xref: /illumos-gate/usr/src/lib/libsldap/common/ns_sldap.h (revision 13b136d3061155363c62c9f6568d25b8b27da8f6)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
24  */
25 
26 
27 #ifndef	_NS_SLDAP_H
28 #define	_NS_SLDAP_H
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 #include <stdio.h>
35 #include <sys/types.h>
36 #include <lber.h>
37 #include <ldap.h>
38 
39 /*
40  * Version
41  */
42 #define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
43 #define	NS_LDAP_VERSION_1	"1.0"
44 #define	NS_LDAP_VERSION_2	"2.0"
45 
46 /*
47  * Flags
48  */
49 #define	NS_LDAP_HARD		  0x001
50 #define	NS_LDAP_ALL_RES		  0x002
51 
52 /* Search Referral Option */
53 typedef enum SearchRef {
54 	NS_LDAP_FOLLOWREF	= 0x004,
55 	NS_LDAP_NOREF		= 0x008
56 } SearchRef_t;
57 
58 typedef enum ScopeType {
59 	NS_LDAP_SCOPE_BASE	= 0x010,
60 	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
61 	NS_LDAP_SCOPE_SUBTREE	= 0x040
62 } ScopeType_t;
63 
64 /*
65  * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
66  * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
67  * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
68  * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
69  */
70 
71 #define	NS_LDAP_KEEP_CONN	  0x080
72 #define	NS_LDAP_NEW_CONN	  0x400
73 #define	NS_LDAP_NOMAP		  0x800
74 
75 #define	NS_LDAP_PAGE_CTRL	  0x1000
76 #define	NS_LDAP_NO_PAGE_CTRL	  0x0000
77 
78 /*
79  * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
80  * to retrieve the DN in LDAP and DN is not to be converted when
81  * being passed back to the application. See __ns_ldap_uid2dn()
82  * and __ns_ldap_host2dn() for such usage.
83  */
84 #define	NS_LDAP_NOT_CVT_DN	0x2000
85 
86 /*
87  * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
88  * __ns_ldap_repAttr() to update the shadow database on the
89  * LDAP server.
90  */
91 #define	NS_LDAP_UPDATE_SHADOW	0x4000
92 
93 /*
94  * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
95  * and __ns_ldap_firstEntry() to read the shadow database on the
96  * LDAP server.
97  */
98 #define	NS_LDAP_READ_SHADOW	0x8000
99 
100 /*
101  * Authentication Information
102  */
103 typedef enum CredLevel {
104 	NS_LDAP_CRED_ANON	= 0,
105 	NS_LDAP_CRED_PROXY	= 1,
106 	NS_LDAP_CRED_SELF	= 2
107 } CredLevel_t;
108 
109 typedef enum AuthType {
110 	NS_LDAP_AUTH_NONE	= 0,
111 	NS_LDAP_AUTH_SIMPLE	= 1,
112 	NS_LDAP_AUTH_SASL	= 2,
113 	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
114 	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
115 } AuthType_t;
116 
117 typedef enum TlsType {
118 	NS_LDAP_TLS_NONE	= 0,
119 	NS_LDAP_TLS_SIMPLE	= 1,
120 	NS_LDAP_TLS_SASL	= 2
121 } TlsType_t;
122 
123 typedef enum SaslMech {
124 	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
125 	NS_LDAP_SASL_CRAM_MD5	= 1,
126 	NS_LDAP_SASL_DIGEST_MD5	= 2,
127 	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
128 	NS_LDAP_SASL_GSSAPI	= 4,
