1*8329232eSGordon Ross /* 2*8329232eSGordon Ross * CDDL HEADER START 3*8329232eSGordon Ross * 4*8329232eSGordon Ross * The contents of this file are subject to the terms of the 5*8329232eSGordon Ross * Common Development and Distribution License (the "License"). 6*8329232eSGordon Ross * You may not use this file except in compliance with the License. 7*8329232eSGordon Ross * 8*8329232eSGordon Ross * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*8329232eSGordon Ross * or http://www.opensolaris.org/os/licensing. 10*8329232eSGordon Ross * See the License for the specific language governing permissions 11*8329232eSGordon Ross * and limitations under the License. 12*8329232eSGordon Ross * 13*8329232eSGordon Ross * When distributing Covered Code, include this CDDL HEADER in each 14*8329232eSGordon Ross * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*8329232eSGordon Ross * If applicable, add the following below this CDDL HEADER, with the 16*8329232eSGordon Ross * fields enclosed by brackets "[]" replaced with your own identifying 17*8329232eSGordon Ross * information: Portions Copyright [yyyy] [name of copyright owner] 18*8329232eSGordon Ross * 19*8329232eSGordon Ross * CDDL HEADER END 20*8329232eSGordon Ross */ 21*8329232eSGordon Ross 22*8329232eSGordon Ross /* 23*8329232eSGordon Ross * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24*8329232eSGordon Ross * Use is subject to license terms. 25*8329232eSGordon Ross * 26*8329232eSGordon Ross * Copyright 2017 Nexenta Systems, Inc. All rights reserved. 27*8329232eSGordon Ross */ 28*8329232eSGordon Ross 29*8329232eSGordon Ross /* 30*8329232eSGordon Ross * Windows to Solaris Identity Mapping kernel API 31*8329232eSGordon Ross * This header defines an API to map Windows SIDs to 32*8329232eSGordon Ross * Solaris UID and GIDs and versa visa. 33*8329232eSGordon Ross */ 34*8329232eSGordon Ross 35*8329232eSGordon Ross #ifndef _SYS_KIDMAP_H 36*8329232eSGordon Ross #define _SYS_KIDMAP_H 37*8329232eSGordon Ross 38*8329232eSGordon Ross #include <sys/idmap.h> 39*8329232eSGordon Ross #include <sys/door.h> 40*8329232eSGordon Ross #include <sys/zone.h> 41*8329232eSGordon Ross 42*8329232eSGordon Ross #ifdef __cplusplus 43*8329232eSGordon Ross extern "C" { 44*8329232eSGordon Ross #endif 45*8329232eSGordon Ross 46*8329232eSGordon Ross /* 47*8329232eSGordon Ross * The ifdef's for these two accomodate duplicate definitions in 48*8329232eSGordon Ross * lib/libidmap/common/idmap.h (the real one). In this code we 49*8329232eSGordon Ross * simulate a kernel environment in user space using the real 50*8329232eSGordon Ross * idmap library, so need to be able to use both headers. 51*8329232eSGordon Ross */ 52*8329232eSGordon Ross 53*8329232eSGordon Ross /* Return status */ 54*8329232eSGordon Ross #ifndef _IDMAP_STAT_TYPE 55*8329232eSGordon Ross #define _IDMAP_STAT_TYPE 56*8329232eSGordon Ross typedef int32_t idmap_stat; 57*8329232eSGordon Ross #endif /* _IDMAP_STAT_TYPE */ 58*8329232eSGordon Ross 59*8329232eSGordon Ross /* Opaque get handle */ 60*8329232eSGordon Ross #ifndef _IDMAP_GET_HANDLE_T 61*8329232eSGordon Ross #define _IDMAP_GET_HANDLE_T 62*8329232eSGordon Ross typedef struct idmap_get_handle idmap_get_handle_t; 63*8329232eSGordon Ross #endif /* _IDMAP_GET_HANDLE_T */ 64*8329232eSGordon Ross 65*8329232eSGordon Ross /* 66*8329232eSGordon Ross * In all the routines a Windows SID is handled as a 67*8329232eSGordon Ross * string SID prefix plus a RID. For example 68*8329232eSGordon Ross * 69*8329232eSGordon Ross * S-1-5-5-12-34-568 will be passed as SID prefix 70*8329232eSGordon Ross * S-1-5-5-12-34 and RID 568 71*8329232eSGordon Ross * 72*8329232eSGordon Ross * Certain routines returns pointers to a SID prefix string. 73*8329232eSGordon Ross * These strings are stored internally and should not be modified 74*8329232eSGordon Ross * or freed. 75*8329232eSGordon Ross */ 76*8329232eSGordon Ross 77*8329232eSGordon Ross 78*8329232eSGordon Ross /* 79*8329232eSGordon Ross * The following routines are simple get ID mapping routines. 