xref: /illumos-gate/usr/src/lib/libsldap/common/ns_sldap.h (revision 1f6eb0216cb17ca5fdff9563329f1dda47c8b801)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #ifndef	_NS_SLDAP_H
28 #define	_NS_SLDAP_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 #include <stdio.h>
37 #include <sys/types.h>
38 #include <lber.h>
39 #include <ldap.h>
40 
41 /*
42  * Version
43  */
44 #define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
45 #define	NS_LDAP_VERSION_1	"1.0"
46 #define	NS_LDAP_VERSION_2	"2.0"
47 
48 /*
49  * Flags
50  */
51 #define	NS_LDAP_HARD		  0x001
52 #define	NS_LDAP_ALL_RES		  0x002
53 
54 /* Search Referral Option */
55 typedef enum SearchRef {
56 	NS_LDAP_FOLLOWREF	= 0x004,
57 	NS_LDAP_NOREF		= 0x008
58 } SearchRef_t;
59 
60 typedef enum ScopeType {
61 	NS_LDAP_SCOPE_BASE	= 0x010,
62 	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
63 	NS_LDAP_SCOPE_SUBTREE	= 0x040
64 } ScopeType_t;
65 
66 /*
67  * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
68  * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
69  * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
70  * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
71  */
72 
73 #define	NS_LDAP_KEEP_CONN	  0x080
74 #define	NS_LDAP_NEW_CONN	  0x400
75 #define	NS_LDAP_NOMAP		  0x800
76 
77 #define	NS_LDAP_PAGE_CTRL	  0x1000
78 #define	NS_LDAP_NO_PAGE_CTRL	  0x0000
79 
80 /*
81  * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
82  * to retrieve the DN in LDAP and DN is not to be converted when
83  * being passed back to the application. See __ns_ldap_uid2dn()
84  * and __ns_ldap_host2dn() for such usage.
85  */
86 #define	NS_LDAP_NOT_CVT_DN	0x2000
87 
88 /*
89  * Authentication Information
90  */
91 typedef enum CredLevel {
92 	NS_LDAP_CRED_ANON	= 0,
93 	NS_LDAP_CRED_PROXY	= 1,
94 	NS_LDAP_CRED_SELF	= 2
95 } CredLevel_t;
96 
97 typedef enum AuthType {
98 	NS_LDAP_AUTH_NONE	= 0,
99 	NS_LDAP_AUTH_SIMPLE	= 1,
100 	NS_LDAP_AUTH_SASL	= 2,
101 	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
102 	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
103 } AuthType_t;
104 
105 typedef enum TlsType {
106 	NS_LDAP_TLS_NONE	= 0,
107 	NS_LDAP_TLS_SIMPLE	= 1,
108 	NS_LDAP_TLS_SASL	= 2
109 } TlsType_t;
110 
111 typedef enum SaslMech {
112 	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
113 	NS_LDAP_SASL_CRAM_MD5	= 1,
114 	NS_LDAP_SASL_DIGEST_MD5	= 2,
115 	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
116 	NS_LDAP_SASL_GSSAPI	= 4,
117 	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
118 } SaslMech_t;
119 
120 typedef enum SaslOpt {
121 	NS_LDAP_SASLOPT_NONE	= 0,
122 	NS_LDAP_SASLOPT_INT	= 1,
123 	NS_LDAP_SASLOPT_PRIV	= 2
124 } SaslOpt_t;
125 
126 typedef enum PrefOnly {
127 	NS_LDAP_PREF_FALSE	= 0,
128 	NS_LDAP_PREF_TRUE	= 1
129 } PrefOnly_t;
130 
131 typedef struct UnixCred {
132 	char	*userID;	/* Unix ID number */
133 	char	*passwd;	/* password */
134 } UnixCred_t;
135 
136 typedef struct CertCred {
137 	char	*path;		/* certificate path */
138 	char	*passwd;	/* password */
139 	char	*nickname;	/* nickname */
140 } CertCred_t;
141 
142 typedef struct ns_auth {
143 	AuthType_t	type;
144 	TlsType_t	tlstype;
145 	SaslMech_t	saslmech;
146 	SaslOpt_t	saslopt;
147 } ns_auth_t;
148 
149 typedef struct ns_cred {
150 	ns_auth_t	auth;
151 	char		*hostcertpath;
152 	union {
153 		UnixCred_t	unix_cred;
154 		CertCred_t	cert_cred;
155 	} cred;
156 } ns_cred_t;
157 
158 
159 typedef struct LineBuf {
160 	char *str;
161 	int len;
162 	int alloc;
163 } LineBuf;
164 
165 /*
166  * Configuration Information
167  */
168 
169 typedef enum {
170 	NS_LDAP_FILE_VERSION_P		= 0,
171 	NS_LDAP_BINDDN_P		= 1,
172 	NS_LDAP_BINDPASSWD_P		= 2,
173 	NS_LDAP_SERVERS_P		= 3,
174 	NS_LDAP_SEARCH_BASEDN_P		= 4,
175 	NS_LDAP_AUTH_P			= 5,
176 /*
177  * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
178  * with version 1 clients and their configuration files.  The only
179  * supported value is NS_LDAP_SEC_NONE.  No application should be
180  * using this parameter type (either through getParam or setParam.
