17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5689c2bf4Sjanga  * Common Development and Distribution License (the "License").
6689c2bf4Sjanga  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
21442384bbSJulian Pullen 
227c478bd9Sstevel@tonic-gate /*
239f2fd570SJulian Pullen  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
24695ef821SGordon Ross  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
25d7ab8532SJason King  * Copyright 2020 Joyent, Inc.
267c478bd9Sstevel@tonic-gate  */
277c478bd9Sstevel@tonic-gate 
287c478bd9Sstevel@tonic-gate 
297c478bd9Sstevel@tonic-gate #ifndef	_NS_INTERNAL_H
307c478bd9Sstevel@tonic-gate #define	_NS_INTERNAL_H
317c478bd9Sstevel@tonic-gate 
327c478bd9Sstevel@tonic-gate #ifdef __cplusplus
337c478bd9Sstevel@tonic-gate extern "C" {
347c478bd9Sstevel@tonic-gate #endif
357c478bd9Sstevel@tonic-gate 
367c478bd9Sstevel@tonic-gate #include <stdio.h>
377c478bd9Sstevel@tonic-gate #include <sys/types.h>
387c478bd9Sstevel@tonic-gate #include <sys/time.h>
397c478bd9Sstevel@tonic-gate #include <thread.h>
407c478bd9Sstevel@tonic-gate #include <lber.h>
417c478bd9Sstevel@tonic-gate #include <ldap.h>
427c478bd9Sstevel@tonic-gate #include "ns_sldap.h"
43e1dd0a2fSth #include "ns_cache_door.h"
447c478bd9Sstevel@tonic-gate 
457c478bd9Sstevel@tonic-gate /*
467c478bd9Sstevel@tonic-gate  * INTERNALLY USED CONSTANTS
477c478bd9Sstevel@tonic-gate  */
487c478bd9Sstevel@tonic-gate 
497c478bd9Sstevel@tonic-gate #define	MAXERROR		2000
507c478bd9Sstevel@tonic-gate #define	TRUE			1
517c478bd9Sstevel@tonic-gate #define	FALSE			0
527c478bd9Sstevel@tonic-gate #define	NSLDAPDIRECTORY		"/var/ldap"
537c478bd9Sstevel@tonic-gate #define	NSCONFIGFILE		"/var/ldap/ldap_client_file"
547c478bd9Sstevel@tonic-gate #define	NSCONFIGREFRESH		"/var/ldap/ldap_client_file.refresh"
557c478bd9Sstevel@tonic-gate #define	NSCREDFILE		"/var/ldap/ldap_client_cred"
567c478bd9Sstevel@tonic-gate #define	NSCREDREFRESH		"/var/ldap/ldap_client_cred.refresh"
577c478bd9Sstevel@tonic-gate #define	ROTORSIZE		256
587c478bd9Sstevel@tonic-gate #define	MASK			0377
597c478bd9Sstevel@tonic-gate #define	LDAPMAXHARDLOOKUPTIME	256
607c478bd9Sstevel@tonic-gate #define	DONOTEDIT		\
617c478bd9Sstevel@tonic-gate 	"Do not edit this file manually; your changes will be lost." \
62*bbf21555SRichard Lowe 	"Please use ldapclient(8) instead."
637c478bd9Sstevel@tonic-gate #define	MAXPORTNUMBER		65535
647c478bd9Sstevel@tonic-gate #define	MAXPORTNUMBER_STR	"65535"
657c478bd9Sstevel@tonic-gate #define	CREDFILE		0
667c478bd9Sstevel@tonic-gate #define	CONFIGFILE		1
677c478bd9Sstevel@tonic-gate #define	UIDNUMFILTER		"(&(objectclass=posixAccount)(uidnumber=%s))"
68695ef821SGordon Ross #define	UIDNUMFILTER_SSD	"(&(%%s)(uidnumber=%s))"
697c478bd9Sstevel@tonic-gate #define	UIDFILTER		"(&(objectclass=posixAccount)(uid=%s))"
707c478bd9Sstevel@tonic-gate #define	UIDFILTER_SSD		"(&(%%s)(uid=%s))"
71d7ab8532SJason King #define	UIDDNFILTER		"(objectclass=posixAccount)"
72695ef821SGordon Ross 
737c478bd9Sstevel@tonic-gate #define	HOSTFILTER		"(&(objectclass=ipHost)(cn=%s))"
747c478bd9Sstevel@tonic-gate #define	HOSTFILTER_SSD		"(&(%%s)(cn=%s))"
757c478bd9Sstevel@tonic-gate 
767c478bd9Sstevel@tonic-gate #define	SIMPLEPAGECTRLFLAG	1
777c478bd9Sstevel@tonic-gate #define	VLVCTRLFLAG		2
787c478bd9Sstevel@tonic-gate 
797c478bd9Sstevel@tonic-gate #define	LISTPAGESIZE		1000
807c478bd9Sstevel@tonic-gate #define	ENUMPAGESIZE		100
817c478bd9Sstevel@tonic-gate 
827c478bd9Sstevel@tonic-gate #define	DEFMAX			8
837c478bd9Sstevel@tonic-gate #define	TOKENSEPARATOR		'='
847c478bd9Sstevel@tonic-gate #define	QUOTETOK		'"'
857c478bd9Sstevel@tonic-gate #define	SPACETOK		' '
867c478bd9Sstevel@tonic-gate #define	COMMATOK		','
877c478bd9Sstevel@tonic-gate #define	COLONTOK		':'
887c478bd9Sstevel@tonic-gate #define	QUESTTOK		'?'
897c478bd9Sstevel@tonic-gate #define	SEMITOK			';'
907c478bd9Sstevel@tonic-gate #define	TABTOK			'\t'
917c478bd9Sstevel@tonic-gate #define	OPARATOK		'('
927c478bd9Sstevel@tonic-gate #define	CPARATOK		')'
937c478bd9Sstevel@tonic-gate #define	BSLTOK			'\\'
947c478bd9Sstevel@tonic-gate #define	DOORLINESEP		"\07"
95e1dd0a2fSth #define	DOORLINESEP_CHR		0x7
967c478bd9Sstevel@tonic-gate #define	COMMASEP		", "
977c478bd9Sstevel@tonic-gate #define	SPACESEP		" "
987c478bd9Sstevel@tonic-gate #define	SEMISEP			";"
997c478bd9Sstevel@tonic-gate #define	COLONSEP		":"
1007c478bd9Sstevel@tonic-gate #define	COLSPSEP		": "
1017c478bd9Sstevel@tonic-gate #define	EQUALSEP		"="
1027c478bd9Sstevel@tonic-gate #define	EQUSPSEP		"= "
1037c478bd9Sstevel@tonic-gate #define	LAST_VALUE		(int)NS_LDAP_HOST_CERTPATH_P
104434c5a06SMilan Jurik #define	BUFSIZE			BUFSIZ
1057c478bd9Sstevel@tonic-gate #define	DEFAULTCONFIGNAME	"__default_config"
1067c478bd9Sstevel@tonic-gate #define	EXP_DEFAULT_TTL		"43200"	/* 12 hours TTL */
1077c478bd9Sstevel@tonic-gate #define	CRYPTMARK		"{NS1}"
1087c478bd9Sstevel@tonic-gate #define	DOORBUFFERSIZE		8192
1097c478bd9Sstevel@tonic-gate 
1107c478bd9Sstevel@tonic-gate #define	LDIF_FMT_STR		"%s: %s"
1117c478bd9Sstevel@tonic-gate #define	FILE_FMT_STR		"%s= %s"
1127c478bd9Sstevel@tonic-gate #define	DOOR_FMT_STR		"%s=%s"
1137c478bd9Sstevel@tonic-gate 
1147c478bd9Sstevel@tonic-gate #define	SESSION_CACHE_INC	8
1157c478bd9Sstevel@tonic-gate #define	CONID_OFFSET		1024
1167c478bd9Sstevel@tonic-gate #define	NS_DEFAULT_BIND_TIMEOUT		30 /* timeout value in seconds */
1177c478bd9Sstevel@tonic-gate #define	NS_DEFAULT_SEARCH_TIMEOUT	30 /* timeout value in seconds */
1187c478bd9Sstevel@tonic-gate 
1197c478bd9Sstevel@tonic-gate /* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */
12050b7bd51SSreedhar Chalamalasetti - Sun Microsystems - Bangalore India #define	RDNSIZE			512
1217c478bd9Sstevel@tonic-gate 
122dd1104fbSMichen Chang /*
123dd1104fbSMichen Chang  * special service used by ldap_cachemgr to indicate a shadow update
124dd1104fbSMichen Chang  * is to be done with the credential of the administrator identity
125dd1104fbSMichen Chang  */
126dd1104fbSMichen Chang #define	NS_ADMIN_SHADOW_UPDATE	"shadow__admin_update"
1277c478bd9Sstevel@tonic-gate 
1287c478bd9Sstevel@tonic-gate /* Phase 1 profile information */
1297c478bd9Sstevel@tonic-gate #define	_PROFILE1_OBJECTCLASS	"SolarisNamingProfile"
1307c478bd9Sstevel@tonic-gate #define	_PROFILE_CONTAINER	"profile"
1317c478bd9Sstevel@tonic-gate #define	_PROFILE_FILTER		"(&(|(objectclass=%s)(objectclass=%s))(cn=%s))"
1327c478bd9Sstevel@tonic-gate 
1337c478bd9Sstevel@tonic-gate /* Phase 2 profile information */
1347c478bd9Sstevel@tonic-gate #define	_PROFILE2_OBJECTCLASS		"DUAConfigProfile"
