4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
27 #ifndef _NS_INTERNAL_H
28 #define _NS_INTERNAL_H
35 #include <sys/types.h>
41 #include "ns_cache_door.h"
44 * INTERNALLY USED CONSTANTS
50 #define NSLDAPDIRECTORY "/var/ldap"
51 #define NSCONFIGFILE "/var/ldap/ldap_client_file"
52 #define NSCONFIGREFRESH "/var/ldap/ldap_client_file.refresh"
53 #define NSCREDFILE "/var/ldap/ldap_client_cred"
54 #define NSCREDREFRESH "/var/ldap/ldap_client_cred.refresh"
57 #define LDAPMAXHARDLOOKUPTIME 256
59 "Do not edit this file manually; your changes will be lost." \
60 "Please use ldapclient (8) instead."
61 #define MAXPORTNUMBER 65535
62 #define MAXPORTNUMBER_STR "65535"
65 #define UIDNUMFILTER "(&(objectclass=posixAccount)(uidnumber=%s))"
66 #define UIDNUMFILTER_SSD "(&(%%s)(uidnumber=%s))"
67 #define UIDFILTER "(&(objectclass=posixAccount)(uid=%s))"
68 #define UIDFILTER_SSD "(&(%%s)(uid=%s))"
69 #define HOSTFILTER "(&(objectclass=ipHost)(cn=%s))"
70 #define HOSTFILTER_SSD "(&(%%s)(cn=%s))"
72 #define SIMPLEPAGECTRLFLAG 1
75 #define LISTPAGESIZE 1000
76 #define ENUMPAGESIZE 100
79 #define TOKENSEPARATOR '='
90 #define DOORLINESEP "\07"
91 #define DOORLINESEP_CHR 0x7
99 #define LAST_VALUE (int)NS_LDAP_HOST_CERTPATH_P
100 #define BUFSIZE BUFSIZ
101 #define DEFAULTCONFIGNAME "__default_config"
102 #define EXP_DEFAULT_TTL "43200" /* 12 hours TTL */
103 #define CRYPTMARK "{NS1}"
104 #define DOORBUFFERSIZE 8192
106 #define LDIF_FMT_STR "%s: %s"
107 #define FILE_FMT_STR "%s= %s"
108 #define DOOR_FMT_STR "%s=%s"
110 #define SESSION_CACHE_INC 8
111 #define CONID_OFFSET 1024
112 #define NS_DEFAULT_BIND_TIMEOUT 30 /* timeout value in seconds */
113 #define NS_DEFAULT_SEARCH_TIMEOUT 30 /* timeout value in seconds */
115 /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
119 * special service used by ldap_cachemgr to indicate a shadow update
120 * is to be done with the credential of the administrator identity
122 #define NS_ADMIN_SHADOW_UPDATE "shadow__admin_update"
124 /* Phase 1 profile information */
125 #define _PROFILE1_OBJECTCLASS "SolarisNamingProfile"
126 #define _PROFILE_CONTAINER "profile"
127 #define _PROFILE_FILTER "(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
129 /* Phase 2 profile information */
130 #define _PROFILE2_OBJECTCLASS "DUAConfigProfile"
132 /* Common to all profiles */
135 /* Native LDAP Phase 1 Specific Profile Attributes */
136 #define _P1_SERVERS "SolarisLDAPServers"
137 #define _P1_SEARCHBASEDN "SolarisSearchBaseDN"
138 #define _P1_CACHETTL "SolarisCacheTTL"
139 #define _P1_BINDDN "SolarisBindDN"
140 #define _P1_BINDPASSWORD "SolarisBindPassword"
141 #define _P1_AUTHMETHOD "SolarisAuthMethod"
142 #define _P1_TRANSPORTSECURITY "SolarisTransportSecurity"
143 #define _P1_CERTIFICATEPATH "SolarisCertificatePath"
144 #define _P1_CERTIFICATEPASSWORD "SolarisCertificatePassword"
145 #define _P1_DATASEARCHDN "SolarisDataSearchDN"
146 #define _P1_SEARCHSCOPE "SolarisSearchScope"
147 #define _P1_SEARCHTIMELIMIT "SolarisSearchTimeLimit"
148 #define _P1_PREFERREDSERVER "SolarisPreferredServer"
