"Fossies" - the Fresh Open Source Software Archive

Member "nss_ldap-265/ldap-nss.h" (6 Nov 2009, 24375 Bytes) of package /linux/privat/old/nss_ldap-265.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 /* Copyright (C) 1997-2005 Luke Howard.
    2    This file is part of the nss_ldap library.
    3    Contributed by Luke Howard, <lukeh@padl.com>, 1997.
    4 
    5    The nss_ldap library is free software; you can redistribute it and/or
    6    modify it under the terms of the GNU Library General Public License as
    7    published by the Free Software Foundation; either version 2 of the
    8    License, or (at your option) any later version.
    9 
   10    The nss_ldap library is distributed in the hope that it will be useful,
   11    but WITHOUT ANY WARRANTY; without even the implied warranty of
   12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   13    Library General Public License for more details.
   14 
   15    You should have received a copy of the GNU Library General Public
   16    License along with the nss_ldap library; see the file COPYING.LIB.  If not,
   17    write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   18    Boston, MA 02111-1307, USA.
   19 
   20    $Id: ldap-nss.h,v 2.141 2009/11/06 10:15:26 lukeh Exp $
   21  */
   22 
   23 #ifndef _LDAP_NSS_LDAP_LDAP_NSS_H
   24 #define _LDAP_NSS_LDAP_LDAP_NSS_H
   25 
   26 #ifdef HAVE_MALLOC_H
   27 #include <malloc.h>
   28 #endif
   29 
   30 /* for glibc, use weak aliases to pthreads functions */
   31 #ifdef HAVE_LIBC_LOCK_H
   32 #include <libc-lock.h>
   33 #elif defined(HAVE_BITS_LIBC_LOCK_H)
   34 #include <bits/libc-lock.h>
   35 #endif
   36 
   37 #include <errno.h>
   38 #include <time.h>
   39 #include <sys/socket.h>
   40 #include <netinet/in.h>
   41 #ifdef HAVE_SHADOW_H
   42 #include <shadow.h>
   43 #endif
   44 
   45 #ifndef __P
   46 # if defined(__STDC__) || defined(__GNUC__)
   47 #  define __P(x) x
   48 # else
   49 #  define __P(x) ()
   50 # endif
   51 #endif
   52 
   53 #include <netdb.h>
   54 #include <netinet/in.h>
   55 #include <syslog.h>
   56 
   57 #ifdef HAVE_NSSWITCH_H
   58 #include <nss_common.h>
   59 #include <nss_dbdefs.h>
   60 #include <nsswitch.h>
   61 #elif defined(HAVE_NSS_H)
   62 #include <nss.h>
   63 #elif defined(HAVE_IRS_H)
   64 #include "irs-nss.h"
   65 #endif
   66 
   67 #include "ldap-schema.h"
   68 
   69 #ifndef NSS_BUFSIZ
   70 #define NSS_BUFSIZ        1024
   71 #endif
   72 
   73 #ifndef NSS_BUFLEN_GROUP
   74 #define NSS_BUFLEN_GROUP    LDAP_NSS_BUFLEN_GROUP
   75 #endif
   76 
   77 #ifndef NSS_BUFLEN_PASSWD
   78 #define NSS_BUFLEN_PASSWD       NSS_BUFSIZ
   79 #endif
   80 
   81 #ifndef HAVE_NSSWITCH_H
   82 #define NSS_BUFLEN_HOSTS    (NSS_BUFSIZ + (MAXALIASES + MAXALIASES + 2) * sizeof (char *))
   83 #define NSS_BUFLEN_NETGROUP     (MAXHOSTNAMELEN * 2 + LOGNAME_MAX + 3)
   84 #define NSS_BUFLEN_NETWORKS     NSS_BUFSIZ
   85 #define NSS_BUFLEN_PROTOCOLS    NSS_BUFSIZ
   86 #define NSS_BUFLEN_RPC    NSS_BUFSIZ
   87 #define NSS_BUFLEN_SERVICES     NSS_BUFSIZ
   88 #define NSS_BUFLEN_SHADOW       NSS_BUFSIZ
   89 #define NSS_BUFLEN_ETHERS       NSS_BUFSIZ
   90 #define NSS_BUFLEN_BOOTPARAMS   NSS_BUFSIZ
   91 #endif /* HAVE_NSSWITCH_H */
   92 
   93 /*
   94  * Timeouts for reconnecting code. Similar to rebind
   95  * logic in Darwin NetInfo. Some may find sleeping
   96  * unacceptable, in which case you may wish to adjust
   97  * the constants below.
