17c478bdstevel@tonic-gate/*
27c478bdstevel@tonic-gate * CDDL HEADER START
37c478bdstevel@tonic-gate *
47c478bdstevel@tonic-gate * The contents of this file are subject to the terms of the
5689c2bfjanga * Common Development and Distribution License (the "License").
6689c2bfjanga * You may not use this file except in compliance with the License.
77c478bdstevel@tonic-gate *
87c478bdstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bdstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bdstevel@tonic-gate * See the License for the specific language governing permissions
117c478bdstevel@tonic-gate * and limitations under the License.
127c478bdstevel@tonic-gate *
137c478bdstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bdstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bdstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bdstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bdstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bdstevel@tonic-gate *
197c478bdstevel@tonic-gate * CDDL HEADER END
207c478bdstevel@tonic-gate */
21442384bJulian Pullen
227c478bdstevel@tonic-gate/*
239f2fd57Julian Pullen * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
24695ef82Gordon Ross * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
257c478bdstevel@tonic-gate */
267c478bdstevel@tonic-gate
277c478bdstevel@tonic-gate
287c478bdstevel@tonic-gate#ifndef	_NS_INTERNAL_H
297c478bdstevel@tonic-gate#define	_NS_INTERNAL_H
307c478bdstevel@tonic-gate
317c478bdstevel@tonic-gate#ifdef __cplusplus
327c478bdstevel@tonic-gateextern "C" {
337c478bdstevel@tonic-gate#endif
347c478bdstevel@tonic-gate
357c478bdstevel@tonic-gate#include <stdio.h>
367c478bdstevel@tonic-gate#include <sys/types.h>
377c478bdstevel@tonic-gate#include <sys/time.h>
387c478bdstevel@tonic-gate#include <thread.h>
397c478bdstevel@tonic-gate#include <lber.h>
407c478bdstevel@tonic-gate#include <ldap.h>
417c478bdstevel@tonic-gate#include "ns_sldap.h"
42e1dd0a2th#include "ns_cache_door.h"
437c478bdstevel@tonic-gate
447c478bdstevel@tonic-gate/*
457c478bdstevel@tonic-gate * INTERNALLY USED CONSTANTS
467c478bdstevel@tonic-gate */
477c478bdstevel@tonic-gate
487c478bdstevel@tonic-gate#define	MAXERROR		2000
497c478bdstevel@tonic-gate#define	TRUE			1
507c478bdstevel@tonic-gate#define	FALSE			0
517c478bdstevel@tonic-gate#define	NSLDAPDIRECTORY		"/var/ldap"
527c478bdstevel@tonic-gate#define	NSCONFIGFILE		"/var/ldap/ldap_client_file"
537c478bdstevel@tonic-gate#define	NSCONFIGREFRESH		"/var/ldap/ldap_client_file.refresh"
547c478bdstevel@tonic-gate#define	NSCREDFILE		"/var/ldap/ldap_client_cred"
557c478bdstevel@tonic-gate#define	NSCREDREFRESH		"/var/ldap/ldap_client_cred.refresh"
567c478bdstevel@tonic-gate#define	ROTORSIZE		256
577c478bdstevel@tonic-gate#define	MASK			0377
587c478bdstevel@tonic-gate#define	LDAPMAXHARDLOOKUPTIME	256
597c478bdstevel@tonic-gate#define	DONOTEDIT		\
607c478bdstevel@tonic-gate	"Do not edit this file manually; your changes will be lost." \
617c478bdstevel@tonic-gate	"Please use ldapclient (1M) instead."
627c478bdstevel@tonic-gate#define	MAXPORTNUMBER		65535
637c478bdstevel@tonic-gate#define	MAXPORTNUMBER_STR	"65535"
647c478bdstevel@tonic-gate#define	CREDFILE		0
657c478bdstevel@tonic-gate#define	CONFIGFILE		1
667c478bdstevel@tonic-gate#define	UIDNUMFILTER		"(&(objectclass=posixAccount)(uidnumber=%s))"
67695ef82Gordon Ross#define	UIDNUMFILTER_SSD	"(&(%%s)(uidnumber=%s))"
687c478bdstevel@tonic-gate#define	UIDFILTER		"(&(objectclass=posixAccount)(uid=%s))"
697c478bdstevel@tonic-gate#define	UIDFILTER_SSD		"(&(%%s)(uid=%s))"
70695ef82Gordon Ross#define	UIDDNFILTER	"(&(objectclass=posixAccount)(distinguishedName=%s))"
71695ef82Gordon Ross#define	UIDDNFILTER_SSD		"(&(%%s)(distinguishedName=%s))"
72695ef82Gordon Ross
737c478bdstevel@tonic-gate#define	HOSTFILTER		"(&(objectclass=ipHost)(cn=%s))"
747c478bdstevel@tonic-gate#define	HOSTFILTER_SSD		"(&(%%s)(cn=%s))"
757c478bdstevel@tonic-gate
767c478bdstevel@tonic-gate#define	SIMPLEPAGECTRLFLAG	1
777c478bdstevel@tonic-gate#define	VLVCTRLFLAG		2
787c478bdstevel@tonic-gate
797c478bdstevel@tonic-gate#define	LISTPAGESIZE		1000
807c478bdstevel@tonic-gate#define	ENUMPAGESIZE		100
817c478bdstevel@tonic-gate
827c478bdstevel@tonic-gate#define	DEFMAX			8
837c478bdstevel@tonic-gate#define	TOKENSEPARATOR		'='
847c478bdstevel@tonic-gate#define	QUOTETOK		'"'
857c478bdstevel@tonic-gate#define	SPACETOK		' '
867c478bdstevel@tonic-gate#define	COMMATOK		','
877c478bdstevel@tonic-gate#define	COLONTOK		':'
887c478bdstevel@tonic-gate#define	QUESTTOK		'?'
897c478bdstevel@tonic-gate#define	SEMITOK			';'
907c478bdstevel@tonic-gate#define	TABTOK			'\t'
917c478bdstevel@tonic-gate#define	OPARATOK		'('
927c478bdstevel@tonic-gate#define	CPARATOK		')'
937c478bdstevel@tonic-gate#define	BSLTOK			'\\'
947c478bdstevel@tonic-gate#define	DOORLINESEP		"\07"
95e1dd0a2th#define	DOORLINESEP_CHR		0x7
967c478bdstevel@tonic-gate#define	COMMASEP		", "
977c478bdstevel@tonic-gate#define	SPACESEP		" "
987c478bdstevel@tonic-gate#define	SEMISEP			";"
997c478bdstevel@tonic-gate#define	COLONSEP		":"
1007c478bdstevel@tonic-gate#define	COLSPSEP		": "
1017c478bdstevel@tonic-gate#define	EQUALSEP		"="
1027c478bdstevel@tonic-gate#define	EQUSPSEP		"= "
1037c478bdstevel@tonic-gate#define	LAST_VALUE		(int)NS_LDAP_HOST_CERTPATH_P
104434c5a0Milan Jurik#define	BUFSIZE			BUFSIZ
1057c478bdstevel@tonic-gate#define	DEFAULTCONFIGNAME	"__default_config"
1067c478bdstevel@tonic-gate#define	EXP_DEFAULT_TTL		"43200"	/* 12 hours TTL */
1077c478bdstevel@tonic-gate#define	CRYPTMARK		"{NS1}"
1087c478bdstevel@tonic-gate#define	DOORBUFFERSIZE		8192
1097c478bdstevel@tonic-gate
1107c478bdstevel@tonic-gate#define	LDIF_FMT_STR		"%s: %s"
1117c478bdstevel@tonic-gate#define	FILE_FMT_STR		"%s= %s"
1127c478bdstevel@tonic-gate#define	DOOR_FMT_STR		"%s=%s"
1137c478bdstevel@tonic-gate
1147c478bdstevel@tonic-gate#define	SESSION_CACHE_INC	8
1157c478bdstevel@tonic-gate#define	CONID_OFFSET		1024
1167c478bdstevel@tonic-gate#define	NS_DEFAULT_BIND_TIMEOUT		30 /* timeout value in seconds */
1177c478bdstevel@tonic-gate#define	NS_DEFAULT_SEARCH_TIMEOUT	30 /* timeout value in seconds */
1187c478bdstevel@tonic-gate
1197c478bdstevel@tonic-gate/* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
