1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate 28*7c478bd9Sstevel@tonic-gate #ifndef _NS_INTERNAL_H 29*7c478bd9Sstevel@tonic-gate #define _NS_INTERNAL_H 30*7c478bd9Sstevel@tonic-gate 31*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 32*7c478bd9Sstevel@tonic-gate 33*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 34*7c478bd9Sstevel@tonic-gate extern "C" { 35*7c478bd9Sstevel@tonic-gate #endif 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate #include <stdio.h> 38*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 39*7c478bd9Sstevel@tonic-gate #include <sys/time.h> 40*7c478bd9Sstevel@tonic-gate #include <thread.h> 41*7c478bd9Sstevel@tonic-gate #include <lber.h> 42*7c478bd9Sstevel@tonic-gate #include <ldap.h> 43*7c478bd9Sstevel@tonic-gate #include "ns_sldap.h" 44*7c478bd9Sstevel@tonic-gate 45*7c478bd9Sstevel@tonic-gate /* 46*7c478bd9Sstevel@tonic-gate * INTERNALLY USED CONSTANTS 47*7c478bd9Sstevel@tonic-gate */ 48*7c478bd9Sstevel@tonic-gate 49*7c478bd9Sstevel@tonic-gate #define MAXERROR 2000 50*7c478bd9Sstevel@tonic-gate #define TRUE 1 51*7c478bd9Sstevel@tonic-gate #define FALSE 0 52*7c478bd9Sstevel@tonic-gate #define NSLDAPDIRECTORY "/var/ldap" 53*7c478bd9Sstevel@tonic-gate #define NSCONFIGFILE "/var/ldap/ldap_client_file" 54*7c478bd9Sstevel@tonic-gate #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh" 55*7c478bd9Sstevel@tonic-gate #define NSCREDFILE "/var/ldap/ldap_client_cred" 56*7c478bd9Sstevel@tonic-gate #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh" 57*7c478bd9Sstevel@tonic-gate #define ROTORSIZE 256 58*7c478bd9Sstevel@tonic-gate #define MASK 0377 59*7c478bd9Sstevel@tonic-gate #define LDAPMAXHARDLOOKUPTIME 256 60*7c478bd9Sstevel@tonic-gate #define DONOTEDIT \ 61*7c478bd9Sstevel@tonic-gate "Do not edit this file manually; your changes will be lost." \ 62*7c478bd9Sstevel@tonic-gate "Please use ldapclient (1M) instead." 63*7c478bd9Sstevel@tonic-gate #define MAXPORTNUMBER 65535 64*7c478bd9Sstevel@tonic-gate #define MAXPORTNUMBER_STR "65535" 65*7c478bd9Sstevel@tonic-gate #define CREDFILE 0 66*7c478bd9Sstevel@tonic-gate #define CONFIGFILE 1 67*7c478bd9Sstevel@tonic-gate #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))" 68*7c478bd9Sstevel@tonic-gate #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))" 69*7c478bd9Sstevel@tonic-gate #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))" 70*7c478bd9Sstevel@tonic-gate #define UIDFILTER_SSD "(&(%%s)(uid=%s))" 71*7c478bd9Sstevel@tonic-gate #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))" 72*7c478bd9Sstevel@tonic-gate #define HOSTFILTER_SSD "(&(%%s)(cn=%s))" 73*7c478bd9Sstevel@tonic-gate 74*7c478bd9Sstevel@tonic-gate #define SIMPLEPAGECTRLFLAG 1 75*7c478bd9Sstevel@tonic-gate #define VLVCTRLFLAG 2 76*7c478bd9Sstevel@tonic-gate 77*7c478bd9Sstevel@tonic-gate #define LISTPAGESIZE 1000 78*7c478bd9Sstevel@tonic-gate #define ENUMPAGESIZE 100 79*7c478bd9Sstevel@tonic-gate #define SORTKEYLIST "cn uid" 80*7c478bd9Sstevel@tonic-gate 81*7c478bd9Sstevel@tonic-gate #define DEFMAX 8 82*7c478bd9Sstevel@tonic-gate #define TOKENSEPARATOR '=' 83*7c478bd9Sstevel@tonic-gate #define QUOTETOK '"' 84*7c478bd9Sstevel@tonic-gate #define SPACETOK ' ' 85*7c478bd9Sstevel@tonic-gate #define COMMATOK ',' 86*7c478bd9Sstevel@tonic-gate #define COLONTOK ':' 87*7c478bd9Sstevel@tonic-gate #define QUESTTOK '?' 88*7c478bd9Sstevel@tonic-gate #define SEMITOK ';' 89*7c478bd9Sstevel@tonic-gate #define TABTOK '\t' 90*7c478bd9Sstevel@tonic-gate #define OPARATOK '(' 91*7c478bd9Sstevel@tonic-gate #define CPARATOK ')' 92*7c478bd9Sstevel@tonic-gate #define BSLTOK '\\' 93*7c478bd9Sstevel@tonic-gate #define DOORLINESEP "\07" 94*7c478bd9Sstevel@tonic-gate #define COMMASEP ", " 95*7c478bd9Sstevel@tonic-gate #define SPACESEP " " 96*7c478bd9Sstevel@tonic-gate #define SEMISEP ";" 97*7c478bd9Sstevel@tonic-gate #define COLONSEP ":" 98*7c478bd9Sstevel@tonic-gate #define COLSPSEP ": " 99*7c478bd9Sstevel@tonic-gate #define EQUALSEP "=" 100*7c478bd9Sstevel@tonic-gate #define EQUSPSEP "= " 101*7c478bd9Sstevel@tonic-gate #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P 102*7c478bd9Sstevel@tonic-gate #define BUFSIZE 1024 103*7c478bd9Sstevel@tonic-gate #define DEFAULTCONFIGNAME "__default_config" 104*7c478bd9Sstevel@tonic-gate #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */ 105*7c478bd9Sstevel@tonic-gate #define CRYPTMARK "{NS1}" 106*7c478bd9Sstevel@tonic-gate #define DOORBUFFERSIZE 8192 107*7c478bd9Sstevel@tonic-gate 108*7c478bd9Sstevel@tonic-gate #define LDIF_FMT_STR "%s: %s" 109*7c478bd9Sstevel@tonic-gate #define FILE_FMT_STR "%s= %s" 110*7c478bd9Sstevel@tonic-gate #define DOOR_FMT_STR "%s=%s" 111*7c478bd9Sstevel@tonic-gate 112*7c478bd9Sstevel@tonic-gate #define SESSION_CACHE_INC 8 113*7c478bd9Sstevel@tonic-gate #define CONID_OFFSET 1024 114*7c478bd9Sstevel@tonic-gate #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */ 115*7c478bd9Sstevel@tonic-gate #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */ 116*7c478bd9Sstevel@tonic-gate 117*7c478bd9Sstevel@tonic-gate /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ 118*7c478bd9Sstevel@tonic-gate #define RDNSIZE 256 119*7c478bd9Sstevel@tonic-gate 120*7c478bd9Sstevel@tonic-gate 121*7c478bd9Sstevel@tonic-gate /* Phase 1 profile information */ 122*7c478bd9Sstevel@tonic-gate #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile" 123*7c478bd9Sstevel@tonic-gate #define _PROFILE_CONTAINER "profile" 124*7c478bd9Sstevel@tonic-gate #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))" 125*7c478bd9Sstevel@tonic-gate 126*7c478bd9Sstevel@tonic-gate /* Phase 2 profile information */ 127*7c478bd9Sstevel@tonic-gate #define _PROFILE2_OBJECTCLASS "DUAConfigProfile" 128*7c478bd9Sstevel@tonic-gate 129*7c478bd9Sstevel@tonic-gate /* Common to all profiles */ 130*7c478bd9Sstevel@tonic-gate #define _P_CN "cn" 131*7c478bd9Sstevel@tonic-gate 132*7c478bd9Sstevel@tonic-gate /* Native LDAP Phase 1 Specific Profile Attributes */ 133*7c478bd9Sstevel@tonic-gate #define _P1_SERVERS "SolarisLDAPServers" 134*7c478bd9Sstevel@tonic-gate #define _P1_SEARCHBASEDN "SolarisSearchBaseDN" 135*7c478bd9Sstevel@tonic-gate #define _P1_CACHETTL "SolarisCacheTTL" 136*7c478bd9Sstevel@tonic-gate #define _P1_BINDDN "SolarisBindDN" 137*7c478bd9Sstevel@tonic-gate #define _P1_BINDPASSWORD "SolarisBindPassword" 138*7c478bd9Sstevel@tonic-gate #define _P1_AUTHMETHOD "SolarisAuthMethod" 139*7c478bd9Sstevel@tonic-gate #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity" 140*7c478bd9Sstevel@tonic-gate #define _P1_CERTIFICATEPATH "SolarisCertificatePath" 141*7c478bd9Sstevel@tonic-gate #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword" 142*7c478bd9Sstevel@tonic-gate #define _P1_DATASEARCHDN "SolarisDataSearchDN" 143*7c478bd9Sstevel@tonic-gate #define _P1_SEARCHSCOPE "SolarisSearchScope" 144*7c478bd9Sstevel@tonic-gate #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit" 145*7c478bd9Sstevel@tonic-gate #define _P1_PREFERREDSERVER "SolarisPreferredServer" 146*7c478bd9Sstevel@tonic-gate #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly" 147*7c478bd9Sstevel@tonic-gate #define _P1_SEARCHREFERRAL "SolarisSearchReferral" 148*7c478bd9Sstevel@tonic-gate #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit" 149*7c478bd9Sstevel@tonic-gate 150*7c478bd9Sstevel@tonic-gate /* Native LDAP Phase 2 Specific Profile Attributes */ 151*7c478bd9Sstevel@tonic-gate #define _P2_PREFERREDSERVER "preferredServerList" 152*7c478bd9Sstevel@tonic-gate #define _P2_DEFAULTSERVER "defaultServerList" 153*7c478bd9Sstevel@tonic-gate #define _P2_SEARCHBASEDN "defaultSearchBase" 154*7c478bd9Sstevel@tonic-gate #define _P2_SEARCHSCOPE "defaultSearchScope" 155*7c478bd9Sstevel@tonic-gate #define _P2_AUTHMETHOD "authenticationMethod" 156*7c478bd9Sstevel@tonic-gate #define _P2_CREDENTIALLEVEL "credentialLevel" 157*7c478bd9Sstevel@tonic-gate #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor" 158*7c478bd9Sstevel@tonic-gate #define _P2_SEARCHTIMELIMIT "searchTimeLimit" 159*7c478bd9Sstevel@tonic-gate #define _P2_BINDTIMELIMIT "bindTimeLimit" 160*7c478bd9Sstevel@tonic-gate #define _P2_FOLLOWREFERRALS "followReferrals" 161*7c478bd9Sstevel@tonic-gate #define _P2_PROFILETTL "profileTTL" 162*7c478bd9Sstevel@tonic-gate #define _P2_ATTRIBUTEMAP "attributeMap" 163*7c478bd9Sstevel@tonic-gate #define _P2_OBJECTCLASSMAP "objectClassMap" 164*7c478bd9Sstevel@tonic-gate #define _P2_SERVICECREDLEVEL "serviceCredentialLevel" 165*7c478bd9Sstevel@tonic-gate #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod" 166*7c478bd9Sstevel@tonic-gate 167*7c478bd9Sstevel@tonic-gate /* Control & SASL information from RootDSE door call */ 168*7c478bd9Sstevel@tonic-gate #define _SASLMECHANISM "supportedSASLmechanisms" 169*7c478bd9Sstevel@tonic-gate #define _SASLMECHANISM_LEN 23 170*7c478bd9Sstevel@tonic-gate #define _SUPPORTEDCONTROL "supportedControl" 171*7c478bd9Sstevel@tonic-gate #define _SUPPORTEDCONTROL_LEN 16 172*7c478bd9Sstevel@tonic-gate 173*7c478bd9Sstevel@tonic-gate #define NS_HASH_MAX 257 174*7c478bd9Sstevel@tonic-gate #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED=" 175*7c478bd9Sstevel@tonic-gate #define NS_HASH_RC_SUCCESS 1 176*7c478bd9Sstevel@tonic-gate #define NS_HASH_RC_NO_MEMORY -1 177*7c478bd9Sstevel@tonic-gate #define NS_HASH_RC_CONFIG_ERROR -2 178*7c478bd9Sstevel@tonic-gate #define NS_HASH_RC_EXISTED -3 179*7c478bd9Sstevel@tonic-gate #define NS_HASH_RC_SYNTAX_ERROR -4 180*7c478bd9Sstevel@tonic-gate 181*7c478bd9Sstevel@tonic-gate /* Password management related error message from iDS ldap server */ 182*7c478bd9Sstevel@tonic-gate #define NS_PWDERR_MAXTRIES \ 183*7c478bd9Sstevel@tonic-gate "Exceed password retry limit." 184*7c478bd9Sstevel@tonic-gate #define NS_PWDERR_EXPIRED \ 185*7c478bd9Sstevel@tonic-gate "password expired!" 186*7c478bd9Sstevel@tonic-gate #define NS_PWDERR_ACCT_INACTIVATED \ 187*7c478bd9Sstevel@tonic-gate "Account inactivated. Contact system administrator." 188*7c478bd9Sstevel@tonic-gate #define NS_PWDERR_CHANGE_NOT_ALLOW \ 189*7c478bd9Sstevel@tonic-gate "user is not allowed to change password" 190*7c478bd9Sstevel@tonic-gate #define NS_PWDERR_INVALID_SYNTAX \ 191*7c478bd9Sstevel@tonic-gate "invalid password syntax" 192*7c478bd9Sstevel@tonic-gate #define NS_PWDERR_TRIVIAL_PASSWD \ 193*7c478bd9Sstevel@tonic-gate "Password failed triviality check" 194*7c478bd9Sstevel@tonic-gate #define NS_PWDERR_IN_HISTORY \ 195*7c478bd9Sstevel@tonic-gate "password in history" 196*7c478bd9Sstevel@tonic-gate #define NS_PWDERR_WITHIN_MIN_AGE \ 197*7c478bd9Sstevel@tonic-gate "within password minimum age" 198*7c478bd9Sstevel@tonic-gate 199*7c478bd9Sstevel@tonic-gate /* 200*7c478bd9Sstevel@tonic-gate * INTERNALLY USED MACROS 201*7c478bd9Sstevel@tonic-gate */ 202*7c478bd9Sstevel@tonic-gate 203*7c478bd9Sstevel@tonic-gate void __s_api_debug_pause(int priority, int st, const char *mesg); 204*7c478bd9Sstevel@tonic-gate 205*7c478bd9Sstevel@tonic-gate #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str)) 206*7c478bd9Sstevel@tonic-gate 207*7c478bd9Sstevel@tonic-gate /* 208*7c478bd9Sstevel@tonic-gate * MKERROR: builds the error structure and fills in the status and 209*7c478bd9Sstevel@tonic-gate * the message. The message must be a freeable (non-static) string. 210*7c478bd9Sstevel@tonic-gate * If it fails to allocate memory for the error structure, 211*7c478bd9Sstevel@tonic-gate * it will return the retErr. 