129 	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
130 } SaslMech_t;
131 
132 typedef enum SaslOpt {
133 	NS_LDAP_SASLOPT_NONE	= 0,
134 	NS_LDAP_SASLOPT_INT	= 1,
135 	NS_LDAP_SASLOPT_PRIV	= 2
136 } SaslOpt_t;
137 
138 typedef enum PrefOnly {
139 	NS_LDAP_PREF_FALSE	= 0,
140 	NS_LDAP_PREF_TRUE	= 1
141 } PrefOnly_t;
142 
143 typedef enum enableShadowUpdate {
144 	NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE	= 0,
145 	NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE	= 1
146 } enableShadowUpdate_t;
147 
148 typedef struct UnixCred {
149 	char	*userID;	/* Unix ID number */
150 	char	*passwd;	/* password */
151 } UnixCred_t;
152 
153 typedef struct CertCred {
154 	char	*path;		/* certificate path */
155 	char	*passwd;	/* password */
156 	char	*nickname;	/* nickname */
157 } CertCred_t;
158 
159 typedef struct ns_auth {
160 	AuthType_t	type;
161 	TlsType_t	tlstype;
162 	SaslMech_t	saslmech;
163 	SaslOpt_t	saslopt;
164 } ns_auth_t;
165 
166 typedef struct ns_cred {
167 	ns_auth_t	auth;
168 	char		*hostcertpath;
169 	union {
170 		UnixCred_t	unix_cred;
171 		CertCred_t	cert_cred;
172 	} cred;
173 } ns_cred_t;
174 
175 
176 typedef struct LineBuf {
177 	char *str;
178 	int len;
179 	int alloc;
180 } LineBuf;
181 
182 /*
183  * Configuration Information
184  */
185 
186 typedef enum {
187 	NS_LDAP_FILE_VERSION_P		= 0,
188 	NS_LDAP_BINDDN_P		= 1,
189 	NS_LDAP_BINDPASSWD_P		= 2,
190 	NS_LDAP_SERVERS_P		= 3,
191 	NS_LDAP_SEARCH_BASEDN_P		= 4,
192 	NS_LDAP_AUTH_P			= 5,
193 /*
194  * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
195  * with version 1 clients and their configuration files.  The only
196  * supported value is NS_LDAP_SEC_NONE.  No application should be
197  * using this parameter type (either through getParam or setParam.
198  */
199 	NS_LDAP_TRANSPORT_SEC_P		= 6,
200 	NS_LDAP_SEARCH_REF_P		= 7,
201 	NS_LDAP_DOMAIN_P		= 8,
202 	NS_LDAP_EXP_P			= 9,
203 	NS_LDAP_CERT_PATH_P		= 10,
204 	NS_LDAP_CERT_PASS_P		= 11,
205 	NS_LDAP_SEARCH_DN_P		= 12,
206 	NS_LDAP_SEARCH_SCOPE_P		= 13,
207 	NS_LDAP_SEARCH_TIME_P		= 14,
208 	NS_LDAP_SERVER_PREF_P		= 15,
209 	NS_LDAP_PREF_ONLY_P		= 16,
210 	NS_LDAP_CACHETTL_P		= 17,
211 	NS_LDAP_PROFILE_P		= 18,
212 	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
213 	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
214 	NS_LDAP_BIND_TIME_P		= 21,
215 	NS_LDAP_ATTRIBUTEMAP_P		= 22,
216 	NS_LDAP_OBJECTCLASSMAP_P	= 23,
217 	NS_LDAP_CERT_NICKNAME_P		= 24,
218 	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
219 	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
220 	NS_LDAP_HOST_CERTPATH_P		= 27,
221 	NS_LDAP_ENABLE_SHADOW_UPDATE_P	= 28,
222 	NS_LDAP_ADMIN_BINDDN_P		= 29,
223 	NS_LDAP_ADMIN_BINDPASSWD_P	= 30,
224 /*
225  * The following entry (max ParamIndexType) is an internal
226  * placeholder.  It must be the last (and highest value)
227  * entry in this eNum.  Please update accordingly.
