/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2011 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ) )
/* -lldap may or may not be thread safe */
/* -lldap_r, if available, is always thread safe */
-# define LDAP_API_FEATURE_THREAD_SAFE 1
+# define LDAP_API_FEATURE_THREAD_SAFE 1
+# define LDAP_API_FEATURE_SESSION_THREAD_SAFE 1
+# define LDAP_API_FEATURE_OPERATION_THREAD_SAFE 1
#endif
#if defined( LDAP_THREAD_SAFE ) && \
defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE )
#define LDAP_OPT_ERROR_STRING LDAP_OPT_DIAGNOSTIC_MESSAGE
#define LDAP_OPT_MATCHED_DN 0x0033
/* 0x0034 - 0x3fff not defined */
+/* 0x0091 used by Microsoft for LDAP_OPT_AUTO_RECONNECT */
+#define LDAP_OPT_SSPI_FLAGS 0x0092
+/* 0x0093 used by Microsoft for LDAP_OPT_SSL_INFO */
+/* 0x0094 used by Microsoft for LDAP_OPT_REF_DEREF_CONN_PER_MSG */
+#define LDAP_OPT_SIGN 0x0095
+#define LDAP_OPT_ENCRYPT 0x0096
+#define LDAP_OPT_SASL_METHOD 0x0097
+/* 0x0098 used by Microsoft for LDAP_OPT_AREC_EXCLUSIVE */
+#define LDAP_OPT_SECURITY_CONTEXT 0x0099
+/* 0x009A used by Microsoft for LDAP_OPT_ROOTDSE_CACHE */
+/* 0x009B - 0x3fff not defined */
/* API Extensions */
#define LDAP_OPT_API_EXTENSION_BASE 0x4000 /* API extensions */
#define LDAP_OPT_SOCKBUF 0x5008 /* sockbuf */
#define LDAP_OPT_DEFBASE 0x5009 /* searchbase */
#define LDAP_OPT_CONNECT_ASYNC 0x5010 /* create connections asynchronously */
+#define LDAP_OPT_CONNECT_CB 0x5011 /* connection callbacks */
+#define LDAP_OPT_SESSION_REFCNT 0x5012 /* session reference count */
/* OpenLDAP TLS options */
#define LDAP_OPT_X_TLS 0x6000
-#define LDAP_OPT_X_TLS_CTX 0x6001 /* OpenSSL CTX */
+#define LDAP_OPT_X_TLS_CTX 0x6001 /* OpenSSL CTX* */
#define LDAP_OPT_X_TLS_CACERTFILE 0x6002
#define LDAP_OPT_X_TLS_CACERTDIR 0x6003
#define LDAP_OPT_X_TLS_CERTFILE 0x6004
#define LDAP_OPT_X_TLS_KEYFILE 0x6005
#define LDAP_OPT_X_TLS_REQUIRE_CERT 0x6006
-/* #define LDAP_OPT_X_TLS_PROTOCOL 0x6007 */
+#define LDAP_OPT_X_TLS_PROTOCOL_MIN 0x6007
#define LDAP_OPT_X_TLS_CIPHER_SUITE 0x6008
#define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009
-#define LDAP_OPT_X_TLS_SSL_CTX 0x600a
+#define LDAP_OPT_X_TLS_SSL_CTX 0x600a /* OpenSSL SSL* */
#define LDAP_OPT_X_TLS_CRLCHECK 0x600b
#define LDAP_OPT_X_TLS_CONNECT_CB 0x600c
#define LDAP_OPT_X_TLS_CONNECT_ARG 0x600d
#define LDAP_OPT_X_TLS_DHFILE 0x600e
#define LDAP_OPT_X_TLS_NEWCTX 0x600f
+#define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */
#define LDAP_OPT_X_TLS_NEVER 0
#define LDAP_OPT_X_TLS_HARD 1
#define LDAP_OPT_X_TLS_CRL_PEER 1
#define LDAP_OPT_X_TLS_CRL_ALL 2
+/* for LDAP_OPT_X_TLS_PROTOCOL_MIN */
+#define LDAP_OPT_X_TLS_PROTOCOL(maj,min) (((maj) << 8) + (min))
+#define LDAP_OPT_X_TLS_PROTOCOL_SSL2 (2 << 8)
+#define LDAP_OPT_X_TLS_PROTOCOL_SSL3 (3 << 8)
+#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_0 ((3 << 8) + 1)
+#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_1 ((3 << 8) + 2)
+#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 ((3 << 8) + 3)
