libadutils/common/adutils.c

*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * CDDL HEADER START
*8040SBaban.Kenkre@Sun.COM *
*8040SBaban.Kenkre@Sun.COM * The contents of this file are subject to the terms of the
*8040SBaban.Kenkre@Sun.COM * Common Development and Distribution License (the "License").
*8040SBaban.Kenkre@Sun.COM * You may not use this file except in compliance with the License.
*8040SBaban.Kenkre@Sun.COM *
*8040SBaban.Kenkre@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
*8040SBaban.Kenkre@Sun.COM * or http://www.opensolaris.org/os/licensing.
*8040SBaban.Kenkre@Sun.COM * See the License for the specific language governing permissions
*8040SBaban.Kenkre@Sun.COM * and limitations under the License.
*8040SBaban.Kenkre@Sun.COM *
*8040SBaban.Kenkre@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each
*8040SBaban.Kenkre@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
*8040SBaban.Kenkre@Sun.COM * If applicable, add the following below this CDDL HEADER, with the
*8040SBaban.Kenkre@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying
*8040SBaban.Kenkre@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner]
*8040SBaban.Kenkre@Sun.COM *
*8040SBaban.Kenkre@Sun.COM * CDDL HEADER END
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
*8040SBaban.Kenkre@Sun.COM * Use is subject to license terms.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM#include <alloca.h>
*8040SBaban.Kenkre@Sun.COM#include <string.h>
*8040SBaban.Kenkre@Sun.COM#include <strings.h>
*8040SBaban.Kenkre@Sun.COM#include <lber.h>
*8040SBaban.Kenkre@Sun.COM#include <sasl/sasl.h>
*8040SBaban.Kenkre@Sun.COM#include <string.h>
*8040SBaban.Kenkre@Sun.COM#include <ctype.h>
*8040SBaban.Kenkre@Sun.COM#include <synch.h>
*8040SBaban.Kenkre@Sun.COM#include <atomic.h>
*8040SBaban.Kenkre@Sun.COM#include <errno.h>
*8040SBaban.Kenkre@Sun.COM#include <assert.h>
*8040SBaban.Kenkre@Sun.COM#include <limits.h>
*8040SBaban.Kenkre@Sun.COM#include <sys/u8_textprep.h>
*8040SBaban.Kenkre@Sun.COM#include <sys/varargs.h>
*8040SBaban.Kenkre@Sun.COM#include "libadutils.h"
*8040SBaban.Kenkre@Sun.COM#include "adutils_impl.h"
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/* List of DSs, needed by the idle connection reaper thread */
*8040SBaban.Kenkre@Sun.COMstatic pthread_mutex_t	adhostlock = PTHREAD_MUTEX_INITIALIZER;
*8040SBaban.Kenkre@Sun.COMstatic adutils_host_t	*host_head = NULL;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * List of query state structs -- needed so we can "route" LDAP results
*8040SBaban.Kenkre@Sun.COM * to the right context if multiple threads should be using the same
*8040SBaban.Kenkre@Sun.COM * connection concurrently
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic pthread_mutex_t		qstatelock = PTHREAD_MUTEX_INITIALIZER;
*8040SBaban.Kenkre@Sun.COMstatic adutils_query_state_t	*qstatehead = NULL;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMstatic char *adutils_sid_ber2str(BerValue *bvalues);
*8040SBaban.Kenkre@Sun.COMstatic void adutils_lookup_batch_unlock(adutils_query_state_t **state);
*8040SBaban.Kenkre@Sun.COMstatic void delete_ds(adutils_ad_t *ad, const char *host, int port);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMtypedef struct binary_attrs {
*8040SBaban.Kenkre@Sun.COM	const char	*name;
*8040SBaban.Kenkre@Sun.COM	char		*(*ber2str)(BerValue *bvalues);
*8040SBaban.Kenkre@Sun.COM} binary_attrs_t;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMstatic binary_attrs_t binattrs[] = {
*8040SBaban.Kenkre@Sun.COM	{"objectSID", adutils_sid_ber2str},
*8040SBaban.Kenkre@Sun.COM	{NULL, NULL}
*8040SBaban.Kenkre@Sun.COM};
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMadutils_set_log(int pri, bool_t syslog, bool_t degraded)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	idmap_log_stderr(pri);
*8040SBaban.Kenkre@Sun.COM	idmap_log_syslog(syslog);
*8040SBaban.Kenkre@Sun.COM	idmap_log_degraded(degraded);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Turn "foo.bar.com" into "dc=foo,dc=bar,dc=com"
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMchar *
*8040SBaban.Kenkre@Sun.COMadutils_dns2dn(const char *dns)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int	nameparts;
*8040SBaban.Kenkre@Sun.COM	return (ldap_dns_to_dn((char *)dns, &nameparts));
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Turn "dc=foo,dc=bar,dc=com" into "foo.bar.com"; ignores any other
*8040SBaban.Kenkre@Sun.COM * attributes (CN, etc...).
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMchar *
*8040SBaban.Kenkre@Sun.COMadutils_dn2dns(const char *dn)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	char **rdns = NULL;
*8040SBaban.Kenkre@Sun.COM	char **attrs = NULL;
*8040SBaban.Kenkre@Sun.COM	char **labels = NULL;
*8040SBaban.Kenkre@Sun.COM	char *dns = NULL;
*8040SBaban.Kenkre@Sun.COM	char **rdn, **attr, **label;
*8040SBaban.Kenkre@Sun.COM	int maxlabels = 5;
*8040SBaban.Kenkre@Sun.COM	int nlabels = 0;
*8040SBaban.Kenkre@Sun.COM	int dnslen;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * There is no reverse of ldap_dns_to_dn() in our libldap, so we
*8040SBaban.Kenkre@Sun.COM	 * have to do the hard work here for now.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * This code is much too liberal: it looks for "dc" attributes
*8040SBaban.Kenkre@Sun.COM	 * in all RDNs of the DN.  In theory this could cause problems
*8040SBaban.Kenkre@Sun.COM	 * if people were to use "dc" in nodes other than the root of
*8040SBaban.Kenkre@Sun.COM	 * the tree, but in practice noone, least of all Active
*8040SBaban.Kenkre@Sun.COM	 * Directory, does that.
*8040SBaban.Kenkre@Sun.COM	 *
*8040SBaban.Kenkre@Sun.COM	 * On the other hand, this code is much too conservative: it
*8040SBaban.Kenkre@Sun.COM	 * does not make assumptions about ldap_explode_dn(), and _that_
*8040SBaban.Kenkre@Sun.COM	 * is the true for looking at every attr of every RDN.
*8040SBaban.Kenkre@Sun.COM	 *
*8040SBaban.Kenkre@Sun.COM	 * Since we only ever look at dc and those must be DNS labels,
*8040SBaban.Kenkre@Sun.COM	 * at least until we get around to supporting IDN here we
*8040SBaban.Kenkre@Sun.COM	 * shouldn't see escaped labels from AD nor from libldap, though
*8040SBaban.Kenkre@Sun.COM	 * the spec (RFC2253) does allow libldap to escape things that
*8040SBaban.Kenkre@Sun.COM	 * don't need escaping -- if that should ever happen then
*8040SBaban.Kenkre@Sun.COM	 * libldap will need a spanking, and we can take care of that.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Explode a DN into RDNs */
*8040SBaban.Kenkre@Sun.COM	if ((rdns = ldap_explode_dn(dn, 0)) == NULL)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	labels = calloc(maxlabels + 1, sizeof (char *));
*8040SBaban.Kenkre@Sun.COM	label = labels;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	for (rdn = rdns; *rdn != NULL; rdn++) {
*8040SBaban.Kenkre@Sun.COM		if (attrs != NULL)
*8040SBaban.Kenkre@Sun.COM			ldap_value_free(attrs);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		/* Explode each RDN, look for DC attr, save val as DNS label */
*8040SBaban.Kenkre@Sun.COM		if ((attrs = ldap_explode_rdn(rdn[0], 0)) == NULL)
*8040SBaban.Kenkre@Sun.COM			goto done;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		for (attr = attrs; *attr != NULL; attr++) {
*8040SBaban.Kenkre@Sun.COM			if (strncasecmp(*attr, "dc=", 3) != 0)
*8040SBaban.Kenkre@Sun.COM				continue;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM			/* Found a DNS label */
*8040SBaban.Kenkre@Sun.COM			labels[nlabels++] = strdup((*attr) + 3);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM			if (nlabels == maxlabels) {
*8040SBaban.Kenkre@Sun.COM				char **tmp;
*8040SBaban.Kenkre@Sun.COM				tmp = realloc(labels,
*8040SBaban.Kenkre@Sun.COM				    sizeof (char *) * (maxlabels + 1));
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM				if (tmp == NULL)
*8040SBaban.Kenkre@Sun.COM					goto done;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM				labels = tmp;
*8040SBaban.Kenkre@Sun.COM				labels[nlabels] = NULL;
*8040SBaban.Kenkre@Sun.COM			}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM			/* There should be just one DC= attr per-RDN */
*8040SBaban.Kenkre@Sun.COM			break;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Got all the labels, now join with '.'
*8040SBaban.Kenkre@Sun.COM	 *
*8040SBaban.Kenkre@Sun.COM	 * We need room for nlabels - 1 periods ('.'), one nul
*8040SBaban.Kenkre@Sun.COM	 * terminator, and the strlen() of each label.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	dnslen = nlabels;
*8040SBaban.Kenkre@Sun.COM	for (label = labels; *label != NULL; label++)
*8040SBaban.Kenkre@Sun.COM		dnslen += strlen(*label);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if ((dns = malloc(dnslen)) == NULL)
*8040SBaban.Kenkre@Sun.COM		goto done;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	*dns = '\0';
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	for (label = labels; *label != NULL; label++) {
*8040SBaban.Kenkre@Sun.COM		(void) strlcat(dns, *label, dnslen);
*8040SBaban.Kenkre@Sun.COM		/*
*8040SBaban.Kenkre@Sun.COM		 * NOTE: the last '.' won't be appended -- there's no room
*8040SBaban.Kenkre@Sun.COM		 * for it!
