1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  24  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
  25  */
  26 
  27 
  28 #ifndef _NS_INTERNAL_H
  29 #define _NS_INTERNAL_H
  30 
  31 #ifdef __cplusplus
  32 extern "C" {
  33 #endif
  34 
  35 #include <stdio.h>
  36 #include <sys/types.h>
  37 #include <sys/time.h>
  38 #include <thread.h>
  39 #include <lber.h>
  40 #include <ldap.h>
  41 #include "ns_sldap.h"
  42 #include "ns_cache_door.h"
  43 
  44 /*
  45  * INTERNALLY USED CONSTANTS
  46  */
  47 
  48 #define MAXERROR                2000
  49 #define TRUE                    1
  50 #define FALSE                   0
  51 #define NSLDAPDIRECTORY         "/var/ldap"
  52 #define NSCONFIGFILE            "/var/ldap/ldap_client_file"
  53 #define NSCONFIGREFRESH         "/var/ldap/ldap_client_file.refresh"
  54 #define NSCREDFILE              "/var/ldap/ldap_client_cred"
  55 #define NSCREDREFRESH           "/var/ldap/ldap_client_cred.refresh"
  56 #define ROTORSIZE               256
  57 #define MASK                    0377
  58 #define LDAPMAXHARDLOOKUPTIME   256
  59 #define DONOTEDIT               \
  60         "Do not edit this file manually; your changes will be lost." \
  61         "Please use ldapclient (1M) instead."
  62 #define MAXPORTNUMBER           65535
  63 #define MAXPORTNUMBER_STR       "65535"
  64 #define CREDFILE                0
  65 #define CONFIGFILE              1
  66 #define UIDNUMFILTER            "(&(objectclass=posixAccount)(uidnumber=%s))"
  67 #define UIDNUMFILTER_SSD        "(&(%%s)(uidnumber=%s))"
  68 #define UIDFILTER               "(&(objectclass=posixAccount)(uid=%s))"
  69 #define UIDFILTER_SSD           "(&(%%s)(uid=%s))"
  70 #define UIDDNFILTER     "(&(objectclass=posixAccount)(distinguishedName=%s))"
  71 #define UIDDNFILTER_SSD         "(&(%%s)(distinguishedName=%s))"
  72 
  73 #define HOSTFILTER              "(&(objectclass=ipHost)(cn=%s))"
  74 #define HOSTFILTER_SSD          "(&(%%s)(cn=%s))"
  75 
  76 #define SIMPLEPAGECTRLFLAG      1
  77 #define VLVCTRLFLAG             2
  78 
  79 #define LISTPAGESIZE            1000
  80 #define ENUMPAGESIZE            100
  81 
  82 #define DEFMAX                  8
  83 #define TOKENSEPARATOR          '='
  84 #define QUOTETOK                '"'
  85 #define SPACETOK                ' '
  86 #define COMMATOK                ','
  87 #define COLONTOK                ':'
  88 #define QUESTTOK                '?'
  89 #define SEMITOK                 ';'
  90 #define TABTOK                  '\t'
  91 #define OPARATOK                '('
  92 #define CPARATOK                ')'
  93 #define BSLTOK                  '\\'
  94 #define DOORLINESEP             "\07"
  95 #define DOORLINESEP_CHR         0x7
  96 #define COMMASEP                ", "
  97 #define SPACESEP                " "
  98 #define SEMISEP                 ";"
  99 #define COLONSEP                ":"
 100 #define COLSPSEP                ": "
 101 #define EQUALSEP                "="
 102 #define EQUSPSEP                "= "
 103 #define LAST_VALUE              (int)NS_LDAP_HOST_CERTPATH_P
 104 #define BUFSIZE                 BUFSIZ
 105 #define DEFAULTCONFIGNAME       "__default_config"
 106 #define EXP_DEFAULT_TTL         "43200" /* 12 hours TTL */
 107 #define CRYPTMARK               "{NS1}"
 108 #define DOORBUFFERSIZE          8192
 109 
 110 #define LDIF_FMT_STR            "%s: %s"
 111 #define FILE_FMT_STR            "%s= %s"
 112 #define DOOR_FMT_STR            "%s=%s"
 113 
 114 #define SESSION_CACHE_INC       8
 115 #define CONID_OFFSET            1024
 116 #define NS_DEFAULT_BIND_TIMEOUT         30 /* timeout value in seconds */
 117 #define NS_DEFAULT_SEARCH_TIMEOUT       30 /* timeout value in seconds */
 118 
 119 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
 120 #define RDNSIZE                 512
 121 
 122 /*
 123  * special service used by ldap_cachemgr to indicate a shadow update
 124  * is to be done with the credential of the administrator identity
 125  */
 126 #define NS_ADMIN_SHADOW_UPDATE  "shadow__admin_update"
 127 
 128 /* Phase 1 profile information */
 129 #define _PROFILE1_OBJECTCLASS   "SolarisNamingProfile"
 130 #define _PROFILE_CONTAINER      "profile"
