1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25
26 #ifndef _NS_SLDAP_H
27 #define _NS_SLDAP_H
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 #include <stdio.h>
34 #include <sys/types.h>
35 #include <lber.h>
36 #include <ldap.h>
37
38 /*
39 * Version
40 */
41 #define NS_LDAP_VERSION NS_LDAP_VERSION_2
42 #define NS_LDAP_VERSION_1 "1.0"
43 #define NS_LDAP_VERSION_2 "2.0"
44
45 /*
46 * Flags
47 */
48 #define NS_LDAP_HARD 0x001
49 #define NS_LDAP_ALL_RES 0x002
50
51 /* Search Referral Option */
52 typedef enum SearchRef {
53 NS_LDAP_FOLLOWREF = 0x004,
54 NS_LDAP_NOREF = 0x008
55 } SearchRef_t;
56
57 typedef enum ScopeType {
58 NS_LDAP_SCOPE_BASE = 0x010,
59 NS_LDAP_SCOPE_ONELEVEL = 0x020,
60 NS_LDAP_SCOPE_SUBTREE = 0x040
61 } ScopeType_t;
62
63 /*
64 * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
65 * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
66 * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
67 * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
68 */
69
70 #define NS_LDAP_KEEP_CONN 0x080
71 #define NS_LDAP_NEW_CONN 0x400
72 #define NS_LDAP_NOMAP 0x800
73
74 #define NS_LDAP_PAGE_CTRL 0x1000
75 #define NS_LDAP_NO_PAGE_CTRL 0x0000
76
77 /*
78 * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
79 * to retrieve the DN in LDAP and DN is not to be converted when
80 * being passed back to the application. See __ns_ldap_uid2dn()
81 * and __ns_ldap_host2dn() for such usage.
82 */
83 #define NS_LDAP_NOT_CVT_DN 0x2000
84
85 /*
86 * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
87 * __ns_ldap_repAttr() to update the shadow database on the
88 * LDAP server.
89 */
90 #define NS_LDAP_UPDATE_SHADOW 0x4000
91
92 /*
93 * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
94 * and __ns_ldap_firstEntry() to read the shadow database on the
95 * LDAP server.
96 */
97 #define NS_LDAP_READ_SHADOW 0x8000
98
99 /*
100 * Authentication Information
101 */
102 typedef enum CredLevel {
103 NS_LDAP_CRED_ANON = 0,
104 NS_LDAP_CRED_PROXY = 1,
105 NS_LDAP_CRED_SELF = 2
106 } CredLevel_t;
107
108 typedef enum AuthType {
109 NS_LDAP_AUTH_NONE = 0,
110 NS_LDAP_AUTH_SIMPLE = 1,
111 NS_LDAP_AUTH_SASL = 2,
112 NS_LDAP_AUTH_TLS = 3, /* implied SASL usage */
113 NS_LDAP_AUTH_ATLS = 4 /* implied SASL usage */
114 } AuthType_t;
115
116 typedef enum TlsType {
117 NS_LDAP_TLS_NONE = 0,
118 NS_LDAP_TLS_SIMPLE = 1,
119 NS_LDAP_TLS_SASL = 2
120 } TlsType_t;
121
122 typedef enum SaslMech {
123 NS_LDAP_SASL_NONE = 0, /* No SASL mechanism */
124 NS_LDAP_SASL_CRAM_MD5 = 1,
125 NS_LDAP_SASL_DIGEST_MD5 = 2,
126 NS_LDAP_SASL_EXTERNAL = 3, /* currently not supported */
127 NS_LDAP_SASL_GSSAPI = 4,
128 NS_LDAP_SASL_SPNEGO = 5 /* currently not supported */
