sdap.h revision ed80a7f8ff76089bdcfae7007dbdef42d05e2cc8
19557f192d37cd54a1a090a8a26d9d47265e4413Aki Tuomi/*
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SSSD
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi LDAP Helper routines
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi Copyright (C) Simo Sorce <ssorce@redhat.com>
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi This program is free software; you can redistribute it and/or modify
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi it under the terms of the GNU General Public License as published by
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi the Free Software Foundation; either version 3 of the License, or
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi (at your option) any later version.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi This program is distributed in the hope that it will be useful,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi but WITHOUT ANY WARRANTY; without even the implied warranty of
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi GNU General Public License for more details.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi You should have received a copy of the GNU General Public License
17fbd200b78112bd0d89e89598aa01cea72a74e5Martti Rannanjärvi along with this program. If not, see <http://www.gnu.org/licenses/>.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi*/
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#ifndef _SDAP_H_
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define _SDAP_H_
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#include "providers/dp_backend.h"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#include <ldap.h>
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#include "util/sss_ldap.h"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_msg {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_msg *next;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi LDAPMessage *msg;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_op;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomitypedef void (sdap_op_callback_t)(struct sdap_op *op,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_msg *, int, void *);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_handle;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_op {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_op *prev, *next;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_handle *sh;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi int msgid;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool done;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi sdap_op_callback_t *callback;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi void *data;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct tevent_context *ev;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_msg *list;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_msg *last;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct fd_event_item {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct fd_event_item *prev;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct fd_event_item *next;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi int fd;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct tevent_fd *fde;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct ldap_cb_data {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_handle *sh;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct tevent_context *ev;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct fd_event_item *fd_list;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sup_list {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi int num_vals;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi char **vals;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_handle {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi LDAP *ldap;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool connected;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi /* Authentication ticket expiration time (if any) */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi time_t expire_time;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi ber_int_t page_size;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi struct sdap_fd_events *sdap_fd_events;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sup_list supported_saslmechs;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sup_list supported_controls;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sup_list supported_extensions;
a84b413ef72378bbe235a13846fe6a84899eaedcTimo Sirainen
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_op *ops;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi /* during release we need to lock access to the handler
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * from the destructor to avoid recursion */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool destructor_lock;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi /* mark when it is safe to finally release the handler memory */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool release_memory;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_service {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi char *name;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi char *uri;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi char *kinit_service_name;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sockaddr_storage *sockaddr;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_ppolicy_data {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi int grace;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi int expire;
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_SHADOWPW_LASTCHANGE "shadowLastChange"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_SHADOWPW_MIN "shadowMin"
32340fe8f461f6ae56c4cb3ee8392ba14c9f539aAki Tuomi#define SYSDB_SHADOWPW_MAX "shadowMax"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_SHADOWPW_WARNING "shadowWarning"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_SHADOWPW_INACTIVE "shadowInactive"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_SHADOWPW_EXPIRE "shadowExpire"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_SHADOWPW_FLAG "shadowFlag"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
32340fe8f461f6ae56c4cb3ee8392ba14c9f539aAki Tuomi#define SYSDB_NS_ACCOUNT_LOCK "nsAccountLock"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_KRBPW_LASTCHANGE "krbLastPwdChange"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_KRBPW_EXPIRATION "krbPasswordExpiration"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
32340fe8f461f6ae56c4cb3ee8392ba14c9f539aAki Tuomi#define SYSDB_PWD_ATTRIBUTE "pwdAttribute"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
32340fe8f461f6ae56c4cb3ee8392ba14c9f539aAki Tuomi#define SYSDB_AD_ACCOUNT_EXPIRES "adAccountExpires"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_AD_USER_ACCOUNT_CONTROL "adUserAccountControl"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_NDS_LOGIN_DISABLED "ndsLoginDisabled"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_NDS_LOGIN_EXPIRATION_TIME "ndsLoginExpirationTime"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP "ndsLoginAllowedTimeMap"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS "namingContexts"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT "defaultNamingContext"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SDAP_IPA_USN "entryUSN"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SDAP_IPA_LAST_USN "lastUSN"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SDAP_AD_USN "uSNChanged"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SDAP_AD_LAST_USN "highestCommittedUSN"
