xref: /titanic_41/usr/src/lib/libsldap/common/ns_sldap.h (revision cde2885fdf538266ee2a3b08dee2d5075ce8fa2b) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #ifndef	_NS_SLDAP_H
28 #define	_NS_SLDAP_H
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 #include <stdio.h>
35 #include <sys/types.h>
36 #include <lber.h>
37 #include <ldap.h>
38 
39 /*
40  * Version
41  */
42 #define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
43 #define	NS_LDAP_VERSION_1	"1.0"
44 #define	NS_LDAP_VERSION_2	"2.0"
45 
46 /*
47  * Flags
48  */
49 #define	NS_LDAP_HARD		  0x001
50 #define	NS_LDAP_ALL_RES		  0x002
51 
52 /* Search Referral Option */
53 typedef enum SearchRef {
54 	NS_LDAP_FOLLOWREF	= 0x004,
55 	NS_LDAP_NOREF		= 0x008
56 } SearchRef_t;
57 
58 typedef enum ScopeType {
59 	NS_LDAP_SCOPE_BASE	= 0x010,
60 	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
61 	NS_LDAP_SCOPE_SUBTREE	= 0x040
62 } ScopeType_t;
63 
64 /*
65  * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
66  * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
67  * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
68  * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
69  */
70 
71 #define	NS_LDAP_KEEP_CONN	  0x080
72 #define	NS_LDAP_NEW_CONN	  0x400
73 #define	NS_LDAP_NOMAP		  0x800
74 
75 #define	NS_LDAP_PAGE_CTRL	  0x1000
76 #define	NS_LDAP_NO_PAGE_CTRL	  0x0000
77 
78 /*
79  * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
80  * to retrieve the DN in LDAP and DN is not to be converted when
81  * being passed back to the application. See __ns_ldap_uid2dn()
82  * and __ns_ldap_host2dn() for such usage.
83  */
84 #define	NS_LDAP_NOT_CVT_DN	0x2000
85 
86 /*
87  * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
88  * __ns_ldap_repAttr() to update the shadow database on the
89  * LDAP server.
90  */
91 #define	NS_LDAP_UPDATE_SHADOW	0x4000
92 
93 /*
94  * Authentication Information
95  */
96 typedef enum CredLevel {
97 	NS_LDAP_CRED_ANON	= 0,
98 	NS_LDAP_CRED_PROXY	= 1,
99 	NS_LDAP_CRED_SELF	= 2
100 } CredLevel_t;
101 
102 typedef enum AuthType {
103 	NS_LDAP_AUTH_NONE	= 0,
104 	NS_LDAP_AUTH_SIMPLE	= 1,
105 	NS_LDAP_AUTH_SASL	= 2,
106 	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
107 	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
108 } AuthType_t;
109 
110 typedef enum TlsType {
111 	NS_LDAP_TLS_NONE	= 0,
112 	NS_LDAP_TLS_SIMPLE	= 1,
113 	NS_LDAP_TLS_SASL	= 2
114 } TlsType_t;
115 
116 typedef enum SaslMech {
117 	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
118 	NS_LDAP_SASL_CRAM_MD5	= 1,
119 	NS_LDAP_SASL_DIGEST_MD5	= 2,
120 	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
121 	NS_LDAP_SASL_GSSAPI	= 4,
122 	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
123 } SaslMech_t;
124 
125 typedef enum SaslOpt {
126 	NS_LDAP_SASLOPT_NONE	= 0,
127 	NS_LDAP_SASLOPT_INT	= 1,
128 	NS_LDAP_SASLOPT_PRIV	= 2
129 } SaslOpt_t;
130 
131 typedef enum PrefOnly {
132 	NS_LDAP_PREF_FALSE	= 0,
133 	NS_LDAP_PREF_TRUE	= 1
134 } PrefOnly_t;
135 
136 typedef enum enableShadowUpdate {
137 	NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE	= 0,
138 	NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE	= 1
139 } enableShadowUpdate_t;
140 
141 typedef struct UnixCred {
142 	char	*userID;	/* Unix ID number */
143 	char	*passwd;	/* password */
144 } UnixCred_t;
145 
146 typedef struct CertCred {
147 	char	*path;		/* certificate path */
148 	char	*passwd;	/* password */
149 	char	*nickname;	/* nickname */
150 } CertCred_t;
151 
152 typedef struct ns_auth {
153 	AuthType_t	type;
154 	TlsType_t	tlstype;
155 	SaslMech_t	saslmech;
156 	SaslOpt_t	saslopt;
157 } ns_auth_t;
158 
159 typedef struct ns_cred {
160 	ns_auth_t	auth;
161 	char		*hostcertpath;
162 	union {
163 		UnixCred_t	unix_cred;
164 		CertCred_t	cert_cred;
165 	} cred;
166 } ns_cred_t;
167 
168 
169 typedef struct LineBuf {
170 	char *str;
171 	int len;
172 	int alloc;
173 } LineBuf;
174 
175 /*
176  * Configuration Information
177  */
178 
179 typedef enum {
180 	NS_LDAP_FILE_VERSION_P		= 0,
181 	NS_LDAP_BINDDN_P		= 1,
182 	NS_LDAP_BINDPASSWD_P		= 2,
183 	NS_LDAP_SERVERS_P		= 3,
184 	NS_LDAP_SEARCH_BASEDN_P		= 4,
185 	NS_LDAP_AUTH_P			= 5,
186 /*
187  * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
188  * with version 1 clients and their configuration files.  The only
189  * supported value is NS_LDAP_SEC_NONE.  No application should be
190  * using this parameter type (either through getParam or setParam.
