ns_internal.h revision e1dd0a2f3a26050d1f183c1cafae42c4e3a0b57e
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _NS_INTERNAL_H
#define _NS_INTERNAL_H
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef __cplusplus
extern "C" {
#endif
#include <stdio.h>
#include <thread.h>
#include <lber.h>
#include <ldap.h>
#include "ns_sldap.h"
#include "ns_cache_door.h"
/*
* INTERNALLY USED CONSTANTS
*/
#define MAXERROR 2000
#define TRUE 1
#define FALSE 0
#define NSLDAPDIRECTORY "/var/ldap"
#define NSCONFIGFILE "/var/ldap/ldap_client_file"
#define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh"
#define NSCREDFILE "/var/ldap/ldap_client_cred"
#define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh"
#define ROTORSIZE 256
#define MASK 0377
#define LDAPMAXHARDLOOKUPTIME 256
#define DONOTEDIT \
"Do not edit this file manually; your changes will be lost." \
"Please use ldapclient (1M) instead."
#define MAXPORTNUMBER 65535
#define MAXPORTNUMBER_STR "65535"
#define CREDFILE 0
#define CONFIGFILE 1
#define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))"
#define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))"
#define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))"
#define UIDFILTER_SSD "(&(%%s)(uid=%s))"
#define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))"
#define HOSTFILTER_SSD "(&(%%s)(cn=%s))"
#define SIMPLEPAGECTRLFLAG 1
#define VLVCTRLFLAG 2
#define LISTPAGESIZE 1000
#define ENUMPAGESIZE 100
#define SORTKEYLIST "cn uid"
#define DEFMAX 8
#define TOKENSEPARATOR '='
#define QUOTETOK '"'
#define SPACETOK ' '
#define COMMATOK ','
#define COLONTOK ':'
#define QUESTTOK '?'
#define SEMITOK ';'
#define TABTOK '\t'
#define OPARATOK '('
#define CPARATOK ')'
#define BSLTOK '\\'
#define DOORLINESEP "\07"
#define DOORLINESEP_CHR 0x7
#define COMMASEP ", "
#define SPACESEP " "
#define SEMISEP ";"
#define COLONSEP ":"
#define COLSPSEP ": "
#define EQUALSEP "="
#define EQUSPSEP "= "
#define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P
#define BUFSIZE 1024
#define DEFAULTCONFIGNAME "__default_config"
#define CRYPTMARK "{NS1}"
#define DOORBUFFERSIZE 8192
#define LDIF_FMT_STR "%s: %s"
#define FILE_FMT_STR "%s= %s"
#define DOOR_FMT_STR "%s=%s"
#define SESSION_CACHE_INC 8
#define CONID_OFFSET 1024
/* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
#define RDNSIZE 256
/* Phase 1 profile information */
#define _PROFILE1_OBJECTCLASS "SolarisNamingProfile"
#define _PROFILE_CONTAINER "profile"
#define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
/* Phase 2 profile information */
#define _PROFILE2_OBJECTCLASS "DUAConfigProfile"
/* Common to all profiles */
#define _P_CN "cn"
/* Native LDAP Phase 1 Specific Profile Attributes */
#define _P1_SERVERS "SolarisLDAPServers"
#define _P1_SEARCHBASEDN "SolarisSearchBaseDN"
#define _P1_CACHETTL "SolarisCacheTTL"
#define _P1_BINDDN "SolarisBindDN"
#define _P1_BINDPASSWORD "SolarisBindPassword"
#define _P1_AUTHMETHOD "SolarisAuthMethod"
#define _P1_TRANSPORTSECURITY "SolarisTransportSecurity"
#define _P1_CERTIFICATEPATH "SolarisCertificatePath"
#define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword"
#define _P1_DATASEARCHDN "SolarisDataSearchDN"
#define _P1_SEARCHSCOPE "SolarisSearchScope"
#define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit"
#define _P1_PREFERREDSERVER "SolarisPreferredServer"
#define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly"
#define _P1_SEARCHREFERRAL "SolarisSearchReferral"
#define _P1_BINDTIMELIMIT "SolarisBindTimeLimit"
/* Native LDAP Phase 2 Specific Profile Attributes */
#define _P2_PREFERREDSERVER "preferredServerList"
