/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
#ifndef _NS_SLDAP_H
#define _NS_SLDAP_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdio.h>
#include <lber.h>
#include <ldap.h>
/*
* Version
*/
/*
* Flags
*/
/* Search Referral Option */
typedef enum SearchRef {
} SearchRef_t;
typedef enum ScopeType {
} ScopeType_t;
/*
* BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
* IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
* THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
* IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
*/
/*
* NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
* to retrieve the DN in LDAP and DN is not to be converted when
* being passed back to the application. See __ns_ldap_uid2dn()
* and __ns_ldap_host2dn() for such usage.
*/
/*
* NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
* __ns_ldap_repAttr() to update the shadow database on the
* LDAP server.
*/
/*
* NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
* and __ns_ldap_firstEntry() to read the shadow database on the
* LDAP server.
*/
/*
* This flag is used by __ns_ldap_addTypedEntry to distinguish
* between adding and modifying key-value attr fields.
*/
/*
* NS_LDAP_BASE64_BINARY_ATTR_VALUE requests any binary attribute values
* to be base64-encoded and tagged with NS_LDAP_BASE64_TAG, i.e.,
* \1{base64}NXv+wO0EAA==
* The first character '\1' is for covering the case where a non-binary
* value starts with "{base64}".
*/
/*
* This flag is used to stop new connection from get directory capabilities
* from the the root DSE. This is for private use in libsldap.
*/
/*
* Authentication Information
*/
typedef enum CredLevel {
NS_LDAP_CRED_ANON = 0,
} CredLevel_t;
typedef enum AuthType {
NS_LDAP_AUTH_NONE = 0,
} AuthType_t;
typedef enum TlsType {
NS_LDAP_TLS_NONE = 0,
} TlsType_t;
typedef enum SaslMech {
} SaslMech_t;
typedef enum SaslOpt {
NS_LDAP_SASLOPT_NONE = 0,
} SaslOpt_t;
typedef enum PrefOnly {
NS_LDAP_PREF_FALSE = 0,
} PrefOnly_t;
typedef enum enableShadowUpdate {
typedef struct UnixCred {
} UnixCred_t;
typedef struct CertCred {
} CertCred_t;
typedef struct ns_auth {
} ns_auth_t;
typedef struct ns_cred {
char *hostcertpath;
union {
} cred;
} ns_cred_t;
typedef struct LineBuf {
char *str;
int len;
int alloc;
} LineBuf;
/*
* Configuration Information
*/
typedef enum {
/*
* NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
* with version 1 clients and their configuration files. The only
* supported value is NS_LDAP_SEC_NONE. No application should be
* using this parameter type (either through getParam or setParam.
*/
/*
* The following entry (max ParamIndexType) is an internal
* placeholder. It must be the last (and highest value)
* entry in this eNum. Please update accordingly.
*/
/*
*/
typedef enum {
/*
* __ns_ldap_*() return codes
*/
typedef enum {
= 9 /* success, with info in errorp */
/*
* Detailed error code for NS_LDAP_CONFIG
*/
typedef enum {
/*
* Detailed error code for NS_LDAP_PARTIAL
*/
typedef enum {
/*
* For use by __ns_ldap_addTypedEntry() for publickey serivicetype
*/
typedef enum {
NS_HOSTCRED_FALSE = 0,
} hostcred_t;
/*
* Detailed password status
*/
typedef enum {
/* about to expire */
/* changed immediately */
/* account is locked */
/* by the administrator */
/* new password has */
/* invalid syntax -- */
/* trivial password: same */
/* value as attr, cn, sn, */
/* uid, etc. */
/* or strong password */
/* policies check */
/* new password has */
/* less chars than */
/* required */
/* reuse old password */
/* within minimum age */
/*
* Password management information structure
*
* This structure is different from AcctUsableResponse_t structure in
* that this structure holds result of users account mgmt information when
* an ldap bind is done with user name and user password.
*/
typedef struct ns_ldap_passwd_mgmt {
/* valid if status is */
/* NS_PASSWD_ABOUT_TO_EXPIRE */
/*
* LDAP V3 control flag for account management - Used for account management
* when no password is provided
*/
/*
* Structure for holding the response returned by server for
* NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
*/
typedef struct AcctUsableMoreInfo {
int inactive;
int reset;
int expired;
int rem_grace;
int sec_b4_unlock;
/*
* Structure used to hold the response from the server for
* NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
*
* ACCOUNT_USABLE_RESPONSE::= CHOICE {
* is_available [0] INTEGER, seconds before expiration
* is_not_available [1] More_info
* }
*
* More_info::= SEQUENCE {
* inactive [0] BOOLEAN DEFAULT FALSE,
* reset [1] BOOLEAN DEFAULT FALSE,
* expired [2] BOOLEAN DEFAULT FALSE,
* remaining_grace [3] INTEGER OPTIONAL,
* seconds_before_unlock[4] INTEGER OPTIONAL
* }
*
* This structure is different from ns_ldap_passwd_mgmt_t structure in
* that this structure holds result of users account mgmt information when
* pam_ldap doesn't have the users password and proxy agent is used for
* obtaining the account management information.
