xref: /titanic_41/usr/src/lib/libsldap/common/ns_sldap.h (revision 6a634c9dca3093f3922e4b7ab826d7bdf17bf78e) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 
26 #ifndef	_NS_SLDAP_H
27 #define	_NS_SLDAP_H
28 
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32 
33 #include <stdio.h>
34 #include <sys/types.h>
35 #include <lber.h>
36 #include <ldap.h>
37 
38 /*
39  * Version
40  */
41 #define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
42 #define	NS_LDAP_VERSION_1	"1.0"
43 #define	NS_LDAP_VERSION_2	"2.0"
44 
45 /*
46  * Flags
47  */
48 #define	NS_LDAP_HARD		  0x001
49 #define	NS_LDAP_ALL_RES		  0x002
50 
51 /* Search Referral Option */
52 typedef enum SearchRef {
53 	NS_LDAP_FOLLOWREF	= 0x004,
54 	NS_LDAP_NOREF		= 0x008
55 } SearchRef_t;
56 
57 typedef enum ScopeType {
58 	NS_LDAP_SCOPE_BASE	= 0x010,
59 	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
60 	NS_LDAP_SCOPE_SUBTREE	= 0x040
61 } ScopeType_t;
62 
63 /*
64  * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
65  * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
66  * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
67  * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
68  */
69 
70 #define	NS_LDAP_KEEP_CONN	  0x080
71 #define	NS_LDAP_NEW_CONN	  0x400
72 #define	NS_LDAP_NOMAP		  0x800
73 
74 #define	NS_LDAP_PAGE_CTRL	  0x1000
75 #define	NS_LDAP_NO_PAGE_CTRL	  0x0000
76 
77 /*
78  * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
79  * to retrieve the DN in LDAP and DN is not to be converted when
80  * being passed back to the application. See __ns_ldap_uid2dn()
81  * and __ns_ldap_host2dn() for such usage.
82  */
83 #define	NS_LDAP_NOT_CVT_DN	0x2000
84 
85 /*
86  * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
87  * __ns_ldap_repAttr() to update the shadow database on the
88  * LDAP server.
89  */
90 #define	NS_LDAP_UPDATE_SHADOW	0x4000
91 
92 /*
93  * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
94  * and __ns_ldap_firstEntry() to read the shadow database on the
95  * LDAP server.
96  */
97 #define	NS_LDAP_READ_SHADOW	0x8000
98 
99 /*
100  * Authentication Information
101  */
102 typedef enum CredLevel {
103 	NS_LDAP_CRED_ANON	= 0,
104 	NS_LDAP_CRED_PROXY	= 1,
105 	NS_LDAP_CRED_SELF	= 2
106 } CredLevel_t;
107 
108 typedef enum AuthType {
109 	NS_LDAP_AUTH_NONE	= 0,
110 	NS_LDAP_AUTH_SIMPLE	= 1,
111 	NS_LDAP_AUTH_SASL	= 2,
112 	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
113 	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
114 } AuthType_t;
115 
116 typedef enum TlsType {
117 	NS_LDAP_TLS_NONE	= 0,
118 	NS_LDAP_TLS_SIMPLE	= 1,
119 	NS_LDAP_TLS_SASL	= 2
120 } TlsType_t;
121 
122 typedef enum SaslMech {
123 	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
124 	NS_LDAP_SASL_CRAM_MD5	= 1,
125 	NS_LDAP_SASL_DIGEST_MD5	= 2,
126 	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
127 	NS_LDAP_SASL_GSSAPI	= 4,
