1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright 2017 Nexenta Systems, Inc. All rights reserved. 24 */ 25 26 27 #ifndef _NS_SLDAP_H 28 #define _NS_SLDAP_H 29 30 #ifdef __cplusplus 31 extern "C" { 32 #endif 33 34 #include <stdio.h> 35 #include <sys/types.h> 36 #include <lber.h> 37 #include <ldap.h> 38 39 /* 40 * Version 41 */ 42 #define NS_LDAP_VERSION NS_LDAP_VERSION_2 43 #define NS_LDAP_VERSION_1 "1.0" 44 #define NS_LDAP_VERSION_2 "2.0" 45 46 /* 47 * Flags 48 */ 49 #define NS_LDAP_HARD 0x001 50 #define NS_LDAP_ALL_RES 0x002 51 52 /* Search Referral Option */ 53 typedef enum SearchRef { 54 NS_LDAP_FOLLOWREF = 0x004, 55 NS_LDAP_NOREF = 0x008 56 } SearchRef_t; 57 58 typedef enum ScopeType { 59 NS_LDAP_SCOPE_BASE = 0x010, 60 NS_LDAP_SCOPE_ONELEVEL = 0x020, 61 NS_LDAP_SCOPE_SUBTREE = 0x040 62 } ScopeType_t; 63 64 /* 65 * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST 66 * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF 67 * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS 68 * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER 69 */ 70 71 #define NS_LDAP_KEEP_CONN 0x080 72 #define NS_LDAP_NEW_CONN 0x400 73 #define NS_LDAP_NOMAP 0x800 74 75 #define NS_LDAP_PAGE_CTRL 0x1000 76 #define NS_LDAP_NO_PAGE_CTRL 0x0000 77 78 /* 79 * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used 80 * to retrieve the DN in LDAP and DN is not to be converted when 81 * being passed back to the application. See __ns_ldap_uid2dn() 82 * and __ns_ldap_host2dn() for such usage. 83 */ 84 #define NS_LDAP_NOT_CVT_DN 0x2000 85 86 /* 87 * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the 88 * __ns_ldap_repAttr() to update the shadow database on the 89 * LDAP server. 90 */ 91 #define NS_LDAP_UPDATE_SHADOW 0x4000 92 93 /* 94 * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list() 95 * and __ns_ldap_firstEntry() to read the shadow database on the 96 * LDAP server. 97 */ 98 #define NS_LDAP_READ_SHADOW 0x8000 99 100 /* 101 * Authentication Information 102 */ 103 typedef enum CredLevel { 104 NS_LDAP_CRED_ANON = 0, 105 NS_LDAP_CRED_PROXY = 1, 106 NS_LDAP_CRED_SELF = 2 107 } CredLevel_t; 108 109 typedef enum AuthType { 110 NS_LDAP_AUTH_NONE = 0, 111 NS_LDAP_AUTH_SIMPLE = 1, 112 NS_LDAP_AUTH_SASL = 2, 113 NS_LDAP_AUTH_TLS = 3, /* implied SASL usage */ 114 NS_LDAP_AUTH_ATLS = 4 /* implied SASL usage */ 115 } AuthType_t; 116 117 typedef enum TlsType { 118 NS_LDAP_TLS_NONE = 0, 119 NS_LDAP_TLS_SIMPLE = 1, 120 NS_LDAP_TLS_SASL = 2 121 } TlsType_t; 122 123 typedef enum SaslMech { 124 NS_LDAP_SASL_NONE = 0, /* No SASL mechanism */ 125 NS_LDAP_SASL_CRAM_MD5 = 1, 126 NS_LDAP_SASL_DIGEST_MD5 = 2, 127 NS_LDAP_SASL_EXTERNAL = 3, /* currently not supported */ 128 NS_LDAP_SASL_GSSAPI = 4, 129 NS_LDAP_SASL_SPNEGO = 5 /* currently not supported */ 130 } SaslMech_t; 131 132 typedef enum SaslOpt { 133 NS_LDAP_SASLOPT_NONE = 0, 134 NS_LDAP_SASLOPT_INT = 1, 135 NS_LDAP_SASLOPT_PRIV = 2 136 } SaslOpt_t; 137 138 typedef enum PrefOnly { 139 NS_LDAP_PREF_FALSE = 0, 140 NS_LDAP_PREF_TRUE = 1 141 } PrefOnly_t; 142 143 typedef enum enableShadowUpdate { 144 NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE = 0, 145 NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE = 1 146 } enableShadowUpdate_t; 147 148 typedef struct UnixCred { 149 char *userID; /* Unix ID number */ 150 char *passwd; /* password */ 