xref: /titanic_51/usr/src/head/ldap.h (revision ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2ab)
1 /*
2  * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
3  * Copyright 2001-2003 Sun Microsystems, Inc.  All rights reserved.
4  * Use is subject to license terms.
5  */
6 
7 /*
8  * The contents of this file are subject to the Netscape Public
9  * License Version 1.1 (the "License"); you may not use this file
10  * except in compliance with the License. You may obtain a copy of
11  * the License at http://www.mozilla.org/NPL/
12  *
13  * Software distributed under the License is distributed on an "AS
14  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
15  * implied. See the License for the specific language governing
16  * rights and limitations under the License.
17  *
18  * The Original Code is Mozilla Communicator client code, released
19  * March 31, 1998.
20  *
21  * The Initial Developer of the Original Code is Netscape
22  * Communications Corporation. Portions created by Netscape are
23  * Copyright (C) 1998-1999 Netscape Communications Corporation. All
24  * Rights Reserved.
25  *
26  * Contributor(s):
27  */
28 
29 #ifndef	_LDAP_H
30 #define	_LDAP_H
31 
32 #ifdef	__cplusplus
33 extern "C" {
34 #endif
35 
36 #ifndef	_SOLARIS_SDK
37 #define	_SOLARIS_SDK
38 #endif
39 
40 #ifndef	LDAP_TYPE_TIMEVAL_DEFINED
41 #include <sys/time.h>
42 #endif
43 #ifndef	LDAP_TYPE_SOCKET_DEFINED	/* API extension */
44 #include <sys/types.h>
45 #include <sys/socket.h>
46 #endif
47 
48 #include <lber.h>
49 
50 #define	LDAP_PORT		389
51 #define	LDAPS_PORT		636
52 #define	LDAP_PORT_MAX		65535		/* API extension */
53 #define	LDAP_VERSION1   	1		/* API extension */
54 #define	LDAP_VERSION2   	2
55 #define	LDAP_VERSION3   	3
56 #define	LDAP_VERSION    	LDAP_VERSION2	/* API extension */
57 #define	LDAP_VERSION_MIN	LDAP_VERSION3
58 #define	LDAP_VERSION_MAX	LDAP_VERSION3
59 
60 #define	LDAP_VENDOR_VERSION	500	/* version # * 100 */
61 #define	LDAP_VENDOR_NAME	"Sun Microsystems Inc."
62 /*
63  * The following will be an RFC number once the LDAP C API Internet Draft
64  * is published as a Proposed Standard RFC.  For now we use 2000 + the
65  * draft revision number (currently 5) since we are close to compliance
66  * with revision 5 of the draft.
67  */
68 #define	LDAP_API_VERSION	2005
69 
70 /*
71  * C LDAP features we support that are not (yet) part of the LDAP C API
72  * Internet Draft.  Use the ldap_get_option() call with an option value of
73  * LDAP_OPT_API_FEATURE_INFO to retrieve information about a feature.
74  *
75  * Note that this list is incomplete; it includes only the most widely
76  * used extensions.  Also, the version is 1 for all of these for now.
77  */
78 #define	LDAP_API_FEATURE_SERVER_SIDE_SORT	1
79 #define	LDAP_API_FEATURE_VIRTUAL_LIST_VIEW	1
80 #define	LDAP_API_FEATURE_PERSISTENT_SEARCH	1
81 #define	LDAP_API_FEATURE_PROXY_AUTHORIZATION	1
82 #define	LDAP_API_FEATURE_X_LDERRNO		1
83 #define	LDAP_API_FEATURE_X_MEMCACHE		1
84 #define	LDAP_API_FEATURE_X_IO_FUNCTIONS		1
85 #define	LDAP_API_FEATURE_X_EXTIO_FUNCTIONS	1
86 #define	LDAP_API_FEATURE_X_DNS_FUNCTIONS	1
87 #define	LDAP_API_FEATURE_X_MEMALLOC_FUNCTIONS	1
88 #define	LDAP_API_FEATURE_X_THREAD_FUNCTIONS	1
89 #define	LDAP_API_FEATURE_X_EXTHREAD_FUNCTIONS	1
90 #define	LDAP_API_FEATURE_X_GETLANGVALUES	1
91 #define	LDAP_API_FEATURE_X_CLIENT_SIDE_SORT	1
92 #define	LDAP_API_FEATURE_X_URL_FUNCTIONS	1
93 #define	LDAP_API_FEATURE_X_FILTER_FUNCTIONS	1
94 
95 #define	LDAP_ROOT_DSE		""		/* API extension */
96 #define	LDAP_NO_ATTRS		"1.1"
97 #define	LDAP_ALL_USER_ATTRS	"*"
98 
99 /*
100  * Standard options (used with ldap_set_option() and ldap_get_option):
101  */
102 #define	LDAP_OPT_API_INFO		0x00	/*  0 */
103 #define	LDAP_OPT_DESC			0x01	/*  1 */
104 #define	LDAP_OPT_DEREF			0x02	/*  2 */
105 #define	LDAP_OPT_SIZELIMIT		0x03	/*  3 */
106 #define	LDAP_OPT_TIMELIMIT		0x04	/*  4 */
107 #define	LDAP_OPT_REFERRALS		0x08	/*  8 */
108 #define	LDAP_OPT_RESTART		0x09	/*  9 */
109 #define	LDAP_OPT_PROTOCOL_VERSION	0x11	/* 17 */
110 #define	LDAP_OPT_SERVER_CONTROLS	0x12	/* 18 */
111 #define	LDAP_OPT_CLIENT_CONTROLS	0x13	/* 19 */
112 #define	LDAP_OPT_API_FEATURE_INFO	0x15	/* 21 */
113 #define	LDAP_OPT_HOST_NAME		0x30	/* 48 */
114 #define	LDAP_OPT_ERROR_NUMBER		0x31	/* 49 */
115 #define	LDAP_OPT_ERROR_STRING		0x32	/* 50 */
116 #define	LDAP_OPT_MATCHED_DN		0x33	/* 51 */
117 
118 /*
119  * Well-behaved private and experimental extensions will use option values
120  * between 0x4000 (16384) and 0x7FFF (32767) inclusive.
121  */
122 #define	LDAP_OPT_PRIVATE_EXTENSION_BASE	0x4000	/* to 0x7FFF inclusive */
123 /*
124  * Special timeout values for poll and connect:
125  */
126 #define	LDAP_X_IO_TIMEOUT_NO_WAIT	0	/* return immediately */
127 #define	LDAP_X_IO_TIMEOUT_NO_TIMEOUT    (-1)    /* block indefinitely */
128 /*
129  * Timeout value for nonblocking connect call
130  */
131 #define	LDAP_X_OPT_CONNECT_TIMEOUT    (LDAP_OPT_PRIVATE_EXTENSION_BASE + 0x0F01)
132 	/* 0x4000 + 0x0F01 = 0x4F01 = 20225 - API extension */
133 
134 /* for on/off options */
135 #define	LDAP_OPT_ON	((void *)1)
136 #define	LDAP_OPT_OFF	((void *)0)
137 
138 typedef struct ldap	LDAP;		/* opaque connection handle */
139 typedef struct ldapmsg  LDAPMessage;    /* opaque result/entry handle */
140 
141 #define	NULLMSG ((LDAPMessage *)0)
142 
143 /* structure representing an LDAP modification */
144 typedef struct ldapmod {
145 	int		mod_op;		/* kind of mod + form of values */
146 #define	LDAP_MOD_ADD		0x00
147 #define	LDAP_MOD_DELETE		0x01
148 #define	LDAP_MOD_REPLACE	0x02
149 #define	LDAP_MOD_BVALUES	0x80
150 	char			*mod_type;	/* attribute name to modify */
151 	union mod_vals_u {
152 		char		**modv_strvals;
153 		struct berval   **modv_bvals;
154 	} mod_vals;		/* values to add/delete/replace */
155 #define	mod_values	mod_vals.modv_strvals
156 #define	mod_bvalues	mod_vals.modv_bvals
157 } LDAPMod;
158 
159 
160 /*
161  * structure for holding ldapv3 controls
162  */
163 typedef struct ldapcontrol {
164     char		*ldctl_oid;
165     struct berval	ldctl_value;
166     char		ldctl_iscritical;
167 } LDAPControl;
168 
169 
170 /*
171  * LDAP API information.  Can be retrieved by using a sequence like:
172  *
173  *    LDAPAPIInfo ldai;
174  *    ldai.ldapai_info_version = LDAP_API_INFO_VERSION;
175  *    if ( ldap_get_option( NULL, LDAP_OPT_API_INFO, &ldia ) == 0 ) ...
176  */
177 #define	LDAP_API_INFO_VERSION		1
178 typedef struct ldapapiinfo {
179     int	 ldapai_info_version;	  /* version of this struct (1) */
180     int	ldapai_api_version;	/* revision of API supported */
181     int  ldapai_protocol_version; /* highest LDAP version supported */
182     char **ldapai_extensions;	/* names of API extensions */
183     char *ldapai_vendor_name;	/* name of supplier */
184     int  ldapai_vendor_version;   /* supplier-specific version times 100 */
185 } LDAPAPIInfo;
186 
187 
188 /*
189  * LDAP API extended features info.  Can be retrieved by using a sequence like:
190  *
191  *    LDAPAPIFeatureInfo ldfi;
192  *    ldfi.ldapaif_info_version = LDAP_FEATURE_INFO_VERSION;
193  *    ldfi.ldapaif_name = "VIRTUAL_LIST_VIEW";
194  *    if ( ldap_get_option( NULL, LDAP_OPT_API_FEATURE_INFO, &ldfi ) == 0 ) ...