+
/* OpenLDAP SASL options */
#define LDAP_OPT_X_SASL_MECH 0x6100
#define LDAP_OPT_X_SASL_REALM 0x6101
#define LDAP_OPT_X_SASL_SECPROPS 0x6106 /* write-only */
#define LDAP_OPT_X_SASL_SSF_MIN 0x6107
#define LDAP_OPT_X_SASL_SSF_MAX 0x6108
-#define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109
+#define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109
+#define LDAP_OPT_X_SASL_MECHLIST 0x610a /* read-only */
+#define LDAP_OPT_X_SASL_NOCANON 0x610b
+#define LDAP_OPT_X_SASL_USERNAME 0x610c /* read-only */
+#define LDAP_OPT_X_SASL_GSS_CREDS 0x610d
+
+/* OpenLDAP GSSAPI options */
+#define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT 0x6200
+#define LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL 0x6201
+
+/*
+ * OpenLDAP per connection tcp-keepalive settings
+ * (Linux only, ignored where unsupported)
+ */
+#define LDAP_OPT_X_KEEPALIVE_IDLE 0x6300
+#define LDAP_OPT_X_KEEPALIVE_PROBES 0x6301
+#define LDAP_OPT_X_KEEPALIVE_INTERVAL 0x6302
/* Private API Extensions -- reserved for application use */
#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000 /* Private API inclusive */
#define LDAP_CONTROL_PRE_READ "1.3.6.1.1.13.1" /* RFC 4527 */
#define LDAP_CONTROL_POST_READ "1.3.6.1.1.13.2" /* RFC 4527 */
-/* standard track - not implemented in slapd(8) */
#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" /* RFC 2891 */
#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" /* RFC 2891 */
/* non-standard track controls */
#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */
+#define LDAP_CONTROL_AUTHZID_REQUEST "2.16.840.1.113730.4.16" /* RFC 3829 */
+#define LDAP_CONTROL_AUTHZID_RESPONSE "2.16.840.1.113730.4.15" /* RFC 3829 */
+
/* LDAP Content Synchronization Operation -- RFC 4533 */
#define LDAP_SYNC_OID "1.3.6.1.4.1.4203.1.9.1"
#define LDAP_CONTROL_SYNC LDAP_SYNC_OID ".1"
#define LDAP_SYNC_ADD 1
#define LDAP_SYNC_MODIFY 2
#define LDAP_SYNC_DELETE 3
+#define LDAP_SYNC_NEW_COOKIE 4
+/* LDAP Don't Use Copy Control (RFC 6171) */
+#define LDAP_CONTROL_DONTUSECOPY "1.3.6.1.1.22"
/* Password policy Controls *//* work in progress */
/* ITS#3458: released; disabled by default */
#define LDAP_CONTROL_MANAGEDIT LDAP_CONTROL_RELAX
#define LDAP_CONTROL_SLURP "1.3.6.1.4.1.4203.666.5.13"
#define LDAP_CONTROL_VALSORT "1.3.6.1.4.1.4203.666.5.14"
-#define LDAP_CONTROL_DONTUSECOPY "1.3.6.1.4.1.4203.666.5.15"
-
+#define LDAP_CONTROL_X_DEREF "1.3.6.1.4.1.4203.666.5.16"
+#define LDAP_CONTROL_X_WHATFAILED "1.3.6.1.4.1.4203.666.5.17"
/* LDAP Chaining Behavior Control *//* work in progress */
/* <draft-sermersheim-ldap-chaining>;
#define LDAP_CONTROL_X_SEARCH_OPTIONS "1.2.840.113556.1.4.1340"
#define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */
#define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all subordinate NCs */
+#define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"
/* MS Active Directory controls - not implemented in slapd(8) */
