Print this page
NEX-14547 Get UNIX group info. from AD/LDAP with partial RFC2307 schema
NEX-13132 smbd dumping core in nss_ldap.so.1`getbymember
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libsldap/common/ns_sldap.h
+++ new/usr/src/lib/libsldap/common/ns_sldap.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 + * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
23 24 */
24 25
25 26
26 27 #ifndef _NS_SLDAP_H
27 28 #define _NS_SLDAP_H
28 29
29 30 #ifdef __cplusplus
30 31 extern "C" {
31 32 #endif
32 33
33 34 #include <stdio.h>
34 35 #include <sys/types.h>
35 36 #include <lber.h>
36 37 #include <ldap.h>
37 38
38 39 /*
39 40 * Version
40 41 */
41 42 #define NS_LDAP_VERSION NS_LDAP_VERSION_2
42 43 #define NS_LDAP_VERSION_1 "1.0"
43 44 #define NS_LDAP_VERSION_2 "2.0"
44 45
45 46 /*
46 47 * Flags
47 48 */
48 49 #define NS_LDAP_HARD 0x001
49 50 #define NS_LDAP_ALL_RES 0x002
50 51
51 52 /* Search Referral Option */
52 53 typedef enum SearchRef {
53 54 NS_LDAP_FOLLOWREF = 0x004,
54 55 NS_LDAP_NOREF = 0x008
55 56 } SearchRef_t;
56 57
57 58 typedef enum ScopeType {
58 59 NS_LDAP_SCOPE_BASE = 0x010,
59 60 NS_LDAP_SCOPE_ONELEVEL = 0x020,
60 61 NS_LDAP_SCOPE_SUBTREE = 0x040
61 62 } ScopeType_t;
62 63
63 64 /*
64 65 * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
65 66 * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
66 67 * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
67 68 * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
68 69 */
69 70
70 71 #define NS_LDAP_KEEP_CONN 0x080
71 72 #define NS_LDAP_NEW_CONN 0x400
72 73 #define NS_LDAP_NOMAP 0x800
73 74
74 75 #define NS_LDAP_PAGE_CTRL 0x1000
75 76 #define NS_LDAP_NO_PAGE_CTRL 0x0000
76 77
77 78 /*
78 79 * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
79 80 * to retrieve the DN in LDAP and DN is not to be converted when
80 81 * being passed back to the application. See __ns_ldap_uid2dn()
81 82 * and __ns_ldap_host2dn() for such usage.
82 83 */
83 84 #define NS_LDAP_NOT_CVT_DN 0x2000
84 85
85 86 /*
86 87 * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
87 88 * __ns_ldap_repAttr() to update the shadow database on the
88 89 * LDAP server.
89 90 */
90 91 #define NS_LDAP_UPDATE_SHADOW 0x4000
91 92
92 93 /*
93 94 * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
94 95 * and __ns_ldap_firstEntry() to read the shadow database on the
95 96 * LDAP server.
96 97 */
97 98 #define NS_LDAP_READ_SHADOW 0x8000
98 99
99 100 /*
100 101 * Authentication Information
101 102 */
102 103 typedef enum CredLevel {
103 104 NS_LDAP_CRED_ANON = 0,
104 105 NS_LDAP_CRED_PROXY = 1,
105 106 NS_LDAP_CRED_SELF = 2
106 107 } CredLevel_t;
107 108
108 109 typedef enum AuthType {
109 110 NS_LDAP_AUTH_NONE = 0,
110 111 NS_LDAP_AUTH_SIMPLE = 1,
111 112 NS_LDAP_AUTH_SASL = 2,
112 113 NS_LDAP_AUTH_TLS = 3, /* implied SASL usage */
113 114 NS_LDAP_AUTH_ATLS = 4 /* implied SASL usage */
114 115 } AuthType_t;
115 116
116 117 typedef enum TlsType {
117 118 NS_LDAP_TLS_NONE = 0,
118 119 NS_LDAP_TLS_SIMPLE = 1,
119 120 NS_LDAP_TLS_SASL = 2
120 121 } TlsType_t;
121 122
122 123 typedef enum SaslMech {
123 124 NS_LDAP_SASL_NONE = 0, /* No SASL mechanism */
124 125 NS_LDAP_SASL_CRAM_MD5 = 1,
125 126 NS_LDAP_SASL_DIGEST_MD5 = 2,