*8040SBaban.Kenkre@Sun.COM		 */
*8040SBaban.Kenkre@Sun.COM		(void) strlcat(dns, ".", dnslen);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMdone:
*8040SBaban.Kenkre@Sun.COM	if (labels != NULL) {
*8040SBaban.Kenkre@Sun.COM		for (label = labels; *label != NULL; label++)
*8040SBaban.Kenkre@Sun.COM			free(*label);
*8040SBaban.Kenkre@Sun.COM		free(labels);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	if (attrs != NULL)
*8040SBaban.Kenkre@Sun.COM		ldap_value_free(attrs);
*8040SBaban.Kenkre@Sun.COM	if (rdns != NULL)
*8040SBaban.Kenkre@Sun.COM		ldap_value_free(rdns);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	return (dns);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Convert a binary SID in a BerValue to a adutils_sid_t
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMgetsid(BerValue *bval, adutils_sid_t *sidp)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int		i, j;
*8040SBaban.Kenkre@Sun.COM	uchar_t		*v;
*8040SBaban.Kenkre@Sun.COM	uint32_t	a;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * The binary format of a SID is as follows:
*8040SBaban.Kenkre@Sun.COM	 *
*8040SBaban.Kenkre@Sun.COM	 * byte #0: version, always 0x01
*8040SBaban.Kenkre@Sun.COM	 * byte #1: RID count, always <= 0x0f
*8040SBaban.Kenkre@Sun.COM	 * bytes #2-#7: SID authority, big-endian 48-bit unsigned int
*8040SBaban.Kenkre@Sun.COM	 *
*8040SBaban.Kenkre@Sun.COM	 * followed by RID count RIDs, each a little-endian, unsigned
*8040SBaban.Kenkre@Sun.COM	 * 32-bit int.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Sanity checks: must have at least one RID, version must be
*8040SBaban.Kenkre@Sun.COM	 * 0x01, and the length must be 8 + rid count * 4
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	if (bval->bv_len > 8 && bval->bv_val[0] == 0x01 &&
*8040SBaban.Kenkre@Sun.COM	    bval->bv_len == 1 + 1 + 6 + bval->bv_val[1] * 4) {
*8040SBaban.Kenkre@Sun.COM		v = (uchar_t *)bval->bv_val;
*8040SBaban.Kenkre@Sun.COM		sidp->version = v[0];
*8040SBaban.Kenkre@Sun.COM		sidp->sub_authority_count = v[1];
*8040SBaban.Kenkre@Sun.COM		sidp->authority =
*8040SBaban.Kenkre@Sun.COM		    /* big endian -- so start from the left */
*8040SBaban.Kenkre@Sun.COM		    ((u_longlong_t)v[2] << 40) |
*8040SBaban.Kenkre@Sun.COM		    ((u_longlong_t)v[3] << 32) |
*8040SBaban.Kenkre@Sun.COM		    ((u_longlong_t)v[4] << 24) |
*8040SBaban.Kenkre@Sun.COM		    ((u_longlong_t)v[5] << 16) |
*8040SBaban.Kenkre@Sun.COM		    ((u_longlong_t)v[6] << 8) |
*8040SBaban.Kenkre@Sun.COM		    (u_longlong_t)v[7];
*8040SBaban.Kenkre@Sun.COM		for (i = 0; i < sidp->sub_authority_count; i++) {
*8040SBaban.Kenkre@Sun.COM			j = 8 + (i * 4);
*8040SBaban.Kenkre@Sun.COM			/* little endian -- so start from the right */
*8040SBaban.Kenkre@Sun.COM			a = (v[j + 3] << 24) | (v[j + 2] << 16) |
*8040SBaban.Kenkre@Sun.COM			    (v[j + 1] << 8) | (v[j]);
*8040SBaban.Kenkre@Sun.COM			sidp->sub_authorities[i] = a;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		return (0);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	return (-1);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Convert a adutils_sid_t to S-1-...
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMchar *
*8040SBaban.Kenkre@Sun.COMsid2txt(adutils_sid_t *sidp)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int	rlen, i, len;
*8040SBaban.Kenkre@Sun.COM	char	*str, *cp;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (sidp->version != 1)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	len = sizeof ("S-1-") - 1;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * We could optimize like so, but, why?
*8040SBaban.Kenkre@Sun.COM	 *	if (sidp->authority < 10)
*8040SBaban.Kenkre@Sun.COM	 *		len += 2;
*8040SBaban.Kenkre@Sun.COM	 *	else if (sidp->authority < 100)
*8040SBaban.Kenkre@Sun.COM	 *		len += 3;
*8040SBaban.Kenkre@Sun.COM	 *	else
*8040SBaban.Kenkre@Sun.COM	 *		len += snprintf(NULL, 0"%llu", sidp->authority);
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	len += snprintf(NULL, 0, "%llu", sidp->authority);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Max length of a uint32_t printed out in ASCII is 10 bytes */
*8040SBaban.Kenkre@Sun.COM	len += 1 + (sidp->sub_authority_count + 1) * 10;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if ((cp = str = malloc(len)) == NULL)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	rlen = snprintf(str, len, "S-1-%llu", sidp->authority);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	cp += rlen;
*8040SBaban.Kenkre@Sun.COM	len -= rlen;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	for (i = 0; i < sidp->sub_authority_count; i++) {
*8040SBaban.Kenkre@Sun.COM		assert(len > 0);
*8040SBaban.Kenkre@Sun.COM		rlen = snprintf(cp, len, "-%u", sidp->sub_authorities[i]);
*8040SBaban.Kenkre@Sun.COM		cp += rlen;
*8040SBaban.Kenkre@Sun.COM		len -= rlen;
*8040SBaban.Kenkre@Sun.COM		assert(len >= 0);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	return (str);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Convert a adutils_sid_t to on-the-wire encoding
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMsid2binsid(adutils_sid_t *sid, uchar_t *binsid, int binsidlen)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	uchar_t		*p;
*8040SBaban.Kenkre@Sun.COM	int		i;
*8040SBaban.Kenkre@Sun.COM	uint64_t	a;
*8040SBaban.Kenkre@Sun.COM	uint32_t	r;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (sid->version != 1 ||
*8040SBaban.Kenkre@Sun.COM	    binsidlen != (1 + 1 + 6 + sid->sub_authority_count * 4))
*8040SBaban.Kenkre@Sun.COM		return (-1);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	p = binsid;
*8040SBaban.Kenkre@Sun.COM	*p++ = 0x01;		/* version */
*8040SBaban.Kenkre@Sun.COM	/* sub authority count */
*8040SBaban.Kenkre@Sun.COM	*p++ = sid->sub_authority_count;
*8040SBaban.Kenkre@Sun.COM	/* Authority */
*8040SBaban.Kenkre@Sun.COM	a = sid->authority;
*8040SBaban.Kenkre@Sun.COM	/* big-endian -- start from left */
*8040SBaban.Kenkre@Sun.COM	*p++ = (a >> 40) & 0xFF;
*8040SBaban.Kenkre@Sun.COM	*p++ = (a >> 32) & 0xFF;
*8040SBaban.Kenkre@Sun.COM	*p++ = (a >> 24) & 0xFF;
*8040SBaban.Kenkre@Sun.COM	*p++ = (a >> 16) & 0xFF;
*8040SBaban.Kenkre@Sun.COM	*p++ = (a >> 8) & 0xFF;
*8040SBaban.Kenkre@Sun.COM	*p++ = a & 0xFF;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* sub-authorities */
*8040SBaban.Kenkre@Sun.COM	for (i = 0; i < sid->sub_authority_count; i++) {
*8040SBaban.Kenkre@Sun.COM		r = sid->sub_authorities[i];
*8040SBaban.Kenkre@Sun.COM		/* little-endian -- start from right */
*8040SBaban.Kenkre@Sun.COM		*p++ = (r & 0x000000FF);
*8040SBaban.Kenkre@Sun.COM		*p++ = (r & 0x0000FF00) >> 8;
*8040SBaban.Kenkre@Sun.COM		*p++ = (r & 0x00FF0000) >> 16;
*8040SBaban.Kenkre@Sun.COM		*p++ = (r & 0xFF000000) >> 24;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	return (0);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Convert a stringified SID (S-1-...) into a hex-encoded version of the
*8040SBaban.Kenkre@Sun.COM * on-the-wire encoding, but with each pair of hex digits pre-pended
*8040SBaban.Kenkre@Sun.COM * with a '\', so we can pass this to libldap.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMadutils_txtsid2hexbinsid(const char *txt, const uint32_t *rid,
*8040SBaban.Kenkre@Sun.COM	char *hexbinsid, int hexbinsidlen)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_sid_t	sid = { 0 };
*8040SBaban.Kenkre@Sun.COM	int		i, j;
*8040SBaban.Kenkre@Sun.COM	const char	*cp;
*8040SBaban.Kenkre@Sun.COM	char		*ecp;
*8040SBaban.Kenkre@Sun.COM	u_longlong_t	a;
*8040SBaban.Kenkre@Sun.COM	unsigned long	r;
*8040SBaban.Kenkre@Sun.COM	uchar_t		*binsid, b, hb;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Only version 1 SIDs please */
*8040SBaban.Kenkre@Sun.COM	if (strncmp(txt, "S-1-", strlen("S-1-")) != 0)
*8040SBaban.Kenkre@Sun.COM		return (-1);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (strlen(txt) < (strlen("S-1-") + 1))
*8040SBaban.Kenkre@Sun.COM		return (-1);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* count '-'s */
*8040SBaban.Kenkre@Sun.COM	for (j = 0, cp = strchr(txt, '-');
*8040SBaban.Kenkre@Sun.COM	    cp != NULL && *cp != '\0';
*8040SBaban.Kenkre@Sun.COM	    j++, cp = strchr(cp + 1, '-')) {
*8040SBaban.Kenkre@Sun.COM		/* can't end on a '-' */
*8040SBaban.Kenkre@Sun.COM		if (*(cp + 1) == '\0')
*8040SBaban.Kenkre@Sun.COM			return (-1);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Adjust count for version and authority */
*8040SBaban.Kenkre@Sun.COM	j -= 2;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* we know the version number and RID count */
*8040SBaban.Kenkre@Sun.COM	sid.version = 1;
*8040SBaban.Kenkre@Sun.COM	sid.sub_authority_count = (rid != NULL) ? j + 1 : j;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* must have at least one RID, but not too many */
*8040SBaban.Kenkre@Sun.COM	if (sid.sub_authority_count < 1 ||
*8040SBaban.Kenkre@Sun.COM	    sid.sub_authority_count > ADUTILS_SID_MAX_SUB_AUTHORITIES)
*8040SBaban.Kenkre@Sun.COM		return (-1);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* check that we only have digits and '-' */
*8040SBaban.Kenkre@Sun.COM	if (strspn(txt + 1, "0123456789-") < (strlen(txt) - 1))
*8040SBaban.Kenkre@Sun.COM		return (-1);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	cp = txt + strlen("S-1-");
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* 64-bit safe parsing of unsigned 48-bit authority value */
*8040SBaban.Kenkre@Sun.COM	errno = 0;
*8040SBaban.Kenkre@Sun.COM	a = strtoull(cp, &ecp, 10);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* errors parsing the authority or too many bits */
*8040SBaban.Kenkre@Sun.COM	if (cp == ecp || (a == 0 && errno == EINVAL) ||
*8040SBaban.Kenkre@Sun.COM	    (a == ULLONG_MAX && errno == ERANGE) ||
*8040SBaban.Kenkre@Sun.COM	    (a & 0x0000ffffffffffffULL) != a)