212*7c478bd9Sstevel@tonic-gate */ 213*7c478bd9Sstevel@tonic-gate #define MKERROR(priority, err, st, mesg, retErr) \ 214*7c478bd9Sstevel@tonic-gate if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 215*7c478bd9Sstevel@tonic-gate return (retErr); \ 216*7c478bd9Sstevel@tonic-gate (err)->message = mesg; \ 217*7c478bd9Sstevel@tonic-gate (err)->status = (st); \ 218*7c478bd9Sstevel@tonic-gate __s_api_debug_pause(priority, st, (err)->message); 219*7c478bd9Sstevel@tonic-gate 220*7c478bd9Sstevel@tonic-gate /* 221*7c478bd9Sstevel@tonic-gate * MKERROR_PWD_MGMT is almost the same as MKERROR 222*7c478bd9Sstevel@tonic-gate * except that it takes two more inputs to fill in the 223*7c478bd9Sstevel@tonic-gate * password management information part of the 224*7c478bd9Sstevel@tonic-gate * ns_ldap_error structure pointed to by err, 225*7c478bd9Sstevel@tonic-gate * and it does not log a syslog message. 226*7c478bd9Sstevel@tonic-gate */ 227*7c478bd9Sstevel@tonic-gate #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \ 228*7c478bd9Sstevel@tonic-gate if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \ 229*7c478bd9Sstevel@tonic-gate return (retErr); \ 230*7c478bd9Sstevel@tonic-gate (err)->message = mesg; \ 231*7c478bd9Sstevel@tonic-gate (err)->status = (st); \ 232*7c478bd9Sstevel@tonic-gate (err)->pwd_mgmt.status = (pwd_status); \ 233*7c478bd9Sstevel@tonic-gate (err)->pwd_mgmt.sec_until_expired = (sec_until_exp); 234*7c478bd9Sstevel@tonic-gate 235*7c478bd9Sstevel@tonic-gate #ifdef DEBUG 236*7c478bd9Sstevel@tonic-gate #define NSLDAPTRACE(variable, setequal, message) \ 237*7c478bd9Sstevel@tonic-gate if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \ 238*7c478bd9Sstevel@tonic-gate char buf[BUFSIZ]; \ 239*7c478bd9Sstevel@tonic-gate (void) snprintf(buf, BUFSIZ, message); \ 240*7c478bd9Sstevel@tonic-gate (void) write(__ldap_debug_file, buf); \ 241*7c478bd9Sstevel@tonic-gate } 242*7c478bd9Sstevel@tonic-gate #endif 243*7c478bd9Sstevel@tonic-gate 244*7c478bd9Sstevel@tonic-gate /* 245*7c478bd9Sstevel@tonic-gate * INTERNAL DATA STRUCTURES 246*7c478bd9Sstevel@tonic-gate */ 247*7c478bd9Sstevel@tonic-gate 248*7c478bd9Sstevel@tonic-gate /* 249*7c478bd9Sstevel@tonic-gate * configuration entry type 250*7c478bd9Sstevel@tonic-gate */ 251*7c478bd9Sstevel@tonic-gate 252*7c478bd9Sstevel@tonic-gate typedef enum { 253*7c478bd9Sstevel@tonic-gate SERVERCONFIG = 1, 254*7c478bd9Sstevel@tonic-gate CLIENTCONFIG = 2, 255*7c478bd9Sstevel@tonic-gate CREDCONFIG = 3 256*7c478bd9Sstevel@tonic-gate } ns_conftype_t; 257*7c478bd9Sstevel@tonic-gate 258*7c478bd9Sstevel@tonic-gate /* 259*7c478bd9Sstevel@tonic-gate * datatype of a config entry 260*7c478bd9Sstevel@tonic-gate */ 261*7c478bd9Sstevel@tonic-gate 262*7c478bd9Sstevel@tonic-gate typedef enum { 263*7c478bd9Sstevel@tonic-gate NS_UNKNOWN = 0, 264*7c478bd9Sstevel@tonic-gate CHARPTR = 1, /* Single character pointer */ 265*7c478bd9Sstevel@tonic-gate ARRAYCP = 2, /* comma sep array of char pointers */ 266*7c478bd9Sstevel@tonic-gate ARRAYAUTH = 3, /* Array of auths */ 267*7c478bd9Sstevel@tonic-gate TIMET = 4, /* time relative value (TTL) */ 268*7c478bd9Sstevel@tonic-gate INT = 5, /* single integer */ 269*7c478bd9Sstevel@tonic-gate SSDLIST = 6, /* service search descriptor */ 270*7c478bd9Sstevel@tonic-gate ATTRMAP = 7, /* attribute mapping */ 271*7c478bd9Sstevel@tonic-gate OBJMAP = 8, /* objectclass mapping */ 272*7c478bd9Sstevel@tonic-gate SERVLIST = 9, /* serverlist (SP sep array) */ 273*7c478bd9Sstevel@tonic-gate ARRAYCRED = 10, /* Array of credentialLevels */ 274*7c478bd9Sstevel@tonic-gate SAMLIST = 11, /* serviceAuthenticationMethod */ 275*7c478bd9Sstevel@tonic-gate SCLLIST = 12 /* serviceCredentialLevel */ 276*7c478bd9Sstevel@tonic-gate } ns_datatype_t; 277*7c478bd9Sstevel@tonic-gate 278*7c478bd9Sstevel@tonic-gate typedef enum { 279*7c478bd9Sstevel@tonic-gate NS_SUCCESS, 280*7c478bd9Sstevel@tonic-gate NS_NOTFOUND, 281*7c478bd9Sstevel@tonic-gate NS_PARSE_ERR 282*7c478bd9Sstevel@tonic-gate } ns_parse_status; 283*7c478bd9Sstevel@tonic-gate 284*7c478bd9Sstevel@tonic-gate typedef enum { 285*7c478bd9Sstevel@tonic-gate NS_DOOR_FMT = 1, 286*7c478bd9Sstevel@tonic-gate NS_LDIF_FMT = 2, 287*7c478bd9Sstevel@tonic-gate NS_FILE_FMT = 3 288*7c478bd9Sstevel@tonic-gate } ns_strfmt_t; 289*7c478bd9Sstevel@tonic-gate 290*7c478bd9Sstevel@tonic-gate /* 291*7c478bd9Sstevel@tonic-gate * This enum reduces the number of version string compares 292*7c478bd9Sstevel@tonic-gate * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2 293*7c478bd9Sstevel@tonic-gate */ 294*7c478bd9Sstevel@tonic-gate 295*7c478bd9Sstevel@tonic-gate typedef enum { 296*7c478bd9Sstevel@tonic-gate NS_LDAP_V1 = 1000, 297*7c478bd9Sstevel@tonic-gate NS_LDAP_V2 = 2000 298*7c478bd9Sstevel@tonic-gate } ns_version_t; 299*7c478bd9Sstevel@tonic-gate 300*7c478bd9Sstevel@tonic-gate /* 301*7c478bd9Sstevel@tonic-gate * enum<->string mapping construct 302*7c478bd9Sstevel@tonic-gate */ 303*7c478bd9Sstevel@tonic-gate 304*7c478bd9Sstevel@tonic-gate typedef struct ns_enum_map { 305*7c478bd9Sstevel@tonic-gate int value; 306*7c478bd9Sstevel@tonic-gate char *name; 307*7c478bd9Sstevel@tonic-gate } ns_enum_map; 308*7c478bd9Sstevel@tonic-gate 309*7c478bd9Sstevel@tonic-gate #define ENUM2INT(x) ((int)(x)) 310*7c478bd9Sstevel@tonic-gate 311*7c478bd9Sstevel@tonic-gate #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x)) 312*7c478bd9Sstevel@tonic-gate #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x)) 313*7c478bd9Sstevel@tonic-gate #define INT2SCOPEENUM(x) ((ScopeType_t)(x)) 314*7c478bd9Sstevel@tonic-gate #define INT2AUTHENUM(x) ((AuthType_t)(x)) 315*7c478bd9Sstevel@tonic-gate #define INT2SECENUM(x) ((TlsType_t)(x)) 316*7c478bd9Sstevel@tonic-gate #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x)) 317*7c478bd9Sstevel@tonic-gate #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x)) 318*7c478bd9Sstevel@tonic-gate 319*7c478bd9Sstevel@tonic-gate #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x)) 320*7c478bd9Sstevel@tonic-gate #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x)) 321*7c478bd9Sstevel@tonic-gate #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x)) 322*7c478bd9Sstevel@tonic-gate 323*7c478bd9Sstevel@tonic-gate /* 324*7c478bd9Sstevel@tonic-gate * This structure maps service name to rdn components 325*7c478bd9Sstevel@tonic-gate * for use in __ns_getDNs. It also defines the SSD-to-use 326*7c478bd9Sstevel@tonic-gate * service for use in __s_api_get_SSDtoUse_service. 