126 127 NS_LDAP_SASL_EXTERNAL = 3, /* currently not supported */
127 128 NS_LDAP_SASL_GSSAPI = 4,
128 129 NS_LDAP_SASL_SPNEGO = 5 /* currently not supported */
129 130 } SaslMech_t;
130 131
131 132 typedef enum SaslOpt {
132 133 NS_LDAP_SASLOPT_NONE = 0,
133 134 NS_LDAP_SASLOPT_INT = 1,
134 135 NS_LDAP_SASLOPT_PRIV = 2
135 136 } SaslOpt_t;
136 137
137 138 typedef enum PrefOnly {
138 139 NS_LDAP_PREF_FALSE = 0,
139 140 NS_LDAP_PREF_TRUE = 1
140 141 } PrefOnly_t;
141 142
142 143 typedef enum enableShadowUpdate {
143 144 NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE = 0,
144 145 NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE = 1
145 146 } enableShadowUpdate_t;
146 147
147 148 typedef struct UnixCred {
148 149 char *userID; /* Unix ID number */
149 150 char *passwd; /* password */
150 151 } UnixCred_t;
151 152
152 153 typedef struct CertCred {
153 154 char *path; /* certificate path */
154 155 char *passwd; /* password */
155 156 char *nickname; /* nickname */
156 157 } CertCred_t;
157 158
158 159 typedef struct ns_auth {
159 160 AuthType_t type;
160 161 TlsType_t tlstype;
161 162 SaslMech_t saslmech;
162 163 SaslOpt_t saslopt;
163 164 } ns_auth_t;
164 165
165 166 typedef struct ns_cred {
166 167 ns_auth_t auth;
167 168 char *hostcertpath;
168 169 union {
169 170 UnixCred_t unix_cred;
170 171 CertCred_t cert_cred;
171 172 } cred;
172 173 } ns_cred_t;
173 174
174 175
175 176 typedef struct LineBuf {
176 177 char *str;
177 178 int len;
178 179 int alloc;
179 180 } LineBuf;
180 181
181 182 /*
182 183 * Configuration Information
183 184 */
184 185
185 186 typedef enum {
186 187 NS_LDAP_FILE_VERSION_P = 0,
187 188 NS_LDAP_BINDDN_P = 1,
188 189 NS_LDAP_BINDPASSWD_P = 2,
189 190 NS_LDAP_SERVERS_P = 3,
190 191 NS_LDAP_SEARCH_BASEDN_P = 4,
191 192 NS_LDAP_AUTH_P = 5,
192 193 /*
193 194 * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
194 195 * with version 1 clients and their configuration files. The only
195 196 * supported value is NS_LDAP_SEC_NONE. No application should be
196 197 * using this parameter type (either through getParam or setParam.
197 198 */
198 199 NS_LDAP_TRANSPORT_SEC_P = 6,
199 200 NS_LDAP_SEARCH_REF_P = 7,
200 201 NS_LDAP_DOMAIN_P = 8,
201 202 NS_LDAP_EXP_P = 9,
202 203 NS_LDAP_CERT_PATH_P = 10,
203 204 NS_LDAP_CERT_PASS_P = 11,
204 205 NS_LDAP_SEARCH_DN_P = 12,
205 206 NS_LDAP_SEARCH_SCOPE_P = 13,
206 207 NS_LDAP_SEARCH_TIME_P = 14,
207 208 NS_LDAP_SERVER_PREF_P = 15,
208 209 NS_LDAP_PREF_ONLY_P = 16,
209 210 NS_LDAP_CACHETTL_P = 17,
210 211 NS_LDAP_PROFILE_P = 18,
211 212 NS_LDAP_CREDENTIAL_LEVEL_P = 19,
212 213 NS_LDAP_SERVICE_SEARCH_DESC_P = 20,
213 214 NS_LDAP_BIND_TIME_P = 21,
214 215 NS_LDAP_ATTRIBUTEMAP_P = 22,
215 216 NS_LDAP_OBJECTCLASSMAP_P = 23,
216 217 NS_LDAP_CERT_NICKNAME_P = 24,
217 218 NS_LDAP_SERVICE_AUTH_METHOD_P = 25,
218 219 NS_LDAP_SERVICE_CRED_LEVEL_P = 26,
219 220 NS_LDAP_HOST_CERTPATH_P = 27,
220 221 NS_LDAP_ENABLE_SHADOW_UPDATE_P = 28,
221 222 NS_LDAP_ADMIN_BINDDN_P = 29,
222 223 NS_LDAP_ADMIN_BINDPASSWD_P = 30,
223 224 /*
224 225 * The following entry (max ParamIndexType) is an internal
225 226 * placeholder. It must be the last (and highest value)
226 227 * entry in this eNum. Please update accordingly.