*8040SBaban.Kenkre@Sun.COM		return (-1);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	cp = ecp;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	sid.authority = (uint64_t)a;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	for (i = 0; i < j; i++) {
*8040SBaban.Kenkre@Sun.COM		if (*cp++ != '-')
*8040SBaban.Kenkre@Sun.COM			return (-1);
*8040SBaban.Kenkre@Sun.COM		/* 64-bit safe parsing of unsigned 32-bit RID */
*8040SBaban.Kenkre@Sun.COM		errno = 0;
*8040SBaban.Kenkre@Sun.COM		r = strtoul(cp, &ecp, 10);
*8040SBaban.Kenkre@Sun.COM		/* errors parsing the RID or too many bits */
*8040SBaban.Kenkre@Sun.COM		if (cp == ecp || (r == 0 && errno == EINVAL) ||
*8040SBaban.Kenkre@Sun.COM		    (r == ULONG_MAX && errno == ERANGE) ||
*8040SBaban.Kenkre@Sun.COM		    (r & 0xffffffffUL) != r)
*8040SBaban.Kenkre@Sun.COM			return (-1);
*8040SBaban.Kenkre@Sun.COM		sid.sub_authorities[i] = (uint32_t)r;
*8040SBaban.Kenkre@Sun.COM		cp = ecp;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* check that all of the string SID has been consumed */
*8040SBaban.Kenkre@Sun.COM	if (*cp != '\0')
*8040SBaban.Kenkre@Sun.COM		return (-1);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (rid != NULL)
*8040SBaban.Kenkre@Sun.COM		sid.sub_authorities[j] = *rid;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	j = 1 + 1 + 6 + sid.sub_authority_count * 4;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (hexbinsidlen < (j * 3))
*8040SBaban.Kenkre@Sun.COM		return (-2);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* binary encode the SID */
*8040SBaban.Kenkre@Sun.COM	binsid = (uchar_t *)alloca(j);
*8040SBaban.Kenkre@Sun.COM	(void) sid2binsid(&sid, binsid, j);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* hex encode, with a backslash before each byte */
*8040SBaban.Kenkre@Sun.COM	for (ecp = hexbinsid, i = 0; i < j; i++) {
*8040SBaban.Kenkre@Sun.COM		b = binsid[i];
*8040SBaban.Kenkre@Sun.COM		*ecp++ = '\\';
*8040SBaban.Kenkre@Sun.COM		hb = (b >> 4) & 0xF;
*8040SBaban.Kenkre@Sun.COM		*ecp++ = (hb <= 0x9 ? hb + '0' : hb - 10 + 'A');
*8040SBaban.Kenkre@Sun.COM		hb = b & 0xF;
*8040SBaban.Kenkre@Sun.COM		*ecp++ = (hb <= 0x9 ? hb + '0' : hb - 10 + 'A');
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	*ecp = '\0';
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	return (0);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMchar *
*8040SBaban.Kenkre@Sun.COMconvert_bval2sid(BerValue *bval, uint32_t *rid)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_sid_t	sid;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (getsid(bval, &sid) < 0)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * If desired and if the SID is what should be a domain/computer
*8040SBaban.Kenkre@Sun.COM	 * user or group SID (i.e., S-1-5-w-x-y-z-<user/group RID>) then
*8040SBaban.Kenkre@Sun.COM	 * save the last RID and truncate the SID
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	if (rid != NULL && sid.authority == 5 && sid.sub_authority_count == 5)
*8040SBaban.Kenkre@Sun.COM		*rid = sid.sub_authorities[--sid.sub_authority_count];
*8040SBaban.Kenkre@Sun.COM	return (sid2txt(&sid));
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Return a NUL-terminated stringified SID from the value of an
*8040SBaban.Kenkre@Sun.COM * objectSid attribute and put the last RID in *rid.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMchar *
*8040SBaban.Kenkre@Sun.COMadutils_bv_objsid2sidstr(BerValue *bval, uint32_t *rid)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	char *sid;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (bval == NULL)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM	/* objectSid is single valued */
*8040SBaban.Kenkre@Sun.COM	if ((sid = convert_bval2sid(bval, rid)) == NULL)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM	return (sid);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMchar *
*8040SBaban.Kenkre@Sun.COMadutils_sid_ber2str(BerValue *bval)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	return (adutils_bv_objsid2sidstr(bval, NULL));
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/* Return a NUL-terminated string from the Ber value */
*8040SBaban.Kenkre@Sun.COMchar *
*8040SBaban.Kenkre@Sun.COMadutils_bv_name2str(BerValue *bval)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	char *s;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (bval == NULL || bval->bv_val == NULL)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM	if ((s = malloc(bval->bv_len + 1)) == NULL)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM	(void) snprintf(s, bval->bv_len + 1, "%.*s", bval->bv_len,
*8040SBaban.Kenkre@Sun.COM	    bval->bv_val);
*8040SBaban.Kenkre@Sun.COM	return (s);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*ARGSUSED*/
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMsaslcallback(LDAP *ld, unsigned flags, void *defaults, void *prompts)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	sasl_interact_t	*interact;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (prompts == NULL || flags != LDAP_SASL_INTERACTIVE)
*8040SBaban.Kenkre@Sun.COM		return (LDAP_PARAM_ERROR);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* There should be no extra arguemnts for SASL/GSSAPI authentication */
*8040SBaban.Kenkre@Sun.COM	for (interact = prompts; interact->id != SASL_CB_LIST_END;
*8040SBaban.Kenkre@Sun.COM	    interact++) {
*8040SBaban.Kenkre@Sun.COM		interact->result = NULL;
*8040SBaban.Kenkre@Sun.COM		interact->len = 0;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	return (LDAP_SUCCESS);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM#define	ADCONN_TIME	300
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Idle connection reaping side of connection management
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMadutils_reap_idle_connections()
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_host_t	*adh;
*8040SBaban.Kenkre@Sun.COM	time_t		now;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM	now = time(NULL);
*8040SBaban.Kenkre@Sun.COM	for (adh = host_head; adh != NULL; adh = adh->next) {
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_lock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM		if (adh->ref == 0 && adh->idletime != 0 &&
*8040SBaban.Kenkre@Sun.COM		    adh->idletime + ADCONN_TIME < now) {
*8040SBaban.Kenkre@Sun.COM			if (adh->ld) {
*8040SBaban.Kenkre@Sun.COM				(void) ldap_unbind(adh->ld);
*8040SBaban.Kenkre@Sun.COM				adh->ld = NULL;
*8040SBaban.Kenkre@Sun.COM				adh->idletime = 0;
*8040SBaban.Kenkre@Sun.COM				adh->ref = 0;
*8040SBaban.Kenkre@Sun.COM			}
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMadutils_rc
*8040SBaban.Kenkre@Sun.COMadutils_ad_alloc(adutils_ad_t **new_ad, const char *default_domain,
*8040SBaban.Kenkre@Sun.COM	adutils_ad_partition_t part)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_ad_t *ad;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	*new_ad = NULL;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if ((default_domain == NULL || *default_domain == '\0') &&
*8040SBaban.Kenkre@Sun.COM	    part != ADUTILS_AD_GLOBAL_CATALOG)
*8040SBaban.Kenkre@Sun.COM		return (ADUTILS_ERR_DOMAIN);
*8040SBaban.Kenkre@Sun.COM	if ((ad = calloc(1, sizeof (*ad))) == NULL)
*8040SBaban.Kenkre@Sun.COM		return (ADUTILS_ERR_MEMORY);
*8040SBaban.Kenkre@Sun.COM	ad->ref = 1;
*8040SBaban.Kenkre@Sun.COM	ad->partition = part;
*8040SBaban.Kenkre@Sun.COM	if (default_domain == NULL)
*8040SBaban.Kenkre@Sun.COM		default_domain = "";
*8040SBaban.Kenkre@Sun.COM	if ((ad->dflt_w2k_dom = strdup(default_domain)) == NULL)
*8040SBaban.Kenkre@Sun.COM		goto err;
*8040SBaban.Kenkre@Sun.COM	if (pthread_mutex_init(&ad->lock, NULL) != 0)
*8040SBaban.Kenkre@Sun.COM		goto err;
*8040SBaban.Kenkre@Sun.COM	*new_ad = ad;
*8040SBaban.Kenkre@Sun.COM	return (ADUTILS_SUCCESS);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMerr:
*8040SBaban.Kenkre@Sun.COM	if (ad->dflt_w2k_dom != NULL)
*8040SBaban.Kenkre@Sun.COM		free(ad->dflt_w2k_dom);
*8040SBaban.Kenkre@Sun.COM	free(ad);
*8040SBaban.Kenkre@Sun.COM	return (ADUTILS_ERR_MEMORY);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMadutils_ad_free(adutils_ad_t **ad)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_host_t *p;
*8040SBaban.Kenkre@Sun.COM	adutils_host_t *prev;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (ad == NULL || *ad == NULL)
*8040SBaban.Kenkre@Sun.COM		return;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&(*ad)->lock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (atomic_dec_32_nv(&(*ad)->ref) > 0) {
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&(*ad)->lock);
*8040SBaban.Kenkre@Sun.COM		*ad = NULL;
*8040SBaban.Kenkre@Sun.COM		return;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM	prev = NULL;
*8040SBaban.Kenkre@Sun.COM	p = host_head;
*8040SBaban.Kenkre@Sun.COM	while (p != NULL) {
*8040SBaban.Kenkre@Sun.COM		if (p->owner != (*ad)) {
*8040SBaban.Kenkre@Sun.COM			prev = p;
*8040SBaban.Kenkre@Sun.COM			p = p->next;
*8040SBaban.Kenkre@Sun.COM			continue;
*8040SBaban.Kenkre@Sun.COM		} else {
*8040SBaban.Kenkre@Sun.COM			delete_ds((*ad), p->host, p->port);
*8040SBaban.Kenkre@Sun.COM			if (prev == NULL)
*8040SBaban.Kenkre@Sun.COM				p = host_head;
*8040SBaban.Kenkre@Sun.COM			else
*8040SBaban.Kenkre@Sun.COM				p = prev->next;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&(*ad)->lock);
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_destroy(&(*ad)->lock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	free((*ad)->dflt_w2k_dom);
*8040SBaban.Kenkre@Sun.COM	free(*ad);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	*ad = NULL;
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMopen_conn(adutils_host_t *adh, int timeoutsecs)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int zero = 0;
