xref: /netbsd-src/external/bsd/openldap/dist/include/ldap.h (revision b7b7574d3bf8eeb51a1fa3977b59142ec6434a55)
1 /*	$NetBSD: ldap.h,v 1.1.1.5 2014/05/28 09:58:40 tron Exp $	*/
2 
3 /* $OpenLDAP$ */
4 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5  *
6  * Copyright 1998-2014 The OpenLDAP Foundation.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted only as authorized by the OpenLDAP
11  * Public License.
12  *
13  * A copy of this license is available in file LICENSE in the
14  * top-level directory of the distribution or, alternatively, at
15  * <http://www.OpenLDAP.org/license.html>.
16  */
17 /* Portions Copyright (c) 1990 Regents of the University of Michigan.
18  * All rights reserved.
19  *
20  * Redistribution and use in source and binary forms are permitted
21  * provided that this notice is preserved and that due credit is given
22  * to the University of Michigan at Ann Arbor. The name of the University
23  * may not be used to endorse or promote products derived from this
24  * software without specific prior written permission. This software
25  * is provided ``as is'' without express or implied warranty.
26  */
27 
28 #ifndef _LDAP_H
29 #define _LDAP_H
30 
31 /* pull in lber */
32 #include <lber.h>
33 
34 /* include version and API feature defines */
35 #include <ldap_features.h>
36 
37 LDAP_BEGIN_DECL
38 
39 #define LDAP_VERSION1	1
40 #define LDAP_VERSION2	2
41 #define LDAP_VERSION3	3
42 
43 #define LDAP_VERSION_MIN	LDAP_VERSION2
44 #define	LDAP_VERSION		LDAP_VERSION2
45 #define LDAP_VERSION_MAX	LDAP_VERSION3
46 
47 /*
48  * We use 3000+n here because it is above 1823 (for RFC 1823),
49  * above 2000+rev of IETF LDAPEXT draft (now quite dated),
50  * yet below allocations for new RFCs (just in case there is
51  * someday an RFC produced).
52  */
53 #define LDAP_API_VERSION	3001
54 #define LDAP_VENDOR_NAME	"OpenLDAP"
55 
56 /* OpenLDAP API Features */
57 #define LDAP_API_FEATURE_X_OPENLDAP LDAP_VENDOR_VERSION
58 
59 #if defined( LDAP_API_FEATURE_X_OPENLDAP_REENTRANT ) || \
60 	( defined( LDAP_THREAD_SAFE ) && \
61 		defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ) )
62 	/* -lldap may or may not be thread safe */
63 	/* -lldap_r, if available, is always thread safe */
64 #	define	LDAP_API_FEATURE_THREAD_SAFE 		1
65 #	define  LDAP_API_FEATURE_SESSION_THREAD_SAFE	1
66 #	define  LDAP_API_FEATURE_OPERATION_THREAD_SAFE	1
67 #endif
68 #if defined( LDAP_THREAD_SAFE ) && \
69 	defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE )
70 /* #define LDAP_API_FEATURE_SESSION_SAFE	1	*/
71 /* #define LDAP_API_OPERATION_SESSION_SAFE	1	*/
72 #endif
73 
74 
75 #define LDAP_PORT		389		/* ldap:///		default LDAP port */
76 #define LDAPS_PORT		636		/* ldaps:///	default LDAP over TLS port */
77 
78 #define LDAP_ROOT_DSE				""
79 #define LDAP_NO_ATTRS				"1.1"
80 #define LDAP_ALL_USER_ATTRIBUTES	"*"
81 #define LDAP_ALL_OPERATIONAL_ATTRIBUTES	"+" /* RFC 3673 */
82 
83 /* RFC 4511:  maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- */
84 #define LDAP_MAXINT (2147483647)
85 
86 /*
87  * LDAP_OPTions
88  *	0x0000 - 0x0fff reserved for api options
89  *	0x1000 - 0x3fff reserved for api extended options
90  *	0x4000 - 0x7fff reserved for private and experimental options
91  */
92 
93 #define LDAP_OPT_API_INFO			0x0000
94 #define LDAP_OPT_DESC				0x0001 /* historic */
95 #define LDAP_OPT_DEREF				0x0002
96 #define LDAP_OPT_SIZELIMIT			0x0003
97 #define LDAP_OPT_TIMELIMIT			0x0004
98 /* 0x05 - 0x07 not defined */
99 #define LDAP_OPT_REFERRALS			0x0008
100 #define LDAP_OPT_RESTART			0x0009
101 /* 0x0a - 0x10 not defined */
102 #define LDAP_OPT_PROTOCOL_VERSION		0x0011
103 #define LDAP_OPT_SERVER_CONTROLS		0x0012
104 #define LDAP_OPT_CLIENT_CONTROLS		0x0013
105 /* 0x14 not defined */
106 #define LDAP_OPT_API_FEATURE_INFO		0x0015
107 /* 0x16 - 0x2f not defined */
108 #define LDAP_OPT_HOST_NAME			0x0030
109 #define LDAP_OPT_RESULT_CODE			0x0031
110 #define LDAP_OPT_ERROR_NUMBER			LDAP_OPT_RESULT_CODE
111 #define LDAP_OPT_DIAGNOSTIC_MESSAGE		0x0032
112 #define LDAP_OPT_ERROR_STRING			LDAP_OPT_DIAGNOSTIC_MESSAGE
113 #define LDAP_OPT_MATCHED_DN			0x0033
114 /* 0x0034 - 0x3fff not defined */
115 /* 0x0091 used by Microsoft for LDAP_OPT_AUTO_RECONNECT */
116 #define LDAP_OPT_SSPI_FLAGS			0x0092
117 /* 0x0093 used by Microsoft for LDAP_OPT_SSL_INFO */
118 /* 0x0094 used by Microsoft for LDAP_OPT_REF_DEREF_CONN_PER_MSG */
119 #define LDAP_OPT_SIGN				0x0095
120 #define LDAP_OPT_ENCRYPT			0x0096
121 #define LDAP_OPT_SASL_METHOD			0x0097
122 /* 0x0098 used by Microsoft for LDAP_OPT_AREC_EXCLUSIVE */
123 #define LDAP_OPT_SECURITY_CONTEXT		0x0099
124 /* 0x009A used by Microsoft for LDAP_OPT_ROOTDSE_CACHE */
125 /* 0x009B - 0x3fff not defined */
126 
127 /* API Extensions */
128 #define LDAP_OPT_API_EXTENSION_BASE 0x4000  /* API extensions */
129 
130 /* private and experimental options */
131 /* OpenLDAP specific options */
132 #define LDAP_OPT_DEBUG_LEVEL		0x5001	/* debug level */
133 #define LDAP_OPT_TIMEOUT			0x5002	/* default timeout */
134 #define LDAP_OPT_REFHOPLIMIT		0x5003	/* ref hop limit */
135 #define LDAP_OPT_NETWORK_TIMEOUT	0x5005	/* socket level timeout */
136 #define LDAP_OPT_URI				0x5006
137 #define LDAP_OPT_REFERRAL_URLS      0x5007  /* Referral URLs */
138 #define LDAP_OPT_SOCKBUF            0x5008  /* sockbuf */
139 #define LDAP_OPT_DEFBASE		0x5009	/* searchbase */
140 #define	LDAP_OPT_CONNECT_ASYNC		0x5010	/* create connections asynchronously */
141 #define	LDAP_OPT_CONNECT_CB			0x5011	/* connection callbacks */
142 #define	LDAP_OPT_SESSION_REFCNT		0x5012	/* session reference count */
143 
144 /* OpenLDAP TLS options */
145 #define LDAP_OPT_X_TLS				0x6000
146 #define LDAP_OPT_X_TLS_CTX			0x6001	/* OpenSSL CTX* */
147 #define LDAP_OPT_X_TLS_CACERTFILE	0x6002
148 #define LDAP_OPT_X_TLS_CACERTDIR	0x6003
149 #define LDAP_OPT_X_TLS_CERTFILE		0x6004
150 #define LDAP_OPT_X_TLS_KEYFILE		0x6005
151 #define LDAP_OPT_X_TLS_REQUIRE_CERT	0x6006
152 #define LDAP_OPT_X_TLS_PROTOCOL_MIN	0x6007
153 #define LDAP_OPT_X_TLS_CIPHER_SUITE	0x6008
154 #define LDAP_OPT_X_TLS_RANDOM_FILE	0x6009
155 #define LDAP_OPT_X_TLS_SSL_CTX		0x600a	/* OpenSSL SSL* */
156 #define LDAP_OPT_X_TLS_CRLCHECK		0x600b
157 #define LDAP_OPT_X_TLS_CONNECT_CB	0x600c
158 #define LDAP_OPT_X_TLS_CONNECT_ARG	0x600d
159 #define LDAP_OPT_X_TLS_DHFILE		0x600e
160 #define LDAP_OPT_X_TLS_NEWCTX		0x600f
161 #define LDAP_OPT_X_TLS_CRLFILE		0x6010	/* GNUtls only */
162 #define LDAP_OPT_X_TLS_PACKAGE		0x6011
163 
164 #define LDAP_OPT_X_TLS_NEVER	0
165 #define LDAP_OPT_X_TLS_HARD		1
166 #define LDAP_OPT_X_TLS_DEMAND	2
167 #define LDAP_OPT_X_TLS_ALLOW	3
168 #define LDAP_OPT_X_TLS_TRY		4
169 
170 #define LDAP_OPT_X_TLS_CRL_NONE	0
171 #define LDAP_OPT_X_TLS_CRL_PEER	1
172 #define LDAP_OPT_X_TLS_CRL_ALL	2
173 
174 /* for LDAP_OPT_X_TLS_PROTOCOL_MIN */
175 #define LDAP_OPT_X_TLS_PROTOCOL(maj,min)	(((maj) << 8) + (min))
176 #define LDAP_OPT_X_TLS_PROTOCOL_SSL2		(2 << 8)
177 #define LDAP_OPT_X_TLS_PROTOCOL_SSL3		(3 << 8)
178 #define LDAP_OPT_X_TLS_PROTOCOL_TLS1_0		((3 << 8) + 1)
179 #define LDAP_OPT_X_TLS_PROTOCOL_TLS1_1		((3 << 8) + 2)
180 #define LDAP_OPT_X_TLS_PROTOCOL_TLS1_2		((3 << 8) + 3)
181 
182 /* OpenLDAP SASL options */
183 #define LDAP_OPT_X_SASL_MECH			0x6100
184 #define LDAP_OPT_X_SASL_REALM			0x6101
185 #define LDAP_OPT_X_SASL_AUTHCID			0x6102
186 #define LDAP_OPT_X_SASL_AUTHZID			0x6103
187 #define LDAP_OPT_X_SASL_SSF				0x6104 /* read-only */
188 #define LDAP_OPT_X_SASL_SSF_EXTERNAL	0x6105 /* write-only */
189 #define LDAP_OPT_X_SASL_SECPROPS		0x6106 /* write-only */
190 #define LDAP_OPT_X_SASL_SSF_MIN			0x6107
191 #define LDAP_OPT_X_SASL_SSF_MAX			0x6108
192 #define LDAP_OPT_X_SASL_MAXBUFSIZE		0x6109
193 #define LDAP_OPT_X_SASL_MECHLIST		0x610a /* read-only */
194 #define LDAP_OPT_X_SASL_NOCANON			0x610b
195 #define LDAP_OPT_X_SASL_USERNAME		0x610c /* read-only */
196 #define LDAP_OPT_X_SASL_GSS_CREDS		0x610d
197 
198 /* OpenLDAP GSSAPI options */
199 #define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT      0x6200
200 #define LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL   0x6201
201 
202 /*
203  * OpenLDAP per connection tcp-keepalive settings
204  * (Linux only, ignored where unsupported)
205  */
206 #define LDAP_OPT_X_KEEPALIVE_IDLE		0x6300
207 #define LDAP_OPT_X_KEEPALIVE_PROBES		0x6301
208 #define LDAP_OPT_X_KEEPALIVE_INTERVAL	0x6302
209 
210 /* Private API Extensions -- reserved for application use */
211 #define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000  /* Private API inclusive */
212 
213 /*
214  * ldap_get_option() and ldap_set_option() return values.
215  * As later versions may return other values indicating
216  * failure, current applications should only compare returned
217  * value against LDAP_OPT_SUCCESS.
