Home | History | Annotate | Download | only in idmapd
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 
     22 /*
     23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     24  * Use is subject to license terms.
     25  */
     26 
     27 #ifndef _ADUTILS_H
     28 #define	_ADUTILS_H
     29 
     30 #ifdef __cplusplus
     31 extern "C" {
     32 #endif
     33 
     34 /*
     35  * Processes name2sid & sid2name lookups for a given user or computer
     36  * from an AD Difrectory server using GSSAPI authentication
     37  */
     38 
     39 #include <stdio.h>
     40 #include <stdlib.h>
     41 #include <unistd.h>
     42 #include <lber.h>
     43 #include <ldap.h>
     44 #include <sasl/sasl.h>
     45 #include <string.h>
     46 #include <ctype.h>
     47 #include <sys/types.h>
     48 #include <time.h>
     49 #include <thread.h>
     50 #include <synch.h>
     51 #include <rpcsvc/idmap_prot.h>
     52 #include "libadutils.h"
     53 #include <sys/idmap.h>
     54 
     55 /*
     56  * idmapd interfaces stolen? from other idmapd code?
     57  */
     58 
     59 /*
     60  * Eventually these should be an enum here, but instead we share a
     61  * namespace with other things in idmapd.
     62  */
     63 #define	_IDMAP_T_OTHER		0
     64 #define	_IDMAP_T_UNDEF		-1
     65 #define	_IDMAP_T_USER		-1004
     66 #define	_IDMAP_T_GROUP		-1005
     67 #define	_IDMAP_T_DOMAIN		-1006
     68 
     69 typedef uint32_t rid_t;
     70 typedef uid_t posix_id_t;
     71 
     72 typedef struct idmap_query_state idmap_query_state_t;
     73 
     74 int	idmap_add_ds(adutils_ad_t *ad, const char *host, int port);
     75 
     76 
     77 /*
     78  * Batch lookups
     79  *
     80  * Start a batch, add queries to the batch one by one (the output
     81  * pointers should all differ, so that a query's results don't clobber
     82  * any other's), end the batch to wait for replies for all outstanding
     83  * queries.  The output parameters of each query are initialized to NULL
     84  * or -1 as appropriate.
     85  *
     86  * LDAP searches are sent one by one without waiting (i.e., blocking)
     87  * for replies.  Replies are handled as soon as they are available.
     88  * Missing replies are waited for only when idmap_lookup_batch_end() is
     89  * called.
     90  *
     91  * If an add1 function returns != 0 then abort the batch by calling
     92  * idmap_lookup_batch_end(), but note that some queries may have been
     93  * answered, so check the result code of each query.
     94  */
     95 
     96 /* Start a batch of lookups */
     97 idmap_retcode idmap_lookup_batch_start(adutils_ad_t *ad, int nqueries,
     98     int directory_based_mapping, const char *default_domain,
     99     idmap_query_state_t **state);
    100 
    101 /* End a batch and release its idmap_query_state_t object */
    102 idmap_retcode idmap_lookup_batch_end(idmap_query_state_t **state);
    103 
    104 /* Abandon a batch and release its idmap_query_state_t object */
    105 void idmap_lookup_release_batch(idmap_query_state_t **state);
    106 
    107 /*
    108  * Add a name->SID lookup
    109  *
    110  *  - 'dname' is optional; if NULL or empty string then 'name' has to be
    111  *  a user/group name qualified wih a domainname (e.g., foo@domain),
    112  *  else the 'name' must not be qualified and the domainname must be
    113  *  passed in 'dname'.
    114  *
    115  *  - if 'rid' is NULL then the output SID string will include the last
    116  *  RID, else it won't and the last RID value will be stored in *rid.
    117  *
    118  *  The caller must free() *sid.
    119  */
    120 idmap_retcode idmap_name2sid_batch_add1(idmap_query_state_t *state,
    121 		const char *name, const char *dname, int eunixtype,
    122 		char **dn, char **attr, char **value, char **canonname,
    123 		char **sid, rid_t *rid, int *sid_type, char **unixname,
    124 		posix_id_t *pid, idmap_retcode *rc);
    125 /*
    126  * Add a SID->name lookup
    127  *
    128  *  - 'rid' is optional; if NULL then 'sid' is expected to have the
    129  *  user/group RID present, else 'sid' is expected not to have it, and
    130  *  *rid will be used to qualify the given 'sid'
    131  *
    132  *  - 'dname' is optional; if NULL then the fully qualified user/group
    133  *  name will be stored in *name, else the domain name will be stored in
    134  *  *dname and the user/group name will be stored in *name without a
    135  *  domain qualifier.
    136  *
    137  *  The caller must free() *name and *dname (if present).
    138  */
    139 idmap_retcode idmap_sid2name_batch_add1(idmap_query_state_t *state,
    140 		const char *sid, const rid_t *rid, int eunixtype,
    141 		char **dn, char **attr, char **value, char **name,
    142 		char **dname, int *sid_type, char **unixname,
    143 		posix_id_t *pid, idmap_retcode *rc);
    144 
    145 /*
    146  * Add a unixname->SID lookup
    147  */
    148 idmap_retcode idmap_unixname2sid_batch_add1(idmap_query_state_t *state,
    149 		const char *unixname, int is_user, int is_wuser,
    150 		char **dn, char **attr, char **value, char **sid, rid_t *rid,
    151 		char **name, char **dname, int *sid_type, idmap_retcode *rc);
    152 
    153 /*
    154  * Add a PID->SID lookup
    155  */
    156 idmap_retcode idmap_pid2sid_batch_add1(idmap_query_state_t *state,
    157 		posix_id_t pid, int is_user,
    158 		char **dn, char **attr, char **value, char **sid, rid_t *rid,
    159 		char **name, char **dname, int *sid_type, idmap_retcode *rc);
    160 
    161 /*
    162  * Set unixname attribute names for the batch for AD-based name mapping
    163  */
    164 void idmap_lookup_batch_set_unixattr(idmap_query_state_t *state,
    165 		const char *unixuser_attr, const char *unixgroup_attr);
    166 
    167 #ifdef __cplusplus
    168 }
    169 #endif
    170 
    171 #endif	/* _ADUTILS_H */
    172