xref: /titanic_51/usr/src/lib/libsldap/common/ns_sldap.h (revision 7c478bd95313f5f23a4c958a745db2134aa03244) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 
28 #ifndef	_NS_SLDAP_H
29 #define	_NS_SLDAP_H
30 
31 #pragma ident	"%Z%%M%	%I%	%E% SMI"
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 #include <stdio.h>
38 #include <sys/types.h>
39 #include <lber.h>
40 #include <ldap.h>
41 
42 /*
43  * Version
44  */
45 #define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
46 #define	NS_LDAP_VERSION_1	"1.0"
47 #define	NS_LDAP_VERSION_2	"2.0"
48 
49 /*
50  * Flags
51  */
52 #define	NS_LDAP_HARD		  0x001
53 #define	NS_LDAP_ALL_RES		  0x002
54 
55 /* Search Referral Option */
56 typedef enum SearchRef {
57 	NS_LDAP_FOLLOWREF	= 0x004,
58 	NS_LDAP_NOREF		= 0x008
59 } SearchRef_t;
60 
61 typedef enum ScopeType {
62 	NS_LDAP_SCOPE_BASE	= 0x010,
63 	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
64 	NS_LDAP_SCOPE_SUBTREE	= 0x040
65 } ScopeType_t;
66 
67 /*
68  * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
69  * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
70  * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
71  * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
72  */
73 
74 #define	NS_LDAP_KEEP_CONN	  0x080
75 #define	NS_LDAP_NEW_CONN	  0x400
76 #define	NS_LDAP_NOMAP		  0x800
77 
78 #define	NS_LDAP_PAGE_CTRL	  0x1000
79 #define	NS_LDAP_NO_PAGE_CTRL	  0x0000
80 
81 /*
82  * Authentication Information
83  */
84 typedef enum CredLevel {
85 	NS_LDAP_CRED_ANON	= 0,
86 	NS_LDAP_CRED_PROXY	= 1,
87 	NS_LDAP_CRED_SELF	= 2	/* currently not supported */
88 } CredLevel_t;
89 
90 typedef enum AuthType {
91 	NS_LDAP_AUTH_NONE	= 0,
92 	NS_LDAP_AUTH_SIMPLE	= 1,
93 	NS_LDAP_AUTH_SASL	= 2,
94 	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
95 	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
96 } AuthType_t;
97 
98 typedef enum TlsType {
99 	NS_LDAP_TLS_NONE	= 0,
100 	NS_LDAP_TLS_SIMPLE	= 1,
101 	NS_LDAP_TLS_SASL	= 2
102 } TlsType_t;
103 
104 typedef enum SaslMech {
105 	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
106 	NS_LDAP_SASL_CRAM_MD5	= 1,
107 	NS_LDAP_SASL_DIGEST_MD5	= 2,
108 	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
109 	NS_LDAP_SASL_GSSAPI	= 4,	/* currently not supported */
110 	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
111 } SaslMech_t;
112 
113 typedef enum SaslOpt {
114 	NS_LDAP_SASLOPT_NONE	= 0,
115 	NS_LDAP_SASLOPT_INT	= 1,	/* currently not supported */
116 	NS_LDAP_SASLOPT_PRIV	= 2	/* currently not supported */
117 } SaslOpt_t;
118 
119 typedef enum PrefOnly {
120 	NS_LDAP_PREF_FALSE	= 0,
121 	NS_LDAP_PREF_TRUE	= 1
122 } PrefOnly_t;
123 
124 typedef struct UnixCred {
125 	char	*userID;	/* Unix ID number */
126 	char	*passwd;	/* password */
127 } UnixCred_t;
128 
129 typedef struct CertCred {
130 	char	*path;		/* certificate path */
131 	char	*passwd;	/* password */
132 	char	*nickname;	/* nickname */
133 } CertCred_t;
134 
135 typedef struct ns_auth {
136 	AuthType_t	type;
137 	TlsType_t	tlstype;
138 	SaslMech_t	saslmech;
139 	SaslOpt_t	saslopt;
140 } ns_auth_t;
141 
142 typedef struct ns_cred {
143 	ns_auth_t	auth;
144 	char		*hostcertpath;
145 	union {
146 		UnixCred_t	unix_cred;
147 		CertCred_t	cert_cred;
148 	} cred;
149 } ns_cred_t;
150 
151 
152 typedef struct LineBuf {
153 	char *str;
154 	int len;
155 	int alloc;
156 } LineBuf;
157 
158 /*
159  * Configuration Information
160  */
161 
162 typedef enum {
163 	NS_LDAP_FILE_VERSION_P		= 0,
164 	NS_LDAP_BINDDN_P		= 1,
165 	NS_LDAP_BINDPASSWD_P		= 2,
166 	NS_LDAP_SERVERS_P		= 3,
167 	NS_LDAP_SEARCH_BASEDN_P		= 4,
168 	NS_LDAP_AUTH_P			= 5,
169 /*
170  * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
171  * with version 1 clients and their configuration files.  The only
172  * supported value is NS_LDAP_SEC_NONE.  No application should be
173  * using this parameter type (either through getParam or setParam.
