17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate * with the License. 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate * and limitations under the License. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * CDDL HEADER END 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate /* 23*f5c3c7a7Ssdussud * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #ifndef _NS_SLDAP_H 297c478bd9Sstevel@tonic-gate #define _NS_SLDAP_H 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 327c478bd9Sstevel@tonic-gate 337c478bd9Sstevel@tonic-gate #ifdef __cplusplus 347c478bd9Sstevel@tonic-gate extern "C" { 357c478bd9Sstevel@tonic-gate #endif 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate #include <stdio.h> 387c478bd9Sstevel@tonic-gate #include <sys/types.h> 397c478bd9Sstevel@tonic-gate #include <lber.h> 407c478bd9Sstevel@tonic-gate #include <ldap.h> 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate /* 437c478bd9Sstevel@tonic-gate * Version 447c478bd9Sstevel@tonic-gate */ 457c478bd9Sstevel@tonic-gate #define NS_LDAP_VERSION NS_LDAP_VERSION_2 467c478bd9Sstevel@tonic-gate #define NS_LDAP_VERSION_1 "1.0" 477c478bd9Sstevel@tonic-gate #define NS_LDAP_VERSION_2 "2.0" 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate /* 507c478bd9Sstevel@tonic-gate * Flags 517c478bd9Sstevel@tonic-gate */ 527c478bd9Sstevel@tonic-gate #define NS_LDAP_HARD 0x001 537c478bd9Sstevel@tonic-gate #define NS_LDAP_ALL_RES 0x002 547c478bd9Sstevel@tonic-gate 557c478bd9Sstevel@tonic-gate /* Search Referral Option */ 567c478bd9Sstevel@tonic-gate typedef enum SearchRef { 577c478bd9Sstevel@tonic-gate NS_LDAP_FOLLOWREF = 0x004, 587c478bd9Sstevel@tonic-gate NS_LDAP_NOREF = 0x008 597c478bd9Sstevel@tonic-gate } SearchRef_t; 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate typedef enum ScopeType { 627c478bd9Sstevel@tonic-gate NS_LDAP_SCOPE_BASE = 0x010, 637c478bd9Sstevel@tonic-gate NS_LDAP_SCOPE_ONELEVEL = 0x020, 647c478bd9Sstevel@tonic-gate NS_LDAP_SCOPE_SUBTREE = 0x040 657c478bd9Sstevel@tonic-gate } ScopeType_t; 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate /* 687c478bd9Sstevel@tonic-gate * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST 697c478bd9Sstevel@tonic-gate * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF 707c478bd9Sstevel@tonic-gate * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS 717c478bd9Sstevel@tonic-gate * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER 727c478bd9Sstevel@tonic-gate */ 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate #define NS_LDAP_KEEP_CONN 0x080 757c478bd9Sstevel@tonic-gate #define NS_LDAP_NEW_CONN 0x400 767c478bd9Sstevel@tonic-gate #define NS_LDAP_NOMAP 0x800 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate #define NS_LDAP_PAGE_CTRL 0x1000 797c478bd9Sstevel@tonic-gate #define NS_LDAP_NO_PAGE_CTRL 0x0000 807c478bd9Sstevel@tonic-gate 81*f5c3c7a7Ssdussud /* 82*f5c3c7a7Ssdussud * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used 83*f5c3c7a7Ssdussud * to retrieve the DN in LDAP and DN is not to be converted when 84*f5c3c7a7Ssdussud * being passed back to the application. See __ns_ldap_uid2dn() 85*f5c3c7a7Ssdussud * and __ns_ldap_host2dn() for such usage. 86*f5c3c7a7Ssdussud */ 87*f5c3c7a7Ssdussud #define NS_LDAP_NOT_CVT_DN 0x2000 88*f5c3c7a7Ssdussud 897c478bd9Sstevel@tonic-gate /* 907c478bd9Sstevel@tonic-gate * Authentication Information 917c478bd9Sstevel@tonic-gate */ 927c478bd9Sstevel@tonic-gate typedef enum CredLevel { 937c478bd9Sstevel@tonic-gate NS_LDAP_CRED_ANON = 0, 947c478bd9Sstevel@tonic-gate NS_LDAP_CRED_PROXY = 1, 957c478bd9Sstevel@tonic-gate NS_LDAP_CRED_SELF = 2 /* currently not supported */ 967c478bd9Sstevel@tonic-gate } CredLevel_t; 977c478bd9Sstevel@tonic-gate 987c478bd9Sstevel@tonic-gate typedef enum AuthType { 997c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_NONE = 0, 1007c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_SIMPLE = 1, 1017c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_SASL = 2, 