218  */
219 #define LDAP_OPT_SUCCESS	0
220 #define	LDAP_OPT_ERROR		(-1)
221 
222 /* option on/off values */
223 #define LDAP_OPT_ON		((void *) &ber_pvt_opt_on)
224 #define LDAP_OPT_OFF	((void *) 0)
225 
226 typedef struct ldapapiinfo {
227 	int		ldapai_info_version;		/* version of LDAPAPIInfo */
228 #define LDAP_API_INFO_VERSION	(1)
229 	int		ldapai_api_version;			/* revision of API supported */
230 	int		ldapai_protocol_version;	/* highest LDAP version supported */
231 	char	**ldapai_extensions;		/* names of API extensions */
232 	char	*ldapai_vendor_name;		/* name of supplier */
233 	int		ldapai_vendor_version;		/* supplier-specific version * 100 */
234 } LDAPAPIInfo;
235 
236 typedef struct ldap_apifeature_info {
237 	int		ldapaif_info_version;		/* version of LDAPAPIFeatureInfo */
238 #define LDAP_FEATURE_INFO_VERSION (1)	/* apifeature_info struct version */
239 	char*	ldapaif_name;				/* LDAP_API_FEATURE_* (less prefix) */
240 	int		ldapaif_version;			/* value of LDAP_API_FEATURE_... */
241 } LDAPAPIFeatureInfo;
242 
243 /*
244  * LDAP Control structure
245  */
246 typedef struct ldapcontrol {
247 	char *			ldctl_oid;			/* numericoid of control */
248 	struct berval	ldctl_value;		/* encoded value of control */
249 	char			ldctl_iscritical;	/* criticality */
250 } LDAPControl;
251 
252 /* LDAP Controls */
253 /*	standard track controls */
254 #define LDAP_CONTROL_MANAGEDSAIT	"2.16.840.1.113730.3.4.2"  /* RFC 3296 */
255 #define LDAP_CONTROL_PROXY_AUTHZ	"2.16.840.1.113730.3.4.18" /* RFC 4370 */
256 #define LDAP_CONTROL_SUBENTRIES		"1.3.6.1.4.1.4203.1.10.1"  /* RFC 3672 */
257 
258 #define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.3344810.2.3"/* RFC 3876 */
259 
260 #define LDAP_CONTROL_ASSERT				"1.3.6.1.1.12"			/* RFC 4528 */
261 #define LDAP_CONTROL_PRE_READ			"1.3.6.1.1.13.1"		/* RFC 4527 */
262 #define LDAP_CONTROL_POST_READ			"1.3.6.1.1.13.2"		/* RFC 4527 */
263 
264 #define LDAP_CONTROL_SORTREQUEST    "1.2.840.113556.1.4.473" /* RFC 2891 */
265 #define LDAP_CONTROL_SORTRESPONSE	"1.2.840.113556.1.4.474" /* RFC 2891 */
266 
267 /*	non-standard track controls */
268 #define LDAP_CONTROL_PAGEDRESULTS	"1.2.840.113556.1.4.319"   /* RFC 2696 */
269 
270 /* LDAP Content Synchronization Operation -- RFC 4533 */
271 #define LDAP_SYNC_OID			"1.3.6.1.4.1.4203.1.9.1"
272 #define LDAP_CONTROL_SYNC		LDAP_SYNC_OID ".1"
273 #define LDAP_CONTROL_SYNC_STATE	LDAP_SYNC_OID ".2"
274 #define LDAP_CONTROL_SYNC_DONE	LDAP_SYNC_OID ".3"
275 #define LDAP_SYNC_INFO			LDAP_SYNC_OID ".4"
276 
277 #define LDAP_SYNC_NONE					0x00
278 #define LDAP_SYNC_REFRESH_ONLY			0x01
279 #define LDAP_SYNC_RESERVED				0x02
280 #define LDAP_SYNC_REFRESH_AND_PERSIST	0x03
281 
282 #define LDAP_SYNC_REFRESH_PRESENTS		0
283 #define LDAP_SYNC_REFRESH_DELETES		1
284 
285 #define LDAP_TAG_SYNC_NEW_COOKIE		((ber_tag_t) 0x80U)
286 #define LDAP_TAG_SYNC_REFRESH_DELETE	((ber_tag_t) 0xa1U)
287 #define LDAP_TAG_SYNC_REFRESH_PRESENT	((ber_tag_t) 0xa2U)
288 #define	LDAP_TAG_SYNC_ID_SET			((ber_tag_t) 0xa3U)
289 
290 #define LDAP_TAG_SYNC_COOKIE			((ber_tag_t) 0x04U)
291 #define LDAP_TAG_REFRESHDELETES			((ber_tag_t) 0x01U)
292 #define LDAP_TAG_REFRESHDONE			((ber_tag_t) 0x01U)
293 #define LDAP_TAG_RELOAD_HINT			((ber_tag_t) 0x01U)
294 
295 #define LDAP_SYNC_PRESENT				0
296 #define LDAP_SYNC_ADD					1
297 #define LDAP_SYNC_MODIFY				2
298 #define LDAP_SYNC_DELETE				3
299 #define LDAP_SYNC_NEW_COOKIE			4
300 
301 
302 /* Password policy Controls *//* work in progress */
303 /* ITS#3458: released; disabled by default */
304 #define LDAP_CONTROL_PASSWORDPOLICYREQUEST	"1.3.6.1.4.1.42.2.27.8.5.1"
305 #define LDAP_CONTROL_PASSWORDPOLICYRESPONSE	"1.3.6.1.4.1.42.2.27.8.5.1"
306 
307 /* various works in progress */
308 #define LDAP_CONTROL_NOOP				"1.3.6.1.4.1.4203.666.5.2"
309 #define LDAP_CONTROL_NO_SUBORDINATES	"1.3.6.1.4.1.4203.666.5.11"
310 #define LDAP_CONTROL_RELAX				"1.3.6.1.4.1.4203.666.5.12"
311 #define LDAP_CONTROL_MANAGEDIT			LDAP_CONTROL_RELAX
312 #define LDAP_CONTROL_SLURP				"1.3.6.1.4.1.4203.666.5.13"
313 #define LDAP_CONTROL_VALSORT			"1.3.6.1.4.1.4203.666.5.14"
314 #define LDAP_CONTROL_DONTUSECOPY		"1.3.6.1.4.1.4203.666.5.15"
315 #define	LDAP_CONTROL_X_DEREF			"1.3.6.1.4.1.4203.666.5.16"
316 #define	LDAP_CONTROL_X_WHATFAILED		"1.3.6.1.4.1.4203.666.5.17"
317 
318 /* LDAP Chaining Behavior Control *//* work in progress */
319 /* <draft-sermersheim-ldap-chaining>;
320  * see also LDAP_NO_REFERRALS_FOUND, LDAP_CANNOT_CHAIN */
321 #define LDAP_CONTROL_X_CHAINING_BEHAVIOR	"1.3.6.1.4.1.4203.666.11.3"
322 
323 #define	LDAP_CHAINING_PREFERRED				0
324 #define	LDAP_CHAINING_REQUIRED				1
325 #define LDAP_REFERRALS_PREFERRED			2
326 #define LDAP_REFERRALS_REQUIRED				3
327 
328 /* MS Active Directory controls (for compatibility) */
329 #define LDAP_CONTROL_X_INCREMENTAL_VALUES	"1.2.840.113556.1.4.802"
330 #define LDAP_CONTROL_X_DOMAIN_SCOPE			"1.2.840.113556.1.4.1339"
331 #define LDAP_CONTROL_X_PERMISSIVE_MODIFY	"1.2.840.113556.1.4.1413"
332 #define LDAP_CONTROL_X_SEARCH_OPTIONS		"1.2.840.113556.1.4.1340"
333 #define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */
334 #define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all subordinate NCs */
335 #define LDAP_CONTROL_X_TREE_DELETE		"1.2.840.113556.1.4.805"
336 
337 /* MS Active Directory controls - not implemented in slapd(8) */
338 #define LDAP_CONTROL_X_EXTENDED_DN		"1.2.840.113556.1.4.529"
339 
340 /* <draft-wahl-ldap-session> */
341 #define LDAP_CONTROL_X_SESSION_TRACKING		"1.3.6.1.4.1.21008.108.63.1"
342 #define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_SESSION_ID \
343 						LDAP_CONTROL_X_SESSION_TRACKING ".1"
344 #define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_MULTI_SESSION_ID \
345 						LDAP_CONTROL_X_SESSION_TRACKING ".2"
346 #define LDAP_CONTROL_X_SESSION_TRACKING_USERNAME \
347 						LDAP_CONTROL_X_SESSION_TRACKING ".3"
348 /* various expired works */
349 
350 /* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
351 #define LDAP_CONTROL_DUPENT_REQUEST		"2.16.840.1.113719.1.27.101.1"
352 #define LDAP_CONTROL_DUPENT_RESPONSE	"2.16.840.1.113719.1.27.101.2"
353 #define LDAP_CONTROL_DUPENT_ENTRY		"2.16.840.1.113719.1.27.101.3"
354 #define LDAP_CONTROL_DUPENT	LDAP_CONTROL_DUPENT_REQUEST
355 
356 /* LDAP Persistent Search Control *//* not implemented in slapd(8) */
357 #define LDAP_CONTROL_PERSIST_REQUEST				"2.16.840.1.113730.3.4.3"
358 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_NOTICE	"2.16.840.1.113730.3.4.7"
359 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_ADD		0x1
360 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_DELETE	0x2
361 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_MODIFY	0x4
362 #define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_RENAME	0x8
363 
364 /* LDAP VLV */
365 #define LDAP_CONTROL_VLVREQUEST    	"2.16.840.1.113730.3.4.9"
366 #define LDAP_CONTROL_VLVRESPONSE    "2.16.840.1.113730.3.4.10"
367 
368 /* LDAP Unsolicited Notifications */
369 #define	LDAP_NOTICE_OF_DISCONNECTION	"1.3.6.1.4.1.1466.20036" /* RFC 4511 */
370 #define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION
371 
372 /* LDAP Extended Operations */
373 #define LDAP_EXOP_START_TLS		"1.3.6.1.4.1.1466.20037"	/* RFC 4511 */
374 
375 #define LDAP_EXOP_MODIFY_PASSWD	"1.3.6.1.4.1.4203.1.11.1"	/* RFC 3062 */
376 #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID	((ber_tag_t) 0x80U)
377 #define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD	((ber_tag_t) 0x81U)
378 #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW	((ber_tag_t) 0x82U)
379 #define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN	((ber_tag_t) 0x80U)
380 
381 #define LDAP_EXOP_CANCEL		"1.3.6.1.1.8"					/* RFC 3909 */
382 #define LDAP_EXOP_X_CANCEL		LDAP_EXOP_CANCEL
383 
384 #define	LDAP_EXOP_REFRESH		"1.3.6.1.4.1.1466.101.119.1"	/* RFC 2589 */
385 #define	LDAP_TAG_EXOP_REFRESH_REQ_DN	((ber_tag_t) 0x80U)
386 #define	LDAP_TAG_EXOP_REFRESH_REQ_TTL	((ber_tag_t) 0x81U)
387 #define	LDAP_TAG_EXOP_REFRESH_RES_TTL	((ber_tag_t) 0x81U)
388 
389 #define LDAP_EXOP_WHO_AM_I		"1.3.6.1.4.1.4203.1.11.3"		/* RFC 4532 */
390 #define LDAP_EXOP_X_WHO_AM_I	LDAP_EXOP_WHO_AM_I
391 
392 /* various works in progress */
393 #define LDAP_EXOP_TURN		"1.3.6.1.1.19"				/* RFC 4531 */
394 #define LDAP_EXOP_X_TURN	LDAP_EXOP_TURN
395 
396 /* LDAP Distributed Procedures <draft-sermersheim-ldap-distproc> */
397 /* a work in progress */
398 #define LDAP_X_DISTPROC_BASE		"1.3.6.1.4.1.4203.666.11.6"
399 #define LDAP_EXOP_X_CHAINEDREQUEST	LDAP_X_DISTPROC_BASE ".1"
400 #define LDAP_FEATURE_X_CANCHAINOPS	LDAP_X_DISTPROC_BASE ".2"
401 #define LDAP_CONTROL_X_RETURNCONTREF	LDAP_X_DISTPROC_BASE ".3"
402 #define LDAP_URLEXT_X_LOCALREFOID	LDAP_X_DISTPROC_BASE ".4"
403 #define LDAP_URLEXT_X_REFTYPEOID	LDAP_X_DISTPROC_BASE ".5"
404 #define LDAP_URLEXT_X_SEARCHEDSUBTREEOID \
405 					LDAP_X_DISTPROC_BASE ".6"
406 #define LDAP_URLEXT_X_FAILEDNAMEOID	LDAP_X_DISTPROC_BASE ".7"
407 #define LDAP_URLEXT_X_LOCALREF		"x-localReference"
408 #define LDAP_URLEXT_X_REFTYPE		"x-referenceType"
409 #define LDAP_URLEXT_X_SEARCHEDSUBTREE	"x-searchedSubtree"
410 #define LDAP_URLEXT_X_FAILEDNAME	"x-failedName"
411 
412 #ifdef LDAP_DEVEL
413 #define LDAP_X_TXN						"1.3.6.1.4.1.4203.666.11.7" /* tmp */
414 #define LDAP_EXOP_X_TXN_START			LDAP_X_TXN ".1"
415 #define LDAP_CONTROL_X_TXN_SPEC			LDAP_X_TXN ".2"
416 #define LDAP_EXOP_X_TXN_END				LDAP_X_TXN ".3"
417 #define LDAP_EXOP_X_TXN_ABORTED_NOTICE	LDAP_X_TXN ".4"
418 #endif
419 
420 /* LDAP Features */
421 #define LDAP_FEATURE_ALL_OP_ATTRS	"1.3.6.1.4.1.4203.1.5.1"	/* RFC 3673 */
422 #define LDAP_FEATURE_OBJECTCLASS_ATTRS \
423 	"1.3.6.1.4.1.4203.1.5.2" /*  @objectClass - new number to be assigned */
424 #define LDAP_FEATURE_ABSOLUTE_FILTERS "1.3.6.1.4.1.4203.1.5.3"  /* (&) (|) */
425 #define LDAP_FEATURE_LANGUAGE_TAG_OPTIONS "1.3.6.1.4.1.4203.1.5.4"
426 #define LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS "1.3.6.1.4.1.4203.1.5.5"
427 #define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.1.14"
428 
429 /* LDAP Experimental (works in progress) Features */
430 #define LDAP_FEATURE_SUBORDINATE_SCOPE \
431 	"1.3.6.1.4.1.4203.666.8.1" /* "children" */
432 #define LDAP_FEATURE_CHILDREN_SCOPE LDAP_FEATURE_SUBORDINATE_SCOPE
433 
434 /*
435  * specific LDAP instantiations of BER types we know about
436  */
437 
438 /* Overview of LBER tag construction
439  *
440  *	Bits
441  *	______
442  *	8 7 | CLASS
443  *	0 0 = UNIVERSAL
444  *	0 1 = APPLICATION
445  *	1 0 = CONTEXT-SPECIFIC
446  *	1 1 = PRIVATE
447  *		_____
448  *		| 6 | DATA-TYPE
449  *		  0 = PRIMITIVE
450  *		  1 = CONSTRUCTED
451  *			___________
452  *			| 5 ... 1 | TAG-NUMBER
453  */
454 
455 /* general stuff */
456 #define LDAP_TAG_MESSAGE	((ber_tag_t) 0x30U)	/* constructed + 16 */
457 #define LDAP_TAG_MSGID		((ber_tag_t) 0x02U)	/* integer */
458 
459 #define LDAP_TAG_LDAPDN		((ber_tag_t) 0x04U)	/* octet string */
460 #define LDAP_TAG_LDAPCRED	((ber_tag_t) 0x04U)	/* octet string */
461 
462 #define LDAP_TAG_CONTROLS	((ber_tag_t) 0xa0U)	/* context specific + constructed + 0 */
463 #define LDAP_TAG_REFERRAL	((ber_tag_t) 0xa3U)	/* context specific + constructed + 3 */
464 