151 } UnixCred_t; 152 153 typedef struct CertCred { 154 char *path; /* certificate path */ 155 char *passwd; /* password */ 156 char *nickname; /* nickname */ 157 } CertCred_t; 158 159 typedef struct ns_auth { 160 AuthType_t type; 161 TlsType_t tlstype; 162 SaslMech_t saslmech; 163 SaslOpt_t saslopt; 164 } ns_auth_t; 165 166 typedef struct ns_cred { 167 ns_auth_t auth; 168 char *hostcertpath; 169 union { 170 UnixCred_t unix_cred; 171 CertCred_t cert_cred; 172 } cred; 173 } ns_cred_t; 174 175 176 typedef struct LineBuf { 177 char *str; 178 int len; 179 int alloc; 180 } LineBuf; 181 182 /* 183 * Configuration Information 184 */ 185 186 typedef enum { 187 NS_LDAP_FILE_VERSION_P = 0, 188 NS_LDAP_BINDDN_P = 1, 189 NS_LDAP_BINDPASSWD_P = 2, 190 NS_LDAP_SERVERS_P = 3, 191 NS_LDAP_SEARCH_BASEDN_P = 4, 192 NS_LDAP_AUTH_P = 5, 193 /* 194 * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility 195 * with version 1 clients and their configuration files. The only 196 * supported value is NS_LDAP_SEC_NONE. No application should be 197 * using this parameter type (either through getParam or setParam. 198 */ 199 NS_LDAP_TRANSPORT_SEC_P = 6, 200 NS_LDAP_SEARCH_REF_P = 7, 201 NS_LDAP_DOMAIN_P = 8, 202 NS_LDAP_EXP_P = 9, 203 NS_LDAP_CERT_PATH_P = 10, 204 NS_LDAP_CERT_PASS_P = 11, 205 NS_LDAP_SEARCH_DN_P = 12, 206 NS_LDAP_SEARCH_SCOPE_P = 13, 207 NS_LDAP_SEARCH_TIME_P = 14, 208 NS_LDAP_SERVER_PREF_P = 15, 209 NS_LDAP_PREF_ONLY_P = 16, 210 NS_LDAP_CACHETTL_P = 17, 211 NS_LDAP_PROFILE_P = 18, 212 NS_LDAP_CREDENTIAL_LEVEL_P = 19, 213 NS_LDAP_SERVICE_SEARCH_DESC_P = 20, 214 NS_LDAP_BIND_TIME_P = 21, 215 NS_LDAP_ATTRIBUTEMAP_P = 22, 216 NS_LDAP_OBJECTCLASSMAP_P = 23, 217 NS_LDAP_CERT_NICKNAME_P = 24, 218 NS_LDAP_SERVICE_AUTH_METHOD_P = 25, 219 NS_LDAP_SERVICE_CRED_LEVEL_P = 26, 220 NS_LDAP_HOST_CERTPATH_P = 27, 221 NS_LDAP_ENABLE_SHADOW_UPDATE_P = 28, 222 NS_LDAP_ADMIN_BINDDN_P = 29, 223 NS_LDAP_ADMIN_BINDPASSWD_P = 30, 224 /* 225 * The following entry (max ParamIndexType) is an internal 226 * placeholder. It must be the last (and highest value) 227 * entry in this eNum. Please update accordingly. 228 */ 229 NS_LDAP_MAX_PIT_P = 31 230 231 } ParamIndexType; 232 233 /* 234 * NONE - No self / SASL/GSSAPI configured 235 * ONLY - Only self / SASL/GSSAPI configured 236 * MIXED - self / SASL/GSSAPI is mixed with other types of configuration 237 */ 238 typedef enum { 239 NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0, 240 NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1, 241 NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2 242 } ns_ldap_self_gssapi_config_t; 243 244 /* 245 * __ns_ldap_*() return codes 246 */ 247 typedef enum { 248 NS_LDAP_SUCCESS = 0, /* success, no info in errorp */ 249 NS_LDAP_OP_FAILED = 1, /* failed operation, no info in errorp */ 250 NS_LDAP_NOTFOUND = 2, /* entry not found, no info in errorp */ 251 NS_LDAP_MEMORY = 3, /* memory failure, no info in errorp */ 252 NS_LDAP_CONFIG = 4, /* config problem, detail in errorp */ 253 NS_LDAP_PARTIAL = 5, /* partial result, detail in errorp */ 254 NS_LDAP_INTERNAL = 7, /* LDAP error, detail in errorp */ 255 NS_LDAP_INVALID_PARAM = 8, /* LDAP error, no info in errorp */ 256 NS_LDAP_SUCCESS_WITH_INFO 257 = 9 /* success, with info in errorp */ 258 } ns_ldap_return_code; 259 260 /* 261 * Detailed error code for NS_LDAP_CONFIG 262 */ 263 