327*7c478bd9Sstevel@tonic-gate * The idea of an SSD-to-use service is to reduce the configuration 328*7c478bd9Sstevel@tonic-gate * complexity. For a service, which does not have its own entries in 329*7c478bd9Sstevel@tonic-gate * the LDAP directory, SSD for it is useless, and should not be set. 330*7c478bd9Sstevel@tonic-gate * But since this service must share the container with at least 331*7c478bd9Sstevel@tonic-gate * one other service which does have it own entries, the SSD for 332*7c478bd9Sstevel@tonic-gate * this other service will be shared by this service. 333*7c478bd9Sstevel@tonic-gate * This other service is called the SSD-to-use service. 334*7c478bd9Sstevel@tonic-gate * 335*7c478bd9Sstevel@tonic-gate */ 336*7c478bd9Sstevel@tonic-gate 337*7c478bd9Sstevel@tonic-gate typedef struct ns_service_map { 338*7c478bd9Sstevel@tonic-gate char *service; 339*7c478bd9Sstevel@tonic-gate char *rdn; 340*7c478bd9Sstevel@tonic-gate char *SSDtoUse_service; 341*7c478bd9Sstevel@tonic-gate } ns_service_map; 342*7c478bd9Sstevel@tonic-gate 343*7c478bd9Sstevel@tonic-gate /* 344*7c478bd9Sstevel@tonic-gate * This structure contains a single mapping from: 345*7c478bd9Sstevel@tonic-gate * service:orig -> list of mapped 346*7c478bd9Sstevel@tonic-gate */ 347*7c478bd9Sstevel@tonic-gate 348*7c478bd9Sstevel@tonic-gate typedef enum { 349*7c478bd9Sstevel@tonic-gate NS_ATTR_MAP, 350*7c478bd9Sstevel@tonic-gate NS_OBJ_MAP 351*7c478bd9Sstevel@tonic-gate } ns_maptype_t; 352*7c478bd9Sstevel@tonic-gate 353*7c478bd9Sstevel@tonic-gate typedef struct ns_mapping { 354*7c478bd9Sstevel@tonic-gate ns_maptype_t type; 355*7c478bd9Sstevel@tonic-gate char *service; 356*7c478bd9Sstevel@tonic-gate char *orig; 357*7c478bd9Sstevel@tonic-gate char **map; 358*7c478bd9Sstevel@tonic-gate } ns_mapping_t; 359*7c478bd9Sstevel@tonic-gate 360*7c478bd9Sstevel@tonic-gate /* 361*7c478bd9Sstevel@tonic-gate * The following is the list of internal libsldap configuration data 362*7c478bd9Sstevel@tonic-gate * structures. The configuration is populated normally once per 363*7c478bd9Sstevel@tonic-gate * application. The assumption is that in applications can be 364*7c478bd9Sstevel@tonic-gate * relatively short lived (IE ls via nsswitch) so it is important to 365*7c478bd9Sstevel@tonic-gate * keep configuration to a minimum, but keep lookups fast. 366*7c478bd9Sstevel@tonic-gate * 367*7c478bd9Sstevel@tonic-gate * Assumptions: 368*7c478bd9Sstevel@tonic-gate * 1 configuration entry per domain, and almost always 1 domain 369*7c478bd9Sstevel@tonic-gate * per app. Hooks exist for multiple domains per app. 370*7c478bd9Sstevel@tonic-gate * 371*7c478bd9Sstevel@tonic-gate * Configurations are read in from client file cache or from LDAP. 372*7c478bd9Sstevel@tonic-gate * Attribute/objectclass mappings are hashed to improve lookup 373*7c478bd9Sstevel@tonic-gate * speed. 374*7c478bd9Sstevel@tonic-gate */ 375*7c478bd9Sstevel@tonic-gate 376*7c478bd9Sstevel@tonic-gate /* 377*7c478bd9Sstevel@tonic-gate * Hash entry types 378*7c478bd9Sstevel@tonic-gate */ 379*7c478bd9Sstevel@tonic-gate typedef enum _ns_hashtype_t { 380*7c478bd9Sstevel@tonic-gate NS_HASH_AMAP = 1, /* attr map */ 381*7c478bd9Sstevel@tonic-gate NS_HASH_RAMAP = 2, /* reverse attr map */ 382*7c478bd9Sstevel@tonic-gate NS_HASH_OMAP = 3, /* oc map */ 383*7c478bd9Sstevel@tonic-gate NS_HASH_ROMAP = 4, /* reverse oc map */ 384*7c478bd9Sstevel@tonic-gate NS_HASH_VOID = 5 385*7c478bd9Sstevel@tonic-gate } ns_hashtype_t; 386*7c478bd9Sstevel@tonic-gate 387*7c478bd9Sstevel@tonic-gate typedef struct ns_hash { 388*7c478bd9Sstevel@tonic-gate ns_hashtype_t h_type; 389*7c478bd9Sstevel@tonic-gate ns_mapping_t *h_map; 390*7c478bd9Sstevel@tonic-gate struct ns_hash *h_next; 391*7c478bd9Sstevel@tonic-gate struct ns_hash *h_llnext; 392*7c478bd9Sstevel@tonic-gate } ns_hash_t; 393*7c478bd9Sstevel@tonic-gate 394*7c478bd9Sstevel@tonic-gate /* 395*7c478bd9Sstevel@tonic-gate * This structure defines the format of an internal configuration 396*7c478bd9Sstevel@tonic-gate * parameter for ns_ldap client. 397*7c478bd9Sstevel@tonic-gate */ 398*7c478bd9Sstevel@tonic-gate 399*7c478bd9Sstevel@tonic-gate typedef struct ns_param { 400*7c478bd9Sstevel@tonic-gate ns_datatype_t ns_ptype; 401*7c478bd9Sstevel@tonic-gate int ns_acnt; 402*7c478bd9Sstevel@tonic-gate union { 403*7c478bd9Sstevel@tonic-gate char **ppc; 404*7c478bd9Sstevel@tonic-gate int *pi; 405*7c478bd9Sstevel@tonic-gate char *pc; 406*7c478bd9Sstevel@tonic-gate int i; 407*7c478bd9Sstevel@tonic-gate time_t tm; 408*7c478bd9Sstevel@tonic-gate } ns_pu; 409*7c478bd9Sstevel@tonic-gate } ns_param_t; 410*7c478bd9Sstevel@tonic-gate 411*7c478bd9Sstevel@tonic-gate #define ns_ppc ns_pu.ppc 412*7c478bd9Sstevel@tonic-gate #define ns_pi ns_pu.pi 413*7c478bd9Sstevel@tonic-gate #define ns_pc ns_pu.pc 414*7c478bd9Sstevel@tonic-gate #define ns_i ns_pu.i 415*7c478bd9Sstevel@tonic-gate #define ns_tm ns_pu.tm 416*7c478bd9Sstevel@tonic-gate 417*7c478bd9Sstevel@tonic-gate /* 418*7c478bd9Sstevel@tonic-gate * This structure defines an instance of a configuration structure. 