12050b7bd5Sreedhar Chalamalasetti - Sun Microsystems - Bangalore India#define	RDNSIZE			512
1217c478bdstevel@tonic-gate
122dd1104fMichen Chang/*
123dd1104fMichen Chang * special service used by ldap_cachemgr to indicate a shadow update
124dd1104fMichen Chang * is to be done with the credential of the administrator identity
125dd1104fMichen Chang */
126dd1104fMichen Chang#define	NS_ADMIN_SHADOW_UPDATE	"shadow__admin_update"
1277c478bdstevel@tonic-gate
1287c478bdstevel@tonic-gate/* Phase 1 profile information */
1297c478bdstevel@tonic-gate#define	_PROFILE1_OBJECTCLASS	"SolarisNamingProfile"
1307c478bdstevel@tonic-gate#define	_PROFILE_CONTAINER	"profile"
1317c478bdstevel@tonic-gate#define	_PROFILE_FILTER		"(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
1327c478bdstevel@tonic-gate
1337c478bdstevel@tonic-gate/* Phase 2 profile information */
1347c478bdstevel@tonic-gate#define	_PROFILE2_OBJECTCLASS		"DUAConfigProfile"
1357c478bdstevel@tonic-gate
1367c478bdstevel@tonic-gate/* Common to all profiles */
1377c478bdstevel@tonic-gate#define	_P_CN			"cn"
1387c478bdstevel@tonic-gate
1397c478bdstevel@tonic-gate/* Native LDAP Phase 1 Specific Profile Attributes */
1407c478bdstevel@tonic-gate#define	_P1_SERVERS			"SolarisLDAPServers"
1417c478bdstevel@tonic-gate#define	_P1_SEARCHBASEDN		"SolarisSearchBaseDN"
1427c478bdstevel@tonic-gate#define	_P1_CACHETTL			"SolarisCacheTTL"
1437c478bdstevel@tonic-gate#define	_P1_BINDDN			"SolarisBindDN"
1447c478bdstevel@tonic-gate#define	_P1_BINDPASSWORD		"SolarisBindPassword"
1457c478bdstevel@tonic-gate#define	_P1_AUTHMETHOD			"SolarisAuthMethod"
1467c478bdstevel@tonic-gate#define	_P1_TRANSPORTSECURITY		"SolarisTransportSecurity"
1477c478bdstevel@tonic-gate#define	_P1_CERTIFICATEPATH		"SolarisCertificatePath"
1487c478bdstevel@tonic-gate#define	_P1_CERTIFICATEPASSWORD		"SolarisCertificatePassword"
1497c478bdstevel@tonic-gate#define	_P1_DATASEARCHDN		"SolarisDataSearchDN"
1507c478bdstevel@tonic-gate#define	_P1_SEARCHSCOPE			"SolarisSearchScope"
1517c478bdstevel@tonic-gate#define	_P1_SEARCHTIMELIMIT		"SolarisSearchTimeLimit"
1527c478bdstevel@tonic-gate#define	_P1_PREFERREDSERVER		"SolarisPreferredServer"
1537c478bdstevel@tonic-gate#define	_P1_PREFERREDSERVERONLY		"SolarisPreferredServerOnly"
1547c478bdstevel@tonic-gate#define	_P1_SEARCHREFERRAL		"SolarisSearchReferral"
1557c478bdstevel@tonic-gate#define	_P1_BINDTIMELIMIT		"SolarisBindTimeLimit"
1567c478bdstevel@tonic-gate
1577c478bdstevel@tonic-gate/* Native LDAP Phase 2 Specific Profile Attributes */
1587c478bdstevel@tonic-gate#define	_P2_PREFERREDSERVER		"preferredServerList"
1597c478bdstevel@tonic-gate#define	_P2_DEFAULTSERVER		"defaultServerList"
1607c478bdstevel@tonic-gate#define	_P2_SEARCHBASEDN		"defaultSearchBase"
1617c478bdstevel@tonic-gate#define	_P2_SEARCHSCOPE			"defaultSearchScope"
1627c478bdstevel@tonic-gate#define	_P2_AUTHMETHOD			"authenticationMethod"
1637c478bdstevel@tonic-gate#define	_P2_CREDENTIALLEVEL		"credentialLevel"
1647c478bdstevel@tonic-gate#define	_P2_SERVICESEARCHDESC		"serviceSearchDescriptor"
1657c478bdstevel@tonic-gate#define	_P2_SEARCHTIMELIMIT		"searchTimeLimit"
1667c478bdstevel@tonic-gate#define	_P2_BINDTIMELIMIT		"bindTimeLimit"
1677c478bdstevel@tonic-gate#define	_P2_FOLLOWREFERRALS		"followReferrals"
1687c478bdstevel@tonic-gate#define	_P2_PROFILETTL			"profileTTL"
1697c478bdstevel@tonic-gate#define	_P2_ATTRIBUTEMAP		"attributeMap"
1707c478bdstevel@tonic-gate#define	_P2_OBJECTCLASSMAP		"objectClassMap"
1717c478bdstevel@tonic-gate#define	_P2_SERVICECREDLEVEL		"serviceCredentialLevel"
1727c478bdstevel@tonic-gate#define	_P2_SERVICEAUTHMETHOD		"serviceAuthenticationMethod"
1737c478bdstevel@tonic-gate
1747c478bdstevel@tonic-gate/* Control & SASL information from RootDSE door call */
1757c478bdstevel@tonic-gate#define	_SASLMECHANISM			"supportedSASLmechanisms"
1767c478bdstevel@tonic-gate#define	_SASLMECHANISM_LEN		23
1777c478bdstevel@tonic-gate#define	_SUPPORTEDCONTROL		"supportedControl"
1787c478bdstevel@tonic-gate#define	_SUPPORTEDCONTROL_LEN		16
1797c478bdstevel@tonic-gate
1807c478bdstevel@tonic-gate#define	NS_HASH_MAX	257
1817c478bdstevel@tonic-gate#define	NS_HASH_SCHEMA_MAPPING_EXISTED	"=MAPPING EXISTED="
1827c478bdstevel@tonic-gate#define	NS_HASH_RC_SUCCESS		1
1837c478bdstevel@tonic-gate#define	NS_HASH_RC_NO_MEMORY		-1
1847c478bdstevel@tonic-gate#define	NS_HASH_RC_CONFIG_ERROR		-2
1857c478bdstevel@tonic-gate#define	NS_HASH_RC_EXISTED		-3
1867c478bdstevel@tonic-gate#define	NS_HASH_RC_SYNTAX_ERROR		-4
1877c478bdstevel@tonic-gate
1887c478bdstevel@tonic-gate/* Password management related error message from iDS ldap server */
1897c478bdstevel@tonic-gate#define	NS_PWDERR_MAXTRIES		\
1907c478bdstevel@tonic-gate	"Exceed password retry limit."
1917c478bdstevel@tonic-gate#define	NS_PWDERR_EXPIRED		\
1927c478bdstevel@tonic-gate	"password expired!"
1937c478bdstevel@tonic-gate#define	NS_PWDERR_ACCT_INACTIVATED	\
1947c478bdstevel@tonic-gate	"Account inactivated. Contact system administrator."
1957c478bdstevel@tonic-gate#define	NS_PWDERR_CHANGE_NOT_ALLOW	\
1967c478bdstevel@tonic-gate	"user is not allowed to change password"
1977c478bdstevel@tonic-gate#define	NS_PWDERR_INVALID_SYNTAX	\
1987c478bdstevel@tonic-gate	"invalid password syntax"
1997c478bdstevel@tonic-gate#define	NS_PWDERR_TRIVIAL_PASSWD	\
2007c478bdstevel@tonic-gate	"Password failed triviality check"
2017c478bdstevel@tonic-gate#define	NS_PWDERR_IN_HISTORY	\
2027c478bdstevel@tonic-gate	"password in history"
2037c478bdstevel@tonic-gate#define	NS_PWDERR_WITHIN_MIN_AGE	\
2047c478bdstevel@tonic-gate	"within password minimum age"
2057c478bdstevel@tonic-gate
2067c478bdstevel@tonic-gate/*
2077c478bdstevel@tonic-gate * INTERNALLY USED MACROS
2087c478bdstevel@tonic-gate */
2097c478bdstevel@tonic-gate
2107c478bdstevel@tonic-gatevoid	__s_api_debug_pause(int priority, int st, const char *mesg);
2117c478bdstevel@tonic-gate
2127c478bdstevel@tonic-gate#define	NULL_OR_STR(str)	(!(str) || *(str) == '\0' ? "<NULL>" : (str))
2137c478bdstevel@tonic-gate
2147c478bdstevel@tonic-gate/*
2157c478bdstevel@tonic-gate * MKERROR: builds the error structure and fills in the status and
2167c478bdstevel@tonic-gate * the message.  The message must be a freeable (non-static) string.