128 	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
129 } SaslMech_t;
130 
131 typedef enum SaslOpt {
132 	NS_LDAP_SASLOPT_NONE	= 0,
133 	NS_LDAP_SASLOPT_INT	= 1,
134 	NS_LDAP_SASLOPT_PRIV	= 2
135 } SaslOpt_t;
136 
137 typedef enum PrefOnly {
138 	NS_LDAP_PREF_FALSE	= 0,
139 	NS_LDAP_PREF_TRUE	= 1
140 } PrefOnly_t;
141 
142 typedef enum enableShadowUpdate {
143 	NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE	= 0,
144 	NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE	= 1
145 } enableShadowUpdate_t;
146 
147 typedef struct UnixCred {
148 	char	*userID;	/* Unix ID number */
149 	char	*passwd;	/* password */
150 } UnixCred_t;
151 
152 typedef struct CertCred {
153 	char	*path;		/* certificate path */
154 	char	*passwd;	/* password */
155 	char	*nickname;	/* nickname */
156 } CertCred_t;
157 
158 typedef struct ns_auth {
159 	AuthType_t	type;
160 	TlsType_t	tlstype;
161 	SaslMech_t	saslmech;
162 	SaslOpt_t	saslopt;
163 } ns_auth_t;
164 
165 typedef struct ns_cred {
166 	ns_auth_t	auth;
167 	char		*hostcertpath;
168 	union {
169 		UnixCred_t	unix_cred;
170 		CertCred_t	cert_cred;
171 	} cred;
172 } ns_cred_t;
173 
174 
175 typedef struct LineBuf {
176 	char *str;
177 	int len;
178 	int alloc;
179 } LineBuf;
180 
181 /*
182  * Configuration Information
183  */
184 
185 typedef enum {
186 	NS_LDAP_FILE_VERSION_P		= 0,
187 	NS_LDAP_BINDDN_P		= 1,
188 	NS_LDAP_BINDPASSWD_P		= 2,
189 	NS_LDAP_SERVERS_P		= 3,
190 	NS_LDAP_SEARCH_BASEDN_P		= 4,
191 	NS_LDAP_AUTH_P			= 5,
192 /*
193  * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
194  * with version 1 clients and their configuration files.  The only
195  * supported value is NS_LDAP_SEC_NONE.  No application should be
196  * using this parameter type (either through getParam or setParam.
197  */
198 	NS_LDAP_TRANSPORT_SEC_P		= 6,
199 	NS_LDAP_SEARCH_REF_P		= 7,
200 	NS_LDAP_DOMAIN_P		= 8,
201 	NS_LDAP_EXP_P			= 9,
202 	NS_LDAP_CERT_PATH_P		= 10,
203 	NS_LDAP_CERT_PASS_P		= 11,
204 	NS_LDAP_SEARCH_DN_P		= 12,
205 	NS_LDAP_SEARCH_SCOPE_P		= 13,
206 	NS_LDAP_SEARCH_TIME_P		= 14,
207 	NS_LDAP_SERVER_PREF_P		= 15,
208 	NS_LDAP_PREF_ONLY_P		= 16,
209 	NS_LDAP_CACHETTL_P		= 17,
210 	NS_LDAP_PROFILE_P		= 18,
211 	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
212 	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
213 	NS_LDAP_BIND_TIME_P		= 21,
214 	NS_LDAP_ATTRIBUTEMAP_P		= 22,
215 	NS_LDAP_OBJECTCLASSMAP_P	= 23,
216 	NS_LDAP_CERT_NICKNAME_P		= 24,
217 	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
218 	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
219 	NS_LDAP_HOST_CERTPATH_P		= 27,
220 	NS_LDAP_ENABLE_SHADOW_UPDATE_P	= 28,
221 	NS_LDAP_ADMIN_BINDDN_P		= 29,
222 	NS_LDAP_ADMIN_BINDPASSWD_P	= 30,
223 /*
224  * The following entry (max ParamIndexType) is an internal
225  * placeholder.  It must be the last (and highest value)
226  * entry in this eNum.  Please update accordingly.
