1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
24 */
25
26
27#ifndef	_NS_SLDAP_H
28#define	_NS_SLDAP_H
29
30#ifdef __cplusplus
31extern "C" {
32#endif
33
34#include <stdio.h>
35#include <sys/types.h>
36#include <lber.h>
37#include <ldap.h>
38
39/*
40 * Version
41 */
42#define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
43#define	NS_LDAP_VERSION_1	"1.0"
44#define	NS_LDAP_VERSION_2	"2.0"
45
46/*
47 * Flags
48 */
49#define	NS_LDAP_HARD		  0x001
50#define	NS_LDAP_ALL_RES		  0x002
51
52/* Search Referral Option */
53typedef enum SearchRef {
54	NS_LDAP_FOLLOWREF	= 0x004,
55	NS_LDAP_NOREF		= 0x008
56} SearchRef_t;
57
58typedef enum ScopeType {
59	NS_LDAP_SCOPE_BASE	= 0x010,
60	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
61	NS_LDAP_SCOPE_SUBTREE	= 0x040
62} ScopeType_t;
63
64/*
65 * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
66 * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
67 * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
68 * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
69 */
70
71#define	NS_LDAP_KEEP_CONN	  0x080
72#define	NS_LDAP_NEW_CONN	  0x400
73#define	NS_LDAP_NOMAP		  0x800
74
75#define	NS_LDAP_PAGE_CTRL	  0x1000
76#define	NS_LDAP_NO_PAGE_CTRL	  0x0000
77
78/*
79 * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
80 * to retrieve the DN in LDAP and DN is not to be converted when
81 * being passed back to the application. See __ns_ldap_uid2dn()
82 * and __ns_ldap_host2dn() for such usage.
83 */
84#define	NS_LDAP_NOT_CVT_DN	0x2000
85
86/*
87 * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
88 * __ns_ldap_repAttr() to update the shadow database on the
89 * LDAP server.
90 */
91#define	NS_LDAP_UPDATE_SHADOW	0x4000
92
93/*
94 * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
95 * and __ns_ldap_firstEntry() to read the shadow database on the
96 * LDAP server.
97 */
98#define	NS_LDAP_READ_SHADOW	0x8000
99
100/*
101 * Authentication Information
102 */
103typedef enum CredLevel {
104	NS_LDAP_CRED_ANON	= 0,
105	NS_LDAP_CRED_PROXY	= 1,
106	NS_LDAP_CRED_SELF	= 2
107} CredLevel_t;
108
109typedef enum AuthType {
110	NS_LDAP_AUTH_NONE	= 0,
111	NS_LDAP_AUTH_SIMPLE	= 1,
112	NS_LDAP_AUTH_SASL	= 2,
113	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
114	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
115} AuthType_t;
116
117typedef enum TlsType {
118	NS_LDAP_TLS_NONE	= 0,
119	NS_LDAP_TLS_SIMPLE	= 1,
120	NS_LDAP_TLS_SASL	= 2
121} TlsType_t;
122
123typedef enum SaslMech {
124	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
125	NS_LDAP_SASL_CRAM_MD5	= 1,
126	NS_LDAP_SASL_DIGEST_MD5	= 2,
127	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
128	NS_LDAP_SASL_GSSAPI	= 4,
129	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
130} SaslMech_t;
131
132typedef enum SaslOpt {
133	NS_LDAP_SASLOPT_NONE	= 0,
134	NS_LDAP_SASLOPT_INT	= 1,
135	NS_LDAP_SASLOPT_PRIV	= 2
136} SaslOpt_t;
137
138typedef enum PrefOnly {
139	NS_LDAP_PREF_FALSE	= 0,
140	NS_LDAP_PREF_TRUE	= 1
141} PrefOnly_t;
142
143typedef enum enableShadowUpdate {
144	NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE	= 0,
145	NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE	= 1
146} enableShadowUpdate_t;
147
148typedef struct UnixCred {
149	char	*userID;	/* Unix ID number */
150	char	*passwd;	/* password */
151} UnixCred_t;
152
153typedef struct CertCred {
154	char	*path;		/* certificate path */
155	char	*passwd;	/* password */
156	char	*nickname;	/* nickname */
157} CertCred_t;
158
159typedef struct ns_auth {
160	AuthType_t	type;
161	TlsType_t	tlstype;
162	SaslMech_t	saslmech;
163	SaslOpt_t	saslopt;
164} ns_auth_t;
165
166typedef struct ns_cred {
167	ns_auth_t	auth;
168	char		*hostcertpath;
169	union {
170		UnixCred_t	unix_cred;
171		CertCred_t	cert_cred;
172	} cred;
173} ns_cred_t;
174
175
176typedef struct LineBuf {
177	char *str;
178	int len;
179	int alloc;
180} LineBuf;
181
182/*
183 * Configuration Information
184 */
185
186typedef enum {
187	NS_LDAP_FILE_VERSION_P		= 0,
188	NS_LDAP_BINDDN_P		= 1,
189	NS_LDAP_BINDPASSWD_P		= 2,
190	NS_LDAP_SERVERS_P		= 3,
191	NS_LDAP_SEARCH_BASEDN_P		= 4,
192	NS_LDAP_AUTH_P			= 5,
193/*
194 * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
195 * with version 1 clients and their configuration files.  The only
196 * supported value is NS_LDAP_SEC_NONE.  No application should be
197 * using this parameter type (either through getParam or setParam.