   98  */
   99 #define LDAP_NSS_TRIES     5    /* number of sleeping reconnect attempts */
  100 #define LDAP_NSS_SLEEPTIME       4  /* seconds to sleep; doubled until max */
  101 #define LDAP_NSS_MAXSLEEPTIME    64 /* maximum seconds to sleep */
  102 #define LDAP_NSS_MAXCONNTRIES    2  /* reconnect attempts before sleeping */
  103 
  104 #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H)
  105 #define LDAP_NSS_MAXNETGR_DEPTH  16 /* maximum depth of netgroup nesting for innetgr() */
  106 #endif /* HAVE_NSSWITCH_H */
  107 
  108 #define LDAP_NSS_MAXGR_DEPTH     16     /* maximum depth of group nesting for getgrent()/initgroups() */
  109 
  110 #if LDAP_NSS_NGROUPS > 64
  111 #define LDAP_NSS_BUFLEN_GROUP   (NSS_BUFSIZ + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX))) 
  112 #else
  113 #define LDAP_NSS_BUFLEN_GROUP   NSS_BUFSIZ
  114 #endif /* LDAP_NSS_NGROUPS > 64 */
  115 
  116 #define LDAP_NSS_BUFLEN_DEFAULT 0
  117 
  118 #ifdef HAVE_USERSEC_H
  119 #define LDAP_NSS_MAXUESS_ATTRS  8   /* maximum number of attributes in a getentry call */
  120 #endif /* HAVE_USERSEC_H */
  121 
  122 #define LDAP_PAGESIZE 1000
  123 
  124 #ifndef LDAP_FILT_MAXSIZ
  125 #define LDAP_FILT_MAXSIZ 1024
  126 #endif /* !LDAP_FILT_MAXSIZ */
  127 
  128 #ifndef LDAPS_PORT
  129 #define LDAPS_PORT 636
  130 #endif /* !LDAPS_PORT */
  131 
  132 #ifndef LOGNAME_MAX
  133 #define LOGNAME_MAX 8
  134 #endif /* LOGNAME_MAX */
  135 
  136 #ifndef MAP_KEY_MAXSIZ
  137 #define MAP_KEY_MAXSIZ 64
  138 #endif
  139 
  140 #ifdef DEBUG
  141 #ifdef DEBUG_SYSLOG
  142 #ifdef HAVE_NSSWITCH_H
  143 #define debug(fmt, args...) syslog(LOG_DEBUG, "nss_ldap: %s:%d thread %u - " fmt, __FILE__, __LINE__, thr_self() , ## args)
  144 #else
  145 #define debug(fmt, args...) syslog(LOG_DEBUG, "nss_ldap: %s:%d thread %u - " fmt, __FILE__, __LINE__, pthread_self() , ## args)
  146 #endif /* HAVE_NSSWITCH_H */
  147 #else
  148 #ifndef __GNUC__
  149 #include <stdarg.h>
  150 #include <stdio.h>
  151 static void
  152 debug (char *fmt, ...)
  153 {
  154   va_list ap;
  155 
  156   va_start (ap, fmt);
  157   fprintf (stderr, "nss_ldap: ");
  158   vfprintf (stderr, fmt, ap);
  159   va_end (ap);
  160   fprintf (stderr, "\n");
  161 }
  162 #else
  163 #define debug(fmt, args...) fprintf(stderr, "nss_ldap: " fmt "\n" , ## args)
  164 #endif /* __GNUC__ */
  165 #endif /* DEBUG_SYSLOG */
  166 #else
  167 #ifndef __GNUC__
  168 static void
  169 debug (char *fmt, ...)
  170 {
  171 }
  172 #else
  173 #define debug(fmt, args...)
  174 #endif /* __GNUC__ */
  175 #endif /* DEBUG */
  176 
  177 #ifdef __GNUC__
  178 #define alignof(ptr) __alignof__(ptr)
  179 #define INLINE inline
  180 #elif defined(HAVE_ALIGNOF_H)
  181 #include <alignof.h>
  182 #define INLINE
  183 #else
  184 #define alignof(ptr) (sizeof(char *))
  185 #define INLINE
  186 #endif /* __GNUC__ */
  187 
  188 #define align(ptr, blen, TYPE)        do { \
  189                     char *qtr = ptr; \
  190                     ptr += alignof(TYPE) - 1; \
  191                     ptr -= ((ptr - (char *)NULL) % alignof(TYPE)); \
  192                     blen -= (ptr - qtr); \
  193                 } while (0)
  194 
  195 /* worst case */
  196 #define bytesleft(ptr, blen, TYPE)    ( (blen < alignof(TYPE)) ? \
  197                         0 : (blen - alignof(TYPE) + 1))
  198 
  199 /* selectors for different maps */
  200 enum ldap_map_selector
  201 {
  202   LM_PASSWD,
  203   LM_SHADOW,
  204   LM_GROUP,
  205   LM_HOSTS,
  206   LM_SERVICES,
  207   LM_NETWORKS,
  208   LM_PROTOCOLS,
  209   LM_RPC,
  210   LM_ETHERS,
  211   LM_NETMASKS,
  212   LM_BOOTPARAMS,
  213   LM_ALIASES,
  214   LM_NETGROUP,
  215   LM_AUTOMOUNT,
  216   LM_NONE
  217 };
  218 
  219 typedef enum ldap_map_selector ldap_map_selector_t;
  220 
  221 enum ldap_userpassword_selector
  222 {
  223   LU_RFC2307_USERPASSWORD,