227  */
228 	NS_LDAP_MAX_PIT_P		= 31
229 
230 } ParamIndexType;
231 
232 /*
233  * NONE - No self / SASL/GSSAPI configured
234  * ONLY - Only self / SASL/GSSAPI configured
235  * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
236  */
237 typedef enum {
238 	NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
239 	NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
240 	NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
241 } ns_ldap_self_gssapi_config_t;
242 
243 /*
244  * __ns_ldap_*() return codes
245  */
246 typedef enum {
247 	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
248 	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
249 	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
250 	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
251 	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
252 	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
253 	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
254 	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
255 	NS_LDAP_SUCCESS_WITH_INFO
256 				= 9  /* success, with info in errorp */
257 } ns_ldap_return_code;
258 
259 /*
260  * Detailed error code for NS_LDAP_CONFIG
261  */
262 typedef enum {
263 	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
264 	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
265 	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
266 	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
267 	NS_CONFIG_FILE		= 4,	/* configuration file problem */
268 	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
269 } ns_ldap_config_return_code;
270 
271 /*
272  * Detailed error code for NS_LDAP_PARTIAL
273  */
274 typedef enum {
275 	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
276 	NS_PARTIAL_OTHER	= 1	/* error encountered */
277 } ns_ldap_partial_return_code;
278 
279 /*
280  * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
281  */
282 typedef enum {
283 	NS_HOSTCRED_FALSE = 0,
284 	NS_HOSTCRED_TRUE  = 1
285 } hostcred_t;
286 
287 /*
288  * Detailed password status
289  */
290 typedef enum {
291 	NS_PASSWD_GOOD			= 0,	/* password is good */
292 	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
293 						/* about to expire */
294 	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
295 						/* changed immediately */
296 	NS_PASSWD_EXPIRED		= 3,	/* password expired */
297 	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
298 						/* account is locked */
299 	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
300 						/* by the administrator */
301 	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
302 						/* new password has */
303 						/* invalid syntax -- */
304 						/* trivial password: same */
305 						/* value as attr, cn, sn, */
306 						/* uid, etc. */
307 						/* or strong password */
308 						/* policies check */
309 	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
310 						/* new password has */
311 						/* less chars than */
312 						/* required */
313 	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
314 						/* reuse old password  */
315 	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
316 						/* within minimum age  */
317 } ns_ldap_passwd_status_t;
318 
319 /*
320  * Password management information structure
321  *
322  * This structure is different from AcctUsableResponse_t structure in
323  * that this structure holds result of users account mgmt information when
324  * an ldap bind is done with user name and user password.
325  */
326 typedef struct ns_ldap_passwd_mgmt {
327 	ns_ldap_passwd_status_t
328 		status;			/* password status */
329 	int	sec_until_expired;	/* seconds until expired, */
330 					/* valid if status is */
331 					/* NS_PASSWD_ABOUT_TO_EXPIRE */
332 } ns_ldap_passwd_mgmt_t;
333 
334 /*
335  * LDAP V3 control flag for account management - Used for account management
336  * when no password is provided
337  */
338 #define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"
339 
340 /*
341  * Structure for holding the response returned by server for
342  * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
343  */
344 typedef struct AcctUsableMoreInfo {
345 	int inactive;
346 	int reset;
347 	int expired;
348 	int rem_grace;
349 	int sec_b4_unlock;
350 } AcctUsableMoreInfo_t;
351 
352 /*
353  * Structure used to hold the response from the server for
354  * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
355  *
356  * ACCOUNT_USABLE_RESPONSE::= CHOICE {
357  * is_available		[0] INTEGER, seconds before expiration
358  * is_not_available	[1] More_info
359  * }
360  *
361  * More_info::= SEQUENCE {
362  * inactive		[0] BOOLEAN DEFAULT FALSE,
363  * reset		[1] BOOLEAN DEFAULT FALSE,
364  * expired		[2] BOOLEAN DEFAULT FALSE,
365  * remaining_grace	[3] INTEGER OPTIONAL,
366  * seconds_before_unlock[4] INTEGER OPTIONAL
367  * }
368  *
369  * This structure is different from ns_ldap_passwd_mgmt_t structure in
370  * that this structure holds result of users account mgmt information when
371  * pam_ldap doesn't have the users password and proxy agent is used for
372  * obtaining the account management information.