#define _P2_DEFAULTSERVER "defaultServerList"
#define _P2_SEARCHBASEDN "defaultSearchBase"
#define _P2_SEARCHSCOPE "defaultSearchScope"
#define _P2_AUTHMETHOD "authenticationMethod"
#define _P2_CREDENTIALLEVEL "credentialLevel"
#define _P2_SERVICESEARCHDESC "serviceSearchDescriptor"
#define _P2_SEARCHTIMELIMIT "searchTimeLimit"
#define _P2_BINDTIMELIMIT "bindTimeLimit"
#define _P2_FOLLOWREFERRALS "followReferrals"
#define _P2_PROFILETTL "profileTTL"
#define _P2_ATTRIBUTEMAP "attributeMap"
#define _P2_OBJECTCLASSMAP "objectClassMap"
#define _P2_SERVICECREDLEVEL "serviceCredentialLevel"
#define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod"
/* Control & SASL information from RootDSE door call */
#define _SASLMECHANISM "supportedSASLmechanisms"
#define _SASLMECHANISM_LEN 23
#define _SUPPORTEDCONTROL "supportedControl"
#define _SUPPORTEDCONTROL_LEN 16
#define NS_HASH_MAX 257
#define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED="
#define NS_HASH_RC_SUCCESS 1
#define NS_HASH_RC_NO_MEMORY -1
#define NS_HASH_RC_CONFIG_ERROR -2
#define NS_HASH_RC_EXISTED -3
#define NS_HASH_RC_SYNTAX_ERROR -4
/* Password management related error message from iDS ldap server */
#define NS_PWDERR_MAXTRIES \
"Exceed password retry limit."
#define NS_PWDERR_EXPIRED \
"password expired!"
#define NS_PWDERR_ACCT_INACTIVATED \
"Account inactivated. Contact system administrator."
#define NS_PWDERR_CHANGE_NOT_ALLOW \
"user is not allowed to change password"
#define NS_PWDERR_INVALID_SYNTAX \
"invalid password syntax"
#define NS_PWDERR_TRIVIAL_PASSWD \
"Password failed triviality check"
#define NS_PWDERR_IN_HISTORY \
"password in history"
#define NS_PWDERR_WITHIN_MIN_AGE \
"within password minimum age"
/*
* INTERNALLY USED MACROS
*/
/*
* MKERROR: builds the error structure and fills in the status and
* the message. The message must be a freeable (non-static) string.
* If it fails to allocate memory for the error structure,
* it will return the retErr.
*/
return (retErr); \
/*
* MKERROR_PWD_MGMT is almost the same as MKERROR
* except that it takes two more inputs to fill in the
* password management information part of the
* ns_ldap_error structure pointed to by err,
* and it does not log a syslog message.
*/
return (retErr); \
#ifdef DEBUG
}
#endif
/*
* INTERNAL DATA STRUCTURES
*/
/*
* configuration entry type
*/
typedef enum {
SERVERCONFIG = 1,
CLIENTCONFIG = 2,
CREDCONFIG = 3
/*
* datatype of a config entry
*/
typedef enum {
NS_UNKNOWN = 0,
typedef enum {
typedef enum {
NS_DOOR_FMT = 1,
NS_LDIF_FMT = 2,
NS_FILE_FMT = 3
} ns_strfmt_t;
/*
* This enum reduces the number of version string compares
* against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
*/
typedef enum {
NS_LDAP_V1 = 1000,
NS_LDAP_V2 = 2000
} ns_version_t;
/*
* enum<->string mapping construct
*/
typedef struct ns_enum_map {
int value;
char *name;
} ns_enum_map;
#define ENUM2INT(x) ((int)(x))
#define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x))
#define INT2SEARCHREFENUM(x) ((SearchRef_t)(x))
#define INT2SCOPEENUM(x) ((ScopeType_t)(x))
#define INT2AUTHENUM(x) ((AuthType_t)(x))
#define INT2SECENUM(x) ((TlsType_t)(x))
#define INT2PREFONLYENUM(x) ((PrefOnly_t)(x))
#define INT2CREDLEVELENUM(x) ((CredLevel_t)(x))
#define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x))
#define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x))
#define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x))
/*
* This structure maps service name to rdn components
* for use in __ns_getDNs. It also defines the SSD-to-use
* service for use in __s_api_get_SSDtoUse_service.