191  */
192 	NS_LDAP_TRANSPORT_SEC_P		= 6,
193 	NS_LDAP_SEARCH_REF_P		= 7,
194 	NS_LDAP_DOMAIN_P		= 8,
195 	NS_LDAP_EXP_P			= 9,
196 	NS_LDAP_CERT_PATH_P		= 10,
197 	NS_LDAP_CERT_PASS_P		= 11,
198 	NS_LDAP_SEARCH_DN_P		= 12,
199 	NS_LDAP_SEARCH_SCOPE_P		= 13,
200 	NS_LDAP_SEARCH_TIME_P		= 14,
201 	NS_LDAP_SERVER_PREF_P		= 15,
202 	NS_LDAP_PREF_ONLY_P		= 16,
203 	NS_LDAP_CACHETTL_P		= 17,
204 	NS_LDAP_PROFILE_P		= 18,
205 	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
206 	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
207 	NS_LDAP_BIND_TIME_P		= 21,
208 	NS_LDAP_ATTRIBUTEMAP_P		= 22,
209 	NS_LDAP_OBJECTCLASSMAP_P	= 23,
210 	NS_LDAP_CERT_NICKNAME_P		= 24,
211 	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
212 	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
213 	NS_LDAP_HOST_CERTPATH_P		= 27,
214 	NS_LDAP_ENABLE_SHADOW_UPDATE_P	= 28,
215 	NS_LDAP_ADMIN_BINDDN_P		= 29,
216 	NS_LDAP_ADMIN_BINDPASSWD_P	= 30,
217 /*
218  * The following entry (max ParamIndexType) is an internal
219  * placeholder.  It must be the last (and highest value)
220  * entry in this eNum.  Please update accordingly.
221  */
222 	NS_LDAP_MAX_PIT_P		= 31
223 
224 } ParamIndexType;
225 
226 /*
227  * NONE - No self / SASL/GSSAPI configured
228  * ONLY - Only self / SASL/GSSAPI configured
229  * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
230  */
231 typedef enum {
232 	NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
233 	NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
234 	NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
235 } ns_ldap_self_gssapi_config_t;
236 
237 /*
238  * __ns_ldap_*() return codes
239  */
240 typedef enum {
241 	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
242 	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
243 	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
244 	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
245 	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
246 	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
247 	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
248 	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
249 	NS_LDAP_SUCCESS_WITH_INFO
250 				= 9  /* success, with info in errorp */
251 } ns_ldap_return_code;
252 
253 /*
254  * Detailed error code for NS_LDAP_CONFIG
255  */
256 typedef enum {
257 	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
258 	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
259 	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
260 	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
261 	NS_CONFIG_FILE		= 4,	/* configuration file problem */
262 	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
263 } ns_ldap_config_return_code;
264 
265 /*
266  * Detailed error code for NS_LDAP_PARTIAL
267  */
268 typedef enum {
269 	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
270 	NS_PARTIAL_OTHER	= 1	/* error encountered */
271 } ns_ldap_partial_return_code;
272 
273 /*
274  * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
275  */
276 typedef enum {
277 	NS_HOSTCRED_FALSE = 0,
278 	NS_HOSTCRED_TRUE  = 1
279 } hostcred_t;
280 
281 /*
282  * Detailed password status
283  */
284 typedef enum {
285 	NS_PASSWD_GOOD			= 0,	/* password is good */
286 	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
287 						/* about to expire */
288 	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
289 						/* changed immediately */
290 	NS_PASSWD_EXPIRED		= 3,	/* password expired */
291 	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
292 						/* account is locked */
293 	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
294 						/* by the administrator */
295 	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
296 						/* new password has */
297 						/* invalid syntax -- */
298 						/* trivial password: same */
299 						/* value as attr, cn, sn, */
300 						/* uid, etc. */
301 						/* or strong password */
302 						/* policies check */
303 	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
304 						/* new password has */
305 						/* less chars than */
306 						/* required */
307 	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
308 						/* reuse old password  */
309 	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
310 						/* within minimum age  */
311 } ns_ldap_passwd_status_t;
312 
313 /*
314  * Password management information structure
315  *
316  * This structure is different from AcctUsableResponse_t structure in
317  * that this structure holds result of users account mgmt information when
318  * an ldap bind is done with user name and user password.
