1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
24 */
25
26
27 #ifndef _NS_SLDAP_H
28 #define _NS_SLDAP_H
29
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33
34 #include <stdio.h>
35 #include <sys/types.h>
36 #include <lber.h>
37 #include <ldap.h>
38
39 /*
40 * Version
41 */
42 #define NS_LDAP_VERSION NS_LDAP_VERSION_2
43 #define NS_LDAP_VERSION_1 "1.0"
44 #define NS_LDAP_VERSION_2 "2.0"
45
46 /*
47 * Flags
48 */
49 #define NS_LDAP_HARD 0x001
50 #define NS_LDAP_ALL_RES 0x002
51
52 /* Search Referral Option */
53 typedef enum SearchRef {
54 NS_LDAP_FOLLOWREF = 0x004,
55 NS_LDAP_NOREF = 0x008
56 } SearchRef_t;
57
58 typedef enum ScopeType {
59 NS_LDAP_SCOPE_BASE = 0x010,
60 NS_LDAP_SCOPE_ONELEVEL = 0x020,
61 NS_LDAP_SCOPE_SUBTREE = 0x040
62 } ScopeType_t;
63
64 /*
65 * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
66 * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
67 * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
68 * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
69 */
70
71 #define NS_LDAP_KEEP_CONN 0x080
72 #define NS_LDAP_NEW_CONN 0x400
73 #define NS_LDAP_NOMAP 0x800
74
75 #define NS_LDAP_PAGE_CTRL 0x1000
76 #define NS_LDAP_NO_PAGE_CTRL 0x0000
77
78 /*
79 * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
80 * to retrieve the DN in LDAP and DN is not to be converted when
81 * being passed back to the application. See __ns_ldap_uid2dn()
82 * and __ns_ldap_host2dn() for such usage.
83 */
84 #define NS_LDAP_NOT_CVT_DN 0x2000
85
86 /*
87 * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
88 * __ns_ldap_repAttr() to update the shadow database on the
89 * LDAP server.
90 */
91 #define NS_LDAP_UPDATE_SHADOW 0x4000
92
93 /*
94 * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
95 * and __ns_ldap_firstEntry() to read the shadow database on the
96 * LDAP server.
97 */
98 #define NS_LDAP_READ_SHADOW 0x8000
99
100 /*
101 * Authentication Information
102 */
103 typedef enum CredLevel {
104 NS_LDAP_CRED_ANON = 0,
105 NS_LDAP_CRED_PROXY = 1,
106 NS_LDAP_CRED_SELF = 2
107 } CredLevel_t;
108
109 typedef enum AuthType {
110 NS_LDAP_AUTH_NONE = 0,
111 NS_LDAP_AUTH_SIMPLE = 1,
112 NS_LDAP_AUTH_SASL = 2,
113 NS_LDAP_AUTH_TLS = 3, /* implied SASL usage */
114 NS_LDAP_AUTH_ATLS = 4 /* implied SASL usage */
115 } AuthType_t;
116
117 typedef enum TlsType {
118 NS_LDAP_TLS_NONE = 0,
119 NS_LDAP_TLS_SIMPLE = 1,
120 NS_LDAP_TLS_SASL = 2
121 } TlsType_t;
122
123 typedef enum SaslMech {
124 NS_LDAP_SASL_NONE = 0, /* No SASL mechanism */
125 NS_LDAP_SASL_CRAM_MD5 = 1,
126 NS_LDAP_SASL_DIGEST_MD5 = 2,
127 NS_LDAP_SASL_EXTERNAL = 3, /* currently not supported */
128 NS_LDAP_SASL_GSSAPI = 4,
129 NS_LDAP_SASL_SPNEGO = 5 /* currently not supported */
