2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A * One time initialization 2N/A * This function is called before calling the LDAP SASL bind to control 2N/A * the SASL crypto options. This is to stop crypto calling naming services 2N/A * and causing a recursive hang in nscd. 2N/A * These are workarounds as crypto modules should be allowed to call naming 2N/A * This routine defines the following environment variables: 2N/A * Defining SOFTTOKEN_DIR=/dev/null stops the crypto module pkcs11_softtoken 2N/A * calling naming services. 2N/A * Defining KMSTOKEN_DIR=/dev/null stops the crypto module pkcs11_kms calling 2N/A * Defining PKCS11_TPM_DIR=/dev/null stops the crypto module pkcs11_tpm calling 2N/A * naming services. Crypto module pkcs11_tpm also calls library libtspi.so.1. 2N/A * calling naming services. 2N/A "for self credential mode"));
2N/A "for self credential mode"));
2N/A "for self credential mode"));
2N/A "PKCS11_TPM_TOKEN_DIR and TSS_USER_PS_FILE to " 2N/A * nscd calls this function to set self_gssapi_only flag so libsldap performs 2N/A * sasl/GSSAPI bind only. Also see comments of __ns_ldap_self_gssapi_config. 2N/A * Input: flag 0 use any kind of connection 2N/A * Get the flag value of self_gssapi_only 2N/A * nscd calls this function to detect the current native ldap configuration. 2N/A * NS_LDAP_SELF_GSSAPI_CONFIG_NONE: No credential level self and 2N/A * NS_LDAP_SELF_GSSAPI_CONFIG_ONLY: Only credential level self and 2N/A * NS_LDAP_SELF_GSSAPI_CONFIG_MIXED: More than one credential level are 2N/A * configured, including self. 2N/A * More than one authentication method 2N/A * __s_api_crosscheck makes sure self and sasl/GSSAPI pair up if they do 2N/A * When nscd detects it's MIXED case, it calls __ns_ldap_self_gssapi_only_set 2N/A * to force libsldap to do sasl/GSSAPI bind only for per-user lookup. 2N/A * Return: NS_LDAP_SUCCESS 2N/A * OTHERWISE - FAILURE 2N/A * Output: config. See comments above. 2N/A * If config files don't exist, return NS_LDAP_CONFIG. 2N/A * It's the same return code __ns_ldap_getParam 2N/A * returns in the same situation. 2N/A /* Get the credential level list */ 2N/A /* Get the authentication method list */ 2N/A /* LINTED E_FUNC_ARG_UNUSED */ 2N/A /* LINTED E_FUNC_ARG_UNUSED */ 2N/A * No need to do strdup(ret), the data is always 2N/A * available in 'defaults' and libldap won't 2N/A * free it either. strdup(ret) causes memory 2N/A * Find "dbase: service1 [...] services2" in fname and return 2N/A * " service1 [...] services2" 2N/A * Find "hosts: files dns" and return " files dns" 2N/A * Ignore portion of line following the comment character '#'. 2N/A continue;
/* ignore this line */ 2N/A * Test the configurations of the "hosts" and "ipnodes" 2N/A * dns has to be present and appear before ldap 2N/A * "dns" , "dns files" "dns ldap files", "files dns" are allowed. 2N/A * Kerberos requires dns or it'd fail. 2N/A * It's called only if config == NS_LDAP_SELF_GSSAPI_CONFIG_ONLY || 2N/A * config == NS_LDAP_SELF_GSSAPI_CONFIG_MIXED. 2N/A /* Shouldn't happen. Check this value just in case */ 2N/A "Run \"svcadm enable %s\". %s."),
2N/A "Run \"svcadm enable %s\". %s." 2N/A /* Don't need to check */ 2N/A "working. %s."),
"Error",
"Abort");
2N/A "working. Fall back to other cred " 2N/A "Warning",
"Continue");
2N/A /* reset return code */ 2N/A * This is called by ldap_cachemgr to check dns and gssapi prequisites. 2N/A /* Don't need to check */