465 #define LDAP_TAG_NEWSUPERIOR	((ber_tag_t) 0x80U)	/* context-specific + primitive + 0 */
466 
467 #define LDAP_TAG_EXOP_REQ_OID   ((ber_tag_t) 0x80U)	/* context specific + primitive */
468 #define LDAP_TAG_EXOP_REQ_VALUE ((ber_tag_t) 0x81U)	/* context specific + primitive */
469 #define LDAP_TAG_EXOP_RES_OID   ((ber_tag_t) 0x8aU)	/* context specific + primitive */
470 #define LDAP_TAG_EXOP_RES_VALUE ((ber_tag_t) 0x8bU)	/* context specific + primitive */
471 
472 #define LDAP_TAG_IM_RES_OID   ((ber_tag_t) 0x80U)	/* context specific + primitive */
473 #define LDAP_TAG_IM_RES_VALUE ((ber_tag_t) 0x81U)	/* context specific + primitive */
474 
475 #define LDAP_TAG_SASL_RES_CREDS	((ber_tag_t) 0x87U)	/* context specific + primitive */
476 
477 /* LDAP Request Messages */
478 #define LDAP_REQ_BIND		((ber_tag_t) 0x60U)	/* application + constructed */
479 #define LDAP_REQ_UNBIND		((ber_tag_t) 0x42U)	/* application + primitive   */
480 #define LDAP_REQ_SEARCH		((ber_tag_t) 0x63U)	/* application + constructed */
481 #define LDAP_REQ_MODIFY		((ber_tag_t) 0x66U)	/* application + constructed */
482 #define LDAP_REQ_ADD		((ber_tag_t) 0x68U)	/* application + constructed */
483 #define LDAP_REQ_DELETE		((ber_tag_t) 0x4aU)	/* application + primitive   */
484 #define LDAP_REQ_MODDN		((ber_tag_t) 0x6cU)	/* application + constructed */
485 #define LDAP_REQ_MODRDN		LDAP_REQ_MODDN
486 #define LDAP_REQ_RENAME		LDAP_REQ_MODDN
487 #define LDAP_REQ_COMPARE	((ber_tag_t) 0x6eU)	/* application + constructed */
488 #define LDAP_REQ_ABANDON	((ber_tag_t) 0x50U)	/* application + primitive   */
489 #define LDAP_REQ_EXTENDED	((ber_tag_t) 0x77U)	/* application + constructed */
490 
491 /* LDAP Response Messages */
492 #define LDAP_RES_BIND		((ber_tag_t) 0x61U)	/* application + constructed */
493 #define LDAP_RES_SEARCH_ENTRY	((ber_tag_t) 0x64U)	/* application + constructed */
494 #define LDAP_RES_SEARCH_REFERENCE	((ber_tag_t) 0x73U)	/* V3: application + constructed */
495 #define LDAP_RES_SEARCH_RESULT	((ber_tag_t) 0x65U)	/* application + constructed */
496 #define LDAP_RES_MODIFY		((ber_tag_t) 0x67U)	/* application + constructed */
497 #define LDAP_RES_ADD		((ber_tag_t) 0x69U)	/* application + constructed */
498 #define LDAP_RES_DELETE		((ber_tag_t) 0x6bU)	/* application + constructed */
499 #define LDAP_RES_MODDN		((ber_tag_t) 0x6dU)	/* application + constructed */
500 #define LDAP_RES_MODRDN		LDAP_RES_MODDN	/* application + constructed */
501 #define LDAP_RES_RENAME		LDAP_RES_MODDN	/* application + constructed */
502 #define LDAP_RES_COMPARE	((ber_tag_t) 0x6fU)	/* application + constructed */
503 #define LDAP_RES_EXTENDED	((ber_tag_t) 0x78U)	/* V3: application + constructed */
504 #define LDAP_RES_INTERMEDIATE	((ber_tag_t) 0x79U) /* V3+: application + constructed */
505 
506 #define LDAP_RES_ANY			(-1)
507 #define LDAP_RES_UNSOLICITED	(0)
508 
509 
510 /* sasl methods */
511 #define LDAP_SASL_SIMPLE	((char*)0)
512 #define LDAP_SASL_NULL		("")
513 
514 
515 /* authentication methods available */
516 #define LDAP_AUTH_NONE   ((ber_tag_t) 0x00U) /* no authentication */
517 #define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */
518 #define LDAP_AUTH_SASL   ((ber_tag_t) 0xa3U) /* context specific + constructed */
519 #define LDAP_AUTH_KRBV4  ((ber_tag_t) 0xffU) /* means do both of the following */
520 #define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
521 #define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */
522 
523 /* used by the Windows API but not used on the wire */
524 #define LDAP_AUTH_NEGOTIATE ((ber_tag_t) 0x04FFU)
525 
526 /* filter types */
527 #define LDAP_FILTER_AND	((ber_tag_t) 0xa0U)	/* context specific + constructed */
528 #define LDAP_FILTER_OR	((ber_tag_t) 0xa1U)	/* context specific + constructed */
529 #define LDAP_FILTER_NOT	((ber_tag_t) 0xa2U)	/* context specific + constructed */
530 #define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */
531 #define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */
532 #define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */
533 #define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */
534 #define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive   */
535 #define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U)	/* context specific + constructed */
536 #define LDAP_FILTER_EXT	((ber_tag_t) 0xa9U)	/* context specific + constructed */
537 
538 /* extended filter component types */
539 #define LDAP_FILTER_EXT_OID		((ber_tag_t) 0x81U)	/* context specific */
540 #define LDAP_FILTER_EXT_TYPE	((ber_tag_t) 0x82U)	/* context specific */
541 #define LDAP_FILTER_EXT_VALUE	((ber_tag_t) 0x83U)	/* context specific */
542 #define LDAP_FILTER_EXT_DNATTRS	((ber_tag_t) 0x84U)	/* context specific */
543 
544 /* substring filter component types */
545 #define LDAP_SUBSTRING_INITIAL	((ber_tag_t) 0x80U)	/* context specific */
546 #define LDAP_SUBSTRING_ANY		((ber_tag_t) 0x81U)	/* context specific */
547 #define LDAP_SUBSTRING_FINAL	((ber_tag_t) 0x82U)	/* context specific */
548 
549 /* search scopes */
550 #define LDAP_SCOPE_BASE			((ber_int_t) 0x0000)
551 #define LDAP_SCOPE_BASEOBJECT	LDAP_SCOPE_BASE
552 #define LDAP_SCOPE_ONELEVEL		((ber_int_t) 0x0001)
553 #define LDAP_SCOPE_ONE			LDAP_SCOPE_ONELEVEL
554 #define LDAP_SCOPE_SUBTREE		((ber_int_t) 0x0002)
555 #define LDAP_SCOPE_SUB			LDAP_SCOPE_SUBTREE
556 #define LDAP_SCOPE_SUBORDINATE	((ber_int_t) 0x0003) /* OpenLDAP extension */
557 #define LDAP_SCOPE_CHILDREN		LDAP_SCOPE_SUBORDINATE
558 #define LDAP_SCOPE_DEFAULT		((ber_int_t) -1)	 /* OpenLDAP extension */
559 
560 /* substring filter component types */
561 #define LDAP_SUBSTRING_INITIAL	((ber_tag_t) 0x80U)	/* context specific */
562 #define LDAP_SUBSTRING_ANY		((ber_tag_t) 0x81U)	/* context specific */
563 #define LDAP_SUBSTRING_FINAL	((ber_tag_t) 0x82U)	/* context specific */
564 
565 /*
566  * LDAP Result Codes
567  */
568 #define LDAP_SUCCESS				0x00
569 
570 #define LDAP_RANGE(n,x,y)	(((x) <= (n)) && ((n) <= (y)))
571 
572 #define LDAP_OPERATIONS_ERROR		0x01
573 #define LDAP_PROTOCOL_ERROR			0x02
574 #define LDAP_TIMELIMIT_EXCEEDED		0x03
575 #define LDAP_SIZELIMIT_EXCEEDED		0x04
576 #define LDAP_COMPARE_FALSE			0x05
577 #define LDAP_COMPARE_TRUE			0x06
578 #define LDAP_AUTH_METHOD_NOT_SUPPORTED	0x07
579 #define LDAP_STRONG_AUTH_NOT_SUPPORTED	LDAP_AUTH_METHOD_NOT_SUPPORTED
580 #define LDAP_STRONG_AUTH_REQUIRED	0x08
581 #define LDAP_STRONGER_AUTH_REQUIRED	LDAP_STRONG_AUTH_REQUIRED
582 #define LDAP_PARTIAL_RESULTS		0x09	/* LDAPv2+ (not LDAPv3) */
583 
584 #define	LDAP_REFERRAL				0x0a /* LDAPv3 */
585 #define LDAP_ADMINLIMIT_EXCEEDED	0x0b /* LDAPv3 */
586 #define	LDAP_UNAVAILABLE_CRITICAL_EXTENSION	0x0c /* LDAPv3 */
587 #define LDAP_CONFIDENTIALITY_REQUIRED	0x0d /* LDAPv3 */
588 #define	LDAP_SASL_BIND_IN_PROGRESS	0x0e /* LDAPv3 */
589 
590 #define LDAP_ATTR_ERROR(n)	LDAP_RANGE((n),0x10,0x15) /* 16-21 */
591 
592 #define LDAP_NO_SUCH_ATTRIBUTE		0x10
593 #define LDAP_UNDEFINED_TYPE			0x11
594 #define LDAP_INAPPROPRIATE_MATCHING	0x12
595 #define LDAP_CONSTRAINT_VIOLATION	0x13
596 #define LDAP_TYPE_OR_VALUE_EXISTS	0x14
597 #define LDAP_INVALID_SYNTAX			0x15
598 
599 #define LDAP_NAME_ERROR(n)	LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */
600 
601 #define LDAP_NO_SUCH_OBJECT			0x20
602 #define LDAP_ALIAS_PROBLEM			0x21
603 #define LDAP_INVALID_DN_SYNTAX		0x22
604 #define LDAP_IS_LEAF				0x23 /* not LDAPv3 */
605 #define LDAP_ALIAS_DEREF_PROBLEM	0x24
606 
607 #define LDAP_SECURITY_ERROR(n)	LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
608 
609 #define LDAP_X_PROXY_AUTHZ_FAILURE	0x2F /* LDAPv3 proxy authorization */
610 #define LDAP_INAPPROPRIATE_AUTH		0x30
611 #define LDAP_INVALID_CREDENTIALS	0x31
612 #define LDAP_INSUFFICIENT_ACCESS	0x32
613 
614 #define LDAP_SERVICE_ERROR(n)	LDAP_RANGE((n),0x33,0x36) /* 51-54 */
615 
616 #define LDAP_BUSY					0x33
617 #define LDAP_UNAVAILABLE			0x34
618 #define LDAP_UNWILLING_TO_PERFORM	0x35
619 #define LDAP_LOOP_DETECT			0x36
620 
621 #define LDAP_UPDATE_ERROR(n)	LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */
622 
623 #define LDAP_NAMING_VIOLATION		0x40
624 #define LDAP_OBJECT_CLASS_VIOLATION	0x41
625 #define LDAP_NOT_ALLOWED_ON_NONLEAF	0x42
626 #define LDAP_NOT_ALLOWED_ON_RDN		0x43
627 #define LDAP_ALREADY_EXISTS			0x44
628 #define LDAP_NO_OBJECT_CLASS_MODS	0x45
629 #define LDAP_RESULTS_TOO_LARGE		0x46 /* CLDAP */
630 #define LDAP_AFFECTS_MULTIPLE_DSAS	0x47
631 
632 #define LDAP_VLV_ERROR				0x4C
633 
634 #define LDAP_OTHER					0x50
635 
636 /* LCUP operation codes (113-117) - not implemented */
637 #define LDAP_CUP_RESOURCES_EXHAUSTED	0x71
638 #define LDAP_CUP_SECURITY_VIOLATION		0x72
639 #define LDAP_CUP_INVALID_DATA			0x73
640 #define LDAP_CUP_UNSUPPORTED_SCHEME		0x74
641 #define LDAP_CUP_RELOAD_REQUIRED		0x75
642 
643 /* Cancel operation codes (118-121) */
644 #define LDAP_CANCELLED				0x76
645 #define LDAP_NO_SUCH_OPERATION		0x77
646 #define LDAP_TOO_LATE				0x78
647 #define LDAP_CANNOT_CANCEL			0x79
648 
649 /* Assertion control (122) */
650 #define LDAP_ASSERTION_FAILED		0x7A
651 
652 /* Proxied Authorization Denied (123) */
653 #define LDAP_PROXIED_AUTHORIZATION_DENIED		0x7B
654 
655 /* Experimental result codes */
656 #define LDAP_E_ERROR(n)	LDAP_RANGE((n),0x1000,0x3FFF)
657 
658 /* LDAP Sync (4096) */
659 #define LDAP_SYNC_REFRESH_REQUIRED		0x1000
660 
661 
662 /* Private Use result codes */
663 #define LDAP_X_ERROR(n)	LDAP_RANGE((n),0x4000,0xFFFF)
664 
665 #define LDAP_X_SYNC_REFRESH_REQUIRED	0x4100 /* defunct */
666 #define LDAP_X_ASSERTION_FAILED			0x410f /* defunct */
667 
668 /* for the LDAP No-Op control */
669 #define LDAP_X_NO_OPERATION				0x410e
670 
671 /* for the Chaining Behavior control (consecutive result codes requested;
672  * see <draft-sermersheim-ldap-chaining> ) */
673 #ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
674 #define	LDAP_X_NO_REFERRALS_FOUND		0x4110
675 #define LDAP_X_CANNOT_CHAIN			0x4111
676 #endif
677 
678 /* for Distributed Procedures (see <draft-sermersheim-ldap-distproc>) */
679 #ifdef LDAP_X_DISTPROC_BASE
680 #define LDAP_X_INVALIDREFERENCE			0x4112
681 #endif
682 
683 #ifdef LDAP_X_TXN
684 #define LDAP_X_TXN_SPECIFY_OKAY		0x4120
685 #define LDAP_X_TXN_ID_INVALID		0x4121
686 #endif
687 
688 /* API Error Codes
689  *
690  * Based on draft-ietf-ldap-c-api-xx
691  * but with new negative code values
692  */
693 #define LDAP_API_ERROR(n)		((n)<0)
694 #define LDAP_API_RESULT(n)		((n)<=0)
695 
696 #define LDAP_SERVER_DOWN				(-1)
697 #define LDAP_LOCAL_ERROR				(-2)
698 #define LDAP_ENCODING_ERROR				(-3)
699 #define LDAP_DECODING_ERROR				(-4)
700 #define LDAP_TIMEOUT					(-5)
701 #define LDAP_AUTH_UNKNOWN				(-6)
702 #define LDAP_FILTER_ERROR				(-7)
703 #define LDAP_USER_CANCELLED				(-8)
704 #define LDAP_PARAM_ERROR				(-9)
705 #define LDAP_NO_MEMORY					(-10)
706 #define LDAP_CONNECT_ERROR				(-11)
707 #define LDAP_NOT_SUPPORTED				(-12)
708 #define LDAP_CONTROL_NOT_FOUND			(-13)
709 #define LDAP_NO_RESULTS_RETURNED		(-14)
710 #define LDAP_MORE_RESULTS_TO_RETURN		(-15)	/* Obsolete */
711 #define LDAP_CLIENT_LOOP				(-16)
712 #define LDAP_REFERRAL_LIMIT_EXCEEDED	(-17)
713 #define	LDAP_X_CONNECTING			(-18)
714 
715 
716 /*
717  * This structure represents both ldap messages and ldap responses.