130 } SaslMech_t;
131
132 typedef enum SaslOpt {
133 NS_LDAP_SASLOPT_NONE = 0,
134 NS_LDAP_SASLOPT_INT = 1,
135 NS_LDAP_SASLOPT_PRIV = 2
136 } SaslOpt_t;
137
138 typedef enum PrefOnly {
139 NS_LDAP_PREF_FALSE = 0,
140 NS_LDAP_PREF_TRUE = 1
141 } PrefOnly_t;
142
143 typedef enum enableShadowUpdate {
144 NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE = 0,
145 NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE = 1
146 } enableShadowUpdate_t;
147
148 typedef struct UnixCred {
149 char *userID; /* Unix ID number */
150 char *passwd; /* password */
151 } UnixCred_t;
152
153 typedef struct CertCred {
154 char *path; /* certificate path */
155 char *passwd; /* password */
156 char *nickname; /* nickname */
157 } CertCred_t;
158
159 typedef struct ns_auth {
160 AuthType_t type;
161 TlsType_t tlstype;
162 SaslMech_t saslmech;
163 SaslOpt_t saslopt;
164 } ns_auth_t;
165
166 typedef struct ns_cred {
167 ns_auth_t auth;
168 char *hostcertpath;
169 union {
170 UnixCred_t unix_cred;
171 CertCred_t cert_cred;
172 } cred;
173 } ns_cred_t;
174
175
176 typedef struct LineBuf {
177 char *str;
178 int len;
179 int alloc;
180 } LineBuf;
181
182 /*
183 * Configuration Information
184 */
185
186 typedef enum {
187 NS_LDAP_FILE_VERSION_P = 0,
188 NS_LDAP_BINDDN_P = 1,
189 NS_LDAP_BINDPASSWD_P = 2,
190 NS_LDAP_SERVERS_P = 3,
191 NS_LDAP_SEARCH_BASEDN_P = 4,
192 NS_LDAP_AUTH_P = 5,
193 /*
194 * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
195 * with version 1 clients and their configuration files. The only
196 * supported value is NS_LDAP_SEC_NONE. No application should be
197 * using this parameter type (either through getParam or setParam.
198 */
199 NS_LDAP_TRANSPORT_SEC_P = 6,
200 NS_LDAP_SEARCH_REF_P = 7,
201 NS_LDAP_DOMAIN_P = 8,
202 NS_LDAP_EXP_P = 9,
203 NS_LDAP_CERT_PATH_P = 10,
204 NS_LDAP_CERT_PASS_P = 11,
205 NS_LDAP_SEARCH_DN_P = 12,
206 NS_LDAP_SEARCH_SCOPE_P = 13,
207 NS_LDAP_SEARCH_TIME_P = 14,
208 NS_LDAP_SERVER_PREF_P = 15,
209 NS_LDAP_PREF_ONLY_P = 16,
210 NS_LDAP_CACHETTL_P = 17,
211 NS_LDAP_PROFILE_P = 18,
212 NS_LDAP_CREDENTIAL_LEVEL_P = 19,
213 NS_LDAP_SERVICE_SEARCH_DESC_P = 20,
214 NS_LDAP_BIND_TIME_P = 21,
215 NS_LDAP_ATTRIBUTEMAP_P = 22,
216 NS_LDAP_OBJECTCLASSMAP_P = 23,
217 NS_LDAP_CERT_NICKNAME_P = 24,
218 NS_LDAP_SERVICE_AUTH_METHOD_P = 25,
219 NS_LDAP_SERVICE_CRED_LEVEL_P = 26,
220 NS_LDAP_HOST_CERTPATH_P = 27,
221 NS_LDAP_ENABLE_SHADOW_UPDATE_P = 28,
222 NS_LDAP_ADMIN_BINDDN_P = 29,
223 NS_LDAP_ADMIN_BINDPASSWD_P = 30,
224 /*
225 * The following entry (max ParamIndexType) is an internal
226 * placeholder. It must be the last (and highest value)
227 * entry in this eNum. Please update accordingly.