  224   LU_RFC3112_AUTHPASSWORD,
  225   LU_OTHER_PASSWORD
  226 };
  227 
  228 typedef enum ldap_userpassword_selector ldap_userpassword_selector_t;
  229 
  230 enum ldap_shadow_selector
  231 {
  232   LS_RFC2307_SHADOW,
  233   LS_AD_SHADOW,
  234   LS_OTHER_SHADOW
  235 };
  236 
  237 typedef enum ldap_shadow_selector ldap_shadow_selector_t;
  238 
  239 #ifndef UF_DONT_EXPIRE_PASSWD
  240 #define UF_DONT_EXPIRE_PASSWD 0x10000
  241 #endif
  242 
  243 enum ldap_ssl_options
  244 {
  245   SSL_OFF,
  246   SSL_LDAPS,
  247   SSL_START_TLS
  248 };
  249 
  250 typedef enum ldap_ssl_options ldap_ssl_options_t;
  251 
  252 enum ldap_reconnect_policy
  253 {
  254   LP_RECONNECT_HARD_INIT,
  255   LP_RECONNECT_HARD_OPEN,
  256   LP_RECONNECT_SOFT
  257 };
  258 
  259 typedef enum ldap_reconnect_policy ldap_reconnect_policy_t;
  260 
  261 /*
  262  * POSIX profile information (not used yet)
  263  * see draft-joslin-config-schema-00.txt
  264  */
  265 struct ldap_service_search_descriptor
  266 {
  267   /* search base, qualified */
  268   char *lsd_base;
  269   /* scope */
  270   int lsd_scope;
  271   /* filter */
  272   char *lsd_filter;
  273   /* next */
  274   struct ldap_service_search_descriptor *lsd_next;
  275 };
  276 
  277 typedef struct ldap_service_search_descriptor
  278   ldap_service_search_descriptor_t;
  279 
  280 /* maximum number of URIs */
  281 #define NSS_LDAP_CONFIG_URI_MAX     31
  282 
  283 /*
  284  * linked list of configurations pointing to LDAP servers. The first
  285  * which has a successful ldap_open() is used. Conceivably the rest
  286  * could be used after a failed or exhausted search.
  287  */
  288 struct ldap_config
  289 {
  290   /* NULL terminated list of URIs */
  291   char *ldc_uris[NSS_LDAP_CONFIG_URI_MAX + 1];
  292   /* default port, if not specified in URI */
  293   int ldc_port;
  294   /* base DN, eg. dc=gnu,dc=org */
  295   char *ldc_base;
  296   /* scope for searches */
  297   int ldc_scope;
  298   /* dereference aliases/links */
  299   int ldc_deref;
  300   /* bind DN */
  301   char *ldc_binddn;
  302   /* bind cred */
  303   char *ldc_bindpw;
  304   /* sasl auth id */
  305   char *ldc_saslid;
  306   /* do we use sasl when binding? */
  307   int ldc_usesasl;
  308   /* shadow bind DN */
  309   char *ldc_rootbinddn;
  310   /* shadow bind cred */
  311   char *ldc_rootbindpw;
  312   /* shadow sasl auth id */
  313   char *ldc_rootsaslid;
  314   /* do we use sasl for root? */
  315   int ldc_rootusesasl;
  316   /* protocol version */
  317   int ldc_version;
  318   /* search timelimit */
  319   int ldc_timelimit;
  320   /* bind timelimit */
  321   int ldc_bind_timelimit;
  322   /* SSL enabled */
  323   ldap_ssl_options_t ldc_ssl_on;
  324   /* SSL certificate path */
  325   char *ldc_sslpath;
  326   /* Chase referrals */
  327   int ldc_referrals;
  328   int ldc_restart;
  329   /* naming contexts */
  330   ldap_service_search_descriptor_t *ldc_sds[LM_NONE];
  331   /* tls check peer */
  332   int ldc_tls_checkpeer;
  333   /* tls ca certificate file */
  334   char *ldc_tls_cacertfile;
  335   /* tls ca certificate dir */
  336   char *ldc_tls_cacertdir;
  337   /* tls ciphersuite */
  338   char *ldc_tls_ciphers;
  339   /* tls certificate */
  340   char *ldc_tls_cert;
  341   /* tls key */
  342   char *ldc_tls_key;
  343   /* tls randfile */
  344   char *ldc_tls_randfile;
  345   /* idle timeout */
  346   time_t ldc_idle_timelimit;
  347   /* reconnect policy */
  348   ldap_reconnect_policy_t ldc_reconnect_pol;
  349   int ldc_reconnect_tries;
  350   int ldc_reconnect_sleeptime;
  351   int ldc_reconnect_maxsleeptime;
  352   int ldc_reconnect_maxconntries;
  353 
  354   /* sasl security */
  355   char *ldc_sasl_secprops;
  356   /* DNS SRV RR domain */
  357   char *ldc_srv_domain;
  358   /* directory for debug files */