228  */
229 	NS_LDAP_MAX_PIT_P		= 31
230 
231 } ParamIndexType;
232 
233 /*
234  * NONE - No self / SASL/GSSAPI configured
235  * ONLY - Only self / SASL/GSSAPI configured
236  * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
237  */
238 typedef enum {
239 	NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
240 	NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
241 	NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
242 } ns_ldap_self_gssapi_config_t;
243 
244 /*
245  * __ns_ldap_*() return codes
246  */
247 typedef enum {
248 	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
249 	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
250 	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
251 	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
252 	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
253 	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
254 	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
255 	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
256 	NS_LDAP_SUCCESS_WITH_INFO
257 				= 9  /* success, with info in errorp */
258 } ns_ldap_return_code;
259 
260 /*
261  * Detailed error code for NS_LDAP_CONFIG
262  */
263 typedef enum {
264 	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
265 	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
266 	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
267 	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
268 	NS_CONFIG_FILE		= 4,	/* configuration file problem */
269 	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
270 } ns_ldap_config_return_code;
271 
272 /*
273  * Detailed error code for NS_LDAP_PARTIAL
274  */
275 typedef enum {
276 	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
277 	NS_PARTIAL_OTHER	= 1	/* error encountered */
278 } ns_ldap_partial_return_code;
279 
280 /*
281  * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
282  */
283 typedef enum {
284 	NS_HOSTCRED_FALSE = 0,
285 	NS_HOSTCRED_TRUE  = 1
286 } hostcred_t;
287 
288 /*
289  * Detailed password status
290  */
291 typedef enum {
292 	NS_PASSWD_GOOD			= 0,	/* password is good */
293 	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
294 						/* about to expire */
295 	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
296 						/* changed immediately */
297 	NS_PASSWD_EXPIRED		= 3,	/* password expired */
298 	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
299 						/* account is locked */
300 	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
301 						/* by the administrator */
302 	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
303 						/* new password has */
304 						/* invalid syntax -- */
305 						/* trivial password: same */
306 						/* value as attr, cn, sn, */
307 						/* uid, etc. */
308 						/* or strong password */
309 						/* policies check */
310 	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
311 						/* new password has */
312 						/* less chars than */
313 						/* required */
314 	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
315 						/* reuse old password  */
316 	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
317 						/* within minimum age  */
318 } ns_ldap_passwd_status_t;
319 
320 /*
321  * Password management information structure
322  *
323  * This structure is different from AcctUsableResponse_t structure in
324  * that this structure holds result of users account mgmt information when
325  * an ldap bind is done with user name and user password.
326  */
327 typedef struct ns_ldap_passwd_mgmt {
328 	ns_ldap_passwd_status_t
329 		status;			/* password status */
330 	int	sec_until_expired;	/* seconds until expired, */
331 					/* valid if status is */
332 					/* NS_PASSWD_ABOUT_TO_EXPIRE */
333 } ns_ldap_passwd_mgmt_t;
334 
335 /*
336  * LDAP V3 control flag for account management - Used for account management
337  * when no password is provided
338  */
339 #define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"
340 
341 /*
342  * Structure for holding the response returned by server for
343  * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
344  */
345 typedef struct AcctUsableMoreInfo {
346 	int inactive;
347 	int reset;
348 	int expired;
349 	int rem_grace;
350 	int sec_b4_unlock;
351 } AcctUsableMoreInfo_t;
352 
353 /*
354  * Structure used to hold the response from the server for
355  * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
356  *
357  * ACCOUNT_USABLE_RESPONSE::= CHOICE {
358  * is_available		[0] INTEGER, seconds before expiration
359  * is_not_available	[1] More_info
360  * }
361  *
362  * More_info::= SEQUENCE {
363  * inactive		[0] BOOLEAN DEFAULT FALSE,
364  * reset		[1] BOOLEAN DEFAULT FALSE,
365  * expired		[2] BOOLEAN DEFAULT FALSE,
366  * remaining_grace	[3] INTEGER OPTIONAL,
367  * seconds_before_unlock[4] INTEGER OPTIONAL
368  * }
369  *
370  * This structure is different from ns_ldap_passwd_mgmt_t structure in
371  * that this structure holds result of users account mgmt information when
372  * pam_ldap doesn't have the users password and proxy agent is used for
373  * obtaining the account management information.