195  */
196 #define	LDAP_FEATURE_INFO_VERSION	1
197 typedef struct ldap_apifeature_info {
198     int   ldapaif_info_version;	/* version of this struct (1) */
199     char  *ldapaif_name;	/* name of supported feature */
200     int   ldapaif_version;	/* revision of supported feature */
201 } LDAPAPIFeatureInfo;
202 
203 
204 /* possible result types a server can return */
205 #define	LDAP_RES_BIND			0x61	/* 97 */
206 #define	LDAP_RES_SEARCH_ENTRY		0x64	/* 100 */
207 #define	LDAP_RES_SEARCH_RESULT		0x65	/* 101 */
208 #define	LDAP_RES_MODIFY			0x67	/* 103 */
209 #define	LDAP_RES_ADD			0x69	/* 105 */
210 #define	LDAP_RES_DELETE			0x6b	/* 107 */
211 #define	LDAP_RES_MODDN			0x6d	/* 109 */
212 #define	LDAP_RES_COMPARE		0x6f	/* 111 */
213 #define	LDAP_RES_SEARCH_REFERENCE	0x73	/* 115 */
214 #define	LDAP_RES_EXTENDED		0x78	/* 120 */
215 
216 /* Special values for ldap_result() "msgid" parameter */
217 #define	LDAP_RES_ANY			(-1)
218 #define	LDAP_RES_UNSOLICITED		0
219 
220 /* built-in SASL methods */
221 #define	LDAP_SASL_SIMPLE	0	/* special value used for simple bind */
222 #define	LDAP_SASL_EXTERNAL	"EXTERNAL"	/* TLS/SSL extension */
223 
224 #ifdef	_SOLARIS_SDK
225 #define	LDAP_SASL_CRAM_MD5	"CRAM-MD5"
226 #define	LDAP_SASL_DIGEST_MD5 	"DIGEST-MD5"
227 #define	LDAP_SASL_BIND_INPROGRESS	0x0e    /* for backward compatibility */
228 #endif
229 
230 /* search scopes */
231 #define	LDAP_SCOPE_BASE		0x00
232 #define	LDAP_SCOPE_ONELEVEL	0x01
233 #define	LDAP_SCOPE_SUBTREE	0x02
234 
235 /* alias dereferencing */
236 #define	LDAP_DEREF_NEVER	0
237 #define	LDAP_DEREF_SEARCHING	1
238 #define	LDAP_DEREF_FINDING	2
239 #define	LDAP_DEREF_ALWAYS	3
240 
241 /* predefined size/time limits */
242 #define	LDAP_NO_LIMIT		0
243 
244 /* allowed values for "all" ldap_result() parameter */
245 #define	LDAP_MSG_ONE		0
246 #define	LDAP_MSG_ALL		1
247 #define	LDAP_MSG_RECEIVED	2
248 
249 /* possible error codes we can be returned */
250 #define	LDAP_SUCCESS			0x00	/* 0 */
251 #define	LDAP_OPERATIONS_ERROR		0x01	/* 1 */
252 #define	LDAP_PROTOCOL_ERROR		0x02	/* 2 */
253 #define	LDAP_TIMELIMIT_EXCEEDED		0x03	/* 3 */
254 #define	LDAP_SIZELIMIT_EXCEEDED		0x04	/* 4 */
255 #define	LDAP_COMPARE_FALSE		0x05	/* 5 */
256 #define	LDAP_COMPARE_TRUE		0x06	/* 6 */
257 #define	LDAP_STRONG_AUTH_NOT_SUPPORTED	0x07	/* 7 */
258 #define	LDAP_STRONG_AUTH_REQUIRED	0x08	/* 8 */
259 #define	LDAP_PARTIAL_RESULTS		0x09	/* 9 (UMich LDAPv2 extn) */
260 #define	LDAP_REFERRAL			0x0a	/* 10 - LDAPv3 */
261 #define	LDAP_ADMINLIMIT_EXCEEDED	0x0b	/* 11 - LDAPv3 */
262 #define	LDAP_UNAVAILABLE_CRITICAL_EXTENSION  0x0c /* 12 - LDAPv3 */
263 #define	LDAP_CONFIDENTIALITY_REQUIRED	0x0d	/* 13 */
264 #define	LDAP_SASL_BIND_IN_PROGRESS	0x0e	/* 14 - LDAPv3 */
265 
266 #define	LDAP_NO_SUCH_ATTRIBUTE		0x10	/* 16 */
267 #define	LDAP_UNDEFINED_TYPE		0x11	/* 17 */
268 #define	LDAP_INAPPROPRIATE_MATCHING	0x12	/* 18 */
269 #define	LDAP_CONSTRAINT_VIOLATION	0x13	/* 19 */
270 #define	LDAP_TYPE_OR_VALUE_EXISTS	0x14	/* 20 */
271 #define	LDAP_INVALID_SYNTAX		0x15	/* 21 */
272 
273 #define	LDAP_NO_SUCH_OBJECT		0x20	/* 32 */
274 #define	LDAP_ALIAS_PROBLEM		0x21	/* 33 */
275 #define	LDAP_INVALID_DN_SYNTAX		0x22	/* 34 */
276 #define	LDAP_IS_LEAF			0x23	/* 35 (not used in LDAPv3) */
277 #define	LDAP_ALIAS_DEREF_PROBLEM	0x24	/* 36 */
278 
279 #define	NAME_ERROR(n)   ((n & 0xf0) == 0x20)
280 
281 #define	LDAP_INAPPROPRIATE_AUTH		0x30	/* 48 */
282 #define	LDAP_INVALID_CREDENTIALS	0x31	/* 49 */
283 #define	LDAP_INSUFFICIENT_ACCESS	0x32	/* 50 */
284 #define	LDAP_BUSY			0x33	/* 51 */
285 #define	LDAP_UNAVAILABLE		0x34	/* 52 */
286 #define	LDAP_UNWILLING_TO_PERFORM	0x35	/* 53 */
287 #define	LDAP_LOOP_DETECT		0x36	/* 54 */
288 
289 #define	LDAP_SORT_CONTROL_MISSING	0x3C	/* 60 (server side sort extn) */
290 #define	LDAP_INDEX_RANGE_ERROR		0x3D    /* 61 (VLV extn) */
291 
292 #define	LDAP_NAMING_VIOLATION		0x40	/* 64 */
293 #define	LDAP_OBJECT_CLASS_VIOLATION	0x41	/* 65 */
294 #define	LDAP_NOT_ALLOWED_ON_NONLEAF	0x42	/* 66 */
295 #define	LDAP_NOT_ALLOWED_ON_RDN		0x43	/* 67 */
296 #define	LDAP_ALREADY_EXISTS		0x44	/* 68 */
297 #define	LDAP_NO_OBJECT_CLASS_MODS	0x45	/* 69 */
298 #define	LDAP_RESULTS_TOO_LARGE		0x46	/* 70 - CLDAP */
299 #define	LDAP_AFFECTS_MULTIPLE_DSAS	0x47	/* 71 */
300 
301 #define	LDAP_OTHER			0x50	/* 80 */
302 #define	LDAP_SERVER_DOWN		0x51	/* 81 */
303 #define	LDAP_LOCAL_ERROR		0x52	/* 82 */
304 #define	LDAP_ENCODING_ERROR		0x53	/* 83 */
305 #define	LDAP_DECODING_ERROR		0x54	/* 84 */
306 #define	LDAP_TIMEOUT			0x55	/* 85 */
307 #define	LDAP_AUTH_UNKNOWN		0x56	/* 86 */
308 #define	LDAP_FILTER_ERROR		0x57	/* 87 */
309 #define	LDAP_USER_CANCELLED		0x58	/* 88 */
310 #define	LDAP_PARAM_ERROR		0x59	/* 89 */
311 #define	LDAP_NO_MEMORY			0x5a	/* 90 */
312 #define	LDAP_CONNECT_ERROR		0x5b	/* 91 */
313 #define	LDAP_NOT_SUPPORTED		0x5c	/* 92 - LDAPv3 */
314 #define	LDAP_CONTROL_NOT_FOUND		0x5d	/* 93 - LDAPv3 */
315 #define	LDAP_NO_RESULTS_RETURNED	0x5e	/* 94 - LDAPv3 */
316 #define	LDAP_MORE_RESULTS_TO_RETURN	0x5f	/* 95 - LDAPv3 */
317 #define	LDAP_CLIENT_LOOP		0x60	/* 96 - LDAPv3 */
318 #define	LDAP_REFERRAL_LIMIT_EXCEEDED	0x61	/* 97 - LDAPv3 */
319 
320 /*
321  * LDAPv3 unsolicited notification messages we know about
322  */
323 #define	LDAP_NOTICE_OF_DISCONNECTION	"1.3.6.1.4.1.1466.20036"
324 
325 /*
326  * LDAPv3 server controls we know about
327  */
328 #define	LDAP_CONTROL_MANAGEDSAIT	"2.16.840.1.113730.3.4.2"
329 #define	LDAP_CONTROL_SORTREQUEST	"1.2.840.113556.1.4.473"
330 #define	LDAP_CONTROL_SORTRESPONSE	"1.2.840.113556.1.4.474"
331 #define	LDAP_CONTROL_PERSISTENTSEARCH	"2.16.840.1.113730.3.4.3"
332 #define	LDAP_CONTROL_ENTRYCHANGE	"2.16.840.1.113730.3.4.7"
333 #define	LDAP_CONTROL_VLVREQUEST    	"2.16.840.1.113730.3.4.9"
334 #define	LDAP_CONTROL_VLVRESPONSE	"2.16.840.1.113730.3.4.10"
335 #define	LDAP_CONTROL_PROXYAUTH		"2.16.840.1.113730.3.4.12"
336 	/* version 1 */
337 #define	LDAP_CONTROL_PROXIEDAUTH	"2.16.840.1.113730.3.4.18"
338 	/* version 2 */
339 
340 #ifdef	_SOLARIS_SDK
341 /*
342  * Simple Page control OID
343  */
344 #define	LDAP_CONTROL_SIMPLE_PAGE	"1.2.840.113556.1.4.319"
345 
346 /*
347  * Begin LDAP Display Template Definitions
348  */
349 #define	LDAP_TEMPLATE_VERSION   1
350 
351 /*
352  * general types of items (confined to most significant byte)
353  */
354 #define	LDAP_SYN_TYPE_TEXT		0x01000000L
355 #define	LDAP_SYN_TYPE_IMAGE		0x02000000L
356 #define	LDAP_SYN_TYPE_BOOLEAN		0x04000000L
357 #define	LDAP_SYN_TYPE_BUTTON		0x08000000L
358 #define	LDAP_SYN_TYPE_ACTION		0x10000000L
359 
360 /*
361  * syntax options (confined to second most significant byte)
362  */
363 #define	LDAP_SYN_OPT_DEFER		0x00010000L
364 
365 /*
366  * display template item syntax ids (defined by common agreement)
367  * these are the valid values for the ti_syntaxid of the tmplitem
368  * struct (defined below).  A general type is encoded in the
369  * most-significant 8 bits, and some options are encoded in the next
370  * 8 bits.  The lower 16 bits are reserved for the distinct types.