* The idea of an SSD-to-use service is to reduce the configuration
* complexity. For a service, which does not have its own entries in
* the LDAP directory, SSD for it is useless, and should not be set.
* But since this service must share the container with at least
* one other service which does have it own entries, the SSD for
* this other service will be shared by this service.
* This other service is called the SSD-to-use service.
*
*/
typedef struct ns_service_map {
char *service;
char *rdn;
char *SSDtoUse_service;
/*
* This structure contains a single mapping from:
* service:orig -> list of mapped
*/
typedef enum {
} ns_maptype_t;
typedef struct ns_mapping {
char *service;
char *orig;
char **map;
} ns_mapping_t;
/*
* The following is the list of internal libsldap configuration data
* structures. The configuration is populated normally once per
* application. The assumption is that in applications can be
* relatively short lived (IE ls via nsswitch) so it is important to
* keep configuration to a minimum, but keep lookups fast.
*
* Assumptions:
* 1 configuration entry per domain, and almost always 1 domain
* per app. Hooks exist for multiple domains per app.
*
* Configurations are read in from client file cache or from LDAP.
* Attribute/objectclass mappings are hashed to improve lookup
* speed.
*/
/*
* Hash entry types
*/
typedef enum _ns_hashtype_t {
NS_HASH_VOID = 5
typedef struct ns_hash {
} ns_hash_t;
/*
* This structure defines the format of an internal configuration
* parameter for ns_ldap client.
*/
typedef struct ns_param {
int ns_acnt;
union {
char **ppc;
int *pi;
char *pc;
int i;
} ns_pu;
} ns_param_t;
/*
* This structure defines an instance of a configuration structure.
* paramList contains the current ns_ldap parameter configuration
* and hashTbl contain the current attribute/objectclass mappings.
* Parameters are indexed by using the value assigned to the parameter
* in ParamIndexType.
*/
typedef struct ns_config {
char *domainName;
int nUse;
} ns_config_t;
/*
* This structure defines the mapping of the NSCONFIGFILE file
* statements into their corresponding SolarisNamingProfile,
* Posix Mapping LDAP attributes, and to their corresponding
* ParamIndexType enum mapping. THe ParamIndexType enum
* definitions can be found in ns_ldap.h. This structure also
* defines the default values that are used when a value either
* does not exist or is undefined.
