#ifndef __CLDAPv3Configs_h__
#define __CLDAPv3Configs_h__ 1
#include <stdio.h>
#include <map>
#include <set>
#include <string>
#include <list>
#include <sys/types.h> //for getaddrinfo
#include <sys/socket.h> //for getaddrinfo
#include <netdb.h> //for getaddrinfo
#include <lber.h>
#include <ldap.h>
#include <CoreFoundation/CoreFoundation.h> //for CF classes and property lists - XML config data
#include "PrivateTypes.h"
#include "CPlugInRef.h" // config data table
#include "DSLDAPUtils.h" // for timeout values
using namespace std;
#define kXMLLDAPVersionKey "LDAP PlugIn Version"
#define kXMLConfigArrayKey "LDAP Server Configs"
#define kXMLDHCPConfigArrayKey "LDAP DHCP Server Configs"
#define kXMLServerConfigKey "LDAP Server Config"
#define kXMLEnableUseFlagKey "Enable Use"
#define kXMLUserDefinedNameKey "UI Name"
#define kXMLNodeName "Node Name"
#define kXMLOpenCloseTimeoutSecsKey "OpenClose Timeout in seconds"
#define kXMLIdleTimeoutMinsKey "Idle Timeout in minutes"
#define kXMLDelayedRebindTrySecsKey "Delay Rebind Try in seconds"
#define kXMLPortNumberKey "Port Number"
#define kXMLSearchTimeoutSecsKey "Search Timeout in seconds"
#define kXMLSecureUseFlagKey "Secure Use"
#define kXMLServerKey "Server"
#define kXMLServerAccountKey "Server Account"
#define kXMLServerPasswordKey "Server Password"
#define kXMLKerberosId "Kerberos Id"
#define kXMLUseDNSReplicasFlagKey "Use DNS replicas"
#define kXMLBoundDirectoryKey "Bound Directory"
#define kXMLDirectoryBindingKey "Directory Binding"
#define kXMLConfiguredSecurityKey "Configured Security Level"
#define kXMLSupportedSecurityKey "Supported Security Level"
#define kXMLLocalSecurityKey "Local Security Level"
#define kXMLSecurityBindingRequired "Binding Required"
#define kXMLSecurityNoClearTextAuths "No ClearText Authentications"
#define kXMLSecurityManInTheMiddle "Man In The Middle"
#define kXMLSecurityPacketSigning "Packet Signing"
#define kXMLSecurityPacketEncryption "Packet Encryption"
#define kSecNoSecurity 0
#define kSecDisallowCleartext (1<<0)
#define kSecManInMiddle (1<<1)
#define kSecPacketSigning (1<<2)
#define kSecPacketEncryption (1<<3)
#define kSecSecurityMask (kSecDisallowCleartext | kSecManInMiddle | kSecPacketSigning | kSecPacketEncryption)
#define kXMLStdMapUseFlagKey "Standard Map Use"
#define kXMLDefaultAttrTypeMapArrayKey "Default Attribute Type Map"
#define kXMLDefaultRecordTypeMapArrayKey "Default Record Type Map"
#define kXMLAttrTypeMapArrayKey "Attribute Type Map"
#define kXMLRecordTypeMapArrayKey "Record Type Map"
#define kXMLReplicaHostnameListArrayKey "Replica Hostname List"
#define kXMLWriteableHostnameListArrayKey "Writeable Hostname List"
#define kXMLNativeMapArrayKey "Native Map"
#define kXMLStdNameKey "Standard Name"
#define kXMLSearchBase "Search Base"
#define kXMLOneLevelSearchScope "One Level Search Scope"
#define kXMLObjectClasses "Object Classes"
#define kXMLGroupObjectClasses "Group Object Classes"
#define kXMLMakeDefLDAPFlagKey "Default LDAP Search Path"
#define kXMLServerMappingsFlagKey "Server Mappings"
#define kXMLIsSSLFlagKey "SSL"
#define kXMLLDAPv2ReadOnlyKey "LDAPv2 Read Only"
#define kXMLMapSearchBase "Map Search Base"
#define kXMLReferralFlagKey "LDAP Referrals"
#define kXMLAttrTypeMapDictKey "Attribute Type Map"