227 228 */
228 229 NS_LDAP_MAX_PIT_P = 31
229 230
230 231 } ParamIndexType;
231 232
232 233 /*
233 234 * NONE - No self / SASL/GSSAPI configured
234 235 * ONLY - Only self / SASL/GSSAPI configured
235 236 * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
236 237 */
237 238 typedef enum {
238 239 NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
239 240 NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
240 241 NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
241 242 } ns_ldap_self_gssapi_config_t;
242 243
243 244 /*
244 245 * __ns_ldap_*() return codes
245 246 */
246 247 typedef enum {
247 248 NS_LDAP_SUCCESS = 0, /* success, no info in errorp */
248 249 NS_LDAP_OP_FAILED = 1, /* failed operation, no info in errorp */
249 250 NS_LDAP_NOTFOUND = 2, /* entry not found, no info in errorp */
250 251 NS_LDAP_MEMORY = 3, /* memory failure, no info in errorp */
251 252 NS_LDAP_CONFIG = 4, /* config problem, detail in errorp */
252 253 NS_LDAP_PARTIAL = 5, /* partial result, detail in errorp */
253 254 NS_LDAP_INTERNAL = 7, /* LDAP error, detail in errorp */
254 255 NS_LDAP_INVALID_PARAM = 8, /* LDAP error, no info in errorp */
255 256 NS_LDAP_SUCCESS_WITH_INFO
256 257 = 9 /* success, with info in errorp */
257 258 } ns_ldap_return_code;
258 259
259 260 /*
260 261 * Detailed error code for NS_LDAP_CONFIG
261 262 */
262 263 typedef enum {
263 264 NS_CONFIG_SYNTAX = 0, /* syntax error */
264 265 NS_CONFIG_NODEFAULT = 1, /* no default value */
265 266 NS_CONFIG_NOTLOADED = 2, /* configuration not loaded */
266 267 NS_CONFIG_NOTALLOW = 3, /* operation requested not allowed */
267 268 NS_CONFIG_FILE = 4, /* configuration file problem */
268 269 NS_CONFIG_CACHEMGR = 5 /* error with door to ldap_cachemgr */
269 270 } ns_ldap_config_return_code;
270 271
271 272 /*
272 273 * Detailed error code for NS_LDAP_PARTIAL
273 274 */
274 275 typedef enum {
275 276 NS_PARTIAL_TIMEOUT = 0, /* partial results due to timeout */
276 277 NS_PARTIAL_OTHER = 1 /* error encountered */
277 278 } ns_ldap_partial_return_code;
278 279
279 280 /*
280 281 * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
281 282 */
282 283 typedef enum {
283 284 NS_HOSTCRED_FALSE = 0,
284 285 NS_HOSTCRED_TRUE = 1
285 286 } hostcred_t;
286 287
287 288 /*
288 289 * Detailed password status
289 290 */
290 291 typedef enum {
291 292 NS_PASSWD_GOOD = 0, /* password is good */
292 293 NS_PASSWD_ABOUT_TO_EXPIRE = 1, /* password is good but */
293 294 /* about to expire */
294 295 NS_PASSWD_CHANGE_NEEDED = 2, /* good but need to be */
295 296 /* changed immediately */
296 297 NS_PASSWD_EXPIRED = 3, /* password expired */
297 298 NS_PASSWD_RETRY_EXCEEDED = 4, /* exceed retry limit; */
298 299 /* account is locked */
299 300 NS_PASSWD_CHANGE_NOT_ALLOWED = 5, /* can only be changed */
300 301 /* by the administrator */
301 302 NS_PASSWD_INVALID_SYNTAX = 6, /* can not be changed: */
302 303 /* new password has */
303 304 /* invalid syntax -- */
304 305 /* trivial password: same */
305 306 /* value as attr, cn, sn, */
306 307 /* uid, etc. */
307 308 /* or strong password */
308 309 /* policies check */
309 310 NS_PASSWD_TOO_SHORT = 7, /* can not be changed: */
310 311 /* new password has */
311 312 /* less chars than */
312 313 /* required */
313 314 NS_PASSWD_IN_HISTORY = 8, /* can not be changed: */
314 315 /* reuse old password */
315 316 NS_PASSWD_WITHIN_MIN_AGE = 9 /* can not be changed: */
316 317 /* within minimum age */
317 318 } ns_ldap_passwd_status_t;
318 319
319 320 /*
320 321 * Password management information structure
321 322 *
322 323 * This structure is different from AcctUsableResponse_t structure in
323 324 * that this structure holds result of users account mgmt information when
324 325 * an ldap bind is done with user name and user password.