 131 #define _PROFILE_FILTER         "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
 132 
 133 /* Phase 2 profile information */
 134 #define _PROFILE2_OBJECTCLASS           "DUAConfigProfile"
 135 
 136 /* Common to all profiles */
 137 #define _P_CN                   "cn"
 138 
 139 /* Native LDAP Phase 1 Specific Profile Attributes */
 140 #define _P1_SERVERS                     "SolarisLDAPServers"
 141 #define _P1_SEARCHBASEDN                "SolarisSearchBaseDN"
 142 #define _P1_CACHETTL                    "SolarisCacheTTL"
 143 #define _P1_BINDDN                      "SolarisBindDN"
 144 #define _P1_BINDPASSWORD                "SolarisBindPassword"
 145 #define _P1_AUTHMETHOD                  "SolarisAuthMethod"
 146 #define _P1_TRANSPORTSECURITY           "SolarisTransportSecurity"
 147 #define _P1_CERTIFICATEPATH             "SolarisCertificatePath"
 148 #define _P1_CERTIFICATEPASSWORD         "SolarisCertificatePassword"
 149 #define _P1_DATASEARCHDN                "SolarisDataSearchDN"
 150 #define _P1_SEARCHSCOPE                 "SolarisSearchScope"
 151 #define _P1_SEARCHTIMELIMIT             "SolarisSearchTimeLimit"
 152 #define _P1_PREFERREDSERVER             "SolarisPreferredServer"
 153 #define _P1_PREFERREDSERVERONLY         "SolarisPreferredServerOnly"
 154 #define _P1_SEARCHREFERRAL              "SolarisSearchReferral"
 155 #define _P1_BINDTIMELIMIT               "SolarisBindTimeLimit"
 156 
 157 /* Native LDAP Phase 2 Specific Profile Attributes */
 158 #define _P2_PREFERREDSERVER             "preferredServerList"
 159 #define _P2_DEFAULTSERVER               "defaultServerList"
 160 #define _P2_SEARCHBASEDN                "defaultSearchBase"
 161 #define _P2_SEARCHSCOPE                 "defaultSearchScope"
 162 #define _P2_AUTHMETHOD                  "authenticationMethod"
 163 #define _P2_CREDENTIALLEVEL             "credentialLevel"
 164 #define _P2_SERVICESEARCHDESC           "serviceSearchDescriptor"
 165 #define _P2_SEARCHTIMELIMIT             "searchTimeLimit"
 166 #define _P2_BINDTIMELIMIT               "bindTimeLimit"
 167 #define _P2_FOLLOWREFERRALS             "followReferrals"
 168 #define _P2_PROFILETTL                  "profileTTL"
 169 #define _P2_ATTRIBUTEMAP                "attributeMap"
 170 #define _P2_OBJECTCLASSMAP              "objectClassMap"
 171 #define _P2_SERVICECREDLEVEL            "serviceCredentialLevel"
 172 #define _P2_SERVICEAUTHMETHOD           "serviceAuthenticationMethod"
 173 
 174 /* Control & SASL information from RootDSE door call */
 175 #define _SASLMECHANISM                  "supportedSASLmechanisms"
 176 #define _SASLMECHANISM_LEN              23
 177 #define _SUPPORTEDCONTROL               "supportedControl"
 178 #define _SUPPORTEDCONTROL_LEN           16
 179 
 180 #define NS_HASH_MAX     257
 181 #define NS_HASH_SCHEMA_MAPPING_EXISTED  "=MAPPING EXISTED="
 182 #define NS_HASH_RC_SUCCESS              1
 183 #define NS_HASH_RC_NO_MEMORY            -1
 184 #define NS_HASH_RC_CONFIG_ERROR         -2
 185 #define NS_HASH_RC_EXISTED              -3
 186 #define NS_HASH_RC_SYNTAX_ERROR         -4
 187 
 188 /* Password management related error message from iDS ldap server */
 189 #define NS_PWDERR_MAXTRIES              \
 190         "Exceed password retry limit."
 191 #define NS_PWDERR_EXPIRED               \
 192         "password expired!"
 193 #define NS_PWDERR_ACCT_INACTIVATED      \
 194         "Account inactivated. Contact system administrator."
 195 #define NS_PWDERR_CHANGE_NOT_ALLOW      \
 196         "user is not allowed to change password"
 197 #define NS_PWDERR_INVALID_SYNTAX        \
 198         "invalid password syntax"
 199 #define NS_PWDERR_TRIVIAL_PASSWD        \
 200         "Password failed triviality check"
 201 #define NS_PWDERR_IN_HISTORY    \
 202         "password in history"
 203 #define NS_PWDERR_WITHIN_MIN_AGE        \
 204         "within password minimum age"
 205 
 206 /*
 207  * INTERNALLY USED MACROS
 208  */
 209 
 210 void    __s_api_debug_pause(int priority, int st, const char *mesg);
 211 
 212 #define NULL_OR_STR(str)        (!(str) || *(str) == '\0' ? "<NULL>" : (str))
 213 
 214 /*
 215  * MKERROR: builds the error structure and fills in the status and
 216  * the message.  The message must be a freeable (non-static) string.
