * except that it takes two more inputs to fill in the 2307c478bd9Sstevel@tonic-gate * password management information part of the 2317c478bd9Sstevel@tonic-gate * ns_ldap_error structure pointed to by err, 2327c478bd9Sstevel@tonic-gate * and it does not log a syslog message. 2337c478bd9Sstevel@tonic-gate */ 2347c478bd9Sstevel@tonic-gate #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \ 2357c478bd9Sstevel@tonic-gate if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 2367c478bd9Sstevel@tonic-gate return (retErr); \ 2377c478bd9Sstevel@tonic-gate (err)->message = mesg; \ 2387c478bd9Sstevel@tonic-gate (err)->status = (st); \ 2397c478bd9Sstevel@tonic-gate (err)->pwd_mgmt.status = (pwd_status); \ 2407c478bd9Sstevel@tonic-gate (err)->pwd_mgmt.sec_until_expired = (sec_until_exp); 2417c478bd9Sstevel@tonic-gate 2427c478bd9Sstevel@tonic-gate #ifdef DEBUG 2437c478bd9Sstevel@tonic-gate #define NSLDAPTRACE(variable, setequal, message) \ 2447c478bd9Sstevel@tonic-gate if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \ 2457c478bd9Sstevel@tonic-gate char buf[BUFSIZ]; \ 2467c478bd9Sstevel@tonic-gate (void) snprintf(buf, BUFSIZ, message); \ 2477c478bd9Sstevel@tonic-gate (void) write(__ldap_debug_file, buf); \ 2487c478bd9Sstevel@tonic-gate } 2497c478bd9Sstevel@tonic-gate #endif 2507c478bd9Sstevel@tonic-gate 2517c478bd9Sstevel@tonic-gate /* 2527c478bd9Sstevel@tonic-gate * INTERNAL DATA STRUCTURES 2537c478bd9Sstevel@tonic-gate */ 2547c478bd9Sstevel@tonic-gate 2557c478bd9Sstevel@tonic-gate /* 2567c478bd9Sstevel@tonic-gate * configuration entry type 2577c478bd9Sstevel@tonic-gate */ 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gate typedef enum { 2607c478bd9Sstevel@tonic-gate SERVERCONFIG = 1, 2617c478bd9Sstevel@tonic-gate CLIENTCONFIG = 2, 2627c478bd9Sstevel@tonic-gate CREDCONFIG = 3 2637c478bd9Sstevel@tonic-gate } ns_conftype_t; 2647c478bd9Sstevel@tonic-gate 2657c478bd9Sstevel@tonic-gate /* 2667c478bd9Sstevel@tonic-gate * datatype of a config entry 2677c478bd9Sstevel@tonic-gate */ 2687c478bd9Sstevel@tonic-gate 2697c478bd9Sstevel@tonic-gate typedef enum { 2707c478bd9Sstevel@tonic-gate NS_UNKNOWN = 0, 2717c478bd9Sstevel@tonic-gate CHARPTR = 1, /* Single character pointer */ 2727c478bd9Sstevel@tonic-gate ARRAYCP = 2, /* comma sep array of char pointers */ 2737c478bd9Sstevel@tonic-gate ARRAYAUTH = 3, /* Array of auths */ 2747c478bd9Sstevel@tonic-gate TIMET = 4, /* time relative value (TTL) */ 2757c478bd9Sstevel@tonic-gate INT = 5, /* single integer */ 2767c478bd9Sstevel@tonic-gate SSDLIST = 6, /* service search descriptor */ 2777c478bd9Sstevel@tonic-gate ATTRMAP = 7, /* attribute mapping */ 2787c478bd9Sstevel@tonic-gate OBJMAP = 8, /* objectclass mapping */ 2797c478bd9Sstevel@tonic-gate SERVLIST = 9, /* serverlist (SP sep array) */ 2807c478bd9Sstevel@tonic-gate ARRAYCRED = 10, /* Array of credentialLevels */ 2817c478bd9Sstevel@tonic-gate SAMLIST = 11, /* serviceAuthenticationMethod */ 2827c478bd9Sstevel@tonic-gate SCLLIST = 12 /* serviceCredentialLevel */ 2837c478bd9Sstevel@tonic-gate } ns_datatype_t; 2847c478bd9Sstevel@tonic-gate 2857c478bd9Sstevel@tonic-gate typedef enum { 2867c478bd9Sstevel@tonic-gate NS_SUCCESS, 2877c478bd9Sstevel@tonic-gate NS_NOTFOUND, 2887c478bd9Sstevel@tonic-gate NS_PARSE_ERR 2897c478bd9Sstevel@tonic-gate } ns_parse_status; 2907c478bd9Sstevel@tonic-gate 2917c478bd9Sstevel@tonic-gate typedef enum { 2927c478bd9Sstevel@tonic-gate NS_DOOR_FMT = 1, 2937c478bd9Sstevel@tonic-gate NS_LDIF_FMT = 2, 2947c478bd9Sstevel@tonic-gate NS_FILE_FMT = 3 2957c478bd9Sstevel@tonic-gate } ns_strfmt_t; 2967c478bd9Sstevel@tonic-gate 2977c478bd9Sstevel@tonic-gate /* 2987c478bd9Sstevel@tonic-gate * This enum reduces the number of version string compares 2997c478bd9Sstevel@tonic-gate * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2 3007c478bd9Sstevel@tonic-gate */ 3017c478bd9Sstevel@tonic-gate 3027c478bd9Sstevel@tonic-gate typedef enum { 3037c478bd9Sstevel@tonic-gate NS_LDAP_V1 = 1000, 3047c478bd9Sstevel@tonic-gate NS_LDAP_V2 = 2000 3057c478bd9Sstevel@tonic-gate } ns_version_t; 3067c478bd9Sstevel@tonic-gate 3077c478bd9Sstevel@tonic-gate /* 3087c478bd9Sstevel@tonic-gate * enum<->string mapping construct 3097c478bd9Sstevel@tonic-gate */ 3107c478bd9Sstevel@tonic-gate 3117c478bd9Sstevel@tonic-gate typedef struct ns_enum_map { 3127c478bd9Sstevel@tonic-gate int value; 3137c478bd9Sstevel@tonic-gate char *name; 3147c478bd9Sstevel@tonic-gate } ns_enum_map; 3157c478bd9Sstevel@tonic-gate 3167c478bd9Sstevel@tonic-gate #define ENUM2INT(x) ((int)(x)) 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x)) 3197c478bd9Sstevel@tonic-gate #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x)) 3207c478bd9Sstevel@tonic-gate #define INT2SCOPEENUM(x) ((ScopeType_t)(x)) 3217c478bd9Sstevel@tonic-gate #define INT2AUTHENUM(x) ((AuthType_t)(x)) 3227c478bd9Sstevel@tonic-gate #define INT2SECENUM(x) ((TlsType_t)(x)) 