typedef enum { 264 NS_CONFIG_SYNTAX = 0, /* syntax error */ 265 NS_CONFIG_NODEFAULT = 1, /* no default value */ 266 NS_CONFIG_NOTLOADED = 2, /* configuration not loaded */ 267 NS_CONFIG_NOTALLOW = 3, /* operation requested not allowed */ 268 NS_CONFIG_FILE = 4, /* configuration file problem */ 269 NS_CONFIG_CACHEMGR = 5 /* error with door to ldap_cachemgr */ 270 } ns_ldap_config_return_code; 271 272 /* 273 * Detailed error code for NS_LDAP_PARTIAL 274 */ 275 typedef enum { 276 NS_PARTIAL_TIMEOUT = 0, /* partial results due to timeout */ 277 NS_PARTIAL_OTHER = 1 /* error encountered */ 278 } ns_ldap_partial_return_code; 279 280 /* 281 * For use by __ns_ldap_addTypedEntry() for publickey serivicetype 282 */ 283 typedef enum { 284 NS_HOSTCRED_FALSE = 0, 285 NS_HOSTCRED_TRUE = 1 286 } hostcred_t; 287 288 /* 289 * Detailed password status 290 */ 291 typedef enum { 292 NS_PASSWD_GOOD = 0, /* password is good */ 293 NS_PASSWD_ABOUT_TO_EXPIRE = 1, /* password is good but */ 294 /* about to expire */ 295 NS_PASSWD_CHANGE_NEEDED = 2, /* good but need to be */ 296 /* changed immediately */ 297 NS_PASSWD_EXPIRED = 3, /* password expired */ 298 NS_PASSWD_RETRY_EXCEEDED = 4, /* exceed retry limit; */ 299 /* account is locked */ 300 NS_PASSWD_CHANGE_NOT_ALLOWED = 5, /* can only be changed */ 301 /* by the administrator */ 302 NS_PASSWD_INVALID_SYNTAX = 6, /* can not be changed: */ 303 /* new password has */ 304 /* invalid syntax -- */ 305 /* trivial password: same */ 306 /* value as attr, cn, sn, */ 307 /* uid, etc. */ 308 /* or strong password */ 309 /* policies check */ 310 NS_PASSWD_TOO_SHORT = 7, /* can not be changed: */ 311 /* new password has */ 312 /* less chars than */ 313 /* required */ 314 NS_PASSWD_IN_HISTORY = 8, /* can not be changed: */ 315 /* reuse old password */ 316 NS_PASSWD_WITHIN_MIN_AGE = 9 /* can not be changed: */ 317 /* within minimum age */ 318 } ns_ldap_passwd_status_t; 319 320 /* 321 * Password management information structure 322 * 323 * This structure is different from AcctUsableResponse_t structure in 324 * that this structure holds result of users account mgmt information when 325 * an ldap bind is done with user name and user password. 326 */ 327 typedef struct ns_ldap_passwd_mgmt { 328 ns_ldap_passwd_status_t 329 status; /* password status */ 330 int sec_until_expired; /* seconds until expired, */ 331 /* valid if status is */ 332 /* NS_PASSWD_ABOUT_TO_EXPIRE */ 333 } ns_ldap_passwd_mgmt_t; 334 335 /* 336 * LDAP V3 control flag for account management - Used for account management 337 * when no password is provided 338 */ 339 #define NS_LDAP_ACCOUNT_USABLE_CONTROL "1.3.6.1.4.1.42.2.27.9.5.8" 340 341 /* 342 * Structure for holding the response returned by server for 343 * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available. 344 */ 345 typedef struct AcctUsableMoreInfo { 346 int inactive; 347 int reset; 348 int expired; 349 int rem_grace; 350 int sec_b4_unlock; 351 } AcctUsableMoreInfo_t; 352 353 /* 354 * Structure used to hold the response from the server for 355 * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below: 356 * 357 * ACCOUNT_USABLE_RESPONSE::= CHOICE { 358 * is_available [0] INTEGER, seconds before expiration 359 * is_not_available [1] More_info 360 * } 361 * 362 * More_info::= SEQUENCE { 363 * inactive [0] BOOLEAN DEFAULT FALSE, 364 * reset [1] BOOLEAN DEFAULT FALSE, 365 * expired [2] BOOLEAN DEFAULT FALSE, 366 * remaining_grace [3] INTEGER OPTIONAL, 367 * seconds_before_unlock[4] INTEGER OPTIONAL 368 * } 369 * 370 * This structure is different from ns_ldap_passwd_mgmt_t structure in 371 * that this structure holds result of users account mgmt information when 372 * pam_ldap doesn't have the users password and proxy agent is used for 373 * obtaining the account management information. 