Print this page
12236 getmembers_DN doesn't properly handle errors from __ns_ldap_dn2uid
12240 nss_ldap does not properly look up group members by distinguished name
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libsldap/common/ns_internal.h
+++ new/usr/src/lib/libsldap/common/ns_internal.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
25 + * Copyright 2020 Joyent, Inc.
25 26 */
26 27
27 28
28 29 #ifndef _NS_INTERNAL_H
29 30 #define _NS_INTERNAL_H
30 31
31 32 #ifdef __cplusplus
32 33 extern "C" {
33 34 #endif
34 35
35 36 #include <stdio.h>
36 37 #include <sys/types.h>
37 38 #include <sys/time.h>
38 39 #include <thread.h>
39 40 #include <lber.h>
40 41 #include <ldap.h>
41 42 #include "ns_sldap.h"
42 43 #include "ns_cache_door.h"
43 44
44 45 /*
45 46 * INTERNALLY USED CONSTANTS
46 47 */
47 48
48 49 #define MAXERROR 2000
49 50 #define TRUE 1
50 51 #define FALSE 0
51 52 #define NSLDAPDIRECTORY "/var/ldap"
52 53 #define NSCONFIGFILE "/var/ldap/ldap_client_file"
53 54 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh"
54 55 #define NSCREDFILE "/var/ldap/ldap_client_cred"
55 56 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh"
56 57 #define ROTORSIZE 256
57 58 #define MASK 0377
58 59 #define LDAPMAXHARDLOOKUPTIME 256
59 60 #define DONOTEDIT \
|
↓ open down ↓ |
25 lines elided |
↑ open up ↑ |
60 61 "Do not edit this file manually; your changes will be lost." \
61 62 "Please use ldapclient (1M) instead."
62 63 #define MAXPORTNUMBER 65535
63 64 #define MAXPORTNUMBER_STR "65535"
64 65 #define CREDFILE 0
65 66 #define CONFIGFILE 1
66 67 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))"
67 68 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))"
68 69 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))"
69 70 #define UIDFILTER_SSD "(&(%%s)(uid=%s))"
70 -#define UIDDNFILTER "(&(objectclass=posixAccount)(distinguishedName=%s))"
71 -#define UIDDNFILTER_SSD "(&(%%s)(distinguishedName=%s))"
71 +#define UIDDNFILTER "(objectclass=posixAccount)"
72 72
73 73 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))"
74 74 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))"
75 75
76 76 #define SIMPLEPAGECTRLFLAG 1
77 77 #define VLVCTRLFLAG 2
78 78
79 79 #define LISTPAGESIZE 1000
80 80 #define ENUMPAGESIZE 100
81 81
82 82 #define DEFMAX 8
83 83 #define TOKENSEPARATOR '='
84 84 #define QUOTETOK '"'
85 85 #define SPACETOK ' '
86 86 #define COMMATOK ','
87 87 #define COLONTOK ':'
88 88 #define QUESTTOK '?'
89 89 #define SEMITOK ';'
90 90 #define TABTOK '\t'
91 91 #define OPARATOK '('
92 92 #define CPARATOK ')'
93 93 #define BSLTOK '\\'
94 94 #define DOORLINESEP "\07"
95 95 #define DOORLINESEP_CHR 0x7
96 96 #define COMMASEP ", "
97 97 #define SPACESEP " "
98 98 #define SEMISEP ";"
99 99 #define COLONSEP ":"
100 100 #define COLSPSEP ": "
101 101 #define EQUALSEP "="
102 102 #define EQUSPSEP "= "
103 103 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P
104 104 #define BUFSIZE BUFSIZ
105 105 #define DEFAULTCONFIGNAME "__default_config"
106 106 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */
107 107 #define CRYPTMARK "{NS1}"
108 108 #define DOORBUFFERSIZE 8192
109 109
110 110 #define LDIF_FMT_STR "%s: %s"
111 111 #define FILE_FMT_STR "%s= %s"
112 112 #define DOOR_FMT_STR "%s=%s"
113 113
114 114 #define SESSION_CACHE_INC 8
115 115 #define CONID_OFFSET 1024
116 116 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */
117 117 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */
118 118
119 119 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
120 120 #define RDNSIZE 512
121 121
122 122 /*
123 123 * special service used by ldap_cachemgr to indicate a shadow update
124 124 * is to be done with the credential of the administrator identity
125 125 */
126 126 #define NS_ADMIN_SHADOW_UPDATE "shadow__admin_update"
127 127
128 128 /* Phase 1 profile information */
129 129 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile"
130 130 #define _PROFILE_CONTAINER "profile"
131 131 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
132 132
133 133 /* Phase 2 profile information */
134 134 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile"
135 135
136 136 /* Common to all profiles */
137 137 #define _P_CN "cn"
138 138