  359   char *ldc_logdir;
  360   /* LDAP debug level */
  361   int ldc_debug;
  362   int ldc_pagesize;
  363 #ifdef CONFIGURE_KRB5_CCNAME
  364   /* krb5 ccache name */
  365   char *ldc_krb5_ccname;
  366   char *ldc_krb5_rootccname;
  367   int ldc_krb5_autorenew;
  368   int ldc_krb5_rootautorenew;
  369 #endif /* CONFIGURE_KRB5_CCNAME */
  370 #ifdef CONFIGURE_KRB5_KEYTAB
  371   /* krb5 keytab name */
  372   char *ldc_krb5_keytabname;
  373   char *ldc_krb5_rootkeytabname;
  374   int ldc_krb5_usekeytab;
  375   int ldc_krb5_rootusekeytab;
  376 #endif /* CONFIGURE_KRB5_KEYTAB */
  377   /*
  378    * attribute/objectclass maps relative to this config
  379    */
  380   void *ldc_maps[LM_NONE + 1][6]; /* must match MAP_MAX */
  381 
  382   /*
  383    * is userPassword "userPassword" or not? 
  384    * ie. do we need {crypt} to be stripped
  385    */
  386   ldap_userpassword_selector_t ldc_password_type;
  387   /*
  388    * Use active directory time offsets?
  389    */
  390   ldap_shadow_selector_t ldc_shadow_type;
  391 
  392   /* 
  393    * attribute table for ldap search requensts
  394    */
  395   const char **ldc_attrtab[LM_NONE + 1];
  396 
  397   unsigned int ldc_flags;
  398 
  399   /* last modification time */
  400   time_t ldc_mtime;
  401 
  402   char **ldc_initgroups_ignoreusers;
  403 };
  404 
  405 typedef struct ldap_config ldap_config_t;
  406 
  407 #ifdef HAVE_SOCKLEN_T
  408 typedef socklen_t NSS_LDAP_SOCKLEN_T;
  409 #else
  410 typedef int NSS_LDAP_SOCKLEN_T;
  411 #endif /* HAVE_SOCKLEN_T */
  412 
  413 #if defined(__GLIBC__) && __GLIBC_MINOR__ > 1
  414 typedef struct sockaddr_storage NSS_LDAP_SOCKADDR_STORAGE;
  415 #else
  416 typedef struct sockaddr NSS_LDAP_SOCKADDR_STORAGE;
  417 #define ss_family sa_family
  418 #endif /* __GLIBC__ */
  419 
  420 enum ldap_session_state
  421 {
  422   LS_UNINITIALIZED = -1,
  423   LS_INITIALIZED,
  424   LS_CONNECTED_TO_DSA
  425 };
  426 
  427 typedef enum ldap_session_state ldap_session_state_t;
  428 
  429 /*
  430  * convenient wrapper around pointer into global config list, and a
  431  * connection to an LDAP server.
  432  */
  433 struct ldap_session
  434 {
  435   /* the connection */
  436   LDAP *ls_conn;
  437   /* pointer into config table */
  438   ldap_config_t *ls_config;
  439   /* timestamp of last activity */
  440   time_t ls_timestamp;
  441   /* has session been connected? */
  442   ldap_session_state_t ls_state;
  443   /* keep track of the LDAP sockets */
  444   NSS_LDAP_SOCKADDR_STORAGE ls_sockname;
  445   NSS_LDAP_SOCKADDR_STORAGE ls_peername;
  446   /* index into ldc_uris: currently connected DSA */
  447   int ls_current_uri;
  448 };
  449 
  450 typedef struct ldap_session ldap_session_t;
  451 
  452 #ifndef HAVE_NSSWITCH_H
  453 #ifndef UID_NOBODY
  454 #define UID_NOBODY      (-2)
  455 #endif
  456 #endif
  457 
  458 #ifndef GID_NOBODY
  459 #define GID_NOBODY     UID_NOBODY
  460 #endif
  461 
  462 enum ldap_args_types
  463 {
  464   LA_TYPE_STRING,
  465   LA_TYPE_NUMBER,
  466   LA_TYPE_STRING_AND_STRING,
  467   LA_TYPE_NUMBER_AND_STRING,
  468   LA_TYPE_TRIPLE,
  469   LA_TYPE_STRING_LIST_OR,
  470   LA_TYPE_STRING_LIST_AND,
  471   LA_TYPE_NONE
  472 };
  473 
  474 typedef enum ldap_args_types ldap_args_types_t;
  475 
  476 enum ldap_map_type
  477 {
  478   MAP_ATTRIBUTE = 0,
  479   MAP_OBJECTCLASS,
  480   MAP_OVERRIDE,
  481   MAP_DEFAULT,
  482   MAP_ATTRIBUTE_REVERSE,
  483   MAP_OBJECTCLASS_REVERSE, /* XXX not used yet? */
  484   MAP_MAX = MAP_OBJECTCLASS_REVERSE
  485 };
  486 
  487 typedef enum ldap_map_type ldap_map_type_t;
  488 
  489 struct ldap_args
  490 {
  491   ldap_args_types_t la_type;
  492   union
  493   {
  494     const char *la_string;
  495     long la_number;
  496     struct {
  497       /* for Solaris netgroup support */
  498       const char *host;
  499       const char *user;