718  * These are really the same, except in the case of search responses,
719  * where a response has multiple messages.
720  */
721 
722 typedef struct ldapmsg LDAPMessage;
723 
724 /* for modifications */
725 typedef struct ldapmod {
726 	int		mod_op;
727 
728 #define LDAP_MOD_OP			(0x0007)
729 #define LDAP_MOD_ADD		(0x0000)
730 #define LDAP_MOD_DELETE		(0x0001)
731 #define LDAP_MOD_REPLACE	(0x0002)
732 #define LDAP_MOD_INCREMENT	(0x0003) /* OpenLDAP extension */
733 #define LDAP_MOD_BVALUES	(0x0080)
734 /* IMPORTANT: do not use code 0x1000 (or above),
735  * it is used internally by the backends!
736  * (see ldap/servers/slapd/slap.h)
737  */
738 
739 	char		*mod_type;
740 	union mod_vals_u {
741 		char		**modv_strvals;
742 		struct berval	**modv_bvals;
743 	} mod_vals;
744 #define mod_values	mod_vals.modv_strvals
745 #define mod_bvalues	mod_vals.modv_bvals
746 } LDAPMod;
747 
748 /*
749  * structure representing an ldap session which can
750  * encompass connections to multiple servers (in the
751  * face of referrals).
752  */
753 typedef struct ldap LDAP;
754 
755 #define LDAP_DEREF_NEVER		0x00
756 #define LDAP_DEREF_SEARCHING	0x01
757 #define LDAP_DEREF_FINDING		0x02
758 #define LDAP_DEREF_ALWAYS		0x03
759 
760 #define LDAP_NO_LIMIT			0
761 
762 /* how many messages to retrieve results for */
763 #define LDAP_MSG_ONE			0x00
764 #define LDAP_MSG_ALL			0x01
765 #define LDAP_MSG_RECEIVED		0x02
766 
767 /*
768  * types for ldap URL handling
769  */
770 typedef struct ldap_url_desc {
771 	struct ldap_url_desc *lud_next;
772 	char	*lud_scheme;
773 	char	*lud_host;
774 	int		lud_port;
775 	char	*lud_dn;
776 	char	**lud_attrs;
777 	int		lud_scope;
778 	char	*lud_filter;
779 	char	**lud_exts;
780 	int		lud_crit_exts;
781 } LDAPURLDesc;
782 
783 #define LDAP_URL_SUCCESS		0x00	/* Success */
784 #define LDAP_URL_ERR_MEM		0x01	/* can't allocate memory space */
785 #define LDAP_URL_ERR_PARAM		0x02	/* parameter is bad */
786 
787 #define LDAP_URL_ERR_BADSCHEME	0x03	/* URL doesn't begin with "ldap[si]://" */
788 #define LDAP_URL_ERR_BADENCLOSURE 0x04	/* URL is missing trailing ">" */
789 #define LDAP_URL_ERR_BADURL		0x05	/* URL is bad */
790 #define LDAP_URL_ERR_BADHOST	0x06	/* host port is bad */
791 #define LDAP_URL_ERR_BADATTRS	0x07	/* bad (or missing) attributes */
792 #define LDAP_URL_ERR_BADSCOPE	0x08	/* scope string is invalid (or missing) */
793 #define LDAP_URL_ERR_BADFILTER	0x09	/* bad or missing filter */
794 #define LDAP_URL_ERR_BADEXTS	0x0a	/* bad or missing extensions */
795 
796 /*
797  * LDAP sync (RFC4533) API
798  */
799 
800 typedef struct ldap_sync_t ldap_sync_t;
801 
802 typedef enum {
803 	/* these are private - the client should never see them */
804 	LDAP_SYNC_CAPI_NONE		= -1,
805 
806 	LDAP_SYNC_CAPI_PHASE_FLAG	= 0x10U,
807 	LDAP_SYNC_CAPI_IDSET_FLAG	= 0x20U,
808 	LDAP_SYNC_CAPI_DONE_FLAG	= 0x40U,
809 
810 	/* these are passed to ls_search_entry() */
811 	LDAP_SYNC_CAPI_PRESENT		= LDAP_SYNC_PRESENT,
812 	LDAP_SYNC_CAPI_ADD		= LDAP_SYNC_ADD,
813 	LDAP_SYNC_CAPI_MODIFY		= LDAP_SYNC_MODIFY,
814 	LDAP_SYNC_CAPI_DELETE		= LDAP_SYNC_DELETE,
815 
816 	/* these are passed to ls_intermediate() */
817 	LDAP_SYNC_CAPI_PRESENTS		= ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_PRESENT ),
818 	LDAP_SYNC_CAPI_DELETES		= ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_DELETE ),
819 
820 	LDAP_SYNC_CAPI_PRESENTS_IDSET	= ( LDAP_SYNC_CAPI_PRESENTS | LDAP_SYNC_CAPI_IDSET_FLAG ),
821 	LDAP_SYNC_CAPI_DELETES_IDSET	= ( LDAP_SYNC_CAPI_DELETES | LDAP_SYNC_CAPI_IDSET_FLAG ),
822 
823 	LDAP_SYNC_CAPI_DONE		= ( LDAP_SYNC_CAPI_DONE_FLAG | LDAP_SYNC_CAPI_PRESENTS )
824 } ldap_sync_refresh_t;
825 
826 /*
827  * Called when an entry is returned by ldap_result().
828  * If phase is LDAP_SYNC_CAPI_ADD or LDAP_SYNC_CAPI_MODIFY,
829  * the entry has been either added or modified, and thus
830  * the complete view of the entry should be in the LDAPMessage.
831  * If phase is LDAP_SYNC_CAPI_PRESENT or LDAP_SYNC_CAPI_DELETE,
832  * only the DN should be in the LDAPMessage.
833  */
834 typedef int (*ldap_sync_search_entry_f) LDAP_P((
835 	ldap_sync_t			*ls,
836 	LDAPMessage			*msg,
837 	struct berval			*entryUUID,
838 	ldap_sync_refresh_t		phase ));
839 
840 /*
841  * Called when a reference is returned; the client should know
842  * what to do with it.
843  */
844 typedef int (*ldap_sync_search_reference_f) LDAP_P((
845 	ldap_sync_t			*ls,
846 	LDAPMessage			*msg ));
847 
848 /*
849  * Called when specific intermediate/final messages are returned.
850  * If phase is LDAP_SYNC_CAPI_PRESENTS or LDAP_SYNC_CAPI_DELETES,
851  * a "presents" or "deletes" phase begins.
852  * If phase is LDAP_SYNC_CAPI_DONE, a special "presents" phase
853  * with refreshDone set to "TRUE" has been returned, to indicate
854  * that the refresh phase of a refreshAndPersist is complete.
855  * In the above cases, syncUUIDs is NULL.
856  *
857  * If phase is LDAP_SYNC_CAPI_PRESENTS_IDSET or
858  * LDAP_SYNC_CAPI_DELETES_IDSET, syncUUIDs is an array of UUIDs
859  * that are either present or have been deleted.
860  */
861 typedef int (*ldap_sync_intermediate_f) LDAP_P((
862 	ldap_sync_t			*ls,
863 	LDAPMessage			*msg,
864 	BerVarray			syncUUIDs,
865 	ldap_sync_refresh_t		phase ));
866 
867 /*
868  * Called when a searchResultDone is returned.  In refreshAndPersist,
869  * this can only occur if the search for any reason is being terminated
870  * by the server.
871  */
872 typedef int (*ldap_sync_search_result_f) LDAP_P((
873 	ldap_sync_t			*ls,
874 	LDAPMessage			*msg,
875 	int				refreshDeletes ));
876 
877 /*
878  * This structure contains all information about the persistent search;
879  * the caller is responsible for connecting, setting version, binding, tls...
880  */
881 struct ldap_sync_t {
882 	/* conf search params */
883 	char				*ls_base;
884 	int				ls_scope;
885 	char				*ls_filter;
886 	char				**ls_attrs;
887 	int				ls_timelimit;
888 	int				ls_sizelimit;
889 
890 	/* poll timeout */
891 	int				ls_timeout;
892 
893 	/* helpers - add as appropriate */
894 	ldap_sync_search_entry_f	ls_search_entry;
895 	ldap_sync_search_reference_f	ls_search_reference;
896 	ldap_sync_intermediate_f	ls_intermediate;
897 	ldap_sync_search_result_f	ls_search_result;
898 
899 	/* set by the caller as appropriate */
900 	void				*ls_private;
901 
902 	/* conn stuff */
903 	LDAP				*ls_ld;
904 
905 	/* --- the parameters below are private - do not modify --- */
906 
907 	/* FIXME: make the structure opaque, and provide an interface
908 	 * to modify the public values? */
909 
910 	/* result stuff */
911 	int				ls_msgid;
912 
913 	/* sync stuff */
914 	/* needed by refreshOnly */
915 	int				ls_reloadHint;
916 
917 	/* opaque - need to pass between sessions, updated by the API */
918 	struct berval			ls_cookie;
919 
920 	/* state variable - do not modify */
921 	ldap_sync_refresh_t		ls_refreshPhase;
922 };
923 
924 /*
925  * End of LDAP sync (RFC4533) API
926  */
927 
928 /*
929  * Connection callbacks...
930  */
931 struct ldap_conncb;
932 struct sockaddr;
933 
934 /* Called after a connection is established */
935 typedef int (ldap_conn_add_f) LDAP_P(( LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, struct sockaddr *addr,
936 	struct ldap_conncb *ctx ));
937 /* Called before a connection is closed */
938 typedef void (ldap_conn_del_f) LDAP_P(( LDAP *ld, Sockbuf *sb, struct ldap_conncb *ctx ));
939 
940 /* Callbacks are pushed on a stack. Last one pushed is first one executed. The
941  * delete callback is called with a NULL Sockbuf just before freeing the LDAP handle.
942  */
943 typedef struct ldap_conncb {
944 	ldap_conn_add_f *lc_add;
945 	ldap_conn_del_f *lc_del;
946 	void *lc_arg;
947 } ldap_conncb;
948 
949 /*
950  * The API draft spec says we should declare (or cause to be declared)
951  * 'struct timeval'.   We don't.  See IETF LDAPext discussions.