374 */ 375 typedef struct AcctUsableResponse { 376 int choice; 377 union { 378 int seconds_before_expiry; 379 AcctUsableMoreInfo_t more_info; 380 } AcctUsableResp; 381 } AcctUsableResponse_t; 382 383 /* 384 * Simplified LDAP Naming API result structure 385 */ 386 typedef struct ns_ldap_error { 387 int status; /* LDAP error code */ 388 char *message; /* LDAP error message */ 389 ns_ldap_passwd_mgmt_t pwd_mgmt; /* LDAP password */ 390 /* management info */ 391 } ns_ldap_error_t; 392 393 typedef struct ns_ldap_attr { 394 char *attrname; /* attribute name */ 395 uint_t value_count; 396 char **attrvalue; /* attribute values */ 397 } ns_ldap_attr_t; 398 399 typedef struct ns_ldap_entry { 400 uint_t attr_count; /* number of attributes */ 401 ns_ldap_attr_t **attr_pair; /* attributes pairs */ 402 struct ns_ldap_entry *next; /* next entry */ 403 } ns_ldap_entry_t; 404 405 typedef struct ns_ldap_result { 406 uint_t entries_count; /* number of entries */ 407 ns_ldap_entry_t *entry; /* data */ 408 } ns_ldap_result_t; 409 410 /* 411 * structures for the conversion routines used by typedAddEntry() 412 */ 413 414 typedef struct _ns_netgroups { 415 char *name; 416 char **triplet; 417 char **netgroup; 418 } _ns_netgroups_t; 419 420 typedef struct _ns_netmasks { 421 char *netnumber; 422 char *netmask; 423 } _ns_netmasks_t; 424 425 typedef struct _ns_bootp { 426 char *name; 427 char **param; 428 } _ns_bootp_t; 429 430 typedef struct _ns_ethers { 431 char *name; 432 char *ether; 433 } _ns_ethers_t; 434 435 typedef struct _ns_pubkey { 436 char *name; 437 hostcred_t hostcred; 438 char *pubkey; 439 char *privkey; 440 } _ns_pubkey_t; 441 442 typedef struct _ns_alias { 443 char *alias; 444 char **member; 445 } _ns_alias_t; 446 447 typedef struct _ns_automount { 448 char *mapname; 449 char *key; 450 char *value; 451 } _ns_automount_t; 452 453 /* 454 * return values for the callback function in __ns_ldap_list() 455 */ 456 #define NS_LDAP_CB_NEXT 0 /* get the next entry */ 457 #define NS_LDAP_CB_DONE 1 /* done */ 458 459 /* 460 * Input values for the type specified in __ns_ldap_addTypedEntry() 461 * and __ns_ldap_delTypedEntry() 462 */ 463 464 #define NS_LDAP_TYPE_PASSWD "passwd" 465 #define NS_LDAP_TYPE_GROUP "group" 466 #define NS_LDAP_TYPE_HOSTS "hosts" 467 #define NS_LDAP_TYPE_IPNODES "ipnodes" 468 #define NS_LDAP_TYPE_PROFILE "prof_attr" 469 #define NS_LDAP_TYPE_RPC "rpc" 470 #define NS_LDAP_TYPE_PROTOCOLS "protocols" 471 #define NS_LDAP_TYPE_NETWORKS "networks" 472 #define NS_LDAP_TYPE_NETGROUP "netgroup" 473 #define NS_LDAP_TYPE_ALIASES "aliases" 474 #define NS_LDAP_TYPE_SERVICES "services" 475 #define NS_LDAP_TYPE_ETHERS "ethers" 476 #define NS_LDAP_TYPE_SHADOW "shadow" 477 #define NS_LDAP_TYPE_NETMASKS "netmasks" 478 #define NS_LDAP_TYPE_AUTHATTR "auth_attr" 479 #define NS_LDAP_TYPE_EXECATTR "exec_attr" 480 #define NS_LDAP_TYPE_USERATTR "user_attr" 481 #define