search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / lib / libsldap / common / ns_sldap.h
blobb86b6167d786cc67ed843f17abbc506b2aca8a27
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25
26 #ifndef _NS_SLDAP_H
27 #define _NS_SLDAP_H
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 #include <stdio.h>
34 #include <sys/types.h>
35 #include <lber.h>
36 #include <ldap.h>
37
38 /*
39 * Version
40 */
41 #define NS_LDAP_VERSION NS_LDAP_VERSION_2
42 #define NS_LDAP_VERSION_1 "1.0"
43 #define NS_LDAP_VERSION_2 "2.0"
44
45 /*
46 * Flags
47 */
48 #define NS_LDAP_HARD 0x001
49 #define NS_LDAP_ALL_RES 0x002
50
51 /* Search Referral Option */
52 typedef enum SearchRef {
53 NS_LDAP_FOLLOWREF = 0x004,
54 NS_LDAP_NOREF = 0x008
55 } SearchRef_t;
56
57 typedef enum ScopeType {
58 NS_LDAP_SCOPE_BASE = 0x010,
59 NS_LDAP_SCOPE_ONELEVEL = 0x020,
60 NS_LDAP_SCOPE_SUBTREE = 0x040
61 } ScopeType_t;
62
63 /*
64 * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
65 * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
66 * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
67 * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
68 */
69
70 #define NS_LDAP_KEEP_CONN 0x080
71 #define NS_LDAP_NEW_CONN 0x400
72 #define NS_LDAP_NOMAP 0x800
73
74 #define NS_LDAP_PAGE_CTRL 0x1000
75 #define NS_LDAP_NO_PAGE_CTRL 0x0000
76
77 /*
78 * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
79 * to retrieve the DN in LDAP and DN is not to be converted when
80 * being passed back to the application. See __ns_ldap_uid2dn()
81 * and __ns_ldap_host2dn() for such usage.
82 */
83 #define NS_LDAP_NOT_CVT_DN 0x2000
84
85 /*
86 * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
87 * __ns_ldap_repAttr() to update the shadow database on the
88 * LDAP server.
89 */
90 #define NS_LDAP_UPDATE_SHADOW 0x4000
91
92 /*
93 * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
94 * and __ns_ldap_firstEntry() to read the shadow database on the
95 * LDAP server.
96 */
97 #define NS_LDAP_READ_SHADOW 0x8000
98
99 /*
100 * Authentication Information
101 */
102 typedef enum CredLevel {
103 NS_LDAP_CRED_ANON = 0,
104 NS_LDAP_CRED_PROXY = 1,
105 NS_LDAP_CRED_SELF = 2
106 } CredLevel_t;
107
108 typedef enum AuthType {
109 NS_LDAP_AUTH_NONE = 0,
110 NS_LDAP_AUTH_SIMPLE = 1,
111 NS_LDAP_AUTH_SASL = 2,
112 NS_LDAP_AUTH_TLS = 3, /* implied SASL usage */
113 NS_LDAP_AUTH_ATLS = 4 /* implied SASL usage */
114 } AuthType_t;
115
116 typedef enum TlsType {
117 NS_LDAP_TLS_NONE = 0,
118 NS_LDAP_TLS_SIMPLE = 1,
119 NS_LDAP_TLS_SASL = 2
120 } TlsType_t;
121
122 typedef enum SaslMech {
123 NS_LDAP_SASL_NONE = 0, /* No SASL mechanism */
124 NS_LDAP_SASL_CRAM_MD5 = 1,
125 NS_LDAP_SASL_DIGEST_MD5 = 2,
126 NS_LDAP_SASL_EXTERNAL = 3, /* currently not supported */