373  */
374 typedef struct AcctUsableResponse {
375 	int choice;
376 	union {
377 		int seconds_before_expiry;
378 		AcctUsableMoreInfo_t more_info;
379 	} AcctUsableResp;
380 } AcctUsableResponse_t;
381 
382 /*
383  * Simplified LDAP Naming API result structure
384  */
385 typedef struct ns_ldap_error {
386 	int	status;				/* LDAP error code */
387 	char	*message;			/* LDAP error message */
388 	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
389 						/* management info */
390 } ns_ldap_error_t;
391 
392 typedef struct	 ns_ldap_attr {
393 	char	*attrname;			/* attribute name */
394 	uint_t	value_count;
395 	char	**attrvalue;			/* attribute values */
396 } ns_ldap_attr_t;
397 
398 typedef struct ns_ldap_entry {
399 	uint_t		attr_count;		/* number of attributes */
400 	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
401 	struct ns_ldap_entry *next;		/* next entry */
402 } ns_ldap_entry_t;
403 
404 typedef struct ns_ldap_result {
405 	uint_t	entries_count;		/* number of entries */
406 	ns_ldap_entry_t	*entry;		/* data */
407 } ns_ldap_result_t;
408 
409 /*
410  * structures for the conversion routines used by typedAddEntry()
411  */
412 
413 typedef struct _ns_netgroups {
414 	char  *name;
415 	char  **triplet;
416 	char  **netgroup;
417 } _ns_netgroups_t;
418 
419 typedef struct _ns_netmasks {
420 	char *netnumber;
421 	char *netmask;
422 } _ns_netmasks_t;
423 
424 typedef struct _ns_bootp {
425 	char *name;
426 	char **param;
427 } _ns_bootp_t;
428 
429 typedef struct _ns_ethers {
430 	char *name;
431 	char *ether;
432 } _ns_ethers_t;
433 
434 typedef struct _ns_pubkey {
435 	char *name;
436 	hostcred_t hostcred;
437 	char *pubkey;
438 	char *privkey;
439 } _ns_pubkey_t;
440 
441 typedef struct _ns_alias {
442 	char *alias;
443 	char **member;
444 } _ns_alias_t;
445 
446 typedef struct _ns_automount {
447 	char *mapname;
448 	char *key;
449 	char *value;
450 } _ns_automount_t;
451 
452 /*
453  * return values for the callback function in __ns_ldap_list()
454  */
455 #define	NS_LDAP_CB_NEXT	0	/* get the next entry */
456 #define	NS_LDAP_CB_DONE	1	/* done */
457 
458 /*
459  * Input values for the type specified in __ns_ldap_addTypedEntry()
460  * and __ns_ldap_delTypedEntry()
461  */
462 
463 #define	NS_LDAP_TYPE_PASSWD	"passwd"
464 #define	NS_LDAP_TYPE_GROUP	"group"
465 #define	NS_LDAP_TYPE_HOSTS	"hosts"
466 #define	NS_LDAP_TYPE_IPNODES	"ipnodes"
467 #define	NS_LDAP_TYPE_PROFILE	"prof_attr"
468 #define	NS_LDAP_TYPE_RPC	"rpc"
469 #define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
470 #define	NS_LDAP_TYPE_NETWORKS	"networks"
471 #define	NS_LDAP_TYPE_NETGROUP	"netgroup"
472 #define	NS_LDAP_TYPE_ALIASES	"aliases"
473 #define	NS_LDAP_TYPE_SERVICES	"services"
474 #define	NS_LDAP_TYPE_ETHERS	"ethers"
475 #define	NS_LDAP_TYPE_SHADOW	"shadow"
476 #define	NS_LDAP_TYPE_NETMASKS	"netmasks"
477 #define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
478 #define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
479 #define	NS_LDAP_TYPE_USERATTR	"user_attr"
480 #define	NS_LDAP_TYPE_PROJECT	"project"
481 #define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
482 #define	NS_LDAP_TYPE_AUUSER	"audit_user"
483 #define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
484 #define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
485 #define	NS_LDAP_TYPE_TNRHDB	"tnrhdb"
486 #define	NS_LDAP_TYPE_TNRHTP	"tnrhtp"
487 
488 /*
489  * service descriptor/attribute mapping structure
490  */
491 
492 typedef struct ns_ldap_search_desc {
493 	char		*basedn;	/* search base dn */
494 	ScopeType_t	scope;		/* search scope */