  500       const char *domain;
  501     } la_triple;
  502     const char **la_string_list;
  503   }
  504   la_arg1;
  505   union
  506   {
  507     const char *la_string;
  508   }
  509   la_arg2;
  510   const char *la_base; /* override default base */
  511 };
  512 
  513 typedef struct ldap_args ldap_args_t;
  514 
  515 #define LA_INIT(q)              do { \
  516                         (q).la_type = LA_TYPE_STRING; \
  517                         (q).la_arg1.la_string = NULL; \
  518                         (q).la_arg2.la_string = NULL; \
  519                         (q).la_base = NULL; \
  520                         } while (0)
  521 #define LA_TYPE(q)              ((q).la_type)
  522 #define LA_STRING(q)                ((q).la_arg1.la_string)
  523 #define LA_NUMBER(q)                ((q).la_arg1.la_number)
  524 #define LA_TRIPLE(q)                ((q).la_arg1.la_triple)
  525 #define LA_STRING_LIST(q)           ((q).la_arg1.la_string_list)
  526 #define LA_STRING2(q)               ((q).la_arg2.la_string)
  527 #define LA_BASE(q)              ((q).la_base)
  528 
  529 #include "ldap-parse.h"
  530 
  531 /*
  532  * the state consists of the desired attribute value or an offset into a list of
  533  * values for the desired attribute. This is necessary to support services.
  534  *
  535  * Be aware of the arbitary distinction between state and context. Context is
  536  * the enumeration state of a lookup subsystem (which may be per-subsystem,
  537  * or per-subsystem/per-thread, depending on the OS). State is the state
  538  * of a particular lookup, and is only concerned with resolving and enumerating
  539  * services. State is represented as instances of ldap_state_t; context as
  540  * instances of ent_context_t. The latter contains the former.
  541  */
  542 struct ldap_state
  543 {
  544   int ls_type;
  545   int ls_retry;
  546   int ls_eof;
  547 #define LS_TYPE_KEY (0)
  548 #define LS_TYPE_INDEX   (1)
  549   union
  550   {
  551     /* ls_key is the requested attribute value.
  552        ls_index is the desired offset into the value list.
  553      */
  554     const char *ls_key;
  555     int ls_index;
  556   }
  557   ls_info;
  558 };
  559 
  560 typedef struct ldap_state ldap_state_t;
  561 /*
  562  * LS_INIT only used for enumeration contexts
  563  */
  564 #define LS_INIT(state)  do { state.ls_type = LS_TYPE_INDEX; state.ls_retry = 0; state.ls_info.ls_index = -1; } while (0)
  565 
  566 /*
  567  * thread specific context: result chain, and state data
  568  */
  569 struct ent_context
  570 {
  571   ldap_state_t ec_state;    /* eg. for services */
  572   int ec_msgid;         /* message ID */
  573   LDAPMessage *ec_res;      /* result chain */
  574   ldap_service_search_descriptor_t *ec_sd;  /* current sd */
  575   struct berval *ec_cookie;     /* cookie for paged searches */
  576   int ec_eof;           /* reached notional end of file */
  577 };
  578 
  579 typedef struct ent_context ent_context_t;
  580 
  581 struct name_list
  582 {
  583   char *name;
  584   struct name_list *next;
  585 };
  586 
  587 #ifdef HAVE_NSSWITCH_H
  588 
  589 struct nss_ldap_backend
  590 {
  591   nss_backend_op_t *ops;
  592   int n_ops;
  593   ent_context_t *state;
  594 };
  595 
  596 typedef struct nss_ldap_backend nss_ldap_backend_t;
  597 
  598 struct nss_ldap_netgr_backend
  599 {
  600   nss_backend_op_t *ops;
  601   int n_ops;
  602   ent_context_t *state;
  603   struct name_list *known_groups; /* netgroups seen, for loop detection */
  604   struct name_list *needed_groups; /* nested netgroups to chase */
  605 };
  606 
  607 typedef struct nss_ldap_netgr_backend nss_ldap_netgr_backend_t;
  608 
  609 typedef nss_status_t NSS_STATUS;
  610 
  611 #define NSS_RETURN      NSS_UNAVAIL
  612 
  613 #elif defined(HAVE_IRS_H)
  614 
  615 typedef enum
  616 {