129 } SaslMech_t;
130
131 typedef enum SaslOpt {
132 NS_LDAP_SASLOPT_NONE = 0,
133 NS_LDAP_SASLOPT_INT = 1,
134 NS_LDAP_SASLOPT_PRIV = 2
135 } SaslOpt_t;
136
137 typedef enum PrefOnly {
138 NS_LDAP_PREF_FALSE = 0,
139 NS_LDAP_PREF_TRUE = 1
140 } PrefOnly_t;
141
142 typedef enum enableShadowUpdate {
143 NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE = 0,
144 NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE = 1
145 } enableShadowUpdate_t;
146
147 typedef struct UnixCred {
148 char *userID; /* Unix ID number */
149 char *passwd; /* password */
150 } UnixCred_t;
151
152 typedef struct CertCred {
153 char *path; /* certificate path */
154 char *passwd; /* password */
155 char *nickname; /* nickname */
156 } CertCred_t;
157
158 typedef struct ns_auth {
159 AuthType_t type;
160 TlsType_t tlstype;
161 SaslMech_t saslmech;
162 SaslOpt_t saslopt;
163 } ns_auth_t;
164
165 typedef struct ns_cred {
166 ns_auth_t auth;
167 char *hostcertpath;
168 union {
169 UnixCred_t unix_cred;
170 CertCred_t cert_cred;
171 } cred;
172 } ns_cred_t;
173
174
175 typedef struct LineBuf {
176 char *str;
177 int len;
178 int alloc;
179 } LineBuf;
180
181 /*
182 * Configuration Information
183 */
184
185 typedef enum {
186 NS_LDAP_FILE_VERSION_P = 0,
187 NS_LDAP_BINDDN_P = 1,
188 NS_LDAP_BINDPASSWD_P = 2,
189 NS_LDAP_SERVERS_P = 3,
190 NS_LDAP_SEARCH_BASEDN_P = 4,
191 NS_LDAP_AUTH_P = 5,
192 /*
193 * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
194 * with version 1 clients and their configuration files. The only
195 * supported value is NS_LDAP_SEC_NONE. No application should be
196 * using this parameter type (either through getParam or setParam.
197 */
198 NS_LDAP_TRANSPORT_SEC_P = 6,
199 NS_LDAP_SEARCH_REF_P = 7,
200 NS_LDAP_DOMAIN_P = 8,
201 NS_LDAP_EXP_P = 9,
202 NS_LDAP_CERT_PATH_P = 10,
203 NS_LDAP_CERT_PASS_P = 11,
204 NS_LDAP_SEARCH_DN_P = 12,
205 NS_LDAP_SEARCH_SCOPE_P = 13,
206 NS_LDAP_SEARCH_TIME_P = 14,
207 NS_LDAP_SERVER_PREF_P = 15,
208 NS_LDAP_PREF_ONLY_P = 16,
209 NS_LDAP_CACHETTL_P = 17,
210 NS_LDAP_PROFILE_P = 18,
211 NS_LDAP_CREDENTIAL_LEVEL_P = 19,
212 NS_LDAP_SERVICE_SEARCH_DESC_P = 20,
213 NS_LDAP_BIND_TIME_P = 21,
214 NS_LDAP_ATTRIBUTEMAP_P = 22,
215 NS_LDAP_OBJECTCLASSMAP_P = 23,
216 NS_LDAP_CERT_NICKNAME_P = 24,
217 NS_LDAP_SERVICE_AUTH_METHOD_P = 25,
218 NS_LDAP_SERVICE_CRED_LEVEL_P = 26,
219 NS_LDAP_HOST_CERTPATH_P = 27,
220 NS_LDAP_ENABLE_SHADOW_UPDATE_P = 28,
221 NS_LDAP_ADMIN_BINDDN_P = 29,
222 NS_LDAP_ADMIN_BINDPASSWD_P = 30,
223 /*
224 * The following entry (max ParamIndexType) is an internal
225 * placeholder. It must be the last (and highest value)
226 * entry in this eNum. Please update accordingly.