181  */
182 	NS_LDAP_TRANSPORT_SEC_P		= 6,
183 	NS_LDAP_SEARCH_REF_P		= 7,
184 	NS_LDAP_DOMAIN_P		= 8,
185 	NS_LDAP_EXP_P			= 9,
186 	NS_LDAP_CERT_PATH_P		= 10,
187 	NS_LDAP_CERT_PASS_P		= 11,
188 	NS_LDAP_SEARCH_DN_P		= 12,
189 	NS_LDAP_SEARCH_SCOPE_P		= 13,
190 	NS_LDAP_SEARCH_TIME_P		= 14,
191 	NS_LDAP_SERVER_PREF_P		= 15,
192 	NS_LDAP_PREF_ONLY_P		= 16,
193 	NS_LDAP_CACHETTL_P		= 17,
194 	NS_LDAP_PROFILE_P		= 18,
195 	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
196 	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
197 	NS_LDAP_BIND_TIME_P		= 21,
198 	NS_LDAP_ATTRIBUTEMAP_P		= 22,
199 	NS_LDAP_OBJECTCLASSMAP_P	= 23,
200 	NS_LDAP_CERT_NICKNAME_P		= 24,
201 	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
202 	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
203 	NS_LDAP_HOST_CERTPATH_P		= 27,
204 /*
205  * The following entry (max ParamIndexType) is an internal
206  * placeholder.  It must be the last (and highest value)
207  * entry in this eNum.  Please update accordingly.
208  */
209 	NS_LDAP_MAX_PIT_P		= 28
210 
211 } ParamIndexType;
212 
213 /*
214  * NONE - No self / SASL/GSSAPI configured
215  * ONLY - Only self / SASL/GSSAPI configured
216  * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
217  */
218 typedef enum {
219 	NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
220 	NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
221 	NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
222 } ns_ldap_self_gssapi_config_t;
223 
224 /*
225  * __ns_ldap_*() return codes
226  */
227 typedef enum {
228 	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
229 	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
230 	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
231 	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
232 	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
233 	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
234 	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
235 	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
236 	NS_LDAP_SUCCESS_WITH_INFO
237 				= 9  /* success, with info in errorp */
238 } ns_ldap_return_code;
239 
240 /*
241  * Detailed error code for NS_LDAP_CONFIG
242  */
243 typedef enum {
244 	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
245 	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
246 	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
247 	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
248 	NS_CONFIG_FILE		= 4,	/* configuration file problem */
249 	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
250 } ns_ldap_config_return_code;
251 
252 /*
253  * Detailed error code for NS_LDAP_PARTIAL
254  */
255 typedef enum {
256 	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
257 	NS_PARTIAL_OTHER	= 1	/* error encountered */
258 } ns_ldap_partial_return_code;
259 
260 /*
261  * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
262  */
263 typedef enum {
264 	NS_HOSTCRED_FALSE = 0,
265 	NS_HOSTCRED_TRUE  = 1
266 } hostcred_t;
267 
268 /*
269  * Detailed password status
270  */
271 typedef enum {
272 	NS_PASSWD_GOOD			= 0,	/* password is good */
273 	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
274 						/* about to expire */
275 	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
276 						/* changed immediately */
277 	NS_PASSWD_EXPIRED		= 3,	/* password expired */
278 	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
279 						/* account is locked */
280 	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
281 						/* by the administrator */
282 	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
283 						/* new password has */
284 						/* invalid syntax -- */
285 						/* same value as attr */
286 						/* cn, sn, uid, etc. */
287 	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
288 						/* new password has */
289 						/* less chars than */
290 						/* required */
291 	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
292 						/* reuse old password  */
293 	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
294 						/* within minimum age  */
295 } ns_ldap_passwd_status_t;
296 
297 /*
298  * Password management information structure
299  *
300  * This structure is different from AcctUsableResponse_t structure in
301  * that this structure holds result of users account mgmt information when
302  * an ldap bind is done with user name and user password.