  617   NSS_TRYAGAIN = -2,
  618   NSS_UNAVAIL,
  619   NSS_NOTFOUND,
  620   NSS_SUCCESS,
  621   NSS_RETURN
  622 }
  623 NSS_STATUS;
  624 
  625 struct nss_ldap_netgr_backend
  626 {
  627   char buffer[NSS_BUFLEN_NETGROUP];
  628   ent_context_t *state;
  629   struct name_list *known_groups; /* netgroups seen, for loop detection */
  630   struct name_list *needed_groups; /* nested netgroups to chase */
  631 };
  632 
  633 typedef struct nss_ldap_netgr_backend nss_ldap_netgr_backend_t;
  634 #elif defined(HAVE_NSS_H)
  635 
  636 typedef enum nss_status NSS_STATUS;
  637 
  638 #define NSS_SUCCESS     NSS_STATUS_SUCCESS
  639 #define NSS_NOTFOUND    NSS_STATUS_NOTFOUND
  640 #define NSS_UNAVAIL     NSS_STATUS_UNAVAIL
  641 #define NSS_TRYAGAIN    NSS_STATUS_TRYAGAIN
  642 #define NSS_RETURN      NSS_STATUS_RETURN
  643 
  644 /* to let us index a lookup table on NSS_STATUSes */
  645 
  646 #define _NSS_LOOKUP_OFFSET      NSS_STATUS_TRYAGAIN
  647 
  648 #endif /* HAVE_NSSWITCH_H */
  649 
  650 #ifndef _NSS_LOOKUP_OFFSET
  651 #define _NSS_LOOKUP_OFFSET      (0)
  652 #endif
  653 
  654 typedef NSS_STATUS (*parser_t) (LDAPMessage *, ldap_state_t *, void *,
  655                 char *, size_t);
  656 
  657 #ifdef HPUX
  658 extern int __thread_mutex_lock(pthread_mutex_t *);
  659 extern int __thread_mutex_unlock(pthread_mutex_t *);
  660 #endif /* HPUX */
  661 
  662 #ifdef _AIX
  663 extern int __multi_threaded;
  664 #endif /* _AIX */
  665 
  666 /*
  667  * Portable locking macro.
  668  */
  669 #if defined(HAVE_THREAD_H) && !defined(_AIX) && !defined(__FreeBSD__)
  670 #define NSS_LDAP_LOCK(m)        mutex_lock(&m)
  671 #define NSS_LDAP_UNLOCK(m)      mutex_unlock(&m)
  672 #define NSS_LDAP_DEFINE_LOCK(m)     static mutex_t m = DEFAULTMUTEX
  673 #elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H)
  674 #define NSS_LDAP_LOCK(m)        __libc_lock_lock(m)
  675 #define NSS_LDAP_UNLOCK(m)      __libc_lock_unlock(m)
  676 #define NSS_LDAP_DEFINE_LOCK(m)     static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER
  677 #elif defined(HAVE_PTHREAD_H)
  678 #ifdef HPUX
  679 # define NSS_LDAP_LOCK(m)       __thread_mutex_lock(&m)
  680 # define NSS_LDAP_UNLOCK(m)     __thread_mutex_unlock(&m)
  681 # define NSS_LDAP_DEFINE_LOCK(m)        static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER
  682 #elif defined(_AIX)
  683 # define NSS_LDAP_LOCK(m)       do { \
  684                         if (__multi_threaded) \
  685                             pthread_mutex_lock(&m); \
  686                     } while (0)
  687 # define NSS_LDAP_UNLOCK(m)     do { \
  688                         if (__multi_threaded) \
  689                             pthread_mutex_unlock(&m); \
  690                     } while (0)
  691 # define NSS_LDAP_DEFINE_LOCK(m)        static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER
  692 #elif defined(__FreeBSD__)
  693 # define NSS_LDAP_LOCK(m)         do { \
  694                            if (__isthreaded) \
  695                                pthread_mutex_lock(&m); \
  696                        } while (0)
  697 # define NSS_LDAP_UNLOCK(m)     do { \
  698                            if (__isthreaded) \
  699                                pthread_mutex_unlock(&m); \
  700                        } while (0)
  701 # define NSS_LDAP_DEFINE_LOCK(m)           static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER
  702 #else
  703 # define NSS_LDAP_LOCK(m)       pthread_mutex_lock(&m)
  704 # define NSS_LDAP_UNLOCK(m)     pthread_mutex_unlock(&m)
  705 # define NSS_LDAP_DEFINE_LOCK(m)        static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER
  706 #endif /* HPUX || _AIX */
  707 #else
  708 #define NSS_LDAP_LOCK(m)
  709 #define NSS_LDAP_UNLOCK(m)
  710 #define NSS_LDAP_DEFINE_LOCK(m)
  711 #endif
  712 
  713 /*
  714  * Acquire global nss_ldap lock and blocks SIGPIPE.