371  */
372 #define	LDAP_SYN_CASEIGNORESTR  (1 | LDAP_SYN_TYPE_TEXT)
373 #define	LDAP_SYN_MULTILINESTR   (2 | LDAP_SYN_TYPE_TEXT)
374 #define	LDAP_SYN_DN		(3 | LDAP_SYN_TYPE_TEXT)
375 #define	LDAP_SYN_BOOLEAN	(4 | LDAP_SYN_TYPE_BOOLEAN)
376 #define	LDAP_SYN_JPEGIMAGE	(5 | LDAP_SYN_TYPE_IMAGE)
377 #define	LDAP_SYN_JPEGBUTTON	(6 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
378 #define	LDAP_SYN_FAXIMAGE	(7 | LDAP_SYN_TYPE_IMAGE)
379 #define	LDAP_SYN_FAXBUTTON	(8 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
380 #define	LDAP_SYN_AUDIOBUTTON	(9 | LDAP_SYN_TYPE_BUTTON | LDAP_SYN_OPT_DEFER)
381 #define	LDAP_SYN_TIME		(10 | LDAP_SYN_TYPE_TEXT)
382 #define	LDAP_SYN_DATE		(11 | LDAP_SYN_TYPE_TEXT)
383 #define	LDAP_SYN_LABELEDURL	(12 | LDAP_SYN_TYPE_TEXT)
384 #define	LDAP_SYN_SEARCHACTION	(13 | LDAP_SYN_TYPE_ACTION)
385 #define	LDAP_SYN_LINKACTION	(14 | LDAP_SYN_TYPE_ACTION)
386 #define	LDAP_SYN_ADDDNACTION	(15 | LDAP_SYN_TYPE_ACTION)
387 #define	LDAP_SYN_VERIFYDNACTION	(16 | LDAP_SYN_TYPE_ACTION)
388 #define	LDAP_SYN_RFC822ADDR	(17 | LDAP_SYN_TYPE_TEXT)
389 
390 /*
391  * handy macros
392  */
393 #define	LDAP_GET_SYN_TYPE(syid)		((syid) & 0xFF000000UL)
394 #define	LDAP_GET_SYN_OPTIONS(syid)	((syid) & 0x00FF0000UL)
395 
396 
397 /*
398  * display options for output routines (used by entry2text and friends)
399  */
400 /*
401  * use calculated label width (based on length of longest label in
402  * template) instead of contant width
403  */
404 #define	LDAP_DISP_OPT_AUTOLABELWIDTH    0x00000001L
405 #define	LDAP_DISP_OPT_HTMLBODYONLY	0x00000002L
406 
407 /*
408  * perform search actions (applies to ldap_entry2text_search only)
409  */
410 #define	LDAP_DISP_OPT_DOSEARCHACTIONS   0x00000002L
411 
412 /*
413  * include additional info. relevant to "non leaf" entries only
414  * used by ldap_entry2html and ldap_entry2html_search to include "Browse"
415  * and "Move Up" HREFs
416  */
417 #define	LDAP_DISP_OPT_NONLEAF		0x00000004L
418 
419 /*
420  * display template item options (may not apply to all types)
421  * if this bit is set in ti_options, it applies.
422  */
423 #define	LDAP_DITEM_OPT_READONLY		0x00000001L
424 #define	LDAP_DITEM_OPT_SORTVALUES	0x00000002L
425 #define	LDAP_DITEM_OPT_SINGLEVALUED	0x00000004L
426 #define	LDAP_DITEM_OPT_HIDEIFEMPTY	0x00000008L
427 #define	LDAP_DITEM_OPT_VALUEREQUIRED	0x00000010L
428 #define	LDAP_DITEM_OPT_HIDEIFFALSE	0x00000020L	/* booleans only */
429 
430 #endif	/* _SOLARIS_SDK */
431 
432 /* Authentication request and response controls */
433 #define	LDAP_CONTROL_AUTH_REQUEST	"2.16.840.1.113730.3.4.16"
434 #define	LDAP_CONTROL_AUTH_RESPONSE	"2.16.840.1.113730.3.4.15"
435 
436 /* Password information sent back to client */
437 #define	LDAP_CONTROL_PWEXPIRED		"2.16.840.1.113730.3.4.4"
438 #define	LDAP_CONTROL_PWEXPIRING		"2.16.840.1.113730.3.4.5"
439 
440 
441 /*
442  * Client controls we know about
443  */
444 #define	LDAP_CONTROL_REFERRALS		"1.2.840.113556.1.4.616"
445 
446 
447 /*
448  * LDAP_API macro definition:
449  */
450 #ifndef	LDAP_API
451 #define	LDAP_API(rt) rt
452 #endif	/* LDAP_API */
453 
454 #ifdef	_SOLARIS_SDK
455 /* Simple Page Control functions for Solaris SDK */
456 int ldap_create_page_control(LDAP *ld, unsigned int pagesize,
457 	struct berval *cookie, char isCritical, LDAPControl **output);
458 int ldap_parse_page_control(LDAP *ld, LDAPControl **controls,
459 	unsigned int *totalcount, struct berval **cookie);
460 
461 /* CRAM-MD5 functions */
462 int ldap_sasl_cram_md5_bind_s(LDAP *ld, char *dn,
463 	struct berval *cred, LDAPControl **serverctrls,
464 	LDAPControl **clientctrls);
465 /* DIGEST-MD5 Function */
466 int ldap_x_sasl_digest_md5_bind_s(LDAP *ld, char *dn,
467 	struct berval *cred, LDAPControl **serverctrls,
468 	LDAPControl **clientctrls);
469 int ldap_x_sasl_digest_md5_bind(LDAP *ld, char *dn,
470 	struct berval *cred, LDAPControl **serverctrls,
471 	LDAPControl **clientctrls, struct timeval *timeout,
472 	LDAPMessage **result);
473 
474 #endif	/* _SOLARIS_SDK */
475 
476 LDAP_API(LDAP *) LDAP_CALL ldap_open(const char *host, int port);
477 LDAP_API(LDAP *) LDAP_CALL ldap_init(const char *defhost, int defport);
478 int LDAP_CALL ldap_set_option(LDAP *ld, int option,
479 	const void *optdata);
480 int LDAP_CALL ldap_get_option(LDAP *ld, int option, void *optdata);
481 int LDAP_CALL ldap_unbind(LDAP *ld);
482 int LDAP_CALL ldap_unbind_s(LDAP *ld);
483 
484 /*
485  * perform ldap operations and obtain results
486  */
487 int LDAP_CALL ldap_abandon(LDAP *ld, int msgid);
488 int LDAP_CALL ldap_add(LDAP *ld, const char *dn, LDAPMod **attrs);
489 int LDAP_CALL ldap_add_s(LDAP *ld, const char *dn, LDAPMod **attrs);
490 int LDAP_CALL ldap_simple_bind(LDAP *ld, const char *who,
491 	const char *passwd);
492 int LDAP_CALL ldap_simple_bind_s(LDAP *ld, const char *who,
493 	const char *passwd);
494 int LDAP_CALL ldap_modify(LDAP *ld, const char *dn, LDAPMod **mods);
495 int LDAP_CALL ldap_modify_s(LDAP *ld, const char *dn,
496 	LDAPMod **mods);
497 int LDAP_CALL ldap_modrdn(LDAP *ld, const char *dn,
498 	const char *newrdn);
499 int LDAP_CALL ldap_modrdn_s(LDAP *ld, const char *dn,
500 	const char *newrdn);
501 
502 /* The following 2 functions are deprecated */
503 int LDAP_CALL ldap_modrdn2(LDAP *ld, const char *dn,
504 	const char *newrdn, int deleteoldrdn);
505 int LDAP_CALL ldap_modrdn2_s(LDAP *ld, const char *dn,
506 	const char *newrdn, int deleteoldrdn);
507 
508 int LDAP_CALL ldap_compare(LDAP *ld, const char *dn,
509 	const char *attr, const char *value);
510 int LDAP_CALL ldap_compare_s(LDAP *ld, const char *dn,
511 	const char *attr, const char *value);
512 int LDAP_CALL ldap_delete(LDAP *ld, const char *dn);
513 int LDAP_CALL ldap_delete_s(LDAP *ld, const char *dn);
514 int LDAP_CALL ldap_search(LDAP *ld, const char *base, int scope,
515 	const char *filter, char **attrs, int attrsonly);
516 int LDAP_CALL ldap_search_s(LDAP *ld, const char *base, int scope,
517 	const char *filter, char **attrs, int attrsonly, LDAPMessage **res);
518 int LDAP_CALL ldap_search_st(LDAP *ld, const char *base, int scope,
519 	const char *filter, char **attrs, int attrsonly,
520 	struct timeval *timeout, LDAPMessage **res);
521 int LDAP_CALL ldap_result(LDAP *ld, int msgid, int all,
522 	struct timeval *timeout, LDAPMessage **result);
523 int LDAP_CALL ldap_msgfree(LDAPMessage *lm);
524 int LDAP_CALL ldap_msgid(LDAPMessage *lm);
525 int LDAP_CALL ldap_msgtype(LDAPMessage *lm);
526 
527 
528 /*
529  * Routines to parse/deal with results and errors returned
530  */
531 int LDAP_CALL ldap_result2error(LDAP *ld, LDAPMessage *r,
532 	int freeit);
533 char *LDAP_CALL ldap_err2string(int err);
534 LDAP_API(void) LDAP_CALL ldap_perror(LDAP *ld, const char *s);
535 LDAP_API(LDAPMessage *) LDAP_CALL ldap_first_entry(LDAP *ld,
536 	LDAPMessage *chain);
537 LDAP_API(LDAPMessage *) LDAP_CALL ldap_next_entry(LDAP *ld,
538 	LDAPMessage *entry);
539 int LDAP_CALL ldap_count_entries(LDAP *ld, LDAPMessage *chain);
540 char *LDAP_CALL ldap_get_dn(LDAP *ld, LDAPMessage *entry);
541 char *LDAP_CALL ldap_dn2ufn(const char *dn);
542 char **LDAP_CALL ldap_explode_dn(const char *dn,
543 	const int notypes);
544 char **LDAP_CALL ldap_explode_rdn(const char *rdn,
545 	const int notypes);
546 char *LDAP_CALL ldap_first_attribute(LDAP *ld, LDAPMessage *entry,
547 	BerElement **ber);
548 char *LDAP_CALL ldap_next_attribute(LDAP *ld, LDAPMessage *entry,
549 	BerElement *ber);
550 
551 /* The following function is deprecated */
552 LDAP_API(void) LDAP_CALL ldap_ber_free(BerElement *ber, int freebuf);
553 
554 char **LDAP_CALL ldap_get_values(LDAP *ld, LDAPMessage *entry,
555 	const char *target);
556 struct berval **LDAP_CALL ldap_get_values_len(LDAP *ld,
557 	LDAPMessage *entry, const char *target);
558 int LDAP_CALL ldap_count_values(char **vals);
559 int LDAP_CALL ldap_count_values_len(struct berval **vals);
560 LDAP_API(void) LDAP_CALL ldap_value_free(char **vals);
561 LDAP_API(void) LDAP_CALL ldap_value_free_len(struct berval **vals);
562 LDAP_API(void) LDAP_CALL ldap_memfree(void *p);
563 
564 
565 /*
566  * LDAPv3 extended operation calls
567  */
568 /*
569  * Note: all of the new asynchronous calls return an LDAP error code,
570  * not a message id.  A message id is returned via the int *msgidp
571  * parameter (usually the last parameter) if appropriate.