952  */
953 struct timeval;
954 
955 /*
956  * in options.c:
957  */
958 LDAP_F( int )
959 ldap_get_option LDAP_P((
960 	LDAP *ld,
961 	int option,
962 	void *outvalue));
963 
964 LDAP_F( int )
965 ldap_set_option LDAP_P((
966 	LDAP *ld,
967 	int option,
968 	LDAP_CONST void *invalue));
969 
970 /* V3 REBIND Function Callback Prototype */
971 typedef int (LDAP_REBIND_PROC) LDAP_P((
972 	LDAP *ld, LDAP_CONST char *url,
973 	ber_tag_t request, ber_int_t msgid,
974 	void *params ));
975 
976 LDAP_F( int )
977 ldap_set_rebind_proc LDAP_P((
978 	LDAP *ld,
979 	LDAP_REBIND_PROC *rebind_proc,
980 	void *params ));
981 
982 /* V3 referral selection Function Callback Prototype */
983 typedef int (LDAP_NEXTREF_PROC) LDAP_P((
984 	LDAP *ld, char ***refsp, int *cntp,
985 	void *params ));
986 
987 LDAP_F( int )
988 ldap_set_nextref_proc LDAP_P((
989 	LDAP *ld,
990 	LDAP_NEXTREF_PROC *nextref_proc,
991 	void *params ));
992 
993 /* V3 URLLIST Function Callback Prototype */
994 typedef int (LDAP_URLLIST_PROC) LDAP_P((
995 	LDAP *ld,
996 	LDAPURLDesc **urllist,
997 	LDAPURLDesc **url,
998 	void *params ));
999 
1000 LDAP_F( int )
1001 ldap_set_urllist_proc LDAP_P((
1002 	LDAP *ld,
1003 	LDAP_URLLIST_PROC *urllist_proc,
1004 	void *params ));
1005 
1006 /*
1007  * in controls.c:
1008  */
1009 #if LDAP_DEPRECATED
1010 LDAP_F( int )
1011 ldap_create_control LDAP_P((	/* deprecated, use ldap_control_create */
1012 	LDAP_CONST char *requestOID,
1013 	BerElement *ber,
1014 	int iscritical,
1015 	LDAPControl **ctrlp ));
1016 
1017 LDAP_F( LDAPControl * )
1018 ldap_find_control LDAP_P((	/* deprecated, use ldap_control_find */
1019 	LDAP_CONST char *oid,
1020 	LDAPControl **ctrls ));
1021 #endif
1022 
1023 LDAP_F( int )
1024 ldap_control_create LDAP_P((
1025 	LDAP_CONST char *requestOID,
1026 	int iscritical,
1027 	struct berval *value,
1028 	int dupval,
1029 	LDAPControl **ctrlp ));
1030 
1031 LDAP_F( LDAPControl * )
1032 ldap_control_find LDAP_P((
1033 	LDAP_CONST char *oid,
1034 	LDAPControl **ctrls,
1035 	LDAPControl ***nextctrlp ));
1036 
1037 LDAP_F( void )
1038 ldap_control_free LDAP_P((
1039 	LDAPControl *ctrl ));
1040 
1041 LDAP_F( void )
1042 ldap_controls_free LDAP_P((
1043 	LDAPControl **ctrls ));
1044 
1045 LDAP_F( LDAPControl ** )
1046 ldap_controls_dup LDAP_P((
1047 	LDAPControl *LDAP_CONST *controls ));
1048 
1049 LDAP_F( LDAPControl * )
1050 ldap_control_dup LDAP_P((
1051 	LDAP_CONST LDAPControl *c ));
1052 
1053 /*
1054  * in dnssrv.c:
1055  */
1056 LDAP_F( int )
1057 ldap_domain2dn LDAP_P((
1058 	LDAP_CONST char* domain,
1059 	char** dn ));
1060 
1061 LDAP_F( int )
1062 ldap_dn2domain LDAP_P((
1063 	LDAP_CONST char* dn,
1064 	char** domain ));
1065 
1066 LDAP_F( int )
1067 ldap_domain2hostlist LDAP_P((
1068 	LDAP_CONST char *domain,
1069 	char** hostlist ));
1070 
1071 /*
1072  * in extended.c:
1073  */
1074 LDAP_F( int )
1075 ldap_extended_operation LDAP_P((
1076 	LDAP			*ld,
1077 	LDAP_CONST char	*reqoid,
1078 	struct berval	*reqdata,
1079 	LDAPControl		**serverctrls,
1080 	LDAPControl		**clientctrls,
1081 	int				*msgidp ));
1082 
1083 LDAP_F( int )
1084 ldap_extended_operation_s LDAP_P((
1085 	LDAP			*ld,
1086 	LDAP_CONST char	*reqoid,
1087 	struct berval	*reqdata,
1088 	LDAPControl		**serverctrls,
1089 	LDAPControl		**clientctrls,
1090 	char			**retoidp,
1091 	struct berval	**retdatap ));
1092 
1093 LDAP_F( int )
1094 ldap_parse_extended_result LDAP_P((
1095 	LDAP			*ld,
1096 	LDAPMessage		*res,
1097 	char			**retoidp,
1098 	struct berval	**retdatap,
1099 	int				freeit ));
1100 
1101 LDAP_F( int )
1102 ldap_parse_intermediate LDAP_P((
1103 	LDAP			*ld,
1104 	LDAPMessage		*res,
1105 	char			**retoidp,
1106 	struct berval	**retdatap,
1107 	LDAPControl		***serverctrls,
1108 	int				freeit ));
1109 
1110 
1111 /*
1112  * in abandon.c:
1113  */
1114 LDAP_F( int )
1115 ldap_abandon_ext LDAP_P((
1116 	LDAP			*ld,
1117 	int				msgid,
1118 	LDAPControl		**serverctrls,
1119 	LDAPControl		**clientctrls ));
1120 
1121 #if LDAP_DEPRECATED
1122 LDAP_F( int )
1123 ldap_abandon LDAP_P((	/* deprecated, use ldap_abandon_ext */
1124 	LDAP *ld,
1125 	int msgid ));
1126 #endif
1127 
1128 /*
1129  * in add.c:
1130  */
1131 LDAP_F( int )
1132 ldap_add_ext LDAP_P((
1133 	LDAP			*ld,
1134 	LDAP_CONST char	*dn,
1135 	LDAPMod			**attrs,
1136 	LDAPControl		**serverctrls,
1137 	LDAPControl		**clientctrls,
1138 	int 			*msgidp ));
1139 
1140 LDAP_F( int )
1141 ldap_add_ext_s LDAP_P((
1142 	LDAP			*ld,
1143 	LDAP_CONST char	*dn,
1144 	LDAPMod			**attrs,
1145 	LDAPControl		**serverctrls,
1146 	LDAPControl		**clientctrls ));
1147 
1148 #if LDAP_DEPRECATED
1149 LDAP_F( int )
1150 ldap_add LDAP_P((	/* deprecated, use ldap_add_ext */
1151 	LDAP *ld,
1152 	LDAP_CONST char *dn,
1153 	LDAPMod **attrs ));
1154 
1155 LDAP_F( int )
1156 ldap_add_s LDAP_P((	/* deprecated, use ldap_add_ext_s */
1157 	LDAP *ld,
1158 	LDAP_CONST char *dn,
1159 	LDAPMod **attrs ));
1160 #endif
1161 
1162 
1163 /*
1164  * in sasl.c:
1165  */
1166 LDAP_F( int )
1167 ldap_sasl_bind LDAP_P((
1168 	LDAP			*ld,
1169 	LDAP_CONST char	*dn,
1170 	LDAP_CONST char	*mechanism,
1171 	struct berval	*cred,
1172 	LDAPControl		**serverctrls,
1173 	LDAPControl		**clientctrls,
1174 	int				*msgidp ));
1175 
1176 /* Interaction flags (should be passed about in a control)
1177  *  Automatic (default): use defaults, prompt otherwise
1178  *  Interactive: prompt always
1179  *  Quiet: never prompt
1180  */
1181 #define LDAP_SASL_AUTOMATIC		0U
1182 #define LDAP_SASL_INTERACTIVE	1U
1183 #define LDAP_SASL_QUIET			2U
1184 
1185 /*
1186  * V3 SASL Interaction Function Callback Prototype
1187  *	when using Cyrus SASL, interact is pointer to sasl_interact_t
1188  *  should likely passed in a control (and provided controls)
1189  */
1190 typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
1191 	LDAP *ld, unsigned flags, void* defaults, void *interact ));
1192 
1193 LDAP_F( int )
1194 ldap_sasl_interactive_bind LDAP_P((
1195 	LDAP *ld,
1196 	LDAP_CONST char *dn, /* usually NULL */
1197 	LDAP_CONST char *saslMechanism,
1198 	LDAPControl **serverControls,
1199 	LDAPControl **clientControls,
1200 
1201 	/* should be client controls */
1202 	unsigned flags,
1203 	LDAP_SASL_INTERACT_PROC *proc,
1204 	void *defaults,
1205 
1206 	/* as obtained from ldap_result() */
1207 	LDAPMessage *result,
1208 
1209 	/* returned during bind processing */
1210 	const char **rmech,
1211 	int *msgid ));
1212 
1213 LDAP_F( int )
1214 ldap_sasl_interactive_bind_s LDAP_P((
1215 	LDAP *ld,
1216 	LDAP_CONST char *dn, /* usually NULL */
1217 	LDAP_CONST char *saslMechanism,
1218 	LDAPControl **serverControls,
1219 	LDAPControl **clientControls,
1220 
1221 	/* should be client controls */
1222 	unsigned flags,
1223 	LDAP_SASL_INTERACT_PROC *proc,
1224 	void *defaults ));
1225 
1226 LDAP_F( int )
1227 ldap_sasl_bind_s LDAP_P((
1228 	LDAP			*ld,
1229 	LDAP_CONST char	*dn,
1230 	LDAP_CONST char	*mechanism,
1231 	struct berval	*cred,
1232 	LDAPControl		**serverctrls,
1233 	LDAPControl		**clientctrls,
1234 	struct berval	**servercredp ));
1235 
1236 LDAP_F( int )
1237 ldap_parse_sasl_bind_result LDAP_P((
1238 	LDAP			*ld,
1239 	LDAPMessage		*res,
1240 	struct berval	**servercredp,
1241 	int				freeit ));
1242 
1243 #if LDAP_DEPRECATED
1244 /*
1245  * in bind.c:
1246  *	(deprecated)
1247  */
1248 LDAP_F( int )
1249 ldap_bind LDAP_P((	/* deprecated, use ldap_sasl_bind */
1250 	LDAP *ld,
1251 	LDAP_CONST char *who,
1252 	LDAP_CONST char *passwd,
1253 	int authmethod ));
1254 
1255 LDAP_F( int )
1256 ldap_bind_s LDAP_P((	/* deprecated, use ldap_sasl_bind_s */
1257 	LDAP *ld,
1258 	LDAP_CONST char *who,
1259 	LDAP_CONST char *cred,
1260 	int authmethod ));
1261 
1262 /*
1263  * in sbind.c:
1264  */
1265 LDAP_F( int )
1266 ldap_simple_bind LDAP_P(( /* deprecated, use ldap_sasl_bind */
1267 	LDAP *ld,
1268 	LDAP_CONST char *who,
1269 	LDAP_CONST char *passwd ));
1270 
1271 LDAP_F( int )
1272 ldap_simple_bind_s LDAP_P(( /* deprecated, use ldap_sasl_bind_s */
1273 	LDAP *ld,
1274 	LDAP_CONST char *who,
1275 	LDAP_CONST char *passwd ));
1276 
1277 #endif
1278 
1279 
1280 /*
1281  * in compare.c:
1282  */
1283 LDAP_F( int )
1284 ldap_compare_ext LDAP_P((
1285 	LDAP			*ld,
1286 	LDAP_CONST char	*dn,
1287 	LDAP_CONST char	*attr,
1288 	struct berval	*bvalue,
1289 	LDAPControl		**serverctrls,
1290 	LDAPControl		**clientctrls,
1291 	int 			*msgidp ));
1292 
1293 LDAP_F( int )
1294 ldap_compare_ext_s LDAP_P((
1295 	LDAP			*ld,
1296 	LDAP_CONST char	*dn,
1297 	LDAP_CONST char	*attr,
1298 	struct berval	*bvalue,
1299 	LDAPControl		**serverctrls,
1300 	LDAPControl		**clientctrls ));
1301 
1302 #if LDAP_DEPRECATED
1303 LDAP_F( int )
1304 ldap_compare LDAP_P((	/* deprecated, use ldap_compare_ext */
1305 	LDAP *ld,
1306 	LDAP_CONST char *dn,
1307 	LDAP_CONST char *attr,
1308 	LDAP_CONST char *value ));
1309 
1310 LDAP_F( int )
1311 ldap_compare_s LDAP_P((	/* deprecated, use ldap_compare_ext_s */
1312 	LDAP *ld,
1313 	LDAP_CONST char *dn,
1314 	LDAP_CONST char *attr,
1315 	LDAP_CONST char *value ));
1316 #endif
1317 
1318 
1319 /*
1320  * in delete.c:
1321  */
1322 LDAP_F( int )
1323 ldap_delete_ext LDAP_P((
1324 	LDAP			*ld,
1325 	LDAP_CONST char	*dn,
1326 	LDAPControl		**serverctrls,
1327 	LDAPControl		**clientctrls,
1328 	int 			*msgidp ));
1329 
1330 LDAP_F( int )
1331 ldap_delete_ext_s LDAP_P((
1332 	LDAP			*ld,
1333 	LDAP_CONST char	*dn,
1334 	LDAPControl		**serverctrls,
1335 	LDAPControl		**clientctrls ));
1336 
1337 #if LDAP_DEPRECATED
1338 LDAP_F( int )
1339 ldap_delete LDAP_P((	/* deprecated, use ldap_delete_ext */
1340 	LDAP *ld,
1341 	LDAP_CONST char *dn ));
1342 
1343 LDAP_F( int )
1344 ldap_delete_s LDAP_P((	/* deprecated, use ldap_delete_ext_s */
1345 	LDAP *ld,
1346 	LDAP_CONST char *dn ));
1347 #endif
1348 
1349 
1350 /*
1351  * in error.c:
1352  */
1353 LDAP_F( int )
1354 ldap_parse_result LDAP_P((
1355 	LDAP			*ld,
1356 	LDAPMessage		*res,
1357 	int				*errcodep,
1358 	char			**matcheddnp,
1359 	char			**errmsgp,
1360 	char			***referralsp,
1361 	LDAPControl		***serverctrls,
1362 	int				freeit ));
1363 