3237c478bd9Sstevel@tonic-gate #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x)) 3247c478bd9Sstevel@tonic-gate #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x)) 325dd1104fbSMichen Chang #define INT2SHADOWUPDATENUM(x) ((enableShadowUpdate_t)(x)) 3267c478bd9Sstevel@tonic-gate 3277c478bd9Sstevel@tonic-gate #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x)) 3287c478bd9Sstevel@tonic-gate #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x)) 3297c478bd9Sstevel@tonic-gate #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x)) 3307c478bd9Sstevel@tonic-gate 3317c478bd9Sstevel@tonic-gate /* 3327c478bd9Sstevel@tonic-gate * This structure maps service name to rdn components 3337c478bd9Sstevel@tonic-gate * for use in __ns_getDNs. It also defines the SSD-to-use 3347c478bd9Sstevel@tonic-gate * service for use in __s_api_get_SSDtoUse_service. 3357c478bd9Sstevel@tonic-gate * The idea of an SSD-to-use service is to reduce the configuration 3367c478bd9Sstevel@tonic-gate * complexity. For a service, which does not have its own entries in 3377c478bd9Sstevel@tonic-gate * the LDAP directory, SSD for it is useless, and should not be set. 3387c478bd9Sstevel@tonic-gate * But since this service must share the container with at least 3397c478bd9Sstevel@tonic-gate * one other service which does have it own entries, the SSD for 3407c478bd9Sstevel@tonic-gate * this other service will be shared by this service. 3417c478bd9Sstevel@tonic-gate * This other service is called the SSD-to-use service. 3427c478bd9Sstevel@tonic-gate * 3437c478bd9Sstevel@tonic-gate */ 3447c478bd9Sstevel@tonic-gate 3457c478bd9Sstevel@tonic-gate typedef struct ns_service_map { 3467c478bd9Sstevel@tonic-gate char *service; 3477c478bd9Sstevel@tonic-gate char *rdn; 3487c478bd9Sstevel@tonic-gate char *SSDtoUse_service; 3497c478bd9Sstevel@tonic-gate } ns_service_map; 3507c478bd9Sstevel@tonic-gate 3517c478bd9Sstevel@tonic-gate /* 3527c478bd9Sstevel@tonic-gate * This structure contains a single mapping from: 3537c478bd9Sstevel@tonic-gate * service:orig -> list of mapped 3547c478bd9Sstevel@tonic-gate */ 3557c478bd9Sstevel@tonic-gate 3567c478bd9Sstevel@tonic-gate typedef enum { 3577c478bd9Sstevel@tonic-gate NS_ATTR_MAP, 3587c478bd9Sstevel@tonic-gate NS_OBJ_MAP 3597c478bd9Sstevel@tonic-gate } ns_maptype_t; 3607c478bd9Sstevel@tonic-gate 3617c478bd9Sstevel@tonic-gate typedef struct ns_mapping { 3627c478bd9Sstevel@tonic-gate ns_maptype_t type; 3637c478bd9Sstevel@tonic-gate char *service; 3647c478bd9Sstevel@tonic-gate char *orig; 3657c478bd9Sstevel@tonic-gate char **map; 3667c478bd9Sstevel@tonic-gate } ns_mapping_t; 3677c478bd9Sstevel@tonic-gate 3687c478bd9Sstevel@tonic-gate /* 3697c478bd9Sstevel@tonic-gate * The following is the list of internal libsldap configuration data 3707c478bd9Sstevel@tonic-gate * structures. The configuration is populated normally once per 3717c478bd9Sstevel@tonic-gate * application. The assumption is that in applications can be 3727c478bd9Sstevel@tonic-gate * relatively short lived (IE ls via nsswitch) so it is important to 3737c478bd9Sstevel@tonic-gate * keep configuration to a minimum, but keep lookups fast. 3747c478bd9Sstevel@tonic-gate * 3757c478bd9Sstevel@tonic-gate * Assumptions: 3767c478bd9Sstevel@tonic-gate * 1 configuration entry per domain, and almost always 1 domain 3777c478bd9Sstevel@tonic-gate * per app. Hooks exist for multiple domains per app. 3787c478bd9Sstevel@tonic-gate * 3797c478bd9Sstevel@tonic-gate * Configurations are read in from client file cache or from LDAP. 3807c478bd9Sstevel@tonic-gate * Attribute/objectclass mappings are hashed to improve lookup 3817c478bd9Sstevel@tonic-gate * speed. 3827c478bd9Sstevel@tonic-gate */ 3837c478bd9Sstevel@tonic-gate 3847c478bd9Sstevel@tonic-gate /* 3857c478bd9Sstevel@tonic-gate * Hash entry types 3867c478bd9Sstevel@tonic-gate */ 3877c478bd9Sstevel@tonic-gate typedef enum _ns_hashtype_t { 3887c478bd9Sstevel@tonic-gate NS_HASH_AMAP = 1, /* attr map */ 3897c478bd9Sstevel@tonic-gate NS_HASH_RAMAP = 2, /* reverse attr map */ 3907c478bd9Sstevel@tonic-gate NS_HASH_OMAP = 3, /* oc map */ 3917c478bd9Sstevel@tonic-gate NS_HASH_ROMAP = 4, /* reverse oc map */ 3927c478bd9Sstevel@tonic-gate NS_HASH_VOID = 5 3937c478bd9Sstevel@tonic-gate } ns_hashtype_t; 3947c478bd9Sstevel@tonic-gate 3957c478bd9Sstevel@tonic-gate typedef struct ns_hash { 3967c478bd9Sstevel@tonic-gate ns_hashtype_t h_type; 3977c478bd9Sstevel@tonic-gate ns_mapping_t *h_map; 3987c478bd9Sstevel@tonic-gate struct ns_hash *h_next; 3997c478bd9Sstevel@tonic-gate struct ns_hash *h_llnext; 4007c478bd9Sstevel@tonic-gate } ns_hash_t; 4017c478bd9Sstevel@tonic-gate 4027c478bd9Sstevel@tonic-gate /* 4037c478bd9Sstevel@tonic-gate * This structure defines the format of an internal configuration 4047c478bd9Sstevel@tonic-gate * parameter for ns_ldap client. 4057c478bd9Sstevel@tonic-gate */ 4067c478bd9Sstevel@tonic-gate 4077c478bd9Sstevel@tonic-gate typedef struct ns_param { 4087c478bd9Sstevel@tonic-gate ns_datatype_t ns_ptype; 4097c478bd9Sstevel@tonic-gate int ns_acnt; 4107c478bd9Sstevel@tonic-gate union { 4117c478bd9Sstevel@tonic-gate char **ppc; 4127c478bd9Sstevel@tonic-gate int *pi; 4137c478bd9Sstevel@tonic-gate char *pc; 4147c478bd9Sstevel@tonic-gate int i; 4157c478bd9Sstevel@tonic-gate time_t tm; 4167c478bd9Sstevel@tonic-gate } ns_pu; 4177c478bd9Sstevel@tonic-gate } ns_param_t; 4187c478bd9Sstevel@tonic-gate 4197c478bd9Sstevel@tonic-gate #define ns_ppc ns_pu.ppc 4207c478bd9Sstevel@tonic-gate #define ns_pi ns_pu.pi 4217c478bd9Sstevel@tonic-gate #define ns_pc ns_pu.pc 4227c478bd9Sstevel@tonic-gate #define ns_i ns_pu.i 4237c478bd9Sstevel@tonic-gate #define ns_tm ns_pu.tm 4247c478bd9Sstevel@tonic-gate 4257c478bd9Sstevel@tonic-gate /* 4267c478bd9Sstevel@tonic-gate * This structure defines an instance of a configuration structure. 4277c478bd9Sstevel@tonic-gate * paramList contains the current ns_ldap parameter configuration 4287c478bd9Sstevel@tonic-gate * and hashTbl contain the current attribute/objectclass mappings. 4297c478bd9Sstevel@tonic-gate * Parameters are indexed by using the value assigned to the parameter 4307c478bd9Sstevel@tonic-gate * in ParamIndexType. 4317c478bd9Sstevel@tonic-gate */ 4327c478bd9Sstevel@tonic-gate 4337c478bd9Sstevel@tonic-gate typedef struct ns_config { 4347c478bd9Sstevel@tonic-gate char *domainName; 4357c478bd9Sstevel@tonic-gate ns_version_t version; 4367c478bd9Sstevel@tonic-gate ns_param_t paramList[NS_LDAP_MAX_PIT_P]; 4377c478bd9Sstevel@tonic-gate ns_hash_t *hashTbl[NS_HASH_MAX]; 4387c478bd9Sstevel@tonic-gate ns_hash_t *llHead; 4397c478bd9Sstevel@tonic-gate ns_ldap_entry_t *RootDSE; 4407c478bd9Sstevel@tonic-gate boolean_t delete; 4417c478bd9Sstevel@tonic-gate mutex_t config_mutex; 4427c478bd9Sstevel@tonic-gate int nUse; 443e1dd0a2fSth ldap_get_chg_cookie_t config_cookie; 4447c478bd9Sstevel@tonic-gate } ns_config_t; 4457c478bd9Sstevel@tonic-gate 4467c478bd9Sstevel@tonic-gate /* 4477c478bd9Sstevel@tonic-gate * This structure defines the mapping of the NSCONFIGFILE file 4487c478bd9Sstevel@tonic-gate * statements into their corresponding SolarisNamingProfile, 4497c478bd9Sstevel@tonic-gate * Posix Mapping LDAP attributes, and to their corresponding 4507c478bd9Sstevel@tonic-gate * ParamIndexType enum mapping. THe ParamIndexType enum 4517c478bd9Sstevel@tonic-gate * definitions can be found in ns_ldap.h. This structure also 4527c478bd9Sstevel@tonic-gate * defines the default values that are used when a value either 4537c478bd9Sstevel@tonic-gate * does not exist or is undefined. 4547c478bd9Sstevel@tonic-gate */ 4557c478bd9Sstevel@tonic-gate 4567c478bd9Sstevel@tonic-gate typedef struct ns_default_config { 4577c478bd9Sstevel@tonic-gate const char *name; /* config file parameter name */ 4587c478bd9Sstevel@tonic-gate ParamIndexType index; /* config file enum index */ 4597c478bd9Sstevel@tonic-gate ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */ 4607c478bd9Sstevel@tonic-gate ns_datatype_t data_type; /* ppc,pi,pc,int etc... */ 4617c478bd9Sstevel@tonic-gate int single_valued; /* TRUE OR FALSE */ 462695ef821SGordon Ross ns_version_t version; /* Version # for attribute */ 4637c478bd9Sstevel@tonic-gate const char *profile_name; /* profile schema attribute name */ 4647c478bd9Sstevel@tonic-gate ns_param_t defval; /* config file parameter default */ 4657c478bd9Sstevel@tonic-gate int (*ns_verify)(ParamIndexType i, 4667c478bd9Sstevel@tonic-gate struct ns_default_config *def, 4677c478bd9Sstevel@tonic-gate ns_param_t *param, 4687c478bd9Sstevel@tonic-gate char *errbuf); 4697c478bd9Sstevel@tonic-gate ns_enum_map *allowed; /* allowed values */ 4707c478bd9Sstevel@tonic-gate } ns_default_config; 4717c478bd9Sstevel@tonic-gate 4727c478bd9Sstevel@tonic-gate 4737c478bd9Sstevel@tonic-gate /* 4747c478bd9Sstevel@tonic-gate * This typedef enumerates all the supported authentication 4757c478bd9Sstevel@tonic-gate * mechanisms currently supported in this library 4767c478bd9Sstevel@tonic-gate */ 4777c478bd9Sstevel@tonic-gate 4787c478bd9Sstevel@tonic-gate typedef enum EnumAuthType { 4797c478bd9Sstevel@tonic-gate NS_LDAP_EA_NONE = 0, 4807c478bd9Sstevel@tonic-gate NS_LDAP_EA_SIMPLE = 1, 4817c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_NONE = 2, 4827c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_CRAM_MD5 = 3, 4837c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_DIGEST_MD5 = 4, 4847c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5, 4857c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6, 4867c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_EXTERNAL = 7, 487cb5caa98Sdjl NS_LDAP_EA_SASL_GSSAPI = 8, 4887c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */ 4897c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_NONE = 10, 4907c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SIMPLE = 11, 