xref: /illumos-gate/usr/src/uts/common/rpcsvc/idmap_prot.x (revision 64fb5c317e524ea4ee6fb8076e9105e841b2b527)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 /* opaque type to support non-ASCII strings */
28 typedef	string	idmap_utf8str<>;
29 
30 /* Return status */
31 typedef int idmap_retcode;
32 
33 /* Identity types */
34 enum idmap_id_type {
35 	IDMAP_NONE = 0,
36 	IDMAP_UID = 1,
37 	IDMAP_GID,
38 	IDMAP_SID,
39 	IDMAP_USID,
40 	IDMAP_GSID,
41 	IDMAP_POSIXID
42 };
43 
44 /* The type of ID mapping */
45 enum idmap_map_type {
46 	IDMAP_MAP_TYPE_UNKNOWN = 0,
47 	IDMAP_MAP_TYPE_DS_AD,
48 	IDMAP_MAP_TYPE_DS_NLDAP,
49 	IDMAP_MAP_TYPE_RULE_BASED,
50 	IDMAP_MAP_TYPE_EPHEMERAL,
51 	IDMAP_MAP_TYPE_LOCAL_SID,
52 	IDMAP_MAP_TYPE_KNOWN_SID
53 };
54 
55 
56 /* Source of ID mapping */
57 enum idmap_map_src {
58 	IDMAP_MAP_SRC_UNKNOWN = 0,
59 	IDMAP_MAP_SRC_NEW,
60 	IDMAP_MAP_SRC_CACHE,
61 	IDMAP_MAP_SRC_HARD_CODED,
62 	IDMAP_MAP_SRC_ALGORITHMIC
63 };
64 
65 
66 /* SID */
67 struct idmap_sid {
68 	string		prefix<>;
69 	uint32_t	rid;
70 };
71 
72 /* Identity (sid-posix) */
73 union idmap_id switch(idmap_id_type idtype) {
74 	case IDMAP_UID: uint32_t uid;
75 	case IDMAP_GID: uint32_t gid;
76 	case IDMAP_SID: idmap_sid sid;
77 	case IDMAP_USID: idmap_sid usid;
78 	case IDMAP_GSID: idmap_sid gsid;
79 	case IDMAP_NONE: void;
80 	case IDMAP_POSIXID: void;
81 };
82 
83 
84 /* Name-based mapping rules */
85 struct idmap_namerule {
86 	bool		is_user;
87 	bool		is_wuser;
88 	int		direction;
89 	idmap_utf8str	windomain;
90 	idmap_utf8str	winname;
91 	idmap_utf8str	unixname;
92 	bool		is_nt4;
93 };
94 struct idmap_namerules_res {
95 	idmap_retcode	retcode;
96 	uint64_t	lastrowid;
97 	idmap_namerule	rules<>;
98 };
99 
100 /* How ID is mapped */
101 struct idmap_how_ds_based {
102 	idmap_utf8str	dn;
103 	idmap_utf8str	attr;
104 	idmap_utf8str	value;
105 };
106 
107 union idmap_how switch(idmap_map_type map_type) {
108 	case IDMAP_MAP_TYPE_UNKNOWN: void;
109 	case IDMAP_MAP_TYPE_DS_AD: idmap_how_ds_based ad;
110 	case IDMAP_MAP_TYPE_DS_NLDAP: idmap_how_ds_based nldap;
111 	case IDMAP_MAP_TYPE_RULE_BASED: idmap_namerule rule;
112 	case IDMAP_MAP_TYPE_EPHEMERAL: void;
113 	case IDMAP_MAP_TYPE_LOCAL_SID: void;
114 	case IDMAP_MAP_TYPE_KNOWN_SID: void;
115 };
116 
117 struct idmap_info {
118 	idmap_map_src	src;
119 	idmap_how	how;
120 };
121 
122 
123 /* Id result */
124 struct idmap_id_res {
125 	idmap_retcode	retcode;
126 	idmap_id	id;
127 	int		direction;
128 	idmap_info	info;
129 };
130 struct idmap_ids_res {
131 	idmap_retcode	retcode;
132 	idmap_id_res	ids<>;
133 };
134 
135 
136 /*
137  * Flag supported by mapping requests
138  */
139 
140 /* Don't allocate a new value for the mapping */
141 const IDMAP_REQ_FLG_NO_NEW_ID_ALLOC	= 0x00000001;
142 
143 /* Validate the given identity before mapping */
144 const IDMAP_REQ_FLG_VALIDATE		= 0x00000002;
145 
146 /* Avoid name service lookups to prevent looping */
147 const IDMAP_REQ_FLG_NO_NAMESERVICE	= 0x00000004;
148 
149 /* Request how a mapping was formed */
150 const IDMAP_REQ_FLG_MAPPING_INFO	= 0x00000008;
151 
152 /*
153  * This libidmap only flag is defined in idmap.h
154  * It enables use of the libidmap cache
155  * const IDMAP_REQ_FLG_USE_CACHE	= 0x00000010;
156  */
157 
158 /* Request mapping for well-known or local SIDs only */
159 const IDMAP_REQ_FLG_WK_OR_LOCAL_SIDS_ONLY	= 0x00000020;
160 
161 
162 /*
163  * Mapping direction definitions
164  */