1027c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_TLS = 3, /* implied SASL usage */ 1037c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_ATLS = 4 /* implied SASL usage */ 1047c478bd9Sstevel@tonic-gate } AuthType_t; 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate typedef enum TlsType { 1077c478bd9Sstevel@tonic-gate NS_LDAP_TLS_NONE = 0, 1087c478bd9Sstevel@tonic-gate NS_LDAP_TLS_SIMPLE = 1, 1097c478bd9Sstevel@tonic-gate NS_LDAP_TLS_SASL = 2 1107c478bd9Sstevel@tonic-gate } TlsType_t; 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate typedef enum SaslMech { 1137c478bd9Sstevel@tonic-gate NS_LDAP_SASL_NONE = 0, /* No SASL mechanism */ 1147c478bd9Sstevel@tonic-gate NS_LDAP_SASL_CRAM_MD5 = 1, 1157c478bd9Sstevel@tonic-gate NS_LDAP_SASL_DIGEST_MD5 = 2, 1167c478bd9Sstevel@tonic-gate NS_LDAP_SASL_EXTERNAL = 3, /* currently not supported */ 1177c478bd9Sstevel@tonic-gate NS_LDAP_SASL_GSSAPI = 4, /* currently not supported */ 1187c478bd9Sstevel@tonic-gate NS_LDAP_SASL_SPNEGO = 5 /* currently not supported */ 1197c478bd9Sstevel@tonic-gate } SaslMech_t; 1207c478bd9Sstevel@tonic-gate 1217c478bd9Sstevel@tonic-gate typedef enum SaslOpt { 1227c478bd9Sstevel@tonic-gate NS_LDAP_SASLOPT_NONE = 0, 1237c478bd9Sstevel@tonic-gate NS_LDAP_SASLOPT_INT = 1, /* currently not supported */ 1247c478bd9Sstevel@tonic-gate NS_LDAP_SASLOPT_PRIV = 2 /* currently not supported */ 1257c478bd9Sstevel@tonic-gate } SaslOpt_t; 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate typedef enum PrefOnly { 1287c478bd9Sstevel@tonic-gate NS_LDAP_PREF_FALSE = 0, 1297c478bd9Sstevel@tonic-gate NS_LDAP_PREF_TRUE = 1 1307c478bd9Sstevel@tonic-gate } PrefOnly_t; 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate typedef struct UnixCred { 1337c478bd9Sstevel@tonic-gate char *userID; /* Unix ID number */ 1347c478bd9Sstevel@tonic-gate char *passwd; /* password */ 1357c478bd9Sstevel@tonic-gate } UnixCred_t; 1367c478bd9Sstevel@tonic-gate 1377c478bd9Sstevel@tonic-gate typedef struct CertCred { 1387c478bd9Sstevel@tonic-gate char *path; /* certificate path */ 1397c478bd9Sstevel@tonic-gate char *passwd; /* password */ 1407c478bd9Sstevel@tonic-gate char *nickname; /* nickname */ 1417c478bd9Sstevel@tonic-gate } CertCred_t; 1427c478bd9Sstevel@tonic-gate 1437c478bd9Sstevel@tonic-gate typedef struct ns_auth { 1447c478bd9Sstevel@tonic-gate AuthType_t type; 1457c478bd9Sstevel@tonic-gate TlsType_t tlstype; 1467c478bd9Sstevel@tonic-gate SaslMech_t saslmech; 1477c478bd9Sstevel@tonic-gate SaslOpt_t saslopt; 1487c478bd9Sstevel@tonic-gate } ns_auth_t; 1497c478bd9Sstevel@tonic-gate 1507c478bd9Sstevel@tonic-gate typedef struct ns_cred { 1517c478bd9Sstevel@tonic-gate ns_auth_t auth; 1527c478bd9Sstevel@tonic-gate char *hostcertpath; 1537c478bd9Sstevel@tonic-gate union { 1547c478bd9Sstevel@tonic-gate UnixCred_t unix_cred; 1557c478bd9Sstevel@tonic-gate CertCred_t cert_cred; 1567c478bd9Sstevel@tonic-gate } cred; 1577c478bd9Sstevel@tonic-gate } ns_cred_t; 1587c478bd9Sstevel@tonic-gate 1597c478bd9Sstevel@tonic-gate 1607c478bd9Sstevel@tonic-gate typedef struct LineBuf { 1617c478bd9Sstevel@tonic-gate char *str; 1627c478bd9Sstevel@tonic-gate int len; 1637c478bd9Sstevel@tonic-gate int alloc; 1647c478bd9Sstevel@tonic-gate } LineBuf; 1657c478bd9Sstevel@tonic-gate 1667c478bd9Sstevel@tonic-gate /* 1677c478bd9Sstevel@tonic-gate * Configuration Information 1687c478bd9Sstevel@tonic-gate */ 1697c478bd9Sstevel@tonic-gate 1707c478bd9Sstevel@tonic-gate typedef enum { 1717c478bd9Sstevel@tonic-gate NS_LDAP_FILE_VERSION_P = 0, 1727c478bd9Sstevel@tonic-gate NS_LDAP_BINDDN_P = 1, 1737c478bd9Sstevel@tonic-gate NS_LDAP_BINDPASSWD_P = 2, 1747c478bd9Sstevel@tonic-gate NS_LDAP_SERVERS_P = 3, 1757c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_BASEDN_P = 4, 1767c478bd9Sstevel@tonic-gate NS_LDAP_AUTH_P = 5, 1777c478bd9Sstevel@tonic-gate /* 1787c478bd9Sstevel@tonic-gate * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility 1797c478bd9Sstevel@tonic-gate * with version 1 clients and their configuration files. The only 1807c478bd9Sstevel@tonic-gate * supported value is NS_LDAP_SEC_NONE. No application should be 1817c478bd9Sstevel@tonic-gate * using this parameter type (either through getParam or setParam. 