4917c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_NONE = 12, 4927c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13, 4937c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14, 4947c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15, 4957c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16, 4967c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_EXTERNAL = 17, 4977c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */ 4987c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */ 4997c478bd9Sstevel@tonic-gate } EnumAuthType_t; 5007c478bd9Sstevel@tonic-gate 5017c478bd9Sstevel@tonic-gate 5027c478bd9Sstevel@tonic-gate /* 5037c478bd9Sstevel@tonic-gate * this enum lists the various states of the search state machine 5047c478bd9Sstevel@tonic-gate */ 5057c478bd9Sstevel@tonic-gate 5067c478bd9Sstevel@tonic-gate typedef enum { 5077c478bd9Sstevel@tonic-gate INIT = 1, 5087c478bd9Sstevel@tonic-gate EXIT = 2, 5097c478bd9Sstevel@tonic-gate NEXT_SEARCH_DESCRIPTOR = 3, 5107c478bd9Sstevel@tonic-gate GET_SESSION = 4, 5117c478bd9Sstevel@tonic-gate NEXT_SESSION = 5, 5127c478bd9Sstevel@tonic-gate RESTART_SESSION = 6, 5137c478bd9Sstevel@tonic-gate NEXT_SEARCH = 7, 5147c478bd9Sstevel@tonic-gate NEXT_VLV = 8, 5157c478bd9Sstevel@tonic-gate NEXT_PAGE = 9, 5167c478bd9Sstevel@tonic-gate ONE_SEARCH = 10, 5177c478bd9Sstevel@tonic-gate DO_SEARCH = 11, 5187c478bd9Sstevel@tonic-gate NEXT_RESULT = 12, 5197c478bd9Sstevel@tonic-gate MULTI_RESULT = 13, 5207c478bd9Sstevel@tonic-gate PROCESS_RESULT = 14, 5217c478bd9Sstevel@tonic-gate END_PROCESS_RESULT = 15, 5227c478bd9Sstevel@tonic-gate END_RESULT = 16, 5237c478bd9Sstevel@tonic-gate NEXT_REFERRAL = 17, 5247c478bd9Sstevel@tonic-gate GET_REFERRAL_SESSION = 18, 5257c478bd9Sstevel@tonic-gate ERROR = 19, 52647789246Svv LDAP_ERROR = 20, 527699bceb8Smj GET_ACCT_MGMT_INFO = 21, 528e1dd0a2fSth CLEAR_RESULTS = 22, 529e1dd0a2fSth REINIT = 23 5307c478bd9Sstevel@tonic-gate } ns_state_t; 5317c478bd9Sstevel@tonic-gate 5327c478bd9Sstevel@tonic-gate /* 5337c478bd9Sstevel@tonic-gate * this enum lists the various states of the write state machine 5347c478bd9Sstevel@tonic-gate */ 5357c478bd9Sstevel@tonic-gate typedef enum { 5367c478bd9Sstevel@tonic-gate W_INIT = 1, 5377c478bd9Sstevel@tonic-gate W_EXIT = 2, 5387c478bd9Sstevel@tonic-gate GET_CONNECTION = 3, 5397c478bd9Sstevel@tonic-gate SELECT_OPERATION_SYNC = 4, 5407c478bd9Sstevel@tonic-gate SELECT_OPERATION_ASYNC = 5, 5417c478bd9Sstevel@tonic-gate DO_ADD_SYNC = 6, 5427c478bd9Sstevel@tonic-gate DO_DELETE_SYNC = 7, 5437c478bd9Sstevel@tonic-gate DO_MODIFY_SYNC = 8, 5447c478bd9Sstevel@tonic-gate DO_ADD_ASYNC = 9, 5457c478bd9Sstevel@tonic-gate DO_DELETE_ASYNC = 10, 5467c478bd9Sstevel@tonic-gate DO_MODIFY_ASYNC = 11, 5477c478bd9Sstevel@tonic-gate GET_RESULT_SYNC = 12, 5487c478bd9Sstevel@tonic-gate GET_RESULT_ASYNC = 13, 5497c478bd9Sstevel@tonic-gate PARSE_RESULT = 14, 5507c478bd9Sstevel@tonic-gate GET_REFERRAL_CONNECTION = 15, 5517c478bd9Sstevel@tonic-gate W_LDAP_ERROR = 16, 5527c478bd9Sstevel@tonic-gate W_ERROR = 17 5537c478bd9Sstevel@tonic-gate } ns_write_state_t; 5547c478bd9Sstevel@tonic-gate 5557c478bd9Sstevel@tonic-gate 5567c478bd9Sstevel@tonic-gate typedef int ConnectionID; 5577c478bd9Sstevel@tonic-gate 5589f2fd570SJulian Pullen /* 5599f2fd570SJulian Pullen * Server side sort type. Orginally the server side sort 5609f2fd570SJulian Pullen * was set to "cn uid". This did not work with AD and 5619f2fd570SJulian Pullen * hence single sort attribute was odopted. We dont 5629f2fd570SJulian Pullen * know which server side sort will work with the 5639f2fd570SJulian Pullen * Directory and hence we discover which method works. 5649f2fd570SJulian Pullen */ 5659f2fd570SJulian Pullen typedef enum { 5669f2fd570SJulian Pullen SSS_UNKNOWN = 0, 5679f2fd570SJulian Pullen SSS_SINGLE_ATTR = 1, 5689f2fd570SJulian Pullen SSS_CN_UID_ATTRS = 2 5699f2fd570SJulian Pullen } ns_srvsidesort_t; 5709f2fd570SJulian Pullen 5717c478bd9Sstevel@tonic-gate /* 5727c478bd9Sstevel@tonic-gate * This structure is used by ns_connect to create and manage 5737c478bd9Sstevel@tonic-gate * one or more ldap connections within the library. 5747c478bd9Sstevel@tonic-gate */ 5757c478bd9Sstevel@tonic-gate typedef struct connection { 5767c478bd9Sstevel@tonic-gate ConnectionID connectionId; 577cb5caa98Sdjl boolean_t usedBit; /* true if only used by */ 578cb5caa98Sdjl /* one thread and not shared */ 579cb5caa98Sdjl /* by other threads */ 5808277a58bSchinlong pid_t pid; /* process id */ 5817c478bd9Sstevel@tonic-gate char *serverAddr; 582cb5caa98Sdjl ns_cred_t *auth; 5837c478bd9Sstevel@tonic-gate LDAP *ld; 5847c478bd9Sstevel@tonic-gate thread_t threadID; /* thread ID using it */ 5857c478bd9Sstevel@tonic-gate struct ns_ldap_cookie *cookieInfo; 586695ef821SGordon Ross char **controls; /* from server_info */ 5877c478bd9Sstevel@tonic-gate char **saslMechanisms; /* from server_info */ 5887c478bd9Sstevel@tonic-gate } Connection; 5897c478bd9Sstevel@tonic-gate 5907c478bd9Sstevel@tonic-gate #define ONE_STEP 1 5917c478bd9Sstevel@tonic-gate 5927c478bd9Sstevel@tonic-gate /* 5937c478bd9Sstevel@tonic-gate * This structure is for referrals processing. 