572  */
573 int LDAP_CALL ldap_abandon_ext(LDAP *ld, int msgid,
574 	LDAPControl **serverctrls, LDAPControl **clientctrls);
575 int LDAP_CALL ldap_add_ext(LDAP *ld, const char *dn, LDAPMod **attrs,
576 	LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
577 int LDAP_CALL ldap_add_ext_s(LDAP *ld, const char *dn,
578 	LDAPMod **attrs, LDAPControl **serverctrls, LDAPControl **clientctrls);
579 int LDAP_CALL ldap_sasl_bind(LDAP *ld, const char *dn,
580 	const char *mechanism, const struct berval *cred,
581 	LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
582 int LDAP_CALL ldap_sasl_bind_s(LDAP *ld, const char *dn,
583 	const char *mechanism, const struct berval *cred,
584 	LDAPControl **serverctrls, LDAPControl **clientctrls,
585 	struct berval **servercredp);
586 int LDAP_CALL ldap_modify_ext(LDAP *ld, const char *dn,
587 	LDAPMod **mods, LDAPControl **serverctrls, LDAPControl **clientctrls,
588 	int *msgidp);
589 int LDAP_CALL ldap_modify_ext_s(LDAP *ld, const char *dn,
590 	LDAPMod **mods, LDAPControl **serverctrls, LDAPControl **clientctrls);
591 int LDAP_CALL ldap_rename(LDAP *ld, const char *dn,
592 	const char *newrdn, const char *newparent, int deleteoldrdn,
593 	LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
594 int LDAP_CALL ldap_rename_s(LDAP *ld, const char *dn,
595 	const char *newrdn, const char *newparent, int deleteoldrdn,
596 	LDAPControl **serverctrls, LDAPControl **clientctrls);
597 int LDAP_CALL ldap_compare_ext(LDAP *ld, const char *dn,
598 	const char *attr, const struct berval *bvalue,
599 	LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
600 int LDAP_CALL ldap_compare_ext_s(LDAP *ld, const char *dn,
601 	const char *attr, const struct berval *bvalue,
602 	LDAPControl **serverctrls, LDAPControl **clientctrls);
603 int LDAP_CALL ldap_delete_ext(LDAP *ld, const char *dn,
604 	LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
605 int LDAP_CALL ldap_delete_ext_s(LDAP *ld, const char *dn,
606 	LDAPControl **serverctrls, LDAPControl **clientctrls);
607 int LDAP_CALL ldap_search_ext(LDAP *ld, const char *base,
608 	int scope, const char *filter, char **attrs, int attrsonly,
609 	LDAPControl **serverctrls, LDAPControl **clientctrls,
610 	struct timeval *timeoutp, int sizelimit, int *msgidp);
611 int LDAP_CALL ldap_search_ext_s(LDAP *ld, const char *base,
612 	int scope, const char *filter, char **attrs, int attrsonly,
613 	LDAPControl **serverctrls, LDAPControl **clientctrls,
614 	struct timeval *timeoutp, int sizelimit, LDAPMessage **res);
615 int LDAP_CALL ldap_extended_operation(LDAP *ld,
616 	const char *requestoid, const struct berval *requestdata,
617 	LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp);
618 int LDAP_CALL ldap_extended_operation_s(LDAP *ld,
619 	const char *requestoid, const struct berval *requestdata,
620 	LDAPControl **serverctrls, LDAPControl **clientctrls,
621 	char **retoidp, struct berval **retdatap);
622 int LDAP_CALL ldap_unbind_ext(LDAP *ld, LDAPControl **serverctrls,
623 	LDAPControl **clientctrls);
624 
625 
626 /*
627  * LDAPv3 extended parsing / result handling calls
628  */
629 int LDAP_CALL ldap_parse_sasl_bind_result(LDAP *ld,
630 	LDAPMessage *res, struct berval **servercredp, int freeit);
631 int LDAP_CALL ldap_parse_result(LDAP *ld, LDAPMessage *res,
632 	int *errcodep, char **matcheddnp, char **errmsgp, char ***referralsp,
633 	LDAPControl ***serverctrlsp, int freeit);
634 int LDAP_CALL ldap_parse_extended_result(LDAP *ld, LDAPMessage *res,
635 	char **retoidp, struct berval **retdatap, int freeit);
636 LDAP_API(LDAPMessage *) LDAP_CALL ldap_first_message(LDAP *ld,
637 	LDAPMessage *res);
638 LDAP_API(LDAPMessage *) LDAP_CALL ldap_next_message(LDAP *ld,
639 	LDAPMessage *msg);
640 int LDAP_CALL ldap_count_messages(LDAP *ld, LDAPMessage *res);
641 LDAP_API(LDAPMessage *) LDAP_CALL ldap_first_reference(LDAP *ld,
642 	LDAPMessage *res);
643 LDAP_API(LDAPMessage *) LDAP_CALL ldap_next_reference(LDAP *ld,
644 	LDAPMessage *ref);
645 int LDAP_CALL ldap_count_references(LDAP *ld, LDAPMessage *res);
646 int LDAP_CALL ldap_parse_reference(LDAP *ld, LDAPMessage *ref,
647 	char ***referralsp, LDAPControl ***serverctrlsp, int freeit);
648 int LDAP_CALL ldap_get_entry_controls(LDAP *ld, LDAPMessage *entry,
649 	LDAPControl ***serverctrlsp);
650 LDAP_API(void) LDAP_CALL ldap_control_free(LDAPControl *ctrl);
651 LDAP_API(void) LDAP_CALL ldap_controls_free(LDAPControl **ctrls);
652 
653 #ifdef  _SOLARIS_SDK
654 char ** ldap_get_reference_urls(LDAP *ld, LDAPMessage *res);
655 #endif
656 
657 LDAP_API(void) LDAP_CALL ldap_add_result_entry(
658 	LDAPMessage **list, LDAPMessage *e);
659 LDAP_API(LDAPMessage *) LDAP_CALL ldap_delete_result_entry(
660 	LDAPMessage **list, LDAPMessage *e);
661 
662 
663 /* End of core standard C LDAP API definitions */
664 
665 /*
666  * Server side sorting of search results (an LDAPv3 extension --
667  * LDAP_API_FEATURE_SERVER_SIDE_SORT)
668  */
669 typedef struct LDAPsortkey {	/* structure for a sort-key */
670 	char *sk_attrtype;
671 	char *sk_matchruleoid;
672 	int	sk_reverseorder;
673 } LDAPsortkey;
674 
675 int LDAP_CALL ldap_create_sort_control(LDAP *ld,
676 	LDAPsortkey **sortKeyList, const char ctl_iscritical,
677 	LDAPControl **ctrlp);
678 int LDAP_CALL ldap_parse_sort_control(LDAP *ld,
679 	LDAPControl **ctrls, unsigned long *result, char **attribute);
680 
681 LDAP_API(void) LDAP_CALL ldap_free_sort_keylist(LDAPsortkey **sortKeyList);
682 int LDAP_CALL ldap_create_sort_keylist(LDAPsortkey ***sortKeyList,
683 	const char *string_rep);
684 
685 
686 /*
687  * Virtual list view (an LDAPv3 extension -- LDAP_API_FEATURE_VIRTUAL_LIST_VIEW)
688  */
689 /*
690  * structure that describes a VirtualListViewRequest control.
691  * note that ldvlist_index and ldvlist_size are only relevant to
692  * ldap_create_virtuallist_control() if ldvlist_attrvalue is NULL.
693  */
694 typedef struct ldapvirtuallist {
695     unsigned long	ldvlist_before_count;	/* # entries before target */
696     unsigned long   ldvlist_after_count;	/* # entries after target */
697     char	    *ldvlist_attrvalue;		/* jump to this value */
698     unsigned long   ldvlist_index;		/* list offset */
699     unsigned long   ldvlist_size;		/* number of items in vlist */
700     void	*ldvlist_extradata;		/* for use by application */
701 } LDAPVirtualList;
702 
703 /*
704  * VLV functions:
705  */
706 int LDAP_CALL ldap_create_virtuallist_control(LDAP *ld,
707 	LDAPVirtualList *ldvlistp, LDAPControl **ctrlp);
708 
709 int LDAP_CALL ldap_parse_virtuallist_control(LDAP *ld,
710 	LDAPControl **ctrls, unsigned long *target_posp,
711 	unsigned long *list_sizep, int *errcodep);
712 
713 
714 /*
715  * Routines for creating persistent search controls and for handling
716  * "entry changed notification" controls (an LDAPv3 extension --
717  * LDAP_API_FEATURE_PERSISTENT_SEARCH)
718  */
719 #define	LDAP_CHANGETYPE_ADD		1
720 #define	LDAP_CHANGETYPE_DELETE		2
721 #define	LDAP_CHANGETYPE_MODIFY		4
722 #define	LDAP_CHANGETYPE_MODDN		8
723 #define	LDAP_CHANGETYPE_ANY		(1|2|4|8)
724 int LDAP_CALL ldap_create_persistentsearch_control(LDAP *ld,
725 	int changetypes, int changesonly, int return_echg_ctls,
726 	char ctl_iscritical, LDAPControl **ctrlp);
727 int LDAP_CALL ldap_parse_entrychange_control(LDAP *ld,
728 	LDAPControl **ctrls, int *chgtypep, char **prevdnp,
729 	int *chgnumpresentp, ber_int_t *chgnump);
730 
731 
732 /*
733  * Routines for creating Proxied Authorization controls (an LDAPv3
734  * extension -- LDAP_API_FEATURE_PROXY_AUTHORIZATION)
735  * ldap_create_proxyauth_control() is for the old (version 1) control.
736  * ldap_create_proxiedauth_control() is for the newer (version 2) control.
737  * Version 1 is supported by iPlanet Directory Server 4.1 and later.
738  * Version 2 is supported by iPlanet Directory Server 5.0 and later.
