xref: /onnv-gate/usr/src/lib/libsldap/common/ns_sldap.h (revision 12882:5213e1b8c605)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
 */


#ifndef	_NS_SLDAP_H
#define	_NS_SLDAP_H

#ifdef __cplusplus
extern "C" {
#endif

#include <stdio.h>
#include <sys/types.h>
#include <lber.h>
#include <ldap.h>

/*
 * Version
 */
#define	NS_LDAP_VERSION		NS_LDAP_VERSION_2
#define	NS_LDAP_VERSION_1	"1.0"
#define	NS_LDAP_VERSION_2	"2.0"

/*
 * Flags
 */
#define	NS_LDAP_HARD		  0x001
#define	NS_LDAP_ALL_RES		  0x002

/* Search Referral Option */
typedef enum SearchRef {
	NS_LDAP_FOLLOWREF	= 0x004,
	NS_LDAP_NOREF		= 0x008
} SearchRef_t;

typedef enum ScopeType {
	NS_LDAP_SCOPE_BASE	= 0x010,
	NS_LDAP_SCOPE_ONELEVEL	= 0x020,
	NS_LDAP_SCOPE_SUBTREE	= 0x040
} ScopeType_t;

/*
 * BE VERY CAREFUL. DO NOT USE FLAG NS_LDAP_KEEP_CONN UNLESS YOU MUST
 * IN libsldap.so.1 THERE IS NO CONNECTION GARBAGE COLLECTION AND IF
 * THIS FLAG GETS USED THERE MIGHT BE A CONNECTION LEAK. CURRENTLY THIS
 * IS ONLY SUPPORTED FOR LIST AND INTENDED FOR APPLICATIONS LIKE AUTOMOUNTER
 */

#define	NS_LDAP_KEEP_CONN	  0x080
#define	NS_LDAP_NEW_CONN	  0x400
#define	NS_LDAP_NOMAP		  0x800

#define	NS_LDAP_PAGE_CTRL	  0x1000
#define	NS_LDAP_NO_PAGE_CTRL	  0x0000

/*
 * NS_LDAP_NOT_CVT_DN is needed when attribute mapping is used
 * to retrieve the DN in LDAP and DN is not to be converted when
 * being passed back to the application. See __ns_ldap_uid2dn()
 * and __ns_ldap_host2dn() for such usage.
 */
#define	NS_LDAP_NOT_CVT_DN	0x2000

/*
 * NS_LDAP_UPDATE_SHADOW is for a privileged caller of the
 * __ns_ldap_repAttr() to update the shadow database on the
 * LDAP server.
 */
#define	NS_LDAP_UPDATE_SHADOW	0x4000

/*
 * NS_LDAP_READ_SHADOW is for a privileged caller of __ns_ldap_list()
 * and __ns_ldap_firstEntry() to read the shadow database on the
 * LDAP server.
 */
#define	NS_LDAP_READ_SHADOW	0x8000

/*
 * Authentication Information
 */
typedef enum CredLevel {
	NS_LDAP_CRED_ANON	= 0,
	NS_LDAP_CRED_PROXY	= 1,
	NS_LDAP_CRED_SELF	= 2
} CredLevel_t;

typedef enum AuthType {
	NS_LDAP_AUTH_NONE	= 0,
	NS_LDAP_AUTH_SIMPLE	= 1,
	NS_LDAP_AUTH_SASL	= 2,
	NS_LDAP_AUTH_TLS	= 3,	/* implied SASL usage */
	NS_LDAP_AUTH_ATLS	= 4	/* implied SASL usage */
} AuthType_t;

typedef enum TlsType {
	NS_LDAP_TLS_NONE	= 0,
	NS_LDAP_TLS_SIMPLE	= 1,
	NS_LDAP_TLS_SASL	= 2
} TlsType_t;