1357c478bd9Sstevel@tonic-gate 
1367c478bd9Sstevel@tonic-gate /* Common to all profiles */
1377c478bd9Sstevel@tonic-gate #define	_P_CN			"cn"
1387c478bd9Sstevel@tonic-gate 
1397c478bd9Sstevel@tonic-gate /* Native LDAP Phase 1 Specific Profile Attributes */
1407c478bd9Sstevel@tonic-gate #define	_P1_SERVERS			"SolarisLDAPServers"
1417c478bd9Sstevel@tonic-gate #define	_P1_SEARCHBASEDN		"SolarisSearchBaseDN"
1427c478bd9Sstevel@tonic-gate #define	_P1_CACHETTL			"SolarisCacheTTL"
1437c478bd9Sstevel@tonic-gate #define	_P1_BINDDN			"SolarisBindDN"
1447c478bd9Sstevel@tonic-gate #define	_P1_BINDPASSWORD		"SolarisBindPassword"
1457c478bd9Sstevel@tonic-gate #define	_P1_AUTHMETHOD			"SolarisAuthMethod"
1467c478bd9Sstevel@tonic-gate #define	_P1_TRANSPORTSECURITY		"SolarisTransportSecurity"
1477c478bd9Sstevel@tonic-gate #define	_P1_CERTIFICATEPATH		"SolarisCertificatePath"
1487c478bd9Sstevel@tonic-gate #define	_P1_CERTIFICATEPASSWORD		"SolarisCertificatePassword"
1497c478bd9Sstevel@tonic-gate #define	_P1_DATASEARCHDN		"SolarisDataSearchDN"
1507c478bd9Sstevel@tonic-gate #define	_P1_SEARCHSCOPE			"SolarisSearchScope"
1517c478bd9Sstevel@tonic-gate #define	_P1_SEARCHTIMELIMIT		"SolarisSearchTimeLimit"
1527c478bd9Sstevel@tonic-gate #define	_P1_PREFERREDSERVER		"SolarisPreferredServer"
1537c478bd9Sstevel@tonic-gate #define	_P1_PREFERREDSERVERONLY		"SolarisPreferredServerOnly"
1547c478bd9Sstevel@tonic-gate #define	_P1_SEARCHREFERRAL		"SolarisSearchReferral"
1557c478bd9Sstevel@tonic-gate #define	_P1_BINDTIMELIMIT		"SolarisBindTimeLimit"
1567c478bd9Sstevel@tonic-gate 
1577c478bd9Sstevel@tonic-gate /* Native LDAP Phase 2 Specific Profile Attributes */
1587c478bd9Sstevel@tonic-gate #define	_P2_PREFERREDSERVER		"preferredServerList"
1597c478bd9Sstevel@tonic-gate #define	_P2_DEFAULTSERVER		"defaultServerList"
1607c478bd9Sstevel@tonic-gate #define	_P2_SEARCHBASEDN		"defaultSearchBase"
1617c478bd9Sstevel@tonic-gate #define	_P2_SEARCHSCOPE			"defaultSearchScope"
1627c478bd9Sstevel@tonic-gate #define	_P2_AUTHMETHOD			"authenticationMethod"
1637c478bd9Sstevel@tonic-gate #define	_P2_CREDENTIALLEVEL		"credentialLevel"
1647c478bd9Sstevel@tonic-gate #define	_P2_SERVICESEARCHDESC		"serviceSearchDescriptor"
1657c478bd9Sstevel@tonic-gate #define	_P2_SEARCHTIMELIMIT		"searchTimeLimit"
1667c478bd9Sstevel@tonic-gate #define	_P2_BINDTIMELIMIT		"bindTimeLimit"
1677c478bd9Sstevel@tonic-gate #define	_P2_FOLLOWREFERRALS		"followReferrals"
1687c478bd9Sstevel@tonic-gate #define	_P2_PROFILETTL			"profileTTL"
1697c478bd9Sstevel@tonic-gate #define	_P2_ATTRIBUTEMAP		"attributeMap"
1707c478bd9Sstevel@tonic-gate #define	_P2_OBJECTCLASSMAP		"objectClassMap"
1717c478bd9Sstevel@tonic-gate #define	_P2_SERVICECREDLEVEL		"serviceCredentialLevel"
1727c478bd9Sstevel@tonic-gate #define	_P2_SERVICEAUTHMETHOD		"serviceAuthenticationMethod"
1737c478bd9Sstevel@tonic-gate 
1747c478bd9Sstevel@tonic-gate /* Control & SASL information from RootDSE door call */
1757c478bd9Sstevel@tonic-gate #define	_SASLMECHANISM			"supportedSASLmechanisms"
1767c478bd9Sstevel@tonic-gate #define	_SASLMECHANISM_LEN		23
1777c478bd9Sstevel@tonic-gate #define	_SUPPORTEDCONTROL		"supportedControl"
1787c478bd9Sstevel@tonic-gate #define	_SUPPORTEDCONTROL_LEN		16
1797c478bd9Sstevel@tonic-gate 
1807c478bd9Sstevel@tonic-gate #define	NS_HASH_MAX	257
1817c478bd9Sstevel@tonic-gate #define	NS_HASH_SCHEMA_MAPPING_EXISTED	"=MAPPING EXISTED="
1827c478bd9Sstevel@tonic-gate #define	NS_HASH_RC_SUCCESS		1
1837c478bd9Sstevel@tonic-gate #define	NS_HASH_RC_NO_MEMORY		-1
1847c478bd9Sstevel@tonic-gate #define	NS_HASH_RC_CONFIG_ERROR		-2
1857c478bd9Sstevel@tonic-gate #define	NS_HASH_RC_EXISTED		-3
1867c478bd9Sstevel@tonic-gate #define	NS_HASH_RC_SYNTAX_ERROR		-4
1877c478bd9Sstevel@tonic-gate 
1887c478bd9Sstevel@tonic-gate /* Password management related error message from iDS ldap server */
1897c478bd9Sstevel@tonic-gate #define	NS_PWDERR_MAXTRIES		\
1907c478bd9Sstevel@tonic-gate 	"Exceed password retry limit."
1917c478bd9Sstevel@tonic-gate #define	NS_PWDERR_EXPIRED		\
1927c478bd9Sstevel@tonic-gate 	"password expired!"
1937c478bd9Sstevel@tonic-gate #define	NS_PWDERR_ACCT_INACTIVATED	\
1947c478bd9Sstevel@tonic-gate 	"Account inactivated. Contact system administrator."
1957c478bd9Sstevel@tonic-gate #define	NS_PWDERR_CHANGE_NOT_ALLOW	\
1967c478bd9Sstevel@tonic-gate 	"user is not allowed to change password"
1977c478bd9Sstevel@tonic-gate #define	NS_PWDERR_INVALID_SYNTAX	\
1987c478bd9Sstevel@tonic-gate 	"invalid password syntax"
1997c478bd9Sstevel@tonic-gate #define	NS_PWDERR_TRIVIAL_PASSWD	\
2007c478bd9Sstevel@tonic-gate 	"Password failed triviality check"
2017c478bd9Sstevel@tonic-gate #define	NS_PWDERR_IN_HISTORY	\
2027c478bd9Sstevel@tonic-gate 	"password in history"
2037c478bd9Sstevel@tonic-gate #define	NS_PWDERR_WITHIN_MIN_AGE	\
2047c478bd9Sstevel@tonic-gate 	"within password minimum age"
2057c478bd9Sstevel@tonic-gate 
2067c478bd9Sstevel@tonic-gate /*
2077c478bd9Sstevel@tonic-gate  * INTERNALLY USED MACROS
2087c478bd9Sstevel@tonic-gate  */
2097c478bd9Sstevel@tonic-gate 
2107c478bd9Sstevel@tonic-gate void	__s_api_debug_pause(int priority, int st, const char *mesg);
2117c478bd9Sstevel@tonic-gate 
2127c478bd9Sstevel@tonic-gate #define	NULL_OR_STR(str)	(!(str) || *(str) == '\0' ? "<NULL>" : (str))
2137c478bd9Sstevel@tonic-gate 
2147c478bd9Sstevel@tonic-gate /*
2157c478bd9Sstevel@tonic-gate  * MKERROR: builds the error structure and fills in the status and
2167c478bd9Sstevel@tonic-gate  * the message.  The message must be a freeable (non-static) string.
2177c478bd9Sstevel@tonic-gate  * If it fails to allocate memory for the error structure,
2187c478bd9Sstevel@tonic-gate  * it will return the retErr.
2197c478bd9Sstevel@tonic-gate  */
2207c478bd9Sstevel@tonic-gate #define	MKERROR(priority, err, st, mesg, retErr) \
2217c478bd9Sstevel@tonic-gate 	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
2227c478bd9Sstevel@tonic-gate 		return (retErr); \
2237c478bd9Sstevel@tonic-gate 	(err)->message = mesg; \
2247c478bd9Sstevel@tonic-gate 	(err)->status = (st); \
2257c478bd9Sstevel@tonic-gate 	__s_api_debug_pause(priority, st, (err)->message);
2267c478bd9Sstevel@tonic-gate 
2277c478bd9Sstevel@tonic-gate /*
2287c478bd9Sstevel@tonic-gate  * MKERROR_PWD_MGMT is almost the same as MKERROR
2297c478bd9Sstevel@tonic-gate  * except that it takes two more inputs to fill in the
2307c478bd9Sstevel@tonic-gate  * password management information part of the
2317c478bd9Sstevel@tonic-gate  * ns_ldap_error structure pointed to by err,
2327c478bd9Sstevel@tonic-gate  * and it does not log a syslog message.