374  */
375 typedef struct AcctUsableResponse {
376 	int choice;
377 	union {
378 		int seconds_before_expiry;
379 		AcctUsableMoreInfo_t more_info;
380 	} AcctUsableResp;
381 } AcctUsableResponse_t;
382 
383 /*
384  * Simplified LDAP Naming API result structure
385  */
386 typedef struct ns_ldap_error {
387 	int	status;				/* LDAP error code */
388 	char	*message;			/* LDAP error message */
389 	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
390 						/* management info */
391 } ns_ldap_error_t;
392 
393 typedef struct	 ns_ldap_attr {
394 	char	*attrname;			/* attribute name */
395 	uint_t	value_count;
396 	char	**attrvalue;			/* attribute values */
397 } ns_ldap_attr_t;
398 
399 typedef struct ns_ldap_entry {
400 	uint_t		attr_count;		/* number of attributes */
401 	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
402 	struct ns_ldap_entry *next;		/* next entry */
403 } ns_ldap_entry_t;
404 
405 typedef struct ns_ldap_result {
406 	uint_t	entries_count;		/* number of entries */
407 	ns_ldap_entry_t	*entry;		/* data */
408 } ns_ldap_result_t;
409 
410 /*
411  * structures for the conversion routines used by typedAddEntry()
412  */
413 
414 typedef struct _ns_netgroups {
415 	char  *name;
416 	char  **triplet;
417 	char  **netgroup;
418 } _ns_netgroups_t;
419 
420 typedef struct _ns_netmasks {
421 	char *netnumber;
422 	char *netmask;
423 } _ns_netmasks_t;
424 
425 typedef struct _ns_bootp {
426 	char *name;
427 	char **param;
428 } _ns_bootp_t;
429 
430 typedef struct _ns_ethers {
431 	char *name;
432 	char *ether;
433 } _ns_ethers_t;
434 
435 typedef struct _ns_pubkey {
436 	char *name;
437 	hostcred_t hostcred;
438 	char *pubkey;
439 	char *privkey;
440 } _ns_pubkey_t;
441 
442 typedef struct _ns_alias {
443 	char *alias;
444 	char **member;
445 } _ns_alias_t;
446 
447 typedef struct _ns_automount {
448 	char *mapname;
449 	char *key;
450 	char *value;
451 } _ns_automount_t;
452 
453 /*
454  * return values for the callback function in __ns_ldap_list()
455  */
456 #define	NS_LDAP_CB_NEXT	0	/* get the next entry */
457 #define	NS_LDAP_CB_DONE	1	/* done */
458 
459 /*
460  * Input values for the type specified in __ns_ldap_addTypedEntry()
461  * and __ns_ldap_delTypedEntry()
462  */
463 
464 #define	NS_LDAP_TYPE_PASSWD	"passwd"
465 #define	NS_LDAP_TYPE_GROUP	"group"
466 #define	NS_LDAP_TYPE_HOSTS	"hosts"
467 #define	NS_LDAP_TYPE_IPNODES	"ipnodes"
468 #define	NS_LDAP_TYPE_PROFILE	"prof_attr"
469 #define	NS_LDAP_TYPE_RPC	"rpc"
470 #define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
471 #define	NS_LDAP_TYPE_NETWORKS	"networks"
472 #define	NS_LDAP_TYPE_NETGROUP	"netgroup"
473 #define	NS_LDAP_TYPE_ALIASES	"aliases"
474 #define	NS_LDAP_TYPE_SERVICES	"services"
475 #define	NS_LDAP_TYPE_ETHERS	"ethers"
476 #define	NS_LDAP_TYPE_SHADOW	"shadow"
477 #define	NS_LDAP_TYPE_NETMASKS	"netmasks"
478 #define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
479 #define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
480 #define	NS_LDAP_TYPE_USERATTR	"user_attr"
481 #define	NS_LDAP_TYPE_PROJECT	"project"
482 #define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
483 #define	NS_LDAP_TYPE_AUUSER	"audit_user"
484 #define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
485 #define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
486 #define	NS_LDAP_TYPE_TNRHDB	"tnrhdb"
487 #define	NS_LDAP_TYPE_TNRHTP	"tnrhtp"
488 
489 /*
490  * service descriptor/attribute mapping structure
491  */
492 
493 typedef struct ns_ldap_search_desc {
494 	char		*basedn;	/* search base dn */
495 	ScopeType_t	scope;		/* search scope */