325 326 */
326 327 typedef struct ns_ldap_passwd_mgmt {
327 328 ns_ldap_passwd_status_t
328 329 status; /* password status */
329 330 int sec_until_expired; /* seconds until expired, */
330 331 /* valid if status is */
331 332 /* NS_PASSWD_ABOUT_TO_EXPIRE */
332 333 } ns_ldap_passwd_mgmt_t;
333 334
334 335 /*
335 336 * LDAP V3 control flag for account management - Used for account management
336 337 * when no password is provided
337 338 */
338 339 #define NS_LDAP_ACCOUNT_USABLE_CONTROL "1.3.6.1.4.1.42.2.27.9.5.8"
339 340
340 341 /*
341 342 * Structure for holding the response returned by server for
342 343 * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
343 344 */
344 345 typedef struct AcctUsableMoreInfo {
345 346 int inactive;
346 347 int reset;
347 348 int expired;
348 349 int rem_grace;
349 350 int sec_b4_unlock;
350 351 } AcctUsableMoreInfo_t;
351 352
352 353 /*
353 354 * Structure used to hold the response from the server for
354 355 * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
355 356 *
356 357 * ACCOUNT_USABLE_RESPONSE::= CHOICE {
357 358 * is_available [0] INTEGER, seconds before expiration
358 359 * is_not_available [1] More_info
359 360 * }
360 361 *
361 362 * More_info::= SEQUENCE {
362 363 * inactive [0] BOOLEAN DEFAULT FALSE,
363 364 * reset [1] BOOLEAN DEFAULT FALSE,
364 365 * expired [2] BOOLEAN DEFAULT FALSE,
365 366 * remaining_grace [3] INTEGER OPTIONAL,
366 367 * seconds_before_unlock[4] INTEGER OPTIONAL
367 368 * }
368 369 *
369 370 * This structure is different from ns_ldap_passwd_mgmt_t structure in
370 371 * that this structure holds result of users account mgmt information when
371 372 * pam_ldap doesn't have the users password and proxy agent is used for
372 373 * obtaining the account management information.
373 374 */
374 375 typedef struct AcctUsableResponse {
375 376 int choice;
376 377 union {
377 378 int seconds_before_expiry;
378 379 AcctUsableMoreInfo_t more_info;
379 380 } AcctUsableResp;
380 381 } AcctUsableResponse_t;
381 382
382 383 /*
383 384 * Simplified LDAP Naming API result structure
384 385 */
385 386 typedef struct ns_ldap_error {
386 387 int status; /* LDAP error code */
387 388 char *message; /* LDAP error message */
388 389 ns_ldap_passwd_mgmt_t pwd_mgmt; /* LDAP password */
389 390 /* management info */
390 391 } ns_ldap_error_t;
391 392
392 393 typedef struct ns_ldap_attr {
393 394 char *attrname; /* attribute name */
394 395 uint_t value_count;
395 396 char **attrvalue; /* attribute values */
396 397 } ns_ldap_attr_t;
397 398
398 399 typedef struct ns_ldap_entry {
399 400 uint_t attr_count; /* number of attributes */
400 401 ns_ldap_attr_t **attr_pair; /* attributes pairs */
401 402 struct ns_ldap_entry *next; /* next entry */
402 403 } ns_ldap_entry_t;
403 404
404 405 typedef struct ns_ldap_result {
405 406 uint_t entries_count; /* number of entries */
406 407 ns_ldap_entry_t *entry; /* data */
407 408 } ns_ldap_result_t;
408 409
409 410 /*
410 411 * structures for the conversion routines used by typedAddEntry()
411 412 */
412 413
413 414 typedef struct _ns_netgroups {
414 415 char *name;
415 416 char **triplet;
416 417 char **netgroup;
417 418 } _ns_netgroups_t;
418 419
419 420 typedef struct _ns_netmasks {
420 421 char *netnumber;
421 422 char *netmask;
422 423 } _ns_netmasks_t;
423 424
424 425 typedef struct _ns_bootp {
425 426 char *name;
426 427 char **param;
427 428 } _ns_bootp_t;
428 429
429 430 typedef struct _ns_ethers {
430 431 char *name;
431 432 char *ether;
432 433 } _ns_ethers_t;
433 434
434 435 typedef struct _ns_pubkey {
435 436 char *name;
436 437 hostcred_t hostcred;
437 438 char *pubkey;
438 439 char *privkey;
439 440 } _ns_pubkey_t;
440 441
441 442 typedef struct _ns_alias {
442 443 char *alias;
443 444 char **member;
444 445 } _ns_alias_t;
445 446
446 447 typedef struct _ns_automount {
447 448 char *mapname;
448 449 char *key;
449 450 char *value;
450 451 } _ns_automount_t;
451 452
452 453 /*
453 454 * return values for the callback function in __ns_ldap_list()
454 455 */
455 456 #define NS_LDAP_CB_NEXT 0 /* get the next entry */