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomienum sdap_result {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SUCCESS,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_NOT_FOUND,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_UNAVAIL,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_RETRY,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ERROR,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AUTH_SUCCESS,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AUTH_FAILED,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AUTH_PW_EXPIRED,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AUTH_PW_CONSTRAINT_VIOLATION,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ACCT_EXPIRED
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomienum sdap_basic_opt {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_URI = 0,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SEARCH_BASE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_DEFAULT_BIND_DN,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_DEFAULT_AUTHTOK_TYPE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_DEFAULT_AUTHTOK,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SEARCH_TIMEOUT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_NETWORK_TIMEOUT,
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi SDAP_OPT_TIMEOUT,
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi SDAP_TLS_REQCERT,
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi SDAP_USER_SEARCH_BASE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_USER_SEARCH_SCOPE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_USER_SEARCH_FILTER,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_GROUP_SEARCH_BASE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_GROUP_SEARCH_SCOPE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_GROUP_SEARCH_FILTER,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SCHEMA,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_OFFLINE_TIMEOUT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_FORCE_UPPER_CASE_REALM,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ENUM_REFRESH_TIMEOUT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_CACHE_PURGE_TIMEOUT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ENTRY_CACHE_TIMEOUT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_TLS_CACERT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_TLS_CACERTDIR,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_TLS_CERT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_TLS_KEY,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_TLS_CIPHER_SUITE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ID_TLS,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SASL_MECH,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SASL_AUTHID,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SASL_REALM,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_KRB5_KEYTAB,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_KRB5_KINIT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_KRB5_KDC,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_KRB5_REALM,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_KRB5_CANONICALIZE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_PWD_POLICY,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_REFERRALS,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ACCOUNT_CACHE_EXPIRATION,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_DNS_SERVICE_NAME,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_KRB5_TICKET_LIFETIME,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ACCESS_FILTER,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_NETGROUP_SEARCH_BASE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_NESTING_LEVEL,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_DEREF,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ACCOUNT_EXPIRE_POLICY,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ACCESS_ORDER,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_CHPASS_URI,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_CHPASS_DNS_SERVICE_NAME,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_ENUM_SEARCH_TIMEOUT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_DISABLE_AUTH_TLS,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_PAGE_SIZE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_DEREF_THRESHOLD,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SASL_CANONICALIZE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
d82c8af717c383d37a836b8d29316a3375803fabTimo Sirainen SDAP_OPTS_BASIC /* opts counter */
d82c8af717c383d37a836b8d29316a3375803fabTimo Sirainen};
d82c8af717c383d37a836b8d29316a3375803fabTimo Sirainen
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomienum sdap_gen_attrs {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_ENTRY_USN = 0,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_LAST_USN,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_GENERAL /* attrs counter */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi/* the objectclass must be the first attribute.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * Functions depend on this */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomienum sdap_user_attrs {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_OC_USER = 0,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_NAME,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_PWD,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_UID,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_GID,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_GECOS,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_HOME,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_SHELL,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_PRINC,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_FULLNAME,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_MEMBEROF,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_UUID,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_MODSTAMP,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_USER_USN,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_SP_LSTCHG,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_SP_MIN,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_SP_MAX,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_SP_WARN,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_SP_INACT,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_SP_EXPIRE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_SP_FLAG,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_KP_LASTCHANGE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_KP_EXPIRATION,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_PWD_ATTRIBUTE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_AUTH_SVC,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_AD_ACCOUNT_EXPIRES,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_AD_USER_ACCOUNT_CONTROL,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_NS_ACCOUNT_LOCK,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_AUTHORIZED_HOST,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_NDS_LOGIN_DISABLED,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_NDS_LOGIN_EXPIRATION_TIME,
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi SDAP_AT_NDS_LOGIN_ALLOWED_TIME_MAP,
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi SDAP_OPTS_USER /* attrs counter */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
394391e78f26cba1d7fca19d4b8617453a7041b8Timo Sirainen
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define SDAP_FIRST_EXTRA_USER_AT SDAP_AT_SP_LSTCHG
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi/* the objectclass must be the first attribute.