typedef enum SaslMech {
	NS_LDAP_SASL_NONE	= 0,	/* No SASL mechanism */
	NS_LDAP_SASL_CRAM_MD5	= 1,
	NS_LDAP_SASL_DIGEST_MD5	= 2,
	NS_LDAP_SASL_EXTERNAL	= 3,	/* currently not supported */
	NS_LDAP_SASL_GSSAPI	= 4,
	NS_LDAP_SASL_SPNEGO	= 5	/* currently not supported */
} SaslMech_t;

typedef enum SaslOpt {
	NS_LDAP_SASLOPT_NONE	= 0,
	NS_LDAP_SASLOPT_INT	= 1,
	NS_LDAP_SASLOPT_PRIV	= 2
} SaslOpt_t;

typedef enum PrefOnly {
	NS_LDAP_PREF_FALSE	= 0,
	NS_LDAP_PREF_TRUE	= 1
} PrefOnly_t;

typedef enum enableShadowUpdate {
	NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE	= 0,
	NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE	= 1
} enableShadowUpdate_t;

typedef struct UnixCred {
	char	*userID;	/* Unix ID number */
	char	*passwd;	/* password */
} UnixCred_t;

typedef struct CertCred {
	char	*path;		/* certificate path */
	char	*passwd;	/* password */
	char	*nickname;	/* nickname */
} CertCred_t;

typedef struct ns_auth {
	AuthType_t	type;
	TlsType_t	tlstype;
	SaslMech_t	saslmech;
	SaslOpt_t	saslopt;
} ns_auth_t;

typedef struct ns_cred {
	ns_auth_t	auth;
	char		*hostcertpath;
	union {
		UnixCred_t	unix_cred;
		CertCred_t	cert_cred;
	} cred;
} ns_cred_t;


typedef struct LineBuf {
	char *str;
	int len;
	int alloc;
} LineBuf;

/*
 * Configuration Information
 */

typedef enum {
	NS_LDAP_FILE_VERSION_P		= 0,
	NS_LDAP_BINDDN_P		= 1,
	NS_LDAP_BINDPASSWD_P		= 2,
	NS_LDAP_SERVERS_P		= 3,
	NS_LDAP_SEARCH_BASEDN_P		= 4,
	NS_LDAP_AUTH_P			= 5,
/*
 * NS_LDAP_TRANSPORT_SEC_P is only left in for backward compatibility
 * with version 1 clients and their configuration files.  The only
 * supported value is NS_LDAP_SEC_NONE.  No application should be
 * using this parameter type (either through getParam or setParam.
 */
	NS_LDAP_TRANSPORT_SEC_P		= 6,
	NS_LDAP_SEARCH_REF_P		= 7,
	NS_LDAP_DOMAIN_P		= 8,
	NS_LDAP_EXP_P			= 9,
	NS_LDAP_CERT_PATH_P		= 10,
	NS_LDAP_CERT_PASS_P		= 11,
	NS_LDAP_SEARCH_DN_P		= 12,
	NS_LDAP_SEARCH_SCOPE_P		= 13,
	NS_LDAP_SEARCH_TIME_P		= 14,
	NS_LDAP_SERVER_PREF_P		= 15,
	NS_LDAP_PREF_ONLY_P		= 16,
	NS_LDAP_CACHETTL_P		= 17,
	NS_LDAP_PROFILE_P		= 18,
	NS_LDAP_CREDENTIAL_LEVEL_P	= 19,
	NS_LDAP_SERVICE_SEARCH_DESC_P	= 20,
	NS_LDAP_BIND_TIME_P		= 21,
	NS_LDAP_ATTRIBUTEMAP_P		= 22,
	NS_LDAP_OBJECTCLASSMAP_P	= 23,
	NS_LDAP_CERT_NICKNAME_P		= 24,
	NS_LDAP_SERVICE_AUTH_METHOD_P	= 25,
	NS_LDAP_SERVICE_CRED_LEVEL_P	= 26,
	NS_LDAP_HOST_CERTPATH_P		= 27,
	NS_LDAP_ENABLE_SHADOW_UPDATE_P	= 28,
	NS_LDAP_ADMIN_BINDDN_P		= 29,
	NS_LDAP_ADMIN_BINDPASSWD_P	= 30,
/*
 * The following entry (max ParamIndexType) is an internal
 * placeholder.  It must be the last (and highest value)
 * entry in this eNum.  Please update accordingly.
 */
	NS_LDAP_MAX_PIT_P		= 31