149 #define _P1_PREFERREDSERVERONLY "SolarisPreferredServerOnly"
150 #define _P1_SEARCHREFERRAL "SolarisSearchReferral"
151 #define _P1_BINDTIMELIMIT "SolarisBindTimeLimit"
153 /* Native LDAP Phase 2 Specific Profile Attributes */
154 #define _P2_PREFERREDSERVER "preferredServerList"
155 #define _P2_DEFAULTSERVER "defaultServerList"
156 #define _P2_SEARCHBASEDN "defaultSearchBase"
157 #define _P2_SEARCHSCOPE "defaultSearchScope"
158 #define _P2_AUTHMETHOD "authenticationMethod"
159 #define _P2_CREDENTIALLEVEL "credentialLevel"
160 #define _P2_SERVICESEARCHDESC "serviceSearchDescriptor"
161 #define _P2_SEARCHTIMELIMIT "searchTimeLimit"
162 #define _P2_BINDTIMELIMIT "bindTimeLimit"
163 #define _P2_FOLLOWREFERRALS "followReferrals"
164 #define _P2_PROFILETTL "profileTTL"
165 #define _P2_ATTRIBUTEMAP "attributeMap"
166 #define _P2_OBJECTCLASSMAP "objectClassMap"
167 #define _P2_SERVICECREDLEVEL "serviceCredentialLevel"
168 #define _P2_SERVICEAUTHMETHOD "serviceAuthenticationMethod"
170 /* Control & SASL information from RootDSE door call */
171 #define _SASLMECHANISM "supportedSASLmechanisms"
172 #define _SASLMECHANISM_LEN 23
173 #define _SUPPORTEDCONTROL "supportedControl"
174 #define _SUPPORTEDCONTROL_LEN 16
176 #define NS_HASH_MAX 257
177 #define NS_HASH_SCHEMA_MAPPING_EXISTED "=MAPPING EXISTED="
178 #define NS_HASH_RC_SUCCESS 1
179 #define NS_HASH_RC_NO_MEMORY -1
180 #define NS_HASH_RC_CONFIG_ERROR -2
181 #define NS_HASH_RC_EXISTED -3
182 #define NS_HASH_RC_SYNTAX_ERROR -4
184 /* Password management related error message from iDS ldap server */
185 #define NS_PWDERR_MAXTRIES \
186 "Exceed password retry limit."
187 #define NS_PWDERR_EXPIRED \
189 #define NS_PWDERR_ACCT_INACTIVATED \
190 "Account inactivated. Contact system administrator."
191 #define NS_PWDERR_CHANGE_NOT_ALLOW \
192 "user is not allowed to change password"
193 #define NS_PWDERR_INVALID_SYNTAX \
194 "invalid password syntax"
195 #define NS_PWDERR_TRIVIAL_PASSWD \
196 "Password failed triviality check"
197 #define NS_PWDERR_IN_HISTORY \
198 "password in history"
199 #define NS_PWDERR_WITHIN_MIN_AGE \
200 "within password minimum age"
203 * INTERNALLY USED MACROS
206 void __s_api_debug_pause(int priority
, int st
, const char *mesg
);
208 #define NULL_OR_STR(str) (!(str) || *(str) == '\0' ? "<NULL>" : (str))
211 * MKERROR: builds the error structure and fills in the status and
212 * the message. The message must be a freeable (non-static) string.
213 * If it fails to allocate memory for the error structure,
214 * it will return the retErr.
216 #define MKERROR(priority, err, st, mesg, retErr) \
217 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
219 (err)->message = mesg; \
220 (err)->status = (st); \
221 __s_api_debug_pause(priority, st, (err)->message);
224 * MKERROR_PWD_MGMT is almost the same as MKERROR
225 * except that it takes two more inputs to fill in the
226 * password management information part of the
227 * ns_ldap_error structure pointed to by err,
228 * and it does not log a syslog message.
