/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
#ifndef _NS_INTERNAL_H
#define _NS_INTERNAL_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdio.h>
#include <thread.h>
#include <lber.h>
#include <ldap.h>
#include "ns_sldap.h"
#include "ns_cache_door.h"
/*
* INTERNALLY USED CONSTANTS
*/
#define FALSE 0
#define DONOTEDIT \
"Do not edit this file manually; your changes will be lost." \
"Please use ldapclient (1M) instead."
#define CREDFILE 0
/* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
/*
* special service used by ldap_cachemgr to indicate a shadow update
* is to be done with the credential of the administrator identity
*/
/* Phase 1 profile information */
/* Phase 2 profile information */
/* Common to all profiles */
/* Native LDAP Phase 1 Specific Profile Attributes */
/* Native LDAP Phase 2 Specific Profile Attributes */
/* Control & SASL information from RootDSE door call */
/* Password management related error message from iDS ldap server */
#define NS_PWDERR_MAXTRIES \
"Exceed password retry limit."
#define NS_PWDERR_EXPIRED \
"password expired!"
#define NS_PWDERR_ACCT_INACTIVATED \
"Account inactivated. Contact system administrator."
#define NS_PWDERR_CHANGE_NOT_ALLOW \
"user is not allowed to change password"
#define NS_PWDERR_INVALID_SYNTAX \
"invalid password syntax"
#define NS_PWDERR_TRIVIAL_PASSWD \
"Password failed triviality check"
#define NS_PWDERR_IN_HISTORY \
"password in history"
#define NS_PWDERR_WITHIN_MIN_AGE \
"within password minimum age"
/*
* INTERNALLY USED MACROS
*/
/*
* MKERROR: builds the error structure and fills in the status and
* the message. The message must be a freeable (non-static) string.
* If it fails to allocate memory for the error structure,
* it will return the retErr.
*/
return (retErr); \
/*
* MKERROR_PWD_MGMT is almost the same as MKERROR
* except that it takes two more inputs to fill in the
* password management information part of the
* ns_ldap_error structure pointed to by err,
* and it does not log a syslog message.
*/
return (retErr); \
#ifdef DEBUG
}
#endif
/*
* INTERNAL DATA STRUCTURES
*/
/*
* configuration entry type
*/
typedef enum {
/*
* datatype of a config entry
*/
typedef enum {
NS_UNKNOWN = 0,
typedef enum {
typedef enum {
} ns_strfmt_t;
/*
* This enum reduces the number of version string compares
* against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
*/
typedef enum {
} ns_version_t;
/*
* enum<->string mapping construct
*/
typedef struct ns_enum_map {
int value;
char *name;
} ns_enum_map;
#define ENUM2INT(x) ((int)(x))
/*
* This structure maps service name to rdn components
* for use in __ns_getDNs. It also defines the SSD-to-use
* service for use in __s_api_get_SSDtoUse_service.
* The idea of an SSD-to-use service is to reduce the configuration
* complexity. For a service, which does not have its own entries in
* the LDAP directory, SSD for it is useless, and should not be set.
* But since this service must share the container with at least
* one other service which does have it own entries, the SSD for
* this other service will be shared by this service.
* This other service is called the SSD-to-use service.
*
*/
typedef struct ns_service_map {
char *service;
char *rdn;
char *SSDtoUse_service;
/*
* This structure contains a single mapping from:
* service:orig -> list of mapped
*/
typedef enum {
} ns_maptype_t;
typedef struct ns_mapping {
char *service;
char *orig;
char **map;
} ns_mapping_t;
/*
* The following is the list of internal libsldap configuration data
* structures. The configuration is populated normally once per
* application. The assumption is that in applications can be
* relatively short lived (IE ls via nsswitch) so it is important to
* keep configuration to a minimum, but keep lookups fast.
*
* Assumptions:
* 1 configuration entry per domain, and almost always 1 domain
* per app. Hooks exist for multiple domains per app.