typedef list<string> listOfStrings;
typedef listOfStrings::const_iterator listOfStringsCI;
typedef set<string> AttrSet;
typedef AttrSet::const_iterator AttrSetCI;
struct sObjectClassSchema {
AttrSet fParentOCs; AttrSet fOtherNames; AttrSet fRequiredAttrs; AttrSet fAllowedAttrs; uInt16 fType; uInt32 fDummy;
};
typedef map<string,sObjectClassSchema*> ObjectClassMap;
typedef ObjectClassMap::const_iterator ObjectClassMapCI;
struct sReplicaInfo
{
addrinfo *fAddrInfo; bool bWriteable; bool bUsedLast; CFStringRef hostname; sReplicaInfo *fNext;
sReplicaInfo( void )
{
fAddrInfo = nil;
bUsedLast = bWriteable = false;
hostname = nil;
fNext = nil;
}
~sReplicaInfo( void )
{
if ( fNext != nil )
{
sReplicaInfo* replicaToIsolateAndDelete = fNext;
while ( replicaToIsolateAndDelete != nil )
{
sReplicaInfo* nextReplicaPtr = replicaToIsolateAndDelete->fNext;
replicaToIsolateAndDelete->fNext = NULL; DSDelete(replicaToIsolateAndDelete);
replicaToIsolateAndDelete = nextReplicaPtr;
}
}
if( fAddrInfo )
{
freeaddrinfo( fAddrInfo );
fAddrInfo = nil;
}
DSCFRelease( hostname );
}
sReplicaInfo *lastUsed( void )
{
sReplicaInfo *pLastUsed = nil;
sReplicaInfo *curReplicaInfo = this;
while( curReplicaInfo )
{
if( curReplicaInfo->bUsedLast )
{
pLastUsed = curReplicaInfo;
break;
}
else
{
curReplicaInfo = curReplicaInfo->fNext;
}
}
return pLastUsed;
}
void resetLastUsed( void ) {
sReplicaInfo *curReplicaInfo = this;
while( curReplicaInfo )
{
curReplicaInfo->bUsedLast = false;
curReplicaInfo = curReplicaInfo->fNext;
}
}
};
struct sLDAPConfigData
{
char *fUIName; char *fNodeName; char *fServerName; int fServerPort;
sReplicaInfo *fReplicaHosts; CFMutableArrayRef fReplicaHostnames; CFMutableArrayRef fWriteableHostnames; bool bBuildReplicaList;
int fOpenCloseTimeout; int fIdleTimeout; int fSearchTimeout; int fDelayRebindTry;
bool bAvail; bool bSecureUse;
char *fServerAccount; char *fKerberosId; char *fServerPassword;
bool bServerMappings; bool bIsSSL; bool bLDAPv2ReadOnly; char *fMapSearchBase; uInt32 fSecurityLevel; uInt32 fSecurityLevelLoc;
CFDictionaryRef fRecordAttrMapDict; CFArrayRef fRecordTypeMapCFArray;
CFArrayRef fAttrTypeMapCFArray;
DSMutexSemaphore *fConfigLock;
bool bGetServerMappings; bool bGetSecuritySettings; bool bOCBuilt; bool bUpdated; bool bReferrals; bool bDNSReplicas;
ObjectClassMap *fObjectClassSchema; CFMutableArrayRef fSASLmethods;
bool bUseAsDefaultLDAP; int fRefCount; bool bMarkToDelete;
sLDAPConfigData( void );
~sLDAPConfigData( void );
sLDAPConfigData( char *inUIname, char *inNodeName,
char *inServerName, int inOpenCloseTO,
int inIdleTO, int inDelayRebindTry,
int inSearchTO, int inPortNum,
bool inUseSecure, char *inAccount,
char *inPassword, char *inKerberosId,
bool inMakeDefLDAP, bool inServerMappings,
bool inIsSSL, char *inMapSearchBase,
int inSecurityLevel, int inSecurityLevelLoc, bool inReferrals,
bool inLDAPv2ReadOnly, bool inDNSReplicas );
};
typedef map<string,sLDAPConfigData *> LDAPConfigDataMap;
typedef LDAPConfigDataMap::iterator LDAPConfigDataMapI;
class CLDAPv3Configs
{
public:
CLDAPv3Configs ( void );
sInt32 Init ( void );
virtual ~CLDAPv3Configs ( void );
sInt32 AddToConfig ( CFDataRef xmlData );
sInt32 SetXMLConfig ( CFDataRef xmlData );
CFDataRef CopyXMLConfig ( void );