227 */
228 NS_LDAP_MAX_PIT_P = 31
229
230 } ParamIndexType;
231
232 /*
233 * NONE - No self / SASL/GSSAPI configured
234 * ONLY - Only self / SASL/GSSAPI configured
235 * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
236 */
237 typedef enum {
238 NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
239 NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
240 NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
241 } ns_ldap_self_gssapi_config_t;
242
243 /*
244 * __ns_ldap_*() return codes
245 */
246 typedef enum {
247 NS_LDAP_SUCCESS = 0, /* success, no info in errorp */
248 NS_LDAP_OP_FAILED = 1, /* failed operation, no info in errorp */
249 NS_LDAP_NOTFOUND = 2, /* entry not found, no info in errorp */
250 NS_LDAP_MEMORY = 3, /* memory failure, no info in errorp */
251 NS_LDAP_CONFIG = 4, /* config problem, detail in errorp */
252 NS_LDAP_PARTIAL = 5, /* partial result, detail in errorp */
253 NS_LDAP_INTERNAL = 7, /* LDAP error, detail in errorp */
254 NS_LDAP_INVALID_PARAM = 8, /* LDAP error, no info in errorp */
255 NS_LDAP_SUCCESS_WITH_INFO
256 = 9 /* success, with info in errorp */
257 } ns_ldap_return_code;
258
259 /*
260 * Detailed error code for NS_LDAP_CONFIG
261 */
262 typedef enum {
263 NS_CONFIG_SYNTAX = 0, /* syntax error */
264 NS_CONFIG_NODEFAULT = 1, /* no default value */
265 NS_CONFIG_NOTLOADED = 2, /* configuration not loaded */
266 NS_CONFIG_NOTALLOW = 3, /* operation requested not allowed */
267 NS_CONFIG_FILE = 4, /* configuration file problem */
268 NS_CONFIG_CACHEMGR = 5 /* error with door to ldap_cachemgr */
269 } ns_ldap_config_return_code;
270
271 /*
272 * Detailed error code for NS_LDAP_PARTIAL
273 */
274 typedef enum {
275 NS_PARTIAL_TIMEOUT = 0, /* partial results due to timeout */
276 NS_PARTIAL_OTHER = 1 /* error encountered */
277 } ns_ldap_partial_return_code;
278
279 /*
280 * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
281 */
282 typedef enum {
283 NS_HOSTCRED_FALSE = 0,
284 NS_HOSTCRED_TRUE = 1
285 } hostcred_t;
286
287 /*
288 * Detailed password status
289 */
290 typedef enum {
291 NS_PASSWD_GOOD = 0, /* password is good */
292 NS_PASSWD_ABOUT_TO_EXPIRE = 1, /* password is good but */
293 /* about to expire */
294 NS_PASSWD_CHANGE_NEEDED = 2, /* good but need to be */
295 /* changed immediately */
296 NS_PASSWD_EXPIRED = 3, /* password expired */
297 NS_PASSWD_RETRY_EXCEEDED = 4, /* exceed retry limit; */
298 /* account is locked */
299 NS_PASSWD_CHANGE_NOT_ALLOWED = 5, /* can only be changed */
300 /* by the administrator */
301 NS_PASSWD_INVALID_SYNTAX = 6, /* can not be changed: */
302 /* new password has */
303 /* invalid syntax -- */
304 /* trivial password: same */
305 /* value as attr, cn, sn, */
306 /* uid, etc. */
307 /* or strong password */
308 /* policies check */
309 NS_PASSWD_TOO_SHORT = 7, /* can not be changed: */
310 /* new password has */
311 /* less chars than */
312 /* required */
313 NS_PASSWD_IN_HISTORY = 8, /* can not be changed: */
314 /* reuse old password */
315 NS_PASSWD_WITHIN_MIN_AGE = 9 /* can not be changed: */
316 /* within minimum age */
317 } ns_ldap_passwd_status_t;
318
319 /*
320 * Password management information structure
321 *
322 * This structure is different from AcctUsableResponse_t structure in
323 * that this structure holds result of users account mgmt information when
324 * an ldap bind is done with user name and user password.