198 */
199	NS_LDAP_TRANSPORT_SEC_P		= 6,
200	NS_LDAP_SEARCH_REF_P		= 7,
201	NS_LDAP_DOMAIN_P		= 8,
202	NS_LDAP_EXP_P			= 9,
203	NS_LDAP_CERT_PATH_P		= 10,
204	NS_LDAP_CERT_PASS_P		= 11,
205	NS_LDAP_SEARCH_DN_P		= 12,
206	NS_LDAP_SEARCH_SCOPE_P		= 13,
207	NS_LDAP_SEARCH_TIME_P		= 14,
208	NS_LDAP_SERVER_PREF_P		= 15,
209	NS_LDAP_PREF_ONLY_P		= 16,
210	NS_LDAP_CACHETTL_P		= 17,
211	NS_LDAP_PROFILE_P		= 18,
212	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
213	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
214	NS_LDAP_BIND_TIME_P		= 21,
215	NS_LDAP_ATTRIBUTEMAP_P		= 22,
216	NS_LDAP_OBJECTCLASSMAP_P	= 23,
217	NS_LDAP_CERT_NICKNAME_P		= 24,
218	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
219	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
220	NS_LDAP_HOST_CERTPATH_P		= 27,
221	NS_LDAP_ENABLE_SHADOW_UPDATE_P	= 28,
222	NS_LDAP_ADMIN_BINDDN_P		= 29,
223	NS_LDAP_ADMIN_BINDPASSWD_P	= 30,
224/*
225 * The following entry (max ParamIndexType) is an internal
226 * placeholder.  It must be the last (and highest value)
227 * entry in this eNum.  Please update accordingly.
228 */
229	NS_LDAP_MAX_PIT_P		= 31
230
231} ParamIndexType;
232
233/*
234 * NONE - No self / SASL/GSSAPI configured
235 * ONLY - Only self / SASL/GSSAPI configured
236 * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
237 */
238typedef enum {
239	NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
240	NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
241	NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
242} ns_ldap_self_gssapi_config_t;
243
244/*
245 * __ns_ldap_*() return codes
246 */
247typedef enum {
248	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
249	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
250	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
251	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
252	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
253	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
254	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
255	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
256	NS_LDAP_SUCCESS_WITH_INFO
257				= 9  /* success, with info in errorp */
258} ns_ldap_return_code;
259
260/*
261 * Detailed error code for NS_LDAP_CONFIG
262 */
263typedef enum {
264	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
265	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
266	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
267	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
268	NS_CONFIG_FILE		= 4,	/* configuration file problem */
269	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
270} ns_ldap_config_return_code;
271
272/*
273 * Detailed error code for NS_LDAP_PARTIAL
274 */
275typedef enum {
276	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
277	NS_PARTIAL_OTHER	= 1	/* error encountered */
278} ns_ldap_partial_return_code;
279
280/*
281 * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
282 */
283typedef enum {
284	NS_HOSTCRED_FALSE = 0,
285	NS_HOSTCRED_TRUE  = 1
286} hostcred_t;
287
288/*
289 * Detailed password status
290 */
291typedef enum {
292	NS_PASSWD_GOOD			= 0,	/* password is good */
293	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
294						/* about to expire */
295	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
296						/* changed immediately */
297	NS_PASSWD_EXPIRED		= 3,	/* password expired */
298	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
299						/* account is locked */
300	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
301						/* by the administrator */
302	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
303						/* new password has */
304						/* invalid syntax -- */
305						/* trivial password: same */
306						/* value as attr, cn, sn, */
307						/* uid, etc. */
308						/* or strong password */
309						/* policies check */
310	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
311						/* new password has */
312						/* less chars than */
313						/* required */
314	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
315						/* reuse old password  */
316	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
317						/* within minimum age  */
318} ns_ldap_passwd_status_t;
319
320/*
321 * Password management information structure
322 *
323 * This structure is different from AcctUsableResponse_t structure in
324 * that this structure holds result of users account mgmt information when
325 * an ldap bind is done with user name and user password.
326 */
327typedef struct ns_ldap_passwd_mgmt {
328	ns_ldap_passwd_status_t
329		status;			/* password status */
330	int	sec_until_expired;	/* seconds until expired, */
331					/* valid if status is */
332					/* NS_PASSWD_ABOUT_TO_EXPIRE */
333} ns_ldap_passwd_mgmt_t;
334
335/*
336 * LDAP V3 control flag for account management - Used for account management
337 * when no password is provided
338 */
339#define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"
340
341/*
342 * Structure for holding the response returned by server for
343 * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
344 */
345typedef struct AcctUsableMoreInfo {
346	int inactive;
347	int reset;
348	int expired;
349	int rem_grace;
350	int sec_b4_unlock;
351} AcctUsableMoreInfo_t;
352
353/*
354 * Structure used to hold the response from the server for
355 * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
356 *
357 * ACCOUNT_USABLE_RESPONSE::= CHOICE {
358 * is_available		[0] INTEGER, seconds before expiration
359 * is_not_available	[1] More_info
360 * }
361 *
362 * More_info::= SEQUENCE {
363 * inactive		[0] BOOLEAN DEFAULT FALSE,
364 * reset		[1] BOOLEAN DEFAULT FALSE,
365 * expired		[2] BOOLEAN DEFAULT FALSE,
366 * remaining_grace	[3] INTEGER OPTIONAL,
367 * seconds_before_unlock[4] INTEGER OPTIONAL
368 * }
369 *
370 * This structure is different from ns_ldap_passwd_mgmt_t structure in
371 * that this structure holds result of users account mgmt information when
372 * pam_ldap doesn't have the users password and proxy agent is used for
373 * obtaining the account management information.
374 */
375typedef struct AcctUsableResponse {
376	int choice;
377	union {
378		int seconds_before_expiry;
379		AcctUsableMoreInfo_t more_info;
380	} AcctUsableResp;
381} AcctUsableResponse_t;
382
383/*
384 * Simplified LDAP Naming API result structure
385 */
386typedef struct ns_ldap_error {
387	int	status;				/* LDAP error code */
388	char	*message;			/* LDAP error message */
389	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
390						/* management info */
391} ns_ldap_error_t;
392
393typedef struct	 ns_ldap_attr {
394	char	*attrname;			/* attribute name */
395	uint_t	value_count;
396	char	**attrvalue;			/* attribute values */
397} ns_ldap_attr_t;
398
399typedef struct ns_ldap_entry {
400	uint_t		attr_count;		/* number of attributes */
401	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
402	struct ns_ldap_entry *next;		/* next entry */
403} ns_ldap_entry_t;
404
405typedef struct ns_ldap_result {
406	uint_t	entries_count;		/* number of entries */
407	ns_ldap_entry_t	*entry;		/* data */
408} ns_ldap_result_t;
409
410/*
411 * structures for the conversion routines used by typedAddEntry()
412 */
413
414typedef struct _ns_netgroups {
415	char  *name;
416	char  **triplet;
417	char  **netgroup;
418} _ns_netgroups_t;
419
420typedef struct _ns_netmasks {
421	char *netnumber;
422	char *netmask;
423} _ns_netmasks_t;
424
425typedef struct _ns_bootp {
426	char *name;
427	char **param;
428} _ns_bootp_t;
429
430typedef struct _ns_ethers {
431	char *name;
432	char *ether;
433} _ns_ethers_t;
434
435typedef struct _ns_pubkey {
436	char *name;
437	hostcred_t hostcred;
438	char *pubkey;
439	char *privkey;
440} _ns_pubkey_t;
441
442typedef struct _ns_alias {
443	char *alias;
444	char **member;
445} _ns_alias_t;
446
447typedef struct _ns_automount {
448	char *mapname;
449	char *key;
450	char *value;
451} _ns_automount_t;
452
453/*
454 * return values for the callback function in __ns_ldap_list()
455 */
456#define	NS_LDAP_CB_NEXT	0	/* get the next entry */
457#define	NS_LDAP_CB_DONE	1	/* done */
458
459/*
460 * Input values for the type specified in __ns_ldap_addTypedEntry()
461 * and __ns_ldap_delTypedEntry()
462 */
463
464#define	NS_LDAP_TYPE_PASSWD	"passwd"
465#define	NS_LDAP_TYPE_GROUP	"group"
466#define	NS_LDAP_TYPE_HOSTS	"hosts"
467#define	NS_LDAP_TYPE_IPNODES	"ipnodes"
468#define	NS_LDAP_TYPE_PROFILE	"prof_attr"
469#define	NS_LDAP_TYPE_RPC	"rpc"
470#define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
471#define	NS_LDAP_TYPE_NETWORKS	"networks"
472#define	NS_LDAP_TYPE_NETGROUP	"netgroup"
473#define	NS_LDAP_TYPE_ALIASES	"aliases"
474#define	NS_LDAP_TYPE_SERVICES	"services"
475#define	NS_LDAP_TYPE_ETHERS	"ethers"
476#define	NS_LDAP_TYPE_SHADOW	"shadow"
477#define	NS_LDAP_TYPE_NETMASKS	"netmasks"
478#define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
479#define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
480#define	NS_LDAP_TYPE_USERATTR	"user_attr"
481#define	NS_LDAP_TYPE_PROJECT	"project"
482#define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
483#define	NS_LDAP_TYPE_AUUSER	"audit_user"
484#define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
485#define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
486#define	NS_LDAP_TYPE_TNRHDB	"tnrhdb"
487#define	NS_LDAP_TYPE_TNRHTP	"tnrhtp"
488
489/*
490 * service descriptor/attribute mapping structure
491 */
492
493typedef struct ns_ldap_search_desc {
494	char		*basedn;	/* search base dn */
495	ScopeType_t	scope;		/* search scope */
496	char		*filter;	/* search filter */
497} ns_ldap_search_desc_t;
498
499typedef struct ns_ldap_attribute_map {
500	char		*origAttr;	/* original attribute */
501	char		**mappedAttr;	/* mapped attribute(s) */
502} ns_ldap_attribute_map_t;
503
504typedef struct ns_ldap_objectclass_map {
505	char		*origOC;	/* original objectclass */
506	char		*mappedOC;	/* mapped objectclass */
507} ns_ldap_objectclass_map_t;
508
509/*
510 * Value of the userPassword attribute representing NO Unix password
511 */
512#define	NS_LDAP_NO_UNIX_PASSWORD	"<NO UNIX PASSWORD>"
513
514/* Opaque handle for batch API */
515typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
516
517/*
518 * The type of standalone configuration specified by a client application.
519 * The meaning of the requests is as follows:
520 *
521 * NS_CACHEMGR:    libsldap will request all the configuration via door_call(3C)
522 *                 to ldap_cachemgr.
523 * NS_LDAP_SERVER: the consumer application has specified a directory server
524 *                 to communicate to.
525 * NS_PREDEFINED:  reserved for internal use
526 */
527typedef enum {
528	NS_CACHEMGR = 0,
529	NS_LDAP_SERVER
530} ns_standalone_request_type_t;
531
532/*
533 * This structure describes an LDAP server specified by a client application.
534 */
535typedef struct ns_dir_server {
536	char *server;			/* A directory server's IP */
537	uint16_t port;			/* A directory server's port. */
538					/* Default value is 389 */
539	char *domainName;		/* A domain name being served */
540					/* by the specified server. */
541					/* Default value is the local */
542					/* domain's name */
543	char *profileName;		/* A DUAProfile's name. */
544					/* Default value is 'default' */
545	ns_auth_t *auth;		/* Authentication information used */
546					/* during subsequent connections */
547	char *cred;			/* A credential level to be used */
548					/* along with the authentication info */
549	char *host_cert_path;		/* A path to the certificate database */
550					/* Default is '/vat/ldap' */
551	char *bind_dn;			/* A bind DN to be used during */
552					/* subsequent LDAP Bind requests */
553	char *bind_passwd;		/* A bind password to be used during */
554					/* subsequent LDAP Bind requests */
555} ns_dir_server_t;
556
557/*
558 * This structure contains information describing an LDAP server.
559 */
560typedef struct ns_standalone_conf {
561	union {
562		ns_dir_server_t server;
563		void *predefined_conf;	/* Reserved for internal use */
564	} ds_profile;			/* A type of the configuration */
565
566#define	SA_SERVER	ds_profile.server.server
567#define	SA_PORT		ds_profile.server.port
568#define	SA_DOMAIN	ds_profile.server.domainName
569#define	SA_PROFILE_NAME	ds_profile.server.profileName
570#define	SA_AUTH		ds_profile.server.auth
571#define	SA_CRED		ds_profile.server.cred
572#define	SA_CERT_PATH	ds_profile.server.host_cert_path
573#define	SA_BIND_DN	ds_profile.server.bind_dn
574#define	SA_BIND_PWD	ds_profile.server.bind_passwd
575
576	ns_standalone_request_type_t type;
577} ns_standalone_conf_t;
578
579/*
580 * This function "informs" libsldap that a client application has specified
581 * a directory to use. The function obtains a DUAProfile, credentials,
582 * and naming context. During all further operations on behalf
583 * of the application requested a standalone schema libsldap will use
584 * the information obtained by __ns_ldap_initStandalone() instead of
585 * door_call(3C)ing ldap_cachemgr(1M).
586 *
587 * conf
588 * 	A structure describing where and in which way to obtain all the
589 * 	configuration describing how to communicate to a choosen LDAP directory.
590 *
591 * errorp
592 * 	An error object describing an error occured.
593 */
594ns_ldap_return_code __ns_ldap_initStandalone(
595	const ns_standalone_conf_t *conf,
596	ns_ldap_error_t	**errorp);
597
598/*
599 * This function obtains the directory's base DN and a DUAProfile
600 * from a specified server.
601 *
602 * server
603 * 	Specifies the selected directory sever.
604 *
605 * cred
606 * 	Contains an authentication information and credential required to
607 * 	establish a connection.
608 *
609 * config
610 * 	If not NULL, a new configuration basing on a DUAProfile specified in the
611 * 	server parameter will be create and returned.
612 *
613 * baseDN
614 * 	If not NULL, the directory's base DN will be returned.
615 *
616 * error
617 * 	Describes an error, if any.
618 */
619ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
620	const ns_dir_server_t *server,
621	const ns_cred_t *cred,
622	char **config,	char **baseDN,
623	ns_ldap_error_t **error);
624
625#define	SA_PROHIBIT_FALLBACK 0
626#define	SA_ALLOW_FALLBACK 1
627
628#define	DONT_SAVE_NSCONF 0
629#define	SAVE_NSCONF 1
630
631/*
632 * This function obtains the root DSE from a specified server.
633 *
634 * server_addr
635 * 	An adress of a server to be connected to.
636 *
637 * rootDSE
638 * 	A buffer containing the root DSE in the ldap_cachmgr door call format.
639 *
640 * errorp
641 * 	Describes an error, if any.
642 *
643 * anon_fallback
644 * 	If set to 1 and establishing a connection fails, __s_api_getRootDSE()
645 * 	will try once again using anonymous credentials.
646 */
647ns_ldap_return_code __ns_ldap_getRootDSE(
648	const char *server_addr,
649	char **rootDSE,
650	ns_ldap_error_t **errorp,
651	int anon_fallback);
652
653/*
654 * This function iterates through the list of the configured LDAP servers
655 * and "pings" those which are marked as removed or if any error occurred
656 * during the previous receiving of the server's root DSE. If the
657 * function is able to reach such a server and get its root DSE, it
658 * marks the server as on-line. Otherwise, the server's status is set
659 * to "Error".
660 * For each server the function tries to connect to, it fires up
661 * a separate thread and then waits until all the threads finish.
662 * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
663 * initialized or was canceled prior to an invocation of
664 * __ns_ldap_pingOfflineServers().
665 */
666ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
667
668/*
669 * This function cancels the Standalone mode and destroys the list of root DSEs.
670 */
671void __ns_ldap_cancelStandalone(void);
672/*
673 * This function initializes an ns_auth_t structure provided by a caller
674 * according to a specified authentication mechanism.
675 */
676ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
677	ns_auth_t *auth,
678	ns_ldap_error_t **errorp);
679
680/*
681 * Simplified LDAP Naming APIs
682 */
683int __ns_ldap_list(
684	const char *service,
685	const char *filter,
686	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
687			char **realfilter, const void *userdata),
688	const char * const *attribute,
689	const ns_cred_t *cred,
690	const int flags,
691	ns_ldap_result_t ** result,
692	ns_ldap_error_t ** errorp,
693	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
694	const void *userdata);
695
696
697int __ns_ldap_list_sort(
698	const char *service,
699	const char *filter,
700	const char *sortattr,
701	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
702			char **realfilter, const void *userdata),
703	const char * const *attribute,
704	const ns_cred_t *cred,
705	const int flags,
706	ns_ldap_result_t ** result,
707	ns_ldap_error_t ** errorp,
708	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
709	const void *userdata);
710
711int __ns_ldap_list_batch_start(
712	ns_ldap_list_batch_t **batch);
713
714int __ns_ldap_list_batch_add(
715	ns_ldap_list_batch_t *batch,
716	const char *service,
717	const char *filter,
718	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
719			char **realfilter, const void *userdata),
720	const char * const *attribute,
721	const ns_cred_t *cred,
722	const int flags,
723	ns_ldap_result_t ** result,
724	ns_ldap_error_t ** errorp,
725	int *rcp,
726	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
727	const void *userdata);
728
729int __ns_ldap_list_batch_end(
730	ns_ldap_list_batch_t *batch);
731
732void __ns_ldap_list_batch_release(
733	ns_ldap_list_batch_t *batch);
734
735int  __ns_ldap_addAttr(
736	const char *service,
737	const char *dn,
738	const ns_ldap_attr_t * const *attr,
739	const ns_cred_t *cred,
740	const int flags,
741	ns_ldap_error_t **errorp);
742
743int __ns_ldap_delAttr(
744	const char *service,
745	const char *dn,
746	const ns_ldap_attr_t * const *attr,
747	const ns_cred_t *cred,
748	const int flags,
749	ns_ldap_error_t **errorp);
750
751int  __ns_ldap_repAttr(
752	const char *service,
753	const char *dn,
754	const ns_ldap_attr_t * const *attr,
755	const ns_cred_t *cred,
756	const int flags,
757	ns_ldap_error_t **errorp);
758
759int  __ns_ldap_addEntry(
760	const char *service,
761	const char *dn,
762	const ns_ldap_entry_t *entry,
763	const ns_cred_t *cred,
764	const int flags,
765	ns_ldap_error_t **errorp);
766
767int  __ns_ldap_addTypedEntry(
768	const char *servicetype,
769	const char *basedn,
770	const void *data,
771	const int  create,
772	const ns_cred_t *cred,
773	const int flags,
774	ns_ldap_error_t **errorp);
775
776int __ns_ldap_delEntry(
777	const char *service,
778	const char *dn,
779	const ns_cred_t *cred,
780	const int flags,
781	ns_ldap_error_t **errorp);
782
783int __ns_ldap_firstEntry(
784	const char *service,
785	const char *filter,