*8040SBaban.Kenkre@Sun.COM	int ldversion, rc;
*8040SBaban.Kenkre@Sun.COM	int timeoutms = timeoutsecs * 1000;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (adh == NULL)
*8040SBaban.Kenkre@Sun.COM		return (0);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (!adh->dead && adh->ld != NULL)
*8040SBaban.Kenkre@Sun.COM		/* done! */
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (adh->ld != NULL) {
*8040SBaban.Kenkre@Sun.COM		(void) ldap_unbind(adh->ld);
*8040SBaban.Kenkre@Sun.COM		adh->ld = NULL;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	adh->num_requests = 0;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	atomic_inc_64(&adh->generation);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Open and bind an LDAP connection */
*8040SBaban.Kenkre@Sun.COM	adh->ld = ldap_init(adh->host, adh->port);
*8040SBaban.Kenkre@Sun.COM	if (adh->ld == NULL) {
*8040SBaban.Kenkre@Sun.COM		idmapdlog(LOG_INFO, "ldap_init() to server "
*8040SBaban.Kenkre@Sun.COM		    "%s port %d failed. (%s)", adh->host,
*8040SBaban.Kenkre@Sun.COM		    adh->port, strerror(errno));
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	ldversion = LDAP_VERSION3;
*8040SBaban.Kenkre@Sun.COM	(void) ldap_set_option(adh->ld, LDAP_OPT_PROTOCOL_VERSION, &ldversion);
*8040SBaban.Kenkre@Sun.COM	(void) ldap_set_option(adh->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
*8040SBaban.Kenkre@Sun.COM	(void) ldap_set_option(adh->ld, LDAP_OPT_TIMELIMIT, &zero);
*8040SBaban.Kenkre@Sun.COM	(void) ldap_set_option(adh->ld, LDAP_OPT_SIZELIMIT, &zero);
*8040SBaban.Kenkre@Sun.COM	(void) ldap_set_option(adh->ld, LDAP_X_OPT_CONNECT_TIMEOUT, &timeoutms);
*8040SBaban.Kenkre@Sun.COM	(void) ldap_set_option(adh->ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
*8040SBaban.Kenkre@Sun.COM	rc = ldap_sasl_interactive_bind_s(adh->ld, "" /* binddn */,
*8040SBaban.Kenkre@Sun.COM	    adh->saslmech, NULL, NULL, adh->saslflags, &saslcallback,
*8040SBaban.Kenkre@Sun.COM	    NULL);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (rc != LDAP_SUCCESS) {
*8040SBaban.Kenkre@Sun.COM		(void) ldap_unbind(adh->ld);
*8040SBaban.Kenkre@Sun.COM		adh->ld = NULL;
*8040SBaban.Kenkre@Sun.COM		idmapdlog(LOG_INFO, "ldap_sasl_interactive_bind_s() to server "
*8040SBaban.Kenkre@Sun.COM		    "%s port %d failed. (%s)", adh->host, adh->port,
*8040SBaban.Kenkre@Sun.COM		    ldap_err2string(rc));
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	idmapdlog(LOG_DEBUG, "Using global catalog server %s:%d",
*8040SBaban.Kenkre@Sun.COM	    adh->host, adh->port);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMout:
*8040SBaban.Kenkre@Sun.COM	if (adh->ld != NULL) {
*8040SBaban.Kenkre@Sun.COM		atomic_inc_32(&adh->ref);
*8040SBaban.Kenkre@Sun.COM		adh->idletime = time(NULL);
*8040SBaban.Kenkre@Sun.COM		adh->dead = 0;
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM		return (1);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM	return (0);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Connection management: find an open connection or open one
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMadutils_host_t *
*8040SBaban.Kenkre@Sun.COMget_conn(adutils_ad_t *ad)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_host_t	*adh = NULL;
*8040SBaban.Kenkre@Sun.COM	int		tries;
*8040SBaban.Kenkre@Sun.COM	int		dscount = 0;
*8040SBaban.Kenkre@Sun.COM	int		timeoutsecs = ADUTILS_LDAP_OPEN_TIMEOUT;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMretry:
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (host_head == NULL) {
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (dscount == 0) {
*8040SBaban.Kenkre@Sun.COM		/*
*8040SBaban.Kenkre@Sun.COM		 * First try: count the number of DSes.
*8040SBaban.Kenkre@Sun.COM		 *
*8040SBaban.Kenkre@Sun.COM		 * Integer overflow is not an issue -- we can't have so many
*8040SBaban.Kenkre@Sun.COM		 * DSes because they won't fit even DNS over TCP, and SMF
*8040SBaban.Kenkre@Sun.COM		 * shouldn't let you set so many.
*8040SBaban.Kenkre@Sun.COM		 */
*8040SBaban.Kenkre@Sun.COM		for (adh = host_head, tries = 0; adh != NULL; adh = adh->next) {
*8040SBaban.Kenkre@Sun.COM			if (adh->owner == ad)
*8040SBaban.Kenkre@Sun.COM				dscount++;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		if (dscount == 0) {
*8040SBaban.Kenkre@Sun.COM			(void) pthread_mutex_unlock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM			goto out;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		tries = dscount * 3;	/* three tries per-ds */
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		/*
*8040SBaban.Kenkre@Sun.COM		 * Begin round-robin at the next DS in the list after the last
*8040SBaban.Kenkre@Sun.COM		 * one that we had a connection to, else start with the first
*8040SBaban.Kenkre@Sun.COM		 * DS in the list.
*8040SBaban.Kenkre@Sun.COM		 */
*8040SBaban.Kenkre@Sun.COM		adh = ad->last_adh;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Round-robin -- pick the next one on the list; if the list
*8040SBaban.Kenkre@Sun.COM	 * changes on us, no big deal, we'll just potentially go
*8040SBaban.Kenkre@Sun.COM	 * around the wrong number of times.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	for (;;) {
*8040SBaban.Kenkre@Sun.COM		if (adh != NULL && adh->ld != NULL && !adh->dead)
*8040SBaban.Kenkre@Sun.COM			break;
*8040SBaban.Kenkre@Sun.COM		if (adh == NULL || (adh = adh->next) == NULL)
*8040SBaban.Kenkre@Sun.COM			adh = host_head;
*8040SBaban.Kenkre@Sun.COM		if (adh->owner == ad)
*8040SBaban.Kenkre@Sun.COM			break;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	ad->last_adh = adh;
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Found suitable DS, open it if not already opened */
*8040SBaban.Kenkre@Sun.COM	if (open_conn(adh, timeoutsecs))
*8040SBaban.Kenkre@Sun.COM		return (adh);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	tries--;
*8040SBaban.Kenkre@Sun.COM	if ((tries % dscount) == 0)
*8040SBaban.Kenkre@Sun.COM		timeoutsecs *= 2;
*8040SBaban.Kenkre@Sun.COM	if (tries > 0)
*8040SBaban.Kenkre@Sun.COM		goto retry;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMout:
*8040SBaban.Kenkre@Sun.COM	idmapdlog(LOG_NOTICE, "Couldn't open an LDAP connection to any global "
*8040SBaban.Kenkre@Sun.COM	    "catalog server!");
*8040SBaban.Kenkre@Sun.COM	return (NULL);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMrelease_conn(adutils_host_t *adh)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int delete = 0;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM	if (atomic_dec_32_nv(&adh->ref) == 0) {
*8040SBaban.Kenkre@Sun.COM		if (adh->owner == NULL)
*8040SBaban.Kenkre@Sun.COM			delete = 1;
*8040SBaban.Kenkre@Sun.COM		adh->idletime = time(NULL);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Free this host if its owner no longer exists. */
*8040SBaban.Kenkre@Sun.COM	if (delete) {
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_lock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM		delete_ds(NULL, adh->host, adh->port);
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Create a adutils_host_t, populate it and add it to the list of hosts.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMadutils_rc
*8040SBaban.Kenkre@Sun.COMadutils_add_ds(adutils_ad_t *ad, const char *host, int port)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_host_t	*p;
*8040SBaban.Kenkre@Sun.COM	adutils_host_t	*new = NULL;
*8040SBaban.Kenkre@Sun.COM	int		ret;
*8040SBaban.Kenkre@Sun.COM	adutils_rc	rc;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM	for (p = host_head; p != NULL; p = p->next) {
*8040SBaban.Kenkre@Sun.COM		if (p->owner != ad)
*8040SBaban.Kenkre@Sun.COM			continue;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		if (strcmp(host, p->host) == 0 && p->port == port) {
*8040SBaban.Kenkre@Sun.COM			/* already added */
*8040SBaban.Kenkre@Sun.COM			rc = ADUTILS_SUCCESS;
*8040SBaban.Kenkre@Sun.COM			goto err;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	rc = ADUTILS_ERR_MEMORY;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* add new entry */
*8040SBaban.Kenkre@Sun.COM	new = (adutils_host_t *)calloc(1, sizeof (*new));
*8040SBaban.Kenkre@Sun.COM	if (new == NULL)
*8040SBaban.Kenkre@Sun.COM		goto err;
*8040SBaban.Kenkre@Sun.COM	new->owner = ad;
*8040SBaban.Kenkre@Sun.COM	new->port = port;
*8040SBaban.Kenkre@Sun.COM	new->dead = 0;
*8040SBaban.Kenkre@Sun.COM	new->max_requests = 80;
*8040SBaban.Kenkre@Sun.COM	new->num_requests = 0;
*8040SBaban.Kenkre@Sun.COM	if ((new->host = strdup(host)) == NULL)
*8040SBaban.Kenkre@Sun.COM		goto err;
*8040SBaban.Kenkre@Sun.COM	new->saslflags = LDAP_SASL_INTERACTIVE;
*8040SBaban.Kenkre@Sun.COM	new->saslmech = "GSSAPI";
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if ((ret = pthread_mutex_init(&new->lock, NULL)) != 0) {
*8040SBaban.Kenkre@Sun.COM		free(new->host);
*8040SBaban.Kenkre@Sun.COM		new->host = NULL;
*8040SBaban.Kenkre@Sun.COM		errno = ret;
*8040SBaban.Kenkre@Sun.COM		rc = ADUTILS_ERR_INTERNAL;
*8040SBaban.Kenkre@Sun.COM		goto err;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* link in */
*8040SBaban.Kenkre@Sun.COM	rc = ADUTILS_SUCCESS;
*8040SBaban.Kenkre@Sun.COM	new->next = host_head;
*8040SBaban.Kenkre@Sun.COM	host_head = new;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMerr:
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&adhostlock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (rc != 0 && new != NULL) {
*8040SBaban.Kenkre@Sun.COM		if (new->host != NULL) {
*8040SBaban.Kenkre@Sun.COM			(void) pthread_mutex_destroy(&new->lock);
*8040SBaban.Kenkre@Sun.COM			free(new->host);
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		free(new);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	return (rc);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Free a DS configuration.