127 NS_LDAP_SASL_GSSAPI = 4,
128 NS_LDAP_SASL_SPNEGO = 5 /* currently not supported */
129 } SaslMech_t;
130
131 typedef enum SaslOpt {
132 NS_LDAP_SASLOPT_NONE = 0,
133 NS_LDAP_SASLOPT_INT = 1,
134 NS_LDAP_SASLOPT_PRIV = 2
135 } SaslOpt_t;
136
137 typedef enum PrefOnly {
138 NS_LDAP_PREF_FALSE = 0,
139 NS_LDAP_PREF_TRUE = 1
140 } PrefOnly_t;
141
142 typedef enum enableShadowUpdate {
143 NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE = 0,
144 NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE = 1
145 } enableShadowUpdate_t;
146
147 typedef struct UnixCred {
148 char *userID; /* Unix ID number */
149 char *passwd; /* password */
150 } UnixCred_t;
151
152 typedef struct CertCred {
153 char *path; /* certificate path */
154 char *passwd; /* password */
155 char *nickname; /* nickname */
156 } CertCred_t;
157
158 typedef struct ns_auth {
159 AuthType_t type;
160 TlsType_t tlstype;
161 SaslMech_t saslmech;
162 SaslOpt_t saslopt;
163 } ns_auth_t;
164
165 typedef struct ns_cred {
166 ns_auth_t auth;
167 char *hostcertpath;
168 union {
169 UnixCred_t unix_cred;
170 CertCred_t cert_cred;
171 } cred;
172 } ns_cred_t;
173
174
175 typedef struct LineBuf {
176 char *str;
177 int len;
178 int alloc;
179 } LineBuf;
180
181 /*
182 * Configuration Information
183 */
184
185 typedef enum {
186 NS_LDAP_FILE_VERSION_P = 0,
187 NS_LDAP_BINDDN_P = 1,
188 NS_LDAP_BINDPASSWD_P = 2,
189 NS_LDAP_SERVERS_P = 3,
190 NS_LDAP_SEARCH_BASEDN_P = 4,
191 NS_LDAP_AUTH_P = 5,
192 /*
193 * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
194 * with version 1 clients and their configuration files. The only
195 * supported value is NS_LDAP_SEC_NONE. No application should be
196 * using this parameter type (either through getParam or setParam.
197 */
198 NS_LDAP_TRANSPORT_SEC_P = 6,
199 NS_LDAP_SEARCH_REF_P = 7,
200 NS_LDAP_DOMAIN_P = 8,
201 NS_LDAP_EXP_P = 9,
202 NS_LDAP_CERT_PATH_P = 10,
203 NS_LDAP_CERT_PASS_P = 11,
204 NS_LDAP_SEARCH_DN_P = 12,
205 NS_LDAP_SEARCH_SCOPE_P = 13,
206 NS_LDAP_SEARCH_TIME_P = 14,
207 NS_LDAP_SERVER_PREF_P = 15,
208 NS_LDAP_PREF_ONLY_P = 16,
209 NS_LDAP_CACHETTL_P = 17,
210 NS_LDAP_PROFILE_P = 18,
211 NS_LDAP_CREDENTIAL_LEVEL_P = 19,
212 NS_LDAP_SERVICE_SEARCH_DESC_P = 20,
213 NS_LDAP_BIND_TIME_P = 21,
214 NS_LDAP_ATTRIBUTEMAP_P = 22,
215 NS_LDAP_OBJECTCLASSMAP_P = 23,
216 NS_LDAP_CERT_NICKNAME_P = 24,
217 NS_LDAP_SERVICE_AUTH_METHOD_P = 25,
218 NS_LDAP_SERVICE_CRED_LEVEL_P = 26,
219 NS_LDAP_HOST_CERTPATH_P = 27,
220 NS_LDAP_ENABLE_SHADOW_UPDATE_P = 28,
221 NS_LDAP_ADMIN_BINDDN_P = 29,
222 NS_LDAP_ADMIN_BINDPASSWD_P = 30,
223 /*
224 * The following entry (max ParamIndexType) is an internal
225 * placeholder. It must be the last (and highest value)
226 * entry in this eNum. Please update accordingly.