495 	char		*filter;	/* search filter */
496 } ns_ldap_search_desc_t;
497 
498 typedef struct ns_ldap_attribute_map {
499 	char		*origAttr;	/* original attribute */
500 	char		**mappedAttr;	/* mapped attribute(s) */
501 } ns_ldap_attribute_map_t;
502 
503 typedef struct ns_ldap_objectclass_map {
504 	char		*origOC;	/* original objectclass */
505 	char		*mappedOC;	/* mapped objectclass */
506 } ns_ldap_objectclass_map_t;
507 
508 /*
509  * Value of the userPassword attribute representing NO Unix password
510  */
511 #define	NS_LDAP_NO_UNIX_PASSWORD	"<NO UNIX PASSWORD>"
512 
513 /* Opaque handle for batch API */
514 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
515 
516 /*
517  * The type of standalone configuration specified by a client application.
518  * The meaning of the requests is as follows:
519  *
520  * NS_CACHEMGR:    libsldap will request all the configuration via door_call(3C)
521  *                 to ldap_cachemgr.
522  * NS_LDAP_SERVER: the consumer application has specified a directory server
523  *                 to communicate to.
524  * NS_PREDEFINED:  reserved for internal use
525  */
526 typedef enum {
527 	NS_CACHEMGR = 0,
528 	NS_LDAP_SERVER
529 } ns_standalone_request_type_t;
530 
531 /*
532  * This structure describes an LDAP server specified by a client application.
533  */
534 typedef struct ns_dir_server {
535 	char *server;			/* A directory server's IP */
536 	uint16_t port;			/* A directory server's port. */
537 					/* Default value is 389 */
538 	char *domainName;		/* A domain name being served */
539 					/* by the specified server. */
540 					/* Default value is the local */
541 					/* domain's name */
542 	char *profileName;		/* A DUAProfile's name. */
543 					/* Default value is 'default' */
544 	ns_auth_t *auth;		/* Authentication information used */
545 					/* during subsequent connections */
546 	char *cred;			/* A credential level to be used */
547 					/* along with the authentication info */
548 	char *host_cert_path;		/* A path to the certificate database */
549 					/* Default is '/vat/ldap' */
550 	char *bind_dn;			/* A bind DN to be used during */
551 					/* subsequent LDAP Bind requests */
552 	char *bind_passwd;		/* A bind password to be used during */
553 					/* subsequent LDAP Bind requests */
554 } ns_dir_server_t;
555 
556 /*
557  * This structure contains information describing an LDAP server.
558  */
559 typedef struct ns_standalone_conf {
560 	union {
561 		ns_dir_server_t server;
562 		void *predefined_conf;	/* Reserved for internal use */
563 	} ds_profile;			/* A type of the configuration */
564 
565 #define	SA_SERVER	ds_profile.server.server
566 #define	SA_PORT		ds_profile.server.port
567 #define	SA_DOMAIN	ds_profile.server.domainName
568 #define	SA_PROFILE_NAME	ds_profile.server.profileName
569 #define	SA_AUTH		ds_profile.server.auth
570 #define	SA_CRED		ds_profile.server.cred
571 #define	SA_CERT_PATH	ds_profile.server.host_cert_path
572 #define	SA_BIND_DN	ds_profile.server.bind_dn
573 #define	SA_BIND_PWD	ds_profile.server.bind_passwd
574 
575 	ns_standalone_request_type_t type;
576 } ns_standalone_conf_t;
577 
578 /*
579  * This function "informs" libsldap that a client application has specified
580  * a directory to use. The function obtains a DUAProfile, credentials,
581  * and naming context. During all further operations on behalf
582  * of the application requested a standalone schema libsldap will use
583  * the information obtained by __ns_ldap_initStandalone() instead of
584  * door_call(3C)ing ldap_cachemgr(1M).