303  */
304 typedef struct ns_ldap_passwd_mgmt {
305 	ns_ldap_passwd_status_t
306 		status;			/* password status */
307 	int	sec_until_expired;	/* seconds until expired, */
308 					/* valid if status is */
309 					/* NS_PASSWD_ABOUT_TO_EXPIRE */
310 } ns_ldap_passwd_mgmt_t;
311 
312 /*
313  * LDAP V3 control flag for account management - Used for account management
314  * when no password is provided
315  */
316 #define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"
317 
318 /*
319  * Structure for holding the response returned by server for
320  * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
321  */
322 typedef struct AcctUsableMoreInfo {
323 	int inactive;
324 	int reset;
325 	int expired;
326 	int rem_grace;
327 	int sec_b4_unlock;
328 } AcctUsableMoreInfo_t;
329 
330 /*
331  * Structure used to hold the response from the server for
332  * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
333  *
334  * ACCOUNT_USABLE_RESPONSE::= CHOICE {
335  * is_available		[0] INTEGER, seconds before expiration
336  * is_not_available	[1] More_info
337  * }
338  *
339  * More_info::= SEQUENCE {
340  * inactive		[0] BOOLEAN DEFAULT FALSE,
341  * reset		[1] BOOLEAN DEFAULT FALSE,
342  * expired		[2] BOOLEAN DEFAULT FALSE,
343  * remaining_grace	[3] INTEGER OPTIONAL,
344  * seconds_before_unlock[4] INTEGER OPTIONAL
345  * }
346  *
347  * This structure is different from ns_ldap_passwd_mgmt_t structure in
348  * that this structure holds result of users account mgmt information when
349  * pam_ldap doesn't have the users password and proxy agent is used for
350  * obtaining the account management information.
351  */
352 typedef struct AcctUsableResponse {
353 	int choice;
354 	union {
355 		int seconds_before_expiry;
356 		AcctUsableMoreInfo_t more_info;
357 	} AcctUsableResp;
358 } AcctUsableResponse_t;
359 
360 /*
361  * Simplified LDAP Naming API result structure
362  */
363 typedef struct ns_ldap_error {
364 	int	status;				/* LDAP error code */
365 	char	*message;			/* LDAP error message */
366 	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
367 						/* management info */
368 } ns_ldap_error_t;
369 
370 typedef struct	 ns_ldap_attr {
371 	char	*attrname;			/* attribute name */
372 	uint_t	value_count;
373 	char	**attrvalue;			/* attribute values */
374 } ns_ldap_attr_t;
375 
376 typedef struct ns_ldap_entry {
377 	uint_t		attr_count;		/* number of attributes */
378 	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
379 	struct ns_ldap_entry *next;		/* next entry */
380 } ns_ldap_entry_t;
381 
382 typedef struct ns_ldap_result {
383 	uint_t	entries_count;		/* number of entries */
384 	ns_ldap_entry_t	*entry;		/* data */
385 } ns_ldap_result_t;
386 
387 /*
388  * structures for the conversion routines used by typedAddEntry()
389  */
390 
391 typedef struct _ns_netgroups {
392 	char  *name;
393 	char  **triplet;
394 	char  **netgroup;
395 } _ns_netgroups_t;
396 
397 typedef struct _ns_netmasks {
398 	char *netnumber;
399 	char *netmask;
400 } _ns_netmasks_t;
401 
402 typedef struct _ns_bootp {
403 	char *name;
404 	char **param;
405 } _ns_bootp_t;
406 
407 typedef struct _ns_ethers {
408 	char *name;
409 	char *ether;