139 139 /* Native LDAP Phase 1 Specific Profile Attributes */
140 140 #define _P1_SERVERS "SolarisLDAPServers"
141 141 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN"
142 142 #define _P1_CACHETTL "SolarisCacheTTL"
143 143 #define _P1_BINDDN "SolarisBindDN"
144 144 #define _P1_BINDPASSWORD "SolarisBindPassword"
145 145 #define _P1_AUTHMETHOD "SolarisAuthMethod"
146 146 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity"
147 147 #define _P1_CERTIFICATEPATH "SolarisCertificatePath"
148 148 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword"
149 149 #define _P1_DATASEARCHDN "SolarisDataSearchDN"
150 150 #define _P1_SEARCHSCOPE "SolarisSearchScope"
151 151 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit"
152 152 #define _P1_PREFERREDSERVER "SolarisPreferredServer"
153 153 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly"
154 154 #define _P1_SEARCHREFERRAL "SolarisSearchReferral"
155 155 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit"
156 156
157 157 /* Native LDAP Phase 2 Specific Profile Attributes */
158 158 #define _P2_PREFERREDSERVER "preferredServerList"
159 159 #define _P2_DEFAULTSERVER "defaultServerList"
160 160 #define _P2_SEARCHBASEDN "defaultSearchBase"
161 161 #define _P2_SEARCHSCOPE "defaultSearchScope"
162 162 #define _P2_AUTHMETHOD "authenticationMethod"
163 163 #define _P2_CREDENTIALLEVEL "credentialLevel"
164 164 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor"
165 165 #define _P2_SEARCHTIMELIMIT "searchTimeLimit"
166 166 #define _P2_BINDTIMELIMIT "bindTimeLimit"
167 167 #define _P2_FOLLOWREFERRALS "followReferrals"
168 168 #define _P2_PROFILETTL "profileTTL"
169 169 #define _P2_ATTRIBUTEMAP "attributeMap"
170 170 #define _P2_OBJECTCLASSMAP "objectClassMap"
171 171 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel"
172 172 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod"
173 173
174 174 /* Control & SASL information from RootDSE door call */
175 175 #define _SASLMECHANISM "supportedSASLmechanisms"
176 176 #define _SASLMECHANISM_LEN 23
177 177 #define _SUPPORTEDCONTROL "supportedControl"
178 178 #define _SUPPORTEDCONTROL_LEN 16
179 179
180 180 #define NS_HASH_MAX 257
181 181 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED="
182 182 #define NS_HASH_RC_SUCCESS 1
183 183 #define NS_HASH_RC_NO_MEMORY -1
184 184 #define NS_HASH_RC_CONFIG_ERROR -2
185 185 #define NS_HASH_RC_EXISTED -3
186 186 #define NS_HASH_RC_SYNTAX_ERROR -4
187 187
188 188 /* Password management related error message from iDS ldap server */
189 189 #define NS_PWDERR_MAXTRIES \
190 190 "Exceed password retry limit."
191 191 #define NS_PWDERR_EXPIRED \
192 192 "password expired!"
193 193 #define NS_PWDERR_ACCT_INACTIVATED \
194 194 "Account inactivated. Contact system administrator."
195 195 #define NS_PWDERR_CHANGE_NOT_ALLOW \
196 196 "user is not allowed to change password"
197 197 #define NS_PWDERR_INVALID_SYNTAX \
198 198 "invalid password syntax"
199 199 #define NS_PWDERR_TRIVIAL_PASSWD \
200 200 "Password failed triviality check"
201 201 #define NS_PWDERR_IN_HISTORY \
202 202 "password in history"
203 203 #define NS_PWDERR_WITHIN_MIN_AGE \
204 204 "within password minimum age"
205 205
206 206 /*
207 207 * INTERNALLY USED MACROS
208 208 */
209 209
210 210 void __s_api_debug_pause(int priority, int st, const char *mesg);
211 211
212 212 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str))
213 213
214 214 /*
215 215 * MKERROR: builds the error structure and fills in the status and
216 216 * the message. The message must be a freeable (non-static) string.
217 217 * If it fails to allocate memory for the error structure,
218 218 * it will return the retErr.
219 219 */
220 220 #define MKERROR(priority, err, st, mesg, retErr) \
221 221 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
222 222 return (retErr); \
223 223 (err)->message = mesg; \
224 224 (err)->status = (st); \
225 225 __s_api_debug_pause(priority, st, (err)->message);
226 226
227 227 /*
228 228 * MKERROR_PWD_MGMT is almost the same as MKERROR
229 229 * except that it takes two more inputs to fill in the
230 230 * password management information part of the
231 231 * ns_ldap_error structure pointed to by err,
232 232 * and it does not log a syslog message.