228 */
229 NS_LDAP_MAX_PIT_P = 31
230
231 } ParamIndexType;
232
233 /*
234 * NONE - No self / SASL/GSSAPI configured
235 * ONLY - Only self / SASL/GSSAPI configured
236 * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
237 */
238 typedef enum {
239 NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
240 NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
241 NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
242 } ns_ldap_self_gssapi_config_t;
243
244 /*
245 * __ns_ldap_*() return codes
246 */
247 typedef enum {
248 NS_LDAP_SUCCESS = 0, /* success, no info in errorp */
249 NS_LDAP_OP_FAILED = 1, /* failed operation, no info in errorp */
250 NS_LDAP_NOTFOUND = 2, /* entry not found, no info in errorp */
251 NS_LDAP_MEMORY = 3, /* memory failure, no info in errorp */
252 NS_LDAP_CONFIG = 4, /* config problem, detail in errorp */
253 NS_LDAP_PARTIAL = 5, /* partial result, detail in errorp */
254 NS_LDAP_INTERNAL = 7, /* LDAP error, detail in errorp */
255 NS_LDAP_INVALID_PARAM = 8, /* LDAP error, no info in errorp */
256 NS_LDAP_SUCCESS_WITH_INFO
257 = 9 /* success, with info in errorp */
258 } ns_ldap_return_code;
259
260 /*
261 * Detailed error code for NS_LDAP_CONFIG
262 */
263 typedef enum {
264 NS_CONFIG_SYNTAX = 0, /* syntax error */
265 NS_CONFIG_NODEFAULT = 1, /* no default value */
266 NS_CONFIG_NOTLOADED = 2, /* configuration not loaded */
267 NS_CONFIG_NOTALLOW = 3, /* operation requested not allowed */
268 NS_CONFIG_FILE = 4, /* configuration file problem */
269 NS_CONFIG_CACHEMGR = 5 /* error with door to ldap_cachemgr */
270 } ns_ldap_config_return_code;
271
272 /*
273 * Detailed error code for NS_LDAP_PARTIAL
274 */
275 typedef enum {
276 NS_PARTIAL_TIMEOUT = 0, /* partial results due to timeout */
277 NS_PARTIAL_OTHER = 1 /* error encountered */
278 } ns_ldap_partial_return_code;
279
280 /*
281 * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
282 */
283 typedef enum {
284 NS_HOSTCRED_FALSE = 0,
285 NS_HOSTCRED_TRUE = 1
286 } hostcred_t;
287
288 /*
289 * Detailed password status
290 */
291 typedef enum {
292 NS_PASSWD_GOOD = 0, /* password is good */
293 NS_PASSWD_ABOUT_TO_EXPIRE = 1, /* password is good but */
294 /* about to expire */
295 NS_PASSWD_CHANGE_NEEDED = 2, /* good but need to be */
296 /* changed immediately */
297 NS_PASSWD_EXPIRED = 3, /* password expired */
298 NS_PASSWD_RETRY_EXCEEDED = 4, /* exceed retry limit; */
299 /* account is locked */
300 NS_PASSWD_CHANGE_NOT_ALLOWED = 5, /* can only be changed */
301 /* by the administrator */
302 NS_PASSWD_INVALID_SYNTAX = 6, /* can not be changed: */
303 /* new password has */
304 /* invalid syntax -- */
305 /* trivial password: same */
306 /* value as attr, cn, sn, */
307 /* uid, etc. */
308 /* or strong password */
309 /* policies check */
310 NS_PASSWD_TOO_SHORT = 7, /* can not be changed: */
311 /* new password has */
312 /* less chars than */
313 /* required */
314 NS_PASSWD_IN_HISTORY = 8, /* can not be changed: */
315 /* reuse old password */
316 NS_PASSWD_WITHIN_MIN_AGE = 9 /* can not be changed: */
317 /* within minimum age */
318 } ns_ldap_passwd_status_t;
319
320 /*
321 * Password management information structure
322 *
323 * This structure is different from AcctUsableResponse_t structure in
324 * that this structure holds result of users account mgmt information when
325 * an ldap bind is done with user name and user password.