419*7c478bd9Sstevel@tonic-gate * paramList contains the current ns_ldap parameter configuration 420*7c478bd9Sstevel@tonic-gate * and hashTbl contain the current attribute/objectclass mappings. 421*7c478bd9Sstevel@tonic-gate * Parameters are indexed by using the value assigned to the parameter 422*7c478bd9Sstevel@tonic-gate * in ParamIndexType. 423*7c478bd9Sstevel@tonic-gate */ 424*7c478bd9Sstevel@tonic-gate 425*7c478bd9Sstevel@tonic-gate typedef struct ns_config { 426*7c478bd9Sstevel@tonic-gate char *domainName; 427*7c478bd9Sstevel@tonic-gate ns_version_t version; 428*7c478bd9Sstevel@tonic-gate ns_param_t paramList[NS_LDAP_MAX_PIT_P]; 429*7c478bd9Sstevel@tonic-gate ns_hash_t *hashTbl[NS_HASH_MAX]; 430*7c478bd9Sstevel@tonic-gate ns_hash_t *llHead; 431*7c478bd9Sstevel@tonic-gate ns_ldap_entry_t *RootDSE; 432*7c478bd9Sstevel@tonic-gate boolean_t delete; 433*7c478bd9Sstevel@tonic-gate mutex_t config_mutex; 434*7c478bd9Sstevel@tonic-gate int nUse; 435*7c478bd9Sstevel@tonic-gate } ns_config_t; 436*7c478bd9Sstevel@tonic-gate 437*7c478bd9Sstevel@tonic-gate /* 438*7c478bd9Sstevel@tonic-gate * This structure defines the mapping of the NSCONFIGFILE file 439*7c478bd9Sstevel@tonic-gate * statements into their corresponding SolarisNamingProfile, 440*7c478bd9Sstevel@tonic-gate * Posix Mapping LDAP attributes, and to their corresponding 441*7c478bd9Sstevel@tonic-gate * ParamIndexType enum mapping. THe ParamIndexType enum 442*7c478bd9Sstevel@tonic-gate * definitions can be found in ns_ldap.h. This structure also 443*7c478bd9Sstevel@tonic-gate * defines the default values that are used when a value either 444*7c478bd9Sstevel@tonic-gate * does not exist or is undefined. 445*7c478bd9Sstevel@tonic-gate */ 446*7c478bd9Sstevel@tonic-gate 447*7c478bd9Sstevel@tonic-gate typedef struct ns_default_config { 448*7c478bd9Sstevel@tonic-gate const char *name; /* config file parameter name */ 449*7c478bd9Sstevel@tonic-gate ParamIndexType index; /* config file enum index */ 450*7c478bd9Sstevel@tonic-gate ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */ 451*7c478bd9Sstevel@tonic-gate ns_datatype_t data_type; /* ppc,pi,pc,int etc... */ 452*7c478bd9Sstevel@tonic-gate int single_valued; /* TRUE OR FALSE */ 453*7c478bd9Sstevel@tonic-gate ns_version_t version; /* Version # for attribute */ 454*7c478bd9Sstevel@tonic-gate const char *profile_name; /* profile schema attribute name */ 455*7c478bd9Sstevel@tonic-gate ns_param_t defval; /* config file parameter default */ 456*7c478bd9Sstevel@tonic-gate int (*ns_verify)(ParamIndexType i, 457*7c478bd9Sstevel@tonic-gate struct ns_default_config *def, 458*7c478bd9Sstevel@tonic-gate ns_param_t *param, 459*7c478bd9Sstevel@tonic-gate char *errbuf); 460*7c478bd9Sstevel@tonic-gate ns_enum_map *allowed; /* allowed values */ 461*7c478bd9Sstevel@tonic-gate } ns_default_config; 462*7c478bd9Sstevel@tonic-gate 463*7c478bd9Sstevel@tonic-gate 464*7c478bd9Sstevel@tonic-gate /* 465*7c478bd9Sstevel@tonic-gate * This typedef enumerates all the supported authentication 466*7c478bd9Sstevel@tonic-gate * mechanisms currently supported in this library 467*7c478bd9Sstevel@tonic-gate */ 468*7c478bd9Sstevel@tonic-gate 469*7c478bd9Sstevel@tonic-gate typedef enum EnumAuthType { 470*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_NONE = 0, 471*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SIMPLE = 1, 472*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_NONE = 2, 473*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_CRAM_MD5 = 3, 474*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_DIGEST_MD5 = 4, 475*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5, 476*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6, 477*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_EXTERNAL = 7, 478*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_GSSAPI = 8, /* unsupported */ 479*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */ 480*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_NONE = 10, 481*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SIMPLE = 11, 482*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_NONE = 12, 483*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13, 484*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14, 485*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15, 486*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16, 487*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_EXTERNAL = 17, 488*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */ 489*7c478bd9Sstevel@tonic-gate NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */ 490*7c478bd9Sstevel@tonic-gate } EnumAuthType_t; 491*7c478bd9Sstevel@tonic-gate 492*7c478bd9Sstevel@tonic-gate 493*7c478bd9Sstevel@tonic-gate /* 494*7c478bd9Sstevel@tonic-gate * this enum lists the various states of the search state machine 495*7c478bd9Sstevel@tonic-gate */ 496*7c478bd9Sstevel@tonic-gate 497*7c478bd9Sstevel@tonic-gate typedef enum { 498*7c478bd9Sstevel@tonic-gate INIT = 1, 499*7c478bd9Sstevel@tonic-gate EXIT = 2, 500*7c478bd9Sstevel@tonic-gate NEXT_SEARCH_DESCRIPTOR = 3, 501*7c478bd9Sstevel@tonic-gate GET_SESSION = 4, 502*7c478bd9Sstevel@tonic-gate NEXT_SESSION = 5, 503*7c478bd9Sstevel@tonic-gate RESTART_SESSION = 6, 504*7c478bd9Sstevel@tonic-gate NEXT_SEARCH = 7, 505*7c478bd9Sstevel@tonic-gate NEXT_VLV = 8, 506*7c478bd9Sstevel@tonic-gate NEXT_PAGE = 9, 507*7c478bd9Sstevel@tonic-gate ONE_SEARCH = 10, 508*7c478bd9Sstevel@tonic-gate DO_SEARCH = 11, 509*7c478bd9Sstevel@tonic-gate NEXT_RESULT = 