*
* Configurations are read in from client file cache or from LDAP.
* Attribute/objectclass mappings are hashed to improve lookup
* speed.
*/
/*
* Hash entry types
*/
typedef enum _ns_hashtype_t {
typedef struct ns_hash {
} ns_hash_t;
/*
* This structure defines the format of an internal configuration
* parameter for ns_ldap client.
*/
typedef struct ns_param {
int ns_acnt;
union {
char **ppc;
int *pi;
char *pc;
int i;
} ns_pu;
} ns_param_t;
/*
* This structure defines an instance of a configuration structure.
* paramList contains the current ns_ldap parameter configuration
* and hashTbl contain the current attribute/objectclass mappings.
* Parameters are indexed by using the value assigned to the parameter
* in ParamIndexType.
*/
typedef struct ns_config {
char *domainName;
int nUse;
} ns_config_t;
/*
* This structure defines the mapping of the NSCONFIGFILE file
* statements into their corresponding SolarisNamingProfile,
* Posix Mapping LDAP attributes, and to their corresponding
* ParamIndexType enum mapping. THe ParamIndexType enum
* definitions can be found in ns_ldap.h. This structure also
* defines the default values that are used when a value either
* does not exist or is undefined.
*/
typedef struct ns_default_config {
struct ns_default_config *def,
char *errbuf);
/*
* This typedef enumerates all the supported authentication
* mechanisms currently supported in this library
*/
typedef enum EnumAuthType {
NS_LDAP_EA_NONE = 0,
/*
* this enum lists the various states of the search state machine
*/
typedef enum {
} ns_state_t;
/*
* this enum lists the various states of the write state machine
*/
typedef enum {
typedef int ConnectionID;
/*
* Server side sort type. Orginally the server side sort
* was set to "cn uid". This did not work with AD and
* hence single sort attribute was odopted. We dont
* know which server side sort will work with the
* Directory and hence we discover which method works.
*/
typedef enum {
SSS_UNKNOWN = 0,
/*
* This structure is used by ns_connect to create and manage
* one or more ldap connections within the library.
*/
typedef struct connection {
/* one thread and not shared */
/* by other threads */
char *serverAddr;
} Connection;
/*
* This structure is for referrals processing.
* The data are from referral URLs returned by
* LDAP servers
*/
typedef struct ns_referral_info {
char *refHost;
int refScope;
char *refDN;
char *refFilter;
struct ns_ldap_cookie;
/*
* Batch used by __ns_ldap_list_batch_xxx API
*/
struct ns_ldap_list_batch {
};
struct ns_conn_user;
/*
* This structure used internally in searches
*/
typedef struct ns_ldap_cookie {
/* INPUTS */
/* server list position */
/* service search descriptor list & position */
/* search filter callback */
int use_filtercb;
char **realfilter, const void *userdata);
/* user callback */
int use_usercb;
const void *userdata);
const void *userdata;
int followRef;
int use_paging;
char *service;
char *i_filter;
const char * const *i_attr;
const char *i_sortattr;
int i_flags;
/* OUTPUTS */
/* Error data */
int err_rc;
/* PRIVATE */
/* paging VLV/SIMPLEPAGE data */
int listType;
unsigned long index;
int entryCount;
int scope;
char *basedn;
char *filter;
char **attribute;
/* RESULT PROCESSING */
int msgId;
char **dns;
char *currentdn;
int flag;
/* REFERRALS PROCESSING */
/* referralinfo list & position */
/* search timeout value */
/* response control to hold account management information */
/* Flag to indicate password less account management is required */
int nopasswd_acct_mgmt;
int err_from_result;
/* BATCH PROCESSING */
int retries;
int *caller_rc;
/*
* This structure is part of the return value information for
* __s_api_requestServer. The routine that requests a new server