 217  * If it fails to allocate memory for the error structure,
 218  * it will return the retErr.
 219  */
 220 #define MKERROR(priority, err, st, mesg, retErr) \
 221         if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
 222                 return (retErr); \
 223         (err)->message = mesg; \
 224         (err)->status = (st); \
 225         __s_api_debug_pause(priority, st, (err)->message);
 226 
 227 /*
 228  * MKERROR_PWD_MGMT is almost the same as MKERROR
 229  * except that it takes two more inputs to fill in the
 230  * password management information part of the
 231  * ns_ldap_error structure pointed to by err,
 232  * and it does not log a syslog message.
 233  */
 234 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
 235         if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
 236                 return (retErr); \
 237         (err)->message = mesg; \
 238         (err)->status = (st); \
 239         (err)->pwd_mgmt.status = (pwd_status); \
 240         (err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
 241 
 242 #ifdef DEBUG
 243 #define NSLDAPTRACE(variable, setequal, message) \
 244         if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
 245                 char buf[BUFSIZ]; \
 246                 (void) snprintf(buf, BUFSIZ, message); \
 247                 (void) write(__ldap_debug_file, buf); \
 248         }
 249 #endif
 250 
 251 /*
 252  * INTERNAL DATA STRUCTURES
 253  */
 254 
 255 /*
 256  * configuration entry type
 257  */
 258 
 259 typedef enum {
 260         SERVERCONFIG    = 1,
 261         CLIENTCONFIG    = 2,
 262         CREDCONFIG      = 3
 263 } ns_conftype_t;
 264 
 265 /*
 266  * datatype of a config entry
 267  */
 268 
 269 typedef enum {
 270         NS_UNKNOWN      = 0,
 271         CHARPTR         = 1,            /* Single character pointer */
 272         ARRAYCP         = 2,            /* comma sep array of char pointers */
 273         ARRAYAUTH       = 3,            /* Array of auths */
 274         TIMET           = 4,            /* time relative value (TTL) */
 275         INT             = 5,            /* single integer */
 276         SSDLIST         = 6,            /* service search descriptor */
 277         ATTRMAP         = 7,            /* attribute mapping */
 278         OBJMAP          = 8,            /* objectclass mapping */
 279         SERVLIST        = 9,            /* serverlist (SP sep array) */
 280         ARRAYCRED       = 10,           /* Array of credentialLevels */
 281         SAMLIST         = 11,           /* serviceAuthenticationMethod */
 282         SCLLIST         = 12            /* serviceCredentialLevel */
 283 } ns_datatype_t;
 284 
 285 typedef enum {
 286         NS_SUCCESS,
 287         NS_NOTFOUND,
 288         NS_PARSE_ERR
 289 } ns_parse_status;
 290 
 291 typedef enum {
 292         NS_DOOR_FMT     = 1,
 293         NS_LDIF_FMT     = 2,
 294         NS_FILE_FMT     = 3
 295 } ns_strfmt_t;
 296 
 297 /*
 298  * This enum reduces the number of version string compares
 299  * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
 300  */
 301 
 302 typedef enum {
 303         NS_LDAP_V1      = 1000,
 304         NS_LDAP_V2      = 2000
 305 } ns_version_t;
 306 
 307 /*
 308  * enum<->string mapping construct
 309  */
 310 
 311 typedef struct ns_enum_map {
 312         int     value;
 313         char    *name;
 314 } ns_enum_map;
 315 
 316 #define ENUM2INT(x)             ((int)(x))
 317 
 318 #define INT2PARAMINDEXENUM(x)   ((ParamIndexType)(x))
 319 #define INT2SEARCHREFENUM(x)    ((SearchRef_t)(x))
 320 #define INT2SCOPEENUM(x)        ((ScopeType_t)(x))
 321 #define INT2AUTHENUM(x)         ((AuthType_t)(x))
 322 #define INT2SECENUM(x)          ((TlsType_t)(x))
 323 #define INT2PREFONLYENUM(x)     ((PrefOnly_t)(x))
 324 #define INT2CREDLEVELENUM(x)    ((CredLevel_t)(x))
 325 #define INT2SHADOWUPDATENUM(x)  ((enableShadowUpdate_t)(x))
 326 
 327 #define INT2LDAPRETURN(x)       ((ns_ldap_return_code)(x))
 328 #define INT2CONFIGRETURN(x)     ((ns_ldap_config_return_code)(x))
 329 #define INT2PARTIALRETURN(x)    ((ns_ldap_partial_return_code)(x))
 330 
 331 /*
 332  * This structure maps service name to rdn components
 333  * for use in __ns_getDNs. It also defines the SSD-to-use
 334  * service for use in __s_api_get_SSDtoUse_service.
 335  * The idea of an SSD-to-use service is to reduce the configuration
 336  * complexity. For a service, which does not have its own entries in
 337  * the LDAP directory, SSD for it is useless, and should not be set.