739  */
740 int LDAP_CALL ldap_create_proxyauth_control(LDAP *ld,
741 	const char *dn, const char ctl_iscritical, LDAPControl **ctrlp);
742 int LDAP_CALL ldap_create_proxiedauth_control(LDAP *ld,
743 	const char *authzid, LDAPControl **ctrlp);
744 
745 
746 /*
747  * Functions to get and set LDAP error information (API extension --
748  * LDAP_API_FEATURE_X_LDERRNO )
749  */
750 int LDAP_CALL ldap_get_lderrno(LDAP *ld, char **m, char **s);
751 int LDAP_CALL ldap_set_lderrno(LDAP *ld, int e, char *m, char *s);
752 
753 
754 /*
755  * LDAP URL functions and definitions (an API extension --
756  * LDAP_API_FEATURE_X_URL_FUNCTIONS)
757  */
758 /*
759  * types for ldap URL handling
760  */
761 typedef struct ldap_url_desc {
762     char		*lud_host;
763     int			lud_port;
764     char		*lud_dn;
765     char		**lud_attrs;
766     int			lud_scope;
767     char		*lud_filter;
768     unsigned long	lud_options;
769 #define	LDAP_URL_OPT_SECURE	0x01
770     char	*lud_string;    /* for internal use only */
771 } LDAPURLDesc;
772 
773 #define	NULLLDAPURLDESC ((LDAPURLDesc *)NULL)
774 
775 /*
776  * possible errors returned by ldap_url_parse()
777  */
778 #define	LDAP_URL_ERR_NOTLDAP	1	/* URL doesn't begin with "ldap://" */
779 #define	LDAP_URL_ERR_NODN	2	/* URL has no DN (required) */
780 #define	LDAP_URL_ERR_BADSCOPE	3	/* URL scope string is invalid */
781 #define	LDAP_URL_ERR_MEM	4	/* can't allocate memory space */
782 #define	LDAP_URL_ERR_PARAM	5	/* bad parameter to an URL function */
783 #define	LDAP_URL_ERR_HOSTPORT	6	/* URL hostcode is invalid */
784 
785 /*
786  * URL functions:
787  */
788 int LDAP_CALL ldap_is_ldap_url(const char *url);
789 int LDAP_CALL ldap_url_parse(const char *url, LDAPURLDesc **ludpp);
790 int LDAP_CALL ldap_url_parse_nodn(const char *url, LDAPURLDesc **ludpp);
791 LDAP_API(void) LDAP_CALL ldap_free_urldesc(LDAPURLDesc *ludp);
792 int LDAP_CALL ldap_url_search(LDAP *ld, const char *url,
793 	int attrsonly);
794 int LDAP_CALL ldap_url_search_s(LDAP *ld, const char *url,
795 	int attrsonly, LDAPMessage **res);
796 int LDAP_CALL ldap_url_search_st(LDAP *ld, const char *url,
797 	int attrsonly, struct timeval *timeout, LDAPMessage **res);
798 
799 #ifdef	_SOLARIS_SDK
800 /*
801  * Additional URL functions plus Character set, Search Preference
802  * and Display Template functions moved from internal header files
803  */
804 
805 /*
806  * URL functions
807  */
808 char *ldap_dns_to_url(LDAP *ld, char *dns_name, char *attrs,
809 	char *scope, char *filter);
810 char *ldap_dn_to_url(LDAP *ld, char *dn, int nameparts);
811 
812 /*
813  * Character set functions
814  */
815 #ifdef	STR_TRANSLATION
816 void ldap_set_string_translators(LDAP *ld,
817 	BERTranslateProc encode_proc, BERTranslateProc decode_proc);
818 int ldap_translate_from_t61(LDAP *ld, char **bufp,
819 	unsigned long *lenp, int free_input);
820 int ldap_translate_to_t61(LDAP *ld, char **bufp,
821 	unsigned long *lenp, int free_input);
822 void ldap_enable_translation(LDAP *ld, LDAPMessage *entry,
823 	int enable);
824 #ifdef	LDAP_CHARSET_8859
825 int ldap_t61_to_8859(char **bufp, unsigned long *buflenp,
826 	int free_input);
827 int ldap_8859_to_t61(char **bufp, unsigned long *buflenp,
828 	int free_input);
829 #endif	/* LDAP_CHARSET_8859 */
830 #endif	/* STR_TRANSLATION */
831 
832 /*
833  * Display Temple functions/structures
834  */
835 /*
836  * display template item structure
837  */
838 struct ldap_tmplitem {
839     unsigned long		ti_syntaxid;
840     unsigned long		ti_options;
841     char			*ti_attrname;
842     char			*ti_label;
843     char			**ti_args;
844     struct ldap_tmplitem	*ti_next_in_row;
845     struct ldap_tmplitem	*ti_next_in_col;
846     void			*ti_appdata;
847 };
848 
849 #define	NULLTMPLITEM	((struct ldap_tmplitem *)0)
850 
851 #define	LDAP_SET_TMPLITEM_APPDATA(ti, datap)  \
852 	(ti)->ti_appdata = (void *)(datap)
853 
854 #define	LDAP_GET_TMPLITEM_APPDATA(ti, type)   \
855 	(type)((ti)->ti_appdata)
856 
857 #define	LDAP_IS_TMPLITEM_OPTION_SET(ti, option)       \
858 	(((ti)->ti_options & option) != 0)
859 
860 /*
861  * object class array structure
862  */
863 struct ldap_oclist {
864     char		**oc_objclasses;
865     struct ldap_oclist	*oc_next;
866 };
867 
868 #define	NULLOCLIST	((struct ldap_oclist *)0)
869 
870 
871 /*
872  * add defaults list
873  */
874 struct ldap_adddeflist {
875     int			ad_source;
876 #define	LDAP_ADSRC_CONSTANTVALUE	1
877 #define	LDAP_ADSRC_ADDERSDN		2
878     char		*ad_attrname;
879     char		*ad_value;
880     struct ldap_adddeflist	*ad_next;
881 };
882 
883 #define	NULLADLIST	((struct ldap_adddeflist *)0)
884 
885 
886 /*
887  * display template global options
888  * if this bit is set in dt_options, it applies.
889  */
890 /*
891  * users should be allowed to try to add objects of these entries
892  */
893 #define	LDAP_DTMPL_OPT_ADDABLE		0x00000001L
894 
895 /*
896  * users should be allowed to do "modify RDN" operation of these entries
897  */
898 #define	LDAP_DTMPL_OPT_ALLOWMODRDN	0x00000002L
899 
900 /*
901  * this template is an alternate view, not a primary view
902  */
903 #define	LDAP_DTMPL_OPT_ALTVIEW	0x00000004L
904 
905 
906 /*
907  * display template structure
908  */
909 struct ldap_disptmpl {
910     char			*dt_name;
911     char			*dt_pluralname;
912     char			*dt_iconname;
913     unsigned long		dt_options;
914     char			*dt_authattrname;
915     char			*dt_defrdnattrname;
916     char			*dt_defaddlocation;
917     struct ldap_oclist		*dt_oclist;
918     struct ldap_adddeflist	*dt_adddeflist;
919     struct ldap_tmplitem	*dt_items;
920     void			*dt_appdata;
921     struct ldap_disptmpl	*dt_next;
922 };
923 
924 #define	NULLDISPTMPL	((struct ldap_disptmpl *)0)
925 
926 #define	LDAP_SET_DISPTMPL_APPDATA(dt, datap)  \
927 	(dt)->dt_appdata = (void *)(datap)
928 
929 #define	LDAP_GET_DISPTMPL_APPDATA(dt, type)   \
930 	(type)((dt)->dt_appdata)
931 
932 #define	LDAP_IS_DISPTMPL_OPTION_SET(dt, option)       \
933 	(((dt)->dt_options & option) != 0)
934 
935 #define	LDAP_TMPL_ERR_VERSION   1
936 #define	LDAP_TMPL_ERR_MEM	2
937 #define	LDAP_TMPL_ERR_SYNTAX    3
938 #define	LDAP_TMPL_ERR_FILE	4
939 
940 /*
941  * buffer size needed for entry2text and vals2text
942  */
943 #define	LDAP_DTMPL_BUFSIZ	8192
944 
945 typedef int (*writeptype)(void *writeparm, char *p, int len);
946 
947 LDAP_API(int)
948 LDAP_CALL
949 ldap_init_templates(char *file, struct ldap_disptmpl **tmpllistp);
950 
951 LDAP_API(int)
952 LDAP_CALL
953 ldap_init_templates_buf(char *buf, long buflen,
954 	struct ldap_disptmpl **tmpllistp);
955 
956 LDAP_API(void)
957 LDAP_CALL
958 ldap_free_templates(struct ldap_disptmpl *tmpllist);
959 
960 LDAP_API(struct ldap_disptmpl *)
961 LDAP_CALL
962 ldap_first_disptmpl(struct ldap_disptmpl *tmpllist);
963 
964 LDAP_API(struct ldap_disptmpl *)
965 LDAP_CALL
966 ldap_next_disptmpl(struct ldap_disptmpl *tmpllist,
967 	struct ldap_disptmpl *tmpl);
968 
969 LDAP_API(struct ldap_disptmpl *)
970 LDAP_CALL
971 ldap_name2template(char *name, struct ldap_disptmpl *tmpllist);
972 
973 LDAP_API(struct ldap_disptmpl *)
974 LDAP_CALL
975 ldap_oc2template(char **oclist, struct ldap_disptmpl *tmpllist);
976 
977 LDAP_API(char **)
978 LDAP_CALL
979 ldap_tmplattrs(struct ldap_disptmpl *tmpl, char **includeattrs, int exclude,
980 	unsigned long syntaxmask);
981 
982 LDAP_API(struct ldap_tmplitem *)
983 LDAP_CALL
984 ldap_first_tmplrow(struct ldap_disptmpl *tmpl);
985 
986 LDAP_API(struct ldap_tmplitem *)
987 LDAP_CALL
988 ldap_next_tmplrow(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row);
989 
990 LDAP_API(struct ldap_tmplitem *)
991 LDAP_CALL
992 ldap_first_tmplcol(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row);
993 
994 LDAP_API(struct ldap_tmplitem *)
995 LDAP_CALL
996 ldap_next_tmplcol(struct ldap_disptmpl *tmpl, struct ldap_tmplitem *row,
997 	struct ldap_tmplitem *col);
998 
999 LDAP_API(int)
1000 LDAP_CALL
1001 ldap_entry2text(LDAP *ld, char *buf, LDAPMessage *entry,
1002 	struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals,
1003 	writeptype writeproc, void *writeparm, char *eol, int rdncount,
1004 	unsigned long opts);
1005 
1006 LDAP_API(int)
1007 LDAP_CALL
1008 ldap_vals2text(LDAP *ld, char *buf, char **vals, char *label, int labelwidth,
1009 	unsigned long syntaxid, writeptype writeproc, void *writeparm,
1010 	char *eol, int rdncount);
1011 
1012 LDAP_API(int)
1013 LDAP_CALL