2337c478bd9Sstevel@tonic-gate  */
2347c478bd9Sstevel@tonic-gate #define	MKERROR_PWD_MGMT(err, st, mesg, pwd_status, sec_until_exp, retErr) \
2357c478bd9Sstevel@tonic-gate 	if (((err) = calloc(1, sizeof (struct ns_ldap_error))) == NULL) \
2367c478bd9Sstevel@tonic-gate 		return (retErr); \
2377c478bd9Sstevel@tonic-gate 	(err)->message = mesg; \
2387c478bd9Sstevel@tonic-gate 	(err)->status = (st); \
2397c478bd9Sstevel@tonic-gate 	(err)->pwd_mgmt.status = (pwd_status); \
2407c478bd9Sstevel@tonic-gate 	(err)->pwd_mgmt.sec_until_expired = (sec_until_exp);
2417c478bd9Sstevel@tonic-gate 
2427c478bd9Sstevel@tonic-gate #ifdef DEBUG
2437c478bd9Sstevel@tonic-gate #define	NSLDAPTRACE(variable, setequal, message) \
2447c478bd9Sstevel@tonic-gate 	if (variable > 0 || ((setequal != 0) && (variable == setequal))) { \
2457c478bd9Sstevel@tonic-gate 		char buf[BUFSIZ]; \
2467c478bd9Sstevel@tonic-gate 		(void) snprintf(buf, BUFSIZ, message); \
2477c478bd9Sstevel@tonic-gate 		(void) write(__ldap_debug_file, buf); \
2487c478bd9Sstevel@tonic-gate 	}
2497c478bd9Sstevel@tonic-gate #endif
2507c478bd9Sstevel@tonic-gate 
2517c478bd9Sstevel@tonic-gate /*
2527c478bd9Sstevel@tonic-gate  * INTERNAL DATA STRUCTURES
2537c478bd9Sstevel@tonic-gate  */
2547c478bd9Sstevel@tonic-gate 
2557c478bd9Sstevel@tonic-gate /*
2567c478bd9Sstevel@tonic-gate  * configuration entry type
2577c478bd9Sstevel@tonic-gate  */
2587c478bd9Sstevel@tonic-gate 
2597c478bd9Sstevel@tonic-gate typedef enum {
2607c478bd9Sstevel@tonic-gate 	SERVERCONFIG	= 1,
2617c478bd9Sstevel@tonic-gate 	CLIENTCONFIG	= 2,
2627c478bd9Sstevel@tonic-gate 	CREDCONFIG	= 3
2637c478bd9Sstevel@tonic-gate } ns_conftype_t;
2647c478bd9Sstevel@tonic-gate 
2657c478bd9Sstevel@tonic-gate /*
2667c478bd9Sstevel@tonic-gate  * datatype of a config entry
2677c478bd9Sstevel@tonic-gate  */
2687c478bd9Sstevel@tonic-gate 
2697c478bd9Sstevel@tonic-gate typedef enum {
2707c478bd9Sstevel@tonic-gate 	NS_UNKNOWN	= 0,
2717c478bd9Sstevel@tonic-gate 	CHARPTR		= 1,		/* Single character pointer */
2727c478bd9Sstevel@tonic-gate 	ARRAYCP		= 2,		/* comma sep array of char pointers */
2737c478bd9Sstevel@tonic-gate 	ARRAYAUTH	= 3,		/* Array of auths */
2747c478bd9Sstevel@tonic-gate 	TIMET		= 4,		/* time relative value (TTL) */
2757c478bd9Sstevel@tonic-gate 	INT		= 5,		/* single integer */
2767c478bd9Sstevel@tonic-gate 	SSDLIST		= 6,		/* service search descriptor */
2777c478bd9Sstevel@tonic-gate 	ATTRMAP		= 7,		/* attribute mapping */
2787c478bd9Sstevel@tonic-gate 	OBJMAP		= 8,		/* objectclass mapping */
2797c478bd9Sstevel@tonic-gate 	SERVLIST	= 9,		/* serverlist (SP sep array) */
2807c478bd9Sstevel@tonic-gate 	ARRAYCRED	= 10,		/* Array of credentialLevels */
2817c478bd9Sstevel@tonic-gate 	SAMLIST		= 11,		/* serviceAuthenticationMethod */
2827c478bd9Sstevel@tonic-gate 	SCLLIST		= 12		/* serviceCredentialLevel */
2837c478bd9Sstevel@tonic-gate } ns_datatype_t;
2847c478bd9Sstevel@tonic-gate 
2857c478bd9Sstevel@tonic-gate typedef enum {
2867c478bd9Sstevel@tonic-gate 	NS_SUCCESS,
2877c478bd9Sstevel@tonic-gate 	NS_NOTFOUND,
2887c478bd9Sstevel@tonic-gate 	NS_PARSE_ERR
2897c478bd9Sstevel@tonic-gate } ns_parse_status;
2907c478bd9Sstevel@tonic-gate 
2917c478bd9Sstevel@tonic-gate typedef enum {
2927c478bd9Sstevel@tonic-gate 	NS_DOOR_FMT	= 1,
2937c478bd9Sstevel@tonic-gate 	NS_LDIF_FMT	= 2,
2947c478bd9Sstevel@tonic-gate 	NS_FILE_FMT	= 3
2957c478bd9Sstevel@tonic-gate } ns_strfmt_t;
2967c478bd9Sstevel@tonic-gate 
2977c478bd9Sstevel@tonic-gate /*
2987c478bd9Sstevel@tonic-gate  * This enum reduces the number of version string compares
2997c478bd9Sstevel@tonic-gate  * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2
3007c478bd9Sstevel@tonic-gate  */
3017c478bd9Sstevel@tonic-gate 
3027c478bd9Sstevel@tonic-gate typedef enum {
3037c478bd9Sstevel@tonic-gate 	NS_LDAP_V1	= 1000,
3047c478bd9Sstevel@tonic-gate 	NS_LDAP_V2	= 2000
3057c478bd9Sstevel@tonic-gate } ns_version_t;
3067c478bd9Sstevel@tonic-gate 
3077c478bd9Sstevel@tonic-gate /*
3087c478bd9Sstevel@tonic-gate  * enum<->string mapping construct
3097c478bd9Sstevel@tonic-gate  */
3107c478bd9Sstevel@tonic-gate 
3117c478bd9Sstevel@tonic-gate typedef struct ns_enum_map {
3127c478bd9Sstevel@tonic-gate 	int	value;
3137c478bd9Sstevel@tonic-gate 	char	*name;
3147c478bd9Sstevel@tonic-gate } ns_enum_map;
3157c478bd9Sstevel@tonic-gate 
3167c478bd9Sstevel@tonic-gate #define	ENUM2INT(x)		((int)(x))
3177c478bd9Sstevel@tonic-gate 
3187c478bd9Sstevel@tonic-gate #define	INT2PARAMINDEXENUM(x)	((ParamIndexType)(x))
3197c478bd9Sstevel@tonic-gate #define	INT2SEARCHREFENUM(x)	((SearchRef_t)(x))
3207c478bd9Sstevel@tonic-gate #define	INT2SCOPEENUM(x)	((ScopeType_t)(x))
3217c478bd9Sstevel@tonic-gate #define	INT2AUTHENUM(x)		((AuthType_t)(x))
3227c478bd9Sstevel@tonic-gate #define	INT2SECENUM(x)		((TlsType_t)(x))
3237c478bd9Sstevel@tonic-gate #define	INT2PREFONLYENUM(x)	((PrefOnly_t)(x))
3247c478bd9Sstevel@tonic-gate #define	INT2CREDLEVELENUM(x)	((CredLevel_t)(x))
325dd1104fbSMichen Chang #define	INT2SHADOWUPDATENUM(x)	((enableShadowUpdate_t)(x))
3267c478bd9Sstevel@tonic-gate 
3277c478bd9Sstevel@tonic-gate #define	INT2LDAPRETURN(x)	((ns_ldap_return_code)(x))
3287c478bd9Sstevel@tonic-gate #define	INT2CONFIGRETURN(x)	((ns_ldap_config_return_code)(x))
3297c478bd9Sstevel@tonic-gate #define	INT2PARTIALRETURN(x)	((ns_ldap_partial_return_code)(x))
3307c478bd9Sstevel@tonic-gate 
3317c478bd9Sstevel@tonic-gate /*
3327c478bd9Sstevel@tonic-gate  * This structure maps service name to rdn components
3337c478bd9Sstevel@tonic-gate  * for use in __ns_getDNs. It also defines the SSD-to-use
3347c478bd9Sstevel@tonic-gate  * service for use in __s_api_get_SSDtoUse_service.
3357c478bd9Sstevel@tonic-gate  * The idea of an SSD-to-use service is to reduce the configuration
3367c478bd9Sstevel@tonic-gate  * complexity. For a service, which does not have its own entries in
3377c478bd9Sstevel@tonic-gate  * the LDAP directory, SSD for it is useless, and should not be set.