233 233 */
234 234 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
235 235 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
236 236 return (retErr); \
237 237 (err)->message = mesg; \
238 238 (err)->status = (st); \
239 239 (err)->pwd_mgmt.status = (pwd_status); \
240 240 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
241 241
242 242 #ifdef DEBUG
243 243 #define NSLDAPTRACE(variable, setequal, message) \
244 244 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
245 245 char buf[BUFSIZ]; \
246 246 (void) snprintf(buf, BUFSIZ, message); \
247 247 (void) write(__ldap_debug_file, buf); \
248 248 }
249 249 #endif
250 250
251 251 /*
252 252 * INTERNAL DATA STRUCTURES
253 253 */
254 254
255 255 /*
256 256 * configuration entry type
257 257 */
258 258
259 259 typedef enum {
260 260 SERVERCONFIG = 1,
261 261 CLIENTCONFIG = 2,
262 262 CREDCONFIG = 3
263 263 } ns_conftype_t;
264 264
265 265 /*
266 266 * datatype of a config entry
267 267 */
268 268
269 269 typedef enum {
270 270 NS_UNKNOWN = 0,
271 271 CHARPTR = 1, /* Single character pointer */
272 272 ARRAYCP = 2, /* comma sep array of char pointers */
273 273 ARRAYAUTH = 3, /* Array of auths */
274 274 TIMET = 4, /* time relative value (TTL) */
275 275 INT = 5, /* single integer */
276 276 SSDLIST = 6, /* service search descriptor */
277 277 ATTRMAP = 7, /* attribute mapping */
278 278 OBJMAP = 8, /* objectclass mapping */
279 279 SERVLIST = 9, /* serverlist (SP sep array) */
280 280 ARRAYCRED = 10, /* Array of credentialLevels */
281 281 SAMLIST = 11, /* serviceAuthenticationMethod */
282 282 SCLLIST = 12 /* serviceCredentialLevel */
283 283 } ns_datatype_t;
284 284
285 285 typedef enum {
286 286 NS_SUCCESS,
287 287 NS_NOTFOUND,
288 288 NS_PARSE_ERR
289 289 } ns_parse_status;
290 290
291 291 typedef enum {
292 292 NS_DOOR_FMT = 1,
293 293 NS_LDIF_FMT = 2,
294 294 NS_FILE_FMT = 3
295 295 } ns_strfmt_t;
296 296
297 297 /*
298 298 * This enum reduces the number of version string compares
299 299 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
300 300 */
301 301
302 302 typedef enum {
303 303 NS_LDAP_V1 = 1000,
304 304 NS_LDAP_V2 = 2000
305 305 } ns_version_t;
306 306
307 307 /*
308 308 * enum<->string mapping construct
309 309 */
310 310
311 311 typedef struct ns_enum_map {
312 312 int value;
313 313 char *name;
314 314 } ns_enum_map;
315 315
316 316 #define ENUM2INT(x) ((int)(x))
317 317
318 318 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x))
319 319 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x))
320 320 #define INT2SCOPEENUM(x) ((ScopeType_t)(x))
321 321 #define INT2AUTHENUM(x) ((AuthType_t)(x))
322 322 #define INT2SECENUM(x) ((TlsType_t)(x))
323 323 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x))
324 324 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x))
325 325 #define INT2SHADOWUPDATENUM(x) ((enableShadowUpdate_t)(x))
326 326
327 327 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x))
328 328 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x))
329 329 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x))
330 330
331 331 /*
332 332 * This structure maps service name to rdn components
333 333 * for use in __ns_getDNs. It also defines the SSD-to-use
334 334 * service for use in __s_api_get_SSDtoUse_service.
335 335 * The idea of an SSD-to-use service is to reduce the configuration
336 336 * complexity. For a service, which does not have its own entries in
337 337 * the LDAP directory, SSD for it is useless, and should not be set.
338 338 * But since this service must share the container with at least
339 339 * one other service which does have it own entries, the SSD for
340 340 * this other service will be shared by this service.
341 341 * This other service is called the SSD-to-use service.
342 342 *
343 343 */
344 344
345 345 typedef struct ns_service_map {
346 346 char *service;
347 347 char *rdn;
348 348 char *SSDtoUse_service;
349 349 } ns_service_map;
350 350
351 351 /*
352 352 * This structure contains a single mapping from:
353 353 * service:orig -> list of mapped
354 354 */
355 355
356 356 typedef enum {
357 357 NS_ATTR_MAP,
358 358 NS_OBJ_MAP
359 359 } ns_maptype_t;
360 360
361 361 typedef struct ns_mapping {
362 362 ns_maptype_t type;
363 363 char *service;
364 364 char *orig;
365 365 char **map;
366 366 } ns_mapping_t;
367 367
368 368 /*
369 369 * The following is the list of internal libsldap configuration data
370 370 * structures. The configuration is populated normally once per
371 371 * application. The assumption is that in applications can be
372 372 * relatively short lived (IE ls via nsswitch) so it is important to
373 373 * keep configuration to a minimum, but keep lookups fast.
374 374 *
375 375 * Assumptions:
376 376 * 1 configuration entry per domain, and almost always 1 domain
377 377 * per app. Hooks exist for multiple domains per app.
378 378 *
379 379 * Configurations are read in from client file cache or from LDAP.
380 380 * Attribute/objectclass mappings are hashed to improve lookup
381 381 * speed.