-#define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"
#define LDAP_CONTROL_X_EXTENDED_DN "1.2.840.113556.1.4.529"
+#ifdef LDAP_DEVEL
+/* <draft-wahl-ldap-session> */
+#define LDAP_CONTROL_X_SESSION_TRACKING "1.3.6.1.4.1.21008.108.63.1"
+#define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_SESSION_ID \
+ LDAP_CONTROL_X_SESSION_TRACKING ".1"
+#define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_MULTI_SESSION_ID \
+ LDAP_CONTROL_X_SESSION_TRACKING ".2"
+#define LDAP_CONTROL_X_SESSION_TRACKING_USERNAME \
+ LDAP_CONTROL_X_SESSION_TRACKING ".3"
+#endif /* LDAP_DEVEL */
+
/* various expired works */
/* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_MODIFY 0x4
#define LDAP_CONTROL_PERSIST_ENTRY_CHANGE_RENAME 0x8
-/* LDAP VLV *//* not implemented in slapd(8) */
+/* LDAP VLV */
#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
-
/* LDAP Unsolicited Notifications */
#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" /* RFC 4511 */
#define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION
#define LDAP_TAG_EXOP_REFRESH_REQ_TTL ((ber_tag_t) 0x81U)
#define LDAP_TAG_EXOP_REFRESH_RES_TTL ((ber_tag_t) 0x80U)
+#define LDAP_EXOP_VERIFY_CREDENTIALS "1.3.6.1.4.1.4203.666.6.5"
+#define LDAP_EXOP_X_VERIFY_CREDENTIALS LDAP_EXOP_VERIFY_CREDENTIALS
+
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ((ber_tag_t) 0x80U)
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ((ber_tag_t) 0x81U)
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ((ber_tag_t) 0xa2U) /* context specific + constructed + 2 */
+
#define LDAP_EXOP_WHO_AM_I "1.3.6.1.4.1.4203.1.11.3" /* RFC 4532 */
#define LDAP_EXOP_X_WHO_AM_I LDAP_EXOP_WHO_AM_I
#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */
+/* used by the Windows API but not used on the wire */
+#define LDAP_AUTH_NEGOTIATE ((ber_tag_t) 0x04FFU)
/* filter types */
#define LDAP_FILTER_AND ((ber_tag_t) 0xa0U) /* context specific + constructed */
#define LDAP_RESULTS_TOO_LARGE 0x46 /* CLDAP */
#define LDAP_AFFECTS_MULTIPLE_DSAS 0x47
+#define LDAP_VLV_ERROR 0x4C
+
#define LDAP_OTHER 0x50
/* LCUP operation codes (113-117) - not implemented */
* End of LDAP sync (RFC4533) API
*/
+/*
+ * Connection callbacks...
+ */
+struct ldap_conncb;
+struct sockaddr;
+
+/* Called after a connection is established */
+typedef int (ldap_conn_add_f) LDAP_P(( LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, struct sockaddr *addr,
+ struct ldap_conncb *ctx ));
+/* Called before a connection is closed */
+typedef void (ldap_conn_del_f) LDAP_P(( LDAP *ld, Sockbuf *sb, struct ldap_conncb *ctx ));
+
+/* Callbacks are pushed on a stack. Last one pushed is first one executed. The
+ * delete callback is called with a NULL Sockbuf just before freeing the LDAP handle.
+ */
+typedef struct ldap_conncb {
+ ldap_conn_add_f *lc_add;
+ ldap_conn_del_f *lc_del;
+ void *lc_arg;
+} ldap_conncb;
+
/*
* The API draft spec says we should declare (or cause to be declared)
* 'struct timeval'. We don't. See IETF LDAPext discussions.