*/
typedef struct ns_default_config {
const char *name; /* config file parameter name */
int single_valued; /* TRUE OR FALSE */
const char *profile_name; /* profile schema attribute name */
int (*ns_verify)(ParamIndexType i,
struct ns_default_config *def,
char *errbuf);
/*
* This typedef enumerates all the supported authentication
* mechanisms currently supported in this library
*/
typedef enum EnumAuthType {
NS_LDAP_EA_NONE = 0,
NS_LDAP_EA_SIMPLE = 1,
NS_LDAP_EA_SASL_NONE = 2,
NS_LDAP_EA_TLS_NONE = 10,
NS_LDAP_EA_TLS_SIMPLE = 11,
NS_LDAP_EA_TLS_SASL_NONE = 12,
/*
* this enum lists the various states of the search state machine
*/
typedef enum {
INIT = 1,
EXIT = 2,
GET_SESSION = 4,
NEXT_SESSION = 5,
RESTART_SESSION = 6,
NEXT_SEARCH = 7,
NEXT_VLV = 8,
NEXT_PAGE = 9,
ONE_SEARCH = 10,
DO_SEARCH = 11,
NEXT_RESULT = 12,
MULTI_RESULT = 13,
PROCESS_RESULT = 14,
END_PROCESS_RESULT = 15,
END_RESULT = 16,
NEXT_REFERRAL = 17,
GET_REFERRAL_SESSION = 18,
ERROR = 19,
LDAP_ERROR = 20,
GET_ACCT_MGMT_INFO = 21,
CLEAR_RESULTS = 22,
REINIT = 23
} ns_state_t;
/*
* this enum lists the various states of the write state machine
*/
typedef enum {
W_INIT = 1,
W_EXIT = 2,
GET_CONNECTION = 3,
DO_ADD_SYNC = 6,
DO_DELETE_SYNC = 7,
DO_MODIFY_SYNC = 8,
DO_ADD_ASYNC = 9,
DO_DELETE_ASYNC = 10,
DO_MODIFY_ASYNC = 11,
GET_RESULT_SYNC = 12,
GET_RESULT_ASYNC = 13,
PARSE_RESULT = 14,
GET_REFERRAL_CONNECTION = 15,
W_LDAP_ERROR = 16,
W_ERROR = 17
typedef int ConnectionID;
/*
* This structure is used by ns_connect to create and manage
* one or more ldap connections within the library.
*/
typedef struct connection {
/* one thread and not shared */
/* by other threads */
char *serverAddr;
struct ns_ldap_cookie *cookieInfo;
char **controls; /* from server_info */
char **saslMechanisms; /* from server_info */
} Connection;
#define ONE_STEP 1
/*
* This structure is for referrals processing.
* The data are from referral URLs returned by
* LDAP servers
*/
typedef struct ns_referral_info {
struct ns_referral_info *next;
char *refHost;
int refScope;
char *refDN;
char *refFilter;
struct ns_ldap_cookie;
/*
* Batch used by __ns_ldap_list_batch_xxx API
*/
struct ns_ldap_list_batch {
struct ns_ldap_cookie *next_cookie;
struct ns_ldap_cookie *cookie_list;
};
struct ns_conn_user;
typedef struct ns_conn_user ns_conn_user_t;
/*
* This structure used internally in searches
*/
typedef struct ns_ldap_cookie {
/* INPUTS */
/* server list position */
/* service search descriptor list & position */
/* search filter callback */
int use_filtercb;
char **realfilter, const void *userdata);
/* user callback */
int use_usercb;
const void *userdata);
const void *userdata;
int followRef;
int use_paging;
char *service;
char *i_filter;
const char * const *i_attr;
int i_flags;
/* OUTPUTS */
/* Error data */
int err_rc;
/* PRIVATE */
/* paging VLV/SIMPLEPAGE data */
int listType;
unsigned long index;
int scope;
char *basedn;
char *filter;
char **attribute;
/* RESULT PROCESSING */
int msgId;
char **dns;
char *currentdn;
int flag;
struct berval *ctrlCookie;
/* REFERRALS PROCESSING */
/* referralinfo list & position */
/* search timeout value */
struct timeval search_timeout;
/* response control to hold account management information */
/* Flag to indicate password less account management is required */
int nopasswd_acct_mgmt;
int err_from_result;
/* BATCH PROCESSING */
int retries;
int *caller_rc;
struct ns_ldap_cookie *next_cookie_in_batch;
/*
* This structure is part of the return value information for
* __s_api_requestServer. The routine that requests a new server
* from the cache manager
*/
typedef struct ns_server_info {
char *server;