sInt32 WriteXMLConfig ( void );
char *ExtractRecMap ( const char *inRecType,
CFDictionaryRef inRecordTypeMapCFDict,
int inIndex,
bool *outOCGroup,
CFArrayRef *outOCListCFArray,
ber_int_t *outScope );
char *ExtractAttrMap ( const char *inRecType,
const char *inAttrType,
CFDictionaryRef inRecordTypeMapCFDict,
int inIndex );
char *ExtractStdAttrName ( char *inRecType,
CFDictionaryRef inRecordTypeMapCFDict,
int &inputIndex );
int AttrMapsCount ( const char *inRecType,
const char *inAttrType,
CFDictionaryRef inRecordTypeMapCFDict );
sInt32 UpdateLDAPConfigWithServerMappings
( char *inServer,
char *inMapSearchBase,
int inPortNumber,
bool inIsSSL,
bool inLDAPv2ReadOnly,
bool inMakeDefLDAP,
bool inReferrals,
LDAP *inServerHost = nil );
sInt32 UpdateConfigWithSecuritySettings
( char *inConfigName,
sLDAPConfigData *inConfig,
LDAP *inLD );
sInt32 MakeServerBasedMappingsLDAPConfig
( char *inServer,
char *inMapSearchBase,
int inOpenCloseTO,
int inIdleTO,
int inDelayRebindTry,
int inSearchTO,
int inPortNumber,
bool inIsSSL,
bool inMakeDefLDAP,
bool inReferrals,
bool inIsLDAPv2ReadOnly );
sInt32 WriteServerMappings ( char* userName,
char* password,
CFDataRef inMappings );
CFDataRef ReadServerMappings ( LDAP *serverHost,
CFDataRef inMappings );
void XMLConfigLock ( void );
void XMLConfigUnlock ( void );
sInt32 UpdateReplicaList ( char *inServerName,
CFMutableArrayRef inReplicaHostnames,
CFMutableArrayRef inWriteableHostnames);
void DeleteConfigFromMap ( char *inConfigNodename );
sLDAPConfigData *ConfigWithNodeNameLock
( char *inConfigName );
void ConfigUnlock ( sLDAPConfigData *inConfig );
void SetAllConfigBuildReplicaFlagTrue
( void );
LDAPConfigDataMap & GetConfigMap ( void ) { return fConfigMap; }
void ConfigMapWait ( void ) { fConfigMapMutex.Wait(); }
void ConfigMapSignal ( void ) { fConfigMapMutex.Signal(); }
char **GetDefaultLDAPNodeStrings
( uInt32 &count );
void VerifyKerberosForRealm
( char *inRealmName,
char *inServer );
protected:
uInt32 CalculateSecurityPolicy
( CFDictionaryRef inConfiguration );
CFDictionaryRef CreateNormalizedAttributeMap
( CFArrayRef inAttrMapArray,
CFDictionaryRef inGlobalAttrMap );
CFDictionaryRef CreateNormalizedRecordAttrMap
( CFArrayRef inRecMapArray,
CFArrayRef inGlobalAttrMapArray );
CFDataRef RetrieveServerMappings
( char *inServer,
char *inMapSearchBase,
int inPortNumber,
bool inIsSSL,
bool inReferrals,
LDAP *inServerHost = nil );
bool VerifyXML ( void );
sInt32 ConfigLDAPServers ( void );
sInt32 AddLDAPServer ( CFDataRef inXMLData );
CFDataRef VerifyAndUpdateServerLocation
( char *inServer,
int inPortNumber,
bool inIsSSL,
bool inLDAPv2ReadOnly,
bool inMakeDefLDAP,
CFDataRef inXMLData );
char *GetVersion ( CFDictionaryRef configDict );
sInt32 MakeLDAPConfig ( CFDictionaryRef ldapDict,
bool inOverWriteAll = false,
bool inServerMappingUpdate = false );
sInt32 BuildLDAPMap ( sLDAPConfigData *inConfig,
CFDictionaryRef ldapDict,
bool inServerMapppings );
sInt32 ReadXMLConfig ( void );
bool ConvertLDAPv2Config ( void );
bool CreatePrefDirectory ( void );
char *CreatePrefFilename ( void );
private:
static LDAPConfigDataMap fConfigMap;
static DSMutexSemaphore fConfigMapMutex;
CFDataRef fXMLData;
DSMutexSemaphore *pXMLConfigLock;
};
#endif // __CLDAPv3Configs_h__