496 	char		*filter;	/* search filter */
497 } ns_ldap_search_desc_t;
498 
499 typedef struct ns_ldap_attribute_map {
500 	char		*origAttr;	/* original attribute */
501 	char		**mappedAttr;	/* mapped attribute(s) */
502 } ns_ldap_attribute_map_t;
503 
504 typedef struct ns_ldap_objectclass_map {
505 	char		*origOC;	/* original objectclass */
506 	char		*mappedOC;	/* mapped objectclass */
507 } ns_ldap_objectclass_map_t;
508 
509 /*
510  * Value of the userPassword attribute representing NO Unix password
511  */
512 #define	NS_LDAP_NO_UNIX_PASSWORD	"<NO UNIX PASSWORD>"
513 
514 /* Opaque handle for batch API */
515 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
516 
517 /*
518  * The type of standalone configuration specified by a client application.
519  * The meaning of the requests is as follows:
520  *
521  * NS_CACHEMGR:    libsldap will request all the configuration via door_call(3C)
522  *                 to ldap_cachemgr.
523  * NS_LDAP_SERVER: the consumer application has specified a directory server
524  *                 to communicate to.
525  * NS_PREDEFINED:  reserved for internal use
526  */
527 typedef enum {
528 	NS_CACHEMGR = 0,
529 	NS_LDAP_SERVER
530 } ns_standalone_request_type_t;
531 
532 /*
533  * This structure describes an LDAP server specified by a client application.
534  */
535 typedef struct ns_dir_server {
536 	char *server;			/* A directory server's IP */
537 	uint16_t port;			/* A directory server's port. */
538 					/* Default value is 389 */
539 	char *domainName;		/* A domain name being served */
540 					/* by the specified server. */
541 					/* Default value is the local */
542 					/* domain's name */
543 	char *profileName;		/* A DUAProfile's name. */
544 					/* Default value is 'default' */
545 	ns_auth_t *auth;		/* Authentication information used */
546 					/* during subsequent connections */
547 	char *cred;			/* A credential level to be used */
548 					/* along with the authentication info */
549 	char *host_cert_path;		/* A path to the certificate database */
550 					/* Default is '/vat/ldap' */
551 	char *bind_dn;			/* A bind DN to be used during */
552 					/* subsequent LDAP Bind requests */
553 	char *bind_passwd;		/* A bind password to be used during */
554 					/* subsequent LDAP Bind requests */
555 } ns_dir_server_t;
556 
557 /*
558  * This structure contains information describing an LDAP server.
559  */
560 typedef struct ns_standalone_conf {
561 	union {
562 		ns_dir_server_t server;
563 		void *predefined_conf;	/* Reserved for internal use */
564 	} ds_profile;			/* A type of the configuration */
565 
566 #define	SA_SERVER	ds_profile.server.server
567 #define	SA_PORT		ds_profile.server.port
568 #define	SA_DOMAIN	ds_profile.server.domainName
569 #define	SA_PROFILE_NAME	ds_profile.server.profileName
570 #define	SA_AUTH		ds_profile.server.auth
571 #define	SA_CRED		ds_profile.server.cred
572 #define	SA_CERT_PATH	ds_profile.server.host_cert_path
573 #define	SA_BIND_DN	ds_profile.server.bind_dn
574 #define	SA_BIND_PWD	ds_profile.server.bind_passwd
575 
576 	ns_standalone_request_type_t type;
577 } ns_standalone_conf_t;
578 
579 /*
580  * This function "informs" libsldap that a client application has specified
581  * a directory to use. The function obtains a DUAProfile, credentials,
582  * and naming context. During all further operations on behalf
583  * of the application requested a standalone schema libsldap will use
584  * the information obtained by __ns_ldap_initStandalone() instead of
585  * door_call(3C)ing ldap_cachemgr(1M).