382 382 */
383 383
384 384 /*
385 385 * Hash entry types
386 386 */
387 387 typedef enum _ns_hashtype_t {
388 388 NS_HASH_AMAP = 1, /* attr map */
389 389 NS_HASH_RAMAP = 2, /* reverse attr map */
390 390 NS_HASH_OMAP = 3, /* oc map */
391 391 NS_HASH_ROMAP = 4, /* reverse oc map */
392 392 NS_HASH_VOID = 5
393 393 } ns_hashtype_t;
394 394
395 395 typedef struct ns_hash {
396 396 ns_hashtype_t h_type;
397 397 ns_mapping_t *h_map;
398 398 struct ns_hash *h_next;
399 399 struct ns_hash *h_llnext;
400 400 } ns_hash_t;
401 401
402 402 /*
403 403 * This structure defines the format of an internal configuration
404 404 * parameter for ns_ldap client.
405 405 */
406 406
407 407 typedef struct ns_param {
408 408 ns_datatype_t ns_ptype;
409 409 int ns_acnt;
410 410 union {
411 411 char **ppc;
412 412 int *pi;
413 413 char *pc;
414 414 int i;
415 415 time_t tm;
416 416 } ns_pu;
417 417 } ns_param_t;
418 418
419 419 #define ns_ppc ns_pu.ppc
420 420 #define ns_pi ns_pu.pi
421 421 #define ns_pc ns_pu.pc
422 422 #define ns_i ns_pu.i
423 423 #define ns_tm ns_pu.tm
424 424
425 425 /*
426 426 * This structure defines an instance of a configuration structure.
427 427 * paramList contains the current ns_ldap parameter configuration
428 428 * and hashTbl contain the current attribute/objectclass mappings.
429 429 * Parameters are indexed by using the value assigned to the parameter
430 430 * in ParamIndexType.
431 431 */
432 432
433 433 typedef struct ns_config {
434 434 char *domainName;
435 435 ns_version_t version;
436 436 ns_param_t paramList[NS_LDAP_MAX_PIT_P];
437 437 ns_hash_t *hashTbl[NS_HASH_MAX];
438 438 ns_hash_t *llHead;
439 439 ns_ldap_entry_t *RootDSE;
440 440 boolean_t delete;
441 441 mutex_t config_mutex;
442 442 int nUse;
443 443 ldap_get_chg_cookie_t config_cookie;
444 444 } ns_config_t;
445 445
446 446 /*
447 447 * This structure defines the mapping of the NSCONFIGFILE file
448 448 * statements into their corresponding SolarisNamingProfile,
449 449 * Posix Mapping LDAP attributes, and to their corresponding
450 450 * ParamIndexType enum mapping. THe ParamIndexType enum
451 451 * definitions can be found in ns_ldap.h. This structure also
452 452 * defines the default values that are used when a value either
453 453 * does not exist or is undefined.
454 454 */
455 455
456 456 typedef struct ns_default_config {
457 457 const char *name; /* config file parameter name */
458 458 ParamIndexType index; /* config file enum index */
459 459 ns_conftype_t config_type; /* CLIENT/SERVER/CREDCONFIG */
460 460 ns_datatype_t data_type; /* ppc,pi,pc,int etc... */
461 461 int single_valued; /* TRUE OR FALSE */
462 462 ns_version_t version; /* Version # for attribute */
463 463 const char *profile_name; /* profile schema attribute name */
464 464 ns_param_t defval; /* config file parameter default */
465 465 int (*ns_verify)(ParamIndexType i,
466 466 struct ns_default_config *def,
467 467 ns_param_t *param,
468 468 char *errbuf);
469 469 ns_enum_map *allowed; /* allowed values */
470 470 } ns_default_config;
471 471
472 472
473 473 /*
474 474 * This typedef enumerates all the supported authentication
475 475 * mechanisms currently supported in this library
476 476 */
477 477
478 478 typedef enum EnumAuthType {
479 479 NS_LDAP_EA_NONE = 0,
480 480 NS_LDAP_EA_SIMPLE = 1,
481 481 NS_LDAP_EA_SASL_NONE = 2,
482 482 NS_LDAP_EA_SASL_CRAM_MD5 = 3,
483 483 NS_LDAP_EA_SASL_DIGEST_MD5 = 4,
484 484 NS_LDAP_EA_SASL_DIGEST_MD5_INT = 5,
485 485 NS_LDAP_EA_SASL_DIGEST_MD5_CONF = 6,
486 486 NS_LDAP_EA_SASL_EXTERNAL = 7,
487 487 NS_LDAP_EA_SASL_GSSAPI = 8,
488 488 NS_LDAP_EA_SASL_SPNEGO = 9, /* unsupported */
489 489 NS_LDAP_EA_TLS_NONE = 10,
490 490 NS_LDAP_EA_TLS_SIMPLE = 11,
491 491 NS_LDAP_EA_TLS_SASL_NONE = 12,
492 492 NS_LDAP_EA_TLS_SASL_CRAM_MD5 = 13,
493 493 NS_LDAP_EA_TLS_SASL_DIGEST_MD5 = 14,
494 494 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT = 15,
495 495 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF = 16,
496 496 NS_LDAP_EA_TLS_SASL_EXTERNAL = 17,
497 497 NS_LDAP_EA_TLS_SASL_GSSAPI = 18, /* unsupported */
498 498 NS_LDAP_EA_TLS_SASL_SPNEGO = 19 /* unsupported */
499 499 } EnumAuthType_t;
500 500
501 501
502 502 /*
503 503 * this enum lists the various states of the search state machine
504 504 */
505 505
506 506 typedef enum {
507 507 INIT = 1,
508 508 EXIT = 2,
509 509 NEXT_SEARCH_DESCRIPTOR = 3,
510 510 GET_SESSION = 4,
511 511 NEXT_SESSION = 5,
512 512 RESTART_SESSION = 6,
513 513 NEXT_SEARCH = 7,
514 514 NEXT_VLV = 8,
515 515 NEXT_PAGE = 9,
516 516 ONE_SEARCH = 10,
517 517 DO_SEARCH = 11,
518 518 NEXT_RESULT = 12,
519 519 MULTI_RESULT = 13,
520 520 PROCESS_RESULT = 14,
521 521 END_PROCESS_RESULT = 15,
522 522 END_RESULT = 16,
523 523 NEXT_REFERRAL = 17,
524 524 GET_REFERRAL_SESSION = 18,
525 525 ERROR = 19,
526 526 LDAP_ERROR = 20,
527 527 GET_ACCT_MGMT_INFO = 21,
528 528 CLEAR_RESULTS = 22,
529 529 REINIT = 23
530 530 } ns_state_t;
531 531
532 532 /*
533 533 * this enum lists the various states of the write state machine
534 534 */
535 535 typedef enum {
536 536 W_INIT = 1,
537 537 W_EXIT = 2,
538 538 GET_CONNECTION = 3,
539 539 SELECT_OPERATION_SYNC = 4,
540 540 SELECT_OPERATION_ASYNC = 5,
541 541 DO_ADD_SYNC = 6,
542 542 DO_DELETE_SYNC = 7,
543 543 DO_MODIFY_SYNC = 8,
544 544 DO_ADD_ASYNC = 9,
545 545 DO_DELETE_ASYNC = 10,
546 546 DO_MODIFY_ASYNC = 11,
547 547 GET_RESULT_SYNC = 12,
548 548 GET_RESULT_ASYNC = 13,
549 549 PARSE_RESULT = 14,
550 550 GET_REFERRAL_CONNECTION = 15,
551 551 W_LDAP_ERROR = 16,
552 552 W_ERROR = 17
553 553 } ns_write_state_t;
554 554
555 555
556 556 typedef int ConnectionID;
557 557
558 558 /*
559 559 * Server side sort type. Orginally the server side sort
560 560 * was set to "cn uid". This did not work with AD and
561 561 * hence single sort attribute was odopted. We dont
562 562 * know which server side sort will work with the
563 563 * Directory and hence we discover which method works.
564 564 */
565 565 typedef enum {
566 566 SSS_UNKNOWN = 0,
567 567 SSS_SINGLE_ATTR = 1,
568 568 SSS_CN_UID_ATTRS = 2
569 569 } ns_srvsidesort_t;
570 570
571 571 /*
572 572 * This structure is used by ns_connect to create and manage
573 573 * one or more ldap connections within the library.
574 574 */
575 575 typedef struct connection {
576 576 ConnectionID connectionId;
577 577 boolean_t usedBit; /* true if only used by */
578 578 /* one thread and not shared */
579 579 /* by other threads */
580 580 pid_t pid; /* process id */
581 581 char *serverAddr;
582 582 ns_cred_t *auth;
583 583 LDAP *ld;
584 584 thread_t threadID; /* thread ID using it */
585 585 struct ns_ldap_cookie *cookieInfo;
586 586 char **controls; /* from server_info */
587 587 char **saslMechanisms; /* from server_info */
588 588 } Connection;
589 589
590 590 #define ONE_STEP 1
591 591
592 592 /*
593 593 * This structure is for referrals processing.