410 } _ns_ethers_t;
411 
412 typedef struct _ns_pubkey {
413 	char *name;
414 	hostcred_t hostcred;
415 	char *pubkey;
416 	char *privkey;
417 } _ns_pubkey_t;
418 
419 typedef struct _ns_alias {
420 	char *alias;
421 	char **member;
422 } _ns_alias_t;
423 
424 typedef struct _ns_automount {
425 	char *mapname;
426 	char *key;
427 	char *value;
428 } _ns_automount_t;
429 
430 /*
431  * return values for the callback function in __ns_ldap_list()
432  */
433 #define	NS_LDAP_CB_NEXT	0	/* get the next entry */
434 #define	NS_LDAP_CB_DONE	1	/* done */
435 
436 /*
437  * Input values for the type specified in __ns_ldap_addTypedEntry()
438  * and __ns_ldap_delTypedEntry()
439  */
440 
441 #define	NS_LDAP_TYPE_PASSWD	"passwd"
442 #define	NS_LDAP_TYPE_GROUP	"group"
443 #define	NS_LDAP_TYPE_HOSTS	"hosts"
444 #define	NS_LDAP_TYPE_IPNODES	"ipnodes"
445 #define	NS_LDAP_TYPE_PROFILE	"prof_attr"
446 #define	NS_LDAP_TYPE_RPC	"rpc"
447 #define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
448 #define	NS_LDAP_TYPE_NETWORKS	"networks"
449 #define	NS_LDAP_TYPE_NETGROUP	"netgroup"
450 #define	NS_LDAP_TYPE_ALIASES	"aliases"
451 #define	NS_LDAP_TYPE_SERVICES	"services"
452 #define	NS_LDAP_TYPE_ETHERS	"ethers"
453 #define	NS_LDAP_TYPE_SHADOW	"shadow"
454 #define	NS_LDAP_TYPE_NETMASKS	"netmasks"
455 #define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
456 #define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
457 #define	NS_LDAP_TYPE_USERATTR	"user_attr"
458 #define	NS_LDAP_TYPE_PROJECT	"project"
459 #define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
460 #define	NS_LDAP_TYPE_AUUSER	"audit_user"
461 #define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
462 #define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
463 #define	NS_LDAP_TYPE_TNRHDB	"tnrhdb"
464 #define	NS_LDAP_TYPE_TNRHTP	"tnrhtp"
465 
466 /*
467  * service descriptor/attribute mapping structure
468  */
469 
470 typedef struct ns_ldap_search_desc {
471 	char		*basedn;	/* search base dn */
472 	ScopeType_t	scope;		/* search scope */
473 	char		*filter;	/* search filter */
474 } ns_ldap_search_desc_t;
475 
476 typedef struct ns_ldap_attribute_map {
477 	char		*origAttr;	/* original attribute */
478 	char		**mappedAttr;	/* mapped attribute(s) */
479 } ns_ldap_attribute_map_t;
480 
481 typedef struct ns_ldap_objectclass_map {
482 	char		*origOC;	/* original objectclass */
483 	char		*mappedOC;	/* mapped objectclass */
484 } ns_ldap_objectclass_map_t;
485 
486 /* Opaque handle for batch API */
487 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
488 
489 /*
490  * The type of standalone configuration specified by a client application.
491  * The meaning of the requests is as follows:
492  *
493  * NS_CACHEMGR:    libsldap will request all the configuration via door_call(3C)
494  *                 to ldap_cachemgr.
495  * NS_LDAP_SERVER: the consumer application has specified a directory server
496  *                 to communicate to.
497  * NS_PREDEFINED:  reserved for internal use
498  */
499 typedef enum {
500 	NS_CACHEMGR = 0,
501 	NS_LDAP_SERVER
502 } ns_standalone_request_type_t;
503 
504 /*
505  * This structure describes an LDAP server specified by a client application.