5947c478bd9Sstevel@tonic-gate * The data are from referral URLs returned by 5957c478bd9Sstevel@tonic-gate * LDAP servers 5967c478bd9Sstevel@tonic-gate */ 5977c478bd9Sstevel@tonic-gate typedef struct ns_referral_info { 5987c478bd9Sstevel@tonic-gate struct ns_referral_info *next; 5997c478bd9Sstevel@tonic-gate char *refHost; 6007c478bd9Sstevel@tonic-gate int refScope; 6017c478bd9Sstevel@tonic-gate char *refDN; 6027c478bd9Sstevel@tonic-gate char *refFilter; 6037c478bd9Sstevel@tonic-gate } ns_referral_info_t; 6047c478bd9Sstevel@tonic-gate 605479ac375Sdm struct ns_ldap_cookie; 606479ac375Sdm 607479ac375Sdm /* 608479ac375Sdm * Batch used by __ns_ldap_list_batch_xxx API 609479ac375Sdm */ 610479ac375Sdm struct ns_ldap_list_batch { 611479ac375Sdm uint32_t nactive; 612479ac375Sdm struct ns_ldap_cookie *next_cookie; 613479ac375Sdm struct ns_ldap_cookie *cookie_list; 614479ac375Sdm }; 615479ac375Sdm 616e1dd0a2fSth struct ns_conn_user; 617e1dd0a2fSth typedef struct ns_conn_user ns_conn_user_t; 618e1dd0a2fSth 6197c478bd9Sstevel@tonic-gate /* 6207c478bd9Sstevel@tonic-gate * This structure used internally in searches 6217c478bd9Sstevel@tonic-gate */ 6227c478bd9Sstevel@tonic-gate 6237c478bd9Sstevel@tonic-gate typedef struct ns_ldap_cookie { 6247c478bd9Sstevel@tonic-gate /* INPUTS */ 6257c478bd9Sstevel@tonic-gate /* server list position */ 6267c478bd9Sstevel@tonic-gate 6277c478bd9Sstevel@tonic-gate /* service search descriptor list & position */ 6287c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t **sdlist; 6297c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t **sdpos; 6307c478bd9Sstevel@tonic-gate 6317c478bd9Sstevel@tonic-gate /* search filter callback */ 6327c478bd9Sstevel@tonic-gate int use_filtercb; 633695ef821SGordon Ross int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 6347c478bd9Sstevel@tonic-gate char **realfilter, const void *userdata); 6357c478bd9Sstevel@tonic-gate 6367c478bd9Sstevel@tonic-gate /* user callback */ 6377c478bd9Sstevel@tonic-gate int use_usercb; 6387c478bd9Sstevel@tonic-gate int (*callback)(const ns_ldap_entry_t *entry, 6397c478bd9Sstevel@tonic-gate const void *userdata); 6407c478bd9Sstevel@tonic-gate const void *userdata; 6417c478bd9Sstevel@tonic-gate 6427c478bd9Sstevel@tonic-gate int followRef; 6437c478bd9Sstevel@tonic-gate int use_paging; 6447c478bd9Sstevel@tonic-gate char *service; 6457c478bd9Sstevel@tonic-gate char *i_filter; 6467c478bd9Sstevel@tonic-gate const char * const *i_attr; 6479f2fd570SJulian Pullen const char *i_sortattr; 6487c478bd9Sstevel@tonic-gate const ns_cred_t *i_auth; 649695ef821SGordon Ross int i_flags; 6507c478bd9Sstevel@tonic-gate 6517c478bd9Sstevel@tonic-gate /* OUTPUTS */ 6527c478bd9Sstevel@tonic-gate ns_ldap_result_t *result; 6537c478bd9Sstevel@tonic-gate ns_ldap_entry_t *nextEntry; 6547c478bd9Sstevel@tonic-gate /* Error data */ 6557c478bd9Sstevel@tonic-gate int err_rc; 6567c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 6577c478bd9Sstevel@tonic-gate 6587c478bd9Sstevel@tonic-gate /* PRIVATE */ 6597c478bd9Sstevel@tonic-gate ns_state_t state; 6607c478bd9Sstevel@tonic-gate ns_state_t new_state; 6617c478bd9Sstevel@tonic-gate ns_state_t next_state; 6627c478bd9Sstevel@tonic-gate 6637c478bd9Sstevel@tonic-gate Connection *conn; 664e8ac3ceaSsdussud #define conn_auth_type conn->auth->auth.type 6657c478bd9Sstevel@tonic-gate ConnectionID connectionId; 6667c478bd9Sstevel@tonic-gate 6677c478bd9Sstevel@tonic-gate /* paging VLV/SIMPLEPAGE data */ 6687c478bd9Sstevel@tonic-gate int listType; 6697c478bd9Sstevel@tonic-gate unsigned long index; 6707c478bd9Sstevel@tonic-gate LDAPControl **p_serverctrls; 6719f2fd570SJulian Pullen ns_srvsidesort_t sortTypeTry; 6729f2fd570SJulian Pullen int entryCount; 6737c478bd9Sstevel@tonic-gate 6747c478bd9Sstevel@tonic-gate int scope; 6757c478bd9Sstevel@tonic-gate char *basedn; 6767c478bd9Sstevel@tonic-gate char *filter; 6777c478bd9Sstevel@tonic-gate char **attribute; 6787c478bd9Sstevel@tonic-gate 6797c478bd9Sstevel@tonic-gate /* RESULT PROCESSING */ 6807c478bd9Sstevel@tonic-gate int msgId; 6817c478bd9Sstevel@tonic-gate LDAPMessage *resultMsg; 6827c478bd9Sstevel@tonic-gate 6837c478bd9Sstevel@tonic-gate char **dns; 6847c478bd9Sstevel@tonic-gate char *currentdn; 6857c478bd9Sstevel@tonic-gate int flag; 686695ef821SGordon Ross struct berval *ctrlCookie; 6877c478bd9Sstevel@tonic-gate 6887c478bd9Sstevel@tonic-gate /* REFERRALS PROCESSING */ 6897c478bd9Sstevel@tonic-gate /* referralinfo list & position */ 690695ef821SGordon Ross ns_referral_info_t *reflist; 691695ef821SGordon Ross ns_referral_info_t *refpos; 6927c478bd9Sstevel@tonic-gate /* search timeout value */ 6937c478bd9Sstevel@tonic-gate