/*
* in controls.c:
*/
+#if LDAP_DEPRECATED
LDAP_F( int )
-ldap_create_control LDAP_P((
+ldap_create_control LDAP_P(( /* deprecated, use ldap_control_create */
LDAP_CONST char *requestOID,
BerElement *ber,
int iscritical,
LDAPControl **ctrlp ));
LDAP_F( LDAPControl * )
-ldap_find_control LDAP_P((
+ldap_find_control LDAP_P(( /* deprecated, use ldap_control_find */
LDAP_CONST char *oid,
LDAPControl **ctrls ));
+#endif
+
+LDAP_F( int )
+ldap_control_create LDAP_P((
+ LDAP_CONST char *requestOID,
+ int iscritical,
+ struct berval *value,
+ int dupval,
+ LDAPControl **ctrlp ));
+
+LDAP_F( LDAPControl * )
+ldap_control_find LDAP_P((
+ LDAP_CONST char *oid,
+ LDAPControl **ctrls,
+ LDAPControl ***nextctrlp ));
LDAP_F( void )
ldap_control_free LDAP_P((
ldap_controls_free LDAP_P((
LDAPControl **ctrls ));
+LDAP_F( LDAPControl ** )
+ldap_controls_dup LDAP_P((
+ LDAPControl *LDAP_CONST *controls ));
+
+LDAP_F( LDAPControl * )
+ldap_control_dup LDAP_P((
+ LDAP_CONST LDAPControl *c ));
+
/*
* in dnssrv.c:
*/
typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
LDAP *ld, unsigned flags, void* defaults, void *interact ));
+LDAP_F( int )
+ldap_sasl_interactive_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn, /* usually NULL */
+ LDAP_CONST char *saslMechanism,
+ LDAPControl **serverControls,
+ LDAPControl **clientControls,
+
+ /* should be client controls */
+ unsigned flags,
+ LDAP_SASL_INTERACT_PROC *proc,
+ void *defaults,
+
+ /* as obtained from ldap_result() */
+ LDAPMessage *result,
+
+ /* returned during bind processing */
+ const char **rmech,
+ int *msgid ));
+
LDAP_F( int )
ldap_sasl_interactive_bind_s LDAP_P((
LDAP *ld,
LDAP_CONST char *who,
LDAP_CONST char *passwd ));
-
-/*
- * in kbind.c:
- * (deprecated - use SASL instead)
- */
-LDAP_F( int )
-ldap_kerberos_bind_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind1 LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind1_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind2 LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind2_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
#endif
LDAPMessage *res,
int *errcodep,
char **matcheddnp,
- char **errmsgp,
+ char **diagmsgp,
char ***referralsp,
LDAPControl ***serverctrls,
int freeit ));
#endif
+/*
+ * gssapi.c:
+ */
+LDAP_F( int )
+ldap_gssapi_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *creds ));
+
+LDAP_F( int )
+ldap_gssapi_bind_s LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *creds ));
+
+
/*
* in modify.c:
*/
LDAP **ldp,
LDAP_CONST char *url ));
+LDAP_F( LDAP * )
+ldap_dup LDAP_P((
+ LDAP *old ));
+
/*
* in tls.c
*/
char **vals ));
LDAP_F( void )
-ldap_value_free LDAP_P(( /* deprecated, use ldap_values_free_len */
+ldap_value_free LDAP_P(( /* deprecated, use ldap_value_free_len */
char **vals ));
#endif
LDAPControl **serverctrls,
LDAPControl **clientctrls));
+LDAP_F( int )
+ldap_destroy LDAP_P((
+ LDAP *ld));
+
#if LDAP_DEPRECATED
LDAP_F( int )
ldap_unbind LDAP_P(( /* deprecated, use ldap_unbind_ext */
struct berval **contextp,
int *errcodep ));
+/*
+ * LDAP Verify Credentials
+ */
+#define LDAP_API_FEATURE_VERIFY_CREDENTIALS 1000
+
+LDAP_F( int )
+ldap_verify_credentials LDAP_P((