325 */
326 typedef struct ns_ldap_passwd_mgmt {
327 ns_ldap_passwd_status_t
328 status; /* password status */
329 int sec_until_expired; /* seconds until expired, */
330 /* valid if status is */
331 /* NS_PASSWD_ABOUT_TO_EXPIRE */
332 } ns_ldap_passwd_mgmt_t;
333
334 /*
335 * LDAP V3 control flag for account management - Used for account management
336 * when no password is provided
337 */
338 #define NS_LDAP_ACCOUNT_USABLE_CONTROL "1.3.6.1.4.1.42.2.27.9.5.8"
339
340 /*
341 * Structure for holding the response returned by server for
342 * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
343 */
344 typedef struct AcctUsableMoreInfo {
345 int inactive;
346 int reset;
347 int expired;
348 int rem_grace;
349 int sec_b4_unlock;
350 } AcctUsableMoreInfo_t;
351
352 /*
353 * Structure used to hold the response from the server for
354 * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
355 *
356 * ACCOUNT_USABLE_RESPONSE::= CHOICE {
357 * is_available [0] INTEGER, seconds before expiration
358 * is_not_available [1] More_info
359 * }
360 *
361 * More_info::= SEQUENCE {
362 * inactive [0] BOOLEAN DEFAULT FALSE,
363 * reset [1] BOOLEAN DEFAULT FALSE,
364 * expired [2] BOOLEAN DEFAULT FALSE,
365 * remaining_grace [3] INTEGER OPTIONAL,
366 * seconds_before_unlock[4] INTEGER OPTIONAL
367 * }
368 *
369 * This structure is different from ns_ldap_passwd_mgmt_t structure in
370 * that this structure holds result of users account mgmt information when
371 * pam_ldap doesn't have the users password and proxy agent is used for
372 * obtaining the account management information.
373 */
374 typedef struct AcctUsableResponse {
375 int choice;
376 union {
377 int seconds_before_expiry;
378 AcctUsableMoreInfo_t more_info;
379 } AcctUsableResp;
380 } AcctUsableResponse_t;
381
382 /*
383 * Simplified LDAP Naming API result structure
384 */
385 typedef struct ns_ldap_error {
386 int status; /* LDAP error code */
387 char *message; /* LDAP error message */
388 ns_ldap_passwd_mgmt_t pwd_mgmt; /* LDAP password */
389 /* management info */
390 } ns_ldap_error_t;
391
392 typedef struct ns_ldap_attr {
393 char *attrname; /* attribute name */
394 uint_t value_count;
395 char **attrvalue; /* attribute values */
396 } ns_ldap_attr_t;
397
398 typedef struct ns_ldap_entry {
399 uint_t attr_count; /* number of attributes */
400 ns_ldap_attr_t **attr_pair; /* attributes pairs */
401 struct ns_ldap_entry *next; /* next entry */
402 } ns_ldap_entry_t;
403
404 typedef struct ns_ldap_result {
405 uint_t entries_count; /* number of entries */
406 ns_ldap_entry_t *entry; /* data */
407 } ns_ldap_result_t;
408
409 /*
410 * structures for the conversion routines used by typedAddEntry()
411 */
412
413 typedef struct _ns_netgroups {
414 char *name;
415 char **triplet;
416 char **netgroup;
417 } _ns_netgroups_t;
418
419 typedef struct _ns_netmasks {
420 char *netnumber;
421 char *netmask;
422 } _ns_netmasks_t;
423
424 typedef struct _ns_bootp {
425 char *name;
426 char **param;
427 } _ns_bootp_t;
428
429 typedef struct _ns_ethers {
430 char *name;
431 char *ether;
432 } _ns_ethers_t;
433
434 typedef struct _ns_pubkey {
435 char *name;
436 hostcred_t hostcred;
437 char *pubkey;
438 char *privkey;
439 } _ns_pubkey_t;
440
441 typedef struct _ns_alias {
442 char *alias;
443 char **member;
444 } _ns_alias_t;
445
446 typedef struct _ns_automount {
447 char *mapname;
448 char *key;
449 char *value;
450 } _ns_automount_t;
451
452 /*
453 * return values for the callback function in __ns_ldap_list()
454 */
455 #define NS_LDAP_CB_NEXT 0 /* get the next entry */
456 #define NS_LDAP_CB_DONE 1 /* done */
457
458 /*
459 * Input values for the type specified in __ns_ldap_addTypedEntry()
460 * and __ns_ldap_delTypedEntry()
461 */
462
463 #define NS_LDAP_TYPE_PASSWD "passwd"
464 #define NS_LDAP_TYPE_GROUP "group"
465 #define NS_LDAP_TYPE_HOSTS "hosts"
466 #define NS_LDAP_TYPE_IPNODES "ipnodes"
467 #define NS_LDAP_TYPE_PROFILE "prof_attr"
468 #define NS_LDAP_TYPE_RPC "rpc"
469 #define NS_LDAP_TYPE_PROTOCOLS "protocols"
470 #define NS_LDAP_TYPE_NETWORKS "networks"
471 #define NS_LDAP_TYPE_NETGROUP "netgroup"
472 #define NS_LDAP_TYPE_ALIASES "aliases"
473 #define NS_LDAP_TYPE_SERVICES "services"
474 #define NS_LDAP_TYPE_ETHERS "ethers"
475 #define NS_LDAP_TYPE_SHADOW "shadow"
476 #define NS_LDAP_TYPE_NETMASKS "netmasks"
477 #define NS_LDAP_TYPE_AUTHATTR "auth_attr"
478 #define NS_LDAP_TYPE_EXECATTR "exec_attr"
479 #define NS_LDAP_TYPE_USERATTR "user_attr"
480 #define NS_LDAP_TYPE_PROJECT "project"
481 #define NS_LDAP_TYPE_PUBLICKEY "publickey"
482 #define NS_LDAP_TYPE_AUUSER "audit_user"
483 #define NS_LDAP_TYPE_BOOTPARAMS "bootparams"
484 #define NS_LDAP_TYPE_AUTOMOUNT "auto_"
485 #define NS_LDAP_TYPE_TNRHDB "tnrhdb"
486 #define NS_LDAP_TYPE_TNRHTP "tnrhtp"
487
488 /*
489 * service descriptor/attribute mapping structure
490 */
491
492 typedef struct ns_ldap_search_desc {
493 char *basedn; /* search base dn */
494 ScopeType_t scope; /* search scope */
495 char *filter; /* search filter */
496 } ns_ldap_search_desc_t;
497
498 typedef struct ns_ldap_attribute_map {
499 char *origAttr; /* original attribute */
500 char **mappedAttr; /* mapped attribute(s) */
501 } ns_ldap_attribute_map_t;
502
503 typedef struct ns_ldap_objectclass_map {
504 char *origOC; /* original objectclass */
505 char *mappedOC; /* mapped objectclass */
506 } ns_ldap_objectclass_map_t;
507
508 /*
509 * Value of the userPassword attribute representing NO Unix password
510 */
511 #define NS_LDAP_NO_UNIX_PASSWORD "<NO UNIX PASSWORD>"
512
513 /* Opaque handle for batch API */
514 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
515
516 /*
517 * The type of standalone configuration specified by a client application.
518 * The meaning of the requests is as follows:
519 *
520 * NS_CACHEMGR: libsldap will request all the configuration via door_call(3C)
521 * to ldap_cachemgr.
522 * NS_LDAP_SERVER: the consumer application has specified a directory server
523 * to communicate to.
524 * NS_PREDEFINED: reserved for internal use
525 */
526 typedef enum {
527 NS_CACHEMGR = 0,
528 NS_LDAP_SERVER
529 } ns_standalone_request_type_t;
530
531 /*
532 * This structure describes an LDAP server specified by a client application.
533 */
534 typedef struct ns_dir_server {
535 char *server; /* A directory server's IP */
536 uint16_t port; /* A directory server's port. */
537 /* Default value is 389 */
538 char *domainName; /* A domain name being served */
539 /* by the specified server. */
540 /* Default value is the local */
541 /* domain's name */
542 char *profileName; /* A DUAProfile's name. */
543 /* Default value is 'default' */
544 ns_auth_t *auth; /* Authentication information used */
545 /* during subsequent connections */
546 char *cred; /* A credential level to be used */
547 /* along with the authentication info */
548 char *host_cert_path; /* A path to the certificate database */
549 /* Default is '/vat/ldap' */
550 char *bind_dn; /* A bind DN to be used during */
551 /* subsequent LDAP Bind requests */
552 char *bind_passwd; /* A bind password to be used during */
553 /* subsequent LDAP Bind requests */
554 } ns_dir_server_t;
555
556 /*
557 * This structure contains information describing an LDAP server.
558 */
559 typedef struct ns_standalone_conf {
560 union {
561 ns_dir_server_t server;
562 void *predefined_conf; /* Reserved for internal use */
563 } ds_profile; /* A type of the configuration */
564
565 #define SA_SERVER ds_profile.server.server
566 #define SA_PORT ds_profile.server.port
567 #define SA_DOMAIN ds_profile.server.domainName
568 #define SA_PROFILE_NAME ds_profile.server.profileName
569 #define SA_AUTH ds_profile.server.auth
570 #define SA_CRED ds_profile.server.cred
571 #define SA_CERT_PATH ds_profile.server.host_cert_path
572 #define SA_BIND_DN ds_profile.server.bind_dn
573 #define SA_BIND_PWD ds_profile.server.bind_passwd
574
575 ns_standalone_request_type_t type;
576 } ns_standalone_conf_t;
577
578 /*
579 * This function "informs" libsldap that a client application has specified
580 * a directory to use. The function obtains a DUAProfile, credentials,
581 * and naming context. During all further operations on behalf
582 * of the application requested a standalone schema libsldap will use
583 * the information obtained by __ns_ldap_initStandalone() instead of
584 * door_call(3C)ing ldap_cachemgr(1M).
585 *
586 * conf
587 * A structure describing where and in which way to obtain all the
588 * configuration describing how to communicate to a choosen LDAP directory.
589 *
590 * errorp
591 * An error object describing an error occured.
592 */
593 ns_ldap_return_code __ns_ldap_initStandalone(
594 const ns_standalone_conf_t *conf,
595 ns_ldap_error_t **errorp);
596
597 /*
598 * This function obtains the directory's base DN and a DUAProfile
599 * from a specified server.
600 *
601 * server
602 * Specifies the selected directory sever.
603 *
604 * cred
605 * Contains an authentication information and credential required to
606 * establish a connection.
607 *
608 * config
609 * If not NULL, a new configuration basing on a DUAProfile specified in the
610 * server parameter will be create and returned.
611 *
612 * baseDN
613 * If not NULL, the directory's base DN will be returned.
614 *
615 * error
616 * Describes an error, if any.
617 */
618 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
619 const ns_dir_server_t *server,
620 const ns_cred_t *cred,
621 char **config, char **baseDN,
622 ns_ldap_error_t **error);
623
624 #define SA_PROHIBIT_FALLBACK 0
625 #define SA_ALLOW_FALLBACK 1
626
627 #define DONT_SAVE_NSCONF 0
628 #define SAVE_NSCONF 1
629
630 /*
631 * This function obtains the root DSE from a specified server.
632 *
633 * server_addr
634 * An adress of a server to be connected to.
635 *
636 * rootDSE
637 * A buffer containing the root DSE in the ldap_cachmgr door call format.
638 *
639 * errorp
640 * Describes an error, if any.
641 *
642 * anon_fallback
643 * If set to 1 and establishing a connection fails, __s_api_getRootDSE()
644 * will try once again using anonymous credentials.
645 */
646 ns_ldap_return_code __ns_ldap_getRootDSE(
647 const char *server_addr,
648 char **rootDSE,
649 ns_ldap_error_t **errorp,
650 int anon_fallback);
651
652 /*
653 * This function iterates through the list of the configured LDAP servers
654 * and "pings" those which are marked as removed or if any error occurred
655 * during the previous receiving of the server's root DSE. If the
656 * function is able to reach such a server and get its root DSE, it
657 * marks the server as on-line. Otherwise, the server's status is set
658 * to "Error".
659 * For each server the function tries to connect to, it fires up
660 * a separate thread and then waits until all the threads finish.