319  */
320 typedef struct ns_ldap_passwd_mgmt {
321 	ns_ldap_passwd_status_t
322 		status;			/* password status */
323 	int	sec_until_expired;	/* seconds until expired, */
324 					/* valid if status is */
325 					/* NS_PASSWD_ABOUT_TO_EXPIRE */
326 } ns_ldap_passwd_mgmt_t;
327 
328 /*
329  * LDAP V3 control flag for account management - Used for account management
330  * when no password is provided
331  */
332 #define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"
333 
334 /*
335  * Structure for holding the response returned by server for
336  * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
337  */
338 typedef struct AcctUsableMoreInfo {
339 	int inactive;
340 	int reset;
341 	int expired;
342 	int rem_grace;
343 	int sec_b4_unlock;
344 } AcctUsableMoreInfo_t;
345 
346 /*
347  * Structure used to hold the response from the server for
348  * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
349  *
350  * ACCOUNT_USABLE_RESPONSE::= CHOICE {
351  * is_available		[0] INTEGER, seconds before expiration
352  * is_not_available	[1] More_info
353  * }
354  *
355  * More_info::= SEQUENCE {
356  * inactive		[0] BOOLEAN DEFAULT FALSE,
357  * reset		[1] BOOLEAN DEFAULT FALSE,
358  * expired		[2] BOOLEAN DEFAULT FALSE,
359  * remaining_grace	[3] INTEGER OPTIONAL,
360  * seconds_before_unlock[4] INTEGER OPTIONAL
361  * }
362  *
363  * This structure is different from ns_ldap_passwd_mgmt_t structure in
364  * that this structure holds result of users account mgmt information when
365  * pam_ldap doesn't have the users password and proxy agent is used for
366  * obtaining the account management information.
367  */
368 typedef struct AcctUsableResponse {
369 	int choice;
370 	union {
371 		int seconds_before_expiry;
372 		AcctUsableMoreInfo_t more_info;
373 	} AcctUsableResp;
374 } AcctUsableResponse_t;
375 
376 /*
377  * Simplified LDAP Naming API result structure
378  */
379 typedef struct ns_ldap_error {
380 	int	status;				/* LDAP error code */
381 	char	*message;			/* LDAP error message */
382 	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
383 						/* management info */
384 } ns_ldap_error_t;
385 
386 typedef struct	 ns_ldap_attr {
387 	char	*attrname;			/* attribute name */
388 	uint_t	value_count;
389 	char	**attrvalue;			/* attribute values */
390 } ns_ldap_attr_t;
391 
392 typedef struct ns_ldap_entry {
393 	uint_t		attr_count;		/* number of attributes */
394 	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
395 	struct ns_ldap_entry *next;		/* next entry */
396 } ns_ldap_entry_t;
397 
398 typedef struct ns_ldap_result {
399 	uint_t	entries_count;		/* number of entries */
400 	ns_ldap_entry_t	*entry;		/* data */
401 } ns_ldap_result_t;
402 
403 /*
404  * structures for the conversion routines used by typedAddEntry()
405  */
406 
407 typedef struct _ns_netgroups {
408 	char  *name;
409 	char  **triplet;
410 	char  **netgroup;
411 } _ns_netgroups_t;
412 
413 typedef struct _ns_netmasks {
414 	char *netnumber;
415 	char *netmask;
416 } _ns_netmasks_t;
417 
418 typedef struct _ns_bootp {
419 	char *name;
420 	char **param;
421 } _ns_bootp_t;
422 
423 typedef struct _ns_ethers {
424 	char *name;
425 	char *ether;
426 } _ns_ethers_t;
427 
428 typedef struct _ns_pubkey {
429 	char *name;