1014 ldap_entry2text_search(LDAP *ld, char *dn, char *base, LDAPMessage *entry,
1015 	struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals,
1016 	writeptype writeproc, void *writeparm, char *eol, int rdncount,
1017 	unsigned long opts);
1018 
1019 LDAP_API(int)
1020 LDAP_CALL
1021 ldap_entry2html(LDAP *ld, char *buf, LDAPMessage *entry,
1022 	struct ldap_disptmpl *tmpl, char **defattrs, char ***defvals,
1023 	writeptype writeproc, void *writeparm, char *eol, int rdncount,
1024 	unsigned long opts, char *urlprefix, char *base);
1025 
1026 LDAP_API(int)
1027 LDAP_CALL
1028 ldap_vals2html(LDAP *ld, char *buf, char **vals, char *label, int labelwidth,
1029 	unsigned long syntaxid, writeptype writeproc, void *writeparm,
1030 	char *eol, int rdncount, char *urlprefix);
1031 
1032 LDAP_API(int)
1033 LDAP_CALL
1034 ldap_entry2html_search(LDAP *ld, char *dn, char *base, LDAPMessage *entry,
1035 	struct ldap_disptmpl *tmpllist, char **defattrs, char ***defvals,
1036 	writeptype writeproc, void *writeparm, char *eol, int rdncount,
1037 	unsigned long opts, char *urlprefix);
1038 
1039 /*
1040  * Search Preference Definitions
1041  */
1042 
1043 struct ldap_searchattr {
1044 	char				*sa_attrlabel;
1045 	char				*sa_attr;
1046 					/* max 32 matchtypes for now */
1047 	unsigned long			sa_matchtypebitmap;
1048 	char				*sa_selectattr;
1049 	char				*sa_selecttext;
1050 	struct ldap_searchattr		*sa_next;
1051 };
1052 
1053 struct ldap_searchmatch {
1054 	char				*sm_matchprompt;
1055 	char				*sm_filter;
1056 	struct ldap_searchmatch		*sm_next;
1057 };
1058 
1059 struct ldap_searchobj {
1060 	char				*so_objtypeprompt;
1061 	unsigned long			so_options;
1062 	char				*so_prompt;
1063 	short				so_defaultscope;
1064 	char				*so_filterprefix;
1065 	char				*so_filtertag;
1066 	char				*so_defaultselectattr;
1067 	char				*so_defaultselecttext;
1068 	struct ldap_searchattr		*so_salist;
1069 	struct ldap_searchmatch		*so_smlist;
1070 	struct ldap_searchobj		*so_next;
1071 };
1072 
1073 #define	NULLSEARCHOBJ			((struct ldap_searchobj *)0)
1074 
1075 /*
1076  * global search object options
1077  */
1078 #define	LDAP_SEARCHOBJ_OPT_INTERNAL	0x00000001
1079 
1080 #define	LDAP_IS_SEARCHOBJ_OPTION_SET(so, option)      \
1081 	(((so)->so_options & option) != 0)
1082 
1083 #define	LDAP_SEARCHPREF_VERSION_ZERO    0
1084 #define	LDAP_SEARCHPREF_VERSION		1
1085 
1086 #define	LDAP_SEARCHPREF_ERR_VERSION	1
1087 #define	LDAP_SEARCHPREF_ERR_MEM		2
1088 #define	LDAP_SEARCHPREF_ERR_SYNTAX	3
1089 #define	LDAP_SEARCHPREF_ERR_FILE	4
1090 
1091 LDAP_API(int)
1092 LDAP_CALL
1093 ldap_init_searchprefs(char *file, struct ldap_searchobj **solistp);
1094 
1095 LDAP_API(int)
1096 LDAP_CALL
1097 ldap_init_searchprefs_buf(char *buf, long buflen,
1098 	struct ldap_searchobj **solistp);
1099 
1100 LDAP_API(void)
1101 LDAP_CALL
1102 ldap_free_searchprefs(struct ldap_searchobj *solist);
1103 
1104 LDAP_API(struct ldap_searchobj *)
1105 LDAP_CALL
1106 ldap_first_searchobj(struct ldap_searchobj *solist);
1107 
1108 LDAP_API(struct ldap_searchobj *)
1109 LDAP_CALL
1110 ldap_next_searchobj(struct ldap_searchobj *sollist,
1111 struct ldap_searchobj *so);
1112 
1113 /*
1114  * specific LDAP instantiations of BER types we know about
1115  */
1116 
1117 /* general stuff */
1118 #define	LDAP_TAG_MESSAGE	0x30   /* tag is 16 + constructed bit */
1119 #define	LDAP_TAG_MSGID		0x02   /* INTEGER */
1120 #define	LDAP_TAG_CONTROLS	0xa0   /* context specific + constructed + 0 */
1121 #define	LDAP_TAG_REFERRAL	0xa3   /* context specific + constructed + 3 */
1122 #define	LDAP_TAG_NEWSUPERIOR    0x80   /* context specific + primitive + 0 */
1123 #define	LDAP_TAG_SASL_RES_CREDS 0x87   /* context specific + primitive + 7 */
1124 #define	LDAP_TAG_VLV_BY_INDEX   0xa0   /* context specific + constructed + 0 */
1125 #define	LDAP_TAG_VLV_BY_VALUE   0x81   /* context specific + primitive + 1 */
1126 /* tag for sort control */
1127 #define	LDAP_TAG_SK_MATCHRULE   0x80L   /* context specific + primitive + 0 */
1128 #define	LDAP_TAG_SK_REVERSE	0x81L   /* context specific + primitive + 1 */
1129 #define	LDAP_TAG_SR_ATTRTYPE    0x80L   /* context specific + primitive + 0 */
1130 
1131 /* possible operations a client can invoke */
1132 #define	LDAP_REQ_BIND	0x60   /* application + constructed + 0 */
1133 #define	LDAP_REQ_UNBIND		0x42   /* application + primitive   + 2 */
1134 #define	LDAP_REQ_SEARCH		0x63   /* application + constructed + 3 */
1135 #define	LDAP_REQ_MODIFY		0x66   /* application + constructed + 6 */
1136 #define	LDAP_REQ_ADD		0x68   /* application + constructed + 8 */
1137 #define	LDAP_REQ_DELETE		0x4a   /* application + primitive   + 10 */
1138 #define	LDAP_REQ_MODRDN		0x6c   /* application + constructed + 12 */
1139 #define	LDAP_REQ_MODDN		0x6c   /* application + constructed + 12 */
1140 #define	LDAP_REQ_RENAME		0x6c   /* application + constructed + 12 */
1141 #define	LDAP_REQ_COMPARE	0x6e   /* application + constructed + 14 */
1142 #define	LDAP_REQ_ABANDON	0x50   /* application + primitive   + 16 */
1143 #define	LDAP_REQ_EXTENDED	0x77   /* application + constructed + 23 */
1144 
1145 /* U-M LDAP release 3.0 compatibility stuff */
1146 #define	LDAP_REQ_UNBIND_30	0x62
1147 #define	LDAP_REQ_DELETE_30	0x6a
1148 #define	LDAP_REQ_ABANDON_30	0x70
1149 
1150 /* U-M LDAP 3.0 compatibility auth methods */
1151 #define	LDAP_AUTH_SIMPLE_30	0xa0   /* context specific + constructed */
1152 #define	LDAP_AUTH_KRBV41_30	0xa1   /* context specific + constructed */
1153 #define	LDAP_AUTH_KRBV42_30	0xa2   /* context specific + constructed */
1154 
1155 /* filter types */
1156 #define	LDAP_FILTER_AND		0xa0   /* context specific + constructed + 0 */
1157 #define	LDAP_FILTER_OR		0xa1   /* context specific + constructed + 1 */
1158 #define	LDAP_FILTER_NOT		0xa2   /* context specific + constructed + 2 */
1159 #define	LDAP_FILTER_EQUALITY	0xa3   /* context specific + constructed + 3 */
1160 #define	LDAP_FILTER_SUBSTRINGS	0xa4   /* context specific + constructed + 4 */
1161 #define	LDAP_FILTER_GE		0xa5   /* context specific + constructed + 5 */
1162 #define	LDAP_FILTER_LE		0xa6   /* context specific + constructed + 6 */
1163 #define	LDAP_FILTER_PRESENT	0x87   /* context specific + primitive   + 7 */
1164 #define	LDAP_FILTER_APPROX	0xa8   /* context specific + constructed + 8 */
1165 #define	LDAP_FILTER_EXTENDED	0xa9   /* context specific + constructed + 0 */
1166 
1167 /* U-M LDAP 3.0 compatibility filter types */
1168 #define	LDAP_FILTER_PRESENT_30	0xa7   /* context specific + constructed */
1169 
1170 /* substring filter component types */
1171 #define	LDAP_SUBSTRING_INITIAL	0x80   /* context specific + primitive + 0 */
1172 #define	LDAP_SUBSTRING_ANY	0x81   /* context specific + primitive + 1 */
1173 #define	LDAP_SUBSTRING_FINAL    0x82   /* context specific + primitive + 2 */
1174 
1175 /* U-M LDAP 3.0 compatibility substring filter component types */
1176 #define	LDAP_SUBSTRING_INITIAL_30	0xa0   /* context specific */
1177 #define	LDAP_SUBSTRING_ANY_30		0xa1   /* context specific */
1178 #define	LDAP_SUBSTRING_FINAL_30		0xa2   /* context specific */
1179 
1180 #endif	/* _SOLARIS_SDK */
1181 
1182 /*
1183  * Function to dispose of an array of LDAPMod structures (an API extension).
1184  * Warning: don't use this unless the mods array was allocated using the
1185  * same memory allocator as is being used by libldap.
1186  */
1187 LDAP_API(void) LDAP_CALL ldap_mods_free(LDAPMod **mods, int freemods);
1188 
1189 /*
1190  * Preferred language and get_lang_values (an API extension --
1191  * LDAP_API_FEATURE_X_GETLANGVALUES)
1192  *
1193  * The following two APIs are deprecated
1194  */
1195 
1196 char **LDAP_CALL ldap_get_lang_values(LDAP *ld, LDAPMessage *entry,
1197 	const char *target, char **type);
1198 struct berval **LDAP_CALL ldap_get_lang_values_len(LDAP *ld,
1199 	LDAPMessage *entry, const char *target, char **type);
1200 
1201 
1202 /*
1203  * Rebind callback function (an API extension)
1204  */
1205 #define	LDAP_OPT_REBIND_FN		0x06	/* 6 - API extension */
1206 #define	LDAP_OPT_REBIND_ARG		0x07	/* 7 - API extension */
1207 typedef int (LDAP_CALL LDAP_CALLBACK LDAP_REBINDPROC_CALLBACK)(LDAP *ld,
1208 	char **dnp, char **passwdp, int *authmethodp, int freeit, void *arg);
1209 LDAP_API(void) LDAP_CALL ldap_set_rebind_proc(LDAP *ld,
1210 	LDAP_REBINDPROC_CALLBACK *rebindproc, void *arg);
1211 
1212 /*
1213  * Thread function callbacks (an API extension --
1214  * LDAP_API_FEATURE_X_THREAD_FUNCTIONS).