174  */
175 	NS_LDAP_TRANSPORT_SEC_P		= 6,
176 	NS_LDAP_SEARCH_REF_P		= 7,
177 	NS_LDAP_DOMAIN_P		= 8,
178 	NS_LDAP_EXP_P			= 9,
179 	NS_LDAP_CERT_PATH_P		= 10,
180 	NS_LDAP_CERT_PASS_P		= 11,
181 	NS_LDAP_SEARCH_DN_P		= 12,
182 	NS_LDAP_SEARCH_SCOPE_P		= 13,
183 	NS_LDAP_SEARCH_TIME_P		= 14,
184 	NS_LDAP_SERVER_PREF_P		= 15,
185 	NS_LDAP_PREF_ONLY_P		= 16,
186 	NS_LDAP_CACHETTL_P		= 17,
187 	NS_LDAP_PROFILE_P		= 18,
188 	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
189 	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
190 	NS_LDAP_BIND_TIME_P		= 21,
191 	NS_LDAP_ATTRIBUTEMAP_P		= 22,
192 	NS_LDAP_OBJECTCLASSMAP_P	= 23,
193 	NS_LDAP_CERT_NICKNAME_P		= 24,
194 	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
195 	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
196 	NS_LDAP_HOST_CERTPATH_P		= 27,
197 /*
198  * The following entry (max ParamIndexType) is an internal
199  * placeholder.  It must be the last (and highest value)
200  * entry in this eNum.  Please update accordingly.
201  */
202 	NS_LDAP_MAX_PIT_P		= 28
203 
204 } ParamIndexType;
205 
206 /*
207  * __ns_ldap_*() return codes
208  */
209 typedef enum {
210 	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
211 	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
212 	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
213 	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
214 	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
215 	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
216 	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
217 	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
218 	NS_LDAP_SUCCESS_WITH_INFO
219 				= 9  /* success, with info in errorp */
220 } ns_ldap_return_code;
221 
222 /*
223  * Detailed error code for NS_LDAP_CONFIG
224  */
225 typedef enum {
226 	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
227 	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
228 	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
229 	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
230 	NS_CONFIG_FILE		= 4,	/* configuration file problem */
231 	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
232 } ns_ldap_config_return_code;
233 
234 /*
235  * Detailed error code for NS_LDAP_PARTIAL
236  */
237 typedef enum {
238 	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
239 	NS_PARTIAL_OTHER	= 1	/* error encountered */
240 } ns_ldap_partial_return_code;
241 
242 /*
243  * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
244  */
245 typedef enum {
246 	NS_HOSTCRED_FALSE = 0,
247 	NS_HOSTCRED_TRUE  = 1
248 } hostcred_t;
249 
250 /*
251  * Detailed password status
252  */
253 typedef enum {
254 	NS_PASSWD_GOOD			= 0,	/* password is good */
255 	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
256 						/* about to expire */
257 	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
258 						/* changed immediately */
259 	NS_PASSWD_EXPIRED		= 3,	/* password expired */
260 	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
261 						/* account is locked */
262 	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
263 						/* by the administrator */