456 457 #define NS_LDAP_CB_DONE 1 /* done */
457 458
458 459 /*
459 460 * Input values for the type specified in __ns_ldap_addTypedEntry()
460 461 * and __ns_ldap_delTypedEntry()
461 462 */
462 463
463 464 #define NS_LDAP_TYPE_PASSWD "passwd"
464 465 #define NS_LDAP_TYPE_GROUP "group"
465 466 #define NS_LDAP_TYPE_HOSTS "hosts"
466 467 #define NS_LDAP_TYPE_IPNODES "ipnodes"
467 468 #define NS_LDAP_TYPE_PROFILE "prof_attr"
468 469 #define NS_LDAP_TYPE_RPC "rpc"
469 470 #define NS_LDAP_TYPE_PROTOCOLS "protocols"
470 471 #define NS_LDAP_TYPE_NETWORKS "networks"
471 472 #define NS_LDAP_TYPE_NETGROUP "netgroup"
472 473 #define NS_LDAP_TYPE_ALIASES "aliases"
473 474 #define NS_LDAP_TYPE_SERVICES "services"
474 475 #define NS_LDAP_TYPE_ETHERS "ethers"
475 476 #define NS_LDAP_TYPE_SHADOW "shadow"
476 477 #define NS_LDAP_TYPE_NETMASKS "netmasks"
477 478 #define NS_LDAP_TYPE_AUTHATTR "auth_attr"
478 479 #define NS_LDAP_TYPE_EXECATTR "exec_attr"
479 480 #define NS_LDAP_TYPE_USERATTR "user_attr"
480 481 #define NS_LDAP_TYPE_PROJECT "project"
481 482 #define NS_LDAP_TYPE_PUBLICKEY "publickey"
482 483 #define NS_LDAP_TYPE_AUUSER "audit_user"
483 484 #define NS_LDAP_TYPE_BOOTPARAMS "bootparams"
484 485 #define NS_LDAP_TYPE_AUTOMOUNT "auto_"
485 486 #define NS_LDAP_TYPE_TNRHDB "tnrhdb"
486 487 #define NS_LDAP_TYPE_TNRHTP "tnrhtp"
487 488
488 489 /*
489 490 * service descriptor/attribute mapping structure
490 491 */
491 492
492 493 typedef struct ns_ldap_search_desc {
493 494 char *basedn; /* search base dn */
494 495 ScopeType_t scope; /* search scope */
495 496 char *filter; /* search filter */
496 497 } ns_ldap_search_desc_t;
497 498
498 499 typedef struct ns_ldap_attribute_map {
499 500 char *origAttr; /* original attribute */
500 501 char **mappedAttr; /* mapped attribute(s) */
501 502 } ns_ldap_attribute_map_t;
502 503
503 504 typedef struct ns_ldap_objectclass_map {
504 505 char *origOC; /* original objectclass */
505 506 char *mappedOC; /* mapped objectclass */
506 507 } ns_ldap_objectclass_map_t;
507 508
508 509 /*
509 510 * Value of the userPassword attribute representing NO Unix password
510 511 */
511 512 #define NS_LDAP_NO_UNIX_PASSWORD "<NO UNIX PASSWORD>"
512 513
513 514 /* Opaque handle for batch API */
514 515 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
515 516
516 517 /*
517 518 * The type of standalone configuration specified by a client application.
518 519 * The meaning of the requests is as follows:
519 520 *
520 521 * NS_CACHEMGR: libsldap will request all the configuration via door_call(3C)
521 522 * to ldap_cachemgr.
522 523 * NS_LDAP_SERVER: the consumer application has specified a directory server
523 524 * to communicate to.
524 525 * NS_PREDEFINED: reserved for internal use
525 526 */
526 527 typedef enum {
527 528 NS_CACHEMGR = 0,
528 529 NS_LDAP_SERVER
529 530 } ns_standalone_request_type_t;
530 531
531 532 /*
532 533 * This structure describes an LDAP server specified by a client application.
533 534 */
534 535 typedef struct ns_dir_server {
535 536 char *server; /* A directory server's IP */
536 537 uint16_t port; /* A directory server's port. */
537 538 /* Default value is 389 */
538 539 char *domainName; /* A domain name being served */
539 540 /* by the specified server. */
540 541 /* Default value is the local */
541 542 /* domain's name */
542 543 char *profileName; /* A DUAProfile's name. */
543 544 /* Default value is 'default' */
544 545 ns_auth_t *auth; /* Authentication information used */
545 546 /* during subsequent connections */
546 547 char *cred; /* A credential level to be used */
547 548 /* along with the authentication info */
548 549 char *host_cert_path; /* A path to the certificate database */
549 550 /* Default is '/vat/ldap' */
550 551 char *bind_dn; /* A bind DN to be used during */
551 552 /* subsequent LDAP Bind requests */
552 553 char *bind_passwd; /* A bind password to be used during */
553 554 /* subsequent LDAP Bind requests */
554 555 } ns_dir_server_t;
555 556
556 557 /*
557 558 * This structure contains information describing an LDAP server.