227 */
228 NS_LDAP_MAX_PIT_P = 31
229
230 } ParamIndexType;
231
232 /*
233 * NONE - No self / SASL/GSSAPI configured
234 * ONLY - Only self / SASL/GSSAPI configured
235 * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
236 */
237 typedef enum {
238 NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
239 NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
240 NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
241 } ns_ldap_self_gssapi_config_t;
242
243 /*
244 * __ns_ldap_*() return codes
245 */
246 typedef enum {
247 NS_LDAP_SUCCESS = 0, /* success, no info in errorp */
248 NS_LDAP_OP_FAILED = 1, /* failed operation, no info in errorp */
249 NS_LDAP_NOTFOUND = 2, /* entry not found, no info in errorp */
250 NS_LDAP_MEMORY = 3, /* memory failure, no info in errorp */
251 NS_LDAP_CONFIG = 4, /* config problem, detail in errorp */
252 NS_LDAP_PARTIAL = 5, /* partial result, detail in errorp */
253 NS_LDAP_INTERNAL = 7, /* LDAP error, detail in errorp */
254 NS_LDAP_INVALID_PARAM = 8, /* LDAP error, no info in errorp */
255 NS_LDAP_SUCCESS_WITH_INFO
256 = 9 /* success, with info in errorp */
257 } ns_ldap_return_code;
258
259 /*
260 * Detailed error code for NS_LDAP_CONFIG
261 */
262 typedef enum {
263 NS_CONFIG_SYNTAX = 0, /* syntax error */
264 NS_CONFIG_NODEFAULT = 1, /* no default value */
265 NS_CONFIG_NOTLOADED = 2, /* configuration not loaded */
266 NS_CONFIG_NOTALLOW = 3, /* operation requested not allowed */
267 NS_CONFIG_FILE = 4, /* configuration file problem */
268 NS_CONFIG_CACHEMGR = 5 /* error with door to ldap_cachemgr */
269 } ns_ldap_config_return_code;
270
271 /*
272 * Detailed error code for NS_LDAP_PARTIAL
273 */
274 typedef enum {
275 NS_PARTIAL_TIMEOUT = 0, /* partial results due to timeout */
276 NS_PARTIAL_OTHER = 1 /* error encountered */
277 } ns_ldap_partial_return_code;
278
279 /*
280 * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
281 */
282 typedef enum {
283 NS_HOSTCRED_FALSE = 0,
284 NS_HOSTCRED_TRUE = 1
285 } hostcred_t;
286
287 /*
288 * Detailed password status
289 */
290 typedef enum {
291 NS_PASSWD_GOOD = 0, /* password is good */
292 NS_PASSWD_ABOUT_TO_EXPIRE = 1, /* password is good but */
293 /* about to expire */
294 NS_PASSWD_CHANGE_NEEDED = 2, /* good but need to be */
295 /* changed immediately */
296 NS_PASSWD_EXPIRED = 3, /* password expired */
297 NS_PASSWD_RETRY_EXCEEDED = 4, /* exceed retry limit; */
298 /* account is locked */
299 NS_PASSWD_CHANGE_NOT_ALLOWED = 5, /* can only be changed */
300 /* by the administrator */
301 NS_PASSWD_INVALID_SYNTAX = 6, /* can not be changed: */
302 /* new password has */
303 /* invalid syntax -- */
304 /* trivial password: same */
305 /* value as attr, cn, sn, */
306 /* uid, etc. */
307 /* or strong password */
308 /* policies check */
309 NS_PASSWD_TOO_SHORT = 7, /* can not be changed: */
310 /* new password has */
311 /* less chars than */
312 /* required */
313 NS_PASSWD_IN_HISTORY = 8, /* can not be changed: */
314 /* reuse old password */
315 NS_PASSWD_WITHIN_MIN_AGE = 9 /* can not be changed: */
316 /* within minimum age */
317 } ns_ldap_passwd_status_t;
318
319 /*
320 * Password management information structure
321 *
322 * This structure is different from AcctUsableResponse_t structure in
323 * that this structure holds result of users account mgmt information when
324 * an ldap bind is done with user name and user password.