*8040SBaban.Kenkre@Sun.COM * Caller must lock the adhostlock mutex
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMdelete_ds(adutils_ad_t *ad, const char *host, int port)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_host_t	**p, *q;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	for (p = &host_head; *p != NULL; p = &((*p)->next)) {
*8040SBaban.Kenkre@Sun.COM		if ((*p)->owner != ad || strcmp(host, (*p)->host) != 0 ||
*8040SBaban.Kenkre@Sun.COM		    (*p)->port != port)
*8040SBaban.Kenkre@Sun.COM			continue;
*8040SBaban.Kenkre@Sun.COM		/* found */
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_lock(&((*p)->lock));
*8040SBaban.Kenkre@Sun.COM		if ((*p)->ref > 0) {
*8040SBaban.Kenkre@Sun.COM			/*
*8040SBaban.Kenkre@Sun.COM			 * Still in use. Set its owner to NULL so
*8040SBaban.Kenkre@Sun.COM			 * that it can be freed when its ref count
*8040SBaban.Kenkre@Sun.COM			 * becomes 0.
*8040SBaban.Kenkre@Sun.COM			 */
*8040SBaban.Kenkre@Sun.COM			(*p)->owner = NULL;
*8040SBaban.Kenkre@Sun.COM			(void) pthread_mutex_unlock(&((*p)->lock));
*8040SBaban.Kenkre@Sun.COM			break;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&((*p)->lock));
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		q = *p;
*8040SBaban.Kenkre@Sun.COM		*p = (*p)->next;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_destroy(&q->lock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		if (q->ld)
*8040SBaban.Kenkre@Sun.COM			(void) ldap_unbind(q->ld);
*8040SBaban.Kenkre@Sun.COM		if (q->host)
*8040SBaban.Kenkre@Sun.COM			free(q->host);
*8040SBaban.Kenkre@Sun.COM		free(q);
*8040SBaban.Kenkre@Sun.COM		break;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMadutils_rc
*8040SBaban.Kenkre@Sun.COMadutils_lookup_batch_start(adutils_ad_t *ad, int nqueries,
*8040SBaban.Kenkre@Sun.COM	adutils_ldap_res_search_cb ldap_res_search_cb,
*8040SBaban.Kenkre@Sun.COM	void *ldap_res_search_argp,
*8040SBaban.Kenkre@Sun.COM	adutils_query_state_t **state)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_query_state_t	*new_state;
*8040SBaban.Kenkre@Sun.COM	adutils_host_t		*adh = NULL;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (ad == NULL)
*8040SBaban.Kenkre@Sun.COM		return (ADUTILS_ERR_INTERNAL);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	*state = NULL;
*8040SBaban.Kenkre@Sun.COM	adh = get_conn(ad);
*8040SBaban.Kenkre@Sun.COM	if (adh == NULL)
*8040SBaban.Kenkre@Sun.COM		return (ADUTILS_ERR_RETRIABLE_NET_ERR);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	new_state = calloc(1, sizeof (adutils_query_state_t) +
*8040SBaban.Kenkre@Sun.COM	    (nqueries - 1) * sizeof (adutils_q_t));
*8040SBaban.Kenkre@Sun.COM	if (new_state == NULL)
*8040SBaban.Kenkre@Sun.COM		return (ADUTILS_ERR_MEMORY);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Save default domain from the ad object so that we don't
*8040SBaban.Kenkre@Sun.COM	 * have to access the 'ad' object later.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	new_state->default_domain = strdup(adh->owner->dflt_w2k_dom);
*8040SBaban.Kenkre@Sun.COM	if (new_state->default_domain == NULL) {
*8040SBaban.Kenkre@Sun.COM		free(new_state);
*8040SBaban.Kenkre@Sun.COM		return (ADUTILS_ERR_MEMORY);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (ad->partition == ADUTILS_AD_DATA)
*8040SBaban.Kenkre@Sun.COM		new_state->basedn = adutils_dns2dn(new_state->default_domain);
*8040SBaban.Kenkre@Sun.COM	else
*8040SBaban.Kenkre@Sun.COM		new_state->basedn = strdup("");
*8040SBaban.Kenkre@Sun.COM	if (new_state->basedn == NULL) {
*8040SBaban.Kenkre@Sun.COM		free(new_state->default_domain);
*8040SBaban.Kenkre@Sun.COM		free(new_state);
*8040SBaban.Kenkre@Sun.COM		return (ADUTILS_ERR_MEMORY);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	new_state->ref_cnt = 1;
*8040SBaban.Kenkre@Sun.COM	new_state->qadh = adh;
*8040SBaban.Kenkre@Sun.COM	new_state->qcount = nqueries;
*8040SBaban.Kenkre@Sun.COM	new_state->qadh_gen = adh->generation;
*8040SBaban.Kenkre@Sun.COM	new_state->qlastsent = 0;
*8040SBaban.Kenkre@Sun.COM	new_state->ldap_res_search_cb = ldap_res_search_cb;
*8040SBaban.Kenkre@Sun.COM	new_state->ldap_res_search_argp = ldap_res_search_argp;
*8040SBaban.Kenkre@Sun.COM	(void) pthread_cond_init(&new_state->cv, NULL);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	new_state->next = qstatehead;
*8040SBaban.Kenkre@Sun.COM	qstatehead = new_state;
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	*state = new_state;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	return (ADUTILS_SUCCESS);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Find the adutils_query_state_t to which a given LDAP result msgid on a
*8040SBaban.Kenkre@Sun.COM * given connection belongs. This routine increaments the reference count
*8040SBaban.Kenkre@Sun.COM * so that the object can not be freed. adutils_lookup_batch_unlock()
*8040SBaban.Kenkre@Sun.COM * must be called to decreament the reference count.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMmsgid2query(adutils_host_t *adh, int msgid,
*8040SBaban.Kenkre@Sun.COM	adutils_query_state_t **state, int *qid)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_query_state_t	*p;
*8040SBaban.Kenkre@Sun.COM	int			i;
*8040SBaban.Kenkre@Sun.COM	int			ret;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	for (p = qstatehead; p != NULL; p = p->next) {
*8040SBaban.Kenkre@Sun.COM		if (p->qadh != adh || adh->generation != p->qadh_gen)
*8040SBaban.Kenkre@Sun.COM			continue;
*8040SBaban.Kenkre@Sun.COM		for (i = 0; i < p->qcount; i++) {
*8040SBaban.Kenkre@Sun.COM			if ((p->queries[i]).msgid == msgid) {
*8040SBaban.Kenkre@Sun.COM				if (!p->qdead) {
*8040SBaban.Kenkre@Sun.COM					p->ref_cnt++;
*8040SBaban.Kenkre@Sun.COM					*state = p;
*8040SBaban.Kenkre@Sun.COM					*qid = i;
*8040SBaban.Kenkre@Sun.COM					ret = 1;
*8040SBaban.Kenkre@Sun.COM				} else
*8040SBaban.Kenkre@Sun.COM					ret = 0;
*8040SBaban.Kenkre@Sun.COM				(void) pthread_mutex_unlock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM				return (ret);
*8040SBaban.Kenkre@Sun.COM			}
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	return (0);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMcheck_for_binary_attrs(const char *attr)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int i;
*8040SBaban.Kenkre@Sun.COM	for (i = 0; binattrs[i].name != NULL; i++) {
*8040SBaban.Kenkre@Sun.COM		if (strcasecmp(binattrs[i].name, attr) == 0)
*8040SBaban.Kenkre@Sun.COM			return (i);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	return (-1);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMfree_entry(adutils_entry_t *entry)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int		i, j;
*8040SBaban.Kenkre@Sun.COM	adutils_attr_t	*ap;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (entry == NULL)
*8040SBaban.Kenkre@Sun.COM		return;
*8040SBaban.Kenkre@Sun.COM	if (entry->attr_nvpairs == NULL) {
*8040SBaban.Kenkre@Sun.COM		free(entry);
*8040SBaban.Kenkre@Sun.COM		return;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	for (i = 0; i < entry->num_nvpairs; i++) {
*8040SBaban.Kenkre@Sun.COM		ap = &entry->attr_nvpairs[i];
*8040SBaban.Kenkre@Sun.COM		if (ap->attr_name == NULL) {
*8040SBaban.Kenkre@Sun.COM			ldap_value_free(ap->attr_values);
*8040SBaban.Kenkre@Sun.COM			continue;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		if (check_for_binary_attrs(ap->attr_name) >= 0) {
*8040SBaban.Kenkre@Sun.COM			free(ap->attr_name);
*8040SBaban.Kenkre@Sun.COM			if (ap->attr_values == NULL)
*8040SBaban.Kenkre@Sun.COM				continue;
*8040SBaban.Kenkre@Sun.COM			for (j = 0; j < ap->num_values; j++)
*8040SBaban.Kenkre@Sun.COM				free(ap->attr_values[j]);
*8040SBaban.Kenkre@Sun.COM			free(ap->attr_values);
*8040SBaban.Kenkre@Sun.COM		} else if (strcasecmp(ap->attr_name, "dn") == 0) {
*8040SBaban.Kenkre@Sun.COM			free(ap->attr_name);
*8040SBaban.Kenkre@Sun.COM			ldap_memfree(ap->attr_values[0]);
*8040SBaban.Kenkre@Sun.COM			free(ap->attr_values);
*8040SBaban.Kenkre@Sun.COM		} else {
*8040SBaban.Kenkre@Sun.COM			free(ap->attr_name);
*8040SBaban.Kenkre@Sun.COM			ldap_value_free(ap->attr_values);
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	free(entry->attr_nvpairs);
*8040SBaban.Kenkre@Sun.COM	free(entry);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMadutils_freeresult(adutils_result_t **result)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_entry_t	*e, *next;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (result == NULL || *result == NULL)
*8040SBaban.Kenkre@Sun.COM		return;
*8040SBaban.Kenkre@Sun.COM	if ((*result)->entries == NULL) {
*8040SBaban.Kenkre@Sun.COM		free(*result);
*8040SBaban.Kenkre@Sun.COM		*result = NULL;
*8040SBaban.Kenkre@Sun.COM		return;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	for (e = (*result)->entries; e != NULL; e = next) {
*8040SBaban.Kenkre@Sun.COM		next = e->next;
*8040SBaban.Kenkre@Sun.COM		free_entry(e);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	free(*result);
*8040SBaban.Kenkre@Sun.COM	*result = NULL;
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMconst adutils_entry_t *
*8040SBaban.Kenkre@Sun.COMadutils_getfirstentry(adutils_result_t *result)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	if (result != NULL)
*8040SBaban.Kenkre@Sun.COM		return (result->entries);
*8040SBaban.Kenkre@Sun.COM	return (NULL);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMchar **
*8040SBaban.Kenkre@Sun.COMadutils_getattr(const adutils_entry_t *entry, const char *attrname)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int		i;
*8040SBaban.Kenkre@Sun.COM	adutils_attr_t	*ap;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (entry == NULL || entry->attr_nvpairs == NULL)
*8040SBaban.Kenkre@Sun.COM		return (NULL);
*8040SBaban.Kenkre@Sun.COM	for (i = 0; i < entry->num_nvpairs; i++) {
*8040SBaban.Kenkre@Sun.COM		ap = &entry->attr_nvpairs[i];
*8040SBaban.Kenkre@Sun.COM		if (ap->attr_name != NULL &&
*8040SBaban.Kenkre@Sun.COM		    strcasecmp(ap->attr_name, attrname) == 0)
*8040SBaban.Kenkre@Sun.COM			return (ap->attr_values);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	return (NULL);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Queue LDAP result for the given query.