3387c478bd9Sstevel@tonic-gate  * But since this service must share the container with at least
3397c478bd9Sstevel@tonic-gate  * one other service which does have it own entries, the SSD for
3407c478bd9Sstevel@tonic-gate  * this other service will be shared by this service.
3417c478bd9Sstevel@tonic-gate  * This other service is called the SSD-to-use service.
3427c478bd9Sstevel@tonic-gate  *
3437c478bd9Sstevel@tonic-gate  */
3447c478bd9Sstevel@tonic-gate 
3457c478bd9Sstevel@tonic-gate typedef struct ns_service_map {
3467c478bd9Sstevel@tonic-gate 	char	*service;
3477c478bd9Sstevel@tonic-gate 	char	*rdn;
3487c478bd9Sstevel@tonic-gate 	char	*SSDtoUse_service;
3497c478bd9Sstevel@tonic-gate } ns_service_map;
3507c478bd9Sstevel@tonic-gate 
3517c478bd9Sstevel@tonic-gate /*
3527c478bd9Sstevel@tonic-gate  * This structure contains a single mapping from:
3537c478bd9Sstevel@tonic-gate  * service:orig -> list of mapped
3547c478bd9Sstevel@tonic-gate  */
3557c478bd9Sstevel@tonic-gate 
3567c478bd9Sstevel@tonic-gate typedef enum {
3577c478bd9Sstevel@tonic-gate 	NS_ATTR_MAP,
3587c478bd9Sstevel@tonic-gate 	NS_OBJ_MAP
3597c478bd9Sstevel@tonic-gate } ns_maptype_t;
3607c478bd9Sstevel@tonic-gate 
3617c478bd9Sstevel@tonic-gate typedef struct ns_mapping {
3627c478bd9Sstevel@tonic-gate 	ns_maptype_t	type;
3637c478bd9Sstevel@tonic-gate 	char		*service;
3647c478bd9Sstevel@tonic-gate 	char		*orig;
3657c478bd9Sstevel@tonic-gate 	char		**map;
3667c478bd9Sstevel@tonic-gate } ns_mapping_t;
3677c478bd9Sstevel@tonic-gate 
3687c478bd9Sstevel@tonic-gate /*
3697c478bd9Sstevel@tonic-gate  * The following is the list of internal libsldap configuration data
3707c478bd9Sstevel@tonic-gate  * structures.  The configuration is populated normally once per
3717c478bd9Sstevel@tonic-gate  * application.  The assumption is that in applications can be
3727c478bd9Sstevel@tonic-gate  * relatively short lived (IE ls via nsswitch) so it is important to
3737c478bd9Sstevel@tonic-gate  * keep configuration to a minimum, but keep lookups fast.
3747c478bd9Sstevel@tonic-gate  *
3757c478bd9Sstevel@tonic-gate  * Assumptions:
3767c478bd9Sstevel@tonic-gate  * 1 configuration entry per domain, and almost always 1 domain
3777c478bd9Sstevel@tonic-gate  * per app.  Hooks exist for multiple domains per app.
3787c478bd9Sstevel@tonic-gate  *
3797c478bd9Sstevel@tonic-gate  * Configurations are read in from client file cache or from LDAP.
3807c478bd9Sstevel@tonic-gate  * Attribute/objectclass mappings are hashed to improve lookup
3817c478bd9Sstevel@tonic-gate  * speed.
3827c478bd9Sstevel@tonic-gate  */
3837c478bd9Sstevel@tonic-gate 
3847c478bd9Sstevel@tonic-gate /*
3857c478bd9Sstevel@tonic-gate  * Hash entry types
3867c478bd9Sstevel@tonic-gate  */
3877c478bd9Sstevel@tonic-gate typedef enum	_ns_hashtype_t {
3887c478bd9Sstevel@tonic-gate 	NS_HASH_AMAP	= 1,		/* attr map */
3897c478bd9Sstevel@tonic-gate 	NS_HASH_RAMAP	= 2,		/* reverse attr map */
3907c478bd9Sstevel@tonic-gate 	NS_HASH_OMAP	= 3,		/* oc map */
3917c478bd9Sstevel@tonic-gate 	NS_HASH_ROMAP	= 4,		/* reverse oc map */
3927c478bd9Sstevel@tonic-gate 	NS_HASH_VOID	= 5
3937c478bd9Sstevel@tonic-gate } ns_hashtype_t;
3947c478bd9Sstevel@tonic-gate 
3957c478bd9Sstevel@tonic-gate typedef struct ns_hash {
3967c478bd9Sstevel@tonic-gate 	ns_hashtype_t	h_type;
3977c478bd9Sstevel@tonic-gate 	ns_mapping_t	*h_map;
3987c478bd9Sstevel@tonic-gate 	struct ns_hash	*h_next;
3997c478bd9Sstevel@tonic-gate 	struct ns_hash	*h_llnext;
4007c478bd9Sstevel@tonic-gate } ns_hash_t;
4017c478bd9Sstevel@tonic-gate 
4027c478bd9Sstevel@tonic-gate /*
4037c478bd9Sstevel@tonic-gate  * This structure defines the format of an internal configuration
4047c478bd9Sstevel@tonic-gate  * parameter for ns_ldap client.
4057c478bd9Sstevel@tonic-gate  */
4067c478bd9Sstevel@tonic-gate 
4077c478bd9Sstevel@tonic-gate typedef struct ns_param {
4087c478bd9Sstevel@tonic-gate 	ns_datatype_t	ns_ptype;
4097c478bd9Sstevel@tonic-gate 	int		ns_acnt;
4107c478bd9Sstevel@tonic-gate 	union {
4117c478bd9Sstevel@tonic-gate 		char	**ppc;
4127c478bd9Sstevel@tonic-gate 		int	*pi;
4137c478bd9Sstevel@tonic-gate 		char	*pc;
4147c478bd9Sstevel@tonic-gate 		int	i;
4157c478bd9Sstevel@tonic-gate 		time_t	tm;
4167c478bd9Sstevel@tonic-gate 	} ns_pu;
4177c478bd9Sstevel@tonic-gate } ns_param_t;
4187c478bd9Sstevel@tonic-gate 
4197c478bd9Sstevel@tonic-gate #define	ns_ppc	ns_pu.ppc
4207c478bd9Sstevel@tonic-gate #define	ns_pi	ns_pu.pi
4217c478bd9Sstevel@tonic-gate #define	ns_pc	ns_pu.pc
4227c478bd9Sstevel@tonic-gate #define	ns_i	ns_pu.i
4237c478bd9Sstevel@tonic-gate #define	ns_tm	ns_pu.tm
4247c478bd9Sstevel@tonic-gate 
4257c478bd9Sstevel@tonic-gate /*
4267c478bd9Sstevel@tonic-gate  * This structure defines an instance of a configuration structure.
4277c478bd9Sstevel@tonic-gate  * paramList contains the current ns_ldap parameter configuration
4287c478bd9Sstevel@tonic-gate  * and hashTbl contain the current attribute/objectclass mappings.
4297c478bd9Sstevel@tonic-gate  * Parameters are indexed by using the value assigned to the parameter
4307c478bd9Sstevel@tonic-gate  * in ParamIndexType.
4317c478bd9Sstevel@tonic-gate  */
4327c478bd9Sstevel@tonic-gate 
4337c478bd9Sstevel@tonic-gate typedef struct ns_config {
4347c478bd9Sstevel@tonic-gate 	char			*domainName;
4357c478bd9Sstevel@tonic-gate 	ns_version_t		version;
4367c478bd9Sstevel@tonic-gate 	ns_param_t		paramList[NS_LDAP_MAX_PIT_P];
4377c478bd9Sstevel@tonic-gate 	ns_hash_t		*hashTbl[NS_HASH_MAX];
4387c478bd9Sstevel@tonic-gate 	ns_hash_t		*llHead;
4397c478bd9Sstevel@tonic-gate 	ns_ldap_entry_t		*RootDSE;
4407c478bd9Sstevel@tonic-gate 	boolean_t		delete;
4417c478bd9Sstevel@tonic-gate 	mutex_t			config_mutex;
4427c478bd9Sstevel@tonic-gate 	int			nUse;
443e1dd0a2fSth 	ldap_get_chg_cookie_t	config_cookie;
4447c478bd9Sstevel@tonic-gate } ns_config_t;
4457c478bd9Sstevel@tonic-gate 
4467c478bd9Sstevel@tonic-gate /*
4477c478bd9Sstevel@tonic-gate  * This structure defines the mapping of the NSCONFIGFILE file
4487c478bd9Sstevel@tonic-gate  * statements into their corresponding SolarisNamingProfile,
4497c478bd9Sstevel@tonic-gate  * Posix Mapping LDAP attributes, and to their corresponding
4507c478bd9Sstevel@tonic-gate  * ParamIndexType enum mapping.  THe ParamIndexType enum
4517c478bd9Sstevel@tonic-gate  * definitions can be found in ns_ldap.h.  This structure also
4527c478bd9Sstevel@tonic-gate  * defines the default values that are used when a value either
4537c478bd9Sstevel@tonic-gate  * does not exist or is undefined.
4547c478bd9Sstevel@tonic-gate  */
4557c478bd9Sstevel@tonic-gate 
4567c478bd9Sstevel@tonic-gate typedef struct ns_default_config {
4577c478bd9Sstevel@tonic-gate 	const char	*name;		/* config file parameter name */
4587c478bd9Sstevel@tonic-gate 	ParamIndexType	index;		/* config file enum index */
4597c478bd9Sstevel@tonic-gate 	ns_conftype_t	config_type;	/* CLIENT/SERVER/CREDCONFIG */
4607c478bd9Sstevel@tonic-gate 	ns_datatype_t	data_type;	/* ppc,pi,pc,int etc... */
4617c478bd9Sstevel@tonic-gate 	int		single_valued;	/* TRUE OR FALSE */
462695ef821SGordon Ross 	ns_version_t	version;	/* Version # for attribute */
4637c478bd9Sstevel@tonic-gate 	const char	*profile_name;	/* profile schema attribute name */
4647c478bd9Sstevel@tonic-gate 	ns_param_t	defval;		/* config file parameter default */
4657c478bd9Sstevel@tonic-gate 	int		(*ns_verify)(ParamIndexType i,
4667c478bd9Sstevel@tonic-gate 				struct ns_default_config *def,
4677c478bd9Sstevel@tonic-gate 				ns_param_t *param,
4687c478bd9Sstevel@tonic-gate 				char *errbuf);
4697c478bd9Sstevel@tonic-gate 	ns_enum_map	*allowed;	/* allowed values */
4707c478bd9Sstevel@tonic-gate } ns_default_config;
4717c478bd9Sstevel@tonic-gate 
4727c478bd9Sstevel@tonic-gate 
4737c478bd9Sstevel@tonic-gate /*
4747c478bd9Sstevel@tonic-gate  * This typedef enumerates all the supported authentication
4757c478bd9Sstevel@tonic-gate  * mechanisms currently supported in this library
4767c478bd9Sstevel@tonic-gate  */
4777c478bd9Sstevel@tonic-gate 
4787c478bd9Sstevel@tonic-gate typedef enum EnumAuthType {
4797c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_NONE				= 0,
4807c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_SIMPLE			= 1,
4817c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_SASL_NONE			= 2,
4827c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_SASL_CRAM_MD5		= 3,
4837c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_SASL_DIGEST_MD5		= 4,
4847c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_SASL_DIGEST_MD5_INT		= 5,
4857c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_SASL_DIGEST_MD5_CONF		= 6,
4867c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_SASL_EXTERNAL		= 7,
487cb5caa98Sdjl 	NS_LDAP_EA_SASL_GSSAPI			= 8,
4887c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_SASL_SPNEGO			= 9,	/* unsupported */
4897c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_NONE			= 10,
4907c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SIMPLE			= 11,
4917c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SASL_NONE		= 12,
4927c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SASL_CRAM_MD5		= 13,
4937c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5		= 14,
4947c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT	= 15,
4957c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF	= 16,
4967c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SASL_EXTERNAL		= 17,
4977c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SASL_GSSAPI		= 18,	/* unsupported */
4987c478bd9Sstevel@tonic-gate 	NS_LDAP_EA_TLS_SASL_SPNEGO		= 19	/* unsupported */
4997c478bd9Sstevel@tonic-gate } EnumAuthType_t;
5007c478bd9Sstevel@tonic-gate 
5017c478bd9Sstevel@tonic-gate 
5027c478bd9Sstevel@tonic-gate /*
5037c478bd9Sstevel@tonic-gate  * this enum lists the various states of the search state machine
5047c478bd9Sstevel@tonic-gate  */
5057c478bd9Sstevel@tonic-gate 
5067c478bd9Sstevel@tonic-gate typedef enum {
5077c478bd9Sstevel@tonic-gate 	INIT			= 1,
5087c478bd9Sstevel@tonic-gate 	EXIT			= 2,
5097c478bd9Sstevel@tonic-gate 	NEXT_SEARCH_DESCRIPTOR	= 3,
5107c478bd9Sstevel@tonic-gate 	GET_SESSION		= 4,
5117c478bd9Sstevel@tonic-gate 	NEXT_SESSION		= 5,
5127c478bd9Sstevel@tonic-gate 	RESTART_SESSION		= 6,
5137c478bd9Sstevel@tonic-gate 	NEXT_SEARCH		= 7,
5147c478bd9Sstevel@tonic-gate 	NEXT_VLV		= 8,
5157c478bd9Sstevel@tonic-gate 	NEXT_PAGE		= 9,
5167c478bd9Sstevel@tonic-gate 	ONE_SEARCH		= 10,
5177c478bd9Sstevel@tonic-gate 	DO_SEARCH		= 11,
5187c478bd9Sstevel@tonic-gate 	NEXT_RESULT		= 12,
5197c478bd9Sstevel@tonic-gate 	MULTI_RESULT		= 13,
5207c478bd9Sstevel@tonic-gate 	PROCESS_RESULT		= 14,
5217c478bd9Sstevel@tonic-gate 	END_PROCESS_RESULT	= 15,
5227c478bd9Sstevel@tonic-gate 	END_RESULT		= 16,
5237c478bd9Sstevel@tonic-gate 	NEXT_REFERRAL		= 17,
5247c478bd9Sstevel@tonic-gate 	GET_REFERRAL_SESSION	= 18,
5257c478bd9Sstevel@tonic-gate 	ERROR			= 19,
52647789246Svv 	LDAP_ERROR		= 20,
527699bceb8Smj 	GET_ACCT_MGMT_INFO	= 21,
528e1dd0a2fSth 	CLEAR_RESULTS		= 22,
529e1dd0a2fSth 	REINIT			= 23
5307c478bd9Sstevel@tonic-gate } ns_state_t;
5317c478bd9Sstevel@tonic-gate 
5327c478bd9Sstevel@tonic-gate /*
5337c478bd9Sstevel@tonic-gate  * this enum lists the various states of the write state machine
5347c478bd9Sstevel@tonic-gate  */
5357c478bd9Sstevel@tonic-gate typedef enum {
5367c478bd9Sstevel@tonic-gate 	W_INIT			= 1,
5377c478bd9Sstevel@tonic-gate 	W_EXIT			= 2,
5387c478bd9Sstevel@tonic-gate 	GET_CONNECTION		= 3,
5397c478bd9Sstevel@tonic-gate 	SELECT_OPERATION_SYNC	= 4,
5407c478bd9Sstevel@tonic-gate 	SELECT_OPERATION_ASYNC	= 5,
5417c478bd9Sstevel@tonic-gate 	DO_ADD_SYNC		= 6,
5427c478bd9Sstevel@tonic-gate 	DO_DELETE_SYNC		= 7,
5437c478bd9Sstevel@tonic-gate 	DO_MODIFY_SYNC		= 8,
5447c478bd9Sstevel@tonic-gate 	DO_ADD_ASYNC		= 9,
5457c478bd9Sstevel@tonic-gate 	DO_DELETE_ASYNC		= 10,
5467c478bd9Sstevel@tonic-gate 	DO_MODIFY_ASYNC		= 11,
5477c478bd9Sstevel@tonic-gate 	GET_RESULT_SYNC		= 12,
5487c478bd9Sstevel@tonic-gate 	GET_RESULT_ASYNC	= 13,
5497c478bd9Sstevel@tonic-gate 	PARSE_RESULT		= 14,
5507c478bd9Sstevel@tonic-gate 	GET_REFERRAL_CONNECTION	= 15,
5517c478bd9Sstevel@tonic-gate 	W_LDAP_ERROR		= 16,
5527c478bd9Sstevel@tonic-gate 	W_ERROR			= 17
5537c478bd9Sstevel@tonic-gate } ns_write_state_t;
5547c478bd9Sstevel@tonic-gate 
5557c478bd9Sstevel@tonic-gate 
5567c478bd9Sstevel@tonic-gate typedef int ConnectionID;
5577c478bd9Sstevel@tonic-gate 
5589f2fd570SJulian Pullen /*
5599f2fd570SJulian Pullen  * Server side sort type. Orginally the server side sort
5609f2fd570SJulian Pullen  * was set to "cn uid". This did not work with AD and
5619f2fd570SJulian Pullen  * hence single sort attribute was odopted. We dont
5629f2fd570SJulian Pullen  * know which server side sort will work with the
5639f2fd570SJulian Pullen  * Directory and hence we discover which method works.
5649f2fd570SJulian Pullen  */
5659f2fd570SJulian Pullen typedef enum {
5669f2fd570SJulian Pullen 	SSS_UNKNOWN		= 0,
5679f2fd570SJulian Pullen 	SSS_SINGLE_ATTR		= 1,
5689f2fd570SJulian Pullen 	SSS_CN_UID_ATTRS	= 2
5699f2fd570SJulian Pullen } ns_srvsidesort_t;
5709f2fd570SJulian Pullen 
5717c478bd9Sstevel@tonic-gate /*
5727c478bd9Sstevel@tonic-gate  * This structure is used by ns_connect to create and manage
5737c478bd9Sstevel@tonic-gate  * one or more ldap connections within the library.
5747c478bd9Sstevel@tonic-gate  */
5757c478bd9Sstevel@tonic-gate typedef struct connection {
5767c478bd9Sstevel@tonic-gate 	ConnectionID		connectionId;
577cb5caa98Sdjl 	boolean_t		usedBit;	/* true if only used by */
578cb5caa98Sdjl 						/* one thread and not shared */
579cb5caa98Sdjl 						/* by other threads */
5808277a58bSchinlong 	pid_t			pid;		/* process id */
5817c478bd9Sstevel@tonic-gate 	char			*serverAddr;
582cb5caa98Sdjl 	ns_cred_t		*auth;
5837c478bd9Sstevel@tonic-gate 	LDAP			*ld;
5847c478bd9Sstevel@tonic-gate 	thread_t		threadID;	/* thread ID using it */
5857c478bd9Sstevel@tonic-gate 	struct ns_ldap_cookie	*cookieInfo;
586695ef821SGordon Ross 	char			**controls;		/* from server_info */
5877c478bd9Sstevel@tonic-gate 	char			**saslMechanisms;	/* from server_info */
5887c478bd9Sstevel@tonic-gate } Connection;
5897c478bd9Sstevel@tonic-gate 
5907c478bd9Sstevel@tonic-gate #define	ONE_STEP			1
5917c478bd9Sstevel@tonic-gate 
5927c478bd9Sstevel@tonic-gate /*
5937c478bd9Sstevel@tonic-gate  * This structure is for referrals processing.
5947c478bd9Sstevel@tonic-gate  * The data are from referral URLs returned by
5957c478bd9Sstevel@tonic-gate  * LDAP servers
5967c478bd9Sstevel@tonic-gate  */
5977c478bd9Sstevel@tonic-gate typedef struct ns_referral_info {
5987c478bd9Sstevel@tonic-gate 	struct ns_referral_info	*next;
5997c478bd9Sstevel@tonic-gate 	char			*refHost;
6007c478bd9Sstevel@tonic-gate 	int			refScope;
6017c478bd9Sstevel@tonic-gate 	char			*refDN;
6027c478bd9Sstevel@tonic-gate 	char			*refFilter;
6037c478bd9Sstevel@tonic-gate } ns_referral_info_t;
6047c478bd9Sstevel@tonic-gate 
605479ac375Sdm struct ns_ldap_cookie;
606479ac375Sdm 
607479ac375Sdm /*
608479ac375Sdm  * Batch used by __ns_ldap_list_batch_xxx API
609479ac375Sdm  */
610479ac375Sdm struct ns_ldap_list_batch {
611479ac375Sdm 	uint32_t		nactive;
612479ac375Sdm 	struct ns_ldap_cookie	*next_cookie;
613479ac375Sdm 	struct ns_ldap_cookie	*cookie_list;
614479ac375Sdm };
615479ac375Sdm 
616e1dd0a2fSth struct ns_conn_user;
617e1dd0a2fSth typedef struct ns_conn_user ns_conn_user_t;
618e1dd0a2fSth 
6197c478bd9Sstevel@tonic-gate /*
6207c478bd9Sstevel@tonic-gate  * This structure used internally in searches
6217c478bd9Sstevel@tonic-gate  */
6227c478bd9Sstevel@tonic-gate 
6237c478bd9Sstevel@tonic-gate typedef struct ns_ldap_cookie {
6247c478bd9Sstevel@tonic-gate 	/* INPUTS */
6257c478bd9Sstevel@tonic-gate 		/* server list position */
6267c478bd9Sstevel@tonic-gate 
6277c478bd9Sstevel@tonic-gate 		/* service search descriptor list & position */
6287c478bd9Sstevel@tonic-gate 	ns_ldap_search_desc_t  **sdlist;
6297c478bd9Sstevel@tonic-gate 	ns_ldap_search_desc_t  **sdpos;
6307c478bd9Sstevel@tonic-gate 
6317c478bd9Sstevel@tonic-gate 		/* search filter callback */
6327c478bd9Sstevel@tonic-gate 	int			use_filtercb;
633695ef821SGordon Ross 	int	(*init_filter_cb)(const ns_ldap_search_desc_t *desc,
6347c478bd9Sstevel@tonic-gate 			char **realfilter, const void *userdata);
6357c478bd9Sstevel@tonic-gate 
6367c478bd9Sstevel@tonic-gate 		/* user callback */
6377c478bd9Sstevel@tonic-gate 	int			use_usercb;
6387c478bd9Sstevel@tonic-gate 	int	(*callback)(const ns_ldap_entry_t *entry,
6397c478bd9Sstevel@tonic-gate 			const void *userdata);
6407c478bd9Sstevel@tonic-gate 	const void		*userdata;
6417c478bd9Sstevel@tonic-gate 
6427c478bd9Sstevel@tonic-gate 	int			followRef;
6437c478bd9Sstevel@tonic-gate 	int			use_paging;
6447c478bd9Sstevel@tonic-gate 	char			*service;
6457c478bd9Sstevel@tonic-gate 	char			*i_filter;
6467c478bd9Sstevel@tonic-gate 	const char * const	*i_attr;
6479f2fd570SJulian Pullen 	const char		*i_sortattr;
6487c478bd9Sstevel@tonic-gate 	const ns_cred_t		*i_auth;
649695ef821SGordon Ross 	int			i_flags;
6507c478bd9Sstevel@tonic-gate 
6517c478bd9Sstevel@tonic-gate 	/* OUTPUTS */
6527c478bd9Sstevel@tonic-gate 	ns_ldap_result_t	*result;
6537c478bd9Sstevel@tonic-gate 	ns_ldap_entry_t		*nextEntry;
6547c478bd9Sstevel@tonic-gate 		/* Error data */
6557c478bd9Sstevel@tonic-gate 	int			err_rc;
6567c478bd9Sstevel@tonic-gate 	ns_ldap_error_t		*errorp;
6577c478bd9Sstevel@tonic-gate 
6587c478bd9Sstevel@tonic-gate 	/* PRIVATE */
6597c478bd9Sstevel@tonic-gate 	ns_state_t		state;
6607c478bd9Sstevel@tonic-gate 	ns_state_t		new_state;
6617c478bd9Sstevel@tonic-gate 	ns_state_t		next_state;
6627c478bd9Sstevel@tonic-gate 
6637c478bd9Sstevel@tonic-gate 	Connection		*conn;
664e8ac3ceaSsdussud #define	conn_auth_type	conn->auth->auth.type
6657c478bd9Sstevel@tonic-gate 	ConnectionID		connectionId;
6667c478bd9Sstevel@tonic-gate 
6677c478bd9Sstevel@tonic-gate 	/* paging VLV/SIMPLEPAGE data */
6687c478bd9Sstevel@tonic-gate 	int			listType;
6697c478bd9Sstevel@tonic-gate 	unsigned long		index;
6707c478bd9Sstevel@tonic-gate 	LDAPControl		**p_serverctrls;
6719f2fd570SJulian Pullen 	ns_srvsidesort_t	sortTypeTry;
6729f2fd570SJulian Pullen 	int			entryCount;
6737c478bd9Sstevel@tonic-gate 
6747c478bd9Sstevel@tonic-gate 	int			scope;
6757c478bd9Sstevel@tonic-gate 	char			*basedn;
6767c478bd9Sstevel@tonic-gate 	char			*filter;
6777c478bd9Sstevel@tonic-gate 	char			**attribute;
6787c478bd9Sstevel@tonic-gate 
6797c478bd9Sstevel@tonic-gate 	/* RESULT PROCESSING */
6807c478bd9Sstevel@tonic-gate 	int			msgId;
6817c478bd9Sstevel@tonic-gate 	LDAPMessage		*resultMsg;
6827c478bd9Sstevel@tonic-gate 
6837c478bd9Sstevel@tonic-gate 	char			**dns;
6847c478bd9Sstevel@tonic-gate 	char			*currentdn;
6857c478bd9Sstevel@tonic-gate 	int			flag;
686695ef821SGordon Ross 	struct berval		*ctrlCookie;
6877c478bd9Sstevel@tonic-gate 
6887c478bd9Sstevel@tonic-gate 	/* REFERRALS PROCESSING */
6897c478bd9Sstevel@tonic-gate 	/* referralinfo list & position */
690695ef821SGordon Ross 	ns_referral_info_t	*reflist;
691695ef821SGordon Ross 	ns_referral_info_t	*refpos;
6927c478bd9Sstevel@tonic-gate 	/* search timeout value */
6937c478bd9Sstevel@tonic-gate 	struct timeval		search_timeout;
69447789246Svv 	/* response control to hold account management information */
69547789246Svv 	LDAPControl		**resultctrl;
69647789246Svv 	/* Flag to indicate password less account management is required */
69747789246Svv 	int			nopasswd_acct_mgmt;
6988277a58bSchinlong 	int			err_from_result;
699e1dd0a2fSth 	ns_conn_user_t		*conn_user;
700479ac375Sdm 
701479ac375Sdm 	/* BATCH PROCESSING */
702479ac375Sdm 	ns_ldap_list_batch_t	*batch;
703479ac375Sdm 	boolean_t		no_wait;
704e1dd0a2fSth 	boolean_t		reinit_on_retriable_err;
705e1dd0a2fSth 	int			retries;
706479ac375Sdm 	ns_ldap_result_t	**caller_result;
707479ac375Sdm 	ns_ldap_error_t		**caller_errorp;
708479ac375Sdm 	int			*caller_rc;
709479ac375Sdm 	struct ns_ldap_cookie	*next_cookie_in_batch;
7107c478bd9Sstevel@tonic-gate } ns_ldap_cookie_t;
7117c478bd9Sstevel@tonic-gate 
7127c478bd9Sstevel@tonic-gate /*
7137c478bd9Sstevel@tonic-gate  * This structure is part of the return value information for
7147c478bd9Sstevel@tonic-gate  * __s_api_requestServer.  The routine that requests a new server
7157c478bd9Sstevel@tonic-gate  * from the cache manager
7167c478bd9Sstevel@tonic-gate  */
7177c478bd9Sstevel@tonic-gate typedef struct ns_server_info {
7187c478bd9Sstevel@tonic-gate 	char	*server;
7194a6b6ac4Schinlong 	char	*serverFQDN;
720695ef821SGordon Ross 	char	**controls;
7217c478bd9Sstevel@tonic-gate 	char	**saslMechanisms;
7227c478bd9Sstevel@tonic-gate } ns_server_info_t;
7237c478bd9Sstevel@tonic-gate 
724cb5caa98Sdjl /*
725cb5caa98Sdjl  * sasl callback function parameters
726cb5caa98Sdjl  */
727cb5caa98Sdjl typedef struct ns_sasl_cb_param {
728cb5caa98Sdjl 	char	*mech;
729cb5caa98Sdjl 	char	*authid;
730cb5caa98Sdjl 	char	*authzid;
731cb5caa98Sdjl 	char	*passwd;
732cb5caa98Sdjl 	char	*realm;
733cb5caa98Sdjl } ns_sasl_cb_param_t;
734cb5caa98Sdjl 
735cb5caa98Sdjl /* Multiple threads per connection variable */
736cb5caa98Sdjl extern int MTperConn;
737cb5caa98Sdjl 
7387c478bd9Sstevel@tonic-gate /*
7397c478bd9Sstevel@tonic-gate  * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS
7407c478bd9Sstevel@tonic-gate  */
7417c478bd9Sstevel@tonic-gate 
7427c478bd9Sstevel@tonic-gate #ifdef DEBUG
7437c478bd9Sstevel@tonic-gate extern int	__ldap_debug_file;
7447c478bd9Sstevel@tonic-gate extern int	__ldap_debug_api;
7457c478bd9Sstevel@tonic-gate extern int	__ldap_debug_ldap;
7467c478bd9Sstevel@tonic-gate extern int	__ldap_debug_servers;
7477c478bd9Sstevel@tonic-gate #endif
7487c478bd9Sstevel@tonic-gate 
7497c478bd9Sstevel@tonic-gate /* internal connection APIs */
7507c478bd9Sstevel@tonic-gate void DropConnection(ConnectionID, int);
7517c478bd9Sstevel@tonic-gate int __s_api_getServers(char *** servers, ns_ldap_error_t ** error);
7527c478bd9Sstevel@tonic-gate 
7537c478bd9Sstevel@tonic-gate int __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i);
7547c478bd9Sstevel@tonic-gate char *__s_get_auth_name(ns_config_t *ptr, AuthType_t type);
7557c478bd9Sstevel@tonic-gate char *__s_get_security_name(ns_config_t *ptr, TlsType_t type);
7567c478bd9Sstevel@tonic-gate char *__s_get_scope_name(ns_config_t *ptr, ScopeType_t type);
7577c478bd9Sstevel@tonic-gate char *__s_get_pref_name(PrefOnly_t type);
7587c478bd9Sstevel@tonic-gate char *__s_get_searchref_name(ns_config_t *ptr, SearchRef_t type);
759dd1104fbSMichen Chang char *__s_get_shadowupdate_name(enableShadowUpdate_t type);
7607c478bd9Sstevel@tonic-gate char *__s_get_hostcertpath(void);
761e1dd0a2fSth void __s_api_free_sessionPool();
762e1dd0a2fSth int __s_api_requestServer(const char *request, const char *server,
763e1dd0a2fSth 	ns_server_info_t *ret, ns_ldap_error_t **error,  const char *addrType);
7647c478bd9Sstevel@tonic-gate 
7657c478bd9Sstevel@tonic-gate 
7667c478bd9Sstevel@tonic-gate /* ************ internal sldap-api functions *********** */
7677c478bd9Sstevel@tonic-gate void	__ns_ldap_freeEntry(ns_ldap_entry_t *ep);
768d7ab8532SJason King void	__ns_ldap_freeASearchDesc(ns_ldap_search_desc_t *);
7697c478bd9Sstevel@tonic-gate void	__s_api_split_key_value(char *buffer, char **name, char **value);
7707c478bd9Sstevel@tonic-gate int	__s_api_printResult(ns_ldap_result_t *);
7717c478bd9Sstevel@tonic-gate int	__s_api_getSearchScope(int *, ns_ldap_error_t **);
7727c478bd9Sstevel@tonic-gate int	__s_api_getDNs(char ***, const char *,
7737c478bd9Sstevel@tonic-gate 	ns_ldap_error_t **);
7747c478bd9Sstevel@tonic-gate int	__s_api_get_search_DNs_v1(char ***, const char *,
7757c478bd9Sstevel@tonic-gate 	ns_ldap_error_t **);
7767c478bd9Sstevel@tonic-gate int	__s_api_getConnection(const char *, const int,
7777c478bd9Sstevel@tonic-gate 	const ns_cred_t *, int *,
778e1dd0a2fSth 	Connection **, ns_ldap_error_t **, int, int, ns_conn_user_t *);
7797c478bd9Sstevel@tonic-gate char	**__s_api_cp2dArray(char **);
7807c478bd9Sstevel@tonic-gate void	__s_api_free2dArray(char **);
7817c478bd9Sstevel@tonic-gate 
7827c478bd9Sstevel@tonic-gate int	__s_api_isCtrlSupported(Connection *, char *);
7837c478bd9Sstevel@tonic-gate ns_config_t *__ns_ldap_make_config(ns_ldap_result_t *result);
7847c478bd9Sstevel@tonic-gate ns_auth_t  *__s_api_AuthEnumtoStruct(const EnumAuthType_t i);
785e1dd0a2fSth boolean_t __s_api_peruser_proc(void);
786e1dd0a2fSth boolean_t __s_api_nscd_proc(void);
7877c478bd9Sstevel@tonic-gate char	*dvalue(char *);
7887c478bd9Sstevel@tonic-gate char	*evalue(char *);
789e1dd0a2fSth ns_ldap_error_t *__s_api_make_error(int, char *);
790e1dd0a2fSth ns_ldap_error_t *__s_api_copy_error(ns_ldap_error_t *);
791e1dd0a2fSth 
792e1dd0a2fSth /* ************ specific 'Standalone' functions ********** */
793e1dd0a2fSth ns_ldap_return_code __s_api_ip2hostname(char *ipaddr, char **hostname);
794e1dd0a2fSth struct hostent *__s_api_hostname2ip(const char *name,
795e1dd0a2fSth 				    struct hostent *result,
796e1dd0a2fSth 				    char *buffer,
797e1dd0a2fSth 				    int buflen,
798e1dd0a2fSth 				    int *h_errnop);
799e1dd0a2fSth void	__s_api_setInitMode();
800e1dd0a2fSth void	__s_api_unsetInitMode();
801e1dd0a2fSth int	__s_api_isStandalone(void);
802e1dd0a2fSth int __s_api_isInitializing();
803e1dd0a2fSth ns_ldap_return_code __s_api_findRootDSE(const char *request,
804e1dd0a2fSth 					const char *server,
805e1dd0a2fSth 					const char *addrType,
806e1dd0a2fSth 					ns_server_info_t *ret,
807e1dd0a2fSth 					ns_ldap_error_t	**error);
808e1dd0a2fSth ns_config_t *__s_api_create_config_door_str(char *config,
809e1dd0a2fSth 				ns_ldap_error_t **errorp);
8107c478bd9Sstevel@tonic-gate 
8117c478bd9Sstevel@tonic-gate extern void	get_environment();
8127c478bd9Sstevel@tonic-gate 
8137c478bd9Sstevel@tonic-gate /* internal Param APIs */
8147c478bd9Sstevel@tonic-gate int		__ns_ldap_setParamValue(ns_config_t *ptr,
8157c478bd9Sstevel@tonic-gate 			const ParamIndexType type,
8167c478bd9Sstevel@tonic-gate 			const void *data, ns_ldap_error_t **error);
8177c478bd9Sstevel@tonic-gate int		__s_api_get_type(const char *value, ParamIndexType *type);
8187c478bd9Sstevel@tonic-gate int		__s_api_get_versiontype(ns_config_t *ptr, char *value,
8197c478bd9Sstevel@tonic-gate 					ParamIndexType *type);
8207c478bd9Sstevel@tonic-gate int		__s_api_get_profiletype(char *value, ParamIndexType *type);
8217c478bd9Sstevel@tonic-gate void		__s_api_init_config(ns_config_t *ptr);
822e1dd0a2fSth void		__s_api_init_config_global(ns_config_t *ptr);
8237c478bd9Sstevel@tonic-gate ns_parse_status __s_api_crosscheck(ns_config_t *domainptr, char *errstr,
8247c478bd9Sstevel@tonic-gate 					int check_dn);
8257c478bd9Sstevel@tonic-gate ns_config_t	*__s_api_create_config(void);
8267c478bd9Sstevel@tonic-gate ns_config_t	*__s_api_get_default_config(void);
827e1dd0a2fSth ns_config_t	*__s_api_get_default_config_global(void);
8287c478bd9Sstevel@tonic-gate ns_config_t	*__s_api_loadrefresh_config();
829e1dd0a2fSth ns_config_t	*__s_api_loadrefresh_config_global();
8307c478bd9Sstevel@tonic-gate void		__s_api_destroy_config(ns_config_t *ptr);
8317c478bd9Sstevel@tonic-gate int		__s_api_get_configtype(ParamIndexType type);
8327c478bd9Sstevel@tonic-gate const char	*__s_api_get_configname(ParamIndexType type);
833434c5a06SMilan Jurik char		*__s_api_strValue(ns_config_t *ptr, ParamIndexType i,
8347c478bd9Sstevel@tonic-gate 			ns_strfmt_t fmt);
8357c478bd9Sstevel@tonic-gate void		__s_api_release_config(ns_config_t *cfg);
8367c478bd9Sstevel@tonic-gate 
8377c478bd9Sstevel@tonic-gate /* internal attribute/objectclass mapping api's */