594 594 * The data are from referral URLs returned by
595 595 * LDAP servers
596 596 */
597 597 typedef struct ns_referral_info {
598 598 struct ns_referral_info *next;
599 599 char *refHost;
600 600 int refScope;
601 601 char *refDN;
602 602 char *refFilter;
603 603 } ns_referral_info_t;
604 604
605 605 struct ns_ldap_cookie;
606 606
607 607 /*
608 608 * Batch used by __ns_ldap_list_batch_xxx API
609 609 */
610 610 struct ns_ldap_list_batch {
611 611 uint32_t nactive;
612 612 struct ns_ldap_cookie *next_cookie;
613 613 struct ns_ldap_cookie *cookie_list;
614 614 };
615 615
616 616 struct ns_conn_user;
617 617 typedef struct ns_conn_user ns_conn_user_t;
618 618
619 619 /*
620 620 * This structure used internally in searches
621 621 */
622 622
623 623 typedef struct ns_ldap_cookie {
624 624 /* INPUTS */
625 625 /* server list position */
626 626
627 627 /* service search descriptor list & position */
628 628 ns_ldap_search_desc_t **sdlist;
629 629 ns_ldap_search_desc_t **sdpos;
630 630
631 631 /* search filter callback */
632 632 int use_filtercb;
633 633 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
634 634 char **realfilter, const void *userdata);
635 635
636 636 /* user callback */
637 637 int use_usercb;
638 638 int (*callback)(const ns_ldap_entry_t *entry,
639 639 const void *userdata);
640 640 const void *userdata;
641 641
642 642 int followRef;
643 643 int use_paging;
644 644 char *service;
645 645 char *i_filter;
646 646 const char * const *i_attr;
647 647 const char *i_sortattr;
648 648 const ns_cred_t *i_auth;
649 649 int i_flags;
650 650
651 651 /* OUTPUTS */
652 652 ns_ldap_result_t *result;
653 653 ns_ldap_entry_t *nextEntry;
654 654 /* Error data */
655 655 int err_rc;
656 656 ns_ldap_error_t *errorp;
657 657
658 658 /* PRIVATE */
659 659 ns_state_t state;
660 660 ns_state_t new_state;
661 661 ns_state_t next_state;
662 662
663 663 Connection *conn;
664 664 #define conn_auth_type conn->auth->auth.type
665 665 ConnectionID connectionId;
666 666
667 667 /* paging VLV/SIMPLEPAGE data */
668 668 int listType;
669 669 unsigned long index;
670 670 LDAPControl **p_serverctrls;
671 671 ns_srvsidesort_t sortTypeTry;
672 672 int entryCount;
673 673
674 674 int scope;
675 675 char *basedn;
676 676 char *filter;
677 677 char **attribute;
678 678
679 679 /* RESULT PROCESSING */
680 680 int msgId;
681 681 LDAPMessage *resultMsg;
682 682
683 683 char **dns;
684 684 char *currentdn;
685 685 int flag;
686 686 struct berval *ctrlCookie;
687 687
688 688 /* REFERRALS PROCESSING */
689 689 /* referralinfo list & position */
690 690 ns_referral_info_t *reflist;
691 691 ns_referral_info_t *refpos;
692 692 /* search timeout value */
693 693 struct timeval search_timeout;
694 694 /* response control to hold account management information */
695 695 LDAPControl **resultctrl;
696 696 /* Flag to indicate password less account management is required */
697 697 int nopasswd_acct_mgmt;
698 698 int err_from_result;
699 699 ns_conn_user_t *conn_user;
700 700
701 701 /* BATCH PROCESSING */
702 702 ns_ldap_list_batch_t *batch;
703 703 boolean_t no_wait;
704 704 boolean_t reinit_on_retriable_err;
705 705 int retries;
706 706 ns_ldap_result_t **caller_result;
707 707 ns_ldap_error_t **caller_errorp;
708 708 int *caller_rc;
709 709 struct ns_ldap_cookie *next_cookie_in_batch;
710 710 } ns_ldap_cookie_t;
711 711
712 712 /*
713 713 * This structure is part of the return value information for
714 714 * __s_api_requestServer. The routine that requests a new server
715 715 * from the cache manager
716 716 */
717 717 typedef struct ns_server_info {
718 718 char *server;
719 719 char *serverFQDN;
720 720 char **controls;
721 721 char **saslMechanisms;
722 722 } ns_server_info_t;
723 723
724 724 /*
725 725 * sasl callback function parameters
726 726 */
727 727 typedef struct ns_sasl_cb_param {
728 728 char *mech;
729 729 char *authid;
730 730 char *authzid;
731 731 char *passwd;
732 732 char *realm;
733 733 } ns_sasl_cb_param_t;
734 734
735 735 /* Multiple threads per connection variable */
736 736 extern int MTperConn;
737 737
738 738 /*
739 739 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
740 740 */
741 741
742 742 #ifdef DEBUG
743 743 extern int __ldap_debug_file;
744 744 extern int __ldap_debug_api;
745 745 extern int __ldap_debug_ldap;
746 746 extern int __ldap_debug_servers;
747 747 #endif
748 748
749 749 /* internal connection APIs */
750 750 void DropConnection(ConnectionID, int);
751 751 int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
752 752
753 753 int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