326 */
327 typedef struct ns_ldap_passwd_mgmt {
328 ns_ldap_passwd_status_t
329 status; /* password status */
330 int sec_until_expired; /* seconds until expired, */
331 /* valid if status is */
332 /* NS_PASSWD_ABOUT_TO_EXPIRE */
333 } ns_ldap_passwd_mgmt_t;
334
335 /*
336 * LDAP V3 control flag for account management - Used for account management
337 * when no password is provided
338 */
339 #define NS_LDAP_ACCOUNT_USABLE_CONTROL "1.3.6.1.4.1.42.2.27.9.5.8"
340
341 /*
342 * Structure for holding the response returned by server for
343 * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
344 */
345 typedef struct AcctUsableMoreInfo {
346 int inactive;
347 int reset;
348 int expired;
349 int rem_grace;
350 int sec_b4_unlock;
351 } AcctUsableMoreInfo_t;
352
353 /*
354 * Structure used to hold the response from the server for
355 * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
356 *
357 * ACCOUNT_USABLE_RESPONSE::= CHOICE {
358 * is_available [0] INTEGER, seconds before expiration
359 * is_not_available [1] More_info
360 * }
361 *
362 * More_info::= SEQUENCE {
363 * inactive [0] BOOLEAN DEFAULT FALSE,
364 * reset [1] BOOLEAN DEFAULT FALSE,
365 * expired [2] BOOLEAN DEFAULT FALSE,
366 * remaining_grace [3] INTEGER OPTIONAL,
367 * seconds_before_unlock[4] INTEGER OPTIONAL
368 * }
369 *
370 * This structure is different from ns_ldap_passwd_mgmt_t structure in
371 * that this structure holds result of users account mgmt information when
372 * pam_ldap doesn't have the users password and proxy agent is used for
373 * obtaining the account management information.
374 */
375 typedef struct AcctUsableResponse {
376 int choice;
377 union {
378 int seconds_before_expiry;
379 AcctUsableMoreInfo_t more_info;
380 } AcctUsableResp;
381 } AcctUsableResponse_t;
382
383 /*
384 * Simplified LDAP Naming API result structure
385 */
386 typedef struct ns_ldap_error {
387 int status; /* LDAP error code */
388 char *message; /* LDAP error message */
389 ns_ldap_passwd_mgmt_t pwd_mgmt; /* LDAP password */
390 /* management info */
391 } ns_ldap_error_t;
392
393 typedef struct ns_ldap_attr {
394 char *attrname; /* attribute name */
395 uint_t value_count;
396 char **attrvalue; /* attribute values */
397 } ns_ldap_attr_t;
398
399 typedef struct ns_ldap_entry {
400 uint_t attr_count; /* number of attributes */
401 ns_ldap_attr_t **attr_pair; /* attributes pairs */
402 struct ns_ldap_entry *next; /* next entry */
403 } ns_ldap_entry_t;
404
405 typedef struct ns_ldap_result {
406 uint_t entries_count; /* number of entries */
407 ns_ldap_entry_t *entry; /* data */
408 } ns_ldap_result_t;
409
410 /*
411 * structures for the conversion routines used by typedAddEntry()
412 */
413
414 typedef struct _ns_netgroups {
415 char *name;
416 char **triplet;
417 char **netgroup;
418 } _ns_netgroups_t;
419
420 typedef struct _ns_netmasks {
421 char *netnumber;
422 char *netmask;
423 } _ns_netmasks_t;
424
425 typedef struct _ns_bootp {
426 char *name;
427 char **param;
428 } _ns_bootp_t;
429
430 typedef struct _ns_ethers {
431 char *name;
432 char *ether;
433 } _ns_ethers_t;
434
435 typedef struct _ns_pubkey {
436 char *name;
437 hostcred_t hostcred;
438 char *pubkey;
439 char *privkey;
440 } _ns_pubkey_t;
441
442 typedef struct _ns_alias {
443 char *alias;
444 char **member;
445 } _ns_alias_t;
446
447 typedef struct _ns_automount {
448 char *mapname;
449 char *key;
450 char *value;
451 } _ns_automount_t;
452
453 /*
454 * return values for the callback function in __ns_ldap_list()
455 */
456 #define NS_LDAP_CB_NEXT 0 /* get the next entry */
457 #define NS_LDAP_CB_DONE 1 /* done */
458
