ns_internal.h revision 2
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * INTERNALLY USED CONSTANTS 2N/A "Do not edit this file manually; your changes will be lost." \
2N/A "Please use ldapclient (1M) instead." 2N/A/* max rdn length in conversion routines used by __ns_ldap_addTypedEntry() */ 2N/A * special service used by ldap_cachemgr to indicate a shadow update 2N/A * is to be done with the credential of the administrator identity 2N/A/* Phase 1 profile information */ 2N/A/* Phase 2 profile information */ 2N/A/* Common to all profiles */ 2N/A/* Native LDAP Phase 1 Specific Profile Attributes */ 2N/A/* Native LDAP Phase 2 Specific Profile Attributes */ 2N/A/* Control, SASL mechanism, and server information from RootDSE door call */ 2N/A/* Password management related error message from iDS ldap server */ 2N/A "Exceed password retry limit." 2N/A "Account inactivated. Contact system administrator." 2N/A "user is not allowed to change password" 2N/A "invalid password syntax" 2N/A "Password failed triviality check" 2N/A "password in history" 2N/A "within password minimum age" 2N/A * INTERNALLY USED MACROS 2N/A * MKERROR: builds the error structure and fills in the status and 2N/A * the message. The message must be a freeable (non-static) string. 2N/A * If it fails to allocate memory for the error structure, 2N/A * it will return the retErr. 2N/A * MKERROR_PWD_MGMT is almost the same as MKERROR 2N/A * except that it takes two more inputs to fill in the 2N/A * password management information part of the 2N/A * ns_ldap_error structure pointed to by err, 2N/A * and it does not log a syslog message. 2N/A * INTERNAL DATA STRUCTURES 2N/A * configuration entry type 2N/A * datatype of a config entry 2N/A ARRAYCP =
2,
/* comma sep array of char pointers */ 2N/A TIMET =
4,
/* time relative value (TTL) */ 2N/A * This enum reduces the number of version string compares 2N/A * against NS_LDAP_VERSION_1 and NS_LDAP_VERSION_2 2N/A * enum<->string mapping construct 2N/A * This structure maps service name to rdn components 2N/A * for use in __ns_getDNs. It also defines the SSD-to-use 2N/A * service for use in __s_api_get_SSDtoUse_service. 2N/A * The idea of an SSD-to-use service is to reduce the configuration 2N/A * complexity. For a service, which does not have its own entries in 2N/A * the LDAP directory, SSD for it is useless, and should not be set. 2N/A * But since this service must share the container with at least 2N/A * one other service which does have it own entries, the SSD for 2N/A * this other service will be shared by this service. 2N/A * This other service is called the SSD-to-use service. 2N/A * This structure contains a single mapping from: 2N/A * service:orig -> list of mapped 2N/A * The following is the list of internal libsldap configuration data 2N/A * structures. The configuration is populated normally once per 2N/A * application. The assumption is that in applications can be 2N/A * relatively short lived (IE ls via nsswitch) so it is important to 2N/A * keep configuration to a minimum, but keep lookups fast. 2N/A * 1 configuration entry per domain, and almost always 1 domain 2N/A * per app. Hooks exist for multiple domains per app. 2N/A * Configurations are read in from client file cache or from LDAP. 2N/A * This structure defines the format of an internal configuration 2N/A * parameter for ns_ldap client. 2N/A * This structure defines an instance of a configuration structure. 2N/A * paramList contains the current ns_ldap parameter configuration 2N/A * Parameters are indexed by using the value assigned to the parameter 2N/A * in ParamIndexType. 2N/A * This structure defines the mapping of the NSCONFIGFILE file 2N/A * statements into their corresponding SolarisNamingProfile, 2N/A * Posix Mapping LDAP attributes, and to their corresponding 2N/A * ParamIndexType enum mapping. THe ParamIndexType enum 2N/A * definitions can be found in ns_ldap.h. This structure also 2N/A * defines the default values that are used when a value either 2N/A * does not exist or is undefined. 2N/A const char *
name;