1364 LDAP_F( char * )
1365 ldap_err2string LDAP_P((
1366 	int err ));
1367 
1368 #if LDAP_DEPRECATED
1369 LDAP_F( int )
1370 ldap_result2error LDAP_P((	/* deprecated, use ldap_parse_result */
1371 	LDAP *ld,
1372 	LDAPMessage *r,
1373 	int freeit ));
1374 
1375 LDAP_F( void )
1376 ldap_perror LDAP_P((	/* deprecated, use ldap_err2string */
1377 	LDAP *ld,
1378 	LDAP_CONST char *s ));
1379 #endif
1380 
1381 
1382 /*
1383  * gssapi.c:
1384  */
1385 LDAP_F( int )
1386 ldap_gssapi_bind LDAP_P((
1387 	LDAP *ld,
1388 	LDAP_CONST char *dn,
1389 	LDAP_CONST char *creds ));
1390 
1391 LDAP_F( int )
1392 ldap_gssapi_bind_s LDAP_P((
1393 	LDAP *ld,
1394 	LDAP_CONST char *dn,
1395 	LDAP_CONST char *creds ));
1396 
1397 
1398 /*
1399  * in modify.c:
1400  */
1401 LDAP_F( int )
1402 ldap_modify_ext LDAP_P((
1403 	LDAP			*ld,
1404 	LDAP_CONST char	*dn,
1405 	LDAPMod			**mods,
1406 	LDAPControl		**serverctrls,
1407 	LDAPControl		**clientctrls,
1408 	int 			*msgidp ));
1409 
1410 LDAP_F( int )
1411 ldap_modify_ext_s LDAP_P((
1412 	LDAP			*ld,
1413 	LDAP_CONST char	*dn,
1414 	LDAPMod			**mods,
1415 	LDAPControl		**serverctrls,
1416 	LDAPControl		**clientctrls ));
1417 
1418 #if LDAP_DEPRECATED
1419 LDAP_F( int )
1420 ldap_modify LDAP_P((	/* deprecated, use ldap_modify_ext */
1421 	LDAP *ld,
1422 	LDAP_CONST char *dn,
1423 	LDAPMod **mods ));
1424 
1425 LDAP_F( int )
1426 ldap_modify_s LDAP_P((	/* deprecated, use ldap_modify_ext_s */
1427 	LDAP *ld,
1428 	LDAP_CONST char *dn,
1429 	LDAPMod **mods ));
1430 #endif
1431 
1432 
1433 /*
1434  * in modrdn.c:
1435  */
1436 LDAP_F( int )
1437 ldap_rename LDAP_P((
1438 	LDAP *ld,
1439 	LDAP_CONST char *dn,
1440 	LDAP_CONST char *newrdn,
1441 	LDAP_CONST char *newSuperior,
1442 	int deleteoldrdn,
1443 	LDAPControl **sctrls,
1444 	LDAPControl **cctrls,
1445 	int *msgidp ));
1446 
1447 LDAP_F( int )
1448 ldap_rename_s LDAP_P((
1449 	LDAP *ld,
1450 	LDAP_CONST char *dn,
1451 	LDAP_CONST char *newrdn,
1452 	LDAP_CONST char *newSuperior,
1453 	int deleteoldrdn,
1454 	LDAPControl **sctrls,
1455 	LDAPControl **cctrls ));
1456 
1457 #if LDAP_DEPRECATED
1458 LDAP_F( int )
1459 ldap_rename2 LDAP_P((	/* deprecated, use ldap_rename */
1460 	LDAP *ld,
1461 	LDAP_CONST char *dn,
1462 	LDAP_CONST char *newrdn,
1463 	LDAP_CONST char *newSuperior,
1464 	int deleteoldrdn ));
1465 
1466 LDAP_F( int )
1467 ldap_rename2_s LDAP_P((	/* deprecated, use ldap_rename_s */
1468 	LDAP *ld,
1469 	LDAP_CONST char *dn,
1470 	LDAP_CONST char *newrdn,
1471 	LDAP_CONST char *newSuperior,
1472 	int deleteoldrdn ));
1473 
1474 LDAP_F( int )
1475 ldap_modrdn LDAP_P((	/* deprecated, use ldap_rename */
1476 	LDAP *ld,
1477 	LDAP_CONST char *dn,
1478 	LDAP_CONST char *newrdn ));
1479 
1480 LDAP_F( int )
1481 ldap_modrdn_s LDAP_P((	/* deprecated, use ldap_rename_s */
1482 	LDAP *ld,
1483 	LDAP_CONST char *dn,
1484 	LDAP_CONST char *newrdn ));
1485 
1486 LDAP_F( int )
1487 ldap_modrdn2 LDAP_P((	/* deprecated, use ldap_rename */
1488 	LDAP *ld,
1489 	LDAP_CONST char *dn,
1490 	LDAP_CONST char *newrdn,
1491 	int deleteoldrdn ));
1492 
1493 LDAP_F( int )
1494 ldap_modrdn2_s LDAP_P((	/* deprecated, use ldap_rename_s */
1495 	LDAP *ld,
1496 	LDAP_CONST char *dn,
1497 	LDAP_CONST char *newrdn,
1498 	int deleteoldrdn));
1499 #endif
1500 
1501 
1502 /*
1503  * in open.c:
1504  */
1505 #if LDAP_DEPRECATED
1506 LDAP_F( LDAP * )
1507 ldap_init LDAP_P(( /* deprecated, use ldap_create or ldap_initialize */
1508 	LDAP_CONST char *host,
1509 	int port ));
1510 
1511 LDAP_F( LDAP * )
1512 ldap_open LDAP_P((	/* deprecated, use ldap_create or ldap_initialize */
1513 	LDAP_CONST char *host,
1514 	int port ));
1515 #endif
1516 
1517 LDAP_F( int )
1518 ldap_create LDAP_P((
1519 	LDAP **ldp ));
1520 
1521 LDAP_F( int )
1522 ldap_initialize LDAP_P((
1523 	LDAP **ldp,
1524 	LDAP_CONST char *url ));
1525 
1526 LDAP_F( LDAP * )
1527 ldap_dup LDAP_P((
1528 	LDAP *old ));
1529 
1530 /*
1531  * in tls.c
1532  */
1533 
1534 LDAP_F( int )
1535 ldap_tls_inplace LDAP_P((
1536 	LDAP *ld ));
1537 
1538 LDAP_F( int )
1539 ldap_start_tls LDAP_P((
1540 	LDAP *ld,
1541 	LDAPControl **serverctrls,
1542 	LDAPControl **clientctrls,
1543 	int *msgidp ));
1544 
1545 LDAP_F( int )
1546 ldap_install_tls LDAP_P((
1547 	LDAP *ld ));
1548 
1549 LDAP_F( int )
1550 ldap_start_tls_s LDAP_P((
1551 	LDAP *ld,
1552 	LDAPControl **serverctrls,
1553 	LDAPControl **clientctrls ));
1554 
1555 /*
1556  * in messages.c:
1557  */
1558 LDAP_F( LDAPMessage * )
1559 ldap_first_message LDAP_P((
1560 	LDAP *ld,
1561 	LDAPMessage *chain ));
1562 
1563 LDAP_F( LDAPMessage * )
1564 ldap_next_message LDAP_P((
1565 	LDAP *ld,
1566 	LDAPMessage *msg ));
1567 
1568 LDAP_F( int )
1569 ldap_count_messages LDAP_P((
1570 	LDAP *ld,
1571 	LDAPMessage *chain ));
1572 
1573 /*
1574  * in references.c:
1575  */
1576 LDAP_F( LDAPMessage * )
1577 ldap_first_reference LDAP_P((
1578 	LDAP *ld,
1579 	LDAPMessage *chain ));
1580 
1581 LDAP_F( LDAPMessage * )
1582 ldap_next_reference LDAP_P((
1583 	LDAP *ld,
1584 	LDAPMessage *ref ));
1585 
1586 LDAP_F( int )
1587 ldap_count_references LDAP_P((
1588 	LDAP *ld,
1589 	LDAPMessage *chain ));
1590 
1591 LDAP_F( int )
1592 ldap_parse_reference LDAP_P((
1593 	LDAP			*ld,
1594 	LDAPMessage		*ref,
1595 	char			***referralsp,
1596 	LDAPControl		***serverctrls,
1597 	int				freeit));
1598 
1599 
1600 /*
1601  * in getentry.c:
1602  */
1603 LDAP_F( LDAPMessage * )
1604 ldap_first_entry LDAP_P((
1605 	LDAP *ld,
1606 	LDAPMessage *chain ));
1607 
1608 LDAP_F( LDAPMessage * )
1609 ldap_next_entry LDAP_P((
1610 	LDAP *ld,
1611 	LDAPMessage *entry ));
1612 
1613 LDAP_F( int )
1614 ldap_count_entries LDAP_P((
1615 	LDAP *ld,
1616 	LDAPMessage *chain ));
1617 
1618 LDAP_F( int )
1619 ldap_get_entry_controls LDAP_P((
1620 	LDAP			*ld,
1621 	LDAPMessage		*entry,
1622 	LDAPControl		***serverctrls));
1623 
1624 
1625 /*
1626  * in addentry.c
1627  */
1628 LDAP_F( LDAPMessage * )
1629 ldap_delete_result_entry LDAP_P((
1630 	LDAPMessage **list,
1631 	LDAPMessage *e ));
1632 
1633 LDAP_F( void )
1634 ldap_add_result_entry LDAP_P((
1635 	LDAPMessage **list,
1636 	LDAPMessage *e ));
1637 
1638 
1639 /*
1640  * in getdn.c
1641  */
1642 LDAP_F( char * )
1643 ldap_get_dn LDAP_P((
1644 	LDAP *ld,
1645 	LDAPMessage *entry ));
1646 
1647 typedef struct ldap_ava {
1648 	struct berval la_attr;
1649 	struct berval la_value;
1650 	unsigned la_flags;
1651 #define LDAP_AVA_NULL				0x0000U
1652 #define LDAP_AVA_STRING				0x0001U
1653 #define LDAP_AVA_BINARY				0x0002U
1654 #define LDAP_AVA_NONPRINTABLE		0x0004U
1655 #define LDAP_AVA_FREE_ATTR			0x0010U
1656 #define LDAP_AVA_FREE_VALUE			0x0020U
1657 
1658 	void *la_private;
1659 } LDAPAVA;
1660 
1661 typedef LDAPAVA** LDAPRDN;
1662 typedef LDAPRDN* LDAPDN;
1663 
1664 /* DN formats */
1665 #define LDAP_DN_FORMAT_LDAP			0x0000U
1666 #define LDAP_DN_FORMAT_LDAPV3		0x0010U
1667 #define LDAP_DN_FORMAT_LDAPV2		0x0020U
1668 #define LDAP_DN_FORMAT_DCE			0x0030U
1669 #define LDAP_DN_FORMAT_UFN			0x0040U	/* dn2str only */
1670 #define LDAP_DN_FORMAT_AD_CANONICAL	0x0050U	/* dn2str only */
1671 #define LDAP_DN_FORMAT_LBER			0x00F0U /* for testing only */
1672 #define LDAP_DN_FORMAT_MASK			0x00F0U
1673 
1674 /* DN flags */
1675 #define LDAP_DN_PRETTY				0x0100U
1676 #define LDAP_DN_SKIP				0x0200U
1677 #define LDAP_DN_P_NOLEADTRAILSPACES	0x1000U
1678 #define LDAP_DN_P_NOSPACEAFTERRDN	0x2000U
1679 #define LDAP_DN_PEDANTIC			0xF000U
1680 
1681 LDAP_F( void ) ldap_rdnfree LDAP_P(( LDAPRDN rdn ));
1682 LDAP_F( void ) ldap_dnfree LDAP_P(( LDAPDN dn ));
1683 
1684 LDAP_F( int )
1685 ldap_bv2dn LDAP_P((
1686 	struct berval *bv,
1687 	LDAPDN *dn,
1688 	unsigned flags ));
1689 
1690 LDAP_F( int )
1691 ldap_str2dn LDAP_P((
1692 	LDAP_CONST char *str,
1693 	LDAPDN *dn,
1694 	unsigned flags ));
1695 
1696 LDAP_F( int )
1697 ldap_dn2bv LDAP_P((
1698 	LDAPDN dn,
1699 	struct berval *bv,
1700 	unsigned flags ));
1701 
1702 LDAP_F( int )
1703 ldap_dn2str LDAP_P((
1704 	LDAPDN dn,
1705 	char **str,
1706 	unsigned flags ));
1707 
1708 LDAP_F( int )
1709 ldap_bv2rdn LDAP_P((
1710 	struct berval *bv,
1711 	LDAPRDN *rdn,
1712 	char **next,
1713 	unsigned flags ));
1714 
1715 LDAP_F( int )
1716 ldap_str2rdn LDAP_P((
1717 	LDAP_CONST char *str,
1718 	LDAPRDN *rdn,
1719 	char **next,
1720 	unsigned flags ));
1721 
1722 LDAP_F( int )
1723 ldap_rdn2bv LDAP_P((
1724 	LDAPRDN rdn,
1725 	struct berval *bv,
1726 	unsigned flags ));
1727 
1728 LDAP_F( int )
1729 ldap_rdn2str LDAP_P((
1730 	LDAPRDN rdn,
1731 	char **str,
1732 	unsigned flags ));
1733 
1734 LDAP_F( int )
1735 ldap_dn_normalize LDAP_P((
1736 	LDAP_CONST char *in, unsigned iflags,
1737 	char **out, unsigned oflags ));
1738 
1739 LDAP_F( char * )
1740 ldap_dn2ufn LDAP_P(( /* deprecated, use ldap_str2dn/dn2str */
1741 	LDAP_CONST char *dn ));
1742 
1743 LDAP_F( char ** )
1744 ldap_explode_dn LDAP_P(( /* deprecated, ldap_str2dn */
1745 	LDAP_CONST char *dn,
1746 	int notypes ));
1747 
1748 LDAP_F( char ** )
1749 ldap_explode_rdn LDAP_P(( /* deprecated, ldap_str2rdn */
1750 	LDAP_CONST char *rdn,
1751 	int notypes ));
1752 
1753 typedef int LDAPDN_rewrite_func
1754 	LDAP_P(( LDAPDN dn, unsigned flags, void *ctx ));
1755 
1756 LDAP_F( int )
1757 ldap_X509dn2bv LDAP_P(( void *x509_name, struct berval *dn,
1758 	LDAPDN_rewrite_func *func, unsigned flags ));
1759 
1760 LDAP_F( char * )
1761 ldap_dn2dcedn LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
1762 	LDAP_CONST char *dn ));
1763 
1764 LDAP_F( char * )
1765 ldap_dcedn2dn LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
1766 	LDAP_CONST char *dce ));
1767 
1768 LDAP_F( char * )
1769 ldap_dn2ad_canonical LDAP_P(( /* deprecated, ldap_str2dn/dn2str */
1770 	LDAP_CONST char *dn ));
1771 
1772 LDAP_F( int )
1773 ldap_get_dn_ber LDAP_P((
1774 	LDAP *ld, LDAPMessage *e, BerElement **berout, struct berval *dn ));
1775 
1776 LDAP_F( int )
1777 ldap_get_attribute_ber LDAP_P((
1778 	LDAP *ld, LDAPMessage *e, BerElement *ber, struct berval *attr,
1779 	struct berval **vals ));
1780 
1781 /*
1782  * in getattr.c
1783  */
1784 LDAP_F( char * )
1785 ldap_first_attribute LDAP_P((