325 */
326 typedef struct ns_ldap_passwd_mgmt {
327 ns_ldap_passwd_status_t
328 status; /* password status */
329 int sec_until_expired; /* seconds until expired, */
330 /* valid if status is */
331 /* NS_PASSWD_ABOUT_TO_EXPIRE */
332 } ns_ldap_passwd_mgmt_t;
333
334 /*
335 * LDAP V3 control flag for account management - Used for account management
336 * when no password is provided
337 */
338 #define NS_LDAP_ACCOUNT_USABLE_CONTROL "1.3.6.1.4.1.42.2.27.9.5.8"
339
340 /*
341 * Structure for holding the response returned by server for
342 * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
343 */
344 typedef struct AcctUsableMoreInfo {
345 int inactive;
346 int reset;
347 int expired;
348 int rem_grace;
349 int sec_b4_unlock;
350 } AcctUsableMoreInfo_t;
351
352 /*
353 * Structure used to hold the response from the server for
354 * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
355 *
356 * ACCOUNT_USABLE_RESPONSE::= CHOICE {
357 * is_available [0] INTEGER, seconds before expiration
358 * is_not_available [1] More_info
359 * }
360 *
361 * More_info::= SEQUENCE {
362 * inactive [0] BOOLEAN DEFAULT FALSE,
363 * reset [1] BOOLEAN DEFAULT FALSE,
364 * expired [2] BOOLEAN DEFAULT FALSE,
365 * remaining_grace [3] INTEGER OPTIONAL,
366 * seconds_before_unlock[4] INTEGER OPTIONAL
367 * }
368 *
369 * This structure is different from ns_ldap_passwd_mgmt_t structure in
370 * that this structure holds result of users account mgmt information when
371 * pam_ldap doesn't have the users password and proxy agent is used for
372 * obtaining the account management information.
373 */
374 typedef struct AcctUsableResponse {
375 int choice;
376 union {
377 int seconds_before_expiry;
378 AcctUsableMoreInfo_t more_info;
379 } AcctUsableResp;
380 } AcctUsableResponse_t;
381
382 /*
383 * Simplified LDAP Naming API result structure
384 */
385 typedef struct ns_ldap_error {
386 int status; /* LDAP error code */
387 char *message; /* LDAP error message */
388 ns_ldap_passwd_mgmt_t pwd_mgmt; /* LDAP password */
389 /* management info */
390 } ns_ldap_error_t;
391
392 typedef struct ns_ldap_attr {
393 char *attrname; /* attribute name */
394 uint_t value_count;
395 char **attrvalue; /* attribute values */
396 } ns_ldap_attr_t;
397
398 typedef struct ns_ldap_entry {
399 uint_t attr_count; /* number of attributes */
400 ns_ldap_attr_t **attr_pair; /* attributes pairs */
401 struct ns_ldap_entry *next; /* next entry */
402 } ns_ldap_entry_t;
403
404 typedef struct ns_ldap_result {
405 uint_t entries_count; /* number of entries */
406 ns_ldap_entry_t *entry; /* data */
407 } ns_ldap_result_t;
408
409 /*
410 * structures for the conversion routines used by typedAddEntry()
411 */
412
413 typedef struct _ns_netgroups {
414 char *name;
415 char **triplet;
416 char **netgroup;
417 } _ns_netgroups_t;
418
419 typedef struct _ns_netmasks {
420 char *netnumber;
421 char *netmask;
422 } _ns_netmasks_t;
423
424 typedef struct _ns_bootp {
425 char *name;
426 char **param;
427 } _ns_bootp_t;
428
429 typedef struct _ns_ethers {
430 char *name;
431 char *ether;
432 } _ns_ethers_t;
433
434 typedef struct _ns_pubkey {
435 char *name;
436 hostcred_t hostcred;
437 char *pubkey;
438 char *privkey;
439 } _ns_pubkey_t;
440
441 typedef struct _ns_alias {
442 char *alias;
443 char **member;
444 } _ns_alias_t;
445
446 typedef struct _ns_automount {
447 char *mapname;
448 char *key;
449 char *value;
450 } _ns_automount_t;
451
452 /*
453 * return values for the callback function in __ns_ldap_list()
454 */
455 #define NS_LDAP_CB_NEXT 0 /* get the next entry */