+ LDAP *ld,
+ struct berval *cookie,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **ctrls,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_verify_credentials_s LDAP_P((
+ LDAP *ld,
+ struct berval *cookie,
+ LDAP_CONST char *dn,
+ LDAP_CONST char *mechanism,
+ struct berval *cred,
+ LDAPControl **vcictrls,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls,
+ int *code,
+ char **diagmsgp,
+ struct berval **scookie,
+ struct berval **servercredp,
+ LDAPControl ***vcoctrls));
+
+
+LDAP_F( int )
+ldap_parse_verify_credentials LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ int *code,
+ char **diagmsgp,
+ struct berval **cookie,
+ struct berval **servercredp,
+ LDAPControl ***vcctrls));
+
+/* not yet implemented */
+/* #define LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 1000 */
+#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE
+LDAP_F( int )
+ldap_verify_credentials_interactive LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn, /* usually NULL */
+ LDAP_CONST char *saslMechanism,
+ LDAPControl **vcControls,
+ LDAPControl **serverControls,
+ LDAPControl **clientControls,
+
+ /* should be client controls */
+ unsigned flags,
+ LDAP_SASL_INTERACT_PROC *proc,
+ void *defaults,
+ void *context,
+
+ /* as obtained from ldap_result() */
+ LDAPMessage *result,
+
+ /* returned during bind processing */
+ const char **rmech,
+ int *msgid ));
+#endif
+
/*
* LDAP Who Am I?
* in whoami.c
ldap_sync_poll LDAP_P((
ldap_sync_t *ls ));
+#ifdef LDAP_CONTROL_X_SESSION_TRACKING
+
+/*
+ * in stctrl.c
+ */
+LDAP_F( int )
+ldap_create_session_tracking_value LDAP_P((
+ LDAP *ld,
+ char *sessionSourceIp,
+ char *sessionSourceName,
+ char *formatOID,
+ struct berval *sessionTrackingIdentifier,
+ struct berval *value ));
+
+LDAP_F( int )
+ldap_create_session_tracking LDAP_P((
+ LDAP *ld,
+ char *sessionSourceIp,
+ char *sessionSourceName,
+ char *formatOID,
+ struct berval *sessionTrackingIdentifier,
+ LDAPControl **ctrlp ));
+
+LDAP_F( int )
+ldap_parse_session_tracking_control LDAP_P((
+ LDAP *ld,
+ LDAPControl *ctrl,
+ struct berval *ip,
+ struct berval *name,
+ struct berval *oid,
+ struct berval *id ));
+
+#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
+
+/*
+ * in assertion.c
+ */
+LDAP_F (int)
+ldap_create_assertion_control_value LDAP_P((
+ LDAP *ld,
+ char *assertion,
+ struct berval *value ));
+
+LDAP_F( int )
+ldap_create_assertion_control LDAP_P((
+ LDAP *ld,
+ char *filter,
+ int iscritical,
+ LDAPControl **ctrlp ));
+
+/*
+ * in deref.c
+ */
+
+typedef struct LDAPDerefSpec {
+ char *derefAttr;
+ char **attributes;
+} LDAPDerefSpec;
+
+typedef struct LDAPDerefVal {
+ char *type;
+ BerVarray vals;
+ struct LDAPDerefVal *next;
+} LDAPDerefVal;
+
+typedef struct LDAPDerefRes {
+ char *derefAttr;
+ struct berval derefVal;
+ LDAPDerefVal *attrVals;
+ struct LDAPDerefRes *next;
+} LDAPDerefRes;
+
+LDAP_F( int )
+ldap_create_deref_control_value LDAP_P((
+ LDAP *ld,
+ LDAPDerefSpec *ds,
+ struct berval *value ));
+
+LDAP_F( int )
+ldap_create_deref_control LDAP_P((
+ LDAP *ld,
+ LDAPDerefSpec *ds,
+ int iscritical,
+ LDAPControl **ctrlp ));
+
+LDAP_F( void )
+ldap_derefresponse_free LDAP_P((
+ LDAPDerefRes *dr ));