8387c478bd9Sstevel@tonic-gate int		 __s_api_add_map2hash(ns_config_t *config,
8397c478bd9Sstevel@tonic-gate 				ns_hashtype_t type, ns_mapping_t *map);
8407c478bd9Sstevel@tonic-gate void		__s_api_destroy_hash(ns_config_t *config);
8417c478bd9Sstevel@tonic-gate int		__s_api_parse_map(char *cp, char **sid,
8427c478bd9Sstevel@tonic-gate 				char **origA, char ***mapA);
8437c478bd9Sstevel@tonic-gate char		**__ns_ldap_mapAttributeList(const char *service,
8447c478bd9Sstevel@tonic-gate 				const char * const *origAttrList);
8459f2fd570SJulian Pullen char		*__ns_ldap_mapAttribute(const char *service,
8469f2fd570SJulian Pullen 				const char *origAttr);
8477c478bd9Sstevel@tonic-gate 
8487c478bd9Sstevel@tonic-gate /* internal configuration APIs */
8497c478bd9Sstevel@tonic-gate void		__ns_ldap_setServer(int set);
8507c478bd9Sstevel@tonic-gate ns_ldap_error_t	*__ns_ldap_LoadConfiguration();
851e1dd0a2fSth ns_ldap_error_t	*__ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname,
852b57459abSJulian Pullen 				ns_config_t *new, int cred_only);
8537c478bd9Sstevel@tonic-gate ns_ldap_error_t *__ns_ldap_DumpConfiguration(char *filename);
8547c478bd9Sstevel@tonic-gate ns_ldap_error_t	*__ns_ldap_DumpLdif(char *filename);
8557c478bd9Sstevel@tonic-gate int		__ns_ldap_cache_ping();
856cb5caa98Sdjl ns_ldap_error_t *__ns_ldap_print_config(int);
857cb5caa98Sdjl void		__ns_ldap_default_config();
858cb5caa98Sdjl int		__ns_ldap_download(const char *, char *, char *,
859cb5caa98Sdjl 				ns_ldap_error_t **);
860d7ab8532SJason King int __ns_ldap_check_dns_preq(int foreground, int mode_verbose, int mode_quiet,
861d7ab8532SJason King     const char *fname, ns_ldap_self_gssapi_config_t config,
862d7ab8532SJason King     ns_ldap_error_t **errpp);
863d7ab8532SJason King 
864d7ab8532SJason King int __ns_ldap_check_gssapi_preq(int foreground, int mode_verbose,
865d7ab8532SJason King     int mode_quiet, ns_ldap_self_gssapi_config_t config,
866d7ab8532SJason King     ns_ldap_error_t **errpp);
867d7ab8532SJason King 
868d7ab8532SJason King int __ns_ldap_check_all_preq(int foreground, int mode_verbose, int mode_quiet,
869d7ab8532SJason King     ns_ldap_self_gssapi_config_t config, ns_ldap_error_t **errpp);
8707c478bd9Sstevel@tonic-gate 
8717c478bd9Sstevel@tonic-gate /* internal un-exposed APIs */
872695ef821SGordon Ross ns_cred_t	*__ns_ldap_dupAuth(const ns_cred_t *authp);
873e1dd0a2fSth boolean_t	__s_api_is_auth_matched(const ns_cred_t *auth1,
874e1dd0a2fSth 		    const ns_cred_t *auth2);
8757c478bd9Sstevel@tonic-gate int		__s_api_get_SSD_from_SSDtoUse_service(const char *service,
8767c478bd9Sstevel@tonic-gate 			ns_ldap_search_desc_t ***SSDlist,
8777c478bd9Sstevel@tonic-gate 			ns_ldap_error_t **errorp);
8787c478bd9Sstevel@tonic-gate int		__s_api_prepend_automountmapname(const char *service,
8797c478bd9Sstevel@tonic-gate 			ns_ldap_search_desc_t ***SSDlist,
8807c478bd9Sstevel@tonic-gate 			ns_ldap_error_t ** errorp);
8817c478bd9Sstevel@tonic-gate int		__s_api_prepend_automountmapname_to_dn(const char *service,
8827c478bd9Sstevel@tonic-gate 			char **basedn,
8837c478bd9Sstevel@tonic-gate 			ns_ldap_error_t ** errorp);
8847c478bd9Sstevel@tonic-gate int		__s_api_convert_automountmapname(const char *service,
8857c478bd9Sstevel@tonic-gate 			char **dn, ns_ldap_error_t ** errorp);
8867c478bd9Sstevel@tonic-gate int		__s_api_replace_mapped_attr_in_dn(
8877c478bd9Sstevel@tonic-gate 			const char *orig_attr, const char *mapped_attr,
8887c478bd9Sstevel@tonic-gate 			const char *dn, char **new_dn);
8897c478bd9Sstevel@tonic-gate int		__s_api_append_default_basedn(
8907c478bd9Sstevel@tonic-gate 			const char *dn,
8917c478bd9Sstevel@tonic-gate 			char **new_dn,
8927c478bd9Sstevel@tonic-gate 			int *allocated,
8937c478bd9Sstevel@tonic-gate 			ns_ldap_error_t ** errorp);
894e8ac3ceaSsdussud int		__s_api_removeServer(const char *server);
895689c2bf4Sjanga void		__s_api_removeBadServers(char **server);
8964a6b6ac4Schinlong void		__s_api_free_server_info(ns_server_info_t *sinfo);
897e1dd0a2fSth void		__s_api_freeConnection(Connection *con);
8987c478bd9Sstevel@tonic-gate 
8997c478bd9Sstevel@tonic-gate /* internal referrals APIs */
900695ef821SGordon Ross int		__s_api_toFollowReferrals(const int flags,
9017c478bd9Sstevel@tonic-gate 			int *toFollow,
9027c478bd9Sstevel@tonic-gate 			ns_ldap_error_t **errorp);
903695ef821SGordon Ross int		__s_api_addRefInfo(ns_referral_info_t **head,
9047c478bd9Sstevel@tonic-gate 			char *url, char *baseDN, int *scope,
9057c478bd9Sstevel@tonic-gate 			char *filter, LDAP *ld);
9067c478bd9Sstevel@tonic-gate void		__s_api_deleteRefInfo(ns_referral_info_t *head);
9077c478bd9Sstevel@tonic-gate 
9087c478bd9Sstevel@tonic-gate /* callback routine for SSD filters */
9097c478bd9Sstevel@tonic-gate int		__s_api_merge_SSD_filter(const ns_ldap_search_desc_t *desc,
9107c478bd9Sstevel@tonic-gate 			char **realfilter,
9117c478bd9Sstevel@tonic-gate 			const void *userdata);
9127c478bd9Sstevel@tonic-gate 
9137c478bd9Sstevel@tonic-gate /* network address verification api */
9147c478bd9Sstevel@tonic-gate int		__s_api_isipv4(char *addr);
9157c478bd9Sstevel@tonic-gate int		__s_api_isipv6(char *addr);
9167c478bd9Sstevel@tonic-gate int		__s_api_ishost(char *addr);
9177c478bd9Sstevel@tonic-gate 
9187c478bd9Sstevel@tonic-gate /* password management routine */
9197c478bd9Sstevel@tonic-gate ns_ldap_passwd_status_t
9207c478bd9Sstevel@tonic-gate 		__s_api_set_passwd_status(int errnum, char *errmsg);
9217c478bd9Sstevel@tonic-gate int		__s_api_contain_passwd_control_oid(char **oids);
9227c478bd9Sstevel@tonic-gate 
92347789246Svv /* password less account management routine */
92447789246Svv int		__s_api_contain_account_usable_control_oid(char **oids);
92547789246Svv 
9267c478bd9Sstevel@tonic-gate /* RFC 2307 section 5.6. Get a canonical name from entry */
9277c478bd9Sstevel@tonic-gate char		*__s_api_get_canonical_name(ns_ldap_entry_t *entry,
9287c478bd9Sstevel@tonic-gate 			ns_ldap_attr_t *attrptr, int case_ignore);
9297c478bd9Sstevel@tonic-gate 
930cb5caa98Sdjl /* self/sasl/gssapi functions */
931cb5caa98Sdjl int		__s_api_sasl_bind_callback(
932cb5caa98Sdjl 			LDAP		*ld,
933cb5caa98Sdjl 			unsigned	flags,
934cb5caa98Sdjl 			void		*defaults,
935cb5caa98Sdjl 			void		*in);
936cb5caa98Sdjl 
937cb5caa98Sdjl int		__s_api_self_gssapi_only_get(void);
938cb5caa98Sdjl 
939434c5a06SMilan Jurik int		__print2buf(LineBuf *line, const char *toprint, char *sep);
940434c5a06SMilan Jurik 
9417c478bd9Sstevel@tonic-gate #ifdef __cplusplus
9427c478bd9Sstevel@tonic-gate }
9437c478bd9Sstevel@tonic-gate #endif
9447c478bd9Sstevel@tonic-gate 
9457c478bd9Sstevel@tonic-gate #endif /* _NS_INTERNAL_H */
946