12, 510*7c478bd9Sstevel@tonic-gate MULTI_RESULT = 13, 511*7c478bd9Sstevel@tonic-gate PROCESS_RESULT = 14, 512*7c478bd9Sstevel@tonic-gate END_PROCESS_RESULT = 15, 513*7c478bd9Sstevel@tonic-gate END_RESULT = 16, 514*7c478bd9Sstevel@tonic-gate NEXT_REFERRAL = 17, 515*7c478bd9Sstevel@tonic-gate GET_REFERRAL_SESSION = 18, 516*7c478bd9Sstevel@tonic-gate ERROR = 19, 517*7c478bd9Sstevel@tonic-gate LDAP_ERROR = 20 518*7c478bd9Sstevel@tonic-gate } ns_state_t; 519*7c478bd9Sstevel@tonic-gate 520*7c478bd9Sstevel@tonic-gate /* 521*7c478bd9Sstevel@tonic-gate * this enum lists the various states of the write state machine 522*7c478bd9Sstevel@tonic-gate */ 523*7c478bd9Sstevel@tonic-gate typedef enum { 524*7c478bd9Sstevel@tonic-gate W_INIT = 1, 525*7c478bd9Sstevel@tonic-gate W_EXIT = 2, 526*7c478bd9Sstevel@tonic-gate GET_CONNECTION = 3, 527*7c478bd9Sstevel@tonic-gate SELECT_OPERATION_SYNC = 4, 528*7c478bd9Sstevel@tonic-gate SELECT_OPERATION_ASYNC = 5, 529*7c478bd9Sstevel@tonic-gate DO_ADD_SYNC = 6, 530*7c478bd9Sstevel@tonic-gate DO_DELETE_SYNC = 7, 531*7c478bd9Sstevel@tonic-gate DO_MODIFY_SYNC = 8, 532*7c478bd9Sstevel@tonic-gate DO_ADD_ASYNC = 9, 533*7c478bd9Sstevel@tonic-gate DO_DELETE_ASYNC = 10, 534*7c478bd9Sstevel@tonic-gate DO_MODIFY_ASYNC = 11, 535*7c478bd9Sstevel@tonic-gate GET_RESULT_SYNC = 12, 536*7c478bd9Sstevel@tonic-gate GET_RESULT_ASYNC = 13, 537*7c478bd9Sstevel@tonic-gate PARSE_RESULT = 14, 538*7c478bd9Sstevel@tonic-gate GET_REFERRAL_CONNECTION = 15, 539*7c478bd9Sstevel@tonic-gate W_LDAP_ERROR = 16, 540*7c478bd9Sstevel@tonic-gate W_ERROR = 17 541*7c478bd9Sstevel@tonic-gate } ns_write_state_t; 542*7c478bd9Sstevel@tonic-gate 543*7c478bd9Sstevel@tonic-gate 544*7c478bd9Sstevel@tonic-gate typedef int ConnectionID; 545*7c478bd9Sstevel@tonic-gate 546*7c478bd9Sstevel@tonic-gate /* 547*7c478bd9Sstevel@tonic-gate * This structure is used by ns_connect to create and manage 548*7c478bd9Sstevel@tonic-gate * one or more ldap connections within the library. 549*7c478bd9Sstevel@tonic-gate */ 550*7c478bd9Sstevel@tonic-gate typedef struct connection { 551*7c478bd9Sstevel@tonic-gate ConnectionID connectionId; 552*7c478bd9Sstevel@tonic-gate boolean_t usedBit; 553*7c478bd9Sstevel@tonic-gate char *serverAddr; 554*7c478bd9Sstevel@tonic-gate ns_cred_t *auth; 555*7c478bd9Sstevel@tonic-gate LDAP *ld; 556*7c478bd9Sstevel@tonic-gate thread_t threadID; /* thread ID using it */ 557*7c478bd9Sstevel@tonic-gate struct ns_ldap_cookie *cookieInfo; 558*7c478bd9Sstevel@tonic-gate char **controls; /* from server_info */ 559*7c478bd9Sstevel@tonic-gate char **saslMechanisms; /* from server_info */ 560*7c478bd9Sstevel@tonic-gate } Connection; 561*7c478bd9Sstevel@tonic-gate 562*7c478bd9Sstevel@tonic-gate #define ONE_STEP 1 563*7c478bd9Sstevel@tonic-gate 564*7c478bd9Sstevel@tonic-gate /* 565*7c478bd9Sstevel@tonic-gate * This structure is for referrals processing. 566*7c478bd9Sstevel@tonic-gate * The data are from referral URLs returned by 567*7c478bd9Sstevel@tonic-gate * LDAP servers 568*7c478bd9Sstevel@tonic-gate */ 569*7c478bd9Sstevel@tonic-gate typedef struct ns_referral_info { 570*7c478bd9Sstevel@tonic-gate struct ns_referral_info *next; 571*7c478bd9Sstevel@tonic-gate char *refHost; 572*7c478bd9Sstevel@tonic-gate int refScope; 573*7c478bd9Sstevel@tonic-gate char *refDN; 574*7c478bd9Sstevel@tonic-gate char *refFilter; 575*7c478bd9Sstevel@tonic-gate } ns_referral_info_t; 576*7c478bd9Sstevel@tonic-gate 577*7c478bd9Sstevel@tonic-gate /* 578*7c478bd9Sstevel@tonic-gate * This structure used internally in searches 579*7c478bd9Sstevel@tonic-gate */ 580*7c478bd9Sstevel@tonic-gate 581*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_cookie { 582*7c478bd9Sstevel@tonic-gate /* INPUTS */ 583*7c478bd9Sstevel@tonic-gate /* server list position */ 584*7c478bd9Sstevel@tonic-gate 585*7c478bd9Sstevel@tonic-gate /* service search descriptor list & position */ 586*7c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t **sdlist; 587*7c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t **sdpos; 588*7c478bd9Sstevel@tonic-gate 589*7c478bd9Sstevel@tonic-gate /* search filter callback */ 590*7c478bd9Sstevel@tonic-gate int use_filtercb; 591*7c478bd9Sstevel@tonic-gate int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 592*7c478bd9Sstevel@tonic-gate char **realfilter, const void *userdata); 593*7c478bd9Sstevel@tonic-gate 594*7c478bd9Sstevel@tonic-gate /* user callback */ 595*7c478bd9Sstevel@tonic-gate int use_usercb; 596*7c478bd9Sstevel@tonic-gate int (*callback)(const ns_ldap_entry_t *entry, 597*7c478bd9Sstevel@tonic-gate const void *userdata); 598*7c478bd9Sstevel@tonic-gate const void *userdata; 599*7c478bd9Sstevel@tonic-gate 600*7c478bd9Sstevel@tonic-gate int followRef; 601*7c478bd9Sstevel@tonic-gate int use_paging; 602*7c478bd9Sstevel@tonic-gate char *service; 603*7c478bd9Sstevel@tonic-gate char *i_filter; 604*7c478bd9Sstevel@tonic-gate const char * const *i_attr; 605*7c478bd9Sstevel@tonic-gate const ns_cred_t *i_auth; 606*7c478bd9Sstevel@tonic-gate int i_flags; 607*7c478bd9Sstevel@tonic-gate 608*7c478bd9Sstevel@tonic-gate /* OUTPUTS */ 609*7c478bd9Sstevel@tonic-gate ns_ldap_result_t *result; 610*7c478bd9Sstevel@tonic-gate ns_ldap_entry_t *nextEntry; 611*7c478bd9Sstevel@tonic-gate /* Error data */ 612*7c478bd9Sstevel@tonic-gate int err_rc; 613*7c478bd9Sstevel@tonic-gate ns_ldap_error_t *errorp; 614*7c478bd9Sstevel@tonic-gate 615*7c478bd9Sstevel@tonic-gate /* PRIVATE */ 616*7c478bd9Sstevel@tonic-gate ns_state_t state; 617*7c478bd9Sstevel@tonic-gate ns_state_t new_state; 618*7c478bd9Sstevel@tonic-gate ns_state_t next_state; 619*7c478bd9Sstevel@tonic-gate 620*7c478bd9Sstevel@tonic-gate Connection *conn; 621*7c478bd9Sstevel@tonic-gate