char *serverFQDN;
char **controls;
char **saslMechanisms;
/*
* sasl callback function parameters
*/
typedef struct ns_sasl_cb_param {
char *mech;
char *authid;
char *authzid;
char *passwd;
char *realm;
extern int sasl_gssapi_inited;
/* Multiple threads per connection variable */
extern int MTperConn;
/*
* INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
*/
#ifdef DEBUG
extern int __ldap_debug_file;
extern int __ldap_debug_api;
extern int __ldap_debug_ldap;
extern int __ldap_debug_servers;
#endif
/* internal connection APIs */
void DropConnection(ConnectionID, int);
char *__s_get_hostcertpath(void);
void __s_api_free_sessionPool();
/* ************ internal sldap-api functions *********** */
int __s_api_printResult(ns_ldap_result_t *);
int __s_api_getSearchScope(int *, ns_ldap_error_t **);
int __s_api_getDNs(char ***, const char *,
ns_ldap_error_t **);
int __s_api_get_search_DNs_v1(char ***, const char *,
ns_ldap_error_t **);
int __s_api_getConnection(const char *, const int,
const ns_cred_t *, int *,
char **__s_api_cp2dArray(char **);
void __s_api_free2dArray(char **);
int __s_api_isCtrlSupported(Connection *, char *);
boolean_t __s_api_peruser_proc(void);
boolean_t __s_api_nscd_proc(void);
char *dvalue(char *);
char *evalue(char *);
ns_ldap_error_t *__s_api_make_error(int, char *);
/* ************ specific 'Standalone' functions ********** */
char *buffer,
int buflen,
int *h_errnop);
void __s_api_setInitMode();
void __s_api_unsetInitMode();
int __s_api_isStandalone(void);
int __s_api_isInitializing();
const char *server,
const char *addrType,
ns_ldap_error_t **error);
extern void get_environment();
/* internal Param APIs */
const ParamIndexType type,
int check_dn);
ns_config_t *__s_api_create_config(void);
int bufsz, ParamIndexType i,
/* internal attribute/objectclass mapping api's */
char **__ns_ldap_mapAttributeList(const char *service,
const char * const *origAttrList);
/* internal configuration APIs */
void __ns_ldap_setServer(int set);
ns_config_t *new);
int __ns_ldap_cache_ping();
void __ns_ldap_default_config();
int __ns_ldap_download(const char *, char *, char *,
ns_ldap_error_t **);
int
int mode_verbose,
int mode_quiet,
const char *fname,
ns_ldap_error_t **errpp);
int
int mode_verbose,
int mode_quiet,
ns_ldap_error_t **errpp);
int
int mode_verbose,
int mode_quiet,
ns_ldap_error_t **errpp);
/* internal un-exposed APIs */
int __s_api_get_SSD_from_SSDtoUse_service(const char *service,
int __s_api_prepend_automountmapname(const char *service,
ns_ldap_error_t ** errorp);
int __s_api_prepend_automountmapname_to_dn(const char *service,
char **basedn,
ns_ldap_error_t ** errorp);
int __s_api_convert_automountmapname(const char *service,
const char *orig_attr, const char *mapped_attr,
const char *dn,
char **new_dn,
int *allocated,
ns_ldap_error_t ** errorp);
int __s_api_removeServer(const char *server);
void __s_api_removeBadServers(char **server);
/* internal referrals APIs */
int __s_api_toFollowReferrals(const int flags,
int *toFollow,
/* callback routine for SSD filters */
char **realfilter,
const void *userdata);
/* network address verification api */
int __s_api_isipv4(char *addr);
int __s_api_isipv6(char *addr);
int __s_api_ishost(char *addr);
/* password management routine */
int __s_api_contain_passwd_control_oid(char **oids);
/* password less account management routine */
int __s_api_contain_account_usable_control_oid(char **oids);
/* RFC 2307 section 5.6. Get a canonical name from entry */
unsigned flags,
void *defaults,
void *in);
int __s_api_self_gssapi_only_get(void);
int __s_api_sasl_gssapi_init(void);
#ifdef __cplusplus
}
#endif
#endif /* _NS_INTERNAL_H */