/* config file parameter name */ 2N/A * This typedef enumerates all the supported authentication 2N/A * mechanisms currently supported in this library 2N/A * this enum lists the various states of the search state machine 2N/A * this enum lists the various states of the write state machine 2N/A * Server side sort type. Orginally the server side sort 2N/A * was set to "cn uid". This did not work with AD and 2N/A * hence single sort attribute was odopted. We dont 2N/A * know which server side sort will work with the 2N/A * Directory and hence we discover which method works. 2N/A * This structure is used by ns_connect to create and manage 2N/A * one or more ldap connections within the library. 2N/A /* one thread and not shared */ 2N/A /* by other threads */ 2N/A * These structures are for referral processing. 2N/A * The referrals are returned to the LDAP client 2N/A * from an LDAP server. 2N/A * A referral can have many ref values. Each ref is a URL 2N/A * which provides information to continue an LDAP operation. 2N/A * If a referral contains more than one ref then any 2N/A * ref can be used to continue the LDAP operation. 2N/A * Multiple refs are normally used to supply 2N/A * alternative directory servers for failover. 2N/A * ns_ldap_range_attr_t is used to track the 2N/A * processing of attributes returned in LDAP 2N/A * search results that contain range option 2N/A * specification, which is in the form: 2N/A * <attr name>;range=n1-n2: <value> 2N/A * For example, "member;range=0-1499: dn0" or 2N/A * "member;range=1500-*: dn1500". 2N/A * It's created when handling an attribute name 2N/A * that contains a range option specification. 2N/A * Servers set n2 to '*' to indicate the end of 2N/A * range. 'range_done' will be set to TRUE when 2N/A * n2 is '*'. If n2 is not '*', 'attr_and_range' 2N/A * will be set for subsequent searches. Its value 2N/A * will be set to "<attr name>;range=n3-*", where 2N/A * n3 = n2+1. '*' is used to ask the server to send 2N/A * as many values as possible. It will be used as 2N/A * the attribute value in the attribute array for 2N/A * the next ldap search. 2N/A * 'received_ranges' holds the first range of attribute 2N/A * values received from the original search, and then 2N/A * is appended with values from subsequent searches. 2N/A * 'current_range' holds the attribute values of the 2N/A * most current search. 2N/A * An attribute name may be mapped due to schema 2N/A * mapping. 'mapped_name' points to the mapped string 2N/A * if any. 'attr_len' is the length of the unmapped 2N/A * attribute name. 'next' points the structure tracking 2N/A * the next range attribute. 2N/A * ns_ldap_range_info_t are for handling result 2N/A * entries that have attributes with range option. 2N/A * 'attr_count' is the number of such attributes 2N/A * found in a search result entry. 'dn' is the 2N/A * distinguished name of that entry. 2N/A * 'attr_to_search' is the list of attributes 2N/A * for subsequent searches. 'range_attr' points 2N/A * to the ns_ldap_range_attr_t list that tracks 2N/A * Batch used by __ns_ldap_list_batch_xxx API 2N/A * This structure used internally in searches 2N/A /* server list position */ 2N/A /* service search descriptor list & position */ 2N/A /* search filter callback */ 2N/A * i_extra_info_attr tracks the libsldap operational attributes 2N/A * requested. See ns_sldap.h for information about these attributes. 2N/A * extra_info contains the libsldap operational attributes 2N/A /* RESULT PROCESSING */ 2N/A /* REFERRALS PROCESSING */ 2N/A /* referral list & position */ 2N/A /* Current ref_info of a referral */ 2N/A /* search timeout value */ 2N/A /* response control to hold account management information */ 2N/A /* Flag to indicate password less account management is required */ 2N/A /* BATCH PROCESSING */ 2N/A * This structure is part of the return value information for 2N/A * __s_api_requestServer. The routine that requests a new server 2N/A * from the cache manager 2N/A * sasl callback function parameters 2N/A/* Multiple threads per connection variable */ 2N/A * INTERNAL GLOBAL DEFINITIONS AND FUNCTION DECLARATIONS 2N/A/* internal connection APIs */ 2N/A/* ************ internal sldap-api functions *********** */ 2N/A/* ************ specific 'Standalone' functions ********** */ 2N/A/* internal Param APIs */ 2N/A/* internal configuration APIs */ 2N/A/* internal un-exposed APIs */ 2N/A/* internal referrals APIs */ 2N/A/* callback routine for SSD filters */ 2N/A/* network address verification api */ 2N/A/* password management routine */ 2N/A/* password less account management routine */ 2N/A/* RFC 2307 section 5.6. Get a canonical name from entry */ 2N/A#
endif /* _NS_INTERNAL_H */