2177c478bdstevel@tonic-gate * If it fails to allocate memory for the error structure,
2187c478bdstevel@tonic-gate * it will return the retErr.
2197c478bdstevel@tonic-gate */
2207c478bdstevel@tonic-gate#define	MKERROR(priority, err, st, mesg, retErr) \
2217c478bdstevel@tonic-gate	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
2227c478bdstevel@tonic-gate		return (retErr); \
2237c478bdstevel@tonic-gate	(err)->message = mesg; \
2247c478bdstevel@tonic-gate	(err)->status = (st); \
2257c478bdstevel@tonic-gate	__s_api_debug_pause(priority, st, (err)->message);
2267c478bdstevel@tonic-gate
2277c478bdstevel@tonic-gate/*
2287c478bdstevel@tonic-gate * MKERROR_PWD_MGMT is almost the same as MKERROR
2297c478bdstevel@tonic-gate * except that it takes two more inputs to fill in the
2307c478bdstevel@tonic-gate * password management information part of the
2317c478bdstevel@tonic-gate * ns_ldap_error structure pointed to by err,
2327c478bdstevel@tonic-gate * and it does not log a syslog message.
2337c478bdstevel@tonic-gate */
2347c478bdstevel@tonic-gate#define	MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
2357c478bdstevel@tonic-gate	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
2367c478bdstevel@tonic-gate		return (retErr); \
2377c478bdstevel@tonic-gate	(err)->message = mesg; \
2387c478bdstevel@tonic-gate	(err)->status = (st); \
2397c478bdstevel@tonic-gate	(err)->pwd_mgmt.status = (pwd_status); \
2407c478bdstevel@tonic-gate	(err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
2417c478bdstevel@tonic-gate
2427c478bdstevel@tonic-gate#ifdef DEBUG
2437c478bdstevel@tonic-gate#define	NSLDAPTRACE(variable, setequal, message) \
2447c478bdstevel@tonic-gate	if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
2457c478bdstevel@tonic-gate		char buf[BUFSIZ]; \
2467c478bdstevel@tonic-gate		(void) snprintf(buf, BUFSIZ, message); \
2477c478bdstevel@tonic-gate		(void) write(__ldap_debug_file, buf); \
2487c478bdstevel@tonic-gate	}
2497c478bdstevel@tonic-gate#endif
2507c478bdstevel@tonic-gate
2517c478bdstevel@tonic-gate/*
2527c478bdstevel@tonic-gate * INTERNAL DATA STRUCTURES
2537c478bdstevel@tonic-gate */
2547c478bdstevel@tonic-gate
2557c478bdstevel@tonic-gate/*
2567c478bdstevel@tonic-gate * configuration entry type
2577c478bdstevel@tonic-gate */
2587c478bdstevel@tonic-gate
2597c478bdstevel@tonic-gatetypedef enum {
2607c478bdstevel@tonic-gate	SERVERCONFIG	= 1,
2617c478bdstevel@tonic-gate	CLIENTCONFIG	= 2,
2627c478bdstevel@tonic-gate	CREDCONFIG	= 3
2637c478bdstevel@tonic-gate} ns_conftype_t;
2647c478bdstevel@tonic-gate
2657c478bdstevel@tonic-gate/*
2667c478bdstevel@tonic-gate * datatype of a config entry
2677c478bdstevel@tonic-gate */
2687c478bdstevel@tonic-gate
2697c478bdstevel@tonic-gatetypedef enum {
2707c478bdstevel@tonic-gate	NS_UNKNOWN	= 0,
2717c478bdstevel@tonic-gate	CHARPTR		= 1,		/* Single character pointer */
2727c478bdstevel@tonic-gate	ARRAYCP		= 2,		/* comma sep array of char pointers */
2737c478bdstevel@tonic-gate	ARRAYAUTH	= 3,		/* Array of auths */
2747c478bdstevel@tonic-gate	TIMET		= 4,		/* time relative value (TTL) */
2757c478bdstevel@tonic-gate	INT		= 5,		/* single integer */
2767c478bdstevel@tonic-gate	SSDLIST		= 6,		/* service search descriptor */
2777c478bdstevel@tonic-gate	ATTRMAP		= 7,		/* attribute mapping */
2787c478bdstevel@tonic-gate	OBJMAP		= 8,		/* objectclass mapping */
2797c478bdstevel@tonic-gate	SERVLIST	= 9,		/* serverlist (SP sep array) */
2807c478bdstevel@tonic-gate	ARRAYCRED	= 10,		/* Array of credentialLevels */
2817c478bdstevel@tonic-gate	SAMLIST		= 11,		/* serviceAuthenticationMethod */
2827c478bdstevel@tonic-gate	SCLLIST		= 12		/* serviceCredentialLevel */
2837c478bdstevel@tonic-gate} ns_datatype_t;
2847c478bdstevel@tonic-gate
2857c478bdstevel@tonic-gatetypedef enum {
2867c478bdstevel@tonic-gate	NS_SUCCESS,
2877c478bdstevel@tonic-gate	NS_NOTFOUND,
2887c478bdstevel@tonic-gate	NS_PARSE_ERR
2897c478bdstevel@tonic-gate} ns_parse_status;
2907c478bdstevel@tonic-gate
2917c478bdstevel@tonic-gatetypedef enum {
2927c478bdstevel@tonic-gate	NS_DOOR_FMT	= 1,
2937c478bdstevel@tonic-gate	NS_LDIF_FMT	= 2,
2947c478bdstevel@tonic-gate	NS_FILE_FMT	= 3
2957c478bdstevel@tonic-gate} ns_strfmt_t;
2967c478bdstevel@tonic-gate
2977c478bdstevel@tonic-gate/*
2987c478bdstevel@tonic-gate * This enum reduces the number of version string compares
2997c478bdstevel@tonic-gate * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
3007c478bdstevel@tonic-gate */
3017c478bdstevel@tonic-gate
3027c478bdstevel@tonic-gatetypedef enum {
3037c478bdstevel@tonic-gate	NS_LDAP_V1	= 1000,
3047c478bdstevel@tonic-gate	NS_LDAP_V2	= 2000
3057c478bdstevel@tonic-gate} ns_version_t;
3067c478bdstevel@tonic-gate
3077c478bdstevel@tonic-gate/*
3087c478bdstevel@tonic-gate * enum<->string mapping construct
3097c478bdstevel@tonic-gate */
3107c478bdstevel@tonic-gate
3117c478bdstevel@tonic-gatetypedef struct ns_enum_map {
3127c478bdstevel@tonic-gate	int	value;
3137c478bdstevel@tonic-gate	char	*name;
3147c478bdstevel@tonic-gate} ns_enum_map;
3157c478bdstevel@tonic-gate
3167c478bdstevel@tonic-gate#define	ENUM2INT(x)		((int)(x))
3177c478bdstevel@tonic-gate
3187c478bdstevel@tonic-gate#define	INT2PARAMINDEXENUM(x)	((ParamIndexType)(x))
3197c478bdstevel@tonic-gate#define	INT2SEARCHREFENUM(x)	((SearchRef_t)(x))
3207c478bdstevel@tonic-gate#define	INT2SCOPEENUM(x)	((ScopeType_t)(x))
3217c478bdstevel@tonic-gate#define	INT2AUTHENUM(x)		((AuthType_t)(x))
3227c478bdstevel@tonic-gate#define	INT2SECENUM(x)		((TlsType_t)(x))
3237c478bdstevel@tonic-gate#define	INT2PREFONLYENUM(x)	((PrefOnly_t)(x))
3247c478bdstevel@tonic-gate#define	INT2CREDLEVELENUM(x)	((CredLevel_t)(x))
325dd1104fMichen Chang#define	INT2SHADOWUPDATENUM(x)	((enableShadowUpdate_t)(x))
3267c478bdstevel@tonic-gate
3277c478bdstevel@tonic-gate#define	INT2LDAPRETURN(x)	((ns_ldap_return_code)(x))
3287c478bdstevel@tonic-gate#define	INT2CONFIGRETURN(x)	((ns_ldap_config_return_code)(x))
3297c478bdstevel@tonic-gate#define	INT2PARTIALRETURN(x)	((ns_ldap_partial_return_code)(x))
3307c478bdstevel@tonic-gate
3317c478bdstevel@tonic-gate/*
3327c478bdstevel@tonic-gate * This structure maps service name to rdn components
3337c478bdstevel@tonic-gate * for use in __ns_getDNs. It also defines the SSD-to-use
3347c478bdstevel@tonic-gate * service for use in __s_api_get_SSDtoUse_service.