 338  * But since this service must share the container with at least
 339  * one other service which does have it own entries, the SSD for
 340  * this other service will be shared by this service.
 341  * This other service is called the SSD-to-use service.
 342  *
 343  */
 344 
 345 typedef struct ns_service_map {
 346         char    *service;
 347         char    *rdn;
 348         char    *SSDtoUse_service;
 349 } ns_service_map;
 350 
 351 /*
 352  * This structure contains a single mapping from:
 353  * service:orig -> list of mapped
 354  */
 355 
 356 typedef enum {
 357         NS_ATTR_MAP,
 358         NS_OBJ_MAP
 359 } ns_maptype_t;
 360 
 361 typedef struct ns_mapping {
 362         ns_maptype_t    type;
 363         char            *service;
 364         char            *orig;
 365         char            **map;
 366 } ns_mapping_t;
 367 
 368 /*
 369  * The following is the list of internal libsldap configuration data
 370  * structures.  The configuration is populated normally once per
 371  * application.  The assumption is that in applications can be
 372  * relatively short lived (IE ls via nsswitch) so it is important to
 373  * keep configuration to a minimum, but keep lookups fast.
 374  *
 375  * Assumptions:
 376  * 1 configuration entry per domain, and almost always 1 domain
 377  * per app.  Hooks exist for multiple domains per app.
 378  *
 379  * Configurations are read in from client file cache or from LDAP.
 380  * Attribute/objectclass mappings are hashed to improve lookup
 381  * speed.
 382  */
 383 
 384 /*
 385  * Hash entry types
 386  */
 387 typedef enum    _ns_hashtype_t {
 388         NS_HASH_AMAP    = 1,            /* attr map */
 389         NS_HASH_RAMAP   = 2,            /* reverse attr map */
 390         NS_HASH_OMAP    = 3,            /* oc map */
 391         NS_HASH_ROMAP   = 4,            /* reverse oc map */
 392         NS_HASH_VOID    = 5
 393 } ns_hashtype_t;
 394 
 395 typedef struct ns_hash {
 396         ns_hashtype_t   h_type;
 397         ns_mapping_t    *h_map;
 398         struct ns_hash  *h_next;
 399         struct ns_hash  *h_llnext;
 400 } ns_hash_t;
 401 
 402 /*
 403  * This structure defines the format of an internal configuration
 404  * parameter for ns_ldap client.
 405  */
 406 
 407 typedef struct ns_param {
 408         ns_datatype_t   ns_ptype;
 409         int             ns_acnt;
 410         union {
 411                 char    **ppc;
 412                 int     *pi;
 413                 char    *pc;
 414                 int     i;
 415                 time_t  tm;
 416         } ns_pu;
 417 } ns_param_t;
 418 
 419 #define ns_ppc  ns_pu.ppc
 420 #define ns_pi   ns_pu.pi
 421 #define ns_pc   ns_pu.pc
 422 #define ns_i    ns_pu.i
 423 #define ns_tm   ns_pu.tm
 424 
 425 /*
 426  * This structure defines an instance of a configuration structure.
 427  * paramList contains the current ns_ldap parameter configuration
 428  * and hashTbl contain the current attribute/objectclass mappings.
 429  * Parameters are indexed by using the value assigned to the parameter
 430  * in ParamIndexType.
 431  */
 432 
 433 typedef struct ns_config {
 434         char                    *domainName;
 435         ns_version_t            version;
 436         ns_param_t              paramList[NS_LDAP_MAX_PIT_P];
 437         ns_hash_t               *hashTbl[NS_HASH_MAX];
 438         ns_hash_t               *llHead;
 439         ns_ldap_entry_t         *RootDSE;
 440         boolean_t               delete;
 441         mutex_t                 config_mutex;
 442         int                     nUse;
 443         ldap_get_chg_cookie_t   config_cookie;
 444 } ns_config_t;
 445 
 446 /*
 447  * This structure defines the mapping of the NSCONFIGFILE file
 448  * statements into their corresponding SolarisNamingProfile,
 449  * Posix Mapping LDAP attributes, and to their corresponding
 450  * ParamIndexType enum mapping.  THe ParamIndexType enum
 451  * definitions can be found in ns_ldap.h.  This structure also
 452  * defines the default values that are used when a value either
 453  * does not exist or is undefined.