*8040SBaban.Kenkre@Sun.COM *
*8040SBaban.Kenkre@Sun.COM * Return values:
*8040SBaban.Kenkre@Sun.COM *  0 success
*8040SBaban.Kenkre@Sun.COM * -1 ignore result
*8040SBaban.Kenkre@Sun.COM * -2 error
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMmake_entry(adutils_q_t *q, adutils_host_t *adh, LDAPMessage *search_res,
*8040SBaban.Kenkre@Sun.COM	adutils_entry_t **entry)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	BerElement	*ber = NULL;
*8040SBaban.Kenkre@Sun.COM	BerValue	**bvalues = NULL;
*8040SBaban.Kenkre@Sun.COM	char		**strvalues;
*8040SBaban.Kenkre@Sun.COM	char		*attr = NULL, *dn = NULL, *domain = NULL;
*8040SBaban.Kenkre@Sun.COM	adutils_entry_t	*ep;
*8040SBaban.Kenkre@Sun.COM	adutils_attr_t	*ap;
*8040SBaban.Kenkre@Sun.COM	int		i, j, b, err = 0, ret = -2;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	*entry = NULL;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Check that this is the domain that we were looking for */
*8040SBaban.Kenkre@Sun.COM	if ((dn = ldap_get_dn(adh->ld, search_res)) == NULL)
*8040SBaban.Kenkre@Sun.COM		return (-2);
*8040SBaban.Kenkre@Sun.COM	if ((domain = adutils_dn2dns(dn)) == NULL) {
*8040SBaban.Kenkre@Sun.COM		ldap_memfree(dn);
*8040SBaban.Kenkre@Sun.COM		return (-2);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	if (q->edomain != NULL) {
*8040SBaban.Kenkre@Sun.COM		if (u8_strcmp(q->edomain, domain, 0, U8_STRCMP_CI_LOWER,
*8040SBaban.Kenkre@Sun.COM		    U8_UNICODE_LATEST, &err) != 0 || err != 0) {
*8040SBaban.Kenkre@Sun.COM			ldap_memfree(dn);
*8040SBaban.Kenkre@Sun.COM			free(domain);
*8040SBaban.Kenkre@Sun.COM			return (-1);
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	free(domain);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Allocate memory for the entry */
*8040SBaban.Kenkre@Sun.COM	if ((ep = calloc(1, sizeof (*ep))) == NULL)
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* For 'dn' */
*8040SBaban.Kenkre@Sun.COM	ep->num_nvpairs = 1;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Count the number of name-value pairs for this entry */
*8040SBaban.Kenkre@Sun.COM	for (attr = ldap_first_attribute(adh->ld, search_res, &ber);
*8040SBaban.Kenkre@Sun.COM	    attr != NULL;
*8040SBaban.Kenkre@Sun.COM	    attr = ldap_next_attribute(adh->ld, search_res, ber)) {
*8040SBaban.Kenkre@Sun.COM		ep->num_nvpairs++;
*8040SBaban.Kenkre@Sun.COM		ldap_memfree(attr);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	ber_free(ber, 0);
*8040SBaban.Kenkre@Sun.COM	ber = NULL;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Allocate array for the attribute name-value pairs */
*8040SBaban.Kenkre@Sun.COM	ep->attr_nvpairs = calloc(ep->num_nvpairs, sizeof (*ep->attr_nvpairs));
*8040SBaban.Kenkre@Sun.COM	if (ep->attr_nvpairs == NULL) {
*8040SBaban.Kenkre@Sun.COM		ep->num_nvpairs = 0;
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* For dn */
*8040SBaban.Kenkre@Sun.COM	ap = &ep->attr_nvpairs[0];
*8040SBaban.Kenkre@Sun.COM	if ((ap->attr_name = strdup("dn")) == NULL)
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM	ap->num_values = 1;
*8040SBaban.Kenkre@Sun.COM	ap->attr_values = calloc(ap->num_values, sizeof (*ap->attr_values));
*8040SBaban.Kenkre@Sun.COM	if (ap->attr_values == NULL) {
*8040SBaban.Kenkre@Sun.COM		ap->num_values = 0;
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	ap->attr_values[0] = dn;
*8040SBaban.Kenkre@Sun.COM	dn = NULL;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	for (attr = ldap_first_attribute(adh->ld, search_res, &ber), i = 1;
*8040SBaban.Kenkre@Sun.COM	    attr != NULL;
*8040SBaban.Kenkre@Sun.COM	    ldap_memfree(attr), i++,
*8040SBaban.Kenkre@Sun.COM	    attr = ldap_next_attribute(adh->ld, search_res, ber)) {
*8040SBaban.Kenkre@Sun.COM		ap = &ep->attr_nvpairs[i];
*8040SBaban.Kenkre@Sun.COM		if ((ap->attr_name = strdup(attr)) == NULL)
*8040SBaban.Kenkre@Sun.COM			goto out;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		if ((b = check_for_binary_attrs(attr)) >= 0) {
*8040SBaban.Kenkre@Sun.COM			bvalues =
*8040SBaban.Kenkre@Sun.COM			    ldap_get_values_len(adh->ld, search_res, attr);
*8040SBaban.Kenkre@Sun.COM			if (bvalues == NULL)
*8040SBaban.Kenkre@Sun.COM				continue;
*8040SBaban.Kenkre@Sun.COM			ap->num_values = ldap_count_values_len(bvalues);
*8040SBaban.Kenkre@Sun.COM			if (ap->num_values == 0) {
*8040SBaban.Kenkre@Sun.COM				ldap_value_free_len(bvalues);
*8040SBaban.Kenkre@Sun.COM				bvalues = NULL;
*8040SBaban.Kenkre@Sun.COM				continue;
*8040SBaban.Kenkre@Sun.COM			}
*8040SBaban.Kenkre@Sun.COM			ap->attr_values = calloc(ap->num_values,
*8040SBaban.Kenkre@Sun.COM			    sizeof (*ap->attr_values));
*8040SBaban.Kenkre@Sun.COM			if (ap->attr_values == NULL) {
*8040SBaban.Kenkre@Sun.COM				ap->num_values = 0;
*8040SBaban.Kenkre@Sun.COM				goto out;
*8040SBaban.Kenkre@Sun.COM			}
*8040SBaban.Kenkre@Sun.COM			for (j = 0; j < ap->num_values; j++) {
*8040SBaban.Kenkre@Sun.COM				ap->attr_values[j] =
*8040SBaban.Kenkre@Sun.COM				    binattrs[b].ber2str(bvalues[j]);
*8040SBaban.Kenkre@Sun.COM				if (ap->attr_values[j] == NULL)
*8040SBaban.Kenkre@Sun.COM					goto out;
*8040SBaban.Kenkre@Sun.COM			}
*8040SBaban.Kenkre@Sun.COM			ldap_value_free_len(bvalues);
*8040SBaban.Kenkre@Sun.COM			bvalues = NULL;
*8040SBaban.Kenkre@Sun.COM			continue;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		strvalues = ldap_get_values(adh->ld, search_res, attr);
*8040SBaban.Kenkre@Sun.COM		if (strvalues == NULL)
*8040SBaban.Kenkre@Sun.COM			continue;
*8040SBaban.Kenkre@Sun.COM		ap->num_values = ldap_count_values(strvalues);
*8040SBaban.Kenkre@Sun.COM		if (ap->num_values == 0) {
*8040SBaban.Kenkre@Sun.COM			ldap_value_free(strvalues);
*8040SBaban.Kenkre@Sun.COM			continue;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		ap->attr_values = strvalues;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	ret = 0;
*8040SBaban.Kenkre@Sun.COMout:
*8040SBaban.Kenkre@Sun.COM	ldap_memfree(attr);
*8040SBaban.Kenkre@Sun.COM	ldap_memfree(dn);
*8040SBaban.Kenkre@Sun.COM	ber_free(ber, 0);
*8040SBaban.Kenkre@Sun.COM	ldap_value_free_len(bvalues);
*8040SBaban.Kenkre@Sun.COM	if (ret < 0)
*8040SBaban.Kenkre@Sun.COM		free_entry(ep);
*8040SBaban.Kenkre@Sun.COM	else
*8040SBaban.Kenkre@Sun.COM		*entry = ep;
*8040SBaban.Kenkre@Sun.COM	return (ret);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Put the search result onto the given adutils_q_t.
*8040SBaban.Kenkre@Sun.COM * Returns:	  0 success
*8040SBaban.Kenkre@Sun.COM *		< 0 error
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMadd_entry(adutils_host_t *adh, adutils_q_t *q, LDAPMessage *search_res)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int			ret = -1;
*8040SBaban.Kenkre@Sun.COM	adutils_entry_t		*entry = NULL;
*8040SBaban.Kenkre@Sun.COM	adutils_result_t	*res;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	ret = make_entry(q, adh, search_res, &entry);
*8040SBaban.Kenkre@Sun.COM	if (ret < -1) {
*8040SBaban.Kenkre@Sun.COM		*q->rc = ADUTILS_ERR_MEMORY;
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM	} else if (ret == -1) {
*8040SBaban.Kenkre@Sun.COM		/* ignore result */
*8040SBaban.Kenkre@Sun.COM		goto out;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	if (*q->result == NULL) {
*8040SBaban.Kenkre@Sun.COM		res = calloc(1, sizeof (*res));
*8040SBaban.Kenkre@Sun.COM		if (res == NULL) {
*8040SBaban.Kenkre@Sun.COM			*q->rc = ADUTILS_ERR_MEMORY;
*8040SBaban.Kenkre@Sun.COM			goto out;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		res->num_entries = 1;
*8040SBaban.Kenkre@Sun.COM		res->entries = entry;
*8040SBaban.Kenkre@Sun.COM		*q->result = res;
*8040SBaban.Kenkre@Sun.COM	} else {
*8040SBaban.Kenkre@Sun.COM		res = *q->result;
*8040SBaban.Kenkre@Sun.COM		entry->next = res->entries;
*8040SBaban.Kenkre@Sun.COM		res->entries = entry;
*8040SBaban.Kenkre@Sun.COM		res->num_entries++;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	*q->rc = ADUTILS_SUCCESS;
*8040SBaban.Kenkre@Sun.COM	entry = NULL;
*8040SBaban.Kenkre@Sun.COM	ret = 0;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMout:
*8040SBaban.Kenkre@Sun.COM	free_entry(entry);
*8040SBaban.Kenkre@Sun.COM	return (ret);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Try to get a result; if there is one, find the corresponding
*8040SBaban.Kenkre@Sun.COM * adutils_q_t and process the result.