459 /*
460 * Input values for the type specified in __ns_ldap_addTypedEntry()
461 * and __ns_ldap_delTypedEntry()
462 */
463
464 #define NS_LDAP_TYPE_PASSWD "passwd"
465 #define NS_LDAP_TYPE_GROUP "group"
466 #define NS_LDAP_TYPE_HOSTS "hosts"
467 #define NS_LDAP_TYPE_IPNODES "ipnodes"
468 #define NS_LDAP_TYPE_PROFILE "prof_attr"
469 #define NS_LDAP_TYPE_RPC "rpc"
470 #define NS_LDAP_TYPE_PROTOCOLS "protocols"
471 #define NS_LDAP_TYPE_NETWORKS "networks"
472 #define NS_LDAP_TYPE_NETGROUP "netgroup"
473 #define NS_LDAP_TYPE_ALIASES "aliases"
474 #define NS_LDAP_TYPE_SERVICES "services"
475 #define NS_LDAP_TYPE_ETHERS "ethers"
476 #define NS_LDAP_TYPE_SHADOW "shadow"
477 #define NS_LDAP_TYPE_NETMASKS "netmasks"
478 #define NS_LDAP_TYPE_AUTHATTR "auth_attr"
479 #define NS_LDAP_TYPE_EXECATTR "exec_attr"
480 #define NS_LDAP_TYPE_USERATTR "user_attr"
481 #define NS_LDAP_TYPE_PROJECT "project"
482 #define NS_LDAP_TYPE_PUBLICKEY "publickey"
483 #define NS_LDAP_TYPE_AUUSER "audit_user"
484 #define NS_LDAP_TYPE_BOOTPARAMS "bootparams"
485 #define NS_LDAP_TYPE_AUTOMOUNT "auto_"
486 #define NS_LDAP_TYPE_TNRHDB "tnrhdb"
487 #define NS_LDAP_TYPE_TNRHTP "tnrhtp"
488
489 /*
490 * service descriptor/attribute mapping structure
491 */
492
493 typedef struct ns_ldap_search_desc {
494 char *basedn; /* search base dn */
495 ScopeType_t scope; /* search scope */
496 char *filter; /* search filter */
497 } ns_ldap_search_desc_t;
498
499 typedef struct ns_ldap_attribute_map {
500 char *origAttr; /* original attribute */
501 char **mappedAttr; /* mapped attribute(s) */
502 } ns_ldap_attribute_map_t;
503
504 typedef struct ns_ldap_objectclass_map {
505 char *origOC; /* original objectclass */
506 char *mappedOC; /* mapped objectclass */
507 } ns_ldap_objectclass_map_t;
508
509 /*
510 * Value of the userPassword attribute representing NO Unix password
511 */
512 #define NS_LDAP_NO_UNIX_PASSWORD "<NO UNIX PASSWORD>"
513
514 /* Opaque handle for batch API */
515 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
516
517 /*
518 * The type of standalone configuration specified by a client application.
519 * The meaning of the requests is as follows:
520 *
521 * NS_CACHEMGR: libsldap will request all the configuration via door_call(3C)
522 * to ldap_cachemgr.
523 * NS_LDAP_SERVER: the consumer application has specified a directory server
524 * to communicate to.
525 * NS_PREDEFINED: reserved for internal use
526 */
527 typedef enum {
528 NS_CACHEMGR = 0,
529 NS_LDAP_SERVER
530 } ns_standalone_request_type_t;
531
532 /*
533 * This structure describes an LDAP server specified by a client application.
534 */
535 typedef struct ns_dir_server {
536 char *server; /* A directory server's IP */
537 uint16_t port; /* A directory server's port. */
538 /* Default value is 389 */
539 char *domainName; /* A domain name being served */
540 /* by the specified server. */
541 /* Default value is the local */
542 /* domain's name */
543 char *profileName; /* A DUAProfile's name. */
544 /* Default value is 'default' */
545 ns_auth_t *auth; /* Authentication information used */
546 /* during subsequent connections */
547 char *cred; /* A credential level to be used */
548 /* along with the authentication info */
549 char *host_cert_path; /* A path to the certificate database */
550 /* Default is '/vat/ldap' */
551 char *bind_dn; /* A bind DN to be used during */
552 /* subsequent LDAP Bind requests */
553 char *bind_passwd; /* A bind password to be used during */
554 /* subsequent LDAP Bind requests */
555 } ns_dir_server_t;
556
557 /*
558 * This structure contains information describing an LDAP server.