506  */
507 typedef struct ns_dir_server {
508 	char *server;			/* A directory server's IP */
509 	uint16_t port;			/* A directory server's port. */
510 					/* Default value is 389 */
511 	char *domainName;		/* A domain name being served */
512 					/* by the specified server. */
513 					/* Default value is the local */
514 					/* domain's name */
515 	char *profileName;		/* A DUAProfile's name. */
516 					/* Default value is 'default' */
517 	ns_auth_t *auth;		/* Authentication information used */
518 					/* during subsequent connections */
519 	char *cred;			/* A credential level to be used */
520 					/* along with the authentication info */
521 	char *host_cert_path;		/* A path to the certificate database */
522 					/* Default is '/vat/ldap' */
523 	char *bind_dn;			/* A bind DN to be used during */
524 					/* subsequent LDAP Bind requests */
525 	char *bind_passwd;		/* A bind password to be used during */
526 					/* subsequent LDAP Bind requests */
527 } ns_dir_server_t;
528 
529 /*
530  * This structure contains information describing an LDAP server.
531  */
532 typedef struct ns_standalone_conf {
533 	union {
534 		ns_dir_server_t server;
535 		void *predefined_conf;	/* Reserved for internal use */
536 	} ds_profile;			/* A type of the configuration */
537 
538 #define	SA_SERVER	ds_profile.server.server
539 #define	SA_PORT		ds_profile.server.port
540 #define	SA_DOMAIN	ds_profile.server.domainName
541 #define	SA_PROFILE_NAME	ds_profile.server.profileName
542 #define	SA_AUTH		ds_profile.server.auth
543 #define	SA_CRED		ds_profile.server.cred
544 #define	SA_CERT_PATH	ds_profile.server.host_cert_path
545 #define	SA_BIND_DN	ds_profile.server.bind_dn
546 #define	SA_BIND_PWD	ds_profile.server.bind_passwd
547 
548 	ns_standalone_request_type_t type;
549 } ns_standalone_conf_t;
550 
551 /*
552  * This function "informs" libsldap that a client application has specified
553  * a directory to use. The function obtains a DUAProfile, credentials,
554  * and naming context. During all further operations on behalf
555  * of the application requested a standalone schema libsldap will use
556  * the information obtained by __ns_ldap_initStandalone() instead of
557  * door_call(3C)ing ldap_cachemgr(1M).
558  *
559  * conf
560  * 	A structure describing where and in which way to obtain all the
561  * 	configuration describing how to communicate to a choosen LDAP directory.
562  *
563  * errorp
564  * 	An error object describing an error occured.
565  */
566 ns_ldap_return_code __ns_ldap_initStandalone(
567 	const ns_standalone_conf_t *conf,
568 	ns_ldap_error_t	**errorp);
569 
570 /*
571  * This function obtains the directory's base DN and a DUAProfile
572  * from a specified server.
573  *
574  * server
575  * 	Specifies the selected directory sever.
576  *
577  * cred
578  * 	Contains an authentication information and credential required to
579  * 	establish a connection.
580  *
581  * config
582  * 	If not NULL, a new configuration basing on a DUAProfile specified in the
583  * 	server parameter will be create and returned.
584  *
585  * baseDN
586  * 	If not NULL, the directory's base DN will be returned.
587  *
588  * error
589  * 	Describes an error, if any.
590  */
591 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
592 	const ns_dir_server_t *server,
593 	const ns_cred_t *cred,
594 	char **config,	char **baseDN,
595 	ns_ldap_error_t **error);
596 
597 #define	SA_PROHIBIT_FALLBACK 0
598 #define	SA_ALLOW_FALLBACK 1
599 
600 #define	DONT_SAVE_NSCONF 0
601 #define	SAVE_NSCONF 1
602 
603 /*
604  * This function obtains the root DSE from a specified server.
605  *
606  * server_addr
607  * 	An adress of a server to be connected to.
608  *
609  * rootDSE
610  * 	A buffer containing the root DSE in the ldap_cachmgr door call format.
611  *
612  * errorp
613  * 	Describes an error, if any.
614  *
615  * anon_fallback
616  * 	If set to 1 and establishing a connection fails, __s_api_getRootDSE()
617  * 	will try once again using anonymous credentials.