+
+LDAP_F( int )
+ldap_parse_derefresponse_control LDAP_P((
+ LDAP *ld,
+ LDAPControl *ctrl,
+ LDAPDerefRes **drp ));
+
+LDAP_F( int )
+ldap_parse_deref_control LDAP_P((
+ LDAP *ld,
+ LDAPControl **ctrls,
+ LDAPDerefRes **drp ));
+
+/*
+ * high level LDIF to LDAP structure support
+ */
+#define LDIF_DEFAULT_ADD 0x01 /* if changetype missing, assume LDAP_ADD */
+#define LDIF_ENTRIES_ONLY 0x02 /* ignore changetypes other than add */
+#define LDIF_NO_CONTROLS 0x04 /* ignore control specifications */
+
+typedef struct ldifrecord {
+ ber_tag_t lr_op; /* type of operation - LDAP_REQ_MODIFY, LDAP_REQ_ADD, etc. */
+ struct berval lr_dn; /* DN of operation */
+ LDAPControl **lr_ctrls; /* controls specified for operation */
+ /* some ops such as LDAP_REQ_DELETE require only a DN */
+ /* other ops require different data - the ldif_ops union
+ is used to specify the data for each type of operation */
+ union ldif_ops_u {
+ LDAPMod **lr_mods; /* list of mods for LDAP_REQ_MODIFY, LDAP_REQ_ADD */
+#define lrop_mods ldif_ops.lr_mods
+ struct ldif_op_rename_s {
+ struct berval lr_newrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
+#define lrop_newrdn ldif_ops.ldif_op_rename.lr_newrdn
+ struct berval lr_newsuperior; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
+#define lrop_newsup ldif_ops.ldif_op_rename.lr_newsuperior
+ int lr_deleteoldrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
+#define lrop_delold ldif_ops.ldif_op_rename.lr_deleteoldrdn
+ } ldif_op_rename; /* rename/moddn/modrdn */
+ /* the following are for future support */
+ struct ldif_op_ext_s {
+ struct berval lr_extop_oid; /* LDAP_REQ_EXTENDED */
+#define lrop_extop_oid ldif_ops.ldif_op_ext.lr_extop_oid
+ struct berval lr_extop_data; /* LDAP_REQ_EXTENDED */
+#define lrop_extop_data ldif_ops.ldif_op_ext.lr_extop_data
+ } ldif_op_ext; /* extended operation */
+ struct ldif_op_cmp_s {
+ struct berval lr_cmp_attr; /* LDAP_REQ_COMPARE */
+#define lrop_cmp_attr ldif_ops.ldif_op_cmp.lr_cmp_attr
+ struct berval lr_cmp_bvalue; /* LDAP_REQ_COMPARE */
+#define lrop_cmp_bval ldif_ops.ldif_op_cmp.lr_cmp_bvalue
+ } ldif_op_cmp; /* compare operation */
+ } ldif_ops;
+ /* PRIVATE STUFF - DO NOT TOUCH */
+ /* for efficiency, the implementation allocates memory */
+ /* in large blobs, and makes the above fields point to */
+ /* locations inside those blobs - one consequence is that */
+ /* you cannot simply free the above allocated fields, nor */
+ /* assign them to be owned by another memory context which */
+ /* might free them (unless providing your own mem ctx) */
+ /* we use the fields below to keep track of those blobs */
+ /* so we that we can free them later */
+ void *lr_ctx; /* the memory context or NULL */
+ int lr_lines;
+ LDAPMod *lr_lm;
+ unsigned char *lr_mops;
+ char *lr_freeval;
+ struct berval *lr_vals;
+ struct berval *lr_btype;
+} LDIFRecord;
+
+/* free internal fields - does not free the LDIFRecord */
+LDAP_F( void )
+ldap_ldif_record_done LDAP_P((
+ LDIFRecord *lr ));
+
+LDAP_F( int )
+ldap_parse_ldif_record LDAP_P((
+ struct berval *rbuf,
+ int linenum,
+ LDIFRecord *lr,
+ const char *errstr,
+ unsigned int flags ));
+
LDAP_END_DECL
#endif /* _LDAP_H */