559 */
560 typedef struct ns_standalone_conf {
561 union {
562 ns_dir_server_t server;
563 void *predefined_conf; /* Reserved for internal use */
564 } ds_profile; /* A type of the configuration */
565
566 #define SA_SERVER ds_profile.server.server
567 #define SA_PORT ds_profile.server.port
568 #define SA_DOMAIN ds_profile.server.domainName
569 #define SA_PROFILE_NAME ds_profile.server.profileName
570 #define SA_AUTH ds_profile.server.auth
571 #define SA_CRED ds_profile.server.cred
572 #define SA_CERT_PATH ds_profile.server.host_cert_path
573 #define SA_BIND_DN ds_profile.server.bind_dn
574 #define SA_BIND_PWD ds_profile.server.bind_passwd
575
576 ns_standalone_request_type_t type;
577 } ns_standalone_conf_t;
578
579 /*
580 * This function "informs" libsldap that a client application has specified
581 * a directory to use. The function obtains a DUAProfile, credentials,
582 * and naming context. During all further operations on behalf
583 * of the application requested a standalone schema libsldap will use
584 * the information obtained by __ns_ldap_initStandalone() instead of
585 * door_call(3C)ing ldap_cachemgr(1M).
586 *
587 * conf
588 * A structure describing where and in which way to obtain all the
589 * configuration describing how to communicate to a choosen LDAP directory.
590 *
591 * errorp
592 * An error object describing an error occured.
593 */
594 ns_ldap_return_code __ns_ldap_initStandalone(
595 const ns_standalone_conf_t *conf,
596 ns_ldap_error_t **errorp);
597
598 /*
599 * This function obtains the directory's base DN and a DUAProfile
600 * from a specified server.
601 *
602 * server
603 * Specifies the selected directory sever.
604 *
605 * cred
606 * Contains an authentication information and credential required to
607 * establish a connection.
608 *
609 * config
610 * If not NULL, a new configuration basing on a DUAProfile specified in the
611 * server parameter will be create and returned.
612 *
613 * baseDN
614 * If not NULL, the directory's base DN will be returned.
615 *
616 * error
617 * Describes an error, if any.
618 */
619 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
620 const ns_dir_server_t *server,
621 const ns_cred_t *cred,
622 char **config, char **baseDN,
623 ns_ldap_error_t **error);
624
625 #define SA_PROHIBIT_FALLBACK 0
626 #define SA_ALLOW_FALLBACK 1
627
628 #define DONT_SAVE_NSCONF 0
629 #define SAVE_NSCONF 1
630
631 /*
632 * This function obtains the root DSE from a specified server.
633 *
634 * server_addr
635 * An adress of a server to be connected to.
636 *
637 * rootDSE
638 * A buffer containing the root DSE in the ldap_cachmgr door call format.
639 *
640 * errorp
641 * Describes an error, if any.
642 *
643 * anon_fallback
644 * If set to 1 and establishing a connection fails, __s_api_getRootDSE()
645 * will try once again using anonymous credentials.
646 */
647 ns_ldap_return_code __ns_ldap_getRootDSE(
648 const char *server_addr,
649 char **rootDSE,
650 ns_ldap_error_t **errorp,
651 int anon_fallback);
652
653 /*
654 * This function iterates through the list of the configured LDAP servers
655 * and "pings" those which are marked as removed or if any error occurred
656 * during the previous receiving of the server's root DSE. If the
657 * function is able to reach such a server and get its root DSE, it
658 * marks the server as on-line. Otherwise, the server's status is set
659 * to "Error".
660 * For each server the function tries to connect to, it fires up
661 * a separate thread and then waits until all the threads finish.
662 * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
663 * initialized or was canceled prior to an invocation of
664 * __ns_ldap_pingOfflineServers().