230 #define MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
231 if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
233 (err)->message = mesg; \
234 (err)->status = (st); \
235 (err)->pwd_mgmt.status = (pwd_status); \
236 (err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
239 #define NSLDAPTRACE(variable, setequal, message) \
240 if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
242 (void) snprintf(buf, BUFSIZ, message); \
243 (void) write(__ldap_debug_file, buf); \
248 * INTERNAL DATA STRUCTURES
252 * configuration entry type
262 * datatype of a config entry
267 CHARPTR
= 1, /* Single character pointer */
268 ARRAYCP
= 2, /* comma sep array of char pointers */
269 ARRAYAUTH
= 3, /* Array of auths */
270 TIMET
= 4, /* time relative value (TTL) */
271 INT
= 5, /* single integer */
272 SSDLIST
= 6, /* service search descriptor */
273 ATTRMAP
= 7, /* attribute mapping */
274 OBJMAP
= 8, /* objectclass mapping */
275 SERVLIST
= 9, /* serverlist (SP sep array) */
276 ARRAYCRED
= 10, /* Array of credentialLevels */
277 SAMLIST
= 11, /* serviceAuthenticationMethod */
278 SCLLIST
= 12 /* serviceCredentialLevel */
294 * This enum reduces the number of version string compares
295 * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
304 * enum<->string mapping construct
307 typedef struct ns_enum_map
{
312 #define ENUM2INT(x) ((int)(x))
314 #define INT2PARAMINDEXENUM(x) ((ParamIndexType)(x))
315 #define INT2SEARCHREFENUM(x) ((SearchRef_t)(x))
316 #define INT2SCOPEENUM(x) ((ScopeType_t)(x))
317 #define INT2AUTHENUM(x) ((AuthType_t)(x))
318 #define INT2SECENUM(x) ((TlsType_t)(x))
319 #define INT2PREFONLYENUM(x) ((PrefOnly_t)(x))
320 #define INT2CREDLEVELENUM(x) ((CredLevel_t)(x))
321 #define INT2SHADOWUPDATENUM(x) ((enableShadowUpdate_t)(x))
323 #define INT2LDAPRETURN(x) ((ns_ldap_return_code)(x))
324 #define INT2CONFIGRETURN(x) ((ns_ldap_config_return_code)(x))
325 #define INT2PARTIALRETURN(x) ((ns_ldap_partial_return_code)(x))
328 * This structure maps service name to rdn components
329 * for use in __ns_getDNs. It also defines the SSD-to-use
330 * service for use in __s_api_get_SSDtoUse_service.
331 * The idea of an SSD-to-use service is to reduce the configuration
332 * complexity. For a service, which does not have its own entries in
333 * the LDAP directory, SSD for it is useless, and should not be set.
334 * But since this service must share the container with at least
335 * one other service which does have it own entries, the SSD for
336 * this other service will be shared by this service.
337 * This other service is called the SSD-to-use service.
341 typedef struct ns_service_map
{
344 char *SSDtoUse_service
;
348 * This structure contains a single mapping from:
349 * service:orig -> list of mapped
357 typedef struct ns_mapping
{
365 * The following is the list of internal libsldap configuration data
366 * structures. The configuration is populated normally once per
367 * application. The assumption is that in applications can be
368 * relatively short lived (IE ls via nsswitch) so it is important to
369 * keep configuration to a minimum, but keep lookups fast.
372 * 1 configuration entry per domain, and almost always 1 domain
373 * per app. Hooks exist for multiple domains per app.
375 * Configurations are read in from client file cache or from LDAP.
376 * Attribute/objectclass mappings are hashed to improve lookup
383 typedef enum _ns_hashtype_t
{
384 NS_HASH_AMAP
= 1, /* attr map */
385 NS_HASH_RAMAP
= 2, /* reverse attr map */
386 NS_HASH_OMAP
= 3, /* oc map */
387 NS_HASH_ROMAP
= 4, /* reverse oc map */
391 typedef struct ns_hash
{
392 ns_hashtype_t h_type
;
394 struct ns_hash
*h_next
;
395 struct ns_hash
*h_llnext
;
399 * This structure defines the format of an internal configuration
400 * parameter for ns_ldap client.
403 typedef struct ns_param
{
404 ns_datatype_t ns_ptype
;
415 #define ns_ppc ns_pu.ppc
416 #define ns_pi ns_pu.pi
417 #define ns_pc ns_pu.pc
419 #define ns_tm ns_pu.tm
422 * This structure defines an instance of a configuration structure.
423 * paramList contains the current ns_ldap parameter configuration
424 * and hashTbl contain the current attribute/objectclass mappings.