586  *
587  * conf
588  * 	A structure describing where and in which way to obtain all the
589  * 	configuration describing how to communicate to a choosen LDAP directory.
590  *
591  * errorp
592  * 	An error object describing an error occured.
593  */
594 ns_ldap_return_code __ns_ldap_initStandalone(
595 	const ns_standalone_conf_t *conf,
596 	ns_ldap_error_t	**errorp);
597 
598 /*
599  * This function obtains the directory's base DN and a DUAProfile
600  * from a specified server.
601  *
602  * server
603  * 	Specifies the selected directory sever.
604  *
605  * cred
606  * 	Contains an authentication information and credential required to
607  * 	establish a connection.
608  *
609  * config
610  * 	If not NULL, a new configuration basing on a DUAProfile specified in the
611  * 	server parameter will be create and returned.
612  *
613  * baseDN
614  * 	If not NULL, the directory's base DN will be returned.
615  *
616  * error
617  * 	Describes an error, if any.
618  */
619 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
620 	const ns_dir_server_t *server,
621 	const ns_cred_t *cred,
622 	char **config,	char **baseDN,
623 	ns_ldap_error_t **error);
624 
625 #define	SA_PROHIBIT_FALLBACK 0
626 #define	SA_ALLOW_FALLBACK 1
627 
628 #define	DONT_SAVE_NSCONF 0
629 #define	SAVE_NSCONF 1
630 
631 /*
632  * This function obtains the root DSE from a specified server.
633  *
634  * server_addr
635  * 	An adress of a server to be connected to.
636  *
637  * rootDSE
638  * 	A buffer containing the root DSE in the ldap_cachmgr door call format.
639  *
640  * errorp
641  * 	Describes an error, if any.
642  *
643  * anon_fallback
644  * 	If set to 1 and establishing a connection fails, __s_api_getRootDSE()
645  * 	will try once again using anonymous credentials.
646  */
647 ns_ldap_return_code __ns_ldap_getRootDSE(
648 	const char *server_addr,
649 	char **rootDSE,
650 	ns_ldap_error_t **errorp,
651 	int anon_fallback);
652 
653 /*
654  * This function iterates through the list of the configured LDAP servers
655  * and "pings" those which are marked as removed or if any error occurred
656  * during the previous receiving of the server's root DSE. If the
657  * function is able to reach such a server and get its root DSE, it
658  * marks the server as on-line. Otherwise, the server's status is set
659  * to "Error".
660  * For each server the function tries to connect to, it fires up
661  * a separate thread and then waits until all the threads finish.
662  * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
663  * initialized or was canceled prior to an invocation of
664  * __ns_ldap_pingOfflineServers().
665  */
666 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
667 
668 /*
669  * This function cancels the Standalone mode and destroys the list of root DSEs.
670  */
671 void __ns_ldap_cancelStandalone(void);
672 /*
673  * This function initializes an ns_auth_t structure provided by a caller
674  * according to a specified authentication mechanism.