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi * Functions depend on this */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomienum sdap_group_attrs {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_OC_GROUP = 0,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_GROUP_NAME,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_GROUP_PWD,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_GROUP_GID,
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomi SDAP_AT_GROUP_MEMBER,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_GROUP_UUID,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_GROUP_MODSTAMP,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_GROUP_USN,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_OPTS_GROUP /* attrs counter */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomienum sdap_netgroup_attrs {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_OC_NETGROUP = 0,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_NETGROUP_NAME,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_NETGROUP_MEMBER,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_NETGROUP_TRIPLE,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_NETGROUP_UUID,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_AT_NETGROUP_MODSTAMP,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_OPTS_NETGROUP /* attrs counter */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_attr_map {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *opt_name;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *def_name;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *sys_name;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi char *name;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_search_base {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *basedn;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi int scope;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *filter;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_options {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct dp_option *basic;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *gen_map;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *user_map;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *group_map;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *netgroup_map;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi /* supported schema types */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi enum schema_type {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SCHEMA_RFC2307 = 1, /* memberUid = uid */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SCHEMA_RFC2307BIS = 2, /* member = dn */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SCHEMA_IPA_V1 = 3, /* member/memberof */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi SDAP_SCHEMA_AD = 4 /* AD's member/memberof */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi } schema_type;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_search_base **search_bases;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_search_base **user_search_bases;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_search_base **group_search_bases;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_search_base **netgroup_search_bases;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
32340fe8f461f6ae56c4cb3ee8392ba14c9f539aAki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_server_opts {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi char *server_id;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi bool supports_usn;
32340fe8f461f6ae56c4cb3ee8392ba14c9f539aAki Tuomi unsigned long last_usn;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi char *max_user_value;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi char *max_group_value;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_id_ctx;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_attr_map_info {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *map;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi int num_attrs;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomistruct sdap_deref_attrs {
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *map;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sysdb_attrs *attrs;
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi};
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint sdap_get_map(TALLOC_CTX *memctx,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct confdb_ctx *cdb,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *conf_path,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *def_map,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi int num_entries,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map **_map);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint sdap_parse_entry(TALLOC_CTX *memctx,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_handle *sh, struct sdap_msg *sm,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *map, int attrs_num,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sysdb_attrs **_attrs, char **_dn);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint sdap_parse_user(TALLOC_CTX *memctx, struct sdap_options *opts,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_handle *sh, struct sdap_msg *sm,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sysdb_attrs **_attrs, char **_dn);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint sdap_parse_group(TALLOC_CTX *memctx, struct sdap_options *opts,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_handle *sh, struct sdap_msg *sm,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sysdb_attrs **_attrs, char **_dn);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
c147bff818798a979d93537f72f5c1f68f5d5ba8Aki Tuomierrno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map_info *minfo,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi size_t num_maps,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_handle *sh,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi LDAPDerefRes *dref,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_deref_attrs ***_res);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_msg *sm, char **_dn);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomierrno_t setup_tls_config(struct dp_option *basic_opts);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint sdap_set_rootdse_supported_lists(struct sysdb_attrs *rootdse,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_handle *sh);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomibool sdap_check_sup_list(struct sup_list *l, const char *val);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define sdap_is_sasl_mech_supported(sh, sasl_mech) \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi sdap_check_sup_list(&((sh)->supported_saslmechs), sasl_mech)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define sdap_is_control_supported(sh, ctrl_oid) \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi sdap_check_sup_list(&((sh)->supported_controls), ctrl_oid)
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#define sdap_is_extension_supported(sh, ext_oid) \
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi sdap_check_sup_list(&((sh)->supported_extensions), ext_oid)
32340fe8f461f6ae56c4cb3ee8392ba14c9f539aAki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint build_attrs_from_map(TALLOC_CTX *memctx,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_attr_map *map,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi size_t size, const char ***_attrs);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct berval *value, int dupval, LDAPControl **ctrlp);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomierrno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
32340fe8f461f6ae56c4cb3ee8392ba14c9f539aAki Tuomi struct sdap_handle *sh,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_options *opts);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomiint sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi const char *server,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sysdb_attrs *rootdse,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_options *opts,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_server_opts **srv_opts);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomivoid sdap_steal_server_opts(struct sdap_id_ctx *id_ctx,
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi struct sdap_server_opts **srv_opts);
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi#endif /* _SDAP_H_ */
316cbe323513a0f20d1cf519fe9405e231d633e2Aki Tuomi