 454  */
 455 
 456 typedef struct ns_default_config {
 457         const char      *name;          /* config file parameter name */
 458         ParamIndexType  index;          /* config file enum index */
 459         ns_conftype_t   config_type;    /* CLIENT/SERVER/CREDCONFIG */
 460         ns_datatype_t   data_type;      /* ppc,pi,pc,int etc... */
 461         int             single_valued;  /* TRUE OR FALSE */
 462         ns_version_t    version;        /* Version # for attribute */
 463         const char      *profile_name;  /* profile schema attribute name */
 464         ns_param_t      defval;         /* config file parameter default */
 465         int             (*ns_verify)(ParamIndexType i,
 466                                 struct ns_default_config *def,
 467                                 ns_param_t *param,
 468                                 char *errbuf);
 469         ns_enum_map     *allowed;       /* allowed values */
 470 } ns_default_config;
 471 
 472 
 473 /*
 474  * This typedef enumerates all the supported authentication
 475  * mechanisms currently supported in this library
 476  */
 477 
 478 typedef enum EnumAuthType {
 479         NS_LDAP_EA_NONE                         = 0,
 480         NS_LDAP_EA_SIMPLE                       = 1,
 481         NS_LDAP_EA_SASL_NONE                    = 2,
 482         NS_LDAP_EA_SASL_CRAM_MD5                = 3,
 483         NS_LDAP_EA_SASL_DIGEST_MD5              = 4,
 484         NS_LDAP_EA_SASL_DIGEST_MD5_INT          = 5,
 485         NS_LDAP_EA_SASL_DIGEST_MD5_CONF         = 6,
 486         NS_LDAP_EA_SASL_EXTERNAL                = 7,
 487         NS_LDAP_EA_SASL_GSSAPI                  = 8,
 488         NS_LDAP_EA_SASL_SPNEGO                  = 9,    /* unsupported */
 489         NS_LDAP_EA_TLS_NONE                     = 10,
 490         NS_LDAP_EA_TLS_SIMPLE                   = 11,
 491         NS_LDAP_EA_TLS_SASL_NONE                = 12,
 492         NS_LDAP_EA_TLS_SASL_CRAM_MD5            = 13,
 493         NS_LDAP_EA_TLS_SASL_DIGEST_MD5          = 14,
 494         NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT      = 15,
 495         NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF     = 16,
 496         NS_LDAP_EA_TLS_SASL_EXTERNAL            = 17,
 497         NS_LDAP_EA_TLS_SASL_GSSAPI              = 18,   /* unsupported */
 498         NS_LDAP_EA_TLS_SASL_SPNEGO              = 19    /* unsupported */
 499 } EnumAuthType_t;
 500 
 501 
 502 /*
 503  * this enum lists the various states of the search state machine
 504  */
 505 
 506 typedef enum {
 507         INIT                    = 1,
 508         EXIT                    = 2,
 509         NEXT_SEARCH_DESCRIPTOR  = 3,
 510         GET_SESSION             = 4,
 511         NEXT_SESSION            = 5,
 512         RESTART_SESSION         = 6,
 513         NEXT_SEARCH             = 7,
 514         NEXT_VLV                = 8,
 515         NEXT_PAGE               = 9,
 516         ONE_SEARCH              = 10,
 517         DO_SEARCH               = 11,
 518         NEXT_RESULT             = 12,
 519         MULTI_RESULT            = 13,
 520         PROCESS_RESULT          = 14,
 521         END_PROCESS_RESULT      = 15,
 522         END_RESULT              = 16,
 523         NEXT_REFERRAL           = 17,
 524         GET_REFERRAL_SESSION    = 18,
 525         ERROR                   = 19,
 526         LDAP_ERROR              = 20,
 527         GET_ACCT_MGMT_INFO      = 21,
 528         CLEAR_RESULTS           = 22,
 529         REINIT                  = 23
 530 } ns_state_t;
 531 
 532 /*
 533  * this enum lists the various states of the write state machine
 534  */
 535 typedef enum {
 536         W_INIT                  = 1,
 537         W_EXIT                  = 2,
 538         GET_CONNECTION          = 3,
 539         SELECT_OPERATION_SYNC   = 4,
 540         SELECT_OPERATION_ASYNC  = 5,
 541         DO_ADD_SYNC             = 6,
 542         DO_DELETE_SYNC          = 7,
 543         DO_MODIFY_SYNC          = 8,
 544         DO_ADD_ASYNC            = 9,
 545         DO_DELETE_ASYNC         = 10,
 546         DO_MODIFY_ASYNC         = 11,
 547         GET_RESULT_SYNC         = 12,
 548         GET_RESULT_ASYNC        = 13,
 549         PARSE_RESULT            = 14,
 550         GET_REFERRAL_CONNECTION = 15,
 551         W_LDAP_ERROR            = 16,
 552         W_ERROR                 = 17
 553 } ns_write_state_t;
 554 
 555 
 556 typedef int ConnectionID;
 557 
 558 /*
 559  * Server side sort type. Orginally the server side sort
 560  * was set to "cn uid". This did not work with AD and
 561  * hence single sort attribute was odopted. We dont
 562  * know which server side sort will work with the
 563  * Directory and hence we discover which method works.
 564  */
 565 typedef enum {
 566         SSS_UNKNOWN             = 0,
 567         SSS_SINGLE_ATTR         = 1,
 568         SSS_CN_UID_ATTRS        = 2
 569 } ns_srvsidesort_t;
 570 
 571 /*
 572  * This structure is used by ns_connect to create and manage
 573  * one or more ldap connections within the library.