585  *
586  * conf
587  * 	A structure describing where and in which way to obtain all the
588  * 	configuration describing how to communicate to a choosen LDAP directory.
589  *
590  * errorp
591  * 	An error object describing an error occured.
592  */
593 ns_ldap_return_code __ns_ldap_initStandalone(
594 	const ns_standalone_conf_t *conf,
595 	ns_ldap_error_t	**errorp);
596 
597 /*
598  * This function obtains the directory's base DN and a DUAProfile
599  * from a specified server.
600  *
601  * server
602  * 	Specifies the selected directory sever.
603  *
604  * cred
605  * 	Contains an authentication information and credential required to
606  * 	establish a connection.
607  *
608  * config
609  * 	If not NULL, a new configuration basing on a DUAProfile specified in the
610  * 	server parameter will be create and returned.
611  *
612  * baseDN
613  * 	If not NULL, the directory's base DN will be returned.
614  *
615  * error
616  * 	Describes an error, if any.
617  */
618 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
619 	const ns_dir_server_t *server,
620 	const ns_cred_t *cred,
621 	char **config,	char **baseDN,
622 	ns_ldap_error_t **error);
623 
624 #define	SA_PROHIBIT_FALLBACK 0
625 #define	SA_ALLOW_FALLBACK 1
626 
627 #define	DONT_SAVE_NSCONF 0
628 #define	SAVE_NSCONF 1
629 
630 /*
631  * This function obtains the root DSE from a specified server.
632  *
633  * server_addr
634  * 	An adress of a server to be connected to.
635  *
636  * rootDSE
637  * 	A buffer containing the root DSE in the ldap_cachmgr door call format.
638  *
639  * errorp
640  * 	Describes an error, if any.
641  *
642  * anon_fallback
643  * 	If set to 1 and establishing a connection fails, __s_api_getRootDSE()
644  * 	will try once again using anonymous credentials.
645  */
646 ns_ldap_return_code __ns_ldap_getRootDSE(
647 	const char *server_addr,
648 	char **rootDSE,
649 	ns_ldap_error_t **errorp,
650 	int anon_fallback);
651 
652 /*
653  * This function iterates through the list of the configured LDAP servers
654  * and "pings" those which are marked as removed or if any error occurred
655  * during the previous receiving of the server's root DSE. If the
656  * function is able to reach such a server and get its root DSE, it
657  * marks the server as on-line. Otherwise, the server's status is set
658  * to "Error".
659  * For each server the function tries to connect to, it fires up
660  * a separate thread and then waits until all the threads finish.
661  * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
662  * initialized or was canceled prior to an invocation of
663  * __ns_ldap_pingOfflineServers().
664  */
665 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
666 
667 /*
668  * This function cancels the Standalone mode and destroys the list of root DSEs.
669  */
670 void __ns_ldap_cancelStandalone(void);
671 /*
672  * This function initializes an ns_auth_t structure provided by a caller
673  * according to a specified authentication mechanism.