425 * Parameters are indexed by using the value assigned to the parameter
429 typedef struct ns_config
{
431 ns_version_t version
;
432 ns_param_t paramList
[NS_LDAP_MAX_PIT_P
];
433 ns_hash_t
*hashTbl
[NS_HASH_MAX
];
435 ns_ldap_entry_t
*RootDSE
;
437 mutex_t config_mutex
;
439 ldap_get_chg_cookie_t config_cookie
;
443 * This structure defines the mapping of the NSCONFIGFILE file
444 * statements into their corresponding SolarisNamingProfile,
445 * Posix Mapping LDAP attributes, and to their corresponding
446 * ParamIndexType enum mapping. THe ParamIndexType enum
447 * definitions can be found in ns_ldap.h. This structure also
448 * defines the default values that are used when a value either
449 * does not exist or is undefined.
452 typedef struct ns_default_config
{
453 const char *name
; /* config file parameter name */
454 ParamIndexType index
; /* config file enum index */
455 ns_conftype_t config_type
; /* CLIENT/SERVER/CREDCONFIG */
456 ns_datatype_t data_type
; /* ppc,pi,pc,int etc... */
457 int single_valued
; /* TRUE OR FALSE */
458 ns_version_t version
; /* Version # for attribute */
459 const char *profile_name
; /* profile schema attribute name */
460 ns_param_t defval
; /* config file parameter default */
461 int (*ns_verify
)(ParamIndexType i
,
462 struct ns_default_config
*def
,
465 ns_enum_map
*allowed
; /* allowed values */
470 * This typedef enumerates all the supported authentication
471 * mechanisms currently supported in this library
474 typedef enum EnumAuthType
{
476 NS_LDAP_EA_SIMPLE
= 1,
477 NS_LDAP_EA_SASL_NONE
= 2,
478 NS_LDAP_EA_SASL_CRAM_MD5
= 3,
479 NS_LDAP_EA_SASL_DIGEST_MD5
= 4,
480 NS_LDAP_EA_SASL_DIGEST_MD5_INT
= 5,
481 NS_LDAP_EA_SASL_DIGEST_MD5_CONF
= 6,
482 NS_LDAP_EA_SASL_EXTERNAL
= 7,
483 NS_LDAP_EA_SASL_GSSAPI
= 8,
484 NS_LDAP_EA_SASL_SPNEGO
= 9, /* unsupported */
485 NS_LDAP_EA_TLS_NONE
= 10,
486 NS_LDAP_EA_TLS_SIMPLE
= 11,
487 NS_LDAP_EA_TLS_SASL_NONE
= 12,
488 NS_LDAP_EA_TLS_SASL_CRAM_MD5
= 13,
489 NS_LDAP_EA_TLS_SASL_DIGEST_MD5
= 14,
490 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT
= 15,
491 NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF
= 16,
492 NS_LDAP_EA_TLS_SASL_EXTERNAL
= 17,
493 NS_LDAP_EA_TLS_SASL_GSSAPI
= 18, /* unsupported */
494 NS_LDAP_EA_TLS_SASL_SPNEGO
= 19 /* unsupported */
499 * this enum lists the various states of the search state machine
505 NEXT_SEARCH_DESCRIPTOR
= 3,
517 END_PROCESS_RESULT
= 15,
520 GET_REFERRAL_SESSION
= 18,
523 GET_ACCT_MGMT_INFO
= 21,
529 * this enum lists the various states of the write state machine
535 SELECT_OPERATION_SYNC
= 4,
536 SELECT_OPERATION_ASYNC
= 5,
541 DO_DELETE_ASYNC
= 10,
542 DO_MODIFY_ASYNC
= 11,
543 GET_RESULT_SYNC
= 12,
544 GET_RESULT_ASYNC
= 13,
546 GET_REFERRAL_CONNECTION
= 15,
552 typedef int ConnectionID
;
555 * Server side sort type. Orginally the server side sort
556 * was set to "cn uid". This did not work with AD and
557 * hence single sort attribute was odopted. We dont
558 * know which server side sort will work with the
559 * Directory and hence we discover which method works.
568 * This structure is used by ns_connect to create and manage
569 * one or more ldap connections within the library.