754 754 char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
755 755 char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
756 756 char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
757 757 char *__s_get_pref_name(PrefOnly_t type);
|
↓ open down ↓ |
676 lines elided |
↑ open up ↑ |
758 758 char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
759 759 char *__s_get_shadowupdate_name(enableShadowUpdate_t type);
760 760 char *__s_get_hostcertpath(void);
761 761 void __s_api_free_sessionPool();
762 762 int __s_api_requestServer(const char *request, const char *server,
763 763 ns_server_info_t *ret, ns_ldap_error_t **error, const char *addrType);
764 764
765 765
766 766 /* ************ internal sldap-api functions *********** */
767 767 void __ns_ldap_freeEntry(ns_ldap_entry_t *ep);
768 +void __ns_ldap_freeASearchDesc(ns_ldap_search_desc_t *);
768 769 void __s_api_split_key_value(char *buffer, char **name, char **value);
769 770 int __s_api_printResult(ns_ldap_result_t *);
770 771 int __s_api_getSearchScope(int *, ns_ldap_error_t **);
771 772 int __s_api_getDNs(char ***, const char *,
772 773 ns_ldap_error_t **);
773 774 int __s_api_get_search_DNs_v1(char ***, const char *,
774 775 ns_ldap_error_t **);
775 776 int __s_api_getConnection(const char *, const int,
776 777 const ns_cred_t *, int *,
777 778 Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
778 779 char **__s_api_cp2dArray(char **);
779 780 void __s_api_free2dArray(char **);
780 781
781 782 int __s_api_isCtrlSupported(Connection *, char *);
782 783 ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
783 784 ns_auth_t *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
784 785 boolean_t __s_api_peruser_proc(void);
785 786 boolean_t __s_api_nscd_proc(void);
786 787 char *dvalue(char *);
787 788 char *evalue(char *);
788 789 ns_ldap_error_t *__s_api_make_error(int, char *);
789 790 ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
790 791
791 792 /* ************ specific 'Standalone' functions ********** */
792 793 ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
793 794 struct hostent *__s_api_hostname2ip(const char *name,
794 795 struct hostent *result,
795 796 char *buffer,
796 797 int buflen,
797 798 int *h_errnop);
798 799 void __s_api_setInitMode();
799 800 void __s_api_unsetInitMode();
800 801 int __s_api_isStandalone(void);
801 802 int __s_api_isInitializing();
802 803 ns_ldap_return_code __s_api_findRootDSE(const char *request,
803 804 const char *server,
804 805 const char *addrType,
805 806 ns_server_info_t *ret,
806 807 ns_ldap_error_t **error);
807 808 ns_config_t *__s_api_create_config_door_str(char *config,
808 809 ns_ldap_error_t **errorp);
809 810
810 811 extern void get_environment();
811 812
812 813 /* internal Param APIs */
813 814 int __ns_ldap_setParamValue(ns_config_t *ptr,
814 815 const ParamIndexType type,
815 816 const void *data, ns_ldap_error_t **error);
816 817 int __s_api_get_type(const char *value, ParamIndexType *type);
817 818 int __s_api_get_versiontype(ns_config_t *ptr, char *value,
818 819 ParamIndexType *type);
819 820 int __s_api_get_profiletype(char *value, ParamIndexType *type);
820 821 void __s_api_init_config(ns_config_t *ptr);
821 822 void __s_api_init_config_global(ns_config_t *ptr);
822 823 ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
823 824 int check_dn);
824 825 ns_config_t *__s_api_create_config(void);
825 826 ns_config_t *__s_api_get_default_config(void);
826 827 ns_config_t *__s_api_get_default_config_global(void);
827 828 ns_config_t *__s_api_loadrefresh_config();
828 829 ns_config_t *__s_api_loadrefresh_config_global();
829 830 void __s_api_destroy_config(ns_config_t *ptr);
830 831 int __s_api_get_configtype(ParamIndexType type);
831 832 const char *__s_api_get_configname(ParamIndexType type);
832 833 char *__s_api_strValue(ns_config_t *ptr, ParamIndexType i,
833 834 ns_strfmt_t fmt);
834 835 void __s_api_release_config(ns_config_t *cfg);
835 836
836 837 /* internal attribute/objectclass mapping api's */
837 838 int __s_api_add_map2hash(ns_config_t *config,
838 839 ns_hashtype_t type, ns_mapping_t *map);
839 840 void __s_api_destroy_hash(ns_config_t *config);
840 841 int __s_api_parse_map(char *cp, char **sid,
841 842 char **origA, char ***mapA);
842 843 char **__ns_ldap_mapAttributeList(const char *service,
843 844 const char * const *origAttrList);
844 845 char *__ns_ldap_mapAttribute(const char *service,
845 846 const char *origAttr);
846 847
847 848 /* internal configuration APIs */
848 849 void __ns_ldap_setServer(int set);
|
↓ open down ↓ |
71 lines elided |