456 #define NS_LDAP_CB_DONE 1 /* done */
457
458 /*
459 * Input values for the type specified in __ns_ldap_addTypedEntry()
460 * and __ns_ldap_delTypedEntry()
461 */
462
463 #define NS_LDAP_TYPE_PASSWD "passwd"
464 #define NS_LDAP_TYPE_GROUP "group"
465 #define NS_LDAP_TYPE_HOSTS "hosts"
466 #define NS_LDAP_TYPE_IPNODES "ipnodes"
467 #define NS_LDAP_TYPE_PROFILE "prof_attr"
468 #define NS_LDAP_TYPE_RPC "rpc"
469 #define NS_LDAP_TYPE_PROTOCOLS "protocols"
470 #define NS_LDAP_TYPE_NETWORKS "networks"
471 #define NS_LDAP_TYPE_NETGROUP "netgroup"
472 #define NS_LDAP_TYPE_ALIASES "aliases"
473 #define NS_LDAP_TYPE_SERVICES "services"
474 #define NS_LDAP_TYPE_ETHERS "ethers"
475 #define NS_LDAP_TYPE_SHADOW "shadow"
476 #define NS_LDAP_TYPE_NETMASKS "netmasks"
477 #define NS_LDAP_TYPE_AUTHATTR "auth_attr"
478 #define NS_LDAP_TYPE_EXECATTR "exec_attr"
479 #define NS_LDAP_TYPE_USERATTR "user_attr"
480 #define NS_LDAP_TYPE_PROJECT "project"
481 #define NS_LDAP_TYPE_PUBLICKEY "publickey"
482 #define NS_LDAP_TYPE_AUUSER "audit_user"
483 #define NS_LDAP_TYPE_BOOTPARAMS "bootparams"
484 #define NS_LDAP_TYPE_AUTOMOUNT "auto_"
485
486 /*
487 * service descriptor/attribute mapping structure
488 */
489
490 typedef struct ns_ldap_search_desc {
491 char *basedn; /* search base dn */
492 ScopeType_t scope; /* search scope */
493 char *filter; /* search filter */
494 } ns_ldap_search_desc_t;
495
496 typedef struct ns_ldap_attribute_map {
497 char *origAttr; /* original attribute */
498 char **mappedAttr; /* mapped attribute(s) */
499 } ns_ldap_attribute_map_t;
500
501 typedef struct ns_ldap_objectclass_map {
502 char *origOC; /* original objectclass */
503 char *mappedOC; /* mapped objectclass */
504 } ns_ldap_objectclass_map_t;
505
506 /*
507 * Value of the userPassword attribute representing NO Unix password
508 */
509 #define NS_LDAP_NO_UNIX_PASSWORD "<NO UNIX PASSWORD>"
510
511 /* Opaque handle for batch API */
512 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
513
514 /*
515 * The type of standalone configuration specified by a client application.
516 * The meaning of the requests is as follows:
517 *
518 * NS_CACHEMGR: libsldap will request all the configuration via door_call(3C)
519 * to ldap_cachemgr.
520 * NS_LDAP_SERVER: the consumer application has specified a directory server
521 * to communicate to.
522 * NS_PREDEFINED: reserved for internal use
523 */
524 typedef enum {
525 NS_CACHEMGR = 0,
526 NS_LDAP_SERVER
527 } ns_standalone_request_type_t;
528
529 /*
530 * This structure describes an LDAP server specified by a client application.
531 */
532 typedef struct ns_dir_server {
533 char *server; /* A directory server's IP */
534 uint16_t port; /* A directory server's port. */
535 /* Default value is 389 */
536 char *domainName; /* A domain name being served */
537 /* by the specified server. */
538 /* Default value is the local */
539 /* domain's name */
540 char *profileName; /* A DUAProfile's name. */
541 /* Default value is 'default' */
542 ns_auth_t *auth; /* Authentication information used */
543 /* during subsequent connections */
544 char *cred; /* A credential level to be used */
545 /* along with the authentication info */
546 char *host_cert_path; /* A path to the certificate database */
547 /* Default is '/vat/ldap' */
548 char *bind_dn; /* A bind DN to be used during */
549 /* subsequent LDAP Bind requests */
550 char *bind_passwd; /* A bind password to be used during */
551 /* subsequent LDAP Bind requests */
552 } ns_dir_server_t;
553
554 /*
555 * This structure contains information describing an LDAP server.