* from the cache manager
*/
typedef struct ns_server_info {
char *server;
char *serverFQDN;
char **controls;
char **saslMechanisms;
/*
* sasl callback function parameters
*/
typedef struct ns_sasl_cb_param {
char *mech;
char *authid;
char *authzid;
char *passwd;
char *realm;
/* Multiple threads per connection variable */
extern int MTperConn;
/*
* INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
*/
#ifdef DEBUG
extern int __ldap_debug_file;
extern int __ldap_debug_api;
extern int __ldap_debug_ldap;
extern int __ldap_debug_servers;
#endif
/* internal connection APIs */
void DropConnection(ConnectionID, int);
char *__s_get_hostcertpath(void);
void __s_api_free_sessionPool();
/* ************ internal sldap-api functions *********** */
int __s_api_printResult(ns_ldap_result_t *);
int __s_api_getSearchScope(int *, ns_ldap_error_t **);
int __s_api_getDNs(char ***, const char *,
ns_ldap_error_t **);
int __s_api_get_search_DNs_v1(char ***, const char *,
ns_ldap_error_t **);
int __s_api_getConnection(const char *, const int,
const ns_cred_t *, int *,
char **__s_api_cp2dArray(char **);
void __s_api_free2dArray(char **);
int __s_api_isCtrlSupported(Connection *, char *);
boolean_t __s_api_peruser_proc(void);
boolean_t __s_api_nscd_proc(void);
char *dvalue(char *);
char *evalue(char *);
ns_ldap_error_t *__s_api_make_error(int, char *);
/* ************ specific 'Standalone' functions ********** */
char *buffer,
int buflen,
int *h_errnop);
void __s_api_setInitMode();
void __s_api_unsetInitMode();
int __s_api_isStandalone(void);
int __s_api_isInitializing();
const char *server,
const char *addrType,
ns_ldap_error_t **error);
extern void get_environment();
/* internal Param APIs */
const ParamIndexType type,
int check_dn);
ns_config_t *__s_api_create_config(void);
/* internal attribute/objectclass mapping api's */
char **__ns_ldap_mapAttributeList(const char *service,
const char * const *origAttrList);
char *__ns_ldap_mapAttribute(const char *service,
const char *origAttr);
/* internal configuration APIs */
void __ns_ldap_setServer(int set);
int __ns_ldap_cache_ping();
void __ns_ldap_default_config();
int __ns_ldap_download(const char *, char *, char *,
ns_ldap_error_t **);
int
int mode_verbose,
int mode_quiet,
const char *fname,
ns_ldap_error_t **errpp);
int
int mode_verbose,
int mode_quiet,
ns_ldap_error_t **errpp);
int
int mode_verbose,
int mode_quiet,
ns_ldap_error_t **errpp);
/* internal un-exposed APIs */
int __s_api_get_SSD_from_SSDtoUse_service(const char *service,
int __s_api_prepend_automountmapname(const char *service,
ns_ldap_error_t ** errorp);
int __s_api_prepend_automountmapname_to_dn(const char *service,
char **basedn,
ns_ldap_error_t ** errorp);
int __s_api_convert_automountmapname(const char *service,
const char *orig_attr, const char *mapped_attr,
const char *dn,
char **new_dn,
int *allocated,
ns_ldap_error_t ** errorp);
int __s_api_removeServer(const char *server);
void __s_api_removeBadServers(char **server);
/* internal referrals APIs */
int __s_api_toFollowReferrals(const int flags,
int *toFollow,
/* callback routine for SSD filters */
char **realfilter,
const void *userdata);
/* network address verification api */
int __s_api_isipv4(char *addr);
int __s_api_isipv6(char *addr);
int __s_api_ishost(char *addr);
/* password management routine */
int __s_api_contain_passwd_control_oid(char **oids);
/* password less account management routine */
int __s_api_contain_account_usable_control_oid(char **oids);
/* RFC 2307 section 5.6. Get a canonical name from entry */
unsigned flags,
void *defaults,
void *in);
int __s_api_self_gssapi_only_get(void);
#ifdef __cplusplus
}
#endif
#endif /* _NS_INTERNAL_H */