*8040SBaban.Kenkre@Sun.COM *
*8040SBaban.Kenkre@Sun.COM * Returns:	0 success
*8040SBaban.Kenkre@Sun.COM *		-1 error
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMint
*8040SBaban.Kenkre@Sun.COMget_adobject_batch(adutils_host_t *adh, struct timeval *timeout)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_query_state_t	*query_state;
*8040SBaban.Kenkre@Sun.COM	LDAPMessage		*res = NULL;
*8040SBaban.Kenkre@Sun.COM	int			rc, ret, msgid, qid;
*8040SBaban.Kenkre@Sun.COM	adutils_q_t		*que;
*8040SBaban.Kenkre@Sun.COM	int			num;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM	if (adh->dead || adh->num_requests == 0) {
*8040SBaban.Kenkre@Sun.COM		ret = (adh->dead) ? -1 : -2;
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM		return (ret);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Get one result */
*8040SBaban.Kenkre@Sun.COM	rc = ldap_result(adh->ld, LDAP_RES_ANY, 0, timeout, &res);
*8040SBaban.Kenkre@Sun.COM	if ((timeout != NULL && timeout->tv_sec > 0 && rc == LDAP_SUCCESS) ||
*8040SBaban.Kenkre@Sun.COM	    rc < 0)
*8040SBaban.Kenkre@Sun.COM		adh->dead = 1;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (rc == LDAP_RES_SEARCH_RESULT && adh->num_requests > 0)
*8040SBaban.Kenkre@Sun.COM		adh->num_requests--;
*8040SBaban.Kenkre@Sun.COM	if (adh->dead) {
*8040SBaban.Kenkre@Sun.COM		num = adh->num_requests;
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM		idmapdlog(LOG_DEBUG,
*8040SBaban.Kenkre@Sun.COM		    "AD ldap_result error - %d queued requests", num);
*8040SBaban.Kenkre@Sun.COM		return (-1);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	switch (rc) {
*8040SBaban.Kenkre@Sun.COM	case LDAP_RES_SEARCH_RESULT:
*8040SBaban.Kenkre@Sun.COM		msgid = ldap_msgid(res);
*8040SBaban.Kenkre@Sun.COM		if (msgid2query(adh, msgid, &query_state, &qid)) {
*8040SBaban.Kenkre@Sun.COM			if (query_state->ldap_res_search_cb != NULL) {
*8040SBaban.Kenkre@Sun.COM				/*
*8040SBaban.Kenkre@Sun.COM				 * We use the caller-provided callback
*8040SBaban.Kenkre@Sun.COM				 * to process the result.
*8040SBaban.Kenkre@Sun.COM				 */
*8040SBaban.Kenkre@Sun.COM				query_state->ldap_res_search_cb(
*8040SBaban.Kenkre@Sun.COM				    adh->ld, &res, rc, qid,
*8040SBaban.Kenkre@Sun.COM				    query_state->ldap_res_search_argp);
*8040SBaban.Kenkre@Sun.COM				(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM			} else {
*8040SBaban.Kenkre@Sun.COM				/*
*8040SBaban.Kenkre@Sun.COM				 * No callback. We fallback to our
*8040SBaban.Kenkre@Sun.COM				 * default behaviour. All the entries
*8040SBaban.Kenkre@Sun.COM				 * gotten from this search have been
*8040SBaban.Kenkre@Sun.COM				 * added to the result list during
*8040SBaban.Kenkre@Sun.COM				 * LDAP_RES_SEARCH_ENTRY (see below).
*8040SBaban.Kenkre@Sun.COM				 * Here we set the return status to
*8040SBaban.Kenkre@Sun.COM				 * notfound if the result is still empty.
*8040SBaban.Kenkre@Sun.COM				 */
*8040SBaban.Kenkre@Sun.COM				(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM				que = &(query_state->queries[qid]);
*8040SBaban.Kenkre@Sun.COM				if (*que->result == NULL)
*8040SBaban.Kenkre@Sun.COM					*que->rc = ADUTILS_ERR_NOTFOUND;
*8040SBaban.Kenkre@Sun.COM			}
*8040SBaban.Kenkre@Sun.COM			atomic_dec_32(&query_state->qinflight);
*8040SBaban.Kenkre@Sun.COM			adutils_lookup_batch_unlock(&query_state);
*8040SBaban.Kenkre@Sun.COM		} else {
*8040SBaban.Kenkre@Sun.COM			num = adh->num_requests;
*8040SBaban.Kenkre@Sun.COM			(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM			idmapdlog(LOG_DEBUG,
*8040SBaban.Kenkre@Sun.COM			    "AD cannot find message ID (%d) "
*8040SBaban.Kenkre@Sun.COM			    "- %d queued requests",
*8040SBaban.Kenkre@Sun.COM			    msgid, num);
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		(void) ldap_msgfree(res);
*8040SBaban.Kenkre@Sun.COM		ret = 0;
*8040SBaban.Kenkre@Sun.COM		break;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	case LDAP_RES_SEARCH_ENTRY:
*8040SBaban.Kenkre@Sun.COM		msgid = ldap_msgid(res);
*8040SBaban.Kenkre@Sun.COM		if (msgid2query(adh, msgid, &query_state, &qid)) {
*8040SBaban.Kenkre@Sun.COM			if (query_state->ldap_res_search_cb != NULL) {
*8040SBaban.Kenkre@Sun.COM				/*
*8040SBaban.Kenkre@Sun.COM				 * We use the caller-provided callback
*8040SBaban.Kenkre@Sun.COM				 * to process the entry.
*8040SBaban.Kenkre@Sun.COM				 */
*8040SBaban.Kenkre@Sun.COM				query_state->ldap_res_search_cb(
*8040SBaban.Kenkre@Sun.COM				    adh->ld, &res, rc, qid,
*8040SBaban.Kenkre@Sun.COM				    query_state->ldap_res_search_argp);
*8040SBaban.Kenkre@Sun.COM				(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM			} else {
*8040SBaban.Kenkre@Sun.COM				/*
*8040SBaban.Kenkre@Sun.COM				 * No callback. We fallback to our
*8040SBaban.Kenkre@Sun.COM				 * default behaviour. This entry
*8040SBaban.Kenkre@Sun.COM				 * will be added to the result list.
*8040SBaban.Kenkre@Sun.COM				 */
*8040SBaban.Kenkre@Sun.COM				que = &(query_state->queries[qid]);
*8040SBaban.Kenkre@Sun.COM				rc = add_entry(adh, que, res);
*8040SBaban.Kenkre@Sun.COM				(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM				if (rc < 0) {
*8040SBaban.Kenkre@Sun.COM					idmapdlog(LOG_DEBUG,
*8040SBaban.Kenkre@Sun.COM					    "Failed to queue entry by "
*8040SBaban.Kenkre@Sun.COM					    "message ID (%d) "
*8040SBaban.Kenkre@Sun.COM					    "- %d queued requests",
*8040SBaban.Kenkre@Sun.COM					    msgid, num);
*8040SBaban.Kenkre@Sun.COM				}
*8040SBaban.Kenkre@Sun.COM			}
*8040SBaban.Kenkre@Sun.COM			adutils_lookup_batch_unlock(&query_state);
*8040SBaban.Kenkre@Sun.COM		} else {
*8040SBaban.Kenkre@Sun.COM			num = adh->num_requests;
*8040SBaban.Kenkre@Sun.COM			(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM			idmapdlog(LOG_DEBUG,
*8040SBaban.Kenkre@Sun.COM			    "AD cannot find message ID (%d) "
*8040SBaban.Kenkre@Sun.COM			    "- %d queued requests",
*8040SBaban.Kenkre@Sun.COM			    msgid, num);
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM		(void) ldap_msgfree(res);
*8040SBaban.Kenkre@Sun.COM		ret = 0;
*8040SBaban.Kenkre@Sun.COM		break;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	case LDAP_RES_SEARCH_REFERENCE:
*8040SBaban.Kenkre@Sun.COM		/*
*8040SBaban.Kenkre@Sun.COM		 * We have no need for these at the moment.  Eventually,
*8040SBaban.Kenkre@Sun.COM		 * when we query things that we can't expect to find in
*8040SBaban.Kenkre@Sun.COM		 * the Global Catalog then we'll need to learn to follow
*8040SBaban.Kenkre@Sun.COM		 * references.
*8040SBaban.Kenkre@Sun.COM		 */
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM		(void) ldap_msgfree(res);
*8040SBaban.Kenkre@Sun.COM		ret = 0;
*8040SBaban.Kenkre@Sun.COM		break;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	default:
*8040SBaban.Kenkre@Sun.COM		/* timeout or error; treat the same */
*8040SBaban.Kenkre@Sun.COM		(void) pthread_mutex_unlock(&adh->lock);
*8040SBaban.Kenkre@Sun.COM		ret = -1;
*8040SBaban.Kenkre@Sun.COM		break;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	return (ret);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * This routine decreament the reference count of the
*8040SBaban.Kenkre@Sun.COM * adutils_query_state_t
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic void
*8040SBaban.Kenkre@Sun.COMadutils_lookup_batch_unlock(adutils_query_state_t **state)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Decrement reference count with qstatelock locked
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	(*state)->ref_cnt--;
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * If there are no references wakup the allocating thread
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	if ((*state)->ref_cnt <= 1)
*8040SBaban.Kenkre@Sun.COM		(void) pthread_cond_signal(&(*state)->cv);
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	*state = NULL;
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * This routine frees the adutils_query_state_t structure
*8040SBaban.Kenkre@Sun.COM * If the reference count is greater than 1 it waits
*8040SBaban.Kenkre@Sun.COM * for the other threads to finish using it.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMadutils_lookup_batch_release(adutils_query_state_t **state)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_query_state_t **p;
*8040SBaban.Kenkre@Sun.COM	int			i;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (state == NULL || *state == NULL)
*8040SBaban.Kenkre@Sun.COM		return;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Set state to dead to stop further operations.
*8040SBaban.Kenkre@Sun.COM	 * Wait for reference count with qstatelock locked
*8040SBaban.Kenkre@Sun.COM	 * to get to one.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	(*state)->qdead = 1;
*8040SBaban.Kenkre@Sun.COM	while ((*state)->ref_cnt > 1) {
*8040SBaban.Kenkre@Sun.COM		(void) pthread_cond_wait(&(*state)->cv, &qstatelock);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Remove this state struct from the list of state structs */
*8040SBaban.Kenkre@Sun.COM	for (p = &qstatehead; *p != NULL; p = &(*p)->next) {
*8040SBaban.Kenkre@Sun.COM		if (*p == (*state)) {
*8040SBaban.Kenkre@Sun.COM			*p = (*state)->next;
*8040SBaban.Kenkre@Sun.COM			break;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	(void) pthread_cond_destroy(&(*state)->cv);
*8040SBaban.Kenkre@Sun.COM	release_conn((*state)->qadh);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Clear results for queries that failed */
*8040SBaban.Kenkre@Sun.COM	for (i = 0; i < (*state)->qcount; i++) {
*8040SBaban.Kenkre@Sun.COM		if (*(*state)->queries[i].rc != ADUTILS_SUCCESS) {
*8040SBaban.Kenkre@Sun.COM			adutils_freeresult((*state)->queries[i].result);
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	free((*state)->default_domain);
*8040SBaban.Kenkre@Sun.COM	free((*state)->basedn);
*8040SBaban.Kenkre@Sun.COM	free(*state);
*8040SBaban.Kenkre@Sun.COM	*state = NULL;
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * This routine waits for other threads using the
*8040SBaban.Kenkre@Sun.COM * adutils_query_state_t structure to finish.