430 	hostcred_t hostcred;
431 	char *pubkey;
432 	char *privkey;
433 } _ns_pubkey_t;
434 
435 typedef struct _ns_alias {
436 	char *alias;
437 	char **member;
438 } _ns_alias_t;
439 
440 typedef struct _ns_automount {
441 	char *mapname;
442 	char *key;
443 	char *value;
444 } _ns_automount_t;
445 
446 /*
447  * return values for the callback function in __ns_ldap_list()
448  */
449 #define	NS_LDAP_CB_NEXT	0	/* get the next entry */
450 #define	NS_LDAP_CB_DONE	1	/* done */
451 
452 /*
453  * Input values for the type specified in __ns_ldap_addTypedEntry()
454  * and __ns_ldap_delTypedEntry()
455  */
456 
457 #define	NS_LDAP_TYPE_PASSWD	"passwd"
458 #define	NS_LDAP_TYPE_GROUP	"group"
459 #define	NS_LDAP_TYPE_HOSTS	"hosts"
460 #define	NS_LDAP_TYPE_IPNODES	"ipnodes"
461 #define	NS_LDAP_TYPE_PROFILE	"prof_attr"
462 #define	NS_LDAP_TYPE_RPC	"rpc"
463 #define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
464 #define	NS_LDAP_TYPE_NETWORKS	"networks"
465 #define	NS_LDAP_TYPE_NETGROUP	"netgroup"
466 #define	NS_LDAP_TYPE_ALIASES	"aliases"
467 #define	NS_LDAP_TYPE_SERVICES	"services"
468 #define	NS_LDAP_TYPE_ETHERS	"ethers"
469 #define	NS_LDAP_TYPE_SHADOW	"shadow"
470 #define	NS_LDAP_TYPE_NETMASKS	"netmasks"
471 #define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
472 #define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
473 #define	NS_LDAP_TYPE_USERATTR	"user_attr"
474 #define	NS_LDAP_TYPE_PROJECT	"project"
475 #define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
476 #define	NS_LDAP_TYPE_AUUSER	"audit_user"
477 #define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
478 #define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
479 #define	NS_LDAP_TYPE_TNRHDB	"tnrhdb"
480 #define	NS_LDAP_TYPE_TNRHTP	"tnrhtp"
481 
482 /*
483  * service descriptor/attribute mapping structure
484  */
485 
486 typedef struct ns_ldap_search_desc {
487 	char		*basedn;	/* search base dn */
488 	ScopeType_t	scope;		/* search scope */
489 	char		*filter;	/* search filter */
490 } ns_ldap_search_desc_t;
491 
492 typedef struct ns_ldap_attribute_map {
493 	char		*origAttr;	/* original attribute */
494 	char		**mappedAttr;	/* mapped attribute(s) */
495 } ns_ldap_attribute_map_t;
496 
497 typedef struct ns_ldap_objectclass_map {
498 	char		*origOC;	/* original objectclass */
499 	char		*mappedOC;	/* mapped objectclass */
500 } ns_ldap_objectclass_map_t;
501 
502 /*
503  * Value of the userPassword attribute representing NO Unix password
504  */
505 #define	NS_LDAP_NO_UNIX_PASSWORD	"<NO UNIX PASSWORD>"
506 
507 /* Opaque handle for batch API */
508 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
509 
510 /*
511  * The type of standalone configuration specified by a client application.
512  * The meaning of the requests is as follows:
513  *
514  * NS_CACHEMGR:    libsldap will request all the configuration via door_call(3C)
515  *                 to ldap_cachemgr.
516  * NS_LDAP_SERVER: the consumer application has specified a directory server
517  *                 to communicate to.
518  * NS_PREDEFINED:  reserved for internal use
519  */
520 typedef enum {
521 	NS_CACHEMGR = 0,
522 	NS_LDAP_SERVER
523 } ns_standalone_request_type_t;
524 
525 /*
526  * This structure describes an LDAP server specified by a client application.