  715  * Generally this should only be done within ldap-nss.c.
  716  */
  717 void _nss_ldap_enter (void);
  718 
  719 /*
  720  * Release global nss_ldap lock and blocks SIGPIPE.
  721  * Generally this should only be done within ldap-nss.c.
  722  */
  723 void _nss_ldap_leave (void);
  724 
  725 #ifdef LDAP_OPT_THREAD_FN_PTRS
  726 /*
  727  * Netscape's libldap is threadsafe, but we use a
  728  * lock before it is initialized 
  729  */
  730 
  731 struct ldap_error
  732 {
  733   int le_errno;
  734   char *le_matched;
  735   char *le_errmsg;
  736 };
  737 
  738 typedef struct ldap_error ldap_error_t;
  739 
  740 #endif /* LDAP_OPT_THREAD_FN_PTRS */
  741 
  742 #ifdef HAVE_NSSWITCH_H
  743 NSS_STATUS _nss_ldap_default_destr (nss_backend_t *, void *);
  744 #endif
  745 
  746 /*
  747  * context management routines.
  748  * _nss_ldap_default_constr() is called once in the constructor
  749  */
  750 #ifdef HAVE_NSSWITCH_H
  751 NSS_STATUS _nss_ldap_default_constr (nss_ldap_backend_t * be);
  752 #endif
  753 
  754 /* 
  755  * _nss_ldap_ent_context_init() is called for each getXXent() call
  756  * This will acquire the global mutex.
  757  */
  758 ent_context_t *_nss_ldap_ent_context_init (ent_context_t **);
  759 
  760 /*
  761  * _nss_ldap_ent_context_init_locked() has the same behaviour
  762  * as above, except it assumes that the caller has acquired
  763  * the lock
  764  */
  765 
  766 ent_context_t *_nss_ldap_ent_context_init_locked (ent_context_t **);
  767 
  768 /*
  769  * _nss_ldap_ent_context_release() is used to manually free a context 
  770  */
  771 void _nss_ldap_ent_context_release (ent_context_t **);
  772 
  773 /*
  774  * these are helper functions for ldap-grp.c only on Solaris
  775  */
  776 char **_nss_ldap_get_values (LDAPMessage * e, const char *attr);
  777 char *_nss_ldap_get_dn (LDAPMessage * e);
  778 LDAPMessage *_nss_ldap_first_entry (LDAPMessage * res);
  779 LDAPMessage *_nss_ldap_next_entry (LDAPMessage * res);
  780 char *_nss_ldap_first_attribute (LDAPMessage * entry, BerElement **berptr);
  781 char *_nss_ldap_next_attribute (LDAPMessage * entry, BerElement *ber);
  782 const char **_nss_ldap_get_attributes (ldap_map_selector_t sel);
  783 
  784 /*
  785  * Synchronous search cover (caller acquires lock).
  786  */
  787 NSS_STATUS _nss_ldap_search_s (const ldap_args_t * args,    /* IN */
  788                    const char *filterprot,  /* IN */
  789                    ldap_map_selector_t sel, /* IN */
  790                    const char **user_attrs, /* IN */
  791                    int sizelimit,   /* IN */
  792                    LDAPMessage ** pRes /* OUT */ );
  793 
  794 /*
  795  * Asynchronous search cover (caller acquires lock).
  796  */
  797 NSS_STATUS _nss_ldap_search (const ldap_args_t * args,  /* IN */
  798                  const char *filterprot,    /* IN */
  799                  ldap_map_selector_t sel,   /* IN */
  800                  const char **user_attrs, /* IN */
  801                  int sizelimit, /* IN */
  802                  int *pMsgid, /* OUT */
  803                  ldap_service_search_descriptor_t **s /*IN/OUT*/ );
  804 
  805 /*
  806  * Emulate X.500 read operation.
  807  */
  808 NSS_STATUS _nss_ldap_read (const char *dn,  /* IN */
  809                const char **attributes, /* IN */
  810                LDAPMessage ** pRes /* OUT */ );
  811 
  812 /*
  813  * extended enumeration routine; uses asynchronous API.
  814  * Caller must have acquired the global mutex
  815  */
  816 NSS_STATUS _nss_ldap_getent_ex (ldap_args_t * args, /* IN */
  817                 ent_context_t ** key,   /* IN/OUT */
  818                 void *result,   /* IN/OUT */
  819                 char *buffer,   /* IN */
  820                 size_t buflen,  /* IN */
  821                 int *errnop,    /* OUT */
  822                 const char *filterprot, /* IN */
  823                 ldap_map_selector_t sel,    /* IN */
  824                 const char **user_attrs, /* IN */
  825                 parser_t parser /* IN */ );
  826 
  827 /*
  828  * common enumeration routine; uses asynchronous API.