80*8329232eSGordon Ross */ 81*8329232eSGordon Ross 82*8329232eSGordon Ross 83*8329232eSGordon Ross idmap_stat 84*8329232eSGordon Ross kidmap_getuidbysid(zone_t *zone, const char *sid_prefix, uint32_t rid, 85*8329232eSGordon Ross uid_t *uid); 86*8329232eSGordon Ross 87*8329232eSGordon Ross idmap_stat 88*8329232eSGordon Ross kidmap_getgidbysid(zone_t *zone, const char *sid_prefix, uint32_t rid, 89*8329232eSGordon Ross gid_t *gid); 90*8329232eSGordon Ross 91*8329232eSGordon Ross idmap_stat 92*8329232eSGordon Ross kidmap_getpidbysid(zone_t *zone, const char *sid_prefix, uint32_t rid, 93*8329232eSGordon Ross uid_t *pid, int *is_user); 94*8329232eSGordon Ross 95*8329232eSGordon Ross idmap_stat 96*8329232eSGordon Ross kidmap_getsidbyuid(zone_t *zone, uid_t uid, const char **sid_prefix, 97*8329232eSGordon Ross uint32_t *rid); 98*8329232eSGordon Ross 99*8329232eSGordon Ross idmap_stat 100*8329232eSGordon Ross kidmap_getsidbygid(zone_t *zone, gid_t gid, const char **sid_prefix, 101*8329232eSGordon Ross uint32_t *rid); 102*8329232eSGordon Ross 103*8329232eSGordon Ross 104*8329232eSGordon Ross 105*8329232eSGordon Ross /* 106*8329232eSGordon Ross * The following routines provide a batch interface for mapping IDs. 107*8329232eSGordon Ross */ 108*8329232eSGordon Ross 109*8329232eSGordon Ross /* 110*8329232eSGordon Ross * Create a batch "get mapping" handle for batch mappings. 111*8329232eSGordon Ross */ 112*8329232eSGordon Ross idmap_get_handle_t * 113*8329232eSGordon Ross kidmap_get_create(zone_t *zone); 114*8329232eSGordon Ross 115*8329232eSGordon Ross /* 116*8329232eSGordon Ross * These routines queue the request to the "get mapping" handle 117*8329232eSGordon Ross */ 118*8329232eSGordon Ross 119*8329232eSGordon Ross idmap_stat 120*8329232eSGordon Ross kidmap_batch_getuidbysid(idmap_get_handle_t *get_handle, 121*8329232eSGordon Ross const char *sid_prefix, uint32_t rid, 122*8329232eSGordon Ross uid_t *uid, idmap_stat *stat); 123*8329232eSGordon Ross 124*8329232eSGordon Ross idmap_stat 125*8329232eSGordon Ross kidmap_batch_getgidbysid(idmap_get_handle_t *get_handle, 126*8329232eSGordon Ross const char *sid_prefix, uint32_t rid, 127*8329232eSGordon Ross gid_t *gid, idmap_stat *stat); 128*8329232eSGordon Ross 129*8329232eSGordon Ross idmap_stat 130*8329232eSGordon Ross kidmap_batch_getpidbysid(idmap_get_handle_t *get_handle, 131*8329232eSGordon Ross const char *sid_prefix, uint32_t rid, 132*8329232eSGordon Ross uid_t *pid, int *is_user, idmap_stat *stat); 133*8329232eSGordon Ross 134*8329232eSGordon Ross idmap_stat 135*8329232eSGordon Ross kidmap_batch_getsidbyuid(idmap_get_handle_t *get_handle, uid_t uid, 136*8329232eSGordon Ross const char **sid_prefix, uint32_t *rid, idmap_stat *stat); 137*8329232eSGordon Ross 138*8329232eSGordon Ross idmap_stat 139*8329232eSGordon Ross kidmap_batch_getsidbygid(idmap_get_handle_t *get_handle, gid_t gid, 140*8329232eSGordon Ross const char **sid_prefix, uint32_t *rid, idmap_stat *stat); 141*8329232eSGordon Ross 142*8329232eSGordon Ross /* 143*8329232eSGordon Ross * Process the queued "get mapping" requests. The results (i.e. 144*8329232eSGordon Ross * status and identity) will be available in the data areas 145*8329232eSGordon Ross * provided by individual requests. 146*8329232eSGordon Ross */ 147*8329232eSGordon Ross idmap_stat 148*8329232eSGordon Ross kidmap_get_mappings(idmap_get_handle_t *get_handle); 149*8329232eSGordon Ross 150*8329232eSGordon Ross /* 151*8329232eSGordon Ross * Destroy the "get mapping" handle 152*8329232eSGordon Ross */ 153*8329232eSGordon Ross void 154*8329232eSGordon Ross kidmap_get_destroy(idmap_get_handle_t *get_handle); 155*8329232eSGordon Ross 156*8329232eSGordon Ross #ifdef _KERNEL 157*8329232eSGordon Ross /* 158*8329232eSGordon Ross * Functions that do the hard part of door registration/unregistration 159*8329232eSGordon Ross * for the idmap_reg()/idmap_unreg() syscalls 160*8329232eSGordon Ross */ 161*8329232eSGordon Ross int idmap_reg_dh(zone_t *zone, door_handle_t dh); 162*8329232eSGordon Ross int idmap_unreg_dh(zone_t *zone, door_handle_t dh); 163*8329232eSGordon Ross 164*8329232eSGordon Ross /* 165*8329232eSGordon Ross * Function needed by allocids() to ensure only the daemon that owns 166*8329232eSGordon Ross * the door gets ephemeral IDS 167*8329232eSGordon Ross */ 168*8329232eSGordon Ross door_handle_t idmap_get_door(zone_t *zone); 169*8329232eSGordon Ross 170*8329232eSGordon Ross /* 171*8329232eSGordon Ross * Function used by system call allocids() to purge the 172*8329232eSGordon Ross * ID mapping cache 173*8329232eSGordon Ross */ 174*8329232eSGordon Ross void idmap_purge_cache(zone_t *zone); 175*8329232eSGordon Ross 176*8329232eSGordon Ross #endif /* _KERNEL */ 177*8329232eSGordon Ross 178*8329232eSGordon Ross 179*8329232eSGordon Ross #ifdef __cplusplus 180*8329232eSGordon Ross } 181*8329232eSGordon Ross #endif 182*8329232eSGordon Ross 183*8329232eSGordon Ross #endif /* _SYS_KIDMAP_H */ 184