 574  */
 575 typedef struct connection {
 576         ConnectionID            connectionId;
 577         boolean_t               usedBit;        /* true if only used by */
 578                                                 /* one thread and not shared */
 579                                                 /* by other threads */
 580         pid_t                   pid;            /* process id */
 581         char                    *serverAddr;
 582         ns_cred_t               *auth;
 583         LDAP                    *ld;
 584         thread_t                threadID;       /* thread ID using it */
 585         struct ns_ldap_cookie   *cookieInfo;
 586         char                    **controls;             /* from server_info */
 587         char                    **saslMechanisms;       /* from server_info */
 588 } Connection;
 589 
 590 #define ONE_STEP                        1
 591 
 592 /*
 593  * This structure is for referrals processing.
 594  * The data are from referral URLs returned by
 595  * LDAP servers
 596  */
 597 typedef struct ns_referral_info {
 598         struct ns_referral_info *next;
 599         char                    *refHost;
 600         int                     refScope;
 601         char                    *refDN;
 602         char                    *refFilter;
 603 } ns_referral_info_t;
 604 
 605 struct ns_ldap_cookie;
 606 
 607 /*
 608  * Batch used by __ns_ldap_list_batch_xxx API
 609  */
 610 struct ns_ldap_list_batch {
 611         uint32_t                nactive;
 612         struct ns_ldap_cookie   *next_cookie;
 613         struct ns_ldap_cookie   *cookie_list;
 614 };
 615 
 616 struct ns_conn_user;
 617 typedef struct ns_conn_user ns_conn_user_t;
 618 
 619 /*
 620  * This structure used internally in searches
 621  */
 622 
 623 typedef struct ns_ldap_cookie {
 624         /* INPUTS */
 625                 /* server list position */
 626 
 627                 /* service search descriptor list & position */
 628         ns_ldap_search_desc_t  **sdlist;
 629         ns_ldap_search_desc_t  **sdpos;
 630 
 631                 /* search filter callback */
 632         int                     use_filtercb;
 633         int     (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
 634                         char **realfilter, const void *userdata);
 635 
 636                 /* user callback */
 637         int                     use_usercb;
 638         int     (*callback)(const ns_ldap_entry_t *entry,
 639                         const void *userdata);
 640         const void              *userdata;
 641 
 642         int                     followRef;
 643         int                     use_paging;
 644         char                    *service;
 645         char                    *i_filter;
 646         const char * const      *i_attr;
 647         const char              *i_sortattr;
 648         const ns_cred_t         *i_auth;
 649         int                     i_flags;
 650 
 651         /* OUTPUTS */
 652         ns_ldap_result_t        *result;
 653         ns_ldap_entry_t         *nextEntry;
 654                 /* Error data */
 655         int                     err_rc;
 656         ns_ldap_error_t         *errorp;
 657 
 658         /* PRIVATE */
 659         ns_state_t              state;
 660         ns_state_t              new_state;
 661         ns_state_t              next_state;
 662 
 663         Connection              *conn;
 664 #define conn_auth_type  conn->auth->auth.type
 665         ConnectionID            connectionId;
 666 
 667         /* paging VLV/SIMPLEPAGE data */
 668         int                     listType;
 669         unsigned long           index;
 670         LDAPControl             **p_serverctrls;
 671         ns_srvsidesort_t        sortTypeTry;
 672         int                     entryCount;
 673 
 674         int                     scope;
 675         char                    *basedn;
 676         char                    *filter;
 677         char                    **attribute;
 678 
 679         /* RESULT PROCESSING */
 680         int                     msgId;
 681         LDAPMessage             *resultMsg;
 682 
 683         char                    **dns;
 684         char                    *currentdn;
 685         int                     flag;
 686         struct berval           *ctrlCookie;
 687 
 688         /* REFERRALS PROCESSING */
 689         /* referralinfo list & position */
 690         ns_referral_info_t      *reflist;
 691         ns_referral_info_t      *refpos;
 692         /* search timeout value */
 693         struct timeval          search_timeout;
 694         /* response control to hold account management information */
 695         LDAPControl             **resultctrl;
 696         /* Flag to indicate password less account management is required */
 697         int                     nopasswd_acct_mgmt;
 698         int                     err_from_result;
 699         ns_conn_user_t          *conn_user;
 700 
 701         /* BATCH PROCESSING */
 702         ns_ldap_list_batch_t    *batch;
 703         boolean_t               no_wait;
 704         boolean_t               reinit_on_retriable_err;
 705         int                     retries;
 706         ns_ldap_result_t        **caller_result;
 707         ns_ldap_error_t         **caller_errorp;
 708         int                     *caller_rc;
 709         struct ns_ldap_cookie   *next_cookie_in_batch;
 710 } ns_ldap_cookie_t;
 711 
 712 /*
 713  * This structure is part of the return value information for