558 559 */
559 560 typedef struct ns_standalone_conf {
560 561 union {
561 562 ns_dir_server_t server;
562 563 void *predefined_conf; /* Reserved for internal use */
563 564 } ds_profile; /* A type of the configuration */
564 565
565 566 #define SA_SERVER ds_profile.server.server
566 567 #define SA_PORT ds_profile.server.port
567 568 #define SA_DOMAIN ds_profile.server.domainName
568 569 #define SA_PROFILE_NAME ds_profile.server.profileName
569 570 #define SA_AUTH ds_profile.server.auth
570 571 #define SA_CRED ds_profile.server.cred
571 572 #define SA_CERT_PATH ds_profile.server.host_cert_path
572 573 #define SA_BIND_DN ds_profile.server.bind_dn
573 574 #define SA_BIND_PWD ds_profile.server.bind_passwd
574 575
575 576 ns_standalone_request_type_t type;
576 577 } ns_standalone_conf_t;
577 578
578 579 /*
579 580 * This function "informs" libsldap that a client application has specified
580 581 * a directory to use. The function obtains a DUAProfile, credentials,
581 582 * and naming context. During all further operations on behalf
582 583 * of the application requested a standalone schema libsldap will use
583 584 * the information obtained by __ns_ldap_initStandalone() instead of
584 585 * door_call(3C)ing ldap_cachemgr(1M).
585 586 *
586 587 * conf
587 588 * A structure describing where and in which way to obtain all the
588 589 * configuration describing how to communicate to a choosen LDAP directory.
589 590 *
590 591 * errorp
591 592 * An error object describing an error occured.
592 593 */
593 594 ns_ldap_return_code __ns_ldap_initStandalone(
594 595 const ns_standalone_conf_t *conf,
595 596 ns_ldap_error_t **errorp);
596 597
597 598 /*
598 599 * This function obtains the directory's base DN and a DUAProfile
599 600 * from a specified server.
600 601 *
601 602 * server
602 603 * Specifies the selected directory sever.
603 604 *
604 605 * cred
605 606 * Contains an authentication information and credential required to
606 607 * establish a connection.
607 608 *
608 609 * config
609 610 * If not NULL, a new configuration basing on a DUAProfile specified in the
610 611 * server parameter will be create and returned.
611 612 *
612 613 * baseDN
613 614 * If not NULL, the directory's base DN will be returned.
614 615 *
615 616 * error
616 617 * Describes an error, if any.
617 618 */
618 619 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
619 620 const ns_dir_server_t *server,
620 621 const ns_cred_t *cred,
621 622 char **config, char **baseDN,
622 623 ns_ldap_error_t **error);
623 624
624 625 #define SA_PROHIBIT_FALLBACK 0
625 626 #define SA_ALLOW_FALLBACK 1
626 627
627 628 #define DONT_SAVE_NSCONF 0
628 629 #define SAVE_NSCONF 1
629 630
630 631 /*
631 632 * This function obtains the root DSE from a specified server.
632 633 *
633 634 * server_addr
634 635 * An adress of a server to be connected to.
635 636 *
636 637 * rootDSE
637 638 * A buffer containing the root DSE in the ldap_cachmgr door call format.
638 639 *
639 640 * errorp
640 641 * Describes an error, if any.
641 642 *
642 643 * anon_fallback
643 644 * If set to 1 and establishing a connection fails, __s_api_getRootDSE()
644 645 * will try once again using anonymous credentials.
645 646 */
646 647 ns_ldap_return_code __ns_ldap_getRootDSE(
647 648 const char *server_addr,
648 649 char **rootDSE,
649 650 ns_ldap_error_t **errorp,
650 651 int anon_fallback);
651 652
652 653 /*
653 654 * This function iterates through the list of the configured LDAP servers
654 655 * and "pings" those which are marked as removed or if any error occurred
655 656 * during the previous receiving of the server's root DSE. If the
656 657 * function is able to reach such a server and get its root DSE, it
657 658 * marks the server as on-line. Otherwise, the server's status is set
658 659 * to "Error".
659 660 * For each server the function tries to connect to, it fires up
660 661 * a separate thread and then waits until all the threads finish.
661 662 * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
662 663 * initialized or was canceled prior to an invocation of
663 664 * __ns_ldap_pingOfflineServers().
664 665 */
665 666 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
666 667
667 668 /*
668 669 * This function cancels the Standalone mode and destroys the list of root DSEs.