675  */
676 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
677 	ns_auth_t *auth,
678 	ns_ldap_error_t **errorp);
679 
680 /*
681  * Simplified LDAP Naming APIs
682  */
683 int __ns_ldap_list(
684 	const char *service,
685 	const char *filter,
686 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
687 			char **realfilter, const void *userdata),
688 	const char * const *attribute,
689 	const ns_cred_t *cred,
690 	const int flags,
691 	ns_ldap_result_t ** result,
692 	ns_ldap_error_t ** errorp,
693 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
694 	const void *userdata);
695 
696 
697 int __ns_ldap_list_sort(
698 	const char *service,
699 	const char *filter,
700 	const char *sortattr,
701 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
702 			char **realfilter, const void *userdata),
703 	const char * const *attribute,
704 	const ns_cred_t *cred,
705 	const int flags,
706 	ns_ldap_result_t ** result,
707 	ns_ldap_error_t ** errorp,
708 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
709 	const void *userdata);
710 
711 int __ns_ldap_list_batch_start(
712 	ns_ldap_list_batch_t **batch);
713 
714 int __ns_ldap_list_batch_add(
715 	ns_ldap_list_batch_t *batch,
716 	const char *service,
717 	const char *filter,
718 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
719 			char **realfilter, const void *userdata),
720 	const char * const *attribute,
721 	const ns_cred_t *cred,
722 	const int flags,
723 	ns_ldap_result_t ** result,
724 	ns_ldap_error_t ** errorp,
725 	int *rcp,
726 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
727 	const void *userdata);
728 
729 int __ns_ldap_list_batch_end(
730 	ns_ldap_list_batch_t *batch);
731 
732 void __ns_ldap_list_batch_release(
733 	ns_ldap_list_batch_t *batch);
734 
735 int  __ns_ldap_addAttr(
736 	const char *service,
737 	const char *dn,
738 	const ns_ldap_attr_t * const *attr,
739 	const ns_cred_t *cred,
740 	const int flags,
741 	ns_ldap_error_t **errorp);
742 
743 int __ns_ldap_delAttr(
744 	const char *service,
745 	const char *dn,
746 	const ns_ldap_attr_t * const *attr,
747 	const ns_cred_t *cred,
748 	const int flags,
749 	ns_ldap_error_t **errorp);
750 
751 int  __ns_ldap_repAttr(
752 	const char *service,
753 	const char *dn,
754 	const ns_ldap_attr_t * const *attr,
755 	const ns_cred_t *cred,
756 	const int flags,
757 	ns_ldap_error_t **errorp);
758 
759 int  __ns_ldap_addEntry(
760 	const char *service,
761 	const char *dn,
762 	const ns_ldap_entry_t *entry,
763 	const ns_cred_t *cred,
764 	const int flags,
765 	ns_ldap_error_t **errorp);
766 
767 int  __ns_ldap_addTypedEntry(
768 	const char *servicetype,
769 	const char *basedn,
770 	const void *data,
771 	const int  create,
772 	const ns_cred_t *cred,
773 	const int flags,
774 	ns_ldap_error_t **errorp);
775 
776 int __ns_ldap_delEntry(
777 	const char *service,
778 	const char *dn,
779 	const ns_cred_t *cred,
780 	const int flags,
781 	ns_ldap_error_t **errorp);
782 
783 int __ns_ldap_firstEntry(
784 	const char *service,
785 	const char *filter,
786 	const char *sortattr,
787 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
788 			char **realfilter, const void *userdata),
789 	const char * const *attribute,
790 	const ns_cred_t *cred,
791 	const int flags,
792 	void **cookie,
793 	ns_ldap_result_t ** result,
794 	ns_ldap_error_t **errorp,
795 	const void *userdata);
796 