1786 	LDAP *ld,
1787 	LDAPMessage *entry,
1788 	BerElement **ber ));
1789 
1790 LDAP_F( char * )
1791 ldap_next_attribute LDAP_P((
1792 	LDAP *ld,
1793 	LDAPMessage *entry,
1794 	BerElement *ber ));
1795 
1796 
1797 /*
1798  * in getvalues.c
1799  */
1800 LDAP_F( struct berval ** )
1801 ldap_get_values_len LDAP_P((
1802 	LDAP *ld,
1803 	LDAPMessage *entry,
1804 	LDAP_CONST char *target ));
1805 
1806 LDAP_F( int )
1807 ldap_count_values_len LDAP_P((
1808 	struct berval **vals ));
1809 
1810 LDAP_F( void )
1811 ldap_value_free_len LDAP_P((
1812 	struct berval **vals ));
1813 
1814 #if LDAP_DEPRECATED
1815 LDAP_F( char ** )
1816 ldap_get_values LDAP_P((	/* deprecated, use ldap_get_values_len */
1817 	LDAP *ld,
1818 	LDAPMessage *entry,
1819 	LDAP_CONST char *target ));
1820 
1821 LDAP_F( int )
1822 ldap_count_values LDAP_P((	/* deprecated, use ldap_count_values_len */
1823 	char **vals ));
1824 
1825 LDAP_F( void )
1826 ldap_value_free LDAP_P((	/* deprecated, use ldap_value_free_len */
1827 	char **vals ));
1828 #endif
1829 
1830 /*
1831  * in result.c:
1832  */
1833 LDAP_F( int )
1834 ldap_result LDAP_P((
1835 	LDAP *ld,
1836 	int msgid,
1837 	int all,
1838 	struct timeval *timeout,
1839 	LDAPMessage **result ));
1840 
1841 LDAP_F( int )
1842 ldap_msgtype LDAP_P((
1843 	LDAPMessage *lm ));
1844 
1845 LDAP_F( int )
1846 ldap_msgid   LDAP_P((
1847 	LDAPMessage *lm ));
1848 
1849 LDAP_F( int )
1850 ldap_msgfree LDAP_P((
1851 	LDAPMessage *lm ));
1852 
1853 LDAP_F( int )
1854 ldap_msgdelete LDAP_P((
1855 	LDAP *ld,
1856 	int msgid ));
1857 
1858 
1859 /*
1860  * in search.c:
1861  */
1862 LDAP_F( int )
1863 ldap_bv2escaped_filter_value LDAP_P((
1864 	struct berval *in,
1865 	struct berval *out ));
1866 
1867 LDAP_F( int )
1868 ldap_search_ext LDAP_P((
1869 	LDAP			*ld,
1870 	LDAP_CONST char	*base,
1871 	int				scope,
1872 	LDAP_CONST char	*filter,
1873 	char			**attrs,
1874 	int				attrsonly,
1875 	LDAPControl		**serverctrls,
1876 	LDAPControl		**clientctrls,
1877 	struct timeval	*timeout,
1878 	int				sizelimit,
1879 	int				*msgidp ));
1880 
1881 LDAP_F( int )
1882 ldap_search_ext_s LDAP_P((
1883 	LDAP			*ld,
1884 	LDAP_CONST char	*base,
1885 	int				scope,
1886 	LDAP_CONST char	*filter,
1887 	char			**attrs,
1888 	int				attrsonly,
1889 	LDAPControl		**serverctrls,
1890 	LDAPControl		**clientctrls,
1891 	struct timeval	*timeout,
1892 	int				sizelimit,
1893 	LDAPMessage		**res ));
1894 
1895 #if LDAP_DEPRECATED
1896 LDAP_F( int )
1897 ldap_search LDAP_P((	/* deprecated, use ldap_search_ext */
1898 	LDAP *ld,
1899 	LDAP_CONST char *base,
1900 	int scope,
1901 	LDAP_CONST char *filter,
1902 	char **attrs,
1903 	int attrsonly ));
1904 
1905 LDAP_F( int )
1906 ldap_search_s LDAP_P((	/* deprecated, use ldap_search_ext_s */
1907 	LDAP *ld,
1908 	LDAP_CONST char *base,
1909 	int scope,
1910 	LDAP_CONST char *filter,
1911 	char **attrs,
1912 	int attrsonly,
1913 	LDAPMessage **res ));
1914 
1915 LDAP_F( int )
1916 ldap_search_st LDAP_P((	/* deprecated, use ldap_search_ext_s */
1917 	LDAP *ld,
1918 	LDAP_CONST char *base,
1919 	int scope,
1920 	LDAP_CONST char *filter,
1921     char **attrs,
1922 	int attrsonly,
1923 	struct timeval *timeout,
1924 	LDAPMessage **res ));
1925 #endif
1926 
1927 /*
1928  * in unbind.c
1929  */
1930 LDAP_F( int )
1931 ldap_unbind_ext LDAP_P((
1932 	LDAP			*ld,
1933 	LDAPControl		**serverctrls,
1934 	LDAPControl		**clientctrls));
1935 
1936 LDAP_F( int )
1937 ldap_unbind_ext_s LDAP_P((
1938 	LDAP			*ld,
1939 	LDAPControl		**serverctrls,
1940 	LDAPControl		**clientctrls));
1941 
1942 LDAP_F( int )
1943 ldap_destroy LDAP_P((
1944 	LDAP			*ld));
1945 
1946 #if LDAP_DEPRECATED
1947 LDAP_F( int )
1948 ldap_unbind LDAP_P(( /* deprecated, use ldap_unbind_ext */
1949 	LDAP *ld ));
1950 
1951 LDAP_F( int )
1952 ldap_unbind_s LDAP_P(( /* deprecated, use ldap_unbind_ext_s */
1953 	LDAP *ld ));
1954 #endif
1955 
1956 /*
1957  * in filter.c
1958  */
1959 LDAP_F( int )
1960 ldap_put_vrFilter LDAP_P((
1961 	BerElement *ber,
1962 	const char *vrf ));
1963 
1964 /*
1965  * in free.c
1966  */
1967 
1968 LDAP_F( void * )
1969 ldap_memalloc LDAP_P((
1970 	ber_len_t s ));
1971 
1972 LDAP_F( void * )
1973 ldap_memrealloc LDAP_P((
1974 	void* p,
1975 	ber_len_t s ));
1976 
1977 LDAP_F( void * )
1978 ldap_memcalloc LDAP_P((
1979 	ber_len_t n,
1980 	ber_len_t s ));
1981 
1982 LDAP_F( void )
1983 ldap_memfree LDAP_P((
1984 	void* p ));
1985 
1986 LDAP_F( void )
1987 ldap_memvfree LDAP_P((
1988 	void** v ));
1989 
1990 LDAP_F( char * )
1991 ldap_strdup LDAP_P((
1992 	LDAP_CONST char * ));
1993 
1994 LDAP_F( void )
1995 ldap_mods_free LDAP_P((
1996 	LDAPMod **mods,
1997 	int freemods ));
1998 
1999 
2000 #if LDAP_DEPRECATED
2001 /*
2002  * in sort.c (deprecated, use custom code instead)
2003  */
2004 typedef int (LDAP_SORT_AD_CMP_PROC) LDAP_P(( /* deprecated */
2005 	LDAP_CONST char *left,
2006 	LDAP_CONST char *right ));
2007 
2008 typedef int (LDAP_SORT_AV_CMP_PROC) LDAP_P(( /* deprecated */
2009 	LDAP_CONST void *left,
2010 	LDAP_CONST void *right ));
2011 
2012 LDAP_F( int )	/* deprecated */
2013 ldap_sort_entries LDAP_P(( LDAP *ld,
2014 	LDAPMessage **chain,
2015 	LDAP_CONST char *attr,
2016 	LDAP_SORT_AD_CMP_PROC *cmp ));
2017 
2018 LDAP_F( int )	/* deprecated */
2019 ldap_sort_values LDAP_P((
2020 	LDAP *ld,
2021 	char **vals,
2022 	LDAP_SORT_AV_CMP_PROC *cmp ));
2023 
2024 LDAP_F( int ) /* deprecated */
2025 ldap_sort_strcasecmp LDAP_P((
2026 	LDAP_CONST void *a,
2027 	LDAP_CONST void *b ));
2028 #endif
2029 
2030 /*
2031  * in url.c
2032  */
2033 LDAP_F( int )
2034 ldap_is_ldap_url LDAP_P((
2035 	LDAP_CONST char *url ));
2036 
2037 LDAP_F( int )
2038 ldap_is_ldaps_url LDAP_P((
2039 	LDAP_CONST char *url ));
2040 
2041 LDAP_F( int )
2042 ldap_is_ldapi_url LDAP_P((
2043 	LDAP_CONST char *url ));
2044 
2045 LDAP_F( int )
2046 ldap_url_parse LDAP_P((
2047 	LDAP_CONST char *url,
2048 	LDAPURLDesc **ludpp ));
2049 
2050 LDAP_F( char * )
2051 ldap_url_desc2str LDAP_P((
2052 	LDAPURLDesc *ludp ));
2053 
2054 LDAP_F( void )
2055 ldap_free_urldesc LDAP_P((
2056 	LDAPURLDesc *ludp ));
2057 
2058 
2059 /*
2060  * LDAP Cancel Extended Operation <draft-zeilenga-ldap-cancel-xx.txt>
2061  *  in cancel.c
2062  */
2063 #define LDAP_API_FEATURE_CANCEL 1000
2064 
2065 LDAP_F( int )
2066 ldap_cancel LDAP_P(( LDAP *ld,
2067 	int cancelid,
2068 	LDAPControl		**sctrls,
2069 	LDAPControl		**cctrls,
2070 	int				*msgidp ));
2071 
2072 LDAP_F( int )
2073 ldap_cancel_s LDAP_P(( LDAP *ld,
2074 	int cancelid,
2075 	LDAPControl **sctrl,
2076 	LDAPControl **cctrl ));
2077 
2078 /*
2079  * LDAP Turn Extended Operation <draft-zeilenga-ldap-turn-xx.txt>
2080  *  in turn.c
2081  */
2082 #define LDAP_API_FEATURE_TURN 1000
2083 
2084 LDAP_F( int )
2085 ldap_turn LDAP_P(( LDAP *ld,
2086 	int mutual,
2087 	LDAP_CONST char* identifier,
2088 	LDAPControl		**sctrls,
2089 	LDAPControl		**cctrls,
2090 	int				*msgidp ));
2091 
2092 LDAP_F( int )
2093 ldap_turn_s LDAP_P(( LDAP *ld,
2094 	int mutual,
2095 	LDAP_CONST char* identifier,
2096 	LDAPControl **sctrl,
2097 	LDAPControl **cctrl ));
2098 
2099 /*
2100  * LDAP Paged Results
2101  *	in pagectrl.c
2102  */
2103 #define LDAP_API_FEATURE_PAGED_RESULTS 2000
2104 
2105 LDAP_F( int )
2106 ldap_create_page_control_value LDAP_P((
2107 	LDAP *ld,
2108 	ber_int_t pagesize,
2109 	struct berval *cookie,
2110 	struct berval *value ));
2111 
2112 LDAP_F( int )
2113 ldap_create_page_control LDAP_P((
2114 	LDAP *ld,
2115 	ber_int_t pagesize,
2116 	struct berval *cookie,
2117 	int iscritical,
2118 	LDAPControl **ctrlp ));
2119 
2120 #if LDAP_DEPRECATED
2121 LDAP_F( int )
2122 ldap_parse_page_control LDAP_P((
2123 	/* deprecated, use ldap_parse_pageresponse_control */
2124 	LDAP *ld,
2125 	LDAPControl **ctrls,
2126 	ber_int_t *count,
2127 	struct berval **cookie ));
2128 #endif
2129 
2130 LDAP_F( int )
2131 ldap_parse_pageresponse_control LDAP_P((
2132 	LDAP *ld,
2133 	LDAPControl *ctrl,
2134 	ber_int_t *count,
2135 	struct berval *cookie ));
2136 
2137 /*
2138  * LDAP Server Side Sort
2139  *	in sortctrl.c
2140  */
2141 #define LDAP_API_FEATURE_SERVER_SIDE_SORT 2000
2142 
2143 /* structure for a sort-key */
2144 typedef struct ldapsortkey {
2145 	char *attributeType;
2146 	char *orderingRule;
2147 	int reverseOrder;
2148 } LDAPSortKey;
2149 
2150 LDAP_F( int )
2151 ldap_create_sort_keylist LDAP_P((
2152 	LDAPSortKey ***sortKeyList,
2153 	char *keyString ));
2154 
2155 LDAP_F( void )
2156 ldap_free_sort_keylist LDAP_P((
2157 	LDAPSortKey **sortkeylist ));
2158 
2159 LDAP_F( int )
2160 ldap_create_sort_control_value LDAP_P((
2161 	LDAP *ld,
2162 	LDAPSortKey **keyList,
2163 	struct berval *value ));
2164 
2165 LDAP_F( int )
2166 ldap_create_sort_control LDAP_P((
2167 	LDAP *ld,
2168 	LDAPSortKey **keyList,
2169 	int iscritical,
2170 	LDAPControl **ctrlp ));
2171 
2172 LDAP_F( int )
2173 ldap_parse_sortresponse_control LDAP_P((
2174 	LDAP *ld,
2175 	LDAPControl *ctrl,
2176 	ber_int_t *result,
2177 	char **attribute ));
2178 
2179 /*
2180  * LDAP Virtual List View
2181  *	in vlvctrl.c
2182  */
2183 #define LDAP_API_FEATURE_VIRTUAL_LIST_VIEW 2000
2184 
2185 /* structure for virtual list */
2186 typedef struct ldapvlvinfo {
2187 	ber_int_t ldvlv_version;
2188     ber_int_t ldvlv_before_count;
2189     ber_int_t ldvlv_after_count;
2190     ber_int_t ldvlv_offset;
2191     ber_int_t ldvlv_count;
2192     struct berval *	ldvlv_attrvalue;
2193     struct berval *	ldvlv_context;
2194     void *			ldvlv_extradata;
2195 } LDAPVLVInfo;
2196 
2197 LDAP_F( int )
2198 ldap_create_vlv_control_value LDAP_P((
2199 	LDAP *ld,
2200 	LDAPVLVInfo *ldvlistp,
2201 	struct berval *value));
2202 
2203 LDAP_F( int )
2204 ldap_create_vlv_control LDAP_P((
2205 	LDAP *ld,
2206 	LDAPVLVInfo *ldvlistp,
2207 	LDAPControl **ctrlp ));
2208 
2209 LDAP_F( int )
2210 ldap_parse_vlvresponse_control LDAP_P((
2211 	LDAP          *ld,
2212 	LDAPControl   *ctrls,
2213 	ber_int_t *target_posp,
2214 	ber_int_t *list_countp,
2215 	struct berval **contextp,
2216 	int           *errcodep ));
2217 
2218 /*
2219  * LDAP Who Am I?