674  */
675 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
676 	ns_auth_t *auth,
677 	ns_ldap_error_t **errorp);
678 
679 /*
680  * Simplified LDAP Naming APIs
681  */
682 int __ns_ldap_list(
683 	const char *service,
684 	const char *filter,
685 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
686 			char **realfilter, const void *userdata),
687 	const char * const *attribute,
688 	const ns_cred_t *cred,
689 	const int flags,
690 	ns_ldap_result_t ** result,
691 	ns_ldap_error_t ** errorp,
692 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
693 	const void *userdata);
694 
695 
696 int __ns_ldap_list_sort(
697 	const char *service,
698 	const char *filter,
699 	const char *sortattr,
700 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
701 			char **realfilter, const void *userdata),
702 	const char * const *attribute,
703 	const ns_cred_t *cred,
704 	const int flags,
705 	ns_ldap_result_t ** result,
706 	ns_ldap_error_t ** errorp,
707 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
708 	const void *userdata);
709 
710 int __ns_ldap_list_batch_start(
711 	ns_ldap_list_batch_t **batch);
712 
713 int __ns_ldap_list_batch_add(
714 	ns_ldap_list_batch_t *batch,
715 	const char *service,
716 	const char *filter,
717 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
718 			char **realfilter, const void *userdata),
719 	const char * const *attribute,
720 	const ns_cred_t *cred,
721 	const int flags,
722 	ns_ldap_result_t ** result,
723 	ns_ldap_error_t ** errorp,
724 	int *rcp,
725 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
726 	const void *userdata);
727 
728 int __ns_ldap_list_batch_end(
729 	ns_ldap_list_batch_t *batch);
730 
731 void __ns_ldap_list_batch_release(
732 	ns_ldap_list_batch_t *batch);
733 
734 int  __ns_ldap_addAttr(
735 	const char *service,
736 	const char *dn,
737 	const ns_ldap_attr_t * const *attr,
738 	const ns_cred_t *cred,
739 	const int flags,
740 	ns_ldap_error_t **errorp);
741 
742 int __ns_ldap_delAttr(
743 	const char *service,
744 	const char *dn,
745 	const ns_ldap_attr_t * const *attr,
746 	const ns_cred_t *cred,
747 	const int flags,
748 	ns_ldap_error_t **errorp);
749 
750 int  __ns_ldap_repAttr(
751 	const char *service,
752 	const char *dn,
753 	const ns_ldap_attr_t * const *attr,
754 	const ns_cred_t *cred,
755 	const int flags,
756 	ns_ldap_error_t **errorp);
757 
758 int  __ns_ldap_addEntry(
759 	const char *service,
760 	const char *dn,
761 	const ns_ldap_entry_t *entry,
762 	const ns_cred_t *cred,
763 	const int flags,
764 	ns_ldap_error_t **errorp);
765 
766 int  __ns_ldap_addTypedEntry(
767 	const char *servicetype,
768 	const char *basedn,
769 	const void *data,
770 	const int  create,
771 	const ns_cred_t *cred,
772 	const int flags,
773 	ns_ldap_error_t **errorp);
774 
775 int __ns_ldap_delEntry(
776 	const char *service,
777 	const char *dn,
778 	const ns_cred_t *cred,
779 	const int flags,
780 	ns_ldap_error_t **errorp);
781 
782 int __ns_ldap_firstEntry(
783 	const char *service,
784 	const char *filter,
785 	const char *sortattr,
786 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
787 			char **realfilter, const void *userdata),
788 	const char * const *attribute,
789 	const ns_cred_t *cred,
790 	const int flags,
791 	void **cookie,
792 	ns_ldap_result_t ** result,