ConnectionID connectionId; 622*7c478bd9Sstevel@tonic-gate 623*7c478bd9Sstevel@tonic-gate /* paging VLV/SIMPLEPAGE data */ 624*7c478bd9Sstevel@tonic-gate int listType; 625*7c478bd9Sstevel@tonic-gate unsigned long index; 626*7c478bd9Sstevel@tonic-gate LDAPControl **p_serverctrls; 627*7c478bd9Sstevel@tonic-gate 628*7c478bd9Sstevel@tonic-gate int scope; 629*7c478bd9Sstevel@tonic-gate char *basedn; 630*7c478bd9Sstevel@tonic-gate char *filter; 631*7c478bd9Sstevel@tonic-gate char **attribute; 632*7c478bd9Sstevel@tonic-gate 633*7c478bd9Sstevel@tonic-gate /* RESULT PROCESSING */ 634*7c478bd9Sstevel@tonic-gate int msgId; 635*7c478bd9Sstevel@tonic-gate LDAPMessage *resultMsg; 636*7c478bd9Sstevel@tonic-gate 637*7c478bd9Sstevel@tonic-gate char **dns; 638*7c478bd9Sstevel@tonic-gate char *currentdn; 639*7c478bd9Sstevel@tonic-gate int flag; 640*7c478bd9Sstevel@tonic-gate struct berval *ctrlCookie; 641*7c478bd9Sstevel@tonic-gate 642*7c478bd9Sstevel@tonic-gate /* REFERRALS PROCESSING */ 643*7c478bd9Sstevel@tonic-gate /* referralinfo list & position */ 644*7c478bd9Sstevel@tonic-gate ns_referral_info_t *reflist; 645*7c478bd9Sstevel@tonic-gate ns_referral_info_t *refpos; 646*7c478bd9Sstevel@tonic-gate /* search timeout value */ 647*7c478bd9Sstevel@tonic-gate struct timeval search_timeout; 648*7c478bd9Sstevel@tonic-gate } ns_ldap_cookie_t; 649*7c478bd9Sstevel@tonic-gate 650*7c478bd9Sstevel@tonic-gate /* 651*7c478bd9Sstevel@tonic-gate * This structure is part of the return value information for 652*7c478bd9Sstevel@tonic-gate * __s_api_requestServer. The routine that requests a new server 653*7c478bd9Sstevel@tonic-gate * from the cache manager 654*7c478bd9Sstevel@tonic-gate */ 655*7c478bd9Sstevel@tonic-gate typedef struct ns_server_info { 656*7c478bd9Sstevel@tonic-gate char *server; 657*7c478bd9Sstevel@tonic-gate char **controls; 658*7c478bd9Sstevel@tonic-gate char **saslMechanisms; 659*7c478bd9Sstevel@tonic-gate } ns_server_info_t; 660*7c478bd9Sstevel@tonic-gate 661*7c478bd9Sstevel@tonic-gate /* 662*7c478bd9Sstevel@tonic-gate * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS 663*7c478bd9Sstevel@tonic-gate */ 664*7c478bd9Sstevel@tonic-gate 665*7c478bd9Sstevel@tonic-gate #ifdef DEBUG 666*7c478bd9Sstevel@tonic-gate extern int __ldap_debug_file; 667*7c478bd9Sstevel@tonic-gate extern int __ldap_debug_api; 668*7c478bd9Sstevel@tonic-gate extern int __ldap_debug_ldap; 669*7c478bd9Sstevel@tonic-gate extern int __ldap_debug_servers; 670*7c478bd9Sstevel@tonic-gate #endif 671*7c478bd9Sstevel@tonic-gate 672*7c478bd9Sstevel@tonic-gate /* internal connection APIs */ 673*7c478bd9Sstevel@tonic-gate void DropConnection(ConnectionID, int); 674*7c478bd9Sstevel@tonic-gate int __s_api_getServers(char *** servers, ns_ldap_error_t ** error); 675*7c478bd9Sstevel@tonic-gate 676*7c478bd9Sstevel@tonic-gate int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i); 677*7c478bd9Sstevel@tonic-gate char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type); 678*7c478bd9Sstevel@tonic-gate char *__s_get_security_name(ns_config_t *ptr, TlsType_t type); 679*7c478bd9Sstevel@tonic-gate char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type); 680*7c478bd9Sstevel@tonic-gate char *__s_get_pref_name(PrefOnly_t type); 681*7c478bd9Sstevel@tonic-gate char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type); 682*7c478bd9Sstevel@tonic-gate char *__s_get_hostcertpath(void); 683*7c478bd9Sstevel@tonic-gate 684*7c478bd9Sstevel@tonic-gate 685*7c478bd9Sstevel@tonic-gate /* ************ internal sldap-api functions *********** */ 686*7c478bd9Sstevel@tonic-gate void __ns_ldap_freeEntry(ns_ldap_entry_t *ep); 687*7c478bd9Sstevel@tonic-gate void __s_api_split_key_value(char *buffer, char **name, char **value); 688*7c478bd9Sstevel@tonic-gate int __s_api_printResult(ns_ldap_result_t *); 689*7c478bd9Sstevel@tonic-gate int __s_api_getSearchScope(int *, ns_ldap_error_t **); 690*7c478bd9Sstevel@tonic-gate int __s_api_getDNs(char ***, const char *, 691*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **); 692*7c478bd9Sstevel@tonic-gate int __s_api_get_search_DNs_v1(char ***, const char *, 693*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **); 694*7c478bd9Sstevel@tonic-gate int __s_api_getConnection(const char *, const int, 695*7c478bd9Sstevel@tonic-gate const ns_cred_t *, int *, 696*7c478bd9Sstevel@tonic-gate Connection **, ns_ldap_error_t **, int); 697*7c478bd9Sstevel@tonic-gate char **__s_api_cp2dArray(char **); 698*7c478bd9Sstevel@tonic-gate void __s_api_free2dArray(char **); 699*7c478bd9Sstevel@tonic-gate 700*7c478bd9Sstevel@tonic-gate int __s_api_isCtrlSupported(Connection *, char *); 701*7c478bd9Sstevel@tonic-gate ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result); 702*7c478bd9Sstevel@tonic-gate ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i); 703*7c478bd9Sstevel@tonic-gate char *dvalue(char *); 704*7c478bd9Sstevel@tonic-gate char *evalue(char *); 705*7c478bd9Sstevel@tonic-gate 706*7c478bd9Sstevel@tonic-gate extern void get_environment(); 707*7c478bd9Sstevel@tonic-gate 708*7c478bd9Sstevel@tonic-gate /* internal Param APIs */ 709*7c478bd9Sstevel@tonic-gate int __ns_ldap_setParamValue(ns_config_t *ptr, 710*7c478bd9Sstevel@tonic-gate const ParamIndexType type, 711*7c478bd9Sstevel@tonic-gate const void *data, ns_ldap_error_t **error); 712*7c478bd9Sstevel@tonic-gate int __s_api_get_type(const char *value, ParamIndexType *type); 713*7c478bd9Sstevel@tonic-gate int __s_api_get_versiontype(ns_config_t *ptr, char *value, 714*7c478bd9Sstevel@tonic-gate ParamIndexType *type); 715*7c478bd9Sstevel@tonic-gate int __s_api_get_profiletype(char *value, ParamIndexType *type); 716*7c478bd9Sstevel@tonic-gate