618  */
619 ns_ldap_return_code __ns_ldap_getRootDSE(
620 	const char *server_addr,
621 	char **rootDSE,
622 	ns_ldap_error_t **errorp,
623 	int anon_fallback);
624 
625 /*
626  * This function iterates through the list of the configured LDAP servers
627  * and "pings" those which are marked as removed or if any error occurred
628  * during the previous receiving of the server's root DSE. If the
629  * function is able to reach such a server and get its root DSE, it
630  * marks the server as on-line. Otherwise, the server's status is set
631  * to "Error".
632  * For each server the function tries to connect to, it fires up
633  * a separate thread and then waits until all the threads finish.
634  * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
635  * initialized or was canceled prior to an invocation of
636  * __ns_ldap_pingOfflineServers().
637  */
638 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
639 
640 /*
641  * This function cancels the Standalone mode and destroys the list of root DSEs.
642  */
643 void __ns_ldap_cancelStandalone(void);
644 /*
645  * This function initializes an ns_auth_t structure provided by a caller
646  * according to a specified authentication mechanism.
647  */
648 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
649 	ns_auth_t *auth,
650 	ns_ldap_error_t **errorp);
651 
652 /*
653  * Simplified LDAP Naming APIs
654  */
655 int __ns_ldap_list(
656 	const char *service,
657 	const char *filter,
658 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
659 			char **realfilter, const void *userdata),
660 	const char * const *attribute,
661 	const ns_cred_t *cred,
662 	const int flags,
663 	ns_ldap_result_t ** result,
664 	ns_ldap_error_t ** errorp,
665 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
666 	const void *userdata);
667 
668 int __ns_ldap_list_batch_start(
669 	ns_ldap_list_batch_t **batch);
670 
671 int __ns_ldap_list_batch_add(
672 	ns_ldap_list_batch_t *batch,
673 	const char *service,
674 	const char *filter,
675 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
676 			char **realfilter, const void *userdata),
677 	const char * const *attribute,
678 	const ns_cred_t *cred,
679 	const int flags,
680 	ns_ldap_result_t ** result,
681 	ns_ldap_error_t ** errorp,
682 	int *rcp,
683 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
684 	const void *userdata);
685 
686 int __ns_ldap_list_batch_end(
687 	ns_ldap_list_batch_t *batch);
688 
689 void __ns_ldap_list_batch_release(
690 	ns_ldap_list_batch_t *batch);
691 
692 int  __ns_ldap_addAttr(
693 	const char *service,
694 	const char *dn,
695 	const ns_ldap_attr_t * const *attr,
696 	const ns_cred_t *cred,
697 	const int flags,
698 	ns_ldap_error_t **errorp);
699 
700 int __ns_ldap_delAttr(
701 	const char *service,
702 	const char *dn,
703 	const ns_ldap_attr_t * const *attr,
704 	const ns_cred_t *cred,
705 	const int flags,
706 	ns_ldap_error_t **errorp);
707 
708 int  __ns_ldap_repAttr(
709 	const char *service,
710 	const char *dn,
711 	const ns_ldap_attr_t * const *attr,
712 	const ns_cred_t *cred,
713 	const int flags,
714 	ns_ldap_error_t **errorp);
715 
716 int  __ns_ldap_addEntry(
717 	const char *service,
718 	const char *dn,
719 	const ns_ldap_entry_t *entry,
720 	const ns_cred_t *cred,
721 	const int flags,
722 	ns_ldap_error_t **errorp);
723 
724 int  __ns_ldap_addTypedEntry(
725 	const char *servicetype,
726 	const char *basedn,
727 	const void *data,
728 	const int  create,
729 	const ns_cred_t *cred,
730 	const int flags,
731 	ns_ldap_error_t **errorp);
732 
733 int __ns_ldap_delEntry(
734 	const char *service,
735 	const char *dn,
736 	const ns_cred_t *cred,