527  */
528 typedef struct ns_dir_server {
529 	char *server;			/* A directory server's IP */
530 	uint16_t port;			/* A directory server's port. */
531 					/* Default value is 389 */
532 	char *domainName;		/* A domain name being served */
533 					/* by the specified server. */
534 					/* Default value is the local */
535 					/* domain's name */
536 	char *profileName;		/* A DUAProfile's name. */
537 					/* Default value is 'default' */
538 	ns_auth_t *auth;		/* Authentication information used */
539 					/* during subsequent connections */
540 	char *cred;			/* A credential level to be used */
541 					/* along with the authentication info */
542 	char *host_cert_path;		/* A path to the certificate database */
543 					/* Default is '/vat/ldap' */
544 	char *bind_dn;			/* A bind DN to be used during */
545 					/* subsequent LDAP Bind requests */
546 	char *bind_passwd;		/* A bind password to be used during */
547 					/* subsequent LDAP Bind requests */
548 } ns_dir_server_t;
549 
550 /*
551  * This structure contains information describing an LDAP server.
552  */
553 typedef struct ns_standalone_conf {
554 	union {
555 		ns_dir_server_t server;
556 		void *predefined_conf;	/* Reserved for internal use */
557 	} ds_profile;			/* A type of the configuration */
558 
559 #define	SA_SERVER	ds_profile.server.server
560 #define	SA_PORT		ds_profile.server.port
561 #define	SA_DOMAIN	ds_profile.server.domainName
562 #define	SA_PROFILE_NAME	ds_profile.server.profileName
563 #define	SA_AUTH		ds_profile.server.auth
564 #define	SA_CRED		ds_profile.server.cred
565 #define	SA_CERT_PATH	ds_profile.server.host_cert_path
566 #define	SA_BIND_DN	ds_profile.server.bind_dn
567 #define	SA_BIND_PWD	ds_profile.server.bind_passwd
568 
569 	ns_standalone_request_type_t type;
570 } ns_standalone_conf_t;
571 
572 /*
573  * This function "informs" libsldap that a client application has specified
574  * a directory to use. The function obtains a DUAProfile, credentials,
575  * and naming context. During all further operations on behalf
576  * of the application requested a standalone schema libsldap will use
577  * the information obtained by __ns_ldap_initStandalone() instead of
578  * door_call(3C)ing ldap_cachemgr(1M).
579  *
580  * conf
581  * 	A structure describing where and in which way to obtain all the
582  * 	configuration describing how to communicate to a choosen LDAP directory.
583  *
584  * errorp
585  * 	An error object describing an error occured.
586  */
587 ns_ldap_return_code __ns_ldap_initStandalone(
588 	const ns_standalone_conf_t *conf,
589 	ns_ldap_error_t	**errorp);
590 
591 /*
592  * This function obtains the directory's base DN and a DUAProfile
593  * from a specified server.
594  *
595  * server
596  * 	Specifies the selected directory sever.
597  *
598  * cred
599  * 	Contains an authentication information and credential required to
600  * 	establish a connection.
601  *
602  * config
603  * 	If not NULL, a new configuration basing on a DUAProfile specified in the
604  * 	server parameter will be create and returned.
605  *
606  * baseDN
607  * 	If not NULL, the directory's base DN will be returned.
608  *
609  * error
610  * 	Describes an error, if any.
611  */
612 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
613 	const ns_dir_server_t *server,
614 	const ns_cred_t *cred,
615 	char **config,	char **baseDN,
616 	ns_ldap_error_t **error);
617 
618 #define	SA_PROHIBIT_FALLBACK 0
619 #define	SA_ALLOW_FALLBACK 1
620 
621 #define	DONT_SAVE_NSCONF 0
622 #define	SAVE_NSCONF 1
623 
624 /*
625  * This function obtains the root DSE from a specified server.
626  *
627  * server_addr
628  * 	An adress of a server to be connected to.
629  *
630  * rootDSE
631  * 	A buffer containing the root DSE in the ldap_cachmgr door call format.
632  *
633  * errorp
634  * 	Describes an error, if any.
635  *
636  * anon_fallback
637  * 	If set to 1 and establishing a connection fails, __s_api_getRootDSE()
638  * 	will try once again using anonymous credentials.