NS_LDAP_TYPE_PROJECT "project" 482 #define NS_LDAP_TYPE_PUBLICKEY "publickey" 483 #define NS_LDAP_TYPE_AUUSER "audit_user" 484 #define NS_LDAP_TYPE_BOOTPARAMS "bootparams" 485 #define NS_LDAP_TYPE_AUTOMOUNT "auto_" 486 #define NS_LDAP_TYPE_TNRHDB "tnrhdb" 487 #define NS_LDAP_TYPE_TNRHTP "tnrhtp" 488 489 /* 490 * service descriptor/attribute mapping structure 491 */ 492 493 typedef struct ns_ldap_search_desc { 494 char *basedn; /* search base dn */ 495 ScopeType_t scope; /* search scope */ 496 char *filter; /* search filter */ 497 } ns_ldap_search_desc_t; 498 499 typedef struct ns_ldap_attribute_map { 500 char *origAttr; /* original attribute */ 501 char **mappedAttr; /* mapped attribute(s) */ 502 } ns_ldap_attribute_map_t; 503 504 typedef struct ns_ldap_objectclass_map { 505 char *origOC; /* original objectclass */ 506 char *mappedOC; /* mapped objectclass */ 507 } ns_ldap_objectclass_map_t; 508 509 /* 510 * Value of the userPassword attribute representing NO Unix password 511 */ 512 #define NS_LDAP_NO_UNIX_PASSWORD "<NO UNIX PASSWORD>" 513 514 /* Opaque handle for batch API */ 515 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t; 516 517 /* 518 * The type of standalone configuration specified by a client application. 519 * The meaning of the requests is as follows: 520 * 521 * NS_CACHEMGR: libsldap will request all the configuration via door_call(3C) 522 * to ldap_cachemgr. 523 * NS_LDAP_SERVER: the consumer application has specified a directory server 524 * to communicate to. 525 * NS_PREDEFINED: reserved for internal use 526 */ 527 typedef enum { 528 NS_CACHEMGR = 0, 529 NS_LDAP_SERVER 530 } ns_standalone_request_type_t; 531 532 /* 533 * This structure describes an LDAP server specified by a client application. 534 */ 535 typedef struct ns_dir_server { 536 char *server; /* A directory server's IP */ 537 uint16_t port; /* A directory server's port. */ 538 /* Default value is 389 */ 539 char *domainName; /* A domain name being served */ 540 /* by the specified server. */ 541 /* Default value is the local */ 542 /* domain's name */ 543 char *profileName; /* A DUAProfile's name. */ 544 /* Default value is 'default' */ 545 ns_auth_t *auth; /* Authentication information used */ 546 /* during subsequent connections */ 547 char *cred; /* A credential level to be used */ 548 /* along with the authentication info */ 549 char *host_cert_path; /* A path to the certificate database */ 550 /* Default is '/vat/ldap' */ 551 char *bind_dn; /* A bind DN to be used during */ 552 /* subsequent LDAP Bind requests */ 553 char *bind_passwd; /* A bind password to be used during */ 554 /* subsequent LDAP Bind requests */ 555 } ns_dir_server_t; 556 557 /* 558 * This structure contains information describing an LDAP server. 559 */ 560 typedef struct ns_standalone_conf { 561 union { 562 ns_dir_server_t server; 563 void *predefined_conf; /* Reserved for internal use */ 564 } ds_profile; /* A type of the configuration */ 565 566 #define SA_SERVER ds_profile.server.server 567 #define SA_PORT ds_profile.server.port 568 #define SA_DOMAIN ds_profile.server.domainName 569 #define SA_PROFILE_NAME ds_profile.server.profileName 570 #define SA_AUTH ds_profile.server.auth 571 #define SA_CRED ds_profile.server.cred 572 #define SA_CERT_PATH ds_profile.server.host_cert_path 573 #define SA_BIND_DN ds_profile.server.bind_dn 574 #define SA_BIND_PWD ds_profile.server.bind_passwd 575 576 ns_standalone_request_type_t type; 577 } ns_standalone_conf_t; 578 579 /* 580 * This function "informs" libsldap that a client application has specified 581 * a directory to use. The function obtains a DUAProfile, credentials, 582 * and naming context. During all further operations on behalf 583 * of the application requested a standalone schema libsldap will use 584 * the information obtained by __ns_ldap_initStandalone() instead of 585 * door_call(3C)ing ldap_cachemgr(1M). 586 * 587 * conf 588 * A structure describing where and in which way to obtain all the 589 * configuration describing how to communicate to a choosen LDAP directory. 590 * 591 * errorp 592 * An error object describing an error occured. 593 */ 594 ns_ldap_return_code __ns_ldap_initStandalone( 595 const ns_standalone_conf_t *conf, 596 ns_ldap_error_t **errorp); 597 598 /* 599 * This function obtains the directory's base DN and a DUAProfile 600 * from a specified server. 601 * 602 * server 603 * Specifies the selected directory sever. 604 * 605 * cred 606 * Contains an authentication information and credential required to 607 * establish a connection. 608 * 609 * config 610 * If not NULL, a new configuration basing on a DUAProfile specified in the 611 * server parameter will be create and returned. 612 * 613 * baseDN 614 * If not NULL, the directory's base DN will be returned. 615 * 616 * error 617 * Describes an error, if any. 618 */ 619 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA( 620 const ns_dir_server_t *server, 621 const ns_cred_t *cred, 622 char **config, char **baseDN, 623 ns_ldap_error_t **error); 624 625 #define SA_PROHIBIT_FALLBACK 0 626 #define SA_ALLOW_FALLBACK 1 627 628 #define DONT_SAVE_NSCONF 0 629 #define SAVE_NSCONF 1 630 631 /* 632 * This function obtains the root DSE from a specified server. 633 * 634 * server_addr 635 * An adress of a server to be connected to. 636 * 637 * rootDSE 638 * A buffer containing the root DSE in the ldap_cachmgr door call format. 639 * 640 * errorp 641 * Describes an error, if any. 642 * 643 * anon_fallback 644 * If set to 1 and establishing a connection fails, __s_api_getRootDSE() 645 * will try once again using anonymous credentials. 646 */ 647 ns_ldap_return_code __ns_ldap_getRootDSE( 648 const char *server_addr, 649 char **rootDSE, 650 ns_ldap_error_t **errorp, 651 int anon_fallback); 652 653 /* 654 * This function iterates through the list of the configured LDAP servers 655 * and "pings" those which are marked as removed or if any error occurred 656 * during the previous receiving of the server's root DSE. If the 657 * function is able to reach such a server and get its root DSE, it 658 * marks the server as on-line. Otherwise, the server's status is set 659 * to "Error". 660 * For each server the function tries to connect to, it fires up 661 * a separate thread and then waits until all the threads finish. 662 * The function returns NS_LDAP_INTERNAL if the Standalone mode was not 663 * initialized or was canceled prior to an invocation of 664 * __ns_ldap_pingOfflineServers(). 665 */ 666 ns_ldap_return_code __ns_ldap_pingOfflineServers(void); 667 668 /* 669 * This function cancels the Standalone mode and destroys the list of root DSEs. 670 */ 671 void __ns_ldap_cancelStandalone(void); 672 /* 673 * This function initializes an ns_auth_t structure provided by a caller 674 * according to a specified authentication mechanism. 