264 	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
265 						/* new password has */
266 						/* invalid syntax -- */
267 						/* same value as attr */
268 						/* cn, sn, uid, etc. */
269 	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
270 						/* new password has */
271 						/* less chars than */
272 						/* required */
273 	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
274 						/* reuse old password  */
275 	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
276 						/* within minimum age  */
277 } ns_ldap_passwd_status_t;
278 
279 /*
280  * Password management information structure
281  */
282 typedef struct ns_ldap_passwd_mgmt {
283 	ns_ldap_passwd_status_t
284 		status;			/* password status */
285 	int	sec_until_expired;	/* seconds until expired, */
286 					/* valid if status is */
287 					/* NS_PASSWD_ABOUT_TO_EXPIRE */
288 } ns_ldap_passwd_mgmt_t;
289 
290 
291 /*
292  * Simplified LDAP Naming API result structure
293  */
294 typedef struct ns_ldap_error {
295 	int	status;				/* LDAP error code */
296 	char	*message;			/* LDAP error message */
297 	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
298 						/* management info */
299 } ns_ldap_error_t;
300 
301 typedef struct	 ns_ldap_attr {
302 	char	*attrname;			/* attribute name */
303 	uint_t	value_count;
304 	char	**attrvalue;			/* attribute values */
305 } ns_ldap_attr_t;
306 
307 typedef struct ns_ldap_entry {
308 	uint_t		attr_count;		/* number of attributes */
309 	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
310 	struct ns_ldap_entry *next;		/* next entry */
311 } ns_ldap_entry_t;
312 
313 typedef struct ns_ldap_result {
314 	uint_t	entries_count;		/* number of entries */
315 	ns_ldap_entry_t	*entry;		/* data */
316 } ns_ldap_result_t;
317 
318 /*
319  * structures for the conversion routines used by typedAddEntry()
320  */
321 
322 typedef struct _ns_netgroups {
323 	char  *name;
324 	char  **triplet;
325 	char  **netgroup;
326 } _ns_netgroups_t;
327 
328 typedef struct _ns_netmasks {
329 	char *netnumber;
330 	char *netmask;
331 } _ns_netmasks_t;
332 
333 typedef struct _ns_bootp {
334 	char *name;
335 	char **param;
336 } _ns_bootp_t;
337 
338 typedef struct _ns_ethers {
339 	char *name;
340 	char *ether;
341 } _ns_ethers_t;
342 
343 typedef struct _ns_pubkey {
344 	char *name;
345 	hostcred_t hostcred;
346 	char *pubkey;
347 	char *privkey;
348 } _ns_pubkey_t;
349 
350 typedef struct _ns_alias {
351 	char *alias;
352 	char **member;
353 } _ns_alias_t;
354 
355 typedef struct _ns_automount {
356 	char *mapname;
357 	char *key;
358 	char *value;
359 } _ns_automount_t;
360 
361 /*
362  * return values for the callback function in __ns_ldap_list()
363  */
364 #define	NS_LDAP_CB_NEXT	0	/* get the next entry */
365 #define	NS_LDAP_CB_DONE	1	/* done */
366 
367 /*
368  * Input values for the type specified in __ns_ldap_addTypedEntry()
369  * and __ns_ldap_delTypedEntry()
370  */
371 
372 #define	NS_LDAP_TYPE_PASSWD	"passwd"
373 #define	NS_LDAP_TYPE_GROUP	"group"
374 #define	NS_LDAP_TYPE_HOSTS	"hosts"
375 #define	NS_LDAP_TYPE_IPNODES	"ipnodes"
376 #define	NS_LDAP_TYPE_PROFILE	"prof_attr"
377 #define	NS_LDAP_TYPE_RPC	"rpc"