797 int  __ns_ldap_nextEntry(
798 	void *cookie,
799 	ns_ldap_result_t ** result,
800 	ns_ldap_error_t **errorp);
801 
802 int  __ns_ldap_endEntry(
803 	void **cookie,
804 	ns_ldap_error_t **errorp);
805 
806 int __ns_ldap_freeResult(
807 	ns_ldap_result_t **result);
808 
809 int __ns_ldap_freeError(
810 	ns_ldap_error_t **errorp);
811 
812 int  __ns_ldap_uid2dn(
813 	const char *uid,
814 	char **userDN,
815 	const ns_cred_t *cred,
816 	ns_ldap_error_t ** errorp);
817 
818 int  __ns_ldap_dn2uid(
819 	const char *dn,
820 	char **userID,
821 	const ns_cred_t *cred,
822 	ns_ldap_error_t ** errorp);
823 
824 int  __ns_ldap_host2dn(
825 	const char *host,
826 	const char *domain,
827 	char **hostDN,
828 	const ns_cred_t *cred,
829 	ns_ldap_error_t ** errorp);
830 
831 int  __ns_ldap_dn2domain(
832 	const char *dn,
833 	char **domain,
834 	const ns_cred_t *cred,
835 	ns_ldap_error_t ** errorp);
836 
837 int __ns_ldap_auth(
838 	const ns_cred_t *cred,
839 	const int flag,
840 	ns_ldap_error_t **errorp,
841 	LDAPControl **serverctrls,
842 	LDAPControl **clientctrls);
843 
844 int __ns_ldap_freeCred(
845 	ns_cred_t **credp);
846 
847 int __ns_ldap_err2str(
848 	int err,
849 	char **strmsg);
850 
851 int __ns_ldap_setParam(
852 	const ParamIndexType type,
853 	const void *data,
854 	ns_ldap_error_t **errorp);
855 
856 int __ns_ldap_getParam(
857 	const ParamIndexType type,
858 	void ***data,
859 	ns_ldap_error_t **errorp);
860 
861 int __ns_ldap_freeParam(
862 	void ***data);
863 
864 char **__ns_ldap_getAttr(
865 	const ns_ldap_entry_t *entry,
866 	const char *attrname);
867 
868 ns_ldap_attr_t	*__ns_ldap_getAttrStruct(
869 	const ns_ldap_entry_t *entry,
870 	const char *attrname);
871 
872 int __ns_ldap_getServiceAuthMethods(
873 	const char *service,
874 	ns_auth_t ***auth,
875 	ns_ldap_error_t **errorp);
876 
877 int __ns_ldap_getSearchDescriptors(
878 	const char *service,
879 	ns_ldap_search_desc_t ***desc,
880 	ns_ldap_error_t **errorp);
881 
882 int __ns_ldap_freeSearchDescriptors(
883 	ns_ldap_search_desc_t ***desc);
884 
885 int __ns_ldap_getAttributeMaps(
886 	const char *service,
887 	ns_ldap_attribute_map_t ***maps,
888 	ns_ldap_error_t **errorp);
889 
890 int __ns_ldap_freeAttributeMaps(
891 	ns_ldap_attribute_map_t ***maps);
892 
893 char **__ns_ldap_getMappedAttributes(
894 	const char *service,
895 	const char *origAttribute);
896 
897 char **__ns_ldap_getOrigAttribute(
898 	const char *service,
899 	const char *mappedAttribute);
900 
901 int __ns_ldap_getObjectClassMaps(
902 	const char *service,
903 	ns_ldap_objectclass_map_t ***maps,
904 	ns_ldap_error_t **errorp);
905 
906 int __ns_ldap_freeObjectClassMaps(
907 	ns_ldap_objectclass_map_t ***maps);
908 
909 char **__ns_ldap_getMappedObjectClass(
910 	const char *service,
911 	const char *origObjectClass);
912 
913 char **__ns_ldap_getOrigObjectClass(
914 	const char *service,
915 	const char *mappedObjectClass);
916 
917 int __ns_ldap_getParamType(
918 	const char *value,
919 	ParamIndexType *type);
920 
921 int __ns_ldap_getAcctMgmt(
922 	const char *user,
923 	AcctUsableResponse_t *acctResp);
924 
925 boolean_t __ns_ldap_is_shadow_update_enabled(void);
926 
927 void
928 __ns_ldap_self_gssapi_only_set(
929 	int flag);
930 int
931 __ns_ldap_self_gssapi_config(
932 	ns_ldap_self_gssapi_config_t *config);
933 #ifdef __cplusplus
934 }
935 #endif
936 
937 #endif /* _NS_SLDAP_H */
938