} ParamIndexType;

/*
 * NONE - No self / SASL/GSSAPI configured
 * ONLY - Only self / SASL/GSSAPI configured
 * MIXED - self / SASL/GSSAPI is mixed with other types of configuration
 */
typedef enum {
	NS_LDAP_SELF_GSSAPI_CONFIG_NONE = 0,
	NS_LDAP_SELF_GSSAPI_CONFIG_ONLY = 1,
	NS_LDAP_SELF_GSSAPI_CONFIG_MIXED = 2
} ns_ldap_self_gssapi_config_t;

/*
 * __ns_ldap_*() return codes
 */
typedef enum {
	NS_LDAP_SUCCESS		= 0, /* success, no info in errorp */
	NS_LDAP_OP_FAILED	= 1, /* failed operation, no info in errorp */
	NS_LDAP_NOTFOUND	= 2, /* entry not found, no info in errorp */
	NS_LDAP_MEMORY		= 3, /* memory failure, no info in errorp */
	NS_LDAP_CONFIG		= 4, /* config problem, detail in errorp */
	NS_LDAP_PARTIAL		= 5, /* partial result, detail in errorp */
	NS_LDAP_INTERNAL	= 7, /* LDAP error, detail in errorp */
	NS_LDAP_INVALID_PARAM	= 8, /* LDAP error, no info in errorp */
	NS_LDAP_SUCCESS_WITH_INFO
				= 9  /* success, with info in errorp */
} ns_ldap_return_code;

/*
 * Detailed error code for NS_LDAP_CONFIG
 */
typedef enum {
	NS_CONFIG_SYNTAX	= 0,	/* syntax error */
	NS_CONFIG_NODEFAULT	= 1,	/* no default value */
	NS_CONFIG_NOTLOADED	= 2,	/* configuration not loaded */
	NS_CONFIG_NOTALLOW	= 3,	/* operation requested not allowed */
	NS_CONFIG_FILE		= 4,	/* configuration file problem */
	NS_CONFIG_CACHEMGR	= 5	/* error with door to ldap_cachemgr */
} ns_ldap_config_return_code;

/*
 * Detailed error code for NS_LDAP_PARTIAL
 */
typedef enum {
	NS_PARTIAL_TIMEOUT	= 0,	/* partial results due to timeout */
	NS_PARTIAL_OTHER	= 1	/* error encountered */
} ns_ldap_partial_return_code;

/*
 * For use by __ns_ldap_addTypedEntry() for publickey serivicetype
 */
typedef enum {
	NS_HOSTCRED_FALSE = 0,
	NS_HOSTCRED_TRUE  = 1
} hostcred_t;

/*
 * Detailed password status
 */
typedef enum {
	NS_PASSWD_GOOD			= 0,	/* password is good */
	NS_PASSWD_ABOUT_TO_EXPIRE	= 1,	/* password is good but */
						/* about to expire */
	NS_PASSWD_CHANGE_NEEDED		= 2,	/* good but need to be */
						/* changed immediately */
	NS_PASSWD_EXPIRED		= 3,	/* password expired */
	NS_PASSWD_RETRY_EXCEEDED	= 4,	/* exceed retry limit; */
						/* account is locked */
	NS_PASSWD_CHANGE_NOT_ALLOWED	= 5,	/* can only be changed */
						/* by the administrator */
	NS_PASSWD_INVALID_SYNTAX	= 6,	/* can not be changed: */
						/* new password has */
						/* invalid syntax -- */
						/* trivial password: same */
						/* value as attr, cn, sn, */
						/* uid, etc. */
						/* or strong password */
						/* policies check */
	NS_PASSWD_TOO_SHORT		= 7,	/* can not be changed: */
						/* new password has */
						/* less chars than */
						/* required */
	NS_PASSWD_IN_HISTORY		= 8,	/* can not be changed: */
						/* reuse old password  */
	NS_PASSWD_WITHIN_MIN_AGE	= 9 	/* can not be changed: */
						/* within minimum age  */
} ns_ldap_passwd_status_t;