1827c478bd9Sstevel@tonic-gate */ 1837c478bd9Sstevel@tonic-gate NS_LDAP_TRANSPORT_SEC_P = 6, 1847c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_REF_P = 7, 1857c478bd9Sstevel@tonic-gate NS_LDAP_DOMAIN_P = 8, 1867c478bd9Sstevel@tonic-gate NS_LDAP_EXP_P = 9, 1877c478bd9Sstevel@tonic-gate NS_LDAP_CERT_PATH_P = 10, 1887c478bd9Sstevel@tonic-gate NS_LDAP_CERT_PASS_P = 11, 1897c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_DN_P = 12, 1907c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_SCOPE_P = 13, 1917c478bd9Sstevel@tonic-gate NS_LDAP_SEARCH_TIME_P = 14, 1927c478bd9Sstevel@tonic-gate NS_LDAP_SERVER_PREF_P = 15, 1937c478bd9Sstevel@tonic-gate NS_LDAP_PREF_ONLY_P = 16, 1947c478bd9Sstevel@tonic-gate NS_LDAP_CACHETTL_P = 17, 1957c478bd9Sstevel@tonic-gate NS_LDAP_PROFILE_P = 18, 1967c478bd9Sstevel@tonic-gate NS_LDAP_CREDENTIAL_LEVEL_P = 19, 1977c478bd9Sstevel@tonic-gate NS_LDAP_SERVICE_SEARCH_DESC_P = 20, 1987c478bd9Sstevel@tonic-gate NS_LDAP_BIND_TIME_P = 21, 1997c478bd9Sstevel@tonic-gate NS_LDAP_ATTRIBUTEMAP_P = 22, 2007c478bd9Sstevel@tonic-gate NS_LDAP_OBJECTCLASSMAP_P = 23, 2017c478bd9Sstevel@tonic-gate NS_LDAP_CERT_NICKNAME_P = 24, 2027c478bd9Sstevel@tonic-gate NS_LDAP_SERVICE_AUTH_METHOD_P = 25, 2037c478bd9Sstevel@tonic-gate NS_LDAP_SERVICE_CRED_LEVEL_P = 26, 2047c478bd9Sstevel@tonic-gate NS_LDAP_HOST_CERTPATH_P = 27, 2057c478bd9Sstevel@tonic-gate /* 2067c478bd9Sstevel@tonic-gate * The following entry (max ParamIndexType) is an internal 2077c478bd9Sstevel@tonic-gate * placeholder. It must be the last (and highest value) 2087c478bd9Sstevel@tonic-gate * entry in this eNum. Please update accordingly. 2097c478bd9Sstevel@tonic-gate */ 2107c478bd9Sstevel@tonic-gate NS_LDAP_MAX_PIT_P = 28 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate } ParamIndexType; 2137c478bd9Sstevel@tonic-gate 2147c478bd9Sstevel@tonic-gate /* 2157c478bd9Sstevel@tonic-gate * __ns_ldap_*() return codes 2167c478bd9Sstevel@tonic-gate */ 2177c478bd9Sstevel@tonic-gate typedef enum { 2187c478bd9Sstevel@tonic-gate NS_LDAP_SUCCESS = 0, /* success, no info in errorp */ 2197c478bd9Sstevel@tonic-gate NS_LDAP_OP_FAILED = 1, /* failed operation, no info in errorp */ 2207c478bd9Sstevel@tonic-gate NS_LDAP_NOTFOUND = 2, /* entry not found, no info in errorp */ 2217c478bd9Sstevel@tonic-gate NS_LDAP_MEMORY = 3, /* memory failure, no info in errorp */ 2227c478bd9Sstevel@tonic-gate NS_LDAP_CONFIG = 4, /* config problem, detail in errorp */ 2237c478bd9Sstevel@tonic-gate NS_LDAP_PARTIAL = 5, /* partial result, detail in errorp */ 2247c478bd9Sstevel@tonic-gate NS_LDAP_INTERNAL = 7, /* LDAP error, detail in errorp */ 2257c478bd9Sstevel@tonic-gate NS_LDAP_INVALID_PARAM = 8, /* LDAP error, no info in errorp */ 2267c478bd9Sstevel@tonic-gate NS_LDAP_SUCCESS_WITH_INFO 2277c478bd9Sstevel@tonic-gate = 9 /* success, with info in errorp */ 2287c478bd9Sstevel@tonic-gate } ns_ldap_return_code; 2297c478bd9Sstevel@tonic-gate 2307c478bd9Sstevel@tonic-gate /* 2317c478bd9Sstevel@tonic-gate * Detailed error code for NS_LDAP_CONFIG 2327c478bd9Sstevel@tonic-gate */ 2337c478bd9Sstevel@tonic-gate typedef enum { 2347c478bd9Sstevel@tonic-gate NS_CONFIG_SYNTAX = 0, /* syntax error */ 2357c478bd9Sstevel@tonic-gate NS_CONFIG_NODEFAULT = 1, /* no default value */ 2367c478bd9Sstevel@tonic-gate NS_CONFIG_NOTLOADED = 2, /* configuration not loaded */ 2377c478bd9Sstevel@tonic-gate NS_CONFIG_NOTALLOW = 3, /* operation requested not allowed */ 2387c478bd9Sstevel@tonic-gate NS_CONFIG_FILE = 4, /* configuration file problem */ 2397c478bd9Sstevel@tonic-gate NS_CONFIG_CACHEMGR = 5 /* error with door to ldap_cachemgr */ 2407c478bd9Sstevel@tonic-gate } ns_ldap_config_return_code; 2417c478bd9Sstevel@tonic-gate 2427c478bd9Sstevel@tonic-gate /* 2437c478bd9Sstevel@tonic-gate * Detailed error code for NS_LDAP_PARTIAL 2447c478bd9Sstevel@tonic-gate */ 2457c478bd9Sstevel@tonic-gate typedef enum { 2467c478bd9Sstevel@tonic-gate NS_PARTIAL_TIMEOUT = 0, /* partial results due to timeout */ 2477c478bd9Sstevel@tonic-gate NS_PARTIAL_OTHER = 1 /* error encountered */ 2487c478bd9Sstevel@tonic-gate } ns_ldap_partial_return_code; 2497c478bd9Sstevel@tonic-gate 2507c478bd9Sstevel@tonic-gate /* 2517c478bd9Sstevel@tonic-gate * For use by __ns_ldap_addTypedEntry() for publickey serivicetype 2527c478bd9Sstevel@tonic-gate */ 2537c478bd9Sstevel@tonic-gate typedef enum { 2547c478bd9Sstevel@tonic-gate NS_HOSTCRED_FALSE = 0, 2557c478bd9Sstevel@tonic-gate NS_HOSTCRED_TRUE = 1 2567c478bd9Sstevel@tonic-gate } hostcred_t; 2577c478bd9Sstevel@tonic-gate 2587c478bd9Sstevel@tonic-gate /* 2597c478bd9Sstevel@tonic-gate * Detailed password status 2607c478bd9Sstevel@tonic-gate */ 2617c478bd9Sstevel@tonic-gate typedef enum { 2627c478bd9Sstevel@tonic-gate NS_PASSWD_GOOD = 0, /* password is good */ 2637c478bd9Sstevel@tonic-gate NS_PASSWD_ABOUT_TO_EXPIRE = 1, /* password is good but */ 2647c478bd9Sstevel@tonic-gate /* about to expire */ 2657c478bd9Sstevel@tonic-gate NS_PASSWD_CHANGE_NEEDED = 2, /* good but need to be */ 2667c478bd9Sstevel@tonic-gate /* changed immediately */ 2677c478bd9Sstevel@tonic-gate NS_PASSWD_EXPIRED = 3, /* password expired */ 2687c478bd9Sstevel@tonic-gate NS_PASSWD_RETRY_EXCEEDED = 4, /* exceed retry limit; */ 2697c478bd9Sstevel@tonic-gate /* account is locked */ 2707c478bd9Sstevel@tonic-gate NS_PASSWD_CHANGE_NOT_ALLOWED = 5, /* can only be changed */ 2717c478bd9Sstevel@tonic-gate /* by the administrator */ 2727c478bd9Sstevel@tonic-gate NS_PASSWD_INVALID_SYNTAX = 6, /* can not be changed: */ 2737c478bd9Sstevel@tonic-gate /* new password has */ 2747c478bd9Sstevel@tonic-gate /* invalid syntax -- */ 2757c478bd9Sstevel@tonic-gate /* same value as attr */ 2767c478bd9Sstevel@tonic-gate /* cn, sn, uid, etc. */ 2777c478bd9Sstevel@tonic-gate NS_PASSWD_TOO_SHORT = 7, /* can not be changed: */ 2787c478bd9Sstevel@tonic-gate /* new password has */ 2797c478bd9Sstevel@tonic-gate /* less chars than */ 2807c478bd9Sstevel@tonic-gate /* required */ 2817c478bd9Sstevel@tonic-gate NS_PASSWD_IN_HISTORY = 8, /* can not be changed: */ 2827c478bd9Sstevel@tonic-gate /* reuse old password */ 2837c478bd9Sstevel@tonic-gate NS_PASSWD_WITHIN_MIN_AGE = 9 /* can not be changed: */ 2847c478bd9Sstevel@tonic-gate /* within minimum age */ 2857c478bd9Sstevel@tonic-gate } ns_ldap_passwd_status_t; 2867c478bd9Sstevel@tonic-gate 2877c478bd9Sstevel@tonic-gate /* 2887c478bd9Sstevel@tonic-gate * Password management information structure 2897c478bd9Sstevel@tonic-gate */ 2907c478bd9Sstevel@tonic-gate typedef struct ns_ldap_passwd_mgmt { 2917c478bd9Sstevel@tonic-gate ns_ldap_passwd_status_t 2927c478bd9Sstevel@tonic-gate status; /* password status */ 2937c478bd9Sstevel@tonic-gate int sec_until_expired; /* seconds until expired, */ 2947c478bd9Sstevel@tonic-gate /* valid if status is */ 2957c478bd9Sstevel@tonic-gate /* NS_PASSWD_ABOUT_TO_EXPIRE */ 2967c478bd9Sstevel@tonic-gate } ns_ldap_passwd_mgmt_t; 2977c478bd9Sstevel@tonic-gate 2987c478bd9Sstevel@tonic-gate 2997c478bd9Sstevel@tonic-gate /* 3007c478bd9Sstevel@tonic-gate * Simplified LDAP Naming API result structure 3017c478bd9Sstevel@tonic-gate */ 3027c478bd9Sstevel@tonic-gate typedef struct ns_ldap_error { 3037c478bd9Sstevel@tonic-gate int status; /* LDAP error code */ 3047c478bd9Sstevel@tonic-gate char *message; /* LDAP error message */ 3057c478bd9Sstevel@tonic-gate ns_ldap_passwd_mgmt_t pwd_mgmt; /* LDAP password */ 3067c478bd9Sstevel@tonic-gate /* management info */ 3077c478bd9Sstevel@tonic-gate } ns_ldap_error_t; 3087c478bd9Sstevel@tonic-gate 3097c478bd9Sstevel@tonic-gate typedef struct ns_ldap_attr { 3107c478bd9Sstevel@tonic-gate char *attrname; /* attribute name */ 3117c478bd9Sstevel@tonic-gate uint_t value_count; 3127c478bd9Sstevel@tonic-gate char **attrvalue; /* attribute values */ 3137c478bd9Sstevel@tonic-gate } ns_ldap_attr_t; 3147c478bd9Sstevel@tonic-gate 3157c478bd9Sstevel@tonic-gate typedef struct ns_ldap_entry { 3167c478bd9Sstevel@tonic-gate uint_t attr_count; /* number of attributes */ 3177c478bd9Sstevel@tonic-gate ns_ldap_attr_t **attr_pair; /* attributes pairs */ 3187c478bd9Sstevel@tonic-gate struct ns_ldap_entry *next; /* next entry */ 3197c478bd9Sstevel@tonic-gate } ns_ldap_entry_t; 3207c478bd9Sstevel@tonic-gate 3217c478bd9Sstevel@tonic-gate typedef struct ns_ldap_result { 3227c478bd9Sstevel@tonic-gate uint_t entries_count; /* number of entries */ 3237c478bd9Sstevel@tonic-gate ns_ldap_entry_t *entry; /* data */ 3247c478bd9Sstevel@tonic-gate } ns_ldap_result_t; 3257c478bd9Sstevel@tonic-gate 3267c478bd9Sstevel@tonic-gate /* 3277c478bd9Sstevel@tonic-gate * structures for the conversion routines used by typedAddEntry() 3287c478bd9Sstevel@tonic-gate */ 3297c478bd9Sstevel@tonic-gate 3307c478bd9Sstevel@tonic-gate typedef struct _ns_netgroups { 3317c478bd9Sstevel@tonic-gate char *name; 3327c478bd9Sstevel@tonic-gate char **triplet; 3337c478bd9Sstevel@tonic-gate char **netgroup; 3347c478bd9Sstevel@tonic-gate } _ns_netgroups_t; 3357c478bd9Sstevel@tonic-gate 3367c478bd9Sstevel@tonic-gate typedef struct _ns_netmasks { 3377c478bd9Sstevel@tonic-gate char *netnumber; 3387c478bd9Sstevel@tonic-gate char *netmask; 3397c478bd9Sstevel@tonic-gate } _ns_netmasks_t; 3407c478bd9Sstevel@tonic-gate 3417c478bd9Sstevel@tonic-gate typedef struct _ns_bootp { 3427c478bd9Sstevel@tonic-gate char *name; 3437c478bd9Sstevel@tonic-gate char **param; 3447c478bd9Sstevel@tonic-gate } _ns_bootp_t; 3457c478bd9Sstevel@tonic-gate 3467c478bd9Sstevel@tonic-gate typedef struct _ns_ethers { 3477c478bd9Sstevel@tonic-gate char *name; 3487c478bd9Sstevel@tonic-gate char *ether; 3497c478bd9Sstevel@tonic-gate } _ns_ethers_t; 3507c478bd9Sstevel@tonic-gate 3517c478bd9Sstevel@tonic-gate typedef struct _ns_pubkey { 3527c478bd9Sstevel@tonic-gate char *name; 3537c478bd9Sstevel@tonic-gate hostcred_t hostcred; 3547c478bd9Sstevel@tonic-gate char *pubkey; 3557c478bd9Sstevel@tonic-gate char *privkey; 3567c478bd9Sstevel@tonic-gate } _ns_pubkey_t; 3577c478bd9Sstevel@tonic-gate 3587c478bd9Sstevel@tonic-gate typedef struct _ns_alias { 3597c478bd9Sstevel@tonic-gate char *alias; 3607c478bd9Sstevel@tonic-gate char **member; 3617c478bd9Sstevel@tonic-gate } _ns_alias_t; 3627c478bd9Sstevel@tonic-gate 3637c478bd9Sstevel@tonic-gate typedef struct _ns_automount { 3647c478bd9Sstevel@tonic-gate char *mapname; 3657c478bd9Sstevel@tonic-gate char *key; 3667c478bd9Sstevel@tonic-gate char *value; 3677c478bd9Sstevel@tonic-gate } _ns_automount_t; 3687c478bd9Sstevel@tonic-gate 3697c478bd9Sstevel@tonic-gate /* 3707c478bd9Sstevel@tonic-gate * return values for the callback function in __ns_ldap_list() 3717c478bd9Sstevel@tonic-gate */ 3727c478bd9Sstevel@tonic-gate #define NS_LDAP_CB_NEXT 0 /* get the next entry */ 3737c478bd9Sstevel@tonic-gate #define NS_LDAP_CB_DONE 1 /* done */ 3747c478bd9Sstevel@tonic-gate 3757c478bd9Sstevel@tonic-gate /* 3767c478bd9Sstevel@tonic-gate * Input values for the type specified in __ns_ldap_addTypedEntry() 3777c478bd9Sstevel@tonic-gate * and __ns_ldap_delTypedEntry() 3787c478bd9Sstevel@tonic-gate */ 3797c478bd9Sstevel@tonic-gate 3807c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PASSWD "passwd" 3817c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_GROUP "group" 3827c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_HOSTS "hosts" 3837c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_IPNODES "ipnodes" 3847c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PROFILE "prof_attr" 3857c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_RPC "rpc" 3867c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PROTOCOLS "protocols" 3877c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_NETWORKS "networks" 3887c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_NETGROUP "netgroup" 3897c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_ALIASES "aliases" 3907c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_SERVICES "services" 3917c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_ETHERS "ethers" 3927c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_SHADOW "shadow" 3937c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_NETMASKS "netmasks" 3947c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_AUTHATTR "auth_attr" 3957c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_EXECATTR "exec_attr" 3967c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_USERATTR "user_attr" 3977c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PROJECT "project" 3987c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_PUBLICKEY "publickey" 3997c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_AUUSER "audit_user" 4007c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_BOOTPARAMS "bootparams" 4017c478bd9Sstevel@tonic-gate #define NS_LDAP_TYPE_AUTOMOUNT "auto_" 4027c478bd9Sstevel@tonic-gate 4037c478bd9Sstevel@tonic-gate /* 4047c478bd9Sstevel@tonic-gate * service descriptor/attribute mapping structure 4057c478bd9Sstevel@tonic-gate */ 4067c478bd9Sstevel@tonic-gate 4077c478bd9Sstevel@tonic-gate typedef struct ns_ldap_search_desc { 4087c478bd9Sstevel@tonic-gate char *basedn; /* search base dn */ 4097c478bd9Sstevel@tonic-gate ScopeType_t scope; /* search scope */ 4107c478bd9Sstevel@tonic-gate char *filter; /* search filter */ 4117c478bd9Sstevel@tonic-gate } ns_ldap_search_desc_t; 4127c478bd9Sstevel@tonic-gate 4137c478bd9Sstevel@tonic-gate typedef struct ns_ldap_attribute_map { 4147c478bd9Sstevel@tonic-gate char *origAttr; /* original attribute */ 4157c478bd9Sstevel@tonic-gate char **mappedAttr; /* mapped attribute(s) */ 4167c478bd9Sstevel@tonic-gate } ns_ldap_attribute_map_t; 4177c478bd9Sstevel@tonic-gate 4187c478bd9Sstevel@tonic-gate typedef struct ns_ldap_objectclass_map { 4197c478bd9Sstevel@tonic-gate char *origOC; /* original objectclass */ 4207c478bd9Sstevel@tonic-gate char *mappedOC; /* mapped objectclass */ 4217c478bd9Sstevel@tonic-gate } ns_ldap_objectclass_map_t; 4227c478bd9Sstevel@tonic-gate 4237c478bd9Sstevel@tonic-gate /* 4247c478bd9Sstevel@tonic-gate * Simplified LDAP Naming APIs 4257c478bd9Sstevel@tonic-gate */ 4267c478bd9Sstevel@tonic-gate int __ns_ldap_list( 4277c478bd9Sstevel@tonic-gate const char *service, 4287c478bd9Sstevel@tonic-gate const char *filter, 4297c478bd9Sstevel@tonic-gate int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 4307c478bd9Sstevel@tonic-gate char **realfilter, const void *userdata), 4317c478bd9Sstevel@tonic-gate const char * const *attribute, 4327c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 4337c478bd9Sstevel@tonic-gate const int flags, 4347c478bd9Sstevel@tonic-gate ns_ldap_result_t ** result, 4357c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp, 4367c478bd9Sstevel@tonic-gate int (*callback)(const ns_ldap_entry_t *entry, const void *userdata), 4377c478bd9Sstevel@tonic-gate const void *userdata); 4387c478bd9Sstevel@tonic-gate 4397c478bd9Sstevel@tonic-gate int __ns_ldap_addAttr( 4407c478bd9Sstevel@tonic-gate const char *service, 4417c478bd9Sstevel@tonic-gate const char *dn, 4427c478bd9Sstevel@tonic-gate const ns_ldap_attr_t * const *attr, 4437c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 4447c478bd9Sstevel@tonic-gate const int flags, 4457c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 4467c478bd9Sstevel@tonic-gate 4477c478bd9Sstevel@tonic-gate int __ns_ldap_delAttr( 4487c478bd9Sstevel@tonic-gate const char *service, 4497c478bd9Sstevel@tonic-gate const char *dn, 4507c478bd9Sstevel@tonic-gate const ns_ldap_attr_t * const *attr, 4517c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 4527c478bd9Sstevel@tonic-gate const int flags, 4537c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 4547c478bd9Sstevel@tonic-gate 4557c478bd9Sstevel@tonic-gate int __ns_ldap_repAttr( 4567c478bd9Sstevel@tonic-gate const char *service, 4577c478bd9Sstevel@tonic-gate const char *dn, 4587c478bd9Sstevel@tonic-gate const ns_ldap_attr_t * const *attr, 4597c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 4607c478bd9Sstevel@tonic-gate const int flags, 4617c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 4627c478bd9Sstevel@tonic-gate 4637c478bd9Sstevel@tonic-gate int __ns_ldap_addEntry( 4647c478bd9Sstevel@tonic-gate const char *service, 4657c478bd9Sstevel@tonic-gate const char *dn, 4667c478bd9Sstevel@tonic-gate const ns_ldap_entry_t *entry, 4677c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 4687c478bd9Sstevel@tonic-gate const int flags, 4697c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 4707c478bd9Sstevel@tonic-gate 4717c478bd9Sstevel@tonic-gate int __ns_ldap_addTypedEntry( 4727c478bd9Sstevel@tonic-gate const char *servicetype, 4737c478bd9Sstevel@tonic-gate const char *basedn, 4747c478bd9Sstevel@tonic-gate const void *data, 4757c478bd9Sstevel@tonic-gate const int create, 4767c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 4777c478bd9Sstevel@tonic-gate const int flags, 4787c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 4797c478bd9Sstevel@tonic-gate 4807c478bd9Sstevel@tonic-gate int __ns_ldap_delEntry( 4817c478bd9Sstevel@tonic-gate const char *service, 4827c478bd9Sstevel@tonic-gate const char *dn, 4837c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 4847c478bd9Sstevel@tonic-gate const int flags, 4857c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 4867c478bd9Sstevel@tonic-gate 4877c478bd9Sstevel@tonic-gate int __ns_ldap_firstEntry( 4887c478bd9Sstevel@tonic-gate const char *service, 4897c478bd9Sstevel@tonic-gate const char *filter, 4907c478bd9Sstevel@tonic-gate int (*init_filter_cb)(const ns_ldap_search_desc_t *desc, 4917c478bd9Sstevel@tonic-gate char **realfilter, const void *userdata), 4927c478bd9Sstevel@tonic-gate const char * const *attribute, 4937c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 4947c478bd9Sstevel@tonic-gate const int flags, 4957c478bd9Sstevel@tonic-gate void **cookie, 4967c478bd9Sstevel@tonic-gate ns_ldap_result_t ** result, 4977c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp, 4987c478bd9Sstevel@tonic-gate const void *userdata); 4997c478bd9Sstevel@tonic-gate 5007c478bd9Sstevel@tonic-gate int __ns_ldap_nextEntry( 5017c478bd9Sstevel@tonic-gate void *cookie, 5027c478bd9Sstevel@tonic-gate ns_ldap_result_t ** result, 5037c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5047c478bd9Sstevel@tonic-gate 5057c478bd9Sstevel@tonic-gate int __ns_ldap_endEntry( 5067c478bd9Sstevel@tonic-gate void **cookie, 5077c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5087c478bd9Sstevel@tonic-gate 5097c478bd9Sstevel@tonic-gate int __ns_ldap_freeResult( 5107c478bd9Sstevel@tonic-gate ns_ldap_result_t **result); 5117c478bd9Sstevel@tonic-gate 5127c478bd9Sstevel@tonic-gate int __ns_ldap_freeError( 5137c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5147c478bd9Sstevel@tonic-gate 5157c478bd9Sstevel@tonic-gate int __ns_ldap_uid2dn( 5167c478bd9Sstevel@tonic-gate const char *uid, 5177c478bd9Sstevel@tonic-gate char **userDN, 5187c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 5197c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 5207c478bd9Sstevel@tonic-gate 5217c478bd9Sstevel@tonic-gate int __ns_ldap_host2dn( 5227c478bd9Sstevel@tonic-gate const char *host, 5237c478bd9Sstevel@tonic-gate const char *domain, 5247c478bd9Sstevel@tonic-gate char **hostDN, 5257c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 5267c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 5277c478bd9Sstevel@tonic-gate 5287c478bd9Sstevel@tonic-gate int __ns_ldap_dn2domain( 5297c478bd9Sstevel@tonic-gate const char *dn, 5307c478bd9Sstevel@tonic-gate char **domain, 5317c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 5327c478bd9Sstevel@tonic-gate ns_ldap_error_t ** errorp); 5337c478bd9Sstevel@tonic-gate 5347c478bd9Sstevel@tonic-gate int __ns_ldap_auth( 5357c478bd9Sstevel@tonic-gate const ns_cred_t *cred, 5367c478bd9Sstevel@tonic-gate const int flag, 5377c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp, 5387c478bd9Sstevel@tonic-gate LDAPControl **serverctrls, 5397c478bd9Sstevel@tonic-gate LDAPControl **clientctrls); 5407c478bd9Sstevel@tonic-gate 5417c478bd9Sstevel@tonic-gate int __ns_ldap_freeCred( 5427c478bd9Sstevel@tonic-gate ns_cred_t **credp); 5437c478bd9Sstevel@tonic-gate 5447c478bd9Sstevel@tonic-gate int __ns_ldap_err2str( 5457c478bd9Sstevel@tonic-gate int err, 5467c478bd9Sstevel@tonic-gate char **strmsg); 5477c478bd9Sstevel@tonic-gate 5487c478bd9Sstevel@tonic-gate int __ns_ldap_setParam( 5497c478bd9Sstevel@tonic-gate const ParamIndexType type, 5507c478bd9Sstevel@tonic-gate const void *data, 5517c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5527c478bd9Sstevel@tonic-gate 5537c478bd9Sstevel@tonic-gate int __ns_ldap_getParam( 5547c478bd9Sstevel@tonic-gate const ParamIndexType type, 5557c478bd9Sstevel@tonic-gate void ***data, 5567c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5577c478bd9Sstevel@tonic-gate 5587c478bd9Sstevel@tonic-gate int __ns_ldap_freeParam( 5597c478bd9Sstevel@tonic-gate void ***data); 5607c478bd9Sstevel@tonic-gate 5617c478bd9Sstevel@tonic-gate char **__ns_ldap_getAttr( 5627c478bd9Sstevel@tonic-gate const ns_ldap_entry_t *entry, 5637c478bd9Sstevel@tonic-gate const char *attrname); 5647c478bd9Sstevel@tonic-gate 5657c478bd9Sstevel@tonic-gate int __ns_ldap_getServiceAuthMethods( 5667c478bd9Sstevel@tonic-gate const char *service, 5677c478bd9Sstevel@tonic-gate ns_auth_t ***auth, 5687c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5697c478bd9Sstevel@tonic-gate 5707c478bd9Sstevel@tonic-gate int __ns_ldap_getSearchDescriptors( 5717c478bd9Sstevel@tonic-gate const char *service, 5727c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t ***desc, 5737c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5747c478bd9Sstevel@tonic-gate 5757c478bd9Sstevel@tonic-gate int __ns_ldap_freeSearchDescriptors( 5767c478bd9Sstevel@tonic-gate ns_ldap_search_desc_t ***desc); 5777c478bd9Sstevel@tonic-gate 5787c478bd9Sstevel@tonic-gate int __ns_ldap_getAttributeMaps( 5797c478bd9Sstevel@tonic-gate const char *service, 5807c478bd9Sstevel@tonic-gate ns_ldap_attribute_map_t ***maps, 5817c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5827c478bd9Sstevel@tonic-gate 5837c478bd9Sstevel@tonic-gate int __ns_ldap_freeAttributeMaps( 5847c478bd9Sstevel@tonic-gate ns_ldap_attribute_map_t ***maps); 5857c478bd9Sstevel@tonic-gate 5867c478bd9Sstevel@tonic-gate char **__ns_ldap_getMappedAttributes( 5877c478bd9Sstevel@tonic-gate const char *service, 5887c478bd9Sstevel@tonic-gate const char *origAttribute); 5897c478bd9Sstevel@tonic-gate 5907c478bd9Sstevel@tonic-gate char **__ns_ldap_getOrigAttribute( 5917c478bd9Sstevel@tonic-gate const char *service, 5927c478bd9Sstevel@tonic-gate const char *mappedAttribute); 5937c478bd9Sstevel@tonic-gate 5947c478bd9Sstevel@tonic-gate int __ns_ldap_getObjectClassMaps( 5957c478bd9Sstevel@tonic-gate const char *service, 5967c478bd9Sstevel@tonic-gate ns_ldap_objectclass_map_t ***maps, 5977c478bd9Sstevel@tonic-gate ns_ldap_error_t **errorp); 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate int __ns_ldap_freeObjectClassMaps( 6007c478bd9Sstevel@tonic-gate ns_ldap_objectclass_map_t ***maps); 6017c478bd9Sstevel@tonic-gate 6027c478bd9Sstevel@tonic-gate char **__ns_ldap_getMappedObjectClass( 6037c478bd9Sstevel@tonic-gate const char *service, 6047c478bd9Sstevel@tonic-gate const char *origObjectClass); 6057c478bd9Sstevel@tonic-gate 6067c478bd9Sstevel@tonic-gate char **__ns_ldap_getOrigObjectClass( 6077c478bd9Sstevel@tonic-gate const char *service, 6087c478bd9Sstevel@tonic-gate const char *mappedObjectClass); 6097c478bd9Sstevel@tonic-gate 6107c478bd9Sstevel@tonic-gate int __ns_ldap_getParamType( 6117c478bd9Sstevel@tonic-gate const char *value, 6127c478bd9Sstevel@tonic-gate ParamIndexType *type); 6137c478bd9Sstevel@tonic-gate #ifdef __cplusplus 6147c478bd9Sstevel@tonic-gate } 6157c478bd9Sstevel@tonic-gate #endif 6167c478bd9Sstevel@tonic-gate 6177c478bd9Sstevel@tonic-gate #endif /* _NS_SLDAP_H */ 618