 714  * __s_api_requestServer.  The routine that requests a new server
 715  * from the cache manager
 716  */
 717 typedef struct ns_server_info {
 718         char    *server;
 719         char    *serverFQDN;
 720         char    **controls;
 721         char    **saslMechanisms;
 722 } ns_server_info_t;
 723 
 724 /*
 725  * sasl callback function parameters
 726  */
 727 typedef struct ns_sasl_cb_param {
 728         char    *mech;
 729         char    *authid;
 730         char    *authzid;
 731         char    *passwd;
 732         char    *realm;
 733 } ns_sasl_cb_param_t;
 734 
 735 /* Multiple threads per connection variable */
 736 extern int MTperConn;
 737 
 738 /*
 739  * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
 740  */
 741 
 742 #ifdef DEBUG
 743 extern int      __ldap_debug_file;
 744 extern int      __ldap_debug_api;
 745 extern int      __ldap_debug_ldap;
 746 extern int      __ldap_debug_servers;
 747 #endif
 748 
 749 /* internal connection APIs */
 750 void DropConnection(ConnectionID, int);
 751 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
 752 
 753 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
 754 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
 755 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
 756 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
 757 char *__s_get_pref_name(PrefOnly_t type);
 758 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
 759 char *__s_get_shadowupdate_name(enableShadowUpdate_t type);
 760 char *__s_get_hostcertpath(void);
 761 void __s_api_free_sessionPool();
 762 int __s_api_requestServer(const char *request, const char *server,
 763         ns_server_info_t *ret, ns_ldap_error_t **error,  const char *addrType);
 764 
 765 
 766 /* ************ internal sldap-api functions *********** */
 767 void    __ns_ldap_freeEntry(ns_ldap_entry_t *ep);
 768 void    __s_api_split_key_value(char *buffer, char **name, char **value);
 769 int     __s_api_printResult(ns_ldap_result_t *);
 770 int     __s_api_getSearchScope(int *, ns_ldap_error_t **);
 771 int     __s_api_getDNs(char ***, const char *,
 772         ns_ldap_error_t **);
 773 int     __s_api_get_search_DNs_v1(char ***, const char *,
 774         ns_ldap_error_t **);
 775 int     __s_api_getConnection(const char *, const int,
 776         const ns_cred_t *, int *,
 777         Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
 778 char    **__s_api_cp2dArray(char **);
 779 void    __s_api_free2dArray(char **);
 780 
 781 int     __s_api_isCtrlSupported(Connection *, char *);
 782 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
 783 ns_auth_t  *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
 784 boolean_t __s_api_peruser_proc(void);
 785 boolean_t __s_api_nscd_proc(void);
 786 char    *dvalue(char *);
 787 char    *evalue(char *);
 788 ns_ldap_error_t *__s_api_make_error(int, char *);
 789 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
 790 
 791 /* ************ specific 'Standalone' functions ********** */
 792 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
 793 struct hostent *__s_api_hostname2ip(const char *name,
 794                                     struct hostent *result,
 795                                     char *buffer,
 796                                     int buflen,
 797                                     int *h_errnop);
 798 void    __s_api_setInitMode();
 799 void    __s_api_unsetInitMode();
 800 int     __s_api_isStandalone(void);
 801 int __s_api_isInitializing();
 802 ns_ldap_return_code __s_api_findRootDSE(const char *request,
 803                                         const char *server,
 804                                         const char *addrType,
 805                                         ns_server_info_t *ret,
 806                                         ns_ldap_error_t **error);
 807 ns_config_t *__s_api_create_config_door_str(char *config,
 808                                 ns_ldap_error_t **errorp);
 809 
 810 extern void     get_environment();
 811 
 812 /* internal Param APIs */
 813 int             __ns_ldap_setParamValue(ns_config_t *ptr,
 814                         const ParamIndexType type,
 815                         const void *data, ns_ldap_error_t **error);
 816 int             __s_api_get_type(const char *value, ParamIndexType *type);
 817 int             __s_api_get_versiontype(ns_config_t *ptr, char *value,
 818                                         ParamIndexType *type);
 819 int             __s_api_get_profiletype(char *value, ParamIndexType *type);
 820 void            __s_api_init_config(ns_config_t *ptr);
 821 void            __s_api_init_config_global(ns_config_t *ptr);
 822 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
 823                                         int check_dn);
 824 ns_config_t     *__s_api_create_config(void);
 825 ns_config_t     *__s_api_get_default_config(void);
 826 ns_config_t     *__s_api_get_default_config_global(void);
 827 ns_config_t     *__s_api_loadrefresh_config();
 828 ns_config_t     *__s_api_loadrefresh_config_global();
 829 void            __s_api_destroy_config(ns_config_t *ptr);
 830 int             __s_api_get_configtype(ParamIndexType type);
 831 const char      *__s_api_get_configname(ParamIndexType type);
 832 char            *__s_api_strValue(ns_config_t *ptr, ParamIndexType i,
 833                         ns_strfmt_t fmt);
 834 void            __s_api_release_config(ns_config_t *cfg);
 835 
 836 /* internal attribute/objectclass mapping api's */
 837 int              __s_api_add_map2hash(ns_config_t *config,