556 */
557 typedef struct ns_standalone_conf {
558 union {
559 ns_dir_server_t server;
560 void *predefined_conf; /* Reserved for internal use */
561 } ds_profile; /* A type of the configuration */
562
563 #define SA_SERVER ds_profile.server.server
564 #define SA_PORT ds_profile.server.port
565 #define SA_DOMAIN ds_profile.server.domainName
566 #define SA_PROFILE_NAME ds_profile.server.profileName
567 #define SA_AUTH ds_profile.server.auth
568 #define SA_CRED ds_profile.server.cred
569 #define SA_CERT_PATH ds_profile.server.host_cert_path
570 #define SA_BIND_DN ds_profile.server.bind_dn
571 #define SA_BIND_PWD ds_profile.server.bind_passwd
572
573 ns_standalone_request_type_t type;
574 } ns_standalone_conf_t;
575
576 /*
577 * This function "informs" libsldap that a client application has specified
578 * a directory to use. The function obtains a DUAProfile, credentials,
579 * and naming context. During all further operations on behalf
580 * of the application requested a standalone schema libsldap will use
581 * the information obtained by __ns_ldap_initStandalone() instead of
582 * door_call(3C)ing ldap_cachemgr(1M).
583 *
584 * conf
585 * A structure describing where and in which way to obtain all the
586 * configuration describing how to communicate to a choosen LDAP directory.
587 *
588 * errorp
589 * An error object describing an error occured.
590 */
591 ns_ldap_return_code __ns_ldap_initStandalone(
592 const ns_standalone_conf_t *conf,
593 ns_ldap_error_t **errorp);
594
595 /*
596 * This function obtains the directory's base DN and a DUAProfile
597 * from a specified server.
598 *
599 * server
600 * Specifies the selected directory sever.
601 *
602 * cred
603 * Contains an authentication information and credential required to
604 * establish a connection.
605 *
606 * config
607 * If not NULL, a new configuration basing on a DUAProfile specified in the
608 * server parameter will be create and returned.
609 *
610 * baseDN
611 * If not NULL, the directory's base DN will be returned.
612 *
613 * error
614 * Describes an error, if any.
615 */
616 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
617 const ns_dir_server_t *server,
618 const ns_cred_t *cred,
619 char **config, char **baseDN,
620 ns_ldap_error_t **error);
621
622 #define SA_PROHIBIT_FALLBACK 0
623 #define SA_ALLOW_FALLBACK 1
624
625 #define DONT_SAVE_NSCONF 0
626 #define SAVE_NSCONF 1
627
628 /*
629 * This function obtains the root DSE from a specified server.
630 *
631 * server_addr
632 * An adress of a server to be connected to.
633 *
634 * rootDSE
635 * A buffer containing the root DSE in the ldap_cachmgr door call format.
636 *
637 * errorp
638 * Describes an error, if any.
639 *
640 * anon_fallback
641 * If set to 1 and establishing a connection fails, __s_api_getRootDSE()
642 * will try once again using anonymous credentials.
643 */
644 ns_ldap_return_code __ns_ldap_getRootDSE(
645 const char *server_addr,
646 char **rootDSE,
647 ns_ldap_error_t **errorp,
648 int anon_fallback);
649
650 /*
651 * This function iterates through the list of the configured LDAP servers
652 * and "pings" those which are marked as removed or if any error occurred
653 * during the previous receiving of the server's root DSE. If the
654 * function is able to reach such a server and get its root DSE, it
655 * marks the server as on-line. Otherwise, the server's status is set
656 * to "Error".
657 * For each server the function tries to connect to, it fires up
658 * a separate thread and then waits until all the threads finish.