737 	const int flags,
738 	ns_ldap_error_t **errorp);
739 
740 int __ns_ldap_firstEntry(
741 	const char *service,
742 	const char *filter,
743 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
744 			char **realfilter, const void *userdata),
745 	const char * const *attribute,
746 	const ns_cred_t *cred,
747 	const int flags,
748 	void **cookie,
749 	ns_ldap_result_t ** result,
750 	ns_ldap_error_t **errorp,
751 	const void *userdata);
752 
753 int  __ns_ldap_nextEntry(
754 	void *cookie,
755 	ns_ldap_result_t ** result,
756 	ns_ldap_error_t **errorp);
757 
758 int  __ns_ldap_endEntry(
759 	void **cookie,
760 	ns_ldap_error_t **errorp);
761 
762 int __ns_ldap_freeResult(
763 	ns_ldap_result_t **result);
764 
765 int __ns_ldap_freeError(
766 	ns_ldap_error_t **errorp);
767 
768 int  __ns_ldap_uid2dn(
769 	const char *uid,
770 	char **userDN,
771 	const ns_cred_t *cred,
772 	ns_ldap_error_t ** errorp);
773 
774 int  __ns_ldap_host2dn(
775 	const char *host,
776 	const char *domain,
777 	char **hostDN,
778 	const ns_cred_t *cred,
779 	ns_ldap_error_t ** errorp);
780 
781 int  __ns_ldap_dn2domain(
782 	const char *dn,
783 	char **domain,
784 	const ns_cred_t *cred,
785 	ns_ldap_error_t ** errorp);
786 
787 int __ns_ldap_auth(
788 	const ns_cred_t *cred,
789 	const int flag,
790 	ns_ldap_error_t **errorp,
791 	LDAPControl **serverctrls,
792 	LDAPControl **clientctrls);
793 
794 int __ns_ldap_freeCred(
795 	ns_cred_t **credp);
796 
797 int __ns_ldap_err2str(
798 	int err,
799 	char **strmsg);
800 
801 int __ns_ldap_setParam(
802 	const ParamIndexType type,
803 	const void *data,
804 	ns_ldap_error_t **errorp);
805 
806 int __ns_ldap_getParam(
807 	const ParamIndexType type,
808 	void ***data,
809 	ns_ldap_error_t **errorp);
810 
811 int __ns_ldap_freeParam(
812 	void ***data);
813 
814 char **__ns_ldap_getAttr(
815 	const ns_ldap_entry_t *entry,
816 	const char *attrname);
817 
818 ns_ldap_attr_t	*__ns_ldap_getAttrStruct(
819 	const ns_ldap_entry_t *entry,
820 	const char *attrname);
821 
822 int __ns_ldap_getServiceAuthMethods(
823 	const char *service,
824 	ns_auth_t ***auth,
825 	ns_ldap_error_t **errorp);
826 
827 int __ns_ldap_getSearchDescriptors(
828 	const char *service,
829 	ns_ldap_search_desc_t ***desc,
830 	ns_ldap_error_t **errorp);
831 
832 int __ns_ldap_freeSearchDescriptors(
833 	ns_ldap_search_desc_t ***desc);
834 
835 int __ns_ldap_getAttributeMaps(
836 	const char *service,
837 	ns_ldap_attribute_map_t ***maps,
838 	ns_ldap_error_t **errorp);
839 
840 int __ns_ldap_freeAttributeMaps(
841 	ns_ldap_attribute_map_t ***maps);
842 
843 char **__ns_ldap_getMappedAttributes(
844 	const char *service,
845 	const char *origAttribute);
846 
847 char **__ns_ldap_getOrigAttribute(
848 	const char *service,
849 	const char *mappedAttribute);
850 
851 int __ns_ldap_getObjectClassMaps(
852 	const char *service,
853 	ns_ldap_objectclass_map_t ***maps,
854 	ns_ldap_error_t **errorp);
855 
856 int __ns_ldap_freeObjectClassMaps(
857 	ns_ldap_objectclass_map_t ***maps);
858 
859 char **__ns_ldap_getMappedObjectClass(
860 	const char *service,
861 	const char *origObjectClass);
862 
863 char **__ns_ldap_getOrigObjectClass(
864 	const char *service,
865 	const char *mappedObjectClass);
866 
867 int __ns_ldap_getParamType(
868 	const char *value,
869 	ParamIndexType *type);
870 
871 int __ns_ldap_getAcctMgmt(
872 	const char *user,
873 	AcctUsableResponse_t *acctResp);
874 void
875 __ns_ldap_self_gssapi_only_set(
876 	int flag);
877 int
878 __ns_ldap_self_gssapi_config(
879 	ns_ldap_self_gssapi_config_t *config);
880 #ifdef __cplusplus
881 }
882 #endif
883 
884 #endif /* _NS_SLDAP_H */
885