665 */
666 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
667
668 /*
669 * This function cancels the Standalone mode and destroys the list of root DSEs.
670 */
671 void __ns_ldap_cancelStandalone(void);
672 /*
673 * This function initializes an ns_auth_t structure provided by a caller
674 * according to a specified authentication mechanism.
675 */
676 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
677 ns_auth_t *auth,
678 ns_ldap_error_t **errorp);
679
680 /*
681 * Simplified LDAP Naming APIs
682 */
683 int __ns_ldap_list(
684 const char *service,
685 const char *filter,
686 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
687 char **realfilter, const void *userdata),
688 const char * const *attribute,
689 const ns_cred_t *cred,
690 const int flags,
691 ns_ldap_result_t ** result,
692 ns_ldap_error_t ** errorp,
693 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
694 const void *userdata);
695
696
697 int __ns_ldap_list_sort(
698 const char *service,
699 const char *filter,
700 const char *sortattr,
701 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
702 char **realfilter, const void *userdata),
703 const char * const *attribute,
704 const ns_cred_t *cred,
705 const int flags,
706 ns_ldap_result_t ** result,
707 ns_ldap_error_t ** errorp,
708 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
709 const void *userdata);
710
711 int __ns_ldap_list_batch_start(
712 ns_ldap_list_batch_t **batch);
713
714 int __ns_ldap_list_batch_add(
715 ns_ldap_list_batch_t *batch,
716 const char *service,
717 const char *filter,
718 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
719 char **realfilter, const void *userdata),
720 const char * const *attribute,
721 const ns_cred_t *cred,
722 const int flags,
723 ns_ldap_result_t ** result,
724 ns_ldap_error_t ** errorp,
725 int *rcp,
726 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
727 const void *userdata);
728
729 int __ns_ldap_list_batch_end(
730 ns_ldap_list_batch_t *batch);
731
732 void __ns_ldap_list_batch_release(
733 ns_ldap_list_batch_t *batch);
734
735 int __ns_ldap_addAttr(
736 const char *service,
737 const char *dn,
738 const ns_ldap_attr_t * const *attr,
739 const ns_cred_t *cred,
740 const int flags,
741 ns_ldap_error_t **errorp);
742
743 int __ns_ldap_delAttr(
744 const char *service,
745 const char *dn,
746 const ns_ldap_attr_t * const *attr,
747 const ns_cred_t *cred,
748 const int flags,
749 ns_ldap_error_t **errorp);
750
751 int __ns_ldap_repAttr(
752 const char *service,
753 const char *dn,
754 const ns_ldap_attr_t * const *attr,
755 const ns_cred_t *cred,
756 const int flags,
757 ns_ldap_error_t **errorp);
758
759 int __ns_ldap_addEntry(
760 const char *service,
761 const char *dn,
762 const ns_ldap_entry_t *entry,
763 const ns_cred_t *cred,
764 const int flags,
765 ns_ldap_error_t **errorp);
766
767 int __ns_ldap_addTypedEntry(
768 const char *servicetype,
769 const char *basedn,
770 const void *data,
771 const int create,
772 const ns_cred_t *cred,
773 const int flags,
774 ns_ldap_error_t **errorp);
775
776 int __ns_ldap_delEntry(
777 const char *service,
778 const char *dn,
779 const ns_cred_t *cred,
780 const int flags,
781 ns_ldap_error_t **errorp);
782
783 int __ns_ldap_firstEntry(
784 const char *service,
785 const char *filter,
786 const char *sortattr,
787 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
788 char **realfilter, const void *userdata),
789 const char * const *attribute,