793 	ns_ldap_error_t **errorp,
794 	const void *userdata);
795 
796 int  __ns_ldap_nextEntry(
797 	void *cookie,
798 	ns_ldap_result_t ** result,
799 	ns_ldap_error_t **errorp);
800 
801 int  __ns_ldap_endEntry(
802 	void **cookie,
803 	ns_ldap_error_t **errorp);
804 
805 int __ns_ldap_freeResult(
806 	ns_ldap_result_t **result);
807 
808 int __ns_ldap_freeError(
809 	ns_ldap_error_t **errorp);
810 
811 int  __ns_ldap_uid2dn(
812 	const char *uid,
813 	char **userDN,
814 	const ns_cred_t *cred,
815 	ns_ldap_error_t ** errorp);
816 
817 int  __ns_ldap_host2dn(
818 	const char *host,
819 	const char *domain,
820 	char **hostDN,
821 	const ns_cred_t *cred,
822 	ns_ldap_error_t ** errorp);
823 
824 int  __ns_ldap_dn2domain(
825 	const char *dn,
826 	char **domain,
827 	const ns_cred_t *cred,
828 	ns_ldap_error_t ** errorp);
829 
830 int __ns_ldap_auth(
831 	const ns_cred_t *cred,
832 	const int flag,
833 	ns_ldap_error_t **errorp,
834 	LDAPControl **serverctrls,
835 	LDAPControl **clientctrls);
836 
837 int __ns_ldap_freeCred(
838 	ns_cred_t **credp);
839 
840 int __ns_ldap_err2str(
841 	int err,
842 	char **strmsg);
843 
844 int __ns_ldap_setParam(
845 	const ParamIndexType type,
846 	const void *data,
847 	ns_ldap_error_t **errorp);
848 
849 int __ns_ldap_getParam(
850 	const ParamIndexType type,
851 	void ***data,
852 	ns_ldap_error_t **errorp);
853 
854 int __ns_ldap_freeParam(
855 	void ***data);
856 
857 char **__ns_ldap_getAttr(
858 	const ns_ldap_entry_t *entry,
859 	const char *attrname);
860 
861 ns_ldap_attr_t	*__ns_ldap_getAttrStruct(
862 	const ns_ldap_entry_t *entry,
863 	const char *attrname);
864 
865 int __ns_ldap_getServiceAuthMethods(
866 	const char *service,
867 	ns_auth_t ***auth,
868 	ns_ldap_error_t **errorp);
869 
870 int __ns_ldap_getSearchDescriptors(
871 	const char *service,
872 	ns_ldap_search_desc_t ***desc,
873 	ns_ldap_error_t **errorp);
874 
875 int __ns_ldap_freeSearchDescriptors(
876 	ns_ldap_search_desc_t ***desc);
877 
878 int __ns_ldap_getAttributeMaps(
879 	const char *service,
880 	ns_ldap_attribute_map_t ***maps,
881 	ns_ldap_error_t **errorp);
882 
883 int __ns_ldap_freeAttributeMaps(
884 	ns_ldap_attribute_map_t ***maps);
885 
886 char **__ns_ldap_getMappedAttributes(
887 	const char *service,
888 	const char *origAttribute);
889 
890 char **__ns_ldap_getOrigAttribute(
891 	const char *service,
892 	const char *mappedAttribute);
893 
894 int __ns_ldap_getObjectClassMaps(
895 	const char *service,
896 	ns_ldap_objectclass_map_t ***maps,
897 	ns_ldap_error_t **errorp);
898 
899 int __ns_ldap_freeObjectClassMaps(
900 	ns_ldap_objectclass_map_t ***maps);
901 
902 char **__ns_ldap_getMappedObjectClass(
903 	const char *service,
904 	const char *origObjectClass);
905 
906 char **__ns_ldap_getOrigObjectClass(
907 	const char *service,
908 	const char *mappedObjectClass);
909 
910 int __ns_ldap_getParamType(
911 	const char *value,
912 	ParamIndexType *type);
913 
914 int __ns_ldap_getAcctMgmt(
915 	const char *user,
916 	AcctUsableResponse_t *acctResp);
917 
918 boolean_t __ns_ldap_is_shadow_update_enabled(void);
919 
920 void
921 __ns_ldap_self_gssapi_only_set(
922 	int flag);
923 int
924 __ns_ldap_self_gssapi_config(
925 	ns_ldap_self_gssapi_config_t *config);
926 #ifdef __cplusplus
927 }
928 #endif
929 
930 #endif /* _NS_SLDAP_H */
931