378 #define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
379 #define	NS_LDAP_TYPE_NETWORKS	"networks"
380 #define	NS_LDAP_TYPE_NETGROUP	"netgroup"
381 #define	NS_LDAP_TYPE_ALIASES	"aliases"
382 #define	NS_LDAP_TYPE_SERVICES	"services"
383 #define	NS_LDAP_TYPE_ETHERS	"ethers"
384 #define	NS_LDAP_TYPE_SHADOW	"shadow"
385 #define	NS_LDAP_TYPE_NETMASKS	"netmasks"
386 #define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
387 #define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
388 #define	NS_LDAP_TYPE_USERATTR	"user_attr"
389 #define	NS_LDAP_TYPE_PROJECT	"project"
390 #define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
391 #define	NS_LDAP_TYPE_AUUSER	"audit_user"
392 #define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
393 #define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
394 
395 /*
396  * service descriptor/attribute mapping structure
397  */
398 
399 typedef struct ns_ldap_search_desc {
400 	char		*basedn;	/* search base dn */
401 	ScopeType_t	scope;		/* search scope */
402 	char		*filter;	/* search filter */
403 } ns_ldap_search_desc_t;
404 
405 typedef struct ns_ldap_attribute_map {
406 	char		*origAttr;	/* original attribute */
407 	char		**mappedAttr;	/* mapped attribute(s) */
408 } ns_ldap_attribute_map_t;
409 
410 typedef struct ns_ldap_objectclass_map {
411 	char		*origOC;	/* original objectclass */
412 	char		*mappedOC;	/* mapped objectclass */
413 } ns_ldap_objectclass_map_t;
414 
415 /*
416  * Simplified LDAP Naming APIs
417  */
418 int __ns_ldap_list(
419 	const char *service,
420 	const char *filter,
421 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
422 			char **realfilter, const void *userdata),
423 	const char * const *attribute,
424 	const ns_cred_t *cred,
425 	const int flags,
426 	ns_ldap_result_t ** result,
427 	ns_ldap_error_t ** errorp,
428 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
429 	const void *userdata);
430 
431 int  __ns_ldap_addAttr(
432 	const char *service,
433 	const char *dn,
434 	const ns_ldap_attr_t * const *attr,
435 	const ns_cred_t *cred,
436 	const int flags,
437 	ns_ldap_error_t **errorp);
438 
439 int __ns_ldap_delAttr(
440 	const char *service,
441 	const char *dn,
442 	const ns_ldap_attr_t * const *attr,
443 	const ns_cred_t *cred,
444 	const int flags,
445 	ns_ldap_error_t **errorp);
446 
447 int  __ns_ldap_repAttr(
448 	const char *service,
449 	const char *dn,
450 	const ns_ldap_attr_t * const *attr,
451 	const ns_cred_t *cred,
452 	const int flags,
453 	ns_ldap_error_t **errorp);
454 
455 int  __ns_ldap_addEntry(
456 	const char *service,
457 	const char *dn,
458 	const ns_ldap_entry_t *entry,
459 	const ns_cred_t *cred,
460 	const int flags,
461 	ns_ldap_error_t **errorp);
462 
463 int  __ns_ldap_addTypedEntry(
464 	const char *servicetype,
465 	const char *basedn,
466 	const void *data,
467 	const int  create,
468 	const ns_cred_t *cred,
469 	const int flags,
470 	ns_ldap_error_t **errorp);
471 
472 int __ns_ldap_delEntry(
473 	const char *service,
474 	const char *dn,
475 	const ns_cred_t *cred,
476 	const int flags,
477 	ns_ldap_error_t **errorp);
478 
479 int __ns_ldap_firstEntry(
480 	const char *service,