571 typedef struct connection
{
572 ConnectionID connectionId
;
573 boolean_t usedBit
; /* true if only used by */
574 /* one thread and not shared */
575 /* by other threads */
576 pid_t pid
; /* process id */
580 thread_t threadID
; /* thread ID using it */
581 struct ns_ldap_cookie
*cookieInfo
;
582 char **controls
; /* from server_info */
583 char **saslMechanisms
; /* from server_info */
589 * This structure is for referrals processing.
590 * The data are from referral URLs returned by
593 typedef struct ns_referral_info
{
594 struct ns_referral_info
*next
;
599 } ns_referral_info_t
;
601 struct ns_ldap_cookie
;
604 * Batch used by __ns_ldap_list_batch_xxx API
606 struct ns_ldap_list_batch
{
608 struct ns_ldap_cookie
*next_cookie
;
609 struct ns_ldap_cookie
*cookie_list
;
613 typedef struct ns_conn_user ns_conn_user_t
;
616 * This structure used internally in searches
619 typedef struct ns_ldap_cookie
{
621 /* server list position */
623 /* service search descriptor list & position */
624 ns_ldap_search_desc_t
**sdlist
;
625 ns_ldap_search_desc_t
**sdpos
;
627 /* search filter callback */
629 int (*init_filter_cb
)(const ns_ldap_search_desc_t
*desc
,
630 char **realfilter
, const void *userdata
);
634 int (*callback
)(const ns_ldap_entry_t
*entry
,
635 const void *userdata
);
636 const void *userdata
;
642 const char * const *i_attr
;
643 const char *i_sortattr
;
644 const ns_cred_t
*i_auth
;
648 ns_ldap_result_t
*result
;
649 ns_ldap_entry_t
*nextEntry
;
652 ns_ldap_error_t
*errorp
;
656 ns_state_t new_state
;
657 ns_state_t next_state
;
660 #define conn_auth_type conn->auth->auth.type
661 ConnectionID connectionId
;
663 /* paging VLV/SIMPLEPAGE data */
666 LDAPControl
**p_serverctrls
;
667 ns_srvsidesort_t sortTypeTry
;
675 /* RESULT PROCESSING */
677 LDAPMessage
*resultMsg
;
682 struct berval
*ctrlCookie
;
684 /* REFERRALS PROCESSING */
685 /* referralinfo list & position */
686 ns_referral_info_t
*reflist
;
687 ns_referral_info_t
*refpos
;
688 /* search timeout value */
689 struct timeval search_timeout
;
690 /* response control to hold account management information */
691 LDAPControl
**resultctrl
;
692 /* Flag to indicate password less account management is required */
693 int nopasswd_acct_mgmt
;
695 ns_conn_user_t
*conn_user
;
697 /* BATCH PROCESSING */
698 ns_ldap_list_batch_t
*batch
;
700 boolean_t reinit_on_retriable_err
;
702 ns_ldap_result_t
**caller_result
;
703 ns_ldap_error_t
**caller_errorp
;
705 struct ns_ldap_cookie
*next_cookie_in_batch
;
709 * This structure is part of the return value information for
710 * __s_api_requestServer. The routine that requests a new server
711 * from the cache manager
713 typedef struct ns_server_info
{
717 char **saslMechanisms
;
721 * sasl callback function parameters
723 typedef struct ns_sasl_cb_param
{
729 } ns_sasl_cb_param_t
;
731 /* Multiple threads per connection variable */
732 extern int MTperConn
;
735 * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
739 extern int __ldap_debug_file
;
740 extern int __ldap_debug_api
;
741 extern int __ldap_debug_ldap
;
742 extern int __ldap_debug_servers
;
745 /* internal connection APIs */
746 void DropConnection(ConnectionID
, int);
747 int __s_api_getServers(char *** servers
, ns_ldap_error_t
** error
);
749 int __s_get_enum_value(ns_config_t
*ptr
, char *value
, ParamIndexType i
);
750 char *__s_get_auth_name(ns_config_t
*ptr
, AuthType_t type
);
751 char *__s_get_security_name(ns_config_t
*ptr
, TlsType_t type
);
752 char *__s_get_scope_name(ns_config_t