/*
 * Password management information structure
 *
 * This structure is different from AcctUsableResponse_t structure in
 * that this structure holds result of users account mgmt information when
 * an ldap bind is done with user name and user password.
 */
typedef struct ns_ldap_passwd_mgmt {
	ns_ldap_passwd_status_t
		status;			/* password status */
	int	sec_until_expired;	/* seconds until expired, */
					/* valid if status is */
					/* NS_PASSWD_ABOUT_TO_EXPIRE */
} ns_ldap_passwd_mgmt_t;

/*
 * LDAP V3 control flag for account management - Used for account management
 * when no password is provided
 */
#define	NS_LDAP_ACCOUNT_USABLE_CONTROL	"1.3.6.1.4.1.42.2.27.9.5.8"

/*
 * Structure for holding the response returned by server for
 * NS_LDAP_ACCOUNT_USABLE_CONTROL control when account is not available.
 */
typedef struct AcctUsableMoreInfo {
	int inactive;
	int reset;
	int expired;
	int rem_grace;
	int sec_b4_unlock;
} AcctUsableMoreInfo_t;

/*
 * Structure used to hold the response from the server for
 * NS_LDAP_ACCOUNT_USABLE_CONTROL control. The ASN1 notation is as below:
 *
 * ACCOUNT_USABLE_RESPONSE::= CHOICE {
 * is_available		[0] INTEGER, seconds before expiration
 * is_not_available	[1] More_info
 * }
 *
 * More_info::= SEQUENCE {
 * inactive		[0] BOOLEAN DEFAULT FALSE,
 * reset		[1] BOOLEAN DEFAULT FALSE,
 * expired		[2] BOOLEAN DEFAULT FALSE,
 * remaining_grace	[3] INTEGER OPTIONAL,
 * seconds_before_unlock[4] INTEGER OPTIONAL
 * }
 *
 * This structure is different from ns_ldap_passwd_mgmt_t structure in
 * that this structure holds result of users account mgmt information when
 * pam_ldap doesn't have the users password and proxy agent is used for
 * obtaining the account management information.
 */
typedef struct AcctUsableResponse {
	int choice;
	union {
		int seconds_before_expiry;
		AcctUsableMoreInfo_t more_info;
	} AcctUsableResp;
} AcctUsableResponse_t;

/*
 * Simplified LDAP Naming API result structure
 */
typedef struct ns_ldap_error {
	int	status;				/* LDAP error code */
	char	*message;			/* LDAP error message */
	ns_ldap_passwd_mgmt_t	pwd_mgmt;	/* LDAP password */
						/* management info */
} ns_ldap_error_t;

typedef struct	 ns_ldap_attr {
	char	*attrname;			/* attribute name */
	uint_t	value_count;
	char	**attrvalue;			/* attribute values */
} ns_ldap_attr_t;

typedef struct ns_ldap_entry {
	uint_t		attr_count;		/* number of attributes */
	ns_ldap_attr_t	**attr_pair;		/* attributes pairs */
	struct ns_ldap_entry *next;		/* next entry */
} ns_ldap_entry_t;

typedef struct ns_ldap_result {
	uint_t	entries_count;		/* number of entries */
	ns_ldap_entry_t	*entry;		/* data */
} ns_ldap_result_t;