struct timeval search_timeout; 69447789246Svv /* response control to hold account management information */ 69547789246Svv LDAPControl **resultctrl; 69647789246Svv /* Flag to indicate password less account management is required */ 69747789246Svv int nopasswd_acct_mgmt; 6988277a58bSchinlong int err_from_result; 699e1dd0a2fSth ns_conn_user_t *conn_user; 700479ac375Sdm 701479ac375Sdm /* BATCH PROCESSING */ 702479ac375Sdm ns_ldap_list_batch_t *batch; 703479ac375Sdm boolean_t no_wait; 704e1dd0a2fSth boolean_t reinit_on_retriable_err; 705e1dd0a2fSth int retries; 706479ac375Sdm ns_ldap_result_t **caller_result; 707479ac375Sdm ns_ldap_error_t **caller_errorp; 708479ac375Sdm int *caller_rc; 709479ac375Sdm struct ns_ldap_cookie *next_cookie_in_batch; 7107c478bd9Sstevel@tonic-gate } ns_ldap_cookie_t; 7117c478bd9Sstevel@tonic-gate 7127c478bd9Sstevel@tonic-gate /* 7137c478bd9Sstevel@tonic-gate * This structure is part of the return value information for 7147c478bd9Sstevel@tonic-gate * __s_api_requestServer. The routine that requests a new server 7157c478bd9Sstevel@tonic-gate * from the cache manager 7167c478bd9Sstevel@tonic-gate */ 7177c478bd9Sstevel@tonic-gate typedef struct ns_server_info { 7187c478bd9Sstevel@tonic-gate char *server; 7194a6b6ac4Schinlong char *serverFQDN; 720695ef821SGordon Ross char **controls; 7217c478bd9Sstevel@tonic-gate char **saslMechanisms; 7227c478bd9Sstevel@tonic-gate } ns_server_info_t; 7237c478bd9Sstevel@tonic-gate 724cb5caa98Sdjl /* 725cb5caa98Sdjl * sasl callback function parameters 726cb5caa98Sdjl */ 727cb5caa98Sdjl typedef struct ns_sasl_cb_param { 728cb5caa98Sdjl char *mech; 729cb5caa98Sdjl char *authid; 730cb5caa98Sdjl char *authzid; 731cb5caa98Sdjl char *passwd; 732cb5caa98Sdjl char *realm; 733cb5caa98Sdjl } ns_sasl_cb_param_t; 734cb5caa98Sdjl 735cb5caa98Sdjl /* Multiple threads per connection variable */ 736cb5caa98Sdjl extern int MTperConn; 737cb5caa98Sdjl 7387c478bd9Sstevel@tonic-gate /* 7397c478bd9Sstevel@tonic-gate * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS 7407c478bd9Sstevel@tonic-gate */ 7417c478bd9Sstevel@tonic-gate 7427c478bd9Sstevel@tonic-gate #ifdef DEBUG 7437c478bd9Sstevel@tonic-gate extern int __ldap_debug_file; 7447c478bd9Sstevel@tonic-gate extern int __ldap_debug_api; 7457c478bd9Sstevel@tonic-gate extern int __ldap_debug_ldap; 7467c478bd9Sstevel@tonic-gate extern int __ldap_debug_servers; 7477c478bd9Sstevel@tonic-gate #endif 7487c478bd9Sstevel@tonic-gate 7497c478bd9Sstevel@tonic-gate /* internal connection APIs */ 7507c478bd9Sstevel@tonic-gate void DropConnection(ConnectionID, int); 7517c478bd9Sstevel@tonic-gate int __s_api_getServers(char *** servers, ns_ldap_error_t ** error); 7527c478bd9Sstevel@tonic-gate 7537c478bd9Sstevel@tonic-gate int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i); 7547c478bd9Sstevel@tonic-gate char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type); 7557c478bd9Sstevel@tonic-gate char *__s_get_security_name(ns_config_t *ptr, TlsType_t type); 7567c478bd9Sstevel@tonic-gate char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type); 7577c478bd9Sstevel@tonic-gate char *__s_get_pref_name(PrefOnly_t type); 7587c478bd9Sstevel@tonic-gate char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type); 759dd1104fbSMichen Chang char *__s_get_shadowupdate_name(enableShadowUpdate_t type); 7607c478bd9Sstevel@tonic-gate char *__s_get_hostcertpath(void); 761e1dd0a2fSth void __s_api_free_sessionPool(); 762e1dd0a2fSth int __s_api_requestServer(const char *request, const char *server, 763e1dd0a2fSth ns_server_info_t *ret, ns_ldap_error_t **error, const char *addrType); 7647c478bd9Sstevel@tonic-gate 7657c478bd9Sstevel@tonic-gate 7667c478bd9Sstevel@tonic-gate /* ************ internal sldap-api functions *********** */ 7677c478bd9Sstevel@tonic-gate void __ns_ldap_freeEntry(ns_ldap_entry_t *ep); 768d7ab8532SJason King void __ns_ldap_freeASearchDesc(ns_ldap_search_desc_t *); 7697c478bd9Sstevel@tonic-gate void __s_api_split_key_value(char *buffer, char **name, char **value); 7707c478bd9Sstevel@tonic-gate int __s_api_printResult(ns_ldap_result_t *); 7717c478bd9Sstevel@tonic-gate int __s_api_getSearchScope(int *, ns_ldap_error_t **); 7727c478bd9Sstevel@tonic-gate int __s_api_getDNs(char ***, const char *, 7737c478bd9Sstevel@tonic-gate ns_ldap_error_t **); 7747c478bd9Sstevel@tonic-gate int __s_api_get_search_DNs_v1(char ***, const char *, 7757c478bd9Sstevel@tonic-gate ns_ldap_error_t **); 7767c478bd9Sstevel@tonic-gate int __s_api_getConnection(const char *, const int, 7777c478bd9Sstevel@tonic-gate const ns_cred_t *, int *, 778e1dd0a2fSth Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *); 7797c478bd9Sstevel@tonic-gate char **__s_api_cp2dArray(char **); 7807c478bd9Sstevel@tonic-gate void __s_api_free2dArray(char **); 7817c478bd9Sstevel@tonic-gate 7827c478bd9Sstevel@tonic-gate int __s_api_isCtrlSupported(Connection *, char *); 