675 */ 676 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech, 677 ns_auth_t *auth, 678 ns_ldap_error_t **errorp); 679 680 /* 681 * Simplified LDAP Naming APIs 682 */ 683 int __ns_ldap_list( 684 const char *service, 685 const char *filter, 686 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 687 char **realfilter, const void *userdata), 688 const char * const *attribute, 689 const ns_cred_t *cred, 690 const int flags, 691 ns_ldap_result_t ** result, 692 ns_ldap_error_t ** errorp, 693 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata), 694 const void *userdata); 695 696 697 int __ns_ldap_list_sort( 698 const char *service, 699 const char *filter, 700 const char *sortattr, 701 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 702 char **realfilter, const void *userdata), 703 const char * const *attribute, 704 const ns_cred_t *cred, 705 const int flags, 706 ns_ldap_result_t ** result, 707 ns_ldap_error_t ** errorp, 708 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata), 709 const void *userdata); 710 711 int __ns_ldap_list_batch_start( 712 ns_ldap_list_batch_t **batch); 713 714 int __ns_ldap_list_batch_add( 715 ns_ldap_list_batch_t *batch, 716 const char *service, 717 const char *filter, 718 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 719 char **realfilter, const void *userdata), 720 const char * const *attribute, 721 const ns_cred_t *cred, 722 const int flags, 723 ns_ldap_result_t ** result, 724 ns_ldap_error_t ** errorp, 725 int *rcp, 726 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata), 727 const void *userdata); 728 729 int __ns_ldap_list_batch_end( 730 ns_ldap_list_batch_t *batch); 731 732 void __ns_ldap_list_batch_release( 733 ns_ldap_list_batch_t *batch); 734 735 int __ns_ldap_addAttr( 736 const char *service, 737 const char *dn, 738 const ns_ldap_attr_t * const *attr, 739 const ns_cred_t *cred, 740 const int flags, 741 ns_ldap_error_t **errorp); 742 743 int __ns_ldap_delAttr( 744 const char *service, 745 const char *dn, 746 const ns_ldap_attr_t * const *attr, 747 const ns_cred_t *cred, 748 const int flags, 749 ns_ldap_error_t **errorp); 750 751 int __ns_ldap_repAttr( 752 const char *service, 753 const char *dn, 754 const ns_ldap_attr_t * const *attr, 755 const ns_cred_t *cred, 756 const int flags, 757 ns_ldap_error_t **errorp); 758 759 int __ns_ldap_addEntry( 760 const char *service, 761 const char *dn, 762 const ns_ldap_entry_t *entry, 763 const ns_cred_t *cred, 764 const int flags, 765 ns_ldap_error_t **errorp); 766 767 int __ns_ldap_addTypedEntry( 768 const char *servicetype, 769 const char *basedn, 770 const void *data, 771 const int create, 772 const ns_cred_t *cred, 773 const int flags, 774 ns_ldap_error_t **errorp); 775 776 int __ns_ldap_delEntry( 777 const char *service, 778 const char *dn, 779 const ns_cred_t *cred, 780 const int flags, 781 ns_ldap_error_t **errorp); 782 783 int __ns_ldap_firstEntry( 784 const char *service, 785 const char *filter, 786 const char *sortattr, 787 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 788 char **realfilter, const void *userdata), 789 const char * const *attribute, 790 const ns_cred_t *cred, 791 const int flags, 792 void **cookie, 793 ns_ldap_result_t ** result, 794 