/*
 * structures for the conversion routines used by typedAddEntry()
 */

typedef struct _ns_netgroups {
	char  *name;
	char  **triplet;
	char  **netgroup;
} _ns_netgroups_t;

typedef struct _ns_netmasks {
	char *netnumber;
	char *netmask;
} _ns_netmasks_t;

typedef struct _ns_bootp {
	char *name;
	char **param;
} _ns_bootp_t;

typedef struct _ns_ethers {
	char *name;
	char *ether;
} _ns_ethers_t;

typedef struct _ns_pubkey {
	char *name;
	hostcred_t hostcred;
	char *pubkey;
	char *privkey;
} _ns_pubkey_t;

typedef struct _ns_alias {
	char *alias;
	char **member;
} _ns_alias_t;

typedef struct _ns_automount {
	char *mapname;
	char *key;
	char *value;
} _ns_automount_t;

/*
 * return values for the callback function in __ns_ldap_list()
 */
#define	NS_LDAP_CB_NEXT	0	/* get the next entry */
#define	NS_LDAP_CB_DONE	1	/* done */

/*
 * Input values for the type specified in __ns_ldap_addTypedEntry()
 * and __ns_ldap_delTypedEntry()
 */

#define	NS_LDAP_TYPE_PASSWD	"passwd"
#define	NS_LDAP_TYPE_GROUP	"group"
#define	NS_LDAP_TYPE_HOSTS	"hosts"
#define	NS_LDAP_TYPE_IPNODES	"ipnodes"
#define	NS_LDAP_TYPE_PROFILE	"prof_attr"
#define	NS_LDAP_TYPE_RPC	"rpc"
#define	NS_LDAP_TYPE_PROTOCOLS	"protocols"
#define	NS_LDAP_TYPE_NETWORKS	"networks"
#define	NS_LDAP_TYPE_NETGROUP	"netgroup"
#define	NS_LDAP_TYPE_ALIASES	"aliases"
#define	NS_LDAP_TYPE_SERVICES	"services"
#define	NS_LDAP_TYPE_ETHERS	"ethers"
#define	NS_LDAP_TYPE_SHADOW	"shadow"
#define	NS_LDAP_TYPE_NETMASKS	"netmasks"
#define	NS_LDAP_TYPE_AUTHATTR	"auth_attr"
#define	NS_LDAP_TYPE_EXECATTR	"exec_attr"
#define	NS_LDAP_TYPE_USERATTR	"user_attr"
#define	NS_LDAP_TYPE_PROJECT	"project"
#define	NS_LDAP_TYPE_PUBLICKEY	"publickey"
#define	NS_LDAP_TYPE_AUUSER	"audit_user"
#define	NS_LDAP_TYPE_BOOTPARAMS "bootparams"
#define	NS_LDAP_TYPE_AUTOMOUNT  "auto_"
#define	NS_LDAP_TYPE_TNRHDB	"tnrhdb"
#define	NS_LDAP_TYPE_TNRHTP	"tnrhtp"

/*
 * service descriptor/attribute mapping structure
 */

typedef struct ns_ldap_search_desc {
	char		*basedn;	/* search base dn */
	ScopeType_t	scope;		/* search scope */
	char		*filter;	/* search filter */
} ns_ldap_search_desc_t;

typedef struct ns_ldap_attribute_map {
	char		*origAttr;	/* original attribute */
	char		**mappedAttr;	/* mapped attribute(s) */
} ns_ldap_attribute_map_t;

typedef struct ns_ldap_objectclass_map {
	char		*origOC;	/* original objectclass */
	char		*mappedOC;	/* mapped objectclass */
} ns_ldap_objectclass_map_t;

/*
 * Value of the userPassword attribute representing NO Unix password
 */
#define	NS_LDAP_NO_UNIX_PASSWORD	"<NO UNIX PASSWORD>"

/* Opaque handle for batch API */
typedef struct ns_ldap_list_batch ns_ldap_list_batch_t;