7837c478bd9Sstevel@tonic-gate ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result); 7847c478bd9Sstevel@tonic-gate ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i); 785e1dd0a2fSth boolean_t __s_api_peruser_proc(void); 786e1dd0a2fSth boolean_t __s_api_nscd_proc(void); 7877c478bd9Sstevel@tonic-gate char *dvalue(char *); 7887c478bd9Sstevel@tonic-gate char *evalue(char *); 789e1dd0a2fSth ns_ldap_error_t *__s_api_make_error(int, char *); 790e1dd0a2fSth ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *); 791e1dd0a2fSth 792e1dd0a2fSth /* ************ specific 'Standalone' functions ********** */ 793e1dd0a2fSth ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname); 794e1dd0a2fSth struct hostent *__s_api_hostname2ip(const char *name, 795e1dd0a2fSth struct hostent *result, 796e1dd0a2fSth char *buffer, 797e1dd0a2fSth int buflen, 798e1dd0a2fSth int *h_errnop); 799e1dd0a2fSth void __s_api_setInitMode(); 800e1dd0a2fSth void __s_api_unsetInitMode(); 801e1dd0a2fSth int __s_api_isStandalone(void); 802e1dd0a2fSth int __s_api_isInitializing(); 803e1dd0a2fSth ns_ldap_return_code __s_api_findRootDSE(const char *request, 804e1dd0a2fSth const char *server, 805e1dd0a2fSth const char *addrType, 806e1dd0a2fSth ns_server_info_t *ret, 807e1dd0a2fSth ns_ldap_error_t **error); 808e1dd0a2fSth ns_config_t *__s_api_create_config_door_str(char *config, 809e1dd0a2fSth ns_ldap_error_t **errorp); 8107c478bd9Sstevel@tonic-gate 8117c478bd9Sstevel@tonic-gate extern void get_environment(); 8127c478bd9Sstevel@tonic-gate 8137c478bd9Sstevel@tonic-gate /* internal Param APIs */ 8147c478bd9Sstevel@tonic-gate int __ns_ldap_setParamValue(ns_config_t *ptr, 8157c478bd9Sstevel@tonic-gate const ParamIndexType type, 8167c478bd9Sstevel@tonic-gate const void *data, ns_ldap_error_t **error); 8177c478bd9Sstevel@tonic-gate int __s_api_get_type(const char *value, ParamIndexType *type); 8187c478bd9Sstevel@tonic-gate int __s_api_get_versiontype(ns_config_t *ptr, char *value, 8197c478bd9Sstevel@tonic-gate ParamIndexType *type); 8207c478bd9Sstevel@tonic-gate int __s_api_get_profiletype(char *value, ParamIndexType *type); 8217c478bd9Sstevel@tonic-gate void __s_api_init_config(ns_config_t *ptr); 822e1dd0a2fSth void __s_api_init_config_global(ns_config_t *ptr); 8237c478bd9Sstevel@tonic-gate ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr, 8247c478bd9Sstevel@tonic-gate int check_dn); 8257c478bd9Sstevel@tonic-gate ns_config_t *__s_api_create_config(void); 8267c478bd9Sstevel@tonic-gate ns_config_t *__s_api_get_default_config(void); 827e1dd0a2fSth ns_config_t *__s_api_get_default_config_global(void); 8287c478bd9Sstevel@tonic-gate ns_config_t *__s_api_loadrefresh_config(); 829e1dd0a2fSth ns_config_t *__s_api_loadrefresh_config_global(); 8307c478bd9Sstevel@tonic-gate void __s_api_destroy_config(ns_config_t *ptr); 8317c478bd9Sstevel@tonic-gate int __s_api_get_configtype(ParamIndexType type); 8327c478bd9Sstevel@tonic-gate const char *__s_api_get_configname(ParamIndexType type); 833434c5a06SMilan Jurik char *__s_api_strValue(ns_config_t *ptr, ParamIndexType i, 8347c478bd9Sstevel@tonic-gate ns_strfmt_t fmt); 8357c478bd9Sstevel@tonic-gate void __s_api_release_config(ns_config_t *cfg); 8367c478bd9Sstevel@tonic-gate 8377c478bd9Sstevel@tonic-gate /* internal attribute/objectclass mapping api's */ 8387c478bd9Sstevel@tonic-gate int __s_api_add_map2hash(ns_config_t *config, 8397c478bd9Sstevel@tonic-gate ns_hashtype_t type, ns_mapping_t *map); 8407c478bd9Sstevel@tonic-gate void __s_api_destroy_hash(ns_config_t *config); 8417c478bd9Sstevel@tonic-gate int __s_api_parse_map(char *cp, char **sid, 8427c478bd9Sstevel@tonic-gate char **origA, char ***mapA); 8437c478bd9Sstevel@tonic-gate char **__ns_ldap_mapAttributeList(const char *service, 8447c478bd9Sstevel@tonic-gate const char * const *origAttrList); 8459f2fd570SJulian Pullen char *__ns_ldap_mapAttribute(const char *service, 8469f2fd570SJulian Pullen const char *origAttr); 8477c478bd9Sstevel@tonic-gate 8487c478bd9Sstevel@tonic-gate /* internal configuration APIs */ 8497c478bd9Sstevel@tonic-gate void __ns_ldap_setServer(int set); 8507c478bd9Sstevel@tonic-gate ns_ldap_error_t *__ns_ldap_LoadConfiguration(); 851e1dd0a2fSth ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname, 852b57459abSJulian Pullen ns_config_t *new, int cred_only); 8537c478bd9Sstevel@tonic-gate ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename); 8547c478bd9Sstevel@tonic-gate ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename); 8557c478bd9Sstevel@tonic-gate int __ns_ldap_cache_ping(); 856cb5caa98Sdjl ns_ldap_error_t *__ns_ldap_print_config(int); 857cb5caa98Sdjl void __ns_ldap_default_config(); 858cb5caa98Sdjl int __ns_ldap_download(const char *, char *, char *, 859cb5caa98Sdjl ns_ldap_error_t **); 860d7ab8532SJason King int __ns_ldap_check_dns_preq(int foreground, int mode_verbose, int mode_quiet, 861d7ab8532SJason King