↑ open up ↑ |
849 850 ns_ldap_error_t *__ns_ldap_LoadConfiguration();
850 851 ns_ldap_error_t *__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
851 852 ns_config_t *new, int cred_only);
852 853 ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
853 854 ns_ldap_error_t *__ns_ldap_DumpLdif(char *filename);
854 855 int __ns_ldap_cache_ping();
855 856 ns_ldap_error_t *__ns_ldap_print_config(int);
856 857 void __ns_ldap_default_config();
857 858 int __ns_ldap_download(const char *, char *, char *,
858 859 ns_ldap_error_t **);
859 -int
860 -__ns_ldap_check_dns_preq(int foreground,
861 - int mode_verbose,
862 - int mode_quiet,
863 - const char *fname,
864 - ns_ldap_self_gssapi_config_t config,
865 - ns_ldap_error_t **errpp);
866 -int
867 -__ns_ldap_check_gssapi_preq(int foreground,
868 - int mode_verbose,
869 - int mode_quiet,
870 - ns_ldap_self_gssapi_config_t config,
871 - ns_ldap_error_t **errpp);
872 -int
873 -__ns_ldap_check_all_preq(int foreground,
874 - int mode_verbose,
875 - int mode_quiet,
876 - ns_ldap_self_gssapi_config_t config,
877 - ns_ldap_error_t **errpp);
860 +int __ns_ldap_check_dns_preq(int foreground, int mode_verbose, int mode_quiet,
861 + const char *fname, ns_ldap_self_gssapi_config_t config,
862 + ns_ldap_error_t **errpp);
878 863
864 +int __ns_ldap_check_gssapi_preq(int foreground, int mode_verbose,
865 + int mode_quiet, ns_ldap_self_gssapi_config_t config,
866 + ns_ldap_error_t **errpp);
867 +
868 +int __ns_ldap_check_all_preq(int foreground, int mode_verbose, int mode_quiet,
869 + ns_ldap_self_gssapi_config_t config, ns_ldap_error_t **errpp);
870 +
879 871 /* internal un-exposed APIs */
880 872 ns_cred_t *__ns_ldap_dupAuth(const ns_cred_t *authp);
881 873 boolean_t __s_api_is_auth_matched(const ns_cred_t *auth1,
882 874 const ns_cred_t *auth2);
883 875 int __s_api_get_SSD_from_SSDtoUse_service(const char *service,
884 876 ns_ldap_search_desc_t ***SSDlist,
885 877 ns_ldap_error_t **errorp);
886 878 int __s_api_prepend_automountmapname(const char *service,
887 879 ns_ldap_search_desc_t ***SSDlist,
888 880 ns_ldap_error_t ** errorp);
889 881 int __s_api_prepend_automountmapname_to_dn(const char *service,
890 882 char **basedn,
891 883 ns_ldap_error_t ** errorp);
892 884 int __s_api_convert_automountmapname(const char *service,
893 885 char **dn, ns_ldap_error_t ** errorp);
894 886 int __s_api_replace_mapped_attr_in_dn(
895 887 const char *orig_attr, const char *mapped_attr,
896 888 const char *dn, char **new_dn);
897 889 int __s_api_append_default_basedn(
898 890 const char *dn,
899 891 char **new_dn,
900 892 int *allocated,
901 893 ns_ldap_error_t ** errorp);
902 894 int __s_api_removeServer(const char *server);
903 895 void __s_api_removeBadServers(char **server);
904 896 void __s_api_free_server_info(ns_server_info_t *sinfo);
905 897 void __s_api_freeConnection(Connection *con);
906 898
907 899 /* internal referrals APIs */
908 900 int __s_api_toFollowReferrals(const int flags,
909 901 int *toFollow,
910 902 ns_ldap_error_t **errorp);
911 903 int __s_api_addRefInfo(ns_referral_info_t **head,
912 904 char *url, char *baseDN, int *scope,
913 905 char *filter, LDAP *ld);
914 906 void __s_api_deleteRefInfo(ns_referral_info_t *head);
915 907
916 908 /* callback routine for SSD filters */
917 909 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
918 910 char **realfilter,
919 911 const void *userdata);
920 912
921 913 /* network address verification api */
922 914 int __s_api_isipv4(char *addr);
923 915 int __s_api_isipv6(char *addr);
924 916 int __s_api_ishost(char *addr);
925 917
926 918 /* password management routine */
927 919 ns_ldap_passwd_status_t
928 920 __s_api_set_passwd_status(int errnum, char *errmsg);
929 921 int __s_api_contain_passwd_control_oid(char **oids);
930 922
931 923 /* password less account management routine */
932 924 int __s_api_contain_account_usable_control_oid(char **oids);
933 925
934 926 /* RFC 2307 section 5.6. Get a canonical name from entry */
935 927 char *__s_api_get_canonical_name(ns_ldap_entry_t *entry,
936 928 ns_ldap_attr_t *attrptr, int case_ignore);
937 929
938 930 /* self/sasl/gssapi functions */
939 931 int __s_api_sasl_bind_callback(
940 932 LDAP *ld,
941 933 unsigned flags,
942 934 void *defaults,
943 935 void *in);
944 936
945 937 int __s_api_self_gssapi_only_get(void);
946 938
947 939 int __print2buf(LineBuf *line, const char *toprint, char *sep);
948 940
949 941 #ifdef __cplusplus
950 942 }
951 943 #endif
952 944
953 945 #endif /* _NS_INTERNAL_H */
|
↓ open down ↓ |
65 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX