1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate 28*7c478bd9Sstevel@tonic-gate #ifndef _NS_SLDAP_H 29*7c478bd9Sstevel@tonic-gate #define _NS_SLDAP_H 30*7c478bd9Sstevel@tonic-gate 31*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 32*7c478bd9Sstevel@tonic-gate 33*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 34*7c478bd9Sstevel@tonic-gate extern "C" { 35*7c478bd9Sstevel@tonic-gate #endif 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate #include <stdio.h> 38*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 39*7c478bd9Sstevel@tonic-gate #include <lber.h> 40*7c478bd9Sstevel@tonic-gate #include <ldap.h> 41*7c478bd9Sstevel@tonic-gate 42*7c478bd9Sstevel@tonic-gate /* 43*7c478bd9Sstevel@tonic-gate * Version 44*7c478bd9Sstevel@tonic-gate */ 45*7c478bd9Sstevel@tonic-gate #define NS_LDAP_VERSION NS_LDAP_VERSION_2 46*7c478bd9Sstevel@tonic-gate #define NS_LDAP_VERSION_1 "1.0" 47*7c478bd9Sstevel@tonic-gate #define NS_LDAP_VERSION_2 "2.0" 48*7c478bd9Sstevel@tonic-gate 49*7c478bd9Sstevel@tonic-gate /* 50*7c478bd9Sstevel@tonic-gate * Flags 51*7c478bd9Sstevel@tonic-gate */ 52*7c478bd9Sstevel@tonic-gate #define NS_LDAP_HARD 0x001 53*7c478bd9Sstevel@tonic-gate #define NS_LDAP_ALL_RES 0x002 54*7c478bd9Sstevel@tonic-gate 55*7c478bd9Sstevel@tonic-gate /* Search Referral Option */ 56*7c478bd9Sstevel@tonic-gate typedef enum SearchRef { 57*7c478bd9Sstevel@tonic-gate NS_LDAP_FOLLOWREF = 0x004, 58*7c478bd9Sstevel@tonic-gate NS_LDAP_NOREF = 0x008 59*7c478bd9Sstevel@tonic-gate } SearchRef_t; 60*7c478bd9Sstevel@tonic-gate 61*7c478bd9Sstevel@tonic-gate typedef enum ScopeType { 62*7c478bd9Sstevel@tonic-gate NS_LDAP_SCOPE_BASE = 0x010, 63*7c478bd9Sstevel@tonic-gate NS_LDAP_SCOPE_ONELEVEL = 0x020, 64*7c478bd9Sstevel@tonic-gate NS_LDAP_SCOPE_SUBTREE = 0x040 65*7c478bd9Sstevel@tonic-gate } ScopeType_t; 66*7c478bd9Sstevel@tonic-gate 67*7c478bd9Sstevel@tonic-gate /* 68*7c478bd9Sstevel@tonic-gate * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST 69*7c478bd9Sstevel@tonic-gate * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF 70*7c478bd9Sstevel@tonic-gate * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS 71*7c478bd9Sstevel@tonic-gate * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER 72*7c478bd9Sstevel@tonic-gate */ 73*7c478bd9Sstevel@tonic-gate 74*7c478bd9Sstevel@tonic-gate #define NS_LDAP_KEEP_CONN 0x080 75*7c478bd9Sstevel@tonic-gate #define NS_LDAP_NEW_CONN 0x400 76*7c478bd9Sstevel@tonic-gate #define NS_LDAP_NOMAP 0x800 77*7c478bd9Sstevel@tonic-gate 78*7c478bd9Sstevel@tonic-gate #define NS_LDAP_PAGE_CTRL 0x1000 79*7c478bd9Sstevel@tonic-gate #define NS_LDAP_NO_PAGE_CTRL 0x0000 80*7c478bd9Sstevel@tonic-gate 81*7c478bd9Sstevel@tonic-gate /* 82*7c478bd9Sstevel@tonic-gate * Authentication Information 83*7c478bd9Sstevel@tonic-gate */ 84*7c478bd9Sstevel@tonic-gate typedef enum CredLevel { 85*7c478bd9Sstevel@tonic-gate NS_LDAP_CRED_ANON = 0, 86*7c478bd9Sstevel@tonic-gate NS_LDAP_CRED_PROXY = 1, 87*7c478bd9Sstevel@tonic-gate NS_LDAP_CRED_SELF = 2 /* currently not supported */ 88*7c478bd9Sstevel@tonic-gate } CredLevel_t; 89*7c478bd9Sstevel@tonic-gate 90*7c478bd9Sstevel@tonic-gate typedef enum AuthType { 91*7c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_NONE = 0, 92*7c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_SIMPLE = 1, 93*7c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_SASL = 2, 94*7c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_TLS = 3, /* implied SASL usage */ 95*7c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_ATLS = 4 /* implied SASL usage */ 96*7c478bd9Sstevel@tonic-gate } AuthType_t; 97*7c478bd9Sstevel@tonic-gate 98*7c478bd9Sstevel@tonic-gate typedef enum TlsType { 99*7c478bd9Sstevel@tonic-gate NS_LDAP_TLS_NONE = 0, 100*7c478bd9Sstevel@tonic-gate NS_LDAP_TLS_SIMPLE = 1, 101*7c478bd9Sstevel@tonic-gate NS_LDAP_TLS_SASL = 2 102*7c478bd9Sstevel@tonic-gate } TlsType_t; 103*7c478bd9Sstevel@tonic-gate 104*7c478bd9Sstevel@tonic-gate typedef enum SaslMech { 105*7c478bd9Sstevel@tonic-gate NS_LDAP_SASL_NONE = 0, /* No SASL mechanism */ 106*7c478bd9Sstevel@tonic-gate NS_LDAP_SASL_CRAM_MD5 = 1, 107*7c478bd9Sstevel@tonic-gate NS_LDAP_SASL_DIGEST_MD5 = 2, 108*7c478bd9Sstevel@tonic-gate NS_LDAP_SASL_EXTERNAL = 3, /* currently not supported */ 109*7c478bd9Sstevel@tonic-gate NS_LDAP_SASL_GSSAPI = 4, /* currently not supported */ 110*7c478bd9Sstevel@tonic-gate NS_LDAP_SASL_SPNEGO = 5 /* currently not supported */ 111*7c478bd9Sstevel@tonic-gate } SaslMech_t; 112*7c478bd9Sstevel@tonic-gate 113*7c478bd9Sstevel@tonic-gate typedef enum SaslOpt { 114*7c478bd9Sstevel@tonic-gate NS_LDAP_SASLOPT_NONE = 0, 115*7c478bd9Sstevel@tonic-gate NS_LDAP_SASLOPT_INT = 1, /* currently not supported */ 116*7c478bd9Sstevel@tonic-gate NS_LDAP_SASLOPT_PRIV = 2 /* currently not supported */ 117*7c478bd9Sstevel@tonic-gate } SaslOpt_t; 118*7c478bd9Sstevel@tonic-gate 119*7c478bd9Sstevel@tonic-gate typedef enum PrefOnly { 120*7c478bd9Sstevel@tonic-gate NS_LDAP_PREF_FALSE = 0, 121*7c478bd9Sstevel@tonic-gate NS_LDAP_PREF_TRUE = 1 122*7c478bd9Sstevel@tonic-gate } PrefOnly_t; 123*7c478bd9Sstevel@tonic-gate 124*7c478bd9Sstevel@tonic-gate typedef struct UnixCred { 125*7c478bd9Sstevel@tonic-gate char *userID; /* Unix ID number */ 126*7c478bd9Sstevel@tonic-gate char *passwd; /* password */ 127*7c478bd9Sstevel@tonic-gate } UnixCred_t; 128*7c478bd9Sstevel@tonic-gate 129*7c478bd9Sstevel@tonic-gate typedef struct CertCred { 130*7c478bd9Sstevel@tonic-gate char *path; /* certificate path */ 131*7c478bd9Sstevel@tonic-gate char *passwd; /* password */ 132*7c478bd9Sstevel@tonic-gate char *nickname; /* nickname */ 133*7c478bd9Sstevel@tonic-gate } CertCred_t; 134*7c478bd9Sstevel@tonic-gate 135*7c478bd9Sstevel@tonic-gate typedef struct ns_auth { 136*7c478bd9Sstevel@tonic-gate AuthType_t type; 137*7c478bd9Sstevel@tonic-gate TlsType_t tlstype; 138*7c478bd9Sstevel@tonic-gate SaslMech_t saslmech; 139*7c478bd9Sstevel@tonic-gate SaslOpt_t saslopt; 140*7c478bd9Sstevel@tonic-gate } ns_auth_t; 141*7c478bd9Sstevel@tonic-gate 142*7c478bd9Sstevel@tonic-gate typedef struct ns_cred { 143*7c478bd9Sstevel@tonic-gate ns_auth_t auth; 144*7c478bd9Sstevel@tonic-gate char *hostcertpath; 145*7c478bd9Sstevel@tonic-gate union { 146*7c478bd9Sstevel@tonic-gate UnixCred_t unix_cred; 147*7c478bd9Sstevel@tonic-gate CertCred_t cert_cred; 148*7c478bd9Sstevel@tonic-gate } cred; 149*7c478bd9Sstevel@tonic-gate } ns_cred_t; 150*7c478bd9Sstevel@tonic-gate 151*7c478bd9Sstevel@tonic-gate 152*7c478bd9Sstevel@tonic-gate typedef struct LineBuf { 153*7c478bd9Sstevel@tonic-gate char *str; 154*7c478bd9Sstevel@tonic-gate int len; 155*7c478bd9Sstevel@tonic-gate int alloc; 156*7c478bd9Sstevel@tonic-gate } LineBuf; 157*7c478bd9Sstevel@tonic-gate 158*7c478bd9Sstevel@tonic-gate /* 159*7c478bd9Sstevel@tonic-gate * Configuration Information 160*7c478bd9Sstevel@tonic-gate */ 161*7c478bd9Sstevel@tonic-gate 162*7c478bd9Sstevel@tonic-gate typedef enum { 163*7c478bd9Sstevel@tonic-gate NS_LDAP_FILE_VERSION_P = 0, 164*7c478bd9Sstevel@tonic-gate NS_LDAP_BINDDN_P = 1, 165*7c478bd9Sstevel@tonic-gate NS_LDAP_BINDPASSWD_P = 2, 166*7c478bd9Sstevel@tonic-gate NS_LDAP_SERVERS_P = 3, 167*7c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_BASEDN_P = 4, 168*7c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_P = 5, 169*7c478bd9Sstevel@tonic-gate /* 170*7c478bd9Sstevel@tonic-gate * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility 171*7c478bd9Sstevel@tonic-gate * with version 1 clients and their configuration files. The only 172*7c478bd9Sstevel@tonic-gate * supported value is NS_LDAP_SEC_NONE. No application should be 173*7c478bd9Sstevel@tonic-gate * using this parameter type (either through getParam or setParam. 174*7c478bd9Sstevel@tonic-gate */ 175*7c478bd9Sstevel@tonic-gate NS_LDAP_TRANSPORT_SEC_P = 6, 176*7c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_REF_P = 7, 177*7c478bd9Sstevel@tonic-gate NS_LDAP_DOMAIN_P = 8, 178*7c478bd9Sstevel@tonic-gate NS_LDAP_EXP_P = 9, 179*7c478bd9Sstevel@tonic-gate NS_LDAP_CERT_PATH_P = 10, 180*7c478bd9Sstevel@tonic-gate NS_LDAP_CERT_PASS_P = 11, 181*7c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_DN_P = 12, 182*7c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_SCOPE_P = 13, 183*7c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_TIME_P = 14, 184*7c478bd9Sstevel@tonic-gate NS_LDAP_SERVER_PREF_P = 15, 185*7c478bd9Sstevel@tonic-gate NS_LDAP_PREF_ONLY_P = 16, 186*7c478bd9Sstevel@tonic-gate NS_LDAP_CACHETTL_P = 17, 187*7c478bd9Sstevel@tonic-gate NS_LDAP_PROFILE_P = 18, 188*7c478bd9Sstevel@tonic-gate NS_LDAP_CREDENTIAL_LEVEL_P = 19, 189*7c478bd9Sstevel@tonic-gate NS_LDAP_SERVICE_SEARCH_DESC_P = 20, 190*7c478bd9Sstevel@tonic-gate NS_LDAP_BIND_TIME_P = 21, 191*7c478bd9Sstevel@tonic-gate NS_LDAP_ATTRIBUTEMAP_P = 22, 192*7c478bd9Sstevel@tonic-gate NS_LDAP_OBJECTCLASSMAP_P = 23, 193*7c478bd9Sstevel@tonic-gate NS_LDAP_CERT_NICKNAME_P = 24, 194*7c478bd9Sstevel@tonic-gate NS_LDAP_SERVICE_AUTH_METHOD_P = 25, 195*7c478bd9Sstevel@tonic-gate NS_LDAP_SERVICE_CRED_LEVEL_P = 26, 196*7c478bd9Sstevel@tonic-gate NS_LDAP_HOST_CERTPATH_P = 27, 197*7c478bd9Sstevel@tonic-gate /* 198*7c478bd9Sstevel@tonic-gate * The following entry (max ParamIndexType) is an internal 199*7c478bd9Sstevel@tonic-gate * placeholder. It must be the last (and highest value) 200*7c478bd9Sstevel@tonic-gate * entry in this eNum. Please update accordingly. 201*7c478bd9Sstevel@tonic-gate */ 202*7c478bd9Sstevel@tonic-gate NS_LDAP_MAX_PIT_P = 28 203*7c478bd9Sstevel@tonic-gate 204*7c478bd9Sstevel@tonic-gate } ParamIndexType; 205*7c478bd9Sstevel@tonic-gate 206*7c478bd9Sstevel@tonic-gate /* 207*7c478bd9Sstevel@tonic-gate * __ns_ldap_*() return codes 208*7c478bd9Sstevel@tonic-gate */ 209*7c478bd9Sstevel@tonic-gate typedef enum { 210*7c478bd9Sstevel@tonic-gate NS_LDAP_SUCCESS = 0, /* success, no info in errorp */ 211*7c478bd9Sstevel@tonic-gate NS_LDAP_OP_FAILED = 1, /* failed operation, no info in errorp */ 212*7c478bd9Sstevel@tonic-gate NS_LDAP_NOTFOUND = 2, /* entry not found, no info in errorp */ 213*7c478bd9Sstevel@tonic-gate NS_LDAP_MEMORY = 3, /* memory failure, no info in errorp */ 214*7c478bd9Sstevel@tonic-gate NS_LDAP_CONFIG = 4, /* config problem, detail in errorp */ 215*7c478bd9Sstevel@tonic-gate NS_LDAP_PARTIAL = 5, /* partial result, detail in errorp */ 216*7c478bd9Sstevel@tonic-gate NS_LDAP_INTERNAL = 7, /* LDAP error, detail in errorp */ 217*7c478bd9Sstevel@tonic-gate NS_LDAP_INVALID_PARAM = 8, /* LDAP error, no info in errorp */ 218*7c478bd9Sstevel@tonic-gate NS_LDAP_SUCCESS_WITH_INFO 219*7c478bd9Sstevel@tonic-gate = 9 /* success, with info in errorp */ 220*7c478bd9Sstevel@tonic-gate } ns_ldap_return_code; 221*7c478bd9Sstevel@tonic-gate 222*7c478bd9Sstevel@tonic-gate /* 223*7c478bd9Sstevel@tonic-gate * Detailed error code for NS_LDAP_CONFIG 224*7c478bd9Sstevel@tonic-gate */ 225*7c478bd9Sstevel@tonic-gate typedef enum { 226*7c478bd9Sstevel@tonic-gate NS_CONFIG_SYNTAX = 0, /* syntax error */ 227*7c478bd9Sstevel@tonic-gate NS_CONFIG_NODEFAULT = 1, /* no default value */ 228*7c478bd9Sstevel@tonic-gate NS_CONFIG_NOTLOADED = 2, /* configuration not loaded */ 229*7c478bd9Sstevel@tonic-gate NS_CONFIG_NOTALLOW = 3, /* operation requested not allowed */ 230*7c478bd9Sstevel@tonic-gate NS_CONFIG_FILE = 4, /* configuration file problem */ 231*7c478bd9Sstevel@tonic-gate NS_CONFIG_CACHEMGR = 5 /* error with door to ldap_cachemgr */ 232*7c478bd9Sstevel@tonic-gate } ns_ldap_config_return_code; 233*7c478bd9Sstevel@tonic-gate 234*7c478bd9Sstevel@tonic-gate /* 235*7c478bd9Sstevel@tonic-gate * Detailed error code for NS_LDAP_PARTIAL 236*7c478bd9Sstevel@tonic-gate */ 237*7c478bd9Sstevel@tonic-gate typedef enum { 238*7c478bd9Sstevel@tonic-gate NS_PARTIAL_TIMEOUT = 0, /* partial results due to timeout */ 239*7c478bd9Sstevel@tonic-gate NS_PARTIAL_OTHER = 1 /* error encountered */ 240*7c478bd9Sstevel@tonic-gate } ns_ldap_partial_return_code; 241*7c478bd9Sstevel@tonic-gate 242*7c478bd9Sstevel@tonic-gate /* 243*7c478bd9Sstevel@tonic-gate * For use by __ns_ldap_addTypedEntry() for publickey serivicetype 244*7c478bd9Sstevel@tonic-gate */ 245*7c478bd9Sstevel@tonic-gate typedef enum { 246*7c478bd9Sstevel@tonic-gate NS_HOSTCRED_FALSE = 0, 247*7c478bd9Sstevel@tonic-gate NS_HOSTCRED_TRUE = 1 248*7c478bd9Sstevel@tonic-gate } hostcred_t; 249*7c478bd9Sstevel@tonic-gate 250*7c478bd9Sstevel@tonic-gate /* 251*7c478bd9Sstevel@tonic-gate * Detailed password status 252*7c478bd9Sstevel@tonic-gate */ 253*7c478bd9Sstevel@tonic-gate typedef enum { 254*7c478bd9Sstevel@tonic-gate NS_PASSWD_GOOD = 0, /* password is good */ 255*7c478bd9Sstevel@tonic-gate NS_PASSWD_ABOUT_TO_EXPIRE = 1, /* password is good but */ 256*7c478bd9Sstevel@tonic-gate /* about to expire */ 257*7c478bd9Sstevel@tonic-gate NS_PASSWD_CHANGE_NEEDED = 2, /* good but need to be */ 258*7c478bd9Sstevel@tonic-gate /* changed immediately */ 259*7c478bd9Sstevel@tonic-gate NS_PASSWD_EXPIRED = 3, /* password expired */ 260*7c478bd9Sstevel@tonic-gate NS_PASSWD_RETRY_EXCEEDED = 4, /* exceed retry limit; */ 261*7c478bd9Sstevel@tonic-gate /* account is locked */ 262*7c478bd9Sstevel@tonic-gate NS_PASSWD_CHANGE_NOT_ALLOWED = 5, /* can only be changed */ 263*7c478bd9Sstevel@tonic-gate /* by the administrator */ 264*7c478bd9Sstevel@tonic-gate NS_PASSWD_INVALID_SYNTAX = 6, /* can not be changed: */ 265*7c478bd9Sstevel@tonic-gate /* new password has */ 266*7c478bd9Sstevel@tonic-gate /* invalid syntax -- */ 267*7c478bd9Sstevel@tonic-gate /* same value as attr */ 268*7c478bd9Sstevel@tonic-gate /* cn, sn, uid, etc. */ 269*7c478bd9Sstevel@tonic-gate NS_PASSWD_TOO_SHORT = 7, /* can not be changed: */ 270*7c478bd9Sstevel@tonic-gate /* new password has */ 271*7c478bd9Sstevel@tonic-gate /* less chars than */ 272*7c478bd9Sstevel@tonic-gate /* required */ 273*7c478bd9Sstevel@tonic-gate NS_PASSWD_IN_HISTORY = 8, /* can not be changed: */ 274*7c478bd9Sstevel@tonic-gate /* reuse old password */ 275*7c478bd9Sstevel@tonic-gate NS_PASSWD_WITHIN_MIN_AGE = 9 /* can not be changed: */ 276*7c478bd9Sstevel@tonic-gate /* within minimum age */ 277*7c478bd9Sstevel@tonic-gate } ns_ldap_passwd_status_t; 278*7c478bd9Sstevel@tonic-gate 279*7c478bd9Sstevel@tonic-gate /* 280*7c478bd9Sstevel@tonic-gate * Password management information structure 281*7c478bd9Sstevel@tonic-gate */ 282*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_passwd_mgmt { 283*7c478bd9Sstevel@tonic-gate ns_ldap_passwd_status_t 284*7c478bd9Sstevel@tonic-gate status; /* password status */ 285*7c478bd9Sstevel@tonic-gate int sec_until_expired; /* seconds until expired, */ 286*7c478bd9Sstevel@tonic-gate /* valid if status is */ 287*7c478bd9Sstevel@tonic-gate /* NS_PASSWD_ABOUT_TO_EXPIRE */ 288*7c478bd9Sstevel@tonic-gate } ns_ldap_passwd_mgmt_t; 289*7c478bd9Sstevel@tonic-gate 290*7c478bd9Sstevel@tonic-gate 291*7c478bd9Sstevel@tonic-gate /* 292*7c478bd9Sstevel@tonic-gate * Simplified LDAP Naming API result structure 293*7c478bd9Sstevel@tonic-gate */ 294*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_error { 295*7c478bd9Sstevel@tonic-gate int status; /* LDAP error code */ 296*7c478bd9Sstevel@tonic-gate char *message; /* LDAP error message */ 297*7c478bd9Sstevel@tonic-gate ns_ldap_passwd_mgmt_t pwd_mgmt; /* LDAP password */ 298*7c478bd9Sstevel@tonic-gate /* management info */ 299*7c478bd9Sstevel@tonic-gate } ns_ldap_error_t; 300*7c478bd9Sstevel@tonic-gate 301*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_attr { 302*7c478bd9Sstevel@tonic-gate char *attrname; /* attribute name */ 303*7c478bd9Sstevel@tonic-gate uint_t value_count; 304*7c478bd9Sstevel@tonic-gate char **attrvalue; /* attribute values */ 305*7c478bd9Sstevel@tonic-gate } ns_ldap_attr_t; 306*7c478bd9Sstevel@tonic-gate 307*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_entry { 308*7c478bd9Sstevel@tonic-gate uint_t attr_count; /* number of attributes */ 309*7c478bd9Sstevel@tonic-gate ns_ldap_attr_t **attr_pair; /* attributes pairs */ 310*7c478bd9Sstevel@tonic-gate struct ns_ldap_entry *next; /* next entry */ 311*7c478bd9Sstevel@tonic-gate } ns_ldap_entry_t; 312*7c478bd9Sstevel@tonic-gate 313*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_result { 314*7c478bd9Sstevel@tonic-gate uint_t entries_count; /* number of entries */ 315*7c478bd9Sstevel@tonic-gate ns_ldap_entry_t *entry; /* data */ 316*7c478bd9Sstevel@tonic-gate } ns_ldap_result_t; 317*7c478bd9Sstevel@tonic-gate 318*7c478bd9Sstevel@tonic-gate /* 319*7c478bd9Sstevel@tonic-gate * structures for the conversion routines used by typedAddEntry() 320*7c478bd9Sstevel@tonic-gate */ 321*7c478bd9Sstevel@tonic-gate 322*7c478bd9Sstevel@tonic-gate typedef struct _ns_netgroups { 323*7c478bd9Sstevel@tonic-gate char *name; 324*7c478bd9Sstevel@tonic-gate char **triplet; 325*7c478bd9Sstevel@tonic-gate char **netgroup; 326*7c478bd9Sstevel@tonic-gate } _ns_netgroups_t; 327*7c478bd9Sstevel@tonic-gate 328*7c478bd9Sstevel@tonic-gate typedef struct _ns_netmasks { 329*7c478bd9Sstevel@tonic-gate char *netnumber; 330*7c478bd9Sstevel@tonic-gate char *netmask; 331*7c478bd9Sstevel@tonic-gate } _ns_netmasks_t; 332*7c478bd9Sstevel@tonic-gate 333*7c478bd9Sstevel@tonic-gate typedef struct _ns_bootp { 334*7c478bd9Sstevel@tonic-gate char *name; 335*7c478bd9Sstevel@tonic-gate char **param; 336*7c478bd9Sstevel@tonic-gate } _ns_bootp_t; 337*7c478bd9Sstevel@tonic-gate 338*7c478bd9Sstevel@tonic-gate typedef struct _ns_ethers { 339*7c478bd9Sstevel@tonic-gate char *name; 340*7c478bd9Sstevel@tonic-gate char *ether; 341*7c478bd9Sstevel@tonic-gate } _ns_ethers_t; 342*7c478bd9Sstevel@tonic-gate 343*7c478bd9Sstevel@tonic-gate typedef struct _ns_pubkey { 344*7c478bd9Sstevel@tonic-gate char *name; 345*7c478bd9Sstevel@tonic-gate hostcred_t hostcred; 346*7c478bd9Sstevel@tonic-gate char *pubkey; 347*7c478bd9Sstevel@tonic-gate char *privkey; 348*7c478bd9Sstevel@tonic-gate } _ns_pubkey_t; 349*7c478bd9Sstevel@tonic-gate 350*7c478bd9Sstevel@tonic-gate typedef struct _ns_alias { 351*7c478bd9Sstevel@tonic-gate char *alias; 352*7c478bd9Sstevel@tonic-gate char **member; 353*7c478bd9Sstevel@tonic-gate } _ns_alias_t; 354*7c478bd9Sstevel@tonic-gate 355*7c478bd9Sstevel@tonic-gate typedef struct _ns_automount { 356*7c478bd9Sstevel@tonic-gate char *mapname; 357*7c478bd9Sstevel@tonic-gate char *key; 358*7c478bd9Sstevel@tonic-gate char *value; 359*7c478bd9Sstevel@tonic-gate } _ns_automount_t; 360*7c478bd9Sstevel@tonic-gate 361*7c478bd9Sstevel@tonic-gate /* 362*7c478bd9Sstevel@tonic-gate * return values for the callback function in __ns_ldap_list() 363*7c478bd9Sstevel@tonic-gate */ 364*7c478bd9Sstevel@tonic-gate #define NS_LDAP_CB_NEXT 0 /* get the next entry */ 365*7c478bd9Sstevel@tonic-gate #define NS_LDAP_CB_DONE 1 /* done */ 366*7c478bd9Sstevel@tonic-gate 367*7c478bd9Sstevel@tonic-gate /* 368*7c478bd9Sstevel@tonic-gate * Input values for the type specified in __ns_ldap_addTypedEntry() 369*7c478bd9Sstevel@tonic-gate * and __ns_ldap_delTypedEntry() 370*7c478bd9Sstevel@tonic-gate */ 371*7c478bd9Sstevel@tonic-gate 372*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PASSWD "passwd" 373*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_GROUP "group" 374*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_HOSTS "hosts" 375*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_IPNODES "ipnodes" 376*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PROFILE "prof_attr" 377*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_RPC "rpc" 378*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PROTOCOLS "protocols" 379*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_NETWORKS "networks" 380*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_NETGROUP "netgroup" 381*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_ALIASES "aliases" 382*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_SERVICES "services" 383*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_ETHERS "ethers" 384*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_SHADOW "shadow" 385*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_NETMASKS "netmasks" 386*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_AUTHATTR "auth_attr" 387*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_EXECATTR "exec_attr" 388*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_USERATTR "user_attr" 389*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PROJECT "project" 390*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PUBLICKEY "publickey" 391*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_AUUSER "audit_user" 392*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_BOOTPARAMS "bootparams" 393*7c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_AUTOMOUNT "auto_" 394*7c478bd9Sstevel@tonic-gate 395*7c478bd9Sstevel@tonic-gate /* 396*7c478bd9Sstevel@tonic-gate * service descriptor/attribute mapping structure 397*7c478bd9Sstevel@tonic-gate */ 398*7c478bd9Sstevel@tonic-gate 399*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_search_desc { 400*7c478bd9Sstevel@tonic-gate char *basedn; /* search base dn */ 401*7c478bd9Sstevel@tonic-gate ScopeType_t scope; /* search scope */ 402*7c478bd9Sstevel@tonic-gate char *filter; /* search filter */ 403*7c478bd9Sstevel@tonic-gate } ns_ldap_search_desc_t; 404*7c478bd9Sstevel@tonic-gate 405*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_attribute_map { 406*7c478bd9Sstevel@tonic-gate char *origAttr; /* original attribute */ 407*7c478bd9Sstevel@tonic-gate char **mappedAttr; /* mapped attribute(s) */ 408*7c478bd9Sstevel@tonic-gate } ns_ldap_attribute_map_t; 409*7c478bd9Sstevel@tonic-gate 410*7c478bd9Sstevel@tonic-gate typedef struct ns_ldap_objectclass_map { 411*7c478bd9Sstevel@tonic-gate char *origOC; /* original objectclass */ 412*7c478bd9Sstevel@tonic-gate char *mappedOC; /* mapped objectclass */ 413*7c478bd9Sstevel@tonic-gate } ns_ldap_objectclass_map_t; 414*7c478bd9Sstevel@tonic-gate 415*7c478bd9Sstevel@tonic-gate /* 416*7c478bd9Sstevel@tonic-gate * Simplified LDAP Naming APIs 417*7c478bd9Sstevel@tonic-gate */ 418*7c478bd9Sstevel@tonic-gate int __ns_ldap_list( 419*7c478bd9Sstevel@tonic-gate const char *service, 420*7c478bd9Sstevel@tonic-gate const char *filter, 421*7c478bd9Sstevel@tonic-gate int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 422*7c478bd9Sstevel@tonic-gate char **realfilter, const void *userdata), 423*7c478bd9Sstevel@tonic-gate const char * const *attribute, 424*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 425*7c478bd9Sstevel@tonic-gate const int flags, 426*7c478bd9Sstevel@tonic-gate ns_ldap_result_t ** result, 427*7c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp, 428*7c478bd9Sstevel@tonic-gate int (*callback)(const ns_ldap_entry_t *entry, const void *userdata), 429*7c478bd9Sstevel@tonic-gate const void *userdata); 430*7c478bd9Sstevel@tonic-gate 431*7c478bd9Sstevel@tonic-gate int __ns_ldap_addAttr( 432*7c478bd9Sstevel@tonic-gate const char *service, 433*7c478bd9Sstevel@tonic-gate const char *dn, 434*7c478bd9Sstevel@tonic-gate const ns_ldap_attr_t * const *attr, 435*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 436*7c478bd9Sstevel@tonic-gate const int flags, 437*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 438*7c478bd9Sstevel@tonic-gate 439*7c478bd9Sstevel@tonic-gate int __ns_ldap_delAttr( 440*7c478bd9Sstevel@tonic-gate const char *service, 441*7c478bd9Sstevel@tonic-gate const char *dn, 442*7c478bd9Sstevel@tonic-gate const ns_ldap_attr_t * const *attr, 443*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 444*7c478bd9Sstevel@tonic-gate const int flags, 445*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 446*7c478bd9Sstevel@tonic-gate 447*7c478bd9Sstevel@tonic-gate int __ns_ldap_repAttr( 448*7c478bd9Sstevel@tonic-gate const char *service, 449*7c478bd9Sstevel@tonic-gate const char *dn, 450*7c478bd9Sstevel@tonic-gate const ns_ldap_attr_t * const *attr, 451*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 452*7c478bd9Sstevel@tonic-gate const int flags, 453*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 454*7c478bd9Sstevel@tonic-gate 455*7c478bd9Sstevel@tonic-gate int __ns_ldap_addEntry( 456*7c478bd9Sstevel@tonic-gate const char *service, 457*7c478bd9Sstevel@tonic-gate const char *dn, 458*7c478bd9Sstevel@tonic-gate const ns_ldap_entry_t *entry, 459*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 460*7c478bd9Sstevel@tonic-gate const int flags, 461*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 462*7c478bd9Sstevel@tonic-gate 463*7c478bd9Sstevel@tonic-gate int __ns_ldap_addTypedEntry( 464*7c478bd9Sstevel@tonic-gate const char *servicetype, 465*7c478bd9Sstevel@tonic-gate const char *basedn, 466*7c478bd9Sstevel@tonic-gate const void *data, 467*7c478bd9Sstevel@tonic-gate const int create, 468*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 469*7c478bd9Sstevel@tonic-gate const int flags, 470*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 471*7c478bd9Sstevel@tonic-gate 472*7c478bd9Sstevel@tonic-gate int __ns_ldap_delEntry( 473*7c478bd9Sstevel@tonic-gate const char *service, 474*7c478bd9Sstevel@tonic-gate const char *dn, 475*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 476*7c478bd9Sstevel@tonic-gate const int flags, 477*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 478*7c478bd9Sstevel@tonic-gate 479*7c478bd9Sstevel@tonic-gate int __ns_ldap_firstEntry( 480*7c478bd9Sstevel@tonic-gate const char *service, 481*7c478bd9Sstevel@tonic-gate const char *filter, 482*7c478bd9Sstevel@tonic-gate int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 483*7c478bd9Sstevel@tonic-gate char **realfilter, const void *userdata), 484*7c478bd9Sstevel@tonic-gate const char * const *attribute, 485*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 486*7c478bd9Sstevel@tonic-gate const int flags, 487*7c478bd9Sstevel@tonic-gate void **cookie, 488*7c478bd9Sstevel@tonic-gate ns_ldap_result_t ** result, 489*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp, 490*7c478bd9Sstevel@tonic-gate const void *userdata); 491*7c478bd9Sstevel@tonic-gate 492*7c478bd9Sstevel@tonic-gate int __ns_ldap_nextEntry( 493*7c478bd9Sstevel@tonic-gate void *cookie, 494*7c478bd9Sstevel@tonic-gate ns_ldap_result_t ** result, 495*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 496*7c478bd9Sstevel@tonic-gate 497*7c478bd9Sstevel@tonic-gate int __ns_ldap_endEntry( 498*7c478bd9Sstevel@tonic-gate void **cookie, 499*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 500*7c478bd9Sstevel@tonic-gate 501*7c478bd9Sstevel@tonic-gate int __ns_ldap_freeResult( 502*7c478bd9Sstevel@tonic-gate ns_ldap_result_t **result); 503*7c478bd9Sstevel@tonic-gate 504*7c478bd9Sstevel@tonic-gate int __ns_ldap_freeError( 505*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 506*7c478bd9Sstevel@tonic-gate 507*7c478bd9Sstevel@tonic-gate int __ns_ldap_uid2dn( 508*7c478bd9Sstevel@tonic-gate const char *uid, 509*7c478bd9Sstevel@tonic-gate char **userDN, 510*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 511*7c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 512*7c478bd9Sstevel@tonic-gate 513*7c478bd9Sstevel@tonic-gate int __ns_ldap_host2dn( 514*7c478bd9Sstevel@tonic-gate const char *host, 515*7c478bd9Sstevel@tonic-gate const char *domain, 516*7c478bd9Sstevel@tonic-gate char **hostDN, 517*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 518*7c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 519*7c478bd9Sstevel@tonic-gate 520*7c478bd9Sstevel@tonic-gate int __ns_ldap_dn2domain( 521*7c478bd9Sstevel@tonic-gate const char *dn, 522*7c478bd9Sstevel@tonic-gate char **domain, 523*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 524*7c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 525*7c478bd9Sstevel@tonic-gate 526*7c478bd9Sstevel@tonic-gate int __ns_ldap_auth( 527*7c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 528*7c478bd9Sstevel@tonic-gate const int flag, 529*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp, 530*7c478bd9Sstevel@tonic-gate LDAPControl **serverctrls, 531*7c478bd9Sstevel@tonic-gate LDAPControl **clientctrls); 532*7c478bd9Sstevel@tonic-gate 533*7c478bd9Sstevel@tonic-gate int __ns_ldap_freeCred( 534*7c478bd9Sstevel@tonic-gate ns_cred_t **credp); 535*7c478bd9Sstevel@tonic-gate 536*7c478bd9Sstevel@tonic-gate int __ns_ldap_err2str( 537*7c478bd9Sstevel@tonic-gate int err, 538*7c478bd9Sstevel@tonic-gate char **strmsg); 539*7c478bd9Sstevel@tonic-gate 540*7c478bd9Sstevel@tonic-gate int __ns_ldap_setParam( 541*7c478bd9Sstevel@tonic-gate const ParamIndexType type, 542*7c478bd9Sstevel@tonic-gate const void *data, 543*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 544*7c478bd9Sstevel@tonic-gate 545*7c478bd9Sstevel@tonic-gate int __ns_ldap_getParam( 546*7c478bd9Sstevel@tonic-gate const ParamIndexType type, 547*7c478bd9Sstevel@tonic-gate void ***data, 548*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 549*7c478bd9Sstevel@tonic-gate 550*7c478bd9Sstevel@tonic-gate int __ns_ldap_freeParam( 551*7c478bd9Sstevel@tonic-gate void ***data); 552*7c478bd9Sstevel@tonic-gate 553*7c478bd9Sstevel@tonic-gate char **__ns_ldap_getAttr( 554*7c478bd9Sstevel@tonic-gate const ns_ldap_entry_t *entry, 555*7c478bd9Sstevel@tonic-gate const char *attrname); 556*7c478bd9Sstevel@tonic-gate 557*7c478bd9Sstevel@tonic-gate int __ns_ldap_getServiceAuthMethods( 558*7c478bd9Sstevel@tonic-gate const char *service, 559*7c478bd9Sstevel@tonic-gate ns_auth_t ***auth, 560*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 561*7c478bd9Sstevel@tonic-gate 562*7c478bd9Sstevel@tonic-gate int __ns_ldap_getSearchDescriptors( 563*7c478bd9Sstevel@tonic-gate const char *service, 564*7c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t ***desc, 565*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 566*7c478bd9Sstevel@tonic-gate 567*7c478bd9Sstevel@tonic-gate int __ns_ldap_freeSearchDescriptors( 568*7c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t ***desc); 569*7c478bd9Sstevel@tonic-gate 570*7c478bd9Sstevel@tonic-gate int __ns_ldap_getAttributeMaps( 571*7c478bd9Sstevel@tonic-gate const char *service, 572*7c478bd9Sstevel@tonic-gate ns_ldap_attribute_map_t ***maps, 573*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 574*7c478bd9Sstevel@tonic-gate 575*7c478bd9Sstevel@tonic-gate int __ns_ldap_freeAttributeMaps( 576*7c478bd9Sstevel@tonic-gate ns_ldap_attribute_map_t ***maps); 577*7c478bd9Sstevel@tonic-gate 578*7c478bd9Sstevel@tonic-gate char **__ns_ldap_getMappedAttributes( 579*7c478bd9Sstevel@tonic-gate const char *service, 580*7c478bd9Sstevel@tonic-gate const char *origAttribute); 581*7c478bd9Sstevel@tonic-gate 582*7c478bd9Sstevel@tonic-gate char **__ns_ldap_getOrigAttribute( 583*7c478bd9Sstevel@tonic-gate const char *service, 584*7c478bd9Sstevel@tonic-gate const char *mappedAttribute); 585*7c478bd9Sstevel@tonic-gate 586*7c478bd9Sstevel@tonic-gate int __ns_ldap_getObjectClassMaps( 587*7c478bd9Sstevel@tonic-gate const char *service, 588*7c478bd9Sstevel@tonic-gate ns_ldap_objectclass_map_t ***maps, 589*7c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 590*7c478bd9Sstevel@tonic-gate 591*7c478bd9Sstevel@tonic-gate int __ns_ldap_freeObjectClassMaps( 592*7c478bd9Sstevel@tonic-gate ns_ldap_objectclass_map_t ***maps); 593*7c478bd9Sstevel@tonic-gate 594*7c478bd9Sstevel@tonic-gate char **__ns_ldap_getMappedObjectClass( 595*7c478bd9Sstevel@tonic-gate const char *service, 596*7c478bd9Sstevel@tonic-gate const char *origObjectClass); 597*7c478bd9Sstevel@tonic-gate 598*7c478bd9Sstevel@tonic-gate char **__ns_ldap_getOrigObjectClass( 599*7c478bd9Sstevel@tonic-gate const char *service, 600*7c478bd9Sstevel@tonic-gate const char *mappedObjectClass); 601*7c478bd9Sstevel@tonic-gate 602*7c478bd9Sstevel@tonic-gate int __ns_ldap_getParamType( 603*7c478bd9Sstevel@tonic-gate const char *value, 604*7c478bd9Sstevel@tonic-gate ParamIndexType *type); 605*7c478bd9Sstevel@tonic-gate #ifdef __cplusplus 606*7c478bd9Sstevel@tonic-gate } 607*7c478bd9Sstevel@tonic-gate #endif 608*7c478bd9Sstevel@tonic-gate 609*7c478bd9Sstevel@tonic-gate #endif /* _NS_SLDAP_H */ 610