const char *fname, ns_ldap_self_gssapi_config_t config, 862d7ab8532SJason King ns_ldap_error_t **errpp); 863d7ab8532SJason King 864d7ab8532SJason King int __ns_ldap_check_gssapi_preq(int foreground, int mode_verbose, 865d7ab8532SJason King int mode_quiet, ns_ldap_self_gssapi_config_t config, 866d7ab8532SJason King ns_ldap_error_t **errpp); 867d7ab8532SJason King 868d7ab8532SJason King int __ns_ldap_check_all_preq(int foreground, int mode_verbose, int mode_quiet, 869d7ab8532SJason King ns_ldap_self_gssapi_config_t config, ns_ldap_error_t **errpp); 8707c478bd9Sstevel@tonic-gate 8717c478bd9Sstevel@tonic-gate /* internal un-exposed APIs */ 872695ef821SGordon Ross ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp); 873e1dd0a2fSth boolean_t __s_api_is_auth_matched(const ns_cred_t *auth1, 874e1dd0a2fSth const ns_cred_t *auth2); 8757c478bd9Sstevel@tonic-gate int __s_api_get_SSD_from_SSDtoUse_service(const char *service, 8767c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t ***SSDlist, 8777c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 8787c478bd9Sstevel@tonic-gate int __s_api_prepend_automountmapname(const char *service, 8797c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t ***SSDlist, 8807c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 8817c478bd9Sstevel@tonic-gate int __s_api_prepend_automountmapname_to_dn(const char *service, 8827c478bd9Sstevel@tonic-gate char **basedn, 8837c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 8847c478bd9Sstevel@tonic-gate int __s_api_convert_automountmapname(const char *service, 8857c478bd9Sstevel@tonic-gate char **dn, ns_ldap_error_t ** errorp); 8867c478bd9Sstevel@tonic-gate int __s_api_replace_mapped_attr_in_dn( 8877c478bd9Sstevel@tonic-gate const char *orig_attr, const char *mapped_attr, 8887c478bd9Sstevel@tonic-gate const char *dn, char **new_dn); 8897c478bd9Sstevel@tonic-gate int __s_api_append_default_basedn( 8907c478bd9Sstevel@tonic-gate const char *dn, 8917c478bd9Sstevel@tonic-gate char **new_dn, 8927c478bd9Sstevel@tonic-gate int *allocated, 8937c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 894e8ac3ceaSsdussud int __s_api_removeServer(const char *server); 895689c2bf4Sjanga void __s_api_removeBadServers(char **server); 8964a6b6ac4Schinlong void __s_api_free_server_info(ns_server_info_t *sinfo); 897e1dd0a2fSth void __s_api_freeConnection(Connection *con); 8987c478bd9Sstevel@tonic-gate 8997c478bd9Sstevel@tonic-gate /* internal referrals APIs */ 900695ef821SGordon Ross int __s_api_toFollowReferrals(const int flags, 9017c478bd9Sstevel@tonic-gate int *toFollow, 9027c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 903695ef821SGordon Ross int __s_api_addRefInfo(ns_referral_info_t **head, 9047c478bd9Sstevel@tonic-gate char *url, char *baseDN, int *scope, 9057c478bd9Sstevel@tonic-gate char *filter, LDAP *ld); 9067c478bd9Sstevel@tonic-gate void __s_api_deleteRefInfo(ns_referral_info_t *head); 9077c478bd9Sstevel@tonic-gate 9087c478bd9Sstevel@tonic-gate /* callback routine for SSD filters */ 9097c478bd9Sstevel@tonic-gate int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc, 9107c478bd9Sstevel@tonic-gate char **realfilter, 9117c478bd9Sstevel@tonic-gate const void *userdata); 9127c478bd9Sstevel@tonic-gate 9137c478bd9Sstevel@tonic-gate /* network address verification api */ 9147c478bd9Sstevel@tonic-gate int __s_api_isipv4(char *addr); 9157c478bd9Sstevel@tonic-gate int __s_api_isipv6(char *addr); 9167c478bd9Sstevel@tonic-gate int __s_api_ishost(char *addr); 9177c478bd9Sstevel@tonic-gate 9187c478bd9Sstevel@tonic-gate /* password management routine */ 9197c478bd9Sstevel@tonic-gate ns_ldap_passwd_status_t 9207c478bd9Sstevel@tonic-gate __s_api_set_passwd_status(int errnum, char *errmsg); 9217c478bd9Sstevel@tonic-gate int __s_api_contain_passwd_control_oid(char **oids); 9227c478bd9Sstevel@tonic-gate 92347789246Svv /* password less account management routine */ 92447789246Svv int __s_api_contain_account_usable_control_oid(char **oids); 92547789246Svv 9267c478bd9Sstevel@tonic-gate /* RFC 2307 section 5.6. Get a canonical name from entry */ 9277c478bd9Sstevel@tonic-gate char *__s_api_get_canonical_name(ns_ldap_entry_t *entry, 9287c478bd9Sstevel@tonic-gate ns_ldap_attr_t *attrptr, int case_ignore); 9297c478bd9Sstevel@tonic-gate 930cb5caa98Sdjl /* self/sasl/gssapi functions */ 931cb5caa98Sdjl int __s_api_sasl_bind_callback( 932cb5caa98Sdjl LDAP *ld, 933cb5caa98Sdjl unsigned flags, 934cb5caa98Sdjl void *defaults, 935cb5caa98Sdjl void *in); 936cb5caa98Sdjl 937cb5caa98Sdjl int __s_api_self_gssapi_only_get(void); 938cb5caa98Sdjl 939434c5a06SMilan Jurik int __print2buf(LineBuf *line, const char *toprint, char *sep); 940434c5a06SMilan Jurik 9417c478bd9Sstevel@tonic-gate #ifdef __cplusplus 9427c478bd9Sstevel@tonic-gate } 9437c478bd9Sstevel@tonic-gate #endif 9447c478bd9Sstevel@tonic-gate 9457c478bd9Sstevel@tonic-gate #endif /* _NS_INTERNAL_H */ 946