void __s_api_init_config(ns_config_t *ptr); 717*7c478bd9Sstevel@tonic-gate ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr, 718*7c478bd9Sstevel@tonic-gate int check_dn); 719*7c478bd9Sstevel@tonic-gate ns_config_t *__s_api_create_config(void); 720*7c478bd9Sstevel@tonic-gate ns_config_t *__s_api_get_default_config(void); 721*7c478bd9Sstevel@tonic-gate ns_config_t *__s_api_loadrefresh_config(); 722*7c478bd9Sstevel@tonic-gate void __s_api_destroy_config(ns_config_t *ptr); 723*7c478bd9Sstevel@tonic-gate int __s_api_get_configtype(ParamIndexType type); 724*7c478bd9Sstevel@tonic-gate const char *__s_api_get_configname(ParamIndexType type); 725*7c478bd9Sstevel@tonic-gate char *__s_api_strValue(ns_config_t *ptr, char *str, 726*7c478bd9Sstevel@tonic-gate int bufsz, ParamIndexType i, 727*7c478bd9Sstevel@tonic-gate ns_strfmt_t fmt); 728*7c478bd9Sstevel@tonic-gate void __s_api_release_config(ns_config_t *cfg); 729*7c478bd9Sstevel@tonic-gate 730*7c478bd9Sstevel@tonic-gate /* internal attribute/objectclass mapping api's */ 731*7c478bd9Sstevel@tonic-gate int __s_api_add_map2hash(ns_config_t *config, 732*7c478bd9Sstevel@tonic-gate ns_hashtype_t type, ns_mapping_t *map); 733*7c478bd9Sstevel@tonic-gate void __s_api_destroy_hash(ns_config_t *config); 734*7c478bd9Sstevel@tonic-gate int __s_api_parse_map(char *cp, char **sid, 735*7c478bd9Sstevel@tonic-gate char **origA, char ***mapA); 736*7c478bd9Sstevel@tonic-gate char **__ns_ldap_mapAttributeList(const char *service, 737*7c478bd9Sstevel@tonic-gate const char * const *origAttrList); 738*7c478bd9Sstevel@tonic-gate 739*7c478bd9Sstevel@tonic-gate /* internal configuration APIs */ 740*7c478bd9Sstevel@tonic-gate void __ns_ldap_setServer(int set); 741*7c478bd9Sstevel@tonic-gate ns_ldap_error_t *__ns_ldap_LoadConfiguration(); 742*7c478bd9Sstevel@tonic-gate ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname); 743*7c478bd9Sstevel@tonic-gate ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename); 744*7c478bd9Sstevel@tonic-gate ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename); 745*7c478bd9Sstevel@tonic-gate int __ns_ldap_cache_ping(); 746*7c478bd9Sstevel@tonic-gate 747*7c478bd9Sstevel@tonic-gate /* internal un-exposed APIs */ 748*7c478bd9Sstevel@tonic-gate ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp); 749*7c478bd9Sstevel@tonic-gate int __s_api_get_SSD_from_SSDtoUse_service(const char *service, 750*7c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t ***SSDlist, 751*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 752*7c478bd9Sstevel@tonic-gate int __s_api_prepend_automountmapname(const char *service, 753*7c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t ***SSDlist, 754*7c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 755*7c478bd9Sstevel@tonic-gate int __s_api_prepend_automountmapname_to_dn(const char *service, 756*7c478bd9Sstevel@tonic-gate char **basedn, 757*7c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 758*7c478bd9Sstevel@tonic-gate int __s_api_convert_automountmapname(const char *service, 759*7c478bd9Sstevel@tonic-gate char **dn, ns_ldap_error_t ** errorp); 760*7c478bd9Sstevel@tonic-gate int __s_api_replace_mapped_attr_in_dn( 761*7c478bd9Sstevel@tonic-gate const char *orig_attr, const char *mapped_attr, 762*7c478bd9Sstevel@tonic-gate const char *dn, char **new_dn); 763*7c478bd9Sstevel@tonic-gate int __s_api_append_default_basedn( 764*7c478bd9Sstevel@tonic-gate const char *dn, 765*7c478bd9Sstevel@tonic-gate char **new_dn, 766*7c478bd9Sstevel@tonic-gate int *allocated, 767*7c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 768*7c478bd9Sstevel@tonic-gate void __s_api_removeServer(const char *server); 769*7c478bd9Sstevel@tonic-gate 770*7c478bd9Sstevel@tonic-gate /* internal referrals APIs */ 771*7c478bd9Sstevel@tonic-gate int __s_api_toFollowReferrals(const int flags, 772*7c478bd9Sstevel@tonic-gate int *toFollow, 773*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 774*7c478bd9Sstevel@tonic-gate int __s_api_addRefInfo(ns_referral_info_t **head, 775*7c478bd9Sstevel@tonic-gate char *url, char *baseDN, int *scope, 776*7c478bd9Sstevel@tonic-gate char *filter, LDAP *ld); 777*7c478bd9Sstevel@tonic-gate void __s_api_deleteRefInfo(ns_referral_info_t *head); 778*7c478bd9Sstevel@tonic-gate 779*7c478bd9Sstevel@tonic-gate /* callback routine for SSD filters */ 780*7c478bd9Sstevel@tonic-gate int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc, 781*7c478bd9Sstevel@tonic-gate char **realfilter, 782*7c478bd9Sstevel@tonic-gate const void *userdata); 783*7c478bd9Sstevel@tonic-gate 784*7c478bd9Sstevel@tonic-gate /* network address verification api */ 785*7c478bd9Sstevel@tonic-gate int __s_api_isipv4(char *addr); 786*7c478bd9Sstevel@tonic-gate int __s_api_isipv6(char *addr); 787*7c478bd9Sstevel@tonic-gate int __s_api_ishost(char *addr); 788*7c478bd9Sstevel@tonic-gate 789*7c478bd9Sstevel@tonic-gate /* password management routine */ 790*7c478bd9Sstevel@tonic-gate ns_ldap_passwd_status_t 791*7c478bd9Sstevel@tonic-gate __s_api_set_passwd_status(int errnum, char *errmsg); 792*7c478bd9Sstevel@tonic-gate int __s_api_contain_passwd_control_oid(char **oids); 793*7c478bd9Sstevel@tonic-gate 794*7c478bd9Sstevel@tonic-gate /* RFC 2307 section 5.6. Get a canonical name from entry */ 795*7c478bd9Sstevel@tonic-gate char *__s_api_get_canonical_name(ns_ldap_entry_t *entry, 796*7c478bd9Sstevel@tonic-gate ns_ldap_attr_t *attrptr, int case_ignore); 797*7c478bd9Sstevel@tonic-gate 798*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 799*7c478bd9Sstevel@tonic-gate } 800*7c478bd9Sstevel@tonic-gate #endif 801*7c478bd9Sstevel@tonic-gate 802*7c478bd9Sstevel@tonic-gate #endif /* _NS_INTERNAL_H */ 803