790 const ns_cred_t *cred,
791 const int flags,
792 void **cookie,
793 ns_ldap_result_t ** result,
794 ns_ldap_error_t **errorp,
795 const void *userdata);
796
797 int __ns_ldap_nextEntry(
798 void *cookie,
799 ns_ldap_result_t ** result,
800 ns_ldap_error_t **errorp);
801
802 int __ns_ldap_endEntry(
803 void **cookie,
804 ns_ldap_error_t **errorp);
805
806 int __ns_ldap_freeResult(
807 ns_ldap_result_t **result);
808
809 int __ns_ldap_freeError(
810 ns_ldap_error_t **errorp);
811
812 int __ns_ldap_uid2dn(
813 const char *uid,
814 char **userDN,
815 const ns_cred_t *cred,
816 ns_ldap_error_t ** errorp);
817
818 int __ns_ldap_dn2uid(
819 const char *dn,
820 char **userID,
821 const ns_cred_t *cred,
822 ns_ldap_error_t ** errorp);
823
824 int __ns_ldap_host2dn(
825 const char *host,
826 const char *domain,
827 char **hostDN,
828 const ns_cred_t *cred,
829 ns_ldap_error_t ** errorp);
830
831 int __ns_ldap_dn2domain(
832 const char *dn,
833 char **domain,
834 const ns_cred_t *cred,
835 ns_ldap_error_t ** errorp);
836
837 int __ns_ldap_auth(
838 const ns_cred_t *cred,
839 const int flag,
840 ns_ldap_error_t **errorp,
841 LDAPControl **serverctrls,
842 LDAPControl **clientctrls);
843
844 int __ns_ldap_freeCred(
845 ns_cred_t **credp);
846
847 int __ns_ldap_err2str(
848 int err,
849 char **strmsg);
850
851 int __ns_ldap_setParam(
852 const ParamIndexType type,
853 const void *data,
854 ns_ldap_error_t **errorp);
855
856 int __ns_ldap_getParam(
857 const ParamIndexType type,
858 void ***data,
859 ns_ldap_error_t **errorp);
860
861 int __ns_ldap_freeParam(
862 void ***data);
863
864 char **__ns_ldap_getAttr(
865 const ns_ldap_entry_t *entry,
866 const char *attrname);
867
868 ns_ldap_attr_t *__ns_ldap_getAttrStruct(
869 const ns_ldap_entry_t *entry,
870 const char *attrname);
871
872 int __ns_ldap_getServiceAuthMethods(
873 const char *service,
874 ns_auth_t ***auth,
875 ns_ldap_error_t **errorp);
876
877 int __ns_ldap_getSearchDescriptors(
878 const char *service,
879 ns_ldap_search_desc_t ***desc,
880 ns_ldap_error_t **errorp);
881
882 int __ns_ldap_freeSearchDescriptors(
883 ns_ldap_search_desc_t ***desc);
884
885 int __ns_ldap_getAttributeMaps(
886 const char *service,
887 ns_ldap_attribute_map_t ***maps,
888 ns_ldap_error_t **errorp);
889
890 int __ns_ldap_freeAttributeMaps(
891 ns_ldap_attribute_map_t ***maps);
892
893 char **__ns_ldap_getMappedAttributes(
894 const char *service,
895 const char *origAttribute);
896
897 char **__ns_ldap_getOrigAttribute(
898 const char *service,
899 const char *mappedAttribute);
900
901 int __ns_ldap_getObjectClassMaps(
902 const char *service,
903 ns_ldap_objectclass_map_t ***maps,
904 ns_ldap_error_t **errorp);
905
906 int __ns_ldap_freeObjectClassMaps(
907 ns_ldap_objectclass_map_t ***maps);
908
909 char **__ns_ldap_getMappedObjectClass(
910 const char *service,
911 const char *origObjectClass);
912
913 char **__ns_ldap_getOrigObjectClass(
914 const char *service,
915 const char *mappedObjectClass);
916
917 int __ns_ldap_getParamType(
918 const char *value,
919 ParamIndexType *type);
920
921 int __ns_ldap_getAcctMgmt(
922 const char *user,
923 AcctUsableResponse_t *acctResp);
924
925 boolean_t __ns_ldap_is_shadow_update_enabled(void);
926
927 void
928 __ns_ldap_self_gssapi_only_set(
929 int flag);
930 int
931 __ns_ldap_self_gssapi_config(
932 ns_ldap_self_gssapi_config_t *config);
933 #ifdef __cplusplus
934 }
935 #endif
936
937 #endif /* _NS_SLDAP_H */