*/
typedef struct AcctUsableResponse {
int choice;
union {
/*
* Simplified LDAP Naming API result structure
*/
typedef struct ns_ldap_error {
/* management info */
typedef struct ns_ldap_attr {
typedef struct ns_ldap_entry {
typedef struct ns_ldap_result {
/*
* structures for the conversion routines used by typedAddEntry()
*/
typedef struct _ns_netgroups {
char *name;
char **triplet;
char **netgroup;
typedef struct _ns_netmasks {
char *netnumber;
char *netmask;
typedef struct _ns_bootp {
char *name;
char **param;
} _ns_bootp_t;
typedef struct _ns_ethers {
char *name;
char *ether;
} _ns_ethers_t;
typedef struct _ns_pubkey {
char *name;
char *pubkey;
char *privkey;
} _ns_pubkey_t;
typedef struct _ns_alias {
char *alias;
char **member;
} _ns_alias_t;
typedef struct _ns_automount {
char *mapname;
char *key;
char *value;
/*
* return values for the callback function in __ns_ldap_list()
*/
/*
* Input values for the type specified in __ns_ldap_addTypedEntry()
* and __ns_ldap_delTypedEntry()
*/
/*
* Internal operational attribute maintained by libsldap,
* only one for now, __ns_ldap_op_attr_server_type. This
* attribute is returned in the extra_info ns_ldap_entry_t
* entry by the APIs that support it. Similar to the
* operational attributes returned by LDAP servers, they
* are used to provided extra information about the search
* results. __ns_ldap_op_attr_server_type is used to
* requested the type of the LDAP server where the search
* result is from.
*/
typedef enum {
/*
* service descriptor/attribute mapping structure
*/
typedef struct ns_ldap_search_desc {
typedef struct ns_ldap_attribute_map {
typedef struct ns_ldap_objectclass_map {
/*
* Value of the userPassword attribute representing NO Unix password
*/
/*
* A special keyword used to check if schema mapping is configured for
* a particular database. Callers can call __ns_ldap_getOrigAttribute
* with this keyword to find out if a database has any objectclass or
* attribute mapping defined.
*/
/* Opaque handle for batch API */
/*
* The type of standalone configuration specified by a client application.
* The meaning of the requests is as follows:
*
* NS_CACHEMGR: libsldap will request all the configuration via door_call(3C)
* to ldap_cachemgr.
* NS_LDAP_SERVER: the consumer application has specified a directory server
* to communicate to.
* NS_PREDEFINED: reserved for internal use
*/
typedef enum {
NS_CACHEMGR = 0,
/*
* This structure describes an LDAP server specified by a client application.
*/
typedef struct ns_dir_server {
/* Default value is 389 */
/* by the specified server. */
/* Default value is the local */
/* domain's name */
/* Default value is 'default' */
/* during subsequent connections */
/* along with the authentication info */
/* subsequent LDAP Bind requests */
/* subsequent LDAP Bind requests */
/*
* This structure contains information describing an LDAP server.
*/
typedef struct ns_standalone_conf {
union {
/*
* This function "informs" libsldap that a client application has specified
* a directory to use. The function obtains a DUAProfile, credentials,
* and naming context. During all further operations on behalf
* of the application requested a standalone schema libsldap will use
* the information obtained by __ns_ldap_initStandalone() instead of
* door_call(3C)ing ldap_cachemgr(1M).
*
* conf
* A structure describing where and in which way to obtain all the
* configuration describing how to communicate to a choosen LDAP directory.
*
* errorp
* An error object describing an error occured.
*/
const ns_standalone_conf_t *conf,
/*
* This function obtains the directory's base DN and a DUAProfile
* from a specified server.
*
* server
* Specifies the selected directory sever.
*
* cred
* Contains an authentication information and credential required to
* establish a connection.
*
* config
* If not NULL, a new configuration basing on a DUAProfile specified in the
* server parameter will be create and returned.
*
* baseDN
* If not NULL, the directory's base DN will be returned.
*
* error
* Describes an error, if any.
*/
const ns_dir_server_t *server,
ns_ldap_error_t **error);
#define SA_PROHIBIT_FALLBACK 0
#define DONT_SAVE_NSCONF 0
/*
* This function obtains the root DSE from a specified server.
*
* server_addr
* An adress of a server to be connected to.
*
* server_type
* Returns the type of the server returning the root DSE.