ns_ldap_error_t **errorp, 795 const void *userdata); 796 797 int __ns_ldap_nextEntry( 798 void *cookie, 799 ns_ldap_result_t ** result, 800 ns_ldap_error_t **errorp); 801 802 int __ns_ldap_endEntry( 803 void **cookie, 804 ns_ldap_error_t **errorp); 805 806 int __ns_ldap_freeResult( 807 ns_ldap_result_t **result); 808 809 int __ns_ldap_freeError( 810 ns_ldap_error_t **errorp); 811 812 int __ns_ldap_uid2dn( 813 const char *uid, 814 char **userDN, 815 const ns_cred_t *cred, 816 ns_ldap_error_t ** errorp); 817 818 int __ns_ldap_dn2uid( 819 const char *dn, 820 char **userID, 821 const ns_cred_t *cred, 822 ns_ldap_error_t ** errorp); 823 824 int __ns_ldap_host2dn( 825 const char *host, 826 const char *domain, 827 char **hostDN, 828 const ns_cred_t *cred, 829 ns_ldap_error_t ** errorp); 830 831 int __ns_ldap_dn2domain( 832 const char *dn, 833 char **domain, 834 const ns_cred_t *cred, 835 ns_ldap_error_t ** errorp); 836 837 int __ns_ldap_auth( 838 const ns_cred_t *cred, 839 const int flag, 840 ns_ldap_error_t **errorp, 841 LDAPControl **serverctrls, 842 LDAPControl **clientctrls); 843 844 int __ns_ldap_freeCred( 845 ns_cred_t **credp); 846 847 int __ns_ldap_err2str( 848 int err, 849 char **strmsg); 850 851 int __ns_ldap_setParam( 852 const ParamIndexType type, 853 const void *data, 854 ns_ldap_error_t **errorp); 855 856 int __ns_ldap_getParam( 857 const ParamIndexType type, 858 void ***data, 859 ns_ldap_error_t **errorp); 860 861 int __ns_ldap_freeParam( 862 void ***data); 863 864 char **__ns_ldap_getAttr( 865 const ns_ldap_entry_t *entry, 866 const char *attrname); 867 868 ns_ldap_attr_t *__ns_ldap_getAttrStruct( 869 const ns_ldap_entry_t *entry, 870 const char *attrname); 871 872 int __ns_ldap_getServiceAuthMethods( 873 const char *service, 874 ns_auth_t ***auth, 875 ns_ldap_error_t **errorp); 876 877 int __ns_ldap_getSearchDescriptors( 878 const char *service, 879 ns_ldap_search_desc_t ***desc, 880 ns_ldap_error_t **errorp); 881 882 int __ns_ldap_freeSearchDescriptors( 883 ns_ldap_search_desc_t ***desc); 884 885 int __ns_ldap_getAttributeMaps( 886 const char *service, 887 ns_ldap_attribute_map_t ***maps, 888 ns_ldap_error_t **errorp); 889 890 int __ns_ldap_freeAttributeMaps( 891 ns_ldap_attribute_map_t ***maps); 892 893 char **__ns_ldap_getMappedAttributes( 894 const char *service, 895 const char *origAttribute); 896 897 char **__ns_ldap_getOrigAttribute( 898 const char *service, 899 const char *mappedAttribute); 900 901 int __ns_ldap_getObjectClassMaps( 902 const char *service, 903 ns_ldap_objectclass_map_t ***maps, 904 ns_ldap_error_t **errorp); 905 906 int __ns_ldap_freeObjectClassMaps( 907 ns_ldap_objectclass_map_t ***maps); 908 909 char **__ns_ldap_getMappedObjectClass( 910 const char *service, 911 const char *origObjectClass); 912 913 char **__ns_ldap_getOrigObjectClass( 914 const char *service, 915 const char *mappedObjectClass); 916 917 int __ns_ldap_getParamType( 918 const char *value, 919 ParamIndexType *type); 920 921 int __ns_ldap_getAcctMgmt( 922 const char *user, 923 AcctUsableResponse_t *acctResp); 924 925 boolean_t __ns_ldap_is_shadow_update_enabled(void); 926 927 void 928 __ns_ldap_self_gssapi_only_set( 929 int flag); 930 int 931 __ns_ldap_self_gssapi_config( 932 ns_ldap_self_gssapi_config_t *config); 933 #ifdef __cplusplus 934 } 935 #endif 936 937 #endif /* _NS_SLDAP_H */ 938