 838                                 ns_hashtype_t type, ns_mapping_t *map);
 839 void            __s_api_destroy_hash(ns_config_t *config);
 840 int             __s_api_parse_map(char *cp, char **sid,
 841                                 char **origA, char ***mapA);
 842 char            **__ns_ldap_mapAttributeList(const char *service,
 843                                 const char * const *origAttrList);
 844 char            *__ns_ldap_mapAttribute(const char *service,
 845                                 const char *origAttr);
 846 
 847 /* internal configuration APIs */
 848 void            __ns_ldap_setServer(int set);
 849 ns_ldap_error_t *__ns_ldap_LoadConfiguration();
 850 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
 851                                 ns_config_t *new, int cred_only);
 852 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
 853 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename);
 854 int             __ns_ldap_cache_ping();
 855 ns_ldap_error_t *__ns_ldap_print_config(int);
 856 void            __ns_ldap_default_config();
 857 int             __ns_ldap_download(const char *, char *, char *,
 858                                 ns_ldap_error_t **);
 859 int
 860 __ns_ldap_check_dns_preq(int foreground,
 861                 int mode_verbose,
 862                 int mode_quiet,
 863                 const char *fname,
 864                 ns_ldap_self_gssapi_config_t config,
 865                 ns_ldap_error_t **errpp);
 866 int
 867 __ns_ldap_check_gssapi_preq(int foreground,
 868                 int mode_verbose,
 869                 int mode_quiet,
 870                 ns_ldap_self_gssapi_config_t config,
 871                 ns_ldap_error_t **errpp);
 872 int
 873 __ns_ldap_check_all_preq(int foreground,
 874                 int mode_verbose,
 875                 int mode_quiet,
 876                 ns_ldap_self_gssapi_config_t config,
 877                 ns_ldap_error_t **errpp);
 878 
 879 /* internal un-exposed APIs */
 880 ns_cred_t       *__ns_ldap_dupAuth(const ns_cred_t *authp);
 881 boolean_t       __s_api_is_auth_matched(const ns_cred_t *auth1,
 882                     const ns_cred_t *auth2);
 883 int             __s_api_get_SSD_from_SSDtoUse_service(const char *service,
 884                         ns_ldap_search_desc_t ***SSDlist,
 885                         ns_ldap_error_t **errorp);
 886 int             __s_api_prepend_automountmapname(const char *service,
 887                         ns_ldap_search_desc_t ***SSDlist,
 888                         ns_ldap_error_t ** errorp);
 889 int             __s_api_prepend_automountmapname_to_dn(const char *service,
 890                         char **basedn,
 891                         ns_ldap_error_t ** errorp);
 892 int             __s_api_convert_automountmapname(const char *service,
 893                         char **dn, ns_ldap_error_t ** errorp);
 894 int             __s_api_replace_mapped_attr_in_dn(
 895                         const char *orig_attr, const char *mapped_attr,
 896                         const char *dn, char **new_dn);
 897 int             __s_api_append_default_basedn(
 898                         const char *dn,
 899                         char **new_dn,
 900                         int *allocated,
 901                         ns_ldap_error_t ** errorp);
 902 int             __s_api_removeServer(const char *server);
 903 void            __s_api_removeBadServers(char **server);
 904 void            __s_api_free_server_info(ns_server_info_t *sinfo);
 905 void            __s_api_freeConnection(Connection *con);
 906 
 907 /* internal referrals APIs */
 908 int             __s_api_toFollowReferrals(const int flags,
 909                         int *toFollow,
 910                         ns_ldap_error_t **errorp);
 911 int             __s_api_addRefInfo(ns_referral_info_t **head,
 912                         char *url, char *baseDN, int *scope,
 913                         char *filter, LDAP *ld);
 914 void            __s_api_deleteRefInfo(ns_referral_info_t *head);
 915 
 916 /* callback routine for SSD filters */
 917 int             __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
 918                         char **realfilter,
 919                         const void *userdata);
 920 
 921 /* network address verification api */
 922 int             __s_api_isipv4(char *addr);
 923 int             __s_api_isipv6(char *addr);
 924 int             __s_api_ishost(char *addr);
 925 
 926 /* password management routine */
 927 ns_ldap_passwd_status_t
 928                 __s_api_set_passwd_status(int errnum, char *errmsg);
 929 int             __s_api_contain_passwd_control_oid(char **oids);
 930 
 931 /* password less account management routine */
 932 int             __s_api_contain_account_usable_control_oid(char **oids);
 933 
 934 /* RFC 2307 section 5.6. Get a canonical name from entry */
 935 char            *__s_api_get_canonical_name(ns_ldap_entry_t *entry,
 936                         ns_ldap_attr_t *attrptr, int case_ignore);
 937 
 938 /* self/sasl/gssapi functions */
 939 int             __s_api_sasl_bind_callback(
 940                         LDAP            *ld,
 941                         unsigned        flags,
 942                         void            *defaults,
 943                         void            *in);
 944 
 945 int             __s_api_self_gssapi_only_get(void);
 946 
 947 int             __print2buf(LineBuf *line, const char *toprint, char *sep);
 948 
 949 #ifdef __cplusplus
 950 }
 951 #endif
 952 
 953 #endif /* _NS_INTERNAL_H */