661 * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
662 * initialized or was canceled prior to an invocation of
663 * __ns_ldap_pingOfflineServers().
664 */
665 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
666
667 /*
668 * This function cancels the Standalone mode and destroys the list of root DSEs.
669 */
670 void __ns_ldap_cancelStandalone(void);
671 /*
672 * This function initializes an ns_auth_t structure provided by a caller
673 * according to a specified authentication mechanism.
674 */
675 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
676 ns_auth_t *auth,
677 ns_ldap_error_t **errorp);
678
679 /*
680 * Simplified LDAP Naming APIs
681 */
682 int __ns_ldap_list(
683 const char *service,
684 const char *filter,
685 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
686 char **realfilter, const void *userdata),
687 const char * const *attribute,
688 const ns_cred_t *cred,
689 const int flags,
690 ns_ldap_result_t ** result,
691 ns_ldap_error_t ** errorp,
692 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
693 const void *userdata);
694
695
696 int __ns_ldap_list_sort(
697 const char *service,
698 const char *filter,
699 const char *sortattr,
700 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
701 char **realfilter, const void *userdata),
702 const char * const *attribute,
703 const ns_cred_t *cred,
704 const int flags,
705 ns_ldap_result_t ** result,
706 ns_ldap_error_t ** errorp,
707 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
708 const void *userdata);
709
710 int __ns_ldap_list_batch_start(
711 ns_ldap_list_batch_t **batch);
712
713 int __ns_ldap_list_batch_add(
714 ns_ldap_list_batch_t *batch,
715 const char *service,
716 const char *filter,
717 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
718 char **realfilter, const void *userdata),
719 const char * const *attribute,
720 const ns_cred_t *cred,
721 const int flags,
722 ns_ldap_result_t ** result,
723 ns_ldap_error_t ** errorp,
724 int *rcp,
725 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
726 const void *userdata);
727
728 int __ns_ldap_list_batch_end(
729 ns_ldap_list_batch_t *batch);
730
731 void __ns_ldap_list_batch_release(
732 ns_ldap_list_batch_t *batch);
733
734 int __ns_ldap_addAttr(
735 const char *service,
736 const char *dn,
737 const ns_ldap_attr_t * const *attr,
738 const ns_cred_t *cred,
739 const int flags,
740 ns_ldap_error_t **errorp);
741
742 int __ns_ldap_delAttr(
743 const char *service,
744 const char *dn,
745 const ns_ldap_attr_t * const *attr,
746 const ns_cred_t *cred,
747 const int flags,
748 ns_ldap_error_t **errorp);
749
750 int __ns_ldap_repAttr(
751 const char *service,
752 const char *dn,
753 const ns_ldap_attr_t * const *attr,
754 const ns_cred_t *cred,
755 const int flags,
756 ns_ldap_error_t **errorp);
757
758 int __ns_ldap_addEntry(
759 const char *service,
760 const char *dn,
761 const ns_ldap_entry_t *entry,
762 const ns_cred_t *cred,
763 const int flags,
764 ns_ldap_error_t **errorp);
765
766 int __ns_ldap_addTypedEntry(
767 const char *servicetype,
768 const char *basedn,
769 const void *data,
770 const int create,
771 const ns_cred_t *cred,
772 const int flags,
773 ns_ldap_error_t **errorp);
774
775 int __ns_ldap_delEntry(
776 const char *service,
777 const char *dn,
778 const ns_cred_t *cred,
779 const int flags,
780 ns_ldap_error_t **errorp);
781
782 int __ns_ldap_firstEntry(
783 const char *service,
784 const char *filter,
785 const char *sortattr,