639  */
640 ns_ldap_return_code __ns_ldap_getRootDSE(
641 	const char *server_addr,
642 	char **rootDSE,
643 	ns_ldap_error_t **errorp,
644 	int anon_fallback);
645 
646 /*
647  * This function iterates through the list of the configured LDAP servers
648  * and "pings" those which are marked as removed or if any error occurred
649  * during the previous receiving of the server's root DSE. If the
650  * function is able to reach such a server and get its root DSE, it
651  * marks the server as on-line. Otherwise, the server's status is set
652  * to "Error".
653  * For each server the function tries to connect to, it fires up
654  * a separate thread and then waits until all the threads finish.
655  * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
656  * initialized or was canceled prior to an invocation of
657  * __ns_ldap_pingOfflineServers().
658  */
659 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
660 
661 /*
662  * This function cancels the Standalone mode and destroys the list of root DSEs.
663  */
664 void __ns_ldap_cancelStandalone(void);
665 /*
666  * This function initializes an ns_auth_t structure provided by a caller
667  * according to a specified authentication mechanism.
668  */
669 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
670 	ns_auth_t *auth,
671 	ns_ldap_error_t **errorp);
672 
673 /*
674  * Simplified LDAP Naming APIs
675  */
676 int __ns_ldap_list(
677 	const char *service,
678 	const char *filter,
679 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
680 			char **realfilter, const void *userdata),
681 	const char * const *attribute,
682 	const ns_cred_t *cred,
683 	const int flags,
684 	ns_ldap_result_t ** result,
685 	ns_ldap_error_t ** errorp,
686 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
687 	const void *userdata);
688 
689 int __ns_ldap_list_batch_start(
690 	ns_ldap_list_batch_t **batch);
691 
692 int __ns_ldap_list_batch_add(
693 	ns_ldap_list_batch_t *batch,
694 	const char *service,
695 	const char *filter,
696 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
697 			char **realfilter, const void *userdata),
698 	const char * const *attribute,
699 	const ns_cred_t *cred,
700 	const int flags,
701 	ns_ldap_result_t ** result,
702 	ns_ldap_error_t ** errorp,
703 	int *rcp,
704 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
705 	const void *userdata);
706 
707 int __ns_ldap_list_batch_end(
708 	ns_ldap_list_batch_t *batch);
709 
710 void __ns_ldap_list_batch_release(
711 	ns_ldap_list_batch_t *batch);
712 
713 int  __ns_ldap_addAttr(
714 	const char *service,
715 	const char *dn,
716 	const ns_ldap_attr_t * const *attr,
717 	const ns_cred_t *cred,
718 	const int flags,
719 	ns_ldap_error_t **errorp);
720 
721 int __ns_ldap_delAttr(
722 	const char *service,
723 	const char *dn,
724 	const ns_ldap_attr_t * const *attr,
725 	const ns_cred_t *cred,
726 	const int flags,
727 	ns_ldap_error_t **errorp);
728 
729 int  __ns_ldap_repAttr(
730 	const char *service,
731 	const char *dn,
732 	const ns_ldap_attr_t * const *attr,
733 	const ns_cred_t *cred,
734 	const int flags,
735 	ns_ldap_error_t **errorp);
736 
737 int  __ns_ldap_addEntry(
738 	const char *service,
739 	const char *dn,
740 	const ns_ldap_entry_t *entry,
741 	const ns_cred_t *cred,
742 	const int flags,
743 	ns_ldap_error_t **errorp);
744 
745 int  __ns_ldap_addTypedEntry(
746 	const char *servicetype,
747 	const char *basedn,
748 	const void *data,
749 	const int  create,
750 	const ns_cred_t *cred,
751 	const int flags,
752 	ns_ldap_error_t **errorp);
753 
754 int __ns_ldap_delEntry(
755 	const char *service,
756 	const char *dn,
757 	const ns_cred_t *cred,
758 	const int flags,