3357c478bdstevel@tonic-gate * The idea of an SSD-to-use service is to reduce the configuration
3367c478bdstevel@tonic-gate * complexity. For a service, which does not have its own entries in
3377c478bdstevel@tonic-gate * the LDAP directory, SSD for it is useless, and should not be set.
3387c478bdstevel@tonic-gate * But since this service must share the container with at least
3397c478bdstevel@tonic-gate * one other service which does have it own entries, the SSD for
3407c478bdstevel@tonic-gate * this other service will be shared by this service.
3417c478bdstevel@tonic-gate * This other service is called the SSD-to-use service.
3427c478bdstevel@tonic-gate *
3437c478bdstevel@tonic-gate */
3447c478bdstevel@tonic-gate
3457c478bdstevel@tonic-gatetypedef struct ns_service_map {
3467c478bdstevel@tonic-gate	char	*service;
3477c478bdstevel@tonic-gate	char	*rdn;
3487c478bdstevel@tonic-gate	char	*SSDtoUse_service;
3497c478bdstevel@tonic-gate} ns_service_map;
3507c478bdstevel@tonic-gate
3517c478bdstevel@tonic-gate/*
3527c478bdstevel@tonic-gate * This structure contains a single mapping from:
3537c478bdstevel@tonic-gate * service:orig -> list of mapped
3547c478bdstevel@tonic-gate */
3557c478bdstevel@tonic-gate
3567c478bdstevel@tonic-gatetypedef enum {
3577c478bdstevel@tonic-gate	NS_ATTR_MAP,
3587c478bdstevel@tonic-gate	NS_OBJ_MAP
3597c478bdstevel@tonic-gate} ns_maptype_t;
3607c478bdstevel@tonic-gate
3617c478bdstevel@tonic-gatetypedef struct ns_mapping {
3627c478bdstevel@tonic-gate	ns_maptype_t	type;
3637c478bdstevel@tonic-gate	char		*service;
3647c478bdstevel@tonic-gate	char		*orig;
3657c478bdstevel@tonic-gate	char		**map;
3667c478bdstevel@tonic-gate} ns_mapping_t;
3677c478bdstevel@tonic-gate
3687c478bdstevel@tonic-gate/*
3697c478bdstevel@tonic-gate * The following is the list of internal libsldap configuration data
3707c478bdstevel@tonic-gate * structures.  The configuration is populated normally once per
3717c478bdstevel@tonic-gate * application.  The assumption is that in applications can be
3727c478bdstevel@tonic-gate * relatively short lived (IE ls via nsswitch) so it is important to
3737c478bdstevel@tonic-gate * keep configuration to a minimum, but keep lookups fast.
3747c478bdstevel@tonic-gate *
3757c478bdstevel@tonic-gate * Assumptions:
3767c478bdstevel@tonic-gate * 1 configuration entry per domain, and almost always 1 domain
3777c478bdstevel@tonic-gate * per app.  Hooks exist for multiple domains per app.
3787c478bdstevel@tonic-gate *
3797c478bdstevel@tonic-gate * Configurations are read in from client file cache or from LDAP.
3807c478bdstevel@tonic-gate * Attribute/objectclass mappings are hashed to improve lookup
3817c478bdstevel@tonic-gate * speed.
3827c478bdstevel@tonic-gate */
3837c478bdstevel@tonic-gate
3847c478bdstevel@tonic-gate/*
3857c478bdstevel@tonic-gate * Hash entry types
3867c478bdstevel@tonic-gate */
3877c478bdstevel@tonic-gatetypedef enum	_ns_hashtype_t {
3887c478bdstevel@tonic-gate	NS_HASH_AMAP	= 1,		/* attr map */
3897c478bdstevel@tonic-gate	NS_HASH_RAMAP	= 2,		/* reverse attr map */
3907c478bdstevel@tonic-gate	NS_HASH_OMAP	= 3,		/* oc map */
3917c478bdstevel@tonic-gate	NS_HASH_ROMAP	= 4,		/* reverse oc map */
3927c478bdstevel@tonic-gate	NS_HASH_VOID	= 5
3937c478bdstevel@tonic-gate} ns_hashtype_t;
3947c478bdstevel@tonic-gate
3957c478bdstevel@tonic-gatetypedef struct ns_hash {
3967c478bdstevel@tonic-gate	ns_hashtype_t	h_type;
3977c478bdstevel@tonic-gate	ns_mapping_t	*h_map;
3987c478bdstevel@tonic-gate	struct ns_hash	*h_next;
3997c478bdstevel@tonic-gate	struct ns_hash	*h_llnext;
4007c478bdstevel@tonic-gate} ns_hash_t;
4017c478bdstevel@tonic-gate
4027c478bdstevel@tonic-gate/*
4037c478bdstevel@tonic-gate * This structure defines the format of an internal configuration
4047c478bdstevel@tonic-gate * parameter for ns_ldap client.
4057c478bdstevel@tonic-gate */
4067c478bdstevel@tonic-gate
4077c478bdstevel@tonic-gatetypedef struct ns_param {
4087c478bdstevel@tonic-gate	ns_datatype_t	ns_ptype;
4097c478bdstevel@tonic-gate	int		ns_acnt;
4107c478bdstevel@tonic-gate	union {
4117c478bdstevel@tonic-gate		char	**ppc;
4127c478bdstevel@tonic-gate		int	*pi;
4137c478bdstevel@tonic-gate		char	*pc;
4147c478bdstevel@tonic-gate		int	i;
4157c478bdstevel@tonic-gate		time_t	tm;
4167c478bdstevel@tonic-gate	} ns_pu;
4177c478bdstevel@tonic-gate} ns_param_t;
4187c478bdstevel@tonic-gate
4197c478bdstevel@tonic-gate#define	ns_ppc	ns_pu.ppc
4207c478bdstevel@tonic-gate#define	ns_pi	ns_pu.pi
4217c478bdstevel@tonic-gate#define	ns_pc	ns_pu.pc
4227c478bdstevel@tonic-gate#define	ns_i	ns_pu.i
4237c478bdstevel@tonic-gate#define	ns_tm	ns_pu.tm
4247c478bdstevel@tonic-gate
4257c478bdstevel@tonic-gate/*
4267c478bdstevel@tonic-gate * This structure defines an instance of a configuration structure.
4277c478bdstevel@tonic-gate * paramList contains the current ns_ldap parameter configuration
4287c478bdstevel@tonic-gate * and hashTbl contain the current attribute/objectclass mappings.
4297c478bdstevel@tonic-gate * Parameters are indexed by using the value assigned to the parameter
4307c478bdstevel@tonic-gate * in ParamIndexType.
4317c478bdstevel@tonic-gate */
4327c478bdstevel@tonic-gate
4337c478bdstevel@tonic-gatetypedef struct ns_config {
4347c478bdstevel@tonic-gate	char			*domainName;
4357c478bdstevel@tonic-gate	ns_version_t		version;
4367c478bdstevel@tonic-gate	ns_param_t		paramList[NS_LDAP_MAX_PIT_P];
4377c478bdstevel@tonic-gate	ns_hash_t		*hashTbl[NS_HASH_MAX];
4387c478bdstevel@tonic-gate	ns_hash_t		*llHead;
4397c478bdstevel@tonic-gate	ns_ldap_entry_t		*RootDSE;
4407c478bdstevel@tonic-gate	boolean_t		delete;
4417c478bdstevel@tonic-gate	mutex_t			config_mutex;
4427c478bdstevel@tonic-gate	int			nUse;
443e1dd0a2th	ldap_get_chg_cookie_t	config_cookie;
4447c478bdstevel@tonic-gate} ns_config_t;
4457c478bdstevel@tonic-gate
4467c478bdstevel@tonic-gate/*
4477c478bdstevel@tonic-gate * This structure defines the mapping of the NSCONFIGFILE file
4487c478bdstevel@tonic-gate * statements into their corresponding SolarisNamingProfile,
4497c478bdstevel@tonic-gate * Posix Mapping LDAP attributes, and to their corresponding
4507c478bdstevel@tonic-gate * ParamIndexType enum mapping.  THe ParamIndexType enum
4517c478bdstevel@tonic-gate * definitions can be found in ns_ldap.h.  This structure also
4527c478bdstevel@tonic-gate * defines the default values that are used when a value either
4537c478bdstevel@tonic-gate * does not exist or is undefined.