/*
 * The type of standalone configuration specified by a client application.
 * The meaning of the requests is as follows:
 *
 * NS_CACHEMGR:    libsldap will request all the configuration via door_call(3C)
 *                 to ldap_cachemgr.
 * NS_LDAP_SERVER: the consumer application has specified a directory server
 *                 to communicate to.
 * NS_PREDEFINED:  reserved for internal use
 */
typedef enum {
	NS_CACHEMGR = 0,
	NS_LDAP_SERVER
} ns_standalone_request_type_t;

/*
 * This structure describes an LDAP server specified by a client application.
 */
typedef struct ns_dir_server {
	char *server;			/* A directory server's IP */
	uint16_t port;			/* A directory server's port. */
					/* Default value is 389 */
	char *domainName;		/* A domain name being served */
					/* by the specified server. */
					/* Default value is the local */
					/* domain's name */
	char *profileName;		/* A DUAProfile's name. */
					/* Default value is 'default' */
	ns_auth_t *auth;		/* Authentication information used */
					/* during subsequent connections */
	char *cred;			/* A credential level to be used */
					/* along with the authentication info */
	char *host_cert_path;		/* A path to the certificate database */
					/* Default is '/vat/ldap' */
	char *bind_dn;			/* A bind DN to be used during */
					/* subsequent LDAP Bind requests */
	char *bind_passwd;		/* A bind password to be used during */
					/* subsequent LDAP Bind requests */
} ns_dir_server_t;

/*
 * This structure contains information describing an LDAP server.
 */
typedef struct ns_standalone_conf {
	union {
		ns_dir_server_t server;
		void *predefined_conf;	/* Reserved for internal use */
	} ds_profile;			/* A type of the configuration */

#define	SA_SERVER	ds_profile.server.server
#define	SA_PORT		ds_profile.server.port
#define	SA_DOMAIN	ds_profile.server.domainName
#define	SA_PROFILE_NAME	ds_profile.server.profileName
#define	SA_AUTH		ds_profile.server.auth
#define	SA_CRED		ds_profile.server.cred
#define	SA_CERT_PATH	ds_profile.server.host_cert_path
#define	SA_BIND_DN	ds_profile.server.bind_dn
#define	SA_BIND_PWD	ds_profile.server.bind_passwd

	ns_standalone_request_type_t type;
} ns_standalone_conf_t;

/*
 * This function "informs" libsldap that a client application has specified
 * a directory to use. The function obtains a DUAProfile, credentials,
 * and naming context. During all further operations on behalf
 * of the application requested a standalone schema libsldap will use
 * the information obtained by __ns_ldap_initStandalone() instead of
 * door_call(3C)ing ldap_cachemgr(1M).
 *
 * conf
 * 	A structure describing where and in which way to obtain all the
 * 	configuration describing how to communicate to a choosen LDAP directory.
 *
 * errorp
 * 	An error object describing an error occured.
 */
ns_ldap_return_code __ns_ldap_initStandalone(
	const ns_standalone_conf_t *conf,
	ns_ldap_error_t	**errorp);

/*
 * This function obtains the directory's base DN and a DUAProfile
 * from a specified server.
 *
 * server
 * 	Specifies the selected directory sever.
 *
 * cred
 * 	Contains an authentication information and credential required to
 * 	establish a connection.
 *
 * config
 * 	If not NULL, a new configuration basing on a DUAProfile specified in the
 * 	server parameter will be create and returned.
 *
 * baseDN
 * 	If not NULL, the directory's base DN will be returned.
 *
 * error
 * 	Describes an error, if any.
 */
ns_ldap_return_code __ns_ldap_getConnectionInfoFromDUA(
	const ns_dir_server_t *server,
	const ns_cred_t *cred,
	char **config,	char **baseDN,
	ns_ldap_error_t **error);