786 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
787 char **realfilter, const void *userdata),
788 const char * const *attribute,
789 const ns_cred_t *cred,
790 const int flags,
791 void **cookie,
792 ns_ldap_result_t ** result,
793 ns_ldap_error_t **errorp,
794 const void *userdata);
795
796 int __ns_ldap_nextEntry(
797 void *cookie,
798 ns_ldap_result_t ** result,
799 ns_ldap_error_t **errorp);
800
801 int __ns_ldap_endEntry(
802 void **cookie,
803 ns_ldap_error_t **errorp);
804
805 int __ns_ldap_freeResult(
806 ns_ldap_result_t **result);
807
808 int __ns_ldap_freeError(
809 ns_ldap_error_t **errorp);
810
811 int __ns_ldap_uid2dn(
812 const char *uid,
813 char **userDN,
814 const ns_cred_t *cred,
815 ns_ldap_error_t ** errorp);
816
817 int __ns_ldap_host2dn(
818 const char *host,
819 const char *domain,
820 char **hostDN,
821 const ns_cred_t *cred,
822 ns_ldap_error_t ** errorp);
823
824 int __ns_ldap_dn2domain(
825 const char *dn,
826 char **domain,
827 const ns_cred_t *cred,
828 ns_ldap_error_t ** errorp);
829
830 int __ns_ldap_auth(
831 const ns_cred_t *cred,
832 const int flag,
833 ns_ldap_error_t **errorp,
834 LDAPControl **serverctrls,
835 LDAPControl **clientctrls);
836
837 int __ns_ldap_freeCred(
838 ns_cred_t **credp);
839
840 int __ns_ldap_err2str(
841 int err,
842 char **strmsg);
843
844 int __ns_ldap_setParam(
845 const ParamIndexType type,
846 const void *data,
847 ns_ldap_error_t **errorp);
848
849 int __ns_ldap_getParam(
850 const ParamIndexType type,
851 void ***data,
852 ns_ldap_error_t **errorp);
853
854 int __ns_ldap_freeParam(
855 void ***data);
856
857 char **__ns_ldap_getAttr(
858 const ns_ldap_entry_t *entry,
859 const char *attrname);
860
861 ns_ldap_attr_t *__ns_ldap_getAttrStruct(
862 const ns_ldap_entry_t *entry,
863 const char *attrname);
864
865 int __ns_ldap_getServiceAuthMethods(
866 const char *service,
867 ns_auth_t ***auth,
868 ns_ldap_error_t **errorp);
869
870 int __ns_ldap_getSearchDescriptors(
871 const char *service,
872 ns_ldap_search_desc_t ***desc,
873 ns_ldap_error_t **errorp);
874
875 int __ns_ldap_freeSearchDescriptors(
876 ns_ldap_search_desc_t ***desc);
877
878 int __ns_ldap_getAttributeMaps(
879 const char *service,
880 ns_ldap_attribute_map_t ***maps,
881 ns_ldap_error_t **errorp);
882
883 int __ns_ldap_freeAttributeMaps(
884 ns_ldap_attribute_map_t ***maps);
885
886 char **__ns_ldap_getMappedAttributes(
887 const char *service,
888 const char *origAttribute);
889
890 char **__ns_ldap_getOrigAttribute(
891 const char *service,
892 const char *mappedAttribute);
893
894 int __ns_ldap_getObjectClassMaps(
895 const char *service,
896 ns_ldap_objectclass_map_t ***maps,
897 ns_ldap_error_t **errorp);
898
899 int __ns_ldap_freeObjectClassMaps(
900 ns_ldap_objectclass_map_t ***maps);
901
902 char **__ns_ldap_getMappedObjectClass(
903 const char *service,
904 const char *origObjectClass);
905
906 char **__ns_ldap_getOrigObjectClass(
907 const char *service,
908 const char *mappedObjectClass);
909
910 int __ns_ldap_getParamType(
911 const char *value,
912 ParamIndexType *type);
913
914 int __ns_ldap_getAcctMgmt(
915 const char *user,
916 AcctUsableResponse_t *acctResp);
917
918 boolean_t __ns_ldap_is_shadow_update_enabled(void);
919
920 void
921 __ns_ldap_self_gssapi_only_set(
922 int flag);
923 int
924 __ns_ldap_self_gssapi_config(
925 ns_ldap_self_gssapi_config_t *config);
926 #ifdef __cplusplus
927 }
928 #endif
929
930 #endif /* _NS_SLDAP_H */