4547c478bdstevel@tonic-gate */
4557c478bdstevel@tonic-gate
4567c478bdstevel@tonic-gatetypedef struct ns_default_config {
4577c478bdstevel@tonic-gate	const char	*name;		/* config file parameter name */
4587c478bdstevel@tonic-gate	ParamIndexType	index;		/* config file enum index */
4597c478bdstevel@tonic-gate	ns_conftype_t	config_type;	/* CLIENT/SERVER/CREDCONFIG */
4607c478bdstevel@tonic-gate	ns_datatype_t	data_type;	/* ppc,pi,pc,int etc... */
4617c478bdstevel@tonic-gate	int		single_valued;	/* TRUE OR FALSE */
462695ef82Gordon Ross	ns_version_t	version;	/* Version # for attribute */
4637c478bdstevel@tonic-gate	const char	*profile_name;	/* profile schema attribute name */
4647c478bdstevel@tonic-gate	ns_param_t	defval;		/* config file parameter default */
4657c478bdstevel@tonic-gate	int		(*ns_verify)(ParamIndexType i,
4667c478bdstevel@tonic-gate				struct ns_default_config *def,
4677c478bdstevel@tonic-gate				ns_param_t *param,
4687c478bdstevel@tonic-gate				char *errbuf);
4697c478bdstevel@tonic-gate	ns_enum_map	*allowed;	/* allowed values */
4707c478bdstevel@tonic-gate} ns_default_config;
4717c478bdstevel@tonic-gate
4727c478bdstevel@tonic-gate
4737c478bdstevel@tonic-gate/*
4747c478bdstevel@tonic-gate * This typedef enumerates all the supported authentication
4757c478bdstevel@tonic-gate * mechanisms currently supported in this library
4767c478bdstevel@tonic-gate */
4777c478bdstevel@tonic-gate
4787c478bdstevel@tonic-gatetypedef enum EnumAuthType {
4797c478bdstevel@tonic-gate	NS_LDAP_EA_NONE				= 0,
4807c478bdstevel@tonic-gate	NS_LDAP_EA_SIMPLE			= 1,
4817c478bdstevel@tonic-gate	NS_LDAP_EA_SASL_NONE			= 2,
4827c478bdstevel@tonic-gate	NS_LDAP_EA_SASL_CRAM_MD5		= 3,
4837c478bdstevel@tonic-gate	NS_LDAP_EA_SASL_DIGEST_MD5		= 4,
4847c478bdstevel@tonic-gate	NS_LDAP_EA_SASL_DIGEST_MD5_INT		= 5,
4857c478bdstevel@tonic-gate	NS_LDAP_EA_SASL_DIGEST_MD5_CONF		= 6,
4867c478bdstevel@tonic-gate	NS_LDAP_EA_SASL_EXTERNAL		= 7,
487cb5caa9djl	NS_LDAP_EA_SASL_GSSAPI			= 8,
4887c478bdstevel@tonic-gate	NS_LDAP_EA_SASL_SPNEGO			= 9,	/* unsupported */
4897c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_NONE			= 10,
4907c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SIMPLE			= 11,
4917c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SASL_NONE		= 12,
4927c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SASL_CRAM_MD5		= 13,
4937c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SASL_DIGEST_MD5		= 14,
4947c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT	= 15,
4957c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF	= 16,
4967c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SASL_EXTERNAL		= 17,
4977c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SASL_GSSAPI		= 18,	/* unsupported */
4987c478bdstevel@tonic-gate	NS_LDAP_EA_TLS_SASL_SPNEGO		= 19	/* unsupported */
4997c478bdstevel@tonic-gate} EnumAuthType_t;
5007c478bdstevel@tonic-gate
5017c478bdstevel@tonic-gate
5027c478bdstevel@tonic-gate/*
5037c478bdstevel@tonic-gate * this enum lists the various states of the search state machine
5047c478bdstevel@tonic-gate */
5057c478bdstevel@tonic-gate
5067c478bdstevel@tonic-gatetypedef enum {
5077c478bdstevel@tonic-gate	INIT			= 1,
5087c478bdstevel@tonic-gate	EXIT			= 2,
5097c478bdstevel@tonic-gate	NEXT_SEARCH_DESCRIPTOR	= 3,
5107c478bdstevel@tonic-gate	GET_SESSION		= 4,
5117c478bdstevel@tonic-gate	NEXT_SESSION		= 5,
5127c478bdstevel@tonic-gate	RESTART_SESSION		= 6,
5137c478bdstevel@tonic-gate	NEXT_SEARCH		= 7,
5147c478bdstevel@tonic-gate	NEXT_VLV		= 8,
5157c478bdstevel@tonic-gate	NEXT_PAGE		= 9,
5167c478bdstevel@tonic-gate	ONE_SEARCH		= 10,
5177c478bdstevel@tonic-gate	DO_SEARCH		= 11,
5187c478bdstevel@tonic-gate	NEXT_RESULT		= 12,
5197c478bdstevel@tonic-gate	MULTI_RESULT		= 13,
5207c478bdstevel@tonic-gate	PROCESS_RESULT		= 14,
5217c478bdstevel@tonic-gate	END_PROCESS_RESULT	= 15,
5227c478bdstevel@tonic-gate	END_RESULT		= 16,
5237c478bdstevel@tonic-gate	NEXT_REFERRAL		= 17,
5247c478bdstevel@tonic-gate	GET_REFERRAL_SESSION	= 18,
5257c478bdstevel@tonic-gate	ERROR			= 19,
5264778924vv	LDAP_ERROR		= 20,
527699bcebmj	GET_ACCT_MGMT_INFO	= 21,
528e1dd0a2th	CLEAR_RESULTS		= 22,
529e1dd0a2th	REINIT			= 23
5307c478bdstevel@tonic-gate} ns_state_t;
5317c478bdstevel@tonic-gate
5327c478bdstevel@tonic-gate/*
5337c478bdstevel@tonic-gate * this enum lists the various states of the write state machine
5347c478bdstevel@tonic-gate */
5357c478bdstevel@tonic-gatetypedef enum {
5367c478bdstevel@tonic-gate	W_INIT			= 1,
5377c478bdstevel@tonic-gate	W_EXIT			= 2,
5387c478bdstevel@tonic-gate	GET_CONNECTION		= 3,
5397c478bdstevel@tonic-gate	SELECT_OPERATION_SYNC	= 4,
5407c478bdstevel@tonic-gate	SELECT_OPERATION_ASYNC	= 5,
5417c478bdstevel@tonic-gate	DO_ADD_SYNC		= 6,
5427c478bdstevel@tonic-gate	DO_DELETE_SYNC		= 7,
5437c478bdstevel@tonic-gate	DO_MODIFY_SYNC		= 8,
5447c478bdstevel@tonic-gate	DO_ADD_ASYNC		= 9,
5457c478bdstevel@tonic-gate	DO_DELETE_ASYNC		= 10,
5467c478bdstevel@tonic-gate	DO_MODIFY_ASYNC		= 11,
5477c478bdstevel@tonic-gate	GET_RESULT_SYNC		= 12,
5487c478bdstevel@tonic-gate	GET_RESULT_ASYNC	= 13,
5497c478bdstevel@tonic-gate	PARSE_RESULT		= 14,
5507c478bdstevel@tonic-gate	GET_REFERRAL_CONNECTION	= 15,
5517c478bdstevel@tonic-gate	W_LDAP_ERROR		= 16,
5527c478bdstevel@tonic-gate	W_ERROR			= 17
5537c478bdstevel@tonic-gate} ns_write_state_t;
5547c478bdstevel@tonic-gate
5557c478bdstevel@tonic-gate
5567c478bdstevel@tonic-gatetypedef int ConnectionID;
5577c478bdstevel@tonic-gate
5587c478bdstevel@tonic-gate/*
5599f2fd57Julian Pullen * Server side sort type. Orginally the server side sort
5609f2fd57Julian Pullen * was set to "cn uid". This did not work with AD and
5619f2fd57Julian Pullen * hence single sort attribute was odopted. We dont
5629f2fd57Julian Pullen * know which server side sort will work with the
5639f2fd57Julian Pullen * Directory and hence we discover which method works.
5649f2fd57Julian Pullen */
5659f2fd57Julian Pullentypedef enum {
5669f2fd57Julian Pullen	SSS_UNKNOWN		= 0,
5679f2fd57Julian Pullen	SSS_SINGLE_ATTR		= 1,
5689f2fd57Julian Pullen	SSS_CN_UID_ATTRS	= 2
5699f2fd57Julian Pullen} ns_srvsidesort_t;
5709f2fd57Julian Pullen
5719f2fd57Julian Pullen/*
5727c478bdstevel@tonic-gate * This structure is used by ns_connect to create and manage
5737c478bdstevel@tonic-gate * one or more ldap connections within the library.