#define	SA_PROHIBIT_FALLBACK 0
#define	SA_ALLOW_FALLBACK 1

#define	DONT_SAVE_NSCONF 0
#define	SAVE_NSCONF 1

/*
 * This function obtains the root DSE from a specified server.
 *
 * server_addr
 * 	An adress of a server to be connected to.
 *
 * rootDSE
 * 	A buffer containing the root DSE in the ldap_cachmgr door call format.
 *
 * errorp
 * 	Describes an error, if any.
 *
 * anon_fallback
 * 	If set to 1 and establishing a connection fails, __s_api_getRootDSE()
 * 	will try once again using anonymous credentials.
 */
ns_ldap_return_code __ns_ldap_getRootDSE(
	const char *server_addr,
	char **rootDSE,
	ns_ldap_error_t **errorp,
	int anon_fallback);

/*
 * This function iterates through the list of the configured LDAP servers
 * and "pings" those which are marked as removed or if any error occurred
 * during the previous receiving of the server's root DSE. If the
 * function is able to reach such a server and get its root DSE, it
 * marks the server as on-line. Otherwise, the server's status is set
 * to "Error".
 * For each server the function tries to connect to, it fires up
 * a separate thread and then waits until all the threads finish.
 * The function returns NS_LDAP_INTERNAL if the Standalone mode was not
 * initialized or was canceled prior to an invocation of
 * __ns_ldap_pingOfflineServers().
 */
ns_ldap_return_code __ns_ldap_pingOfflineServers(void);

/*
 * This function cancels the Standalone mode and destroys the list of root DSEs.
 */
void __ns_ldap_cancelStandalone(void);
/*
 * This function initializes an ns_auth_t structure provided by a caller
 * according to a specified authentication mechanism.
 */
ns_ldap_return_code __ns_ldap_initAuth(const char *auth_mech,
	ns_auth_t *auth,
	ns_ldap_error_t **errorp);

/*
 * Simplified LDAP Naming APIs
 */
int __ns_ldap_list(
	const char *service,
	const char *filter,
	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
			char **realfilter, const void *userdata),
	const char * const *attribute,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_result_t ** result,
	ns_ldap_error_t ** errorp,
	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
	const void *userdata);


int __ns_ldap_list_sort(
	const char *service,
	const char *filter,
	const char *sortattr,
	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
			char **realfilter, const void *userdata),
	const char * const *attribute,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_result_t ** result,
	ns_ldap_error_t ** errorp,
	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
	const void *userdata);

int __ns_ldap_list_batch_start(
	ns_ldap_list_batch_t **batch);

int __ns_ldap_list_batch_add(
	ns_ldap_list_batch_t *batch,
	const char *service,
	const char *filter,
	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
			char **realfilter, const void *userdata),
	const char * const *attribute,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_result_t ** result,
	ns_ldap_error_t ** errorp,
	int *rcp,
	int (*callback)(const ns_ldap_entry_t *entry, const void *userdata),
	const void *userdata);

int __ns_ldap_list_batch_end(
	ns_ldap_list_batch_t *batch);

void __ns_ldap_list_batch_release(
	ns_ldap_list_batch_t *batch);

int  __ns_ldap_addAttr(
	const char *service,
	const char *dn,
	const ns_ldap_attr_t * const *attr,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_error_t **errorp);

int __ns_ldap_delAttr(
	const char *service,
	const char *dn,
	const ns_ldap_attr_t * const *attr,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_error_t **errorp);

int  __ns_ldap_repAttr(
	const char *service,
	const char *dn,
	const ns_ldap_attr_t * const *attr,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_error_t **errorp);

int  __ns_ldap_addEntry(
	const char *service,
	const char *dn,
	const ns_ldap_entry_t *entry,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_error_t **errorp);

int  __ns_ldap_addTypedEntry(
	const char *servicetype,
	const char *basedn,
	const void *data,
	const int  create,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_error_t **errorp);

int __ns_ldap_delEntry(
	const char *service,
	const char *dn,
	const ns_cred_t *cred,
	const int flags,
	ns_ldap_error_t **errorp);