2220  *	in whoami.c
2221  */
2222 #define LDAP_API_FEATURE_WHOAMI 1000
2223 
2224 LDAP_F( int )
2225 ldap_parse_whoami LDAP_P((
2226 	LDAP *ld,
2227 	LDAPMessage *res,
2228 	struct berval **authzid ));
2229 
2230 LDAP_F( int )
2231 ldap_whoami LDAP_P(( LDAP *ld,
2232 	LDAPControl		**sctrls,
2233 	LDAPControl		**cctrls,
2234 	int				*msgidp ));
2235 
2236 LDAP_F( int )
2237 ldap_whoami_s LDAP_P((
2238 	LDAP *ld,
2239 	struct berval **authzid,
2240 	LDAPControl **sctrls,
2241 	LDAPControl **cctrls ));
2242 
2243 /*
2244  * LDAP Password Modify
2245  *	in passwd.c
2246  */
2247 #define LDAP_API_FEATURE_PASSWD_MODIFY 1000
2248 
2249 LDAP_F( int )
2250 ldap_parse_passwd LDAP_P((
2251 	LDAP *ld,
2252 	LDAPMessage *res,
2253 	struct berval *newpasswd ));
2254 
2255 LDAP_F( int )
2256 ldap_passwd LDAP_P(( LDAP *ld,
2257 	struct berval	*user,
2258 	struct berval	*oldpw,
2259 	struct berval	*newpw,
2260 	LDAPControl		**sctrls,
2261 	LDAPControl		**cctrls,
2262 	int				*msgidp ));
2263 
2264 LDAP_F( int )
2265 ldap_passwd_s LDAP_P((
2266 	LDAP *ld,
2267 	struct berval	*user,
2268 	struct berval	*oldpw,
2269 	struct berval	*newpw,
2270 	struct berval *newpasswd,
2271 	LDAPControl **sctrls,
2272 	LDAPControl **cctrls ));
2273 
2274 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
2275 /*
2276  * LDAP Password Policy controls
2277  *	in ppolicy.c
2278  */
2279 #define LDAP_API_FEATURE_PASSWORD_POLICY 1000
2280 
2281 typedef enum passpolicyerror_enum {
2282        PP_passwordExpired = 0,
2283        PP_accountLocked = 1,
2284        PP_changeAfterReset = 2,
2285        PP_passwordModNotAllowed = 3,
2286        PP_mustSupplyOldPassword = 4,
2287        PP_insufficientPasswordQuality = 5,
2288        PP_passwordTooShort = 6,
2289        PP_passwordTooYoung = 7,
2290        PP_passwordInHistory = 8,
2291        PP_noError = 65535
2292 } LDAPPasswordPolicyError;
2293 
2294 LDAP_F( int )
2295 ldap_create_passwordpolicy_control LDAP_P((
2296         LDAP *ld,
2297         LDAPControl **ctrlp ));
2298 
2299 LDAP_F( int )
2300 ldap_parse_passwordpolicy_control LDAP_P((
2301         LDAP *ld,
2302         LDAPControl *ctrl,
2303         ber_int_t *expirep,
2304         ber_int_t *gracep,
2305         LDAPPasswordPolicyError *errorp ));
2306 
2307 LDAP_F( const char * )
2308 ldap_passwordpolicy_err2txt LDAP_P(( LDAPPasswordPolicyError ));
2309 #endif /* LDAP_CONTROL_PASSWORDPOLICYREQUEST */
2310 
2311 /*
2312  * LDAP Dynamic Directory Services Refresh -- RFC 2589
2313  *	in dds.c
2314  */
2315 #define LDAP_API_FEATURE_REFRESH 1000
2316 
2317 LDAP_F( int )
2318 ldap_parse_refresh LDAP_P((
2319 	LDAP *ld,
2320 	LDAPMessage *res,
2321 	ber_int_t *newttl ));
2322 
2323 LDAP_F( int )
2324 ldap_refresh LDAP_P(( LDAP *ld,
2325 	struct berval	*dn,
2326 	ber_int_t ttl,
2327 	LDAPControl		**sctrls,
2328 	LDAPControl		**cctrls,
2329 	int				*msgidp ));
2330 
2331 LDAP_F( int )
2332 ldap_refresh_s LDAP_P((
2333 	LDAP *ld,
2334 	struct berval	*dn,
2335 	ber_int_t ttl,
2336 	ber_int_t *newttl,
2337 	LDAPControl **sctrls,
2338 	LDAPControl **cctrls ));
2339 
2340 /*
2341  * LDAP Transactions
2342  */
2343 #ifdef LDAP_X_TXN
2344 LDAP_F( int )
2345 ldap_txn_start LDAP_P(( LDAP *ld,
2346 	LDAPControl		**sctrls,
2347 	LDAPControl		**cctrls,
2348 	int				*msgidp ));
2349 
2350 LDAP_F( int )
2351 ldap_txn_start_s LDAP_P(( LDAP *ld,
2352 	LDAPControl **sctrl,
2353 	LDAPControl **cctrl,
2354 	struct berval **rettxnid ));
2355 
2356 LDAP_F( int )
2357 ldap_txn_end LDAP_P(( LDAP *ld,
2358 	int	commit,
2359 	struct berval	*txnid,
2360 	LDAPControl		**sctrls,
2361 	LDAPControl		**cctrls,
2362 	int				*msgidp ));
2363 
2364 LDAP_F( int )
2365 ldap_txn_end_s LDAP_P(( LDAP *ld,
2366 	int	commit,
2367 	struct berval *txnid,
2368 	LDAPControl **sctrl,
2369 	LDAPControl **cctrl,
2370 	int *retidp ));
2371 #endif
2372 
2373 /*
2374  * in ldap_sync.c
2375  */
2376 
2377 /*
2378  * initialize the persistent search structure
2379  */
2380 LDAP_F( ldap_sync_t * )
2381 ldap_sync_initialize LDAP_P((
2382 	ldap_sync_t	*ls ));
2383 
2384 /*
2385  * destroy the persistent search structure
2386  */
2387 LDAP_F( void )
2388 ldap_sync_destroy LDAP_P((
2389 	ldap_sync_t	*ls,
2390 	int		freeit ));
2391 
2392 /*
2393  * initialize a refreshOnly sync
2394  */
2395 LDAP_F( int )
2396 ldap_sync_init LDAP_P((
2397 	ldap_sync_t	*ls,
2398 	int		mode ));
2399 
2400 /*
2401  * initialize a refreshOnly sync
2402  */
2403 LDAP_F( int )
2404 ldap_sync_init_refresh_only LDAP_P((
2405 	ldap_sync_t	*ls ));
2406 
2407 /*
2408  * initialize a refreshAndPersist sync
2409  */
2410 LDAP_F( int )
2411 ldap_sync_init_refresh_and_persist LDAP_P((
2412 	ldap_sync_t	*ls ));
2413 
2414 /*
2415  * poll for new responses
2416  */
2417 LDAP_F( int )
2418 ldap_sync_poll LDAP_P((
2419 	ldap_sync_t	*ls ));
2420 
2421 #ifdef LDAP_CONTROL_X_SESSION_TRACKING
2422 
2423 /*
2424  * in stctrl.c
2425  */
2426 LDAP_F( int )
2427 ldap_create_session_tracking_value LDAP_P((
2428 	LDAP		*ld,
2429 	char		*sessionSourceIp,
2430 	char		*sessionSourceName,
2431 	char		*formatOID,
2432 	struct berval	*sessionTrackingIdentifier,
2433 	struct berval	*value ));
2434 
2435 LDAP_F( int )
2436 ldap_create_session_tracking_control LDAP_P((
2437 	LDAP		*ld,
2438 	char		*sessionSourceIp,
2439 	char		*sessionSourceName,
2440 	char		*formatOID,
2441 	struct berval	*sessionTrackingIdentifier,
2442 	LDAPControl	**ctrlp ));
2443 
2444 LDAP_F( int )
2445 ldap_parse_session_tracking_control LDAP_P((
2446 	LDAP *ld,
2447 	LDAPControl *ctrl,
2448 	struct berval *ip,
2449 	struct berval *name,
2450 	struct berval *oid,
2451 	struct berval *id ));
2452 
2453 #endif /* LDAP_CONTROL_X_SESSION_TRACKING */
2454 
2455 /*
2456  * in assertion.c
2457  */
2458 LDAP_F (int)
2459 ldap_create_assertion_control_value LDAP_P((
2460 	LDAP		*ld,
2461 	char		*assertion,
2462 	struct berval	*value ));
2463 
2464 LDAP_F( int )
2465 ldap_create_assertion_control LDAP_P((
2466 	LDAP		*ld,
2467 	char		*filter,
2468 	int		iscritical,
2469 	LDAPControl	**ctrlp ));
2470 
2471 /*
2472  * in deref.c
2473  */
2474 
2475 typedef struct LDAPDerefSpec {
2476 	char *derefAttr;
2477 	char **attributes;
2478 } LDAPDerefSpec;
2479 
2480 typedef struct LDAPDerefVal {
2481 	char *type;
2482 	BerVarray vals;
2483 	struct LDAPDerefVal *next;
2484 } LDAPDerefVal;
2485 
2486 typedef struct LDAPDerefRes {
2487 	char *derefAttr;
2488 	struct berval derefVal;
2489 	LDAPDerefVal *attrVals;
2490 	struct LDAPDerefRes *next;
2491 } LDAPDerefRes;
2492 
2493 LDAP_F( int )
2494 ldap_create_deref_control_value LDAP_P((
2495 	LDAP *ld,
2496 	LDAPDerefSpec *ds,
2497 	struct berval *value ));
2498 
2499 LDAP_F( int )
2500 ldap_create_deref_control LDAP_P((
2501 	LDAP		*ld,
2502 	LDAPDerefSpec	*ds,
2503 	int		iscritical,
2504 	LDAPControl	**ctrlp ));
2505 
2506 LDAP_F( void )
2507 ldap_derefresponse_free LDAP_P((
2508 	LDAPDerefRes *dr ));
2509 
2510 LDAP_F( int )
2511 ldap_parse_derefresponse_control LDAP_P((
2512 	LDAP *ld,
2513 	LDAPControl *ctrl,
2514 	LDAPDerefRes **drp ));
2515 
2516 LDAP_F( int )
2517 ldap_parse_deref_control LDAP_P((
2518 	LDAP		*ld,
2519 	LDAPControl	**ctrls,
2520 	LDAPDerefRes	**drp ));
2521 
2522 LDAP_END_DECL
2523 #endif /* _LDAP_H */
2524