5747c478bdstevel@tonic-gate */
5757c478bdstevel@tonic-gatetypedef struct connection {
5767c478bdstevel@tonic-gate	ConnectionID		connectionId;
577cb5caa9djl	boolean_t		usedBit;	/* true if only used by */
578cb5caa9djl						/* one thread and not shared */
579cb5caa9djl						/* by other threads */
5808277a58chinlong	pid_t			pid;		/* process id */
5817c478bdstevel@tonic-gate	char			*serverAddr;
582cb5caa9djl	ns_cred_t		*auth;
5837c478bdstevel@tonic-gate	LDAP			*ld;
5847c478bdstevel@tonic-gate	thread_t		threadID;	/* thread ID using it */
5857c478bdstevel@tonic-gate	struct ns_ldap_cookie	*cookieInfo;
586695ef82Gordon Ross	char			**controls;		/* from server_info */
5877c478bdstevel@tonic-gate	char			**saslMechanisms;	/* from server_info */
5887c478bdstevel@tonic-gate} Connection;
5897c478bdstevel@tonic-gate
5907c478bdstevel@tonic-gate#define	ONE_STEP			1
5917c478bdstevel@tonic-gate
5927c478bdstevel@tonic-gate/*
5937c478bdstevel@tonic-gate * This structure is for referrals processing.
5947c478bdstevel@tonic-gate * The data are from referral URLs returned by
5957c478bdstevel@tonic-gate * LDAP servers
5967c478bdstevel@tonic-gate */
5977c478bdstevel@tonic-gatetypedef struct ns_referral_info {
5987c478bdstevel@tonic-gate	struct ns_referral_info	*next;
5997c478bdstevel@tonic-gate	char			*refHost;
6007c478bdstevel@tonic-gate	int			refScope;
6017c478bdstevel@tonic-gate	char			*refDN;
6027c478bdstevel@tonic-gate	char			*refFilter;
6037c478bdstevel@tonic-gate} ns_referral_info_t;
6047c478bdstevel@tonic-gate
605479ac37dmstruct ns_ldap_cookie;
606479ac37dm
607479ac37dm/*
608479ac37dm * Batch used by __ns_ldap_list_batch_xxx API
609479ac37dm */
610479ac37dmstruct ns_ldap_list_batch {
611479ac37dm	uint32_t		nactive;
612479ac37dm	struct ns_ldap_cookie	*next_cookie;
613479ac37dm	struct ns_ldap_cookie	*cookie_list;
614479ac37dm};
615479ac37dm
616e1dd0a2thstruct ns_conn_user;
617e1dd0a2thtypedef struct ns_conn_user ns_conn_user_t;
618e1dd0a2th
6197c478bdstevel@tonic-gate/*
6207c478bdstevel@tonic-gate * This structure used internally in searches
6217c478bdstevel@tonic-gate */
6227c478bdstevel@tonic-gate
6237c478bdstevel@tonic-gatetypedef struct ns_ldap_cookie {
6247c478bdstevel@tonic-gate	/* INPUTS */
6257c478bdstevel@tonic-gate		/* server list position */
6267c478bdstevel@tonic-gate
6277c478bdstevel@tonic-gate		/* service search descriptor list & position */
6287c478bdstevel@tonic-gate	ns_ldap_search_desc_t  **sdlist;
6297c478bdstevel@tonic-gate	ns_ldap_search_desc_t  **sdpos;
6307c478bdstevel@tonic-gate
6317c478bdstevel@tonic-gate		/* search filter callback */
6327c478bdstevel@tonic-gate	int			use_filtercb;
633695ef82Gordon Ross	int	(*init_filter_cb)(const ns_ldap_search_desc_t *desc,
6347c478bdstevel@tonic-gate			char **realfilter, const void *userdata);
6357c478bdstevel@tonic-gate
6367c478bdstevel@tonic-gate		/* user callback */
6377c478bdstevel@tonic-gate	int			use_usercb;
6387c478bdstevel@tonic-gate	int	(*callback)(const ns_ldap_entry_t *entry,
6397c478bdstevel@tonic-gate			const void *userdata);
6407c478bdstevel@tonic-gate	const void		*userdata;
6417c478bdstevel@tonic-gate
6427c478bdstevel@tonic-gate	int			followRef;
6437c478bdstevel@tonic-gate	int			use_paging;
6447c478bdstevel@tonic-gate	char			*service;
6457c478bdstevel@tonic-gate	char			*i_filter;
6467c478bdstevel@tonic-gate	const char * const	*i_attr;
6479f2fd57Julian Pullen	const char		*i_sortattr;
6487c478bdstevel@tonic-gate	const ns_cred_t		*i_auth;
649695ef82Gordon Ross	int			i_flags;
6507c478bdstevel@tonic-gate
6517c478bdstevel@tonic-gate	/* OUTPUTS */
6527c478bdstevel@tonic-gate	ns_ldap_result_t	*result;
6537c478bdstevel@tonic-gate	ns_ldap_entry_t		*nextEntry;
6547c478bdstevel@tonic-gate		/* Error data */
6557c478bdstevel@tonic-gate	int			err_rc;
6567c478bdstevel@tonic-gate	ns_ldap_error_t		*errorp;
6577c478bdstevel@tonic-gate
6587c478bdstevel@tonic-gate	/* PRIVATE */
6597c478bdstevel@tonic-gate	ns_state_t		state;
6607c478bdstevel@tonic-gate	ns_state_t		new_state;
6617c478bdstevel@tonic-gate	ns_state_t		next_state;
6627c478bdstevel@tonic-gate
6637c478bdstevel@tonic-gate	Connection		*conn;
664e8ac3cesdussud#define	conn_auth_type	conn->auth->auth.type
6657c478bdstevel@tonic-gate	ConnectionID		connectionId;
6667c478bdstevel@tonic-gate
6677c478bdstevel@tonic-gate	/* paging VLV/SIMPLEPAGE data */
6687c478bdstevel@tonic-gate	int			listType;
6697c478bdstevel@tonic-gate	unsigned long		index;
6707c478bdstevel@tonic-gate	LDAPControl		**p_serverctrls;
6719f2fd57Julian Pullen	ns_srvsidesort_t	sortTypeTry;
6729f2fd57Julian Pullen	int			entryCount;
6737c478bdstevel@tonic-gate
6747c478bdstevel@tonic-gate	int			scope;
6757c478bdstevel@tonic-gate	char			*basedn;
6767c478bdstevel@tonic-gate	char			*filter;
6777c478bdstevel@tonic-gate	char			**attribute;
6787c478bdstevel@tonic-gate
6797c478bdstevel@tonic-gate	/* RESULT PROCESSING */
6807c478bdstevel@tonic-gate	int			msgId;
6817c478bdstevel@tonic-gate	LDAPMessage		*resultMsg;
6827c478bdstevel@tonic-gate
6837c478bdstevel@tonic-gate	char			**dns;
6847c478bdstevel@tonic-gate	char			*currentdn;
6857c478bdstevel@tonic-gate	int			flag;
686695ef82Gordon Ross	struct berval		*ctrlCookie;
6877c478bdstevel@tonic-gate
6887c478bdstevel@tonic-gate	/* REFERRALS PROCESSING */
6897c478bdstevel@tonic-gate	/* referralinfo list & position */
690695ef82Gordon Ross	ns_referral_info_t	*reflist;
691695ef82Gordon Ross	ns_referral_info_t	*refpos;
6927c478bdstevel@tonic-gate	/* search timeout value */
6937c478bdstevel@tonic-gate	struct timeval		search_timeout;
6944778924vv	/* response control to hold account management information */
6954778924vv	LDAPControl		**resultctrl;
6964778924vv	/* Flag to indicate password less account management is required */
6974778924vv	int			nopasswd_acct_mgmt;
6988277a58chinlong	int			err_from_result;
699e1dd0a2th	ns_conn_user_t		*conn_user;
700479ac37dm
701479ac37dm	/* BATCH PROCESSING */
702479ac37dm	ns_ldap_list_batch_t	*batch;
703479ac37dm	boolean_t		no_wait;
704e1dd0a2th	boolean_t		reinit_on_retriable_err;
705e1dd0a2th	int			retries;
706479ac37dm	ns_ldap_result_t	**caller_result;
707479ac37dm	ns_ldap_error_t		**caller_errorp;
708479ac37dm	int			*caller_rc;
709479ac37dm	struct ns_ldap_cookie	*next_cookie_in_batch;
7107c478bdstevel@tonic-gate} ns_ldap_cookie_t;
7117c478bdstevel@tonic-gate
7127c478bdstevel@tonic-gate/*
7137c478bdstevel@tonic-gate * This structure is part of the return value information for
7147c478bdstevel@tonic-gate * __s_api_requestServer.  The routine that requests a new server
7157c478bdstevel@tonic-gate * from the cache manager