int __ns_ldap_firstEntry(
	const char *service,
	const char *filter,
	const char *sortattr,
	int (*init_filter_cb)(const ns_ldap_search_desc_t *desc,
			char **realfilter, const void *userdata),
	const char * const *attribute,
	const ns_cred_t *cred,
	const int flags,
	void **cookie,
	ns_ldap_result_t ** result,
	ns_ldap_error_t **errorp,
	const void *userdata);

int  __ns_ldap_nextEntry(
	void *cookie,
	ns_ldap_result_t ** result,
	ns_ldap_error_t **errorp);

int  __ns_ldap_endEntry(
	void **cookie,
	ns_ldap_error_t **errorp);

int __ns_ldap_freeResult(
	ns_ldap_result_t **result);

int __ns_ldap_freeError(
	ns_ldap_error_t **errorp);

int  __ns_ldap_uid2dn(
	const char *uid,
	char **userDN,
	const ns_cred_t *cred,
	ns_ldap_error_t ** errorp);

int  __ns_ldap_host2dn(
	const char *host,
	const char *domain,
	char **hostDN,
	const ns_cred_t *cred,
	ns_ldap_error_t ** errorp);

int  __ns_ldap_dn2domain(
	const char *dn,
	char **domain,
	const ns_cred_t *cred,
	ns_ldap_error_t ** errorp);

int __ns_ldap_auth(
	const ns_cred_t *cred,
	const int flag,
	ns_ldap_error_t **errorp,
	LDAPControl **serverctrls,
	LDAPControl **clientctrls);

int __ns_ldap_freeCred(
	ns_cred_t **credp);

int __ns_ldap_err2str(
	int err,
	char **strmsg);

int __ns_ldap_setParam(
	const ParamIndexType type,
	const void *data,
	ns_ldap_error_t **errorp);

int __ns_ldap_getParam(
	const ParamIndexType type,
	void ***data,
	ns_ldap_error_t **errorp);

int __ns_ldap_freeParam(
	void ***data);

char **__ns_ldap_getAttr(
	const ns_ldap_entry_t *entry,
	const char *attrname);

ns_ldap_attr_t	*__ns_ldap_getAttrStruct(
	const ns_ldap_entry_t *entry,
	const char *attrname);

int __ns_ldap_getServiceAuthMethods(
	const char *service,
	ns_auth_t ***auth,
	ns_ldap_error_t **errorp);

int __ns_ldap_getSearchDescriptors(
	const char *service,
	ns_ldap_search_desc_t ***desc,
	ns_ldap_error_t **errorp);

int __ns_ldap_freeSearchDescriptors(
	ns_ldap_search_desc_t ***desc);

int __ns_ldap_getAttributeMaps(
	const char *service,
	ns_ldap_attribute_map_t ***maps,
	ns_ldap_error_t **errorp);

int __ns_ldap_freeAttributeMaps(
	ns_ldap_attribute_map_t ***maps);

char **__ns_ldap_getMappedAttributes(
	const char *service,
	const char *origAttribute);

char **__ns_ldap_getOrigAttribute(
	const char *service,
	const char *mappedAttribute);

int __ns_ldap_getObjectClassMaps(
	const char *service,
	ns_ldap_objectclass_map_t ***maps,
	ns_ldap_error_t **errorp);

int __ns_ldap_freeObjectClassMaps(
	ns_ldap_objectclass_map_t ***maps);

char **__ns_ldap_getMappedObjectClass(
	const char *service,
	const char *origObjectClass);

char **__ns_ldap_getOrigObjectClass(
	const char *service,
	const char *mappedObjectClass);

int __ns_ldap_getParamType(
	const char *value,
	ParamIndexType *type);

int __ns_ldap_getAcctMgmt(
	const char *user,
	AcctUsableResponse_t *acctResp);

boolean_t __ns_ldap_is_shadow_update_enabled(void);

void
__ns_ldap_self_gssapi_only_set(
	int flag);
int
__ns_ldap_self_gssapi_config(
	ns_ldap_self_gssapi_config_t *config);
#ifdef __cplusplus
}
#endif

#endif /* _NS_SLDAP_H */