  829  * Acquires the global mutex
  830  */
  831 NSS_STATUS _nss_ldap_getent (ent_context_t ** key,  /* IN/OUT */
  832                  void *result,  /* IN/OUT */
  833                  char *buffer,  /* IN */
  834                  size_t buflen, /* IN */
  835                  int *errnop,   /* OUT */
  836                  const char *filterprot,    /* IN */
  837                  ldap_map_selector_t sel,   /* IN */
  838                  parser_t parser /* IN */ );
  839 
  840 /*
  841  * common lookup routine; uses synchronous API.
  842  */
  843 NSS_STATUS _nss_ldap_getbyname (ldap_args_t * args, /* IN/OUT */
  844                 void *result,   /* IN/OUT */
  845                 char *buffer,   /* IN */
  846                 size_t buflen,  /* IN */
  847                 int *errnop,    /* OUT */
  848                 const char *filterprot, /* IN */
  849                 ldap_map_selector_t sel,    /* IN */
  850                 parser_t parser /* IN */ );
  851 
  852 /* parsing utility functions */
  853 NSS_STATUS _nss_ldap_assign_attrvals (LDAPMessage * e,  /* IN */
  854                       const char *attr, /* IN */
  855                       const char *omitvalue,    /* IN */
  856                       char ***valptr,   /* OUT */
  857                       char **buffer,    /* IN/OUT */
  858                       size_t * buflen,  /* IN/OUT */
  859                       size_t * pvalcount /* OUT */ );
  860 
  861 NSS_STATUS _nss_ldap_assign_attrval (LDAPMessage * e,   /* IN */
  862                      const char *attr,  /* IN */
  863                      char **valptr, /* OUT */
  864                      char **buffer, /* IN/OUT */
  865                      size_t * buflen /* IN/OUT */ );
  866 
  867 
  868 const char *_nss_ldap_locate_userpassword (char **vals);
  869 
  870 NSS_STATUS _nss_ldap_assign_userpassword (LDAPMessage * e,  /* IN */
  871                       const char *attr, /* IN */
  872                       char **valptr,    /* OUT */
  873                       char **buffer,    /* IN/OUT */
  874                       size_t * buflen); /* IN/OUT */
  875 
  876 NSS_STATUS _nss_ldap_oc_check (LDAPMessage * e, const char *oc);
  877 
  878 NSS_STATUS _nss_ldap_shadow_date(const char *val, long default_date,
  879                  long *value);
  880 #if defined(HAVE_SHADOW_H)
  881 void _nss_ldap_shadow_handle_flag(struct spwd *sp);
  882 #else
  883 #define _nss_ldap_shadow_handle_flag(_sp)   do { /* nothing */ } while (0)
  884 #endif /* HAVE_SHADOW_H */
  885 
  886 NSS_STATUS _nss_ldap_map_put (ldap_config_t * config,
  887                   ldap_map_selector_t sel,
  888                   ldap_map_type_t map,
  889                   const char *key, const char *value);
  890 
  891 NSS_STATUS _nss_ldap_map_get (ldap_config_t * config,
  892                   ldap_map_selector_t sel,
  893                   ldap_map_type_t map,
  894                   const char *key, const char **value);
  895 
  896 const char *_nss_ldap_map_at (ldap_map_selector_t sel, const char *pChar2);
  897 const char *_nss_ldap_unmap_at (ldap_map_selector_t sel, const char *attribute);
  898 
  899 const char *_nss_ldap_map_oc (ldap_map_selector_t sel, const char *pChar);
  900 const char *_nss_ldap_unmap_oc (ldap_map_selector_t sel, const char *pChar);
  901 
  902 const char *_nss_ldap_map_ov (const char *pChar);
  903 const char *_nss_ldap_map_df (const char *pChar);
  904 
  905 /*
  906  * Proxy bind support for AIX.
  907  */
  908 struct ldap_proxy_bind_args
  909 {
  910   char *binddn;
  911   const char *bindpw;
  912 };
  913 
  914 typedef struct ldap_proxy_bind_args ldap_proxy_bind_args_t;
  915 
  916 NSS_STATUS _nss_ldap_proxy_bind (const char *user, const char *password);
  917 
  918 NSS_STATUS _nss_ldap_init (void);
  919 void _nss_ldap_close (void);
  920 
  921 int _nss_ldap_test_config_flag (unsigned int flag);
  922 int _nss_ldap_test_initgroups_ignoreuser (const char *user);
  923 int _nss_ldap_get_ld_errno (char **m, char **s);
  924 
  925 #ifdef CONFIGURE_KRB5_KEYTAB
  926 int do_init_krb5_cache(ldap_config_t *config);
  927 #endif /* CONFIGURE_KRB5_KEYTAB */
  928 #endif /* _LDAP_NSS_LDAP_LDAP_NSS_H */