7167c478bdstevel@tonic-gate */
7177c478bdstevel@tonic-gatetypedef struct ns_server_info {
7187c478bdstevel@tonic-gate	char	*server;
7194a6b6acchinlong	char	*serverFQDN;
720695ef82Gordon Ross	char	**controls;
7217c478bdstevel@tonic-gate	char	**saslMechanisms;
7227c478bdstevel@tonic-gate} ns_server_info_t;
7237c478bdstevel@tonic-gate
7247c478bdstevel@tonic-gate/*
725cb5caa9djl * sasl callback function parameters
726cb5caa9djl */
727cb5caa9djltypedef struct ns_sasl_cb_param {
728cb5caa9djl	char	*mech;
729cb5caa9djl	char	*authid;
730cb5caa9djl	char	*authzid;
731cb5caa9djl	char	*passwd;
732cb5caa9djl	char	*realm;
733cb5caa9djl} ns_sasl_cb_param_t;
734cb5caa9djl
735cb5caa9djl/* Multiple threads per connection variable */
736cb5caa9djlextern int MTperConn;
737cb5caa9djl
738cb5caa9djl/*
7397c478bdstevel@tonic-gate * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
7407c478bdstevel@tonic-gate */
7417c478bdstevel@tonic-gate
7427c478bdstevel@tonic-gate#ifdef DEBUG
7437c478bdstevel@tonic-gateextern int	__ldap_debug_file;
7447c478bdstevel@tonic-gateextern int	__ldap_debug_api;
7457c478bdstevel@tonic-gateextern int	__ldap_debug_ldap;
7467c478bdstevel@tonic-gateextern int	__ldap_debug_servers;
7477c478bdstevel@tonic-gate#endif
7487c478bdstevel@tonic-gate
7497c478bdstevel@tonic-gate/* internal connection APIs */
7507c478bdstevel@tonic-gatevoid DropConnection(ConnectionID, int);
7517c478bdstevel@tonic-gateint __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
7527c478bdstevel@tonic-gate
7537c478bdstevel@tonic-gateint __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
7547c478bdstevel@tonic-gatechar *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
7557c478bdstevel@tonic-gatechar *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
7567c478bdstevel@tonic-gatechar *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
7577c478bdstevel@tonic-gatechar *__s_get_pref_name(PrefOnly_t type);
7587c478bdstevel@tonic-gatechar *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
759dd1104fMichen Changchar *__s_get_shadowupdate_name(enableShadowUpdate_t type);
7607c478bdstevel@tonic-gatechar *__s_get_hostcertpath(void);
761e1dd0a2thvoid __s_api_free_sessionPool();
762e1dd0a2thint __s_api_requestServer(const char *request, const char *server,
763e1dd0a2th	ns_server_info_t *ret, ns_ldap_error_t **error,  const char *addrType);
7647c478bdstevel@tonic-gate
7657c478bdstevel@tonic-gate
7667c478bdstevel@tonic-gate/* ************ internal sldap-api functions *********** */
7677c478bdstevel@tonic-gatevoid	__ns_ldap_freeEntry(ns_ldap_entry_t *ep);
7687c478bdstevel@tonic-gatevoid	__s_api_split_key_value(char *buffer, char **name, char **value);
7697c478bdstevel@tonic-gateint	__s_api_printResult(ns_ldap_result_t *);
7707c478bdstevel@tonic-gateint	__s_api_getSearchScope(int *, ns_ldap_error_t **);
7717c478bdstevel@tonic-gateint	__s_api_getDNs(char ***, const char *,
7727c478bdstevel@tonic-gate	ns_ldap_error_t **);
7737c478bdstevel@tonic-gateint	__s_api_get_search_DNs_v1(char ***, const char *,
7747c478bdstevel@tonic-gate	ns_ldap_error_t **);
7757c478bdstevel@tonic-gateint	__s_api_getConnection(const char *, const int,
7767c478bdstevel@tonic-gate	const ns_cred_t *, int *,
777e1dd0a2th	Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
7787c478bdstevel@tonic-gatechar	**__s_api_cp2dArray(char **);
7797c478bdstevel@tonic-gatevoid	__s_api_free2dArray(char **);
7807c478bdstevel@tonic-gate
7817c478bdstevel@tonic-gateint	__s_api_isCtrlSupported(Connection *, char *);
7827c478bdstevel@tonic-gatens_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
7837c478bdstevel@tonic-gatens_auth_t  *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
784e1dd0a2thboolean_t __s_api_peruser_proc(void);
785e1dd0a2thboolean_t __s_api_nscd_proc(void);
7867c478bdstevel@tonic-gatechar	*dvalue(char *);
7877c478bdstevel@tonic-gatechar	*evalue(char *);
788e1dd0a2thns_ldap_error_t *__s_api_make_error(int, char *);
789e1dd0a2thns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
790e1dd0a2th
791e1dd0a2th/* ************ specific 'Standalone' functions ********** */
792e1dd0a2thns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
793e1dd0a2thstruct hostent *__s_api_hostname2ip(const char *name,
794e1dd0a2th				    struct hostent *result,
795e1dd0a2th				    char *buffer,
796e1dd0a2th				    int buflen,
797e1dd0a2th				    int *h_errnop);
798e1dd0a2thvoid	__s_api_setInitMode();
799e1dd0a2thvoid	__s_api_unsetInitMode();
800e1dd0a2thint	__s_api_isStandalone(void);
801e1dd0a2thint __s_api_isInitializing();
802e1dd0a2thns_ldap_return_code __s_api_findRootDSE(const char *request,
803e1dd0a2th					const char *server,
804e1dd0a2th					const char *addrType,
805e1dd0a2th					ns_server_info_t *ret,
806e1dd0a2th					ns_ldap_error_t	**error);
807e1dd0a2thns_config_t *__s_api_create_config_door_str(char *config,
808e1dd0a2th				ns_ldap_error_t **errorp);
8097c478bdstevel@tonic-gate
8107c478bdstevel@tonic-gateextern void	get_environment();
8117c478bdstevel@tonic-gate
8127c478bdstevel@tonic-gate/* internal Param APIs */
8137c478bdstevel@tonic-gateint		__ns_ldap_setParamValue(ns_config_t *ptr,
8147c478bdstevel@tonic-gate			const ParamIndexType type,
8157c478bdstevel@tonic-gate			const void *data, ns_ldap_error_t **error);
8167c478bdstevel@tonic-gateint		__s_api_get_type(const char *value, ParamIndexType *type);
8177c478bdstevel@tonic-gateint		__s_api_get_versiontype(ns_config_t *ptr, char *value,
8187c478bdstevel@tonic-gate					ParamIndexType *type);
8197c478bdstevel@tonic-gateint		__s_api_get_profiletype(char *value, ParamIndexType *type);
8207c478bdstevel@tonic-gatevoid		__s_api_init_config(ns_config_t *ptr);
821e1dd0a2thvoid		__s_api_init_config_global(ns_config_t *ptr);
8227c478bdstevel@tonic-gatens_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
8237c478bdstevel@tonic-gate					int check_dn);
8247c478bdstevel@tonic-gatens_config_t	*__s_api_create_config(void);
8257c478bdstevel@tonic-gatens_config_t	*__s_api_get_default_config(void);
826e1dd0a2thns_config_t	*__s_api_get_default_config_global(void);
8277c478bdstevel@tonic-gatens_config_t	*__s_api_loadrefresh_config();
828e1dd0a2thns_config_t	*__s_api_loadrefresh_config_global();
8297c478bdstevel@tonic-gatevoid		__s_api_destroy_config(ns_config_t *ptr);
8307c478bdstevel@tonic-gateint		__s_api_get_configtype(ParamIndexType type);
8317c478bdstevel@tonic-gateconst char	*__s_api_get_configname(ParamIndexType type);
832434c5a0Milan Jurikchar		*__s_api_strValue(ns_config_t *ptr, ParamIndexType i,
8337c478bdstevel@tonic-gate			ns_strfmt_t fmt);