1215  */
1216 #define	LDAP_OPT_THREAD_FN_PTRS		0x05	/* 5 - API extension */
1217 
1218 /*
1219  * Thread callback functions:
1220  */
1221 typedef void *(LDAP_C LDAP_CALLBACK LDAP_TF_MUTEX_ALLOC_CALLBACK)(void);
1222 typedef void (LDAP_C LDAP_CALLBACK LDAP_TF_MUTEX_FREE_CALLBACK)(void *m);
1223 typedef int (LDAP_C LDAP_CALLBACK LDAP_TF_MUTEX_LOCK_CALLBACK)(void *m);
1224 typedef int (LDAP_C LDAP_CALLBACK LDAP_TF_MUTEX_UNLOCK_CALLBACK)(void *m);
1225 typedef int (LDAP_C LDAP_CALLBACK LDAP_TF_GET_ERRNO_CALLBACK)(void);
1226 typedef void (LDAP_C LDAP_CALLBACK LDAP_TF_SET_ERRNO_CALLBACK)(int e);
1227 typedef int (LDAP_C LDAP_CALLBACK LDAP_TF_GET_LDERRNO_CALLBACK)(
1228 	char **matchedp, char **errmsgp, void *arg);
1229 typedef void    (LDAP_C LDAP_CALLBACK LDAP_TF_SET_LDERRNO_CALLBACK)(int err,
1230 	char *matched, char *errmsg, void *arg);
1231 
1232 /*
1233  * Structure to hold thread function pointers:
1234  */
1235 struct ldap_thread_fns {
1236 	LDAP_TF_MUTEX_ALLOC_CALLBACK *ltf_mutex_alloc;
1237 	LDAP_TF_MUTEX_FREE_CALLBACK *ltf_mutex_free;
1238 	LDAP_TF_MUTEX_LOCK_CALLBACK *ltf_mutex_lock;
1239 	LDAP_TF_MUTEX_UNLOCK_CALLBACK *ltf_mutex_unlock;
1240 	LDAP_TF_GET_ERRNO_CALLBACK *ltf_get_errno;
1241 	LDAP_TF_SET_ERRNO_CALLBACK *ltf_set_errno;
1242 	LDAP_TF_GET_LDERRNO_CALLBACK *ltf_get_lderrno;
1243 	LDAP_TF_SET_LDERRNO_CALLBACK *ltf_set_lderrno;
1244 	void    *ltf_lderrno_arg;
1245 };
1246 
1247 /*
1248  * Client side sorting of entries (an API extension --
1249  * LDAP_API_FEATURE_X_CLIENT_SIDE_SORT)
1250  */
1251 /*
1252  * Client side sorting callback functions:
1253  */
1254 typedef const struct berval *(LDAP_C LDAP_CALLBACK
1255 	LDAP_KEYGEN_CALLBACK)(void *arg, LDAP *ld, LDAPMessage *entry);
1256 typedef int (LDAP_C LDAP_CALLBACK
1257 	LDAP_KEYCMP_CALLBACK)(void *arg, const struct berval *,
1258 	const struct berval *);
1259 typedef void (LDAP_C LDAP_CALLBACK
1260 	LDAP_KEYFREE_CALLBACK)(void *arg, const struct berval *);
1261 typedef int (LDAP_C LDAP_CALLBACK
1262 	LDAP_CMP_CALLBACK)(const char *val1, const char *val2);
1263 typedef int (LDAP_C LDAP_CALLBACK
1264 	LDAP_VALCMP_CALLBACK)(const char **val1p, const char **val2p);
1265 
1266 /*
1267  * Client side sorting functions:
1268  */
1269 int LDAP_CALL ldap_multisort_entries(LDAP *ld, LDAPMessage **chain,
1270 	char **attr, LDAP_CMP_CALLBACK *cmp);
1271 int LDAP_CALL ldap_sort_entries(LDAP *ld, LDAPMessage **chain,
1272 	char *attr, LDAP_CMP_CALLBACK *cmp);
1273 int LDAP_CALL ldap_sort_values(LDAP *ld, char **vals,
1274 	LDAP_VALCMP_CALLBACK *cmp);
1275 int LDAP_C LDAP_CALLBACK ldap_sort_strcasecmp(const char **a,
1276 	const char **b);
1277 
1278 
1279 /*
1280  * Filter functions and definitions (an API extension --
1281  * LDAP_API_FEATURE_X_FILTER_FUNCTIONS)
1282  */
1283 /*
1284  * Structures, constants, and types for filter utility routines:
1285  */
1286 typedef struct ldap_filt_info {
1287 	char			*lfi_filter;
1288 	char			*lfi_desc;
1289 	int			lfi_scope;	/* LDAP_SCOPE_BASE, etc */
1290 	int			lfi_isexact;    /* exact match filter? */
1291 	struct ldap_filt_info   *lfi_next;
1292 } LDAPFiltInfo;
1293 
1294 #define	LDAP_FILT_MAXSIZ	1024
1295 
1296 typedef struct ldap_filt_list LDAPFiltList; /* opaque filter list handle */
1297 typedef struct ldap_filt_desc LDAPFiltDesc; /* opaque filter desc handle */
1298 
1299 /*
1300  * Filter utility functions:
1301  */
1302 LDAP_API(LDAPFiltDesc *) LDAP_CALL ldap_init_getfilter(char *fname);
1303 LDAP_API(LDAPFiltDesc *) LDAP_CALL ldap_init_getfilter_buf(char *buf,
1304 	ssize_t buflen);
1305 LDAP_API(LDAPFiltInfo *) LDAP_CALL ldap_getfirstfilter(LDAPFiltDesc *lfdp,
1306 	char *tagpat, char *value);
1307 LDAP_API(LDAPFiltInfo *) LDAP_CALL ldap_getnextfilter(LDAPFiltDesc *lfdp);
1308 int LDAP_CALL ldap_set_filter_additions(LDAPFiltDesc *lfdp,
1309 	char *prefix, char *suffix);
1310 int LDAP_CALL ldap_create_filter(char *buf, unsigned long buflen,
1311 	char *pattern, char *prefix, char *suffix, char *attr,
1312 	char *value, char **valwords);
1313 LDAP_API(void) LDAP_CALL ldap_getfilter_free(LDAPFiltDesc *lfdp);
1314 
1315 
1316 /*
1317  * Friendly mapping structure and routines (an API extension)
1318  */
1319 typedef struct friendly {
1320 	char    *f_unfriendly;
1321 	char    *f_friendly;
1322 } *FriendlyMap;
1323 char *LDAP_CALL ldap_friendly_name(char *filename, char *name,
1324 	FriendlyMap *map);
1325 LDAP_API(void) LDAP_CALL ldap_free_friendlymap(FriendlyMap *map);
1326 
1327 
1328 /*
1329  * In Memory Cache (an API extension -- LDAP_API_FEATURE_X_MEMCACHE)
1330  */
1331 typedef struct ldapmemcache  LDAPMemCache;  /* opaque in-memory cache handle */
1332 
1333 int LDAP_CALL ldap_memcache_init(unsigned long ttl,
1334 	unsigned long size, char **baseDNs, struct ldap_thread_fns *thread_fns,
1335 	LDAPMemCache **cachep);
1336 int LDAP_CALL ldap_memcache_set(LDAP *ld, LDAPMemCache *cache);
1337 int LDAP_CALL ldap_memcache_get(LDAP *ld, LDAPMemCache **cachep);
1338 LDAP_API(void) LDAP_CALL ldap_memcache_flush(LDAPMemCache *cache, char *dn,
1339 	int scope);
1340 LDAP_API(void) LDAP_CALL ldap_memcache_destroy(LDAPMemCache *cache);
1341 LDAP_API(void) LDAP_CALL ldap_memcache_update(LDAPMemCache *cache);
1342 
1343 /*
1344  * Server reconnect (an API extension).
1345  */
1346 #define	LDAP_OPT_RECONNECT		0x62    /* 98 - API extension */
1347 
1348 /*
1349  * Asynchronous I/O (an API extension).
1350  */
1351 /*
1352  * This option enables completely asynchronous IO.  It works by using ioctl()
1353  * on the fd, (or tlook())
1354  */
1355 #define	LDAP_OPT_ASYNC_CONNECT		0x63    /* 99 - API extension */
1356 
1357 /*
1358  * I/O function callbacks option (an API extension --
1359  * LDAP_API_FEATURE_X_IO_FUNCTIONS).
1360  * Use of the extended I/O functions instead is recommended; see above.
1361  */
1362 #define	LDAP_OPT_IO_FN_PTRS		0x0B    /* 11 - API extension */
1363 
1364 /*
1365  * Extended I/O function callbacks option (an API extension --
1366  * LDAP_API_FEATURE_X_EXTIO_FUNCTIONS).
1367  */
1368 #define	LDAP_X_OPT_EXTIO_FN_PTRS   (LDAP_OPT_PRIVATE_EXTENSION_BASE + 0x0F00)
1369 	/* 0x4000 + 0x0F00 = 0x4F00 = 20224 - API extension */
1370 
1371 
1372 
1373 /*
1374  * generalized bind
1375  */
1376 /*
1377  * Authentication methods:
1378  */
1379 #define	LDAP_AUTH_NONE		0x00
1380 #define	LDAP_AUTH_SIMPLE	0x80
1381 #define	LDAP_AUTH_SASL		0xa3
1382 int LDAP_CALL ldap_bind(LDAP *ld, const char *who,
1383 	const char *passwd, int authmethod);
1384 int LDAP_CALL ldap_bind_s(LDAP *ld, const char *who,
1385 	const char *cred, int method);
1386 
1387 /*
1388  * experimental DN format support
1389  */
1390 char **LDAP_CALL ldap_explode_dns(const char *dn);
1391 int LDAP_CALL ldap_is_dns_dn(const char *dn);
1392 
1393 #ifdef	_SOLARIS_SDK
1394 char *ldap_dns_to_dn(char *dns_name, int *nameparts);
1395 #endif
1396 
1397 
1398 /*
1399  * user friendly naming/searching routines
1400  */
1401 typedef int (LDAP_C LDAP_CALLBACK LDAP_CANCELPROC_CALLBACK)(void *cl);
1402 int LDAP_CALL ldap_ufn_search_c(LDAP *ld, char *ufn,
1403 	char **attrs, int attrsonly, LDAPMessage **res,
1404 	LDAP_CANCELPROC_CALLBACK *cancelproc, void *cancelparm);
1405 int LDAP_CALL ldap_ufn_search_ct(LDAP *ld, char *ufn,
1406 	char **attrs, int attrsonly, LDAPMessage **res,
1407 	LDAP_CANCELPROC_CALLBACK *cancelproc, void *cancelparm,
1408 	char *tag1, char *tag2, char *tag3);
1409 int LDAP_CALL ldap_ufn_search_s(LDAP *ld, char *ufn,
1410 	char **attrs, int attrsonly, LDAPMessage **res);
1411 LDAP_API(LDAPFiltDesc *) LDAP_CALL ldap_ufn_setfilter(LDAP *ld, char *fname);
1412 LDAP_API(void) LDAP_CALL ldap_ufn_setprefix(LDAP *ld, char *prefix);
1413 int LDAP_C ldap_ufn_timeout(void *tvparam);
1414 
1415 /*
1416  * functions and definitions that have been replaced by new improved ones
1417  */
1418 /*
1419  * Use ldap_get_option() with LDAP_OPT_API_INFO and an LDAPAPIInfo structure
1420  * instead of ldap_version(). The use of this API is deprecated.