*
* rootDSE
* A buffer containing the root DSE in the ldap_cachmgr door call format.
*
* errorp
* Describes an error, if any.
*
* anon_fallback
* If set to 1 and establishing a connection fails, __s_api_getRootDSE()
* will try once again using anonymous credentials.
*/
const char *server_addr,
char **rootDSE,
int anon_fallback);
/*
* This function iterates through the list of the configured LDAP servers
* and "pings" those which are marked as removed or if any error occurred
* during the previous receiving of the server's root DSE. If the
* function is able to reach such a server and get its root DSE, it
* marks the server as on-line. Otherwise, the server's status is set
* to "Error".
* For each server the function tries to connect to, it fires up
* a separate thread and then waits until all the threads finish.
* The function returns NS_LDAP_INTERNAL if the Standalone mode was not
* initialized or was canceled prior to an invocation of
* __ns_ldap_pingOfflineServers().
*/
/*
* This function cancels the Standalone mode and destroys the list of root DSEs.
*/
void __ns_ldap_cancelStandalone(void);
/*
* This function initializes an ns_auth_t structure provided by a caller
* according to a specified authentication mechanism.
*/
/*
* Simplified LDAP Naming APIs
*/
int __ns_ldap_list(
const char *service,
const char *filter,
char **realfilter, const void *userdata),
const char * const *attribute,
const int flags,
const void *userdata);
int __ns_ldap_list_ext(
const char *service,
const char *filter,
char **realfilter, const void *userdata),
const char * const *attribute,
const int flags,
const void *userdata,
const char * const *extra_info_attr,
int __ns_ldap_list_sort(
const char *service,
const char *filter,
const char *sortattr,
char **realfilter, const void *userdata),
const char * const *attribute,
const int flags,
const void *userdata);
const char *service,
const char *filter,
char **realfilter, const void *userdata),
const char * const *attribute,
const int flags,
int *rcp,
const void *userdata);
int __ns_ldap_addAttr(
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const int flags,
int __ns_ldap_delAttr(
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const int flags,
int __ns_ldap_repAttr(
const char *service,
const char *dn,
const ns_ldap_attr_t * const *attr,
const int flags,
int __ns_ldap_addEntry(
const char *service,
const char *dn,
const ns_ldap_entry_t *entry,
const int flags,
const char *servicetype,
const char *basedn,
const void *data,
const int create,
const int flags,
int __ns_ldap_delEntry(
const char *service,
const char *dn,
const int flags,
int __ns_ldap_firstEntry(
const char *service,
const char *filter,
const char *sortattr,
char **realfilter, const void *userdata),
const char * const *attribute,
const int flags,
void **cookie,
const void *userdata);
const char *service,
const char *filter,
const char *sortattr,
char **realfilter, const void *userdata),
const char * const *attribute,
const int flags,
void **cookie,
const void *userdata,
const char * const *extra_info_attr,
int __ns_ldap_nextEntry(
void *cookie,
int __ns_ldap_endEntry(
void **cookie,
int __ns_ldap_freeResult(
void __ns_ldap_freeEntry(
int __ns_ldap_freeError(
int __ns_ldap_uid2dn(
const char *uid,
char **userDN,
ns_ldap_error_t ** errorp);
int __ns_ldap_host2dn(
const char *host,
const char *domain,
char **hostDN,
ns_ldap_error_t ** errorp);
int __ns_ldap_dn2domain(
const char *dn,
char **domain,
ns_ldap_error_t ** errorp);
int __ns_ldap_auth(
const int flag,
int __ns_ldap_freeCred(
int __ns_ldap_err2str(
int err,
char **strmsg);
int __ns_ldap_setParam(
const ParamIndexType type,
const void *data,
int __ns_ldap_getParam(
const ParamIndexType type,
void ***data,
int __ns_ldap_freeParam(
void ***data);
char **__ns_ldap_getAttr(
const ns_ldap_entry_t *entry,
const char *attrname);
const ns_ldap_entry_t *entry,
const char *attrname);
const char *service,
const char *service,
const char *service,
char **__ns_ldap_getMappedAttributes(
const char *service,
const char *origAttribute);
char **__ns_ldap_getOrigAttribute(
const char *service,
const char *mappedAttribute);
const char *service,
char **__ns_ldap_getMappedObjectClass(
const char *service,
const char *origObjectClass);
char **__ns_ldap_getOrigObjectClass(
const char *service,
const char *mappedObjectClass);
const char *value,
const char *user,
int __ns_ldap_read_dn(
const char *dn,
const char *service,
char **realfilter, const void *userdata),
const char * const *attribute,
const int flags,
const void *userdata,
const char * const *extra_info_attr,
void
int flag);
int
#ifdef __cplusplus
}
#endif
#endif /* _NS_SLDAP_H */