8347c478bdstevel@tonic-gatevoid		__s_api_release_config(ns_config_t *cfg);
8357c478bdstevel@tonic-gate
8367c478bdstevel@tonic-gate/* internal attribute/objectclass mapping api's */
8377c478bdstevel@tonic-gateint		 __s_api_add_map2hash(ns_config_t *config,
8387c478bdstevel@tonic-gate				ns_hashtype_t type, ns_mapping_t *map);
8397c478bdstevel@tonic-gatevoid		__s_api_destroy_hash(ns_config_t *config);
8407c478bdstevel@tonic-gateint		__s_api_parse_map(char *cp, char **sid,
8417c478bdstevel@tonic-gate				char **origA, char ***mapA);
8427c478bdstevel@tonic-gatechar		**__ns_ldap_mapAttributeList(const char *service,
8437c478bdstevel@tonic-gate				const char * const *origAttrList);
8449f2fd57Julian Pullenchar		*__ns_ldap_mapAttribute(const char *service,
8459f2fd57Julian Pullen				const char *origAttr);
8467c478bdstevel@tonic-gate
8477c478bdstevel@tonic-gate/* internal configuration APIs */
8487c478bdstevel@tonic-gatevoid		__ns_ldap_setServer(int set);
8497c478bdstevel@tonic-gatens_ldap_error_t	*__ns_ldap_LoadConfiguration();
850e1dd0a2thns_ldap_error_t	*__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
851b57459aJulian Pullen				ns_config_t *new, int cred_only);
8527c478bdstevel@tonic-gatens_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
8537c478bdstevel@tonic-gatens_ldap_error_t	*__ns_ldap_DumpLdif(char *filename);
8547c478bdstevel@tonic-gateint		__ns_ldap_cache_ping();
855cb5caa9djlns_ldap_error_t *__ns_ldap_print_config(int);
856cb5caa9djlvoid		__ns_ldap_default_config();
857cb5caa9djlint		__ns_ldap_download(const char *, char *, char *,
858cb5caa9djl				ns_ldap_error_t **);
859cb5caa9djlint
860cb5caa9djl__ns_ldap_check_dns_preq(int foreground,
861cb5caa9djl		int mode_verbose,
862cb5caa9djl		int mode_quiet,
863cb5caa9djl		const char *fname,
864cb5caa9djl		ns_ldap_self_gssapi_config_t config,
865cb5caa9djl		ns_ldap_error_t **errpp);
866cb5caa9djlint
867cb5caa9djl__ns_ldap_check_gssapi_preq(int foreground,
868cb5caa9djl		int mode_verbose,
869cb5caa9djl		int mode_quiet,
870cb5caa9djl		ns_ldap_self_gssapi_config_t config,
871cb5caa9djl		ns_ldap_error_t **errpp);
872cb5caa9djlint
873cb5caa9djl__ns_ldap_check_all_preq(int foreground,
874cb5caa9djl		int mode_verbose,
875cb5caa9djl		int mode_quiet,
876cb5caa9djl		ns_ldap_self_gssapi_config_t config,
877cb5caa9djl		ns_ldap_error_t **errpp);
8787c478bdstevel@tonic-gate
8797c478bdstevel@tonic-gate/* internal un-exposed APIs */
880695ef82Gordon Rossns_cred_t	*__ns_ldap_dupAuth(const ns_cred_t *authp);
881e1dd0a2thboolean_t	__s_api_is_auth_matched(const ns_cred_t *auth1,
882e1dd0a2th		    const ns_cred_t *auth2);
8837c478bdstevel@tonic-gateint		__s_api_get_SSD_from_SSDtoUse_service(const char *service,
8847c478bdstevel@tonic-gate			ns_ldap_search_desc_t ***SSDlist,
8857c478bdstevel@tonic-gate			ns_ldap_error_t **errorp);
8867c478bdstevel@tonic-gateint		__s_api_prepend_automountmapname(const char *service,
8877c478bdstevel@tonic-gate			ns_ldap_search_desc_t ***SSDlist,
8887c478bdstevel@tonic-gate			ns_ldap_error_t ** errorp);
8897c478bdstevel@tonic-gateint		__s_api_prepend_automountmapname_to_dn(const char *service,
8907c478bdstevel@tonic-gate			char **basedn,
8917c478bdstevel@tonic-gate			ns_ldap_error_t ** errorp);
8927c478bdstevel@tonic-gateint		__s_api_convert_automountmapname(const char *service,
8937c478bdstevel@tonic-gate			char **dn, ns_ldap_error_t ** errorp);
8947c478bdstevel@tonic-gateint		__s_api_replace_mapped_attr_in_dn(
8957c478bdstevel@tonic-gate			const char *orig_attr, const char *mapped_attr,
8967c478bdstevel@tonic-gate			const char *dn, char **new_dn);
8977c478bdstevel@tonic-gateint		__s_api_append_default_basedn(
8987c478bdstevel@tonic-gate			const char *dn,
8997c478bdstevel@tonic-gate			char **new_dn,
9007c478bdstevel@tonic-gate			int *allocated,
9017c478bdstevel@tonic-gate			ns_ldap_error_t ** errorp);
902e8ac3cesdussudint		__s_api_removeServer(const char *server);
903689c2bfjangavoid		__s_api_removeBadServers(char **server);
9044a6b6acchinlongvoid		__s_api_free_server_info(ns_server_info_t *sinfo);
905e1dd0a2thvoid		__s_api_freeConnection(Connection *con);
9067c478bdstevel@tonic-gate
9077c478bdstevel@tonic-gate/* internal referrals APIs */
908695ef82Gordon Rossint		__s_api_toFollowReferrals(const int flags,
9097c478bdstevel@tonic-gate			int *toFollow,
9107c478bdstevel@tonic-gate			ns_ldap_error_t **errorp);
911695ef82Gordon Rossint		__s_api_addRefInfo(ns_referral_info_t **head,
9127c478bdstevel@tonic-gate			char *url, char *baseDN, int *scope,
9137c478bdstevel@tonic-gate			char *filter, LDAP *ld);
9147c478bdstevel@tonic-gatevoid		__s_api_deleteRefInfo(ns_referral_info_t *head);
9157c478bdstevel@tonic-gate
9167c478bdstevel@tonic-gate/* callback routine for SSD filters */
9177c478bdstevel@tonic-gateint		__s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
9187c478bdstevel@tonic-gate			char **realfilter,
9197c478bdstevel@tonic-gate			const void *userdata);
9207c478bdstevel@tonic-gate
9217c478bdstevel@tonic-gate/* network address verification api */
9227c478bdstevel@tonic-gateint		__s_api_isipv4(char *addr);
9237c478bdstevel@tonic-gateint		__s_api_isipv6(char *addr);
9247c478bdstevel@tonic-gateint		__s_api_ishost(char *addr);
9257c478bdstevel@tonic-gate
9267c478bdstevel@tonic-gate/* password management routine */
9277c478bdstevel@tonic-gatens_ldap_passwd_status_t
9287c478bdstevel@tonic-gate		__s_api_set_passwd_status(int errnum, char *errmsg);
9297c478bdstevel@tonic-gateint		__s_api_contain_passwd_control_oid(char **oids);
9307c478bdstevel@tonic-gate
9314778924vv/* password less account management routine */
9324778924vvint		__s_api_contain_account_usable_control_oid(char **oids);
9334778924vv
9347c478bdstevel@tonic-gate/* RFC 2307 section 5.6. Get a canonical name from entry */
9357c478bdstevel@tonic-gatechar		*__s_api_get_canonical_name(ns_ldap_entry_t *entry,
9367c478bdstevel@tonic-gate			ns_ldap_attr_t *attrptr, int case_ignore);
9377c478bdstevel@tonic-gate
938cb5caa9djl/* self/sasl/gssapi functions */
939cb5caa9djlint		__s_api_sasl_bind_callback(
940cb5caa9djl			LDAP		*ld,
941cb5caa9djl			unsigned	flags,
942cb5caa9djl			void		*defaults,
943cb5caa9djl			void		*in);
944cb5caa9djl
945cb5caa9djlint		__s_api_self_gssapi_only_get(void);
946cb5caa9djl
947434c5a0Milan Jurikint		__print2buf(LineBuf *line, const char *toprint, char *sep);
948434c5a0Milan Jurik
9497c478bdstevel@tonic-gate#ifdef __cplusplus
9507c478bdstevel@tonic-gate}
9517c478bdstevel@tonic-gate#endif
9527c478bdstevel@tonic-gate
9537c478bdstevel@tonic-gate#endif /* _NS_INTERNAL_H */
954