1421  */
1422 typedef struct _LDAPVersion {
1423 	int sdk_version;	/* Version of the SDK, * 100 */
1424 	int protocol_version;	/* Highest protocol version supported, * 100 */
1425 	int SSL_version;	/* SSL version if this SDK supports it, * 100 */
1426 	int security_level;	/* highest level available */
1427 	int reserved[4];
1428 } LDAPVersion;
1429 #define	LDAP_SECURITY_NONE	0
1430 int LDAP_CALL ldap_version(LDAPVersion *ver);
1431 
1432 /* use ldap_create_filter() instead of ldap_build_filter() */
1433 LDAP_API(void) LDAP_CALL ldap_build_filter(char *buf, size_t buflen,
1434 	char *pattern, char *prefix, char *suffix, char *attr,
1435 	char *value, char **valwords);
1436 /* use ldap_set_filter_additions() instead of ldap_setfilteraffixes() */
1437 LDAP_API(void) LDAP_CALL ldap_setfilteraffixes(LDAPFiltDesc *lfdp,
1438 	char *prefix, char *suffix);
1439 
1440 /* older result types a server can return -- use LDAP_RES_MODDN instead */
1441 #define	LDAP_RES_MODRDN			LDAP_RES_MODDN
1442 #define	LDAP_RES_RENAME			LDAP_RES_MODDN
1443 
1444 /* older error messages */
1445 #define	LDAP_AUTH_METHOD_NOT_SUPPORTED  LDAP_STRONG_AUTH_NOT_SUPPORTED
1446 
1447 /* end of unsupported functions */
1448 
1449 #ifdef	_SOLARIS_SDK
1450 
1451 /* SSL Functions */
1452 
1453 /*
1454  * these three defines resolve the SSL strength
1455  * setting auth weak, diables all cert checking
1456  * the CNCHECK tests for the man in the middle hack
1457  */
1458 #define	LDAPSSL_AUTH_WEAK	0
1459 #define	LDAPSSL_AUTH_CERT	1
1460 #define	LDAPSSL_AUTH_CNCHECK    2
1461 
1462 /*
1463  * Initialize LDAP library for SSL
1464  */
1465 LDAP * LDAP_CALL ldapssl_init(const char *defhost, int defport,
1466 	int defsecure);
1467 
1468 /*
1469  * Install I/O routines to make SSL over LDAP possible.
1470  * Use this after ldap_init() or just use ldapssl_init() instead.
1471  */
1472 int LDAP_CALL ldapssl_install_routines(LDAP *ld);
1473 
1474 
1475 /*
1476  * The next three functions initialize the security code for SSL
1477  * The first one ldapssl_client_init() does initialization for SSL only
1478  * The next one supports ldapssl_clientauth_init() intializes security
1479  * for SSL for client authentication. The third function initializes
1480  * security for doing SSL with client authentication, and PKCS, that is,
1481  * the third function initializes the security module database(secmod.db).
1482  * The parameters are as follows:
1483  * const char *certdbpath - path to the cert file.  This can be a shortcut
1484  * to the directory name, if so cert7.db will be postfixed to the string.
1485  * void *certdbhandle - Normally this is NULL.  This memory will need
1486  * to be freed.
1487  * int needkeydb - boolean.  Must be ! = 0 if client Authentification
1488  * is required
1489  * char *keydbpath - path to the key database.  This can be a shortcut
1490  * to the directory name, if so key3.db will be postfixed to the string.
1491  * void *keydbhandle - Normally this is NULL, This memory will need
1492  * to be freed
1493  * int needsecmoddb - boolean.  Must be ! = 0 to assure that the correct
1494  * security module is loaded into memory
1495  * char *secmodpath - path to the secmod.  This can be a shortcut to the
1496  * directory name, if so secmod.db will be postfixed to the string.
1497  *
1498  * These three functions are mutually exclusive.  You can only call
1499  * one.  This means that, for a given process, you must call the
1500  * appropriate initialization function for the life of the process.
1501  */
1502 
1503 
1504 /*
1505  * Initialize the secure parts (Security and SSL) of the runtime for use
1506  * by a client application.  This is only called once.
1507  */
1508 int LDAP_CALL ldapssl_client_init(
1509     const char *certdbpath, void *certdbhandle);
1510 
1511 /*
1512  * Initialize the secure parts (Security and SSL) of the runtime for use
1513  * by a client application that may want to do SSL client authentication.
1514  */
1515 int LDAP_CALL ldapssl_clientauth_init(
1516     const char *certdbpath, void *certdbhandle,
1517     const int needkeydb, const char *keydbpath, void *keydbhandle);
1518 
1519 /*
1520  * Initialize the secure parts (Security and SSL) of the runtime for use
1521  * by a client application that may want to do SSL client authentication.
1522  */
1523 int LDAP_CALL ldapssl_advclientauth_init(
1524     const char *certdbpath, void *certdbhandle,
1525     const int needkeydb, const char *keydbpath, void *keydbhandle,
1526     const int needsecmoddb, const char *secmoddbpath,
1527     const int sslstrength);
1528 
1529 /*
1530  * get a meaningful error string back from the security library
1531  * this function should be called, if ldap_err2string doesn't
1532  * identify the error code.
1533  */
1534 const char *LDAP_CALL ldapssl_err2string(const int prerrno);
1535 
1536 /*
1537  * Enable SSL client authentication on the given ld.
1538  */
1539 int LDAP_CALL ldapssl_enable_clientauth(LDAP *ld, char *keynickname,
1540 	char *keypasswd, char *certnickname);
1541 
1542 typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_TOKEN_CALLBACK)
1543 	(void *context, char **tokenname);
1544 typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_PIN_CALLBACK)
1545 	(void *context, const char *tokenname, char **tokenpin);
1546 typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_CERTPATH_CALLBACK)
1547 	(void *context, char **certpath);
1548 typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_KEYPATH_CALLBACK)
1549 	(void *context, char **keypath);
1550 typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_MODPATH_CALLBACK)
1551 	(void *context, char **modulepath);
1552 typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_CERTNAME_CALLBACK)
1553 	(void *context, char **certname);
1554 typedef int (LDAP_C LDAP_CALLBACK LDAP_PKCS_GET_DONGLEFILENAME_CALLBACK)
1555 	(void *context, char **filename);
1556 
1557 #define	PKCS_STRUCTURE_ID 1
1558 struct ldapssl_pkcs_fns {
1559     int local_structure_id;
1560     void *local_data;
1561     LDAP_PKCS_GET_CERTPATH_CALLBACK *pkcs_getcertpath;
1562     LDAP_PKCS_GET_CERTNAME_CALLBACK *pkcs_getcertname;
1563     LDAP_PKCS_GET_KEYPATH_CALLBACK *pkcs_getkeypath;
1564     LDAP_PKCS_GET_MODPATH_CALLBACK *pkcs_getmodpath;
1565     LDAP_PKCS_GET_PIN_CALLBACK *pkcs_getpin;
1566     LDAP_PKCS_GET_TOKEN_CALLBACK *pkcs_gettokenname;
1567     LDAP_PKCS_GET_DONGLEFILENAME_CALLBACK *pkcs_getdonglefilename;
1568 
1569 };
1570 
1571 
1572 int LDAP_CALL ldapssl_pkcs_init(const struct ldapssl_pkcs_fns *pfns);
1573 
1574 /* end of SSL functions */
1575 #endif	/* _SOLARIS_SDK */
1576 
1577 /* SASL options */
1578 #define	LDAP_OPT_X_SASL_MECH		0x6100
1579 #define	LDAP_OPT_X_SASL_REALM		0x6101
1580 #define	LDAP_OPT_X_SASL_AUTHCID		0x6102
1581 #define	LDAP_OPT_X_SASL_AUTHZID		0x6103
1582 #define	LDAP_OPT_X_SASL_SSF		0x6104 /* read-only */
1583 #define	LDAP_OPT_X_SASL_SSF_EXTERNAL	0x6105 /* write-only */
1584 #define	LDAP_OPT_X_SASL_SECPROPS	0x6106 /* write-only */
1585 #define	LDAP_OPT_X_SASL_SSF_MIN		0x6107
1586 #define	LDAP_OPT_X_SASL_SSF_MAX		0x6108
1587 #define	LDAP_OPT_X_SASL_MAXBUFSIZE	0x6109
1588 
1589 /*
1590  * ldap_interactive_bind_s Interaction flags
1591  *  Interactive: prompt always - REQUIRED
1592  */
1593 #define	LDAP_SASL_INTERACTIVE		1U
1594 
1595 /*
1596  * V3 SASL Interaction Function Callback Prototype
1597  *      when using SASL, interact is pointer to sasl_interact_t
1598  *  should likely passed in a control (and provided controls)
1599  */
1600 typedef int (LDAP_SASL_INTERACT_PROC)
1601 	(LDAP *ld, unsigned flags, void* defaults, void *interact);
1602 
1603 int LDAP_CALL ldap_sasl_interactive_bind_s(LDAP *ld, const char *dn,
1604 	const char *saslMechanism, LDAPControl **serverControls,
1605 	LDAPControl **clientControls, unsigned flags,
1606 	LDAP_SASL_INTERACT_PROC *proc, void *defaults);
1607 
1608 #ifdef	__cplusplus
1609 }
1610 #endif
1611 
1612 #endif	/* _LDAP_H */
1613