481 	const char *filter,
482 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
483 			char **realfilter, const void *userdata),
484 	const char * const *attribute,
485 	const ns_cred_t *cred,
486 	const int flags,
487 	void **cookie,
488 	ns_ldap_result_t ** result,
489 	ns_ldap_error_t **errorp,
490 	const void *userdata);
491 
492 int  __ns_ldap_nextEntry(
493 	void *cookie,
494 	ns_ldap_result_t ** result,
495 	ns_ldap_error_t **errorp);
496 
497 int  __ns_ldap_endEntry(
498 	void **cookie,
499 	ns_ldap_error_t **errorp);
500 
501 int __ns_ldap_freeResult(
502 	ns_ldap_result_t **result);
503 
504 int __ns_ldap_freeError(
505 	ns_ldap_error_t **errorp);
506 
507 int  __ns_ldap_uid2dn(
508 	const char *uid,
509 	char **userDN,
510 	const ns_cred_t *cred,
511 	ns_ldap_error_t ** errorp);
512 
513 int  __ns_ldap_host2dn(
514 	const char *host,
515 	const char *domain,
516 	char **hostDN,
517 	const ns_cred_t *cred,
518 	ns_ldap_error_t ** errorp);
519 
520 int  __ns_ldap_dn2domain(
521 	const char *dn,
522 	char **domain,
523 	const ns_cred_t *cred,
524 	ns_ldap_error_t ** errorp);
525 
526 int __ns_ldap_auth(
527 	const ns_cred_t *cred,
528 	const int flag,
529 	ns_ldap_error_t **errorp,
530 	LDAPControl **serverctrls,
531 	LDAPControl **clientctrls);
532 
533 int __ns_ldap_freeCred(
534 	ns_cred_t **credp);
535 
536 int __ns_ldap_err2str(
537 	int err,
538 	char **strmsg);
539 
540 int __ns_ldap_setParam(
541 	const ParamIndexType type,
542 	const void *data,
543 	ns_ldap_error_t **errorp);
544 
545 int __ns_ldap_getParam(
546 	const ParamIndexType type,
547 	void ***data,
548 	ns_ldap_error_t **errorp);
549 
550 int __ns_ldap_freeParam(
551 	void ***data);
552 
553 char **__ns_ldap_getAttr(
554 	const ns_ldap_entry_t *entry,
555 	const char *attrname);
556 
557 int __ns_ldap_getServiceAuthMethods(
558 	const char *service,
559 	ns_auth_t ***auth,
560 	ns_ldap_error_t **errorp);
561 
562 int __ns_ldap_getSearchDescriptors(
563 	const char *service,
564 	ns_ldap_search_desc_t ***desc,
565 	ns_ldap_error_t **errorp);
566 
567 int __ns_ldap_freeSearchDescriptors(
568 	ns_ldap_search_desc_t ***desc);
569 
570 int __ns_ldap_getAttributeMaps(
571 	const char *service,
572 	ns_ldap_attribute_map_t ***maps,
573 	ns_ldap_error_t **errorp);
574 
575 int __ns_ldap_freeAttributeMaps(
576 	ns_ldap_attribute_map_t ***maps);
577 
578 char **__ns_ldap_getMappedAttributes(
579 	const char *service,
580 	const char *origAttribute);
581 
582 char **__ns_ldap_getOrigAttribute(
583 	const char *service,
584 	const char *mappedAttribute);
585 
586 int __ns_ldap_getObjectClassMaps(
587 	const char *service,
588 	ns_ldap_objectclass_map_t ***maps,
589 	ns_ldap_error_t **errorp);
590 
591 int __ns_ldap_freeObjectClassMaps(
592 	ns_ldap_objectclass_map_t ***maps);
593 
594 char **__ns_ldap_getMappedObjectClass(
595 	const char *service,
596 	const char *origObjectClass);
597 
598 char **__ns_ldap_getOrigObjectClass(
599 	const char *service,
600 	const char *mappedObjectClass);
601 
602 int __ns_ldap_getParamType(
603 	const char *value,
604 	ParamIndexType *type);
605 #ifdef __cplusplus
606 }
607 #endif
608 
609 #endif /* _NS_SLDAP_H */
610