759 	ns_ldap_error_t **errorp);
760 
761 int __ns_ldap_firstEntry(
762 	const char *service,
763 	const char *filter,
764 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
765 			char **realfilter, const void *userdata),
766 	const char * const *attribute,
767 	const ns_cred_t *cred,
768 	const int flags,
769 	void **cookie,
770 	ns_ldap_result_t ** result,
771 	ns_ldap_error_t **errorp,
772 	const void *userdata);
773 
774 int  __ns_ldap_nextEntry(
775 	void *cookie,
776 	ns_ldap_result_t ** result,
777 	ns_ldap_error_t **errorp);
778 
779 int  __ns_ldap_endEntry(
780 	void **cookie,
781 	ns_ldap_error_t **errorp);
782 
783 int __ns_ldap_freeResult(
784 	ns_ldap_result_t **result);
785 
786 int __ns_ldap_freeError(
787 	ns_ldap_error_t **errorp);
788 
789 int  __ns_ldap_uid2dn(
790 	const char *uid,
791 	char **userDN,
792 	const ns_cred_t *cred,
793 	ns_ldap_error_t ** errorp);
794 
795 int  __ns_ldap_host2dn(
796 	const char *host,
797 	const char *domain,
798 	char **hostDN,
799 	const ns_cred_t *cred,
800 	ns_ldap_error_t ** errorp);
801 
802 int  __ns_ldap_dn2domain(
803 	const char *dn,
804 	char **domain,
805 	const ns_cred_t *cred,
806 	ns_ldap_error_t ** errorp);
807 
808 int __ns_ldap_auth(
809 	const ns_cred_t *cred,
810 	const int flag,
811 	ns_ldap_error_t **errorp,
812 	LDAPControl **serverctrls,
813 	LDAPControl **clientctrls);
814 
815 int __ns_ldap_freeCred(
816 	ns_cred_t **credp);
817 
818 int __ns_ldap_err2str(
819 	int err,
820 	char **strmsg);
821 
822 int __ns_ldap_setParam(
823 	const ParamIndexType type,
824 	const void *data,
825 	ns_ldap_error_t **errorp);
826 
827 int __ns_ldap_getParam(
828 	const ParamIndexType type,
829 	void ***data,
830 	ns_ldap_error_t **errorp);
831 
832 int __ns_ldap_freeParam(
833 	void ***data);
834 
835 char **__ns_ldap_getAttr(
836 	const ns_ldap_entry_t *entry,
837 	const char *attrname);
838 
839 ns_ldap_attr_t	*__ns_ldap_getAttrStruct(
840 	const ns_ldap_entry_t *entry,
841 	const char *attrname);
842 
843 int __ns_ldap_getServiceAuthMethods(
844 	const char *service,
845 	ns_auth_t ***auth,
846 	ns_ldap_error_t **errorp);
847 
848 int __ns_ldap_getSearchDescriptors(
849 	const char *service,
850 	ns_ldap_search_desc_t ***desc,
851 	ns_ldap_error_t **errorp);
852 
853 int __ns_ldap_freeSearchDescriptors(
854 	ns_ldap_search_desc_t ***desc);
855 
856 int __ns_ldap_getAttributeMaps(
857 	const char *service,
858 	ns_ldap_attribute_map_t ***maps,
859 	ns_ldap_error_t **errorp);
860 
861 int __ns_ldap_freeAttributeMaps(
862 	ns_ldap_attribute_map_t ***maps);
863 
864 char **__ns_ldap_getMappedAttributes(
865 	const char *service,
866 	const char *origAttribute);
867 
868 char **__ns_ldap_getOrigAttribute(
869 	const char *service,
870 	const char *mappedAttribute);
871 
872 int __ns_ldap_getObjectClassMaps(
873 	const char *service,
874 	ns_ldap_objectclass_map_t ***maps,
875 	ns_ldap_error_t **errorp);
876 
877 int __ns_ldap_freeObjectClassMaps(
878 	ns_ldap_objectclass_map_t ***maps);
879 
880 char **__ns_ldap_getMappedObjectClass(
881 	const char *service,
882 	const char *origObjectClass);
883 
884 char **__ns_ldap_getOrigObjectClass(
885 	const char *service,
886 	const char *mappedObjectClass);
887 
888 int __ns_ldap_getParamType(
889 	const char *value,
890 	ParamIndexType *type);
891 
892 int __ns_ldap_getAcctMgmt(
893 	const char *user,
894 	AcctUsableResponse_t *acctResp);
895 
896 boolean_t __ns_ldap_is_shadow_update_enabled();
897 
898 void
899 __ns_ldap_self_gssapi_only_set(
900 	int flag);
901 int
902 __ns_ldap_self_gssapi_config(
903 	ns_ldap_self_gssapi_config_t *config);
904 #ifdef __cplusplus
905 }
906 #endif
907 
908 #endif /* _NS_SLDAP_H */
909