*ptr
, ScopeType_t type
);
753 char *__s_get_pref_name(PrefOnly_t type
);
754 char *__s_get_searchref_name(ns_config_t
*ptr
, SearchRef_t type
);
755 char *__s_get_shadowupdate_name(enableShadowUpdate_t type
);
756 char *__s_get_hostcertpath(void);
757 void __s_api_free_sessionPool();
758 int __s_api_requestServer(const char *request
, const char *server
,
759 ns_server_info_t
*ret
, ns_ldap_error_t
**error
, const char *addrType
);
762 /* ************ internal sldap-api functions *********** */
763 void __ns_ldap_freeEntry(ns_ldap_entry_t
*ep
);
764 void __s_api_split_key_value(char *buffer
, char **name
, char **value
);
765 int __s_api_printResult(ns_ldap_result_t
*);
766 int __s_api_getSearchScope(int *, ns_ldap_error_t
**);
767 int __s_api_getDNs(char ***, const char *,
769 int __s_api_get_search_DNs_v1(char ***, const char *,
771 int __s_api_getConnection(const char *, const int,
772 const ns_cred_t
*, int *,
773 Connection
**, ns_ldap_error_t
**, int, int, ns_conn_user_t
*);
774 char **__s_api_cp2dArray(char **);
775 void __s_api_free2dArray(char **);
777 int __s_api_isCtrlSupported(Connection
*, char *);
778 ns_config_t
*__ns_ldap_make_config(ns_ldap_result_t
*result
);
779 ns_auth_t
*__s_api_AuthEnumtoStruct(const EnumAuthType_t i
);
780 boolean_t
__s_api_peruser_proc(void);
781 boolean_t
__s_api_nscd_proc(void);
782 char *dvalue(char *);
783 char *evalue(char *);
784 ns_ldap_error_t
*__s_api_make_error(int, char *);
785 ns_ldap_error_t
*__s_api_copy_error(ns_ldap_error_t
*);
787 /* ************ specific 'Standalone' functions ********** */
788 ns_ldap_return_code
__s_api_ip2hostname(char *ipaddr
, char **hostname
);
789 struct hostent
*__s_api_hostname2ip(const char *name
,
790 struct hostent
*result
,
794 void __s_api_setInitMode();
795 void __s_api_unsetInitMode();
796 int __s_api_isStandalone(void);
797 int __s_api_isInitializing();
798 ns_ldap_return_code
__s_api_findRootDSE(const char *request
,
800 const char *addrType
,
801 ns_server_info_t
*ret
,
802 ns_ldap_error_t
**error
);
803 ns_config_t
*__s_api_create_config_door_str(char *config
,
804 ns_ldap_error_t
**errorp
);
806 extern void get_environment();
808 /* internal Param APIs */
809 int __ns_ldap_setParamValue(ns_config_t
*ptr
,
810 const ParamIndexType type
,
811 const void *data
, ns_ldap_error_t
**error
);
812 int __s_api_get_type(const char *value
, ParamIndexType
*type
);
813 int __s_api_get_versiontype(ns_config_t
*ptr
, char *value
,
814 ParamIndexType
*type
);
815 int __s_api_get_profiletype(char *value
, ParamIndexType
*type
);
816 void __s_api_init_config(ns_config_t
*ptr
);
817 void __s_api_init_config_global(ns_config_t
*ptr
);
818 ns_parse_status
__s_api_crosscheck(ns_config_t
*domainptr
, char *errstr
,
820 ns_config_t
*__s_api_create_config(void);
821 ns_config_t
*__s_api_get_default_config(void);
822 ns_config_t
*__s_api_get_default_config_global(void);
823 ns_config_t
*__s_api_loadrefresh_config();
824 ns_config_t
*__s_api_loadrefresh_config_global();
825 void __s_api_destroy_config(ns_config_t
*ptr
);
826 int __s_api_get_configtype(ParamIndexType type
);
827 const char *__s_api_get_configname(ParamIndexType type
);
828 char *__s_api_strValue(ns_config_t
*ptr
, ParamIndexType i
,
830 void __s_api_release_config(ns_config_t
*cfg
);
832 /* internal attribute/objectclass mapping api's */
833 int __s_api_add_map2hash(ns_config_t
*config
,
834 ns_hashtype_t type
, ns_mapping_t
*map
);
835 void __s_api_destroy_hash(ns_config_t
*config
);
836 int __s_api_parse_map(char *cp
, char **sid