669 670 */
670 671 void __ns_ldap_cancelStandalone(void);
671 672 /*
672 673 * This function initializes an ns_auth_t structure provided by a caller
673 674 * according to a specified authentication mechanism.
674 675 */
675 676 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
676 677 ns_auth_t *auth,
677 678 ns_ldap_error_t **errorp);
678 679
679 680 /*
680 681 * Simplified LDAP Naming APIs
681 682 */
682 683 int __ns_ldap_list(
683 684 const char *service,
684 685 const char *filter,
685 686 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
686 687 char **realfilter, const void *userdata),
687 688 const char * const *attribute,
688 689 const ns_cred_t *cred,
689 690 const int flags,
690 691 ns_ldap_result_t ** result,
691 692 ns_ldap_error_t ** errorp,
692 693 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
693 694 const void *userdata);
694 695
695 696
696 697 int __ns_ldap_list_sort(
697 698 const char *service,
698 699 const char *filter,
699 700 const char *sortattr,
700 701 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
701 702 char **realfilter, const void *userdata),
702 703 const char * const *attribute,
703 704 const ns_cred_t *cred,
704 705 const int flags,
705 706 ns_ldap_result_t ** result,
706 707 ns_ldap_error_t ** errorp,
707 708 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
708 709 const void *userdata);
709 710
710 711 int __ns_ldap_list_batch_start(
711 712 ns_ldap_list_batch_t **batch);
712 713
713 714 int __ns_ldap_list_batch_add(
714 715 ns_ldap_list_batch_t *batch,
715 716 const char *service,
716 717 const char *filter,
717 718 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
718 719 char **realfilter, const void *userdata),
719 720 const char * const *attribute,
720 721 const ns_cred_t *cred,
721 722 const int flags,
722 723 ns_ldap_result_t ** result,
723 724 ns_ldap_error_t ** errorp,
724 725 int *rcp,
725 726 int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
726 727 const void *userdata);
727 728
728 729 int __ns_ldap_list_batch_end(
729 730 ns_ldap_list_batch_t *batch);
730 731
731 732 void __ns_ldap_list_batch_release(
732 733 ns_ldap_list_batch_t *batch);
733 734
734 735 int __ns_ldap_addAttr(
735 736 const char *service,
736 737 const char *dn,
737 738 const ns_ldap_attr_t * const *attr,
738 739 const ns_cred_t *cred,
739 740 const int flags,
740 741 ns_ldap_error_t **errorp);
741 742
742 743 int __ns_ldap_delAttr(
743 744 const char *service,
744 745 const char *dn,
745 746 const ns_ldap_attr_t * const *attr,
746 747 const ns_cred_t *cred,
747 748 const int flags,
748 749 ns_ldap_error_t **errorp);
749 750
750 751 int __ns_ldap_repAttr(
751 752 const char *service,
752 753 const char *dn,
753 754 const ns_ldap_attr_t * const *attr,
754 755 const ns_cred_t *cred,
755 756 const int flags,
756 757 ns_ldap_error_t **errorp);
757 758
758 759 int __ns_ldap_addEntry(
759 760 const char *service,
760 761 const char *dn,
761 762 const ns_ldap_entry_t *entry,
762 763 const ns_cred_t *cred,
763 764 const int flags,
764 765 ns_ldap_error_t **errorp);
765 766
766 767 int __ns_ldap_addTypedEntry(
767 768 const char *servicetype,
768 769 const char *basedn,
769 770 const void *data,
770 771 const int create,
771 772 const ns_cred_t *cred,
772 773 const int flags,
773 774 ns_ldap_error_t **errorp);
774 775
775 776 int __ns_ldap_delEntry(
776 777 const char *service,
777 778 const char *dn,
778 779 const ns_cred_t *cred,
779 780 const int flags,
780 781 ns_ldap_error_t **errorp);
781 782
782 783 int __ns_ldap_firstEntry(
783 784 const char *service,
784 785 const char *filter,
785 786 const char *sortattr,
786 787 int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
787 788 char **realfilter, const void *userdata),
788 789 const char * const *attribute,
789 790 const ns_cred_t *cred,
790 791 const int flags,
791 792 void **cookie,
792 793 ns_ldap_result_t ** result,
793 794 ns_ldap_error_t **errorp,
794 795 const void *userdata);
795 796
796 797 int __ns_ldap_nextEntry(
797 798 void *cookie,
798 799 ns_ldap_result_t ** result,
799 800 ns_ldap_error_t **errorp);
800 801
801 802 int __ns_ldap_endEntry(
802 803 void **cookie,
803 804 ns_ldap_error_t **errorp);
804 805
805 806 int __ns_ldap_freeResult(
|
↓ open down ↓ |
773 lines elided |
↑ open up ↑ |
806 807 ns_ldap_result_t **result);
807 808
808 809 int __ns_ldap_freeError(
809 810 ns_ldap_error_t **errorp);
810 811
811 812 int __ns_ldap_uid2dn(
812 813 const char *uid,
813 814 char **userDN,
814 815 const ns_cred_t *cred,
815 816 ns_ldap_error_t ** errorp);
817 +
818 +int __ns_ldap_dn2uid(
819 + const char *dn,
820 + char **userID,
821 + const ns_cred_t *cred,
822 + ns_ldap_error_t ** errorp);
816 823
817 824 int __ns_ldap_host2dn(
818 825 const char *host,
819 826 const char *domain,
820 827 char **hostDN,
821 828 const ns_cred_t *cred,
822 829 ns_ldap_error_t ** errorp);
823 830
824 831 int __ns_ldap_dn2domain(
825 832 const char *dn,
826 833 char **domain,
827 834 const ns_cred_t *cred,
828 835 ns_ldap_error_t ** errorp);
829 836
830 837 int __ns_ldap_auth(
831 838 const ns_cred_t *cred,
832 839 const int flag,
833 840 ns_ldap_error_t **errorp,
834 841 LDAPControl **serverctrls,
835 842 LDAPControl **clientctrls);
836 843
837 844 int __ns_ldap_freeCred(
838 845 ns_cred_t **credp);
839 846
840 847 int __ns_ldap_err2str(
841 848 int err,
842 849 char **strmsg);
843 850
844 851 int __ns_ldap_setParam(
845 852 const ParamIndexType type,
846 853 const void *data,
847 854 ns_ldap_error_t **errorp);
848 855
849 856 int __ns_ldap_getParam(
850 857 const ParamIndexType type,
851 858 void ***data,
852 859 ns_ldap_error_t **errorp);
853 860
854 861 int __ns_ldap_freeParam(
855 862 void ***data);
856 863
857 864 char **__ns_ldap_getAttr(
858 865 const ns_ldap_entry_t *entry,
859 866 const char *attrname);
860 867
861 868 ns_ldap_attr_t *__ns_ldap_getAttrStruct(
862 869 const ns_ldap_entry_t *entry,
863 870 const char *attrname);
864 871
865 872 int __ns_ldap_getServiceAuthMethods(
866 873 const char *service,
867 874 ns_auth_t ***auth,
868 875 ns_ldap_error_t **errorp);
869 876
870 877 int __ns_ldap_getSearchDescriptors(
871 878 const char *service,
872 879 ns_ldap_search_desc_t ***desc,
873 880 ns_ldap_error_t **errorp);
874 881
875 882 int __ns_ldap_freeSearchDescriptors(
876 883 ns_ldap_search_desc_t ***desc);
877 884
878 885 int __ns_ldap_getAttributeMaps(
879 886 const char *service,
880 887 ns_ldap_attribute_map_t ***maps,
881 888 ns_ldap_error_t **errorp);
882 889
883 890 int __ns_ldap_freeAttributeMaps(
884 891 ns_ldap_attribute_map_t ***maps);
885 892
886 893 char **__ns_ldap_getMappedAttributes(
887 894 const char *service,
888 895 const char *origAttribute);
889 896
890 897 char **__ns_ldap_getOrigAttribute(
891 898 const char *service,
892 899 const char *mappedAttribute);
893 900
894 901 int __ns_ldap_getObjectClassMaps(
895 902 const char *service,
896 903 ns_ldap_objectclass_map_t ***maps,
897 904 ns_ldap_error_t **errorp);
898 905
899 906 int __ns_ldap_freeObjectClassMaps(
900 907 ns_ldap_objectclass_map_t ***maps);
901 908
902 909 char **__ns_ldap_getMappedObjectClass(
903 910 const char *service,
904 911 const char *origObjectClass);
905 912
906 913 char **__ns_ldap_getOrigObjectClass(
907 914 const char *service,
908 915 const char *mappedObjectClass);
909 916
910 917 int __ns_ldap_getParamType(
911 918 const char *value,
912 919 ParamIndexType *type);
913 920
914 921 int __ns_ldap_getAcctMgmt(
915 922 const char *user,
916 923 AcctUsableResponse_t *acctResp);
917 924
918 925 boolean_t __ns_ldap_is_shadow_update_enabled(void);
919 926
920 927 void
921 928 __ns_ldap_self_gssapi_only_set(
922 929 int flag);
923 930 int
924 931 __ns_ldap_self_gssapi_config(
925 932 ns_ldap_self_gssapi_config_t *config);
926 933 #ifdef __cplusplus
927 934 }
928 935 #endif
929 936
930 937 #endif /* _NS_SLDAP_H */
|
↓ open down ↓ |
105 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX