1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #ifndef	_NS_SLDAP_H
28 #define	_NS_SLDAP_H
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 #include <stdio.h>
35 #include <sys/types.h>
36 #include <lber.h>
37 #include <ldap.h>
38 
39 /*
40  * Version
41  */
42 #define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
43 #define	NS_LDAP_VERSION_1	"1.0"
44 #define	NS_LDAP_VERSION_2	"2.0"
45 
46 /*
47  * Flags
48  */
49 #define	NS_LDAP_HARD		  0x001
50 #define	NS_LDAP_ALL_RES		  0x002
51 
52 /* Search Referral Option */
53 typedef enum SearchRef {
54 	NS_LDAP_FOLLOWREF	= 0x004,
55 	NS_LDAP_NOREF		= 0x008
56 } SearchRef_t;
57 
58 typedef enum ScopeType {
59 	NS_LDAP_SCOPE_BASE	= 0x010,
60 	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
61 	NS_LDAP_SCOPE_SUBTREE	= 0x040
62 } ScopeType_t;
63 
64 /*
65  * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
66  * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
67  * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
68  * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
69  */
70 
71 #define	NS_LDAP_KEEP_CONN	  0x080
72 #define	NS_LDAP_NEW_CONN	  0x400
73 #define	NS_LDAP_NOMAP		  0x800
74 
75 #define	NS_LDAP_PAGE_CTRL	  0x1000
76 #define	NS_LDAP_NO_PAGE_CTRL	  0x0000
77 
78 /*
79  * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
80  * to retrieve the DN in LDAP and DN is not to be converted when
81  * being passed back to the application. See __ns_ldap_uid2dn()
82  * and __ns_ldap_host2dn() for such usage.
83  */
84 #define	NS_LDAP_NOT_CVT_DN	0x2000
85 
86 /*
87  * Authentication Information
88  */
89 typedef enum CredLevel {
90 	NS_LDAP_CRED_ANON	= 0,
91 	NS_LDAP_CRED_PROXY	= 1,
92 	NS_LDAP_CRED_SELF	= 2
93 } CredLevel_t;
94 
95 typedef enum AuthType {
96 	NS_LDAP_AUTH_NONE	= 0,
97 	NS_LDAP_AUTH_SIMPLE	= 1,
98 	NS_LDAP_AUTH_SASL	= 2,
99 	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
100 	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
101 } AuthType_t;
102 
103 typedef enum TlsType {
104 	NS_LDAP_TLS_NONE	= 0,
105 	NS_LDAP_TLS_SIMPLE	= 1,
106 	NS_LDAP_TLS_SASL	= 2
107 } TlsType_t;
108 
109 typedef enum SaslMech {
110 	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
111 	NS_LDAP_SASL_CRAM_MD5	= 1,
112 	NS_LDAP_SASL_DIGEST_MD5	= 2,
113 	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
114 	NS_LDAP_SASL_GSSAPI	= 4,
115 	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
116 } SaslMech_t;
117 
118 typedef enum SaslOpt {
119 	NS_LDAP_SASLOPT_NONE	= 0,
120 	NS_LDAP_SASLOPT_INT	= 1,
121 	NS_LDAP_SASLOPT_PRIV	= 2
122 } SaslOpt_t;
123 
124 typedef enum PrefOnly {
125 	NS_LDAP_PREF_FALSE	= 0,
126 	NS_LDAP_PREF_TRUE	= 1
127 } PrefOnly_t;
128 
129 typedef struct UnixCred {
130 	char	*userID;	/* Unix ID number */
131 	char	*passwd;	/* password */
132 } UnixCred_t;
133 
134 typedef struct CertCred {
135 	char	*path;		/* certificate path */
136 	char	*passwd;	/* password */
137 	char	*nickname;	/* nickname */
138 } CertCred_t;
139 
140 typedef struct ns_auth {
141 	AuthType_t	type;
142 	TlsType_t	tlstype;
143 	SaslMech_t	saslmech;
144 	SaslOpt_t	saslopt;
145 } ns_auth_t;
146 
147 typedef struct ns_cred {
148 	ns_auth_t	auth;
149 	char		*hostcertpath;
150 	union {
151 		UnixCred_t	unix_cred;
152 		CertCred_t	cert_cred;
153 	} cred;
154 } ns_cred_t;
155 
156 
157 typedef struct LineBuf {
158 	char *str;
159 	int len;
160 	int alloc;
161 } LineBuf;
162 
163 /*
164  * Configuration Information
165  */
166 
167 typedef enum {
168 	NS_LDAP_FILE_VERSION_P		= 0,
169 	NS_LDAP_BINDDN_P		= 1,
170 	NS_LDAP_BINDPASSWD_P		= 2,
171 	NS_LDAP_SERVERS_P		= 3,
172 	NS_LDAP_SEARCH_BASEDN_P		= 4,
173 	NS_LDAP_AUTH_P			= 5,
174 /*
175  * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
176  * with version 1 clients and their configuration files.  The only
177  * supported value is NS_LDAP_SEC_NONE.  No application should be
178  * using this parameter type (either through getParam or setParam.
179  */
180 	NS_LDAP_TRANSPORT_SEC_P		= 6,
181 	NS_LDAP_SEARCH_REF_P		= 7,
182 	NS_LDAP_DOMAIN_P		= 8,
183 	NS_LDAP_EXP_P			= 9,
184 	NS_LDAP_CERT_PATH_P		= 10,
185 	NS_LDAP_CERT_PASS_P		= 11,
186 	NS_LDAP_SEARCH_DN_P		= 12,
187 	NS_LDAP_SEARCH_SCOPE_P		= 13,
188 	NS_LDAP_SEARCH_TIME_P		= 14,
189 	NS_LDAP_SERVER_PREF_P		= 15,
190 	NS_LDAP_PREF_ONLY_P		= 16,
191 	NS_LDAP_CACHETTL_P		= 17,
192 	NS_LDAP_PROFILE_P		= 18,
193 	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
194 	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
195 	NS_LDAP_BIND_TIME_P		= 21,
196 	NS_LDAP_ATTRIBUTEMAP_P		= 22,
197 	NS_LDAP_OBJECTCLASSMAP_P	= 23,
198 	NS_LDAP_CERT_NICKNAME_P		= 24,
199 	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
200 	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
201 	NS_LDAP_HOST_CERTPATH_P		= 27,
202 /*
203  * The following entry (max ParamIndexType) is an internal
204  * placeholder.  It must be the last (and highest value)
205  * entry in this eNum.  Please update accordingly.
206  */
207 	NS_LDAP_MAX_PIT_P		= 28
208 
209 } ParamIndexType;
210 
211 /*
212  * NONE - No self / SASL/GSSAPI configured
213  * ONLY - Only self / SASL/GSSAPI configured
214  * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
215  */
216 typedef enum {
217 	NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
218 	NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
219 	NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
220 } ns_ldap_self_gssapi_config_t;
221 
222 /*
223  * __ns_ldap_*() return codes
224  */
225 typedef enum {
226 	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
227 	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
228 	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
229 	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
230 	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
231 	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
232 	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
233 	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
234 	NS_LDAP_SUCCESS_WITH_INFO
235 				= 9  /* success, with info in errorp */
236 } ns_ldap_return_code;
237 
238 /*
239  * Detailed error code for NS_LDAP_CONFIG
240  */
241 typedef enum {
242 	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
243 	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
244 	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
245 	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
246 	NS_CONFIG_FILE		= 4,	/* configuration file problem */
247 	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
248 } ns_ldap_config_return_code;
249 
250 /*
251  * Detailed error code for NS_LDAP_PARTIAL
252  */
253 typedef enum {
254 	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
255 	NS_PARTIAL_OTHER	= 1	/* error encountered */
256 } ns_ldap_partial_return_code;
257 
258 /*
259  * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
260  */
261 typedef enum {
262 	NS_HOSTCRED_FALSE = 0,
263 	NS_HOSTCRED_TRUE  = 1
264 } hostcred_t;
265 
266 /*
267  * Detailed password status
268  */
269 typedef enum {
270 	NS_PASSWD_GOOD			= 0,	/* password is good */
271 	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
272 						/* about to expire */
273 	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
274 						/* changed immediately */
275 	NS_PASSWD_EXPIRED		= 3,	/* password expired */
276 	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
277 						/* account is locked */
278 	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
279 						/* by the administrator */
280 	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
281 						/* new password has */
282 						/* invalid syntax -- */
283 						/* trivial password: same */
284 						/* value as attr, cn, sn, */
285 						/* uid, etc. */
286 						/* or strong password */
287 						/* policies check */
288 	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
289 						/* new password has */
290 						/* less chars than */
291 						/* required */
292 	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
293 						/* reuse old password  */
294 	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
295 						/* within minimum age  */
296 } ns_ldap_passwd_status_t;
297 
298 /*
299  * Password management information structure
300  *
301  * This structure is different from AcctUsableResponse_t structure in
302  * that this structure holds result of users account mgmt information when
303  * an ldap bind is done with user name and user password.
304  */
305 typedef struct ns_ldap_passwd_mgmt {
306 	ns_ldap_passwd_status_t
307 		status;			/* password status */
308 	int	sec_until_expired;	/* seconds until expired, */
309 					/* valid if status is */
310 					/* NS_PASSWD_ABOUT_TO_EXPIRE */
311 } ns_ldap_passwd_mgmt_t;
312 
313 /*
314  * LDAP V3 control flag for account management - Used for account management
315  * when no password is provided
316  */
317 #define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"
318 
319 /*
320  * Structure for holding the response returned by server for
321  * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
322  */
323 typedef struct AcctUsableMoreInfo {
324 	int inactive;
325 	int reset;
326 	int expired;
327 	int rem_grace;
328 	int sec_b4_unlock;
329 } AcctUsableMoreInfo_t;
330 
331 /*
332  * Structure used to hold the response from the server for
333  * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
334  *
335  * ACCOUNT_USABLE_RESPONSE::= CHOICE {
336  * is_available		[0] INTEGER, seconds before expiration
337  * is_not_available	[1] More_info
338  * }
339  *
340  * More_info::= SEQUENCE {
341  * inactive		[0] BOOLEAN DEFAULT FALSE,
342  * reset		[1] BOOLEAN DEFAULT FALSE,
343  * expired		[2] BOOLEAN DEFAULT FALSE,
344  * remaining_grace	[3] INTEGER OPTIONAL,
345  * seconds_before_unlock[4] INTEGER OPTIONAL
346  * }
347  *
348  * This structure is different from ns_ldap_passwd_mgmt_t structure in
349  * that this structure holds result of users account mgmt information when
350  * pam_ldap doesn't have the users password and proxy agent is used for
351  * obtaining the account management information.
352  */
353 typedef struct AcctUsableResponse {
354 	int choice;
355 	union {
356 		int seconds_before_expiry;
357 		AcctUsableMoreInfo_t more_info;
358 	} AcctUsableResp;
359 } AcctUsableResponse_t;
360 
361 /*
362  * Simplified LDAP Naming API result structure
363  */
364 typedef struct ns_ldap_error {
365 	int	status;				/* LDAP error code */
366 	char	*message;			/* LDAP error message */
367 	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
368 						/* management info */
369 } ns_ldap_error_t;
370 
371 typedef struct	 ns_ldap_attr {
372 	char	*attrname;			/* attribute name */
373 	uint_t	value_count;
374 	char	**attrvalue;			/* attribute values */
375 } ns_ldap_attr_t;
376 
377 typedef struct ns_ldap_entry {
378 	uint_t		attr_count;		/* number of attributes */
379 	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
380 	struct ns_ldap_entry *next;		/* next entry */
381 } ns_ldap_entry_t;
382 
383 typedef struct ns_ldap_result {
384 	uint_t	entries_count;		/* number of entries */
385 	ns_ldap_entry_t	*entry;		/* data */
386 } ns_ldap_result_t;
387 
388 /*
389  * structures for the conversion routines used by typedAddEntry()
390  */
391 
392 typedef struct _ns_netgroups {
393 	char  *name;
394 	char  **triplet;
395 	char  **netgroup;
396 } _ns_netgroups_t;
397 
398 typedef struct _ns_netmasks {
399 	char *netnumber;
400 	char *netmask;
401 } _ns_netmasks_t;
402 
403 typedef struct _ns_bootp {
404 	char *name;
405 	char **param;
406 } _ns_bootp_t;
407 
408 typedef struct _ns_ethers {
409 	char *name;
410 	char *ether;
411 } _ns_ethers_t;
412 
413 typedef struct _ns_pubkey {
414 	char *name;
415 	hostcred_t hostcred;
416 	char *pubkey;
417 	char *privkey;
418 } _ns_pubkey_t;
419 
420 typedef struct _ns_alias {
421 	char *alias;
422 	char **member;
423 } _ns_alias_t;
424 
425 typedef struct _ns_automount {
426 	char *mapname;
427 	char *key;
428 	char *value;
429 } _ns_automount_t;
430 
431 /*
432  * return values for the callback function in __ns_ldap_list()
433  */
434 #define	NS_LDAP_CB_NEXT	0	/* get the next entry */
435 #define	NS_LDAP_CB_DONE	1	/* done */
436 
437 /*
438  * Input values for the type specified in __ns_ldap_addTypedEntry()
439  * and __ns_ldap_delTypedEntry()
440  */
441 
442 #define	NS_LDAP_TYPE_PASSWD	"passwd"
443 #define	NS_LDAP_TYPE_GROUP	"group"
444 #define	NS_LDAP_TYPE_HOSTS	"hosts"
445 #define	NS_LDAP_TYPE_IPNODES	"ipnodes"
446 #define	NS_LDAP_TYPE_PROFILE	"prof_attr"
447 #define	NS_LDAP_TYPE_RPC	"rpc"
448 #define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
449 #define	NS_LDAP_TYPE_NETWORKS	"networks"
450 #define	NS_LDAP_TYPE_NETGROUP	"netgroup"
451 #define	NS_LDAP_TYPE_ALIASES	"aliases"
452 #define	NS_LDAP_TYPE_SERVICES	"services"
453 #define	NS_LDAP_TYPE_ETHERS	"ethers"
454 #define	NS_LDAP_TYPE_SHADOW	"shadow"
455 #define	NS_LDAP_TYPE_NETMASKS	"netmasks"
456 #define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
457 #define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
458 #define	NS_LDAP_TYPE_USERATTR	"user_attr"
459 #define	NS_LDAP_TYPE_PROJECT	"project"
460 #define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
461 #define	NS_LDAP_TYPE_AUUSER	"audit_user"
462 #define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
463 #define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
464 #define	NS_LDAP_TYPE_TNRHDB	"tnrhdb"
465 #define	NS_LDAP_TYPE_TNRHTP	"tnrhtp"
466 
467 /*
468  * service descriptor/attribute mapping structure
469  */
470 
471 typedef struct ns_ldap_search_desc {
472 	char		*basedn;	/* search base dn */
473 	ScopeType_t	scope;		/* search scope */
474 	char		*filter;	/* search filter */
475 } ns_ldap_search_desc_t;
476 
477 typedef struct ns_ldap_attribute_map {
478 	char		*origAttr;	/* original attribute */
479 	char		**mappedAttr;	/* mapped attribute(s) */
480 } ns_ldap_attribute_map_t;
481 
482 typedef struct ns_ldap_objectclass_map {
483 	char		*origOC;	/* original objectclass */
484 	char		*mappedOC;	/* mapped objectclass */
485 } ns_ldap_objectclass_map_t;
486 
487 /* Opaque handle for batch API */
488 typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;
489 
490 /*
491  * The type of standalone configuration specified by a client application.
492  * The meaning of the requests is as follows:
493  *
494  * NS_CACHEMGR:    libsldap will request all the configuration via door_call(3C)
495  *                 to ldap_cachemgr.
496  * NS_LDAP_SERVER: the consumer application has specified a directory server
497  *                 to communicate to.
498  * NS_PREDEFINED:  reserved for internal use
499  */
500 typedef enum {
501 	NS_CACHEMGR = 0,
502 	NS_LDAP_SERVER
503 } ns_standalone_request_type_t;
504 
505 /*
506  * This structure describes an LDAP server specified by a client application.
507  */
508 typedef struct ns_dir_server {
509 	char *server;			/* A directory server's IP */
510 	uint16_t port;			/* A directory server's port. */
511 					/* Default value is 389 */
512 	char *domainName;		/* A domain name being served */
513 					/* by the specified server. */
514 					/* Default value is the local */
515 					/* domain's name */
516 	char *profileName;		/* A DUAProfile's name. */
517 					/* Default value is 'default' */
518 	ns_auth_t *auth;		/* Authentication information used */
519 					/* during subsequent connections */
520 	char *cred;			/* A credential level to be used */
521 					/* along with the authentication info */
522 	char *host_cert_path;		/* A path to the certificate database */
523 					/* Default is '/vat/ldap' */
524 	char *bind_dn;			/* A bind DN to be used during */
525 					/* subsequent LDAP Bind requests */
526 	char *bind_passwd;		/* A bind password to be used during */
527 					/* subsequent LDAP Bind requests */
528 } ns_dir_server_t;
529 
530 /*
531  * This structure contains information describing an LDAP server.
532  */
533 typedef struct ns_standalone_conf {
534 	union {
535 		ns_dir_server_t server;
536 		void *predefined_conf;	/* Reserved for internal use */
537 	} ds_profile;			/* A type of the configuration */
538 
539 #define	SA_SERVER	ds_profile.server.server
540 #define	SA_PORT		ds_profile.server.port
541 #define	SA_DOMAIN	ds_profile.server.domainName
542 #define	SA_PROFILE_NAME	ds_profile.server.profileName
543 #define	SA_AUTH		ds_profile.server.auth
544 #define	SA_CRED		ds_profile.server.cred
545 #define	SA_CERT_PATH	ds_profile.server.host_cert_path
546 #define	SA_BIND_DN	ds_profile.server.bind_dn
547 #define	SA_BIND_PWD	ds_profile.server.bind_passwd
548 
549 	ns_standalone_request_type_t type;
550 } ns_standalone_conf_t;
551 
552 /*
553  * This function "informs" libsldap that a client application has specified
554  * a directory to use. The function obtains a DUAProfile, credentials,
555  * and naming context. During all further operations on behalf
556  * of the application requested a standalone schema libsldap will use
557  * the information obtained by __ns_ldap_initStandalone() instead of
558  * door_call(3C)ing ldap_cachemgr(1M).
559  *
560  * conf
561  * 	A structure describing where and in which way to obtain all the
562  * 	configuration describing how to communicate to a choosen LDAP directory.
563  *
564  * errorp
565  * 	An error object describing an error occured.
566  */
567 ns_ldap_return_code __ns_ldap_initStandalone(
568 	const ns_standalone_conf_t *conf,
569 	ns_ldap_error_t	**errorp);
570 
571 /*
572  * This function obtains the directory's base DN and a DUAProfile
573  * from a specified server.
574  *
575  * server
576  * 	Specifies the selected directory sever.
577  *
578  * cred
579  * 	Contains an authentication information and credential required to
580  * 	establish a connection.
581  *
582  * config
583  * 	If not NULL, a new configuration basing on a DUAProfile specified in the
584  * 	server parameter will be create and returned.
585  *
586  * baseDN
587  * 	If not NULL, the directory's base DN will be returned.
588  *
589  * error
590  * 	Describes an error, if any.
591  */
592 ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
593 	const ns_dir_server_t *server,
594 	const ns_cred_t *cred,
595 	char **config,	char **baseDN,
596 	ns_ldap_error_t **error);
597 
598 #define	SA_PROHIBIT_FALLBACK 0
599 #define	SA_ALLOW_FALLBACK 1
600 
601 #define	DONT_SAVE_NSCONF 0
602 #define	SAVE_NSCONF 1
603 
604 /*
605  * This function obtains the root DSE from a specified server.
606  *
607  * server_addr
608  * 	An adress of a server to be connected to.
609  *
610  * rootDSE
611  * 	A buffer containing the root DSE in the ldap_cachmgr door call format.
612  *
613  * errorp
614  * 	Describes an error, if any.
615  *
616  * anon_fallback
617  * 	If set to 1 and establishing a connection fails, __s_api_getRootDSE()
618  * 	will try once again using anonymous credentials.
619  */
620 ns_ldap_return_code __ns_ldap_getRootDSE(
621 	const char *server_addr,
622 	char **rootDSE,
623 	ns_ldap_error_t **errorp,
624 	int anon_fallback);
625 
626 /*
627  * This function iterates through the list of the configured LDAP servers
628  * and "pings" those which are marked as removed or if any error occurred
629  * during the previous receiving of the server's root DSE. If the
630  * function is able to reach such a server and get its root DSE, it
631  * marks the server as on-line. Otherwise, the server's status is set
632  * to "Error".
633  * For each server the function tries to connect to, it fires up
634  * a separate thread and then waits until all the threads finish.
635  * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
636  * initialized or was canceled prior to an invocation of
637  * __ns_ldap_pingOfflineServers().
638  */
639 ns_ldap_return_code __ns_ldap_pingOfflineServers(void);
640 
641 /*
642  * This function cancels the Standalone mode and destroys the list of root DSEs.
643  */
644 void __ns_ldap_cancelStandalone(void);
645 /*
646  * This function initializes an ns_auth_t structure provided by a caller
647  * according to a specified authentication mechanism.
648  */
649 ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
650 	ns_auth_t *auth,
651 	ns_ldap_error_t **errorp);
652 
653 /*
654  * Simplified LDAP Naming APIs
655  */
656 int __ns_ldap_list(
657 	const char *service,
658 	const char *filter,
659 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
660 			char **realfilter, const void *userdata),
661 	const char * const *attribute,
662 	const ns_cred_t *cred,
663 	const int flags,
664 	ns_ldap_result_t ** result,
665 	ns_ldap_error_t ** errorp,
666 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
667 	const void *userdata);
668 
669 int __ns_ldap_list_batch_start(
670 	ns_ldap_list_batch_t **batch);
671 
672 int __ns_ldap_list_batch_add(
673 	ns_ldap_list_batch_t *batch,
674 	const char *service,
675 	const char *filter,
676 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
677 			char **realfilter, const void *userdata),
678 	const char * const *attribute,
679 	const ns_cred_t *cred,
680 	const int flags,
681 	ns_ldap_result_t ** result,
682 	ns_ldap_error_t ** errorp,
683 	int *rcp,
684 	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
685 	const void *userdata);
686 
687 int __ns_ldap_list_batch_end(
688 	ns_ldap_list_batch_t *batch);
689 
690 void __ns_ldap_list_batch_release(
691 	ns_ldap_list_batch_t *batch);
692 
693 int  __ns_ldap_addAttr(
694 	const char *service,
695 	const char *dn,
696 	const ns_ldap_attr_t * const *attr,
697 	const ns_cred_t *cred,
698 	const int flags,
699 	ns_ldap_error_t **errorp);
700 
701 int __ns_ldap_delAttr(
702 	const char *service,
703 	const char *dn,
704 	const ns_ldap_attr_t * const *attr,
705 	const ns_cred_t *cred,
706 	const int flags,
707 	ns_ldap_error_t **errorp);
708 
709 int  __ns_ldap_repAttr(
710 	const char *service,
711 	const char *dn,
712 	const ns_ldap_attr_t * const *attr,
713 	const ns_cred_t *cred,
714 	const int flags,
715 	ns_ldap_error_t **errorp);
716 
717 int  __ns_ldap_addEntry(
718 	const char *service,
719 	const char *dn,
720 	const ns_ldap_entry_t *entry,
721 	const ns_cred_t *cred,
722 	const int flags,
723 	ns_ldap_error_t **errorp);
724 
725 int  __ns_ldap_addTypedEntry(
726 	const char *servicetype,
727 	const char *basedn,
728 	const void *data,
729 	const int  create,
730 	const ns_cred_t *cred,
731 	const int flags,
732 	ns_ldap_error_t **errorp);
733 
734 int __ns_ldap_delEntry(
735 	const char *service,
736 	const char *dn,
737 	const ns_cred_t *cred,
738 	const int flags,
739 	ns_ldap_error_t **errorp);
740 
741 int __ns_ldap_firstEntry(
742 	const char *service,
743 	const char *filter,
744 	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
745 			char **realfilter, const void *userdata),
746 	const char * const *attribute,
747 	const ns_cred_t *cred,
748 	const int flags,
749 	void **cookie,
750 	ns_ldap_result_t ** result,
751 	ns_ldap_error_t **errorp,
752 	const void *userdata);
753 
754 int  __ns_ldap_nextEntry(
755 	void *cookie,
756 	ns_ldap_result_t ** result,
757 	ns_ldap_error_t **errorp);
758 
759 int  __ns_ldap_endEntry(
760 	void **cookie,
761 	ns_ldap_error_t **errorp);
762 
763 int __ns_ldap_freeResult(
764 	ns_ldap_result_t **result);
765 
766 int __ns_ldap_freeError(
767 	ns_ldap_error_t **errorp);
768 
769 int  __ns_ldap_uid2dn(
770 	const char *uid,
771 	char **userDN,
772 	const ns_cred_t *cred,
773 	ns_ldap_error_t ** errorp);
774 
775 int  __ns_ldap_host2dn(
776 	const char *host,
777 	const char *domain,
778 	char **hostDN,
779 	const ns_cred_t *cred,
780 	ns_ldap_error_t ** errorp);
781 
782 int  __ns_ldap_dn2domain(
783 	const char *dn,
784 	char **domain,
785 	const ns_cred_t *cred,
786 	ns_ldap_error_t ** errorp);
787 
788 int __ns_ldap_auth(
789 	const ns_cred_t *cred,
790 	const int flag,
791 	ns_ldap_error_t **errorp,
792 	LDAPControl **serverctrls,
793 	LDAPControl **clientctrls);
794 
795 int __ns_ldap_freeCred(
796 	ns_cred_t **credp);
797 
798 int __ns_ldap_err2str(
799 	int err,
800 	char **strmsg);
801 
802 int __ns_ldap_setParam(
803 	const ParamIndexType type,
804 	const void *data,
805 	ns_ldap_error_t **errorp);
806 
807 int __ns_ldap_getParam(
808 	const ParamIndexType type,
809 	void ***data,
810 	ns_ldap_error_t **errorp);
811 
812 int __ns_ldap_freeParam(
813 	void ***data);
814 
815 char **__ns_ldap_getAttr(
816 	const ns_ldap_entry_t *entry,
817 	const char *attrname);
818 
819 ns_ldap_attr_t	*__ns_ldap_getAttrStruct(
820 	const ns_ldap_entry_t *entry,
821 	const char *attrname);
822 
823 int __ns_ldap_getServiceAuthMethods(
824 	const char *service,
825 	ns_auth_t ***auth,
826 	ns_ldap_error_t **errorp);
827 
828 int __ns_ldap_getSearchDescriptors(
829 	const char *service,
830 	ns_ldap_search_desc_t ***desc,
831 	ns_ldap_error_t **errorp);
832 
833 int __ns_ldap_freeSearchDescriptors(
834 	ns_ldap_search_desc_t ***desc);
835 
836 int __ns_ldap_getAttributeMaps(
837 	const char *service,
838 	ns_ldap_attribute_map_t ***maps,
839 	ns_ldap_error_t **errorp);
840 
841 int __ns_ldap_freeAttributeMaps(
842 	ns_ldap_attribute_map_t ***maps);
843 
844 char **__ns_ldap_getMappedAttributes(
845 	const char *service,
846 	const char *origAttribute);
847 
848 char **__ns_ldap_getOrigAttribute(
849 	const char *service,
850 	const char *mappedAttribute);
851 
852 int __ns_ldap_getObjectClassMaps(
853 	const char *service,
854 	ns_ldap_objectclass_map_t ***maps,
855 	ns_ldap_error_t **errorp);
856 
857 int __ns_ldap_freeObjectClassMaps(
858 	ns_ldap_objectclass_map_t ***maps);
859 
860 char **__ns_ldap_getMappedObjectClass(
861 	const char *service,
862 	const char *origObjectClass);
863 
864 char **__ns_ldap_getOrigObjectClass(
865 	const char *service,
866 	const char *mappedObjectClass);
867 
868 int __ns_ldap_getParamType(
869 	const char *value,
870 	ParamIndexType *type);
871 
872 int __ns_ldap_getAcctMgmt(
873 	const char *user,
874 	AcctUsableResponse_t *acctResp);
875 void
876 __ns_ldap_self_gssapi_only_set(
877 	int flag);
878 int
879 __ns_ldap_self_gssapi_config(
880 	ns_ldap_self_gssapi_config_t *config);
881 #ifdef __cplusplus
882 }
883 #endif
884 
885 #endif /* _NS_SLDAP_H */
886