,
837 char **origA
, char ***mapA
);
838 char **__ns_ldap_mapAttributeList(const char *service
,
839 const char * const *origAttrList
);
840 char *__ns_ldap_mapAttribute(const char *service
,
841 const char *origAttr
);
843 /* internal configuration APIs */
844 void __ns_ldap_setServer(int set
);
845 ns_ldap_error_t
*__ns_ldap_LoadConfiguration();
846 ns_ldap_error_t
*__ns_ldap_LoadDoorInfo(LineBuf
*configinfo
, char *domainname
,
847 ns_config_t
*new, int cred_only
);
848 ns_ldap_error_t
*__ns_ldap_DumpConfiguration(char *filename
);
849 ns_ldap_error_t
*__ns_ldap_DumpLdif(char *filename
);
850 int __ns_ldap_cache_ping();
851 ns_ldap_error_t
*__ns_ldap_print_config(int);
852 void __ns_ldap_default_config();
853 int __ns_ldap_download(const char *, char *, char *,
856 __ns_ldap_check_dns_preq(int foreground
,
860 ns_ldap_self_gssapi_config_t config
,
861 ns_ldap_error_t
**errpp
);
863 __ns_ldap_check_gssapi_preq(int foreground
,
866 ns_ldap_self_gssapi_config_t config
,
867 ns_ldap_error_t
**errpp
);
869 __ns_ldap_check_all_preq(int foreground
,
872 ns_ldap_self_gssapi_config_t config
,
873 ns_ldap_error_t
**errpp
);
875 /* internal un-exposed APIs */
876 ns_cred_t
*__ns_ldap_dupAuth(const ns_cred_t
*authp
);
877 boolean_t
__s_api_is_auth_matched(const ns_cred_t
*auth1
,
878 const ns_cred_t
*auth2
);
879 int __s_api_get_SSD_from_SSDtoUse_service(const char *service
,
880 ns_ldap_search_desc_t
***SSDlist
,
881 ns_ldap_error_t
**errorp
);
882 int __s_api_prepend_automountmapname(const char *service
,
883 ns_ldap_search_desc_t
***SSDlist
,
884 ns_ldap_error_t
** errorp
);
885 int __s_api_prepend_automountmapname_to_dn(const char *service
,
887 ns_ldap_error_t
** errorp
);
888 int __s_api_convert_automountmapname(const char *service
,
889 char **dn
, ns_ldap_error_t
** errorp
);
890 int __s_api_replace_mapped_attr_in_dn(
891 const char *orig_attr
, const char *mapped_attr
,
892 const char *dn
, char **new_dn
);
893 int __s_api_append_default_basedn(
897 ns_ldap_error_t
** errorp
);
898 int __s_api_removeServer(const char *server
);
899 void __s_api_removeBadServers(char **server
);
900 void __s_api_free_server_info(ns_server_info_t
*sinfo
);
901 void __s_api_freeConnection(Connection
*con
);
903 /* internal referrals APIs */
904 int __s_api_toFollowReferrals(const int flags
,
906 ns_ldap_error_t
**errorp
);
907 int __s_api_addRefInfo(ns_referral_info_t
**head
,
908 char *url
, char *baseDN
, int *scope
,
909 char *filter
, LDAP
*ld
);
910 void __s_api_deleteRefInfo(ns_referral_info_t
*head
);
912 /* callback routine for SSD filters */
913 int __s_api_merge_SSD_filter(const ns_ldap_search_desc_t
*desc
,
915 const void *userdata
);
917 /* network address verification api */
918 int __s_api_isipv4(char *addr
);
919 int __s_api_isipv6(char *addr
);
920 int __s_api_ishost(char *addr
);
922 /* password management routine */
923 ns_ldap_passwd_status_t
924 __s_api_set_passwd_status(int errnum
, char *errmsg
);
925 int __s_api_contain_passwd_control_oid(char **oids
);
927 /* password less account management routine */
928 int __s_api_contain_account_usable_control_oid(char **oids
);
930 /* RFC 2307 section 5.6. Get a canonical name from entry */
931 char *__s_api_get_canonical_name(ns_ldap_entry_t
*entry
,
932 ns_ldap_attr_t
*attrptr
, int case_ignore
);
934 /* self/sasl/gssapi functions */
935 int __s_api_sasl_bind_callback(
941 int __s_api_self_gssapi_only_get(void);
943 int __print2buf(LineBuf
*line
, const char *toprint
, char *sep
);
949 #endif /* _NS_INTERNAL_H */