786	const char *sortattr,
787	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
788			char **realfilter, const void *userdata),
789	const char * const *attribute,
790	const ns_cred_t *cred,
791	const int flags,
792	void **cookie,
793	ns_ldap_result_t ** result,
794	ns_ldap_error_t **errorp,
795	const void *userdata);
796
797int  __ns_ldap_nextEntry(
798	void *cookie,
799	ns_ldap_result_t ** result,
800	ns_ldap_error_t **errorp);
801
802int  __ns_ldap_endEntry(
803	void **cookie,
804	ns_ldap_error_t **errorp);
805
806int __ns_ldap_freeResult(
807	ns_ldap_result_t **result);
808
809int __ns_ldap_freeError(
810	ns_ldap_error_t **errorp);
811
812int  __ns_ldap_uid2dn(
813	const char *uid,
814	char **userDN,
815	const ns_cred_t *cred,
816	ns_ldap_error_t ** errorp);
817
818int  __ns_ldap_dn2uid(
819	const char *dn,
820	char **userID,
821	const ns_cred_t *cred,
822	ns_ldap_error_t ** errorp);
823
824int  __ns_ldap_host2dn(
825	const char *host,
826	const char *domain,
827	char **hostDN,
828	const ns_cred_t *cred,
829	ns_ldap_error_t ** errorp);
830
831int  __ns_ldap_dn2domain(
832	const char *dn,
833	char **domain,
834	const ns_cred_t *cred,
835	ns_ldap_error_t ** errorp);
836
837int __ns_ldap_auth(
838	const ns_cred_t *cred,
839	const int flag,
840	ns_ldap_error_t **errorp,
841	LDAPControl **serverctrls,
842	LDAPControl **clientctrls);
843
844int __ns_ldap_freeCred(
845	ns_cred_t **credp);
846
847int __ns_ldap_err2str(
848	int err,
849	char **strmsg);
850
851int __ns_ldap_setParam(
852	const ParamIndexType type,
853	const void *data,
854	ns_ldap_error_t **errorp);
855
856int __ns_ldap_getParam(
857	const ParamIndexType type,
858	void ***data,
859	ns_ldap_error_t **errorp);
860
861int __ns_ldap_freeParam(
862	void ***data);
863
864char **__ns_ldap_getAttr(
865	const ns_ldap_entry_t *entry,
866	const char *attrname);
867
868ns_ldap_attr_t	*__ns_ldap_getAttrStruct(
869	const ns_ldap_entry_t *entry,
870	const char *attrname);
871
872int __ns_ldap_getServiceAuthMethods(
873	const char *service,
874	ns_auth_t ***auth,
875	ns_ldap_error_t **errorp);
876
877int __ns_ldap_getSearchDescriptors(
878	const char *service,
879	ns_ldap_search_desc_t ***desc,
880	ns_ldap_error_t **errorp);
881
882int __ns_ldap_freeSearchDescriptors(
883	ns_ldap_search_desc_t ***desc);
884
885int __ns_ldap_getAttributeMaps(
886	const char *service,
887	ns_ldap_attribute_map_t ***maps,
888	ns_ldap_error_t **errorp);
889
890int __ns_ldap_freeAttributeMaps(
891	ns_ldap_attribute_map_t ***maps);
892
893char **__ns_ldap_getMappedAttributes(
894	const char *service,
895	const char *origAttribute);
896
897char **__ns_ldap_getOrigAttribute(
898	const char *service,
899	const char *mappedAttribute);
900
901int __ns_ldap_getObjectClassMaps(
902	const char *service,
903	ns_ldap_objectclass_map_t ***maps,
904	ns_ldap_error_t **errorp);
905
906int __ns_ldap_freeObjectClassMaps(
907	ns_ldap_objectclass_map_t ***maps);
908
909char **__ns_ldap_getMappedObjectClass(
910	const char *service,
911	const char *origObjectClass);
912
913char **__ns_ldap_getOrigObjectClass(
914	const char *service,
915	const char *mappedObjectClass);
916
917int __ns_ldap_getParamType(
918	const char *value,
919	ParamIndexType *type);
920
921int __ns_ldap_getAcctMgmt(
922	const char *user,
923	AcctUsableResponse_t *acctResp);
924
925boolean_t __ns_ldap_is_shadow_update_enabled(void);
926
927void
928__ns_ldap_self_gssapi_only_set(
929	int flag);
930int
931__ns_ldap_self_gssapi_config(
932	ns_ldap_self_gssapi_config_t *config);
933#ifdef __cplusplus
934}
935#endif
936
937#endif /* _NS_SLDAP_H */
938