659 * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
660 * initialized or was canceled prior to an invocation of
661 * __ns_ldap_pingOfflineServers().
662 */
663 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
664
665 /*
666 * This function cancels the Standalone mode and destroys the list of root DSEs.
667 */
668 void __ns_ldap_cancelStandalone(void);
669 /*
670 * This function initializes an ns_auth_t structure provided by a caller
671 * according to a specified authentication mechanism.
672 */
673 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
674 ns_auth_t *auth,
675 ns_ldap_error_t **errorp);
676
677 /*
678 * Simplified LDAP Naming APIs
679 */
680 int __ns_ldap_list(
681 const char *service,
682 const char *filter,
683 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
684 char **realfilter, const void *userdata),
685 const char * const *attribute,
686 const ns_cred_t *cred,
687 const int flags,
688 ns_ldap_result_t ** result,
689 ns_ldap_error_t ** errorp,
690 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
691 const void *userdata);
692
693
694 int __ns_ldap_list_sort(
695 const char *service,
696 const char *filter,
697 const char *sortattr,
698 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
699 char **realfilter, const void *userdata),
700 const char * const *attribute,
701 const ns_cred_t *cred,
702 const int flags,
703 ns_ldap_result_t ** result,
704 ns_ldap_error_t ** errorp,
705 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
706 const void *userdata);
707
708 int __ns_ldap_list_batch_start(
709 ns_ldap_list_batch_t **batch);
710
711 int __ns_ldap_list_batch_add(
712 ns_ldap_list_batch_t *batch,
713 const char *service,
714 const char *filter,
715 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
716 char **realfilter, const void *userdata),
717 const char * const *attribute,
718 const ns_cred_t *cred,
719 const int flags,
720 ns_ldap_result_t ** result,
721 ns_ldap_error_t ** errorp,
722 int *rcp,
723 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
724 const void *userdata);
725
726 int __ns_ldap_list_batch_end(
727 ns_ldap_list_batch_t *batch);
728
729 void __ns_ldap_list_batch_release(
730 ns_ldap_list_batch_t *batch);
731
732 int __ns_ldap_addAttr(
733 const char *service,
734 const char *dn,
735 const ns_ldap_attr_t * const *attr,
736 const ns_cred_t *cred,
737 const int flags,
738 ns_ldap_error_t **errorp);
739
740 int __ns_ldap_delAttr(
741 const char *service,
742 const char *dn,
743 const ns_ldap_attr_t * const *attr,
744 const ns_cred_t *cred,
745 const int flags,
746 ns_ldap_error_t **errorp);
747
748 int __ns_ldap_repAttr(
749 const char *service,
750 const char *dn,
751 const ns_ldap_attr_t * const *attr,
752 const ns_cred_t *cred,
753 const int flags,
754 ns_ldap_error_t **errorp);
755
756 int __ns_ldap_addEntry(
757 const char *service,
758 const char *dn,
759 const ns_ldap_entry_t *entry,
760 const ns_cred_t *cred,
761 const int flags,
762 ns_ldap_error_t **errorp);
763
764 int __ns_ldap_addTypedEntry(
765 const char *servicetype,
766 const char *basedn,
767 const void *data,
768 const int create,
769 const ns_cred_t *cred,
770 const int flags,
771 ns_ldap_error_t **errorp);
772
773 int __ns_ldap_delEntry(
774 const char *service,
775 const char *dn,
776 const ns_cred_t *cred,
777 const int flags,
778 ns_ldap_error_t **errorp);
779
780 int __ns_ldap_firstEntry(
781 const char *service,
782 const char *filter,
783 const char *sortattr,
784 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
785 char **realfilter, const void *userdata),
786 const char * const *attribute,
787 const ns_cred_t *cred,
788 const int flags,
789 void **cookie,
790 ns_ldap_result_t ** result,
791 ns_ldap_error_t **errorp,
792 const void *userdata);
793
794 int __ns_ldap_nextEntry(
795 void *cookie,
796 ns_ldap_result_t ** result,
797 ns_ldap_error_t **errorp);
798
799 int __ns_ldap_endEntry(
800 void **cookie,
801 ns_ldap_error_t **errorp);
802
803 int __ns_ldap_freeResult(
804 ns_ldap_result_t **result);
805
806 int __ns_ldap_freeError(
807 ns_ldap_error_t **errorp);
808
809 int __ns_ldap_uid2dn(
810 const char *uid,
811 char **userDN,
812 const ns_cred_t *cred,
813 ns_ldap_error_t ** errorp);
814
815 int __ns_ldap_host2dn(
816 const char *host,
817 const char *domain,
818 char **hostDN,
819 const ns_cred_t *cred,
820 ns_ldap_error_t ** errorp);
821
822 int __ns_ldap_dn2domain(
823 const char *dn,
824 char **domain,
825 const ns_cred_t *cred,
826 ns_ldap_error_t ** errorp);
827
828 int __ns_ldap_auth(
829 const ns_cred_t *cred,
830 const int flag,
831 ns_ldap_error_t **errorp,
832 LDAPControl **serverctrls,
833 LDAPControl **clientctrls);
834
835 int __ns_ldap_freeCred(
836 ns_cred_t **credp);
837
838 int __ns_ldap_err2str(
839 int err,
840 char **strmsg);
841
842 int __ns_ldap_setParam(
843 const ParamIndexType type,
844 const void *data,
845 ns_ldap_error_t **errorp);
846
847 int __ns_ldap_getParam(
848 const ParamIndexType type,
849 void ***data,
850 ns_ldap_error_t **errorp);
851
852 int __ns_ldap_freeParam(
853 void ***data);
854
855 char **__ns_ldap_getAttr(
856 const ns_ldap_entry_t *entry,
857 const char *attrname);
858
859 ns_ldap_attr_t *__ns_ldap_getAttrStruct(
860 const ns_ldap_entry_t *entry,
861 const char *attrname);
862
863 int __ns_ldap_getServiceAuthMethods(
864 const char *service,
865 ns_auth_t ***auth,
866 ns_ldap_error_t **errorp);
867
868 int __ns_ldap_getSearchDescriptors(
869 const char *service,
870 ns_ldap_search_desc_t ***desc,
871 ns_ldap_error_t **errorp);
872
873 int __ns_ldap_freeSearchDescriptors(
874 ns_ldap_search_desc_t ***desc);
875
876 int __ns_ldap_getAttributeMaps(
877 const char *service,
878 ns_ldap_attribute_map_t ***maps,
879 ns_ldap_error_t **errorp);
880
881 int __ns_ldap_freeAttributeMaps(
882 ns_ldap_attribute_map_t ***maps);
883
884 char **__ns_ldap_getMappedAttributes(
885 const char *service,
886 const char *origAttribute);
887
888 char **__ns_ldap_getOrigAttribute(
889 const char *service,
890 const char *mappedAttribute);
891
892 int __ns_ldap_getObjectClassMaps(
893 const char *service,
894 ns_ldap_objectclass_map_t ***maps,
895 ns_ldap_error_t **errorp);
896
897 int __ns_ldap_freeObjectClassMaps(
898 ns_ldap_objectclass_map_t ***maps);
899
900 char **__ns_ldap_getMappedObjectClass(
901 const char *service,
902 const char *origObjectClass);
903
904 char **__ns_ldap_getOrigObjectClass(
905 const char *service,
906 const char *mappedObjectClass);
907
908 int __ns_ldap_getParamType(
909 const char *value,
910 ParamIndexType *type);
911
912 int __ns_ldap_getAcctMgmt(
913 const char *user,
914 AcctUsableResponse_t *acctResp);
915
916 boolean_t __ns_ldap_is_shadow_update_enabled(void);
917
918 void
919 __ns_ldap_self_gssapi_only_set(
920 int flag);
921 int
922 __ns_ldap_self_gssapi_config(
923 ns_ldap_self_gssapi_config_t *config);
924 #ifdef __cplusplus
925 }
926 #endif
927
928 #endif /* _NS_SLDAP_H */
unleashed repo fork