*8040SBaban.Kenkre@Sun.COM * If the reference count is greater than 1 it waits
*8040SBaban.Kenkre@Sun.COM * for the other threads to finish using it.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMstatic
*8040SBaban.Kenkre@Sun.COMvoid
*8040SBaban.Kenkre@Sun.COMadutils_lookup_batch_wait(adutils_query_state_t *state)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Set state to dead to stop further operation.
*8040SBaban.Kenkre@Sun.COM	 * stating.
*8040SBaban.Kenkre@Sun.COM	 * Wait for reference count to get to one
*8040SBaban.Kenkre@Sun.COM	 * with qstatelock locked.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM	state->qdead = 1;
*8040SBaban.Kenkre@Sun.COM	while (state->ref_cnt > 1) {
*8040SBaban.Kenkre@Sun.COM		(void) pthread_cond_wait(&state->cv, &qstatelock);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&qstatelock);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Process active queries in the AD lookup batch and then finalize the
*8040SBaban.Kenkre@Sun.COM * result.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMadutils_rc
*8040SBaban.Kenkre@Sun.COMadutils_lookup_batch_end(adutils_query_state_t **state)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	int		    rc = LDAP_SUCCESS;
*8040SBaban.Kenkre@Sun.COM	adutils_rc	    ad_rc = ADUTILS_SUCCESS;
*8040SBaban.Kenkre@Sun.COM	struct timeval	    tv;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	tv.tv_sec = ADUTILS_SEARCH_TIMEOUT;
*8040SBaban.Kenkre@Sun.COM	tv.tv_usec = 0;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Process results until done or until timeout, if given */
*8040SBaban.Kenkre@Sun.COM	while ((*state)->qinflight > 0) {
*8040SBaban.Kenkre@Sun.COM		if ((rc = get_adobject_batch((*state)->qadh,
*8040SBaban.Kenkre@Sun.COM		    &tv)) != 0)
*8040SBaban.Kenkre@Sun.COM			break;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	(*state)->qdead = 1;
*8040SBaban.Kenkre@Sun.COM	/* Wait for other threads processing search result to finish */
*8040SBaban.Kenkre@Sun.COM	adutils_lookup_batch_wait(*state);
*8040SBaban.Kenkre@Sun.COM	if (rc == -1 || (*state)->qinflight != 0)
*8040SBaban.Kenkre@Sun.COM		ad_rc = ADUTILS_ERR_RETRIABLE_NET_ERR;
*8040SBaban.Kenkre@Sun.COM	adutils_lookup_batch_release(state);
*8040SBaban.Kenkre@Sun.COM	return (ad_rc);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COMconst char *
*8040SBaban.Kenkre@Sun.COMadutils_lookup_batch_getdefdomain(adutils_query_state_t *state)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	return (state->default_domain);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Send one prepared search, queue up msgid, process what results are
*8040SBaban.Kenkre@Sun.COM * available
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMadutils_rc
*8040SBaban.Kenkre@Sun.COMadutils_lookup_batch_add(adutils_query_state_t *state,
*8040SBaban.Kenkre@Sun.COM	const char *filter, const char **attrs, const char *edomain,
*8040SBaban.Kenkre@Sun.COM	adutils_result_t **result, adutils_rc *rc)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_rc	retcode = ADUTILS_SUCCESS;
*8040SBaban.Kenkre@Sun.COM	int		lrc, qid;
*8040SBaban.Kenkre@Sun.COM	int		num;
*8040SBaban.Kenkre@Sun.COM	int		dead;
*8040SBaban.Kenkre@Sun.COM	struct timeval	tv;
*8040SBaban.Kenkre@Sun.COM	adutils_q_t	*q;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	qid = atomic_inc_32_nv(&state->qlastsent) - 1;
*8040SBaban.Kenkre@Sun.COM	q = &(state->queries[qid]);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Remember the expected domain so we can check the results
*8040SBaban.Kenkre@Sun.COM	 * against it
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	q->edomain = edomain;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Remember where to put the results */
*8040SBaban.Kenkre@Sun.COM	q->result = result;
*8040SBaban.Kenkre@Sun.COM	q->rc = rc;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Provide sane defaults for the results in case we never hear
*8040SBaban.Kenkre@Sun.COM	 * back from the DS before closing the connection.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	*rc = ADUTILS_ERR_RETRIABLE_NET_ERR;
*8040SBaban.Kenkre@Sun.COM	if (result != NULL)
*8040SBaban.Kenkre@Sun.COM		*result = NULL;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Check the number of queued requests first */
*8040SBaban.Kenkre@Sun.COM	tv.tv_sec = ADUTILS_SEARCH_TIMEOUT;
*8040SBaban.Kenkre@Sun.COM	tv.tv_usec = 0;
*8040SBaban.Kenkre@Sun.COM	while (!state->qadh->dead &&
*8040SBaban.Kenkre@Sun.COM	    state->qadh->num_requests > state->qadh->max_requests) {
*8040SBaban.Kenkre@Sun.COM		if (get_adobject_batch(state->qadh, &tv) != 0)
*8040SBaban.Kenkre@Sun.COM			break;
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/* Send this lookup, don't wait for a result here */
*8040SBaban.Kenkre@Sun.COM	lrc = LDAP_SUCCESS;
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_lock(&state->qadh->lock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (!state->qadh->dead) {
*8040SBaban.Kenkre@Sun.COM		state->qadh->idletime = time(NULL);
*8040SBaban.Kenkre@Sun.COM		lrc = ldap_search_ext(state->qadh->ld, state->basedn,
*8040SBaban.Kenkre@Sun.COM		    LDAP_SCOPE_SUBTREE, filter, (char **)attrs,
*8040SBaban.Kenkre@Sun.COM		    0, NULL, NULL, NULL, -1, &q->msgid);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM		if (lrc == LDAP_SUCCESS) {
*8040SBaban.Kenkre@Sun.COM			state->qadh->num_requests++;
*8040SBaban.Kenkre@Sun.COM		} else if (lrc == LDAP_BUSY || lrc == LDAP_UNAVAILABLE ||
*8040SBaban.Kenkre@Sun.COM		    lrc == LDAP_CONNECT_ERROR || lrc == LDAP_SERVER_DOWN ||
*8040SBaban.Kenkre@Sun.COM		    lrc == LDAP_UNWILLING_TO_PERFORM) {
*8040SBaban.Kenkre@Sun.COM			retcode = ADUTILS_ERR_RETRIABLE_NET_ERR;
*8040SBaban.Kenkre@Sun.COM			state->qadh->dead = 1;
*8040SBaban.Kenkre@Sun.COM		} else {
*8040SBaban.Kenkre@Sun.COM			retcode = ADUTILS_ERR_OTHER;
*8040SBaban.Kenkre@Sun.COM			state->qadh->dead = 1;
*8040SBaban.Kenkre@Sun.COM		}
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM	dead = state->qadh->dead;
*8040SBaban.Kenkre@Sun.COM	num = state->qadh->num_requests;
*8040SBaban.Kenkre@Sun.COM	(void) pthread_mutex_unlock(&state->qadh->lock);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	if (dead) {
*8040SBaban.Kenkre@Sun.COM		if (lrc != LDAP_SUCCESS)
*8040SBaban.Kenkre@Sun.COM			idmapdlog(LOG_DEBUG,
*8040SBaban.Kenkre@Sun.COM			    "AD ldap_search_ext error (%s) "
*8040SBaban.Kenkre@Sun.COM			    "- %d queued requests",
*8040SBaban.Kenkre@Sun.COM			    ldap_err2string(lrc), num);
*8040SBaban.Kenkre@Sun.COM		return (retcode);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	atomic_inc_32(&state->qinflight);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	/*
*8040SBaban.Kenkre@Sun.COM	 * Reap as many requests as we can _without_ waiting to prevent
*8040SBaban.Kenkre@Sun.COM	 * any possible TCP socket buffer starvation deadlocks.
*8040SBaban.Kenkre@Sun.COM	 */
*8040SBaban.Kenkre@Sun.COM	(void) memset(&tv, 0, sizeof (tv));
*8040SBaban.Kenkre@Sun.COM	while (get_adobject_batch(state->qadh, &tv) == 0)
*8040SBaban.Kenkre@Sun.COM		;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	return (ADUTILS_SUCCESS);
*8040SBaban.Kenkre@Sun.COM}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM/*
*8040SBaban.Kenkre@Sun.COM * Single AD lookup request implemented on top of the batch API.
*8040SBaban.Kenkre@Sun.COM */
*8040SBaban.Kenkre@Sun.COMadutils_rc
*8040SBaban.Kenkre@Sun.COMadutils_lookup(adutils_ad_t *ad, const char *filter, const char **attrs,
*8040SBaban.Kenkre@Sun.COM		const char *domain, adutils_result_t **result)
*8040SBaban.Kenkre@Sun.COM{
*8040SBaban.Kenkre@Sun.COM	adutils_rc		rc, brc;
*8040SBaban.Kenkre@Sun.COM	adutils_query_state_t	*qs;
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	rc = adutils_lookup_batch_start(ad, 1, NULL, NULL, &qs);
*8040SBaban.Kenkre@Sun.COM	if (rc != ADUTILS_SUCCESS)
*8040SBaban.Kenkre@Sun.COM		return (rc);
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	rc = adutils_lookup_batch_add(qs, filter, attrs, domain, result, &brc);
*8040SBaban.Kenkre@Sun.COM	if (rc != ADUTILS_SUCCESS) {
*8040SBaban.Kenkre@Sun.COM		adutils_lookup_batch_release(&qs);
*8040SBaban.Kenkre@Sun.COM		return (rc);
*8040SBaban.Kenkre@Sun.COM	}
*8040SBaban.Kenkre@Sun.COM
*8040SBaban.Kenkre@Sun.COM	rc = adutils_lookup_batch_end(&qs);
*8040SBaban.Kenkre@Sun.COM	if (rc != ADUTILS_SUCCESS)
*8040SBaban.Kenkre@Sun.COM		return (rc);
*8040SBaban.Kenkre@Sun.COM	return (brc);
*8040SBaban.Kenkre@Sun.COM}