165 const IDMAP_DIRECTION_UNDEF =	-1;	/* not defined */
166 const IDMAP_DIRECTION_BI =	0;	/* bi-directional */
167 const IDMAP_DIRECTION_W2U =	1;	/* windows to unix only */
168 const IDMAP_DIRECTION_U2W =	2;	/* unix to windows only */
169 
170 
171 /* Identity mappings (sid-posix) */
172 struct idmap_mapping {
173 	int32_t		flag;
174 	int		direction;
175 	idmap_id	id1;
176 	idmap_utf8str	id1domain;
177 	idmap_utf8str	id1name;
178 	idmap_id	id2;
179 	idmap_utf8str	id2domain;
180 	idmap_utf8str	id2name;
181 	idmap_info	info;
182 };
183 
184 typedef idmap_mapping	idmap_mapping_batch<>;
185 
186 struct idmap_mappings_res {
187 	idmap_retcode		retcode;
188 	uint64_t		lastrowid;
189 	idmap_mapping		mappings<>;
190 };
191 
192 
193 /* Update result */
194 struct idmap_update_res {
195 	idmap_retcode	retcode;
196 	int64_t	error_index;
197 	idmap_namerule	error_rule;
198 	idmap_namerule	conflict_rule;
199 };
200 
201 /* Update requests */
202 enum idmap_opnum {
203 	OP_NONE = 0,
204 	OP_ADD_NAMERULE = 1,
205 	OP_RM_NAMERULE = 2,
206 	OP_FLUSH_NAMERULES = 3
207 };
208 union idmap_update_op switch(idmap_opnum opnum) {
209 	case OP_ADD_NAMERULE:
210 	case OP_RM_NAMERULE:
211 		idmap_namerule rule;
212 	default:
213 		void;
214 };
215 typedef idmap_update_op idmap_update_batch<>;
216 
217 const AD_DISC_MAXHOSTNAME = 256;
218 
219 #ifndef _KERNEL
220 struct idmap_ad_disc_ds_t {
221 	int	port;
222 	int	priority;
223 	int	weight;
224 	char	host[AD_DISC_MAXHOSTNAME];
225 };
226 
227 
228 /* get-prop, set-prop */
229 enum idmap_prop_type {
230 	PROP_UNKNOWN = 0,
231 	PROP_LIST_SIZE_LIMIT = 1,
232 	PROP_DEFAULT_DOMAIN = 2,	/* default domain name */
233 	PROP_DOMAIN_NAME = 3,		/* AD domain name */
234 	PROP_MACHINE_SID = 4,		/* machine sid */
235 	PROP_DOMAIN_CONTROLLER = 5,	/* domain controller hosts */
236 	PROP_FOREST_NAME = 6,		/* forest name */
237 	PROP_SITE_NAME = 7,		/* site name */
238 	PROP_GLOBAL_CATALOG = 8,	/* global catalog hosts */
239 	PROP_AD_UNIXUSER_ATTR = 9,
240 	PROP_AD_UNIXGROUP_ATTR = 10,
241 	PROP_NLDAP_WINNAME_ATTR = 11,
242 	PROP_DS_NAME_MAPPING_ENABLED = 12
243 };
244 
245 union idmap_prop_val switch(idmap_prop_type prop) {
246 	case PROP_LIST_SIZE_LIMIT:
247 		uint64_t intval;
248 	case PROP_DEFAULT_DOMAIN:
249 	case PROP_DOMAIN_NAME:
250 	case PROP_MACHINE_SID:
251 	case PROP_FOREST_NAME:
252 	case PROP_SITE_NAME:
253 	case PROP_AD_UNIXUSER_ATTR:
254 	case PROP_AD_UNIXGROUP_ATTR:
255 	case PROP_NLDAP_WINNAME_ATTR:
256 		idmap_utf8str utf8val;
257 	case PROP_DS_NAME_MAPPING_ENABLED:
258 		bool boolval;
259 	case PROP_DOMAIN_CONTROLLER:
260 	case PROP_GLOBAL_CATALOG:
261 		idmap_ad_disc_ds_t dsval;
262 	default:
263 		void;
264 };
265 
266 struct idmap_prop_res {
267 	idmap_retcode	retcode;
268 	idmap_prop_val	value;
269 	bool		auto_discovered;
270 };
271 #endif
272 
273 program IDMAP_PROG {
274 	version IDMAP_V1 {
275 		void
276 		IDMAP_NULL(void) = 0;
277 
278 		/* Batch of requests to get mapped identities */
279 		idmap_ids_res
280 		IDMAP_GET_MAPPED_IDS(idmap_mapping_batch batch) = 1;
281 
282 		/* List all identity mappings */
283 		idmap_mappings_res
284 		IDMAP_LIST_MAPPINGS(int64_t lastrowid,
285 			uint64_t limit, int32_t flag) = 2;
286 
287 		/* List all name-based mapping rules */
288 		idmap_namerules_res
289 		IDMAP_LIST_NAMERULES(idmap_namerule rule,
290 			uint64_t lastrowid, uint64_t limit) = 3;
291 
292 		/* Batch of update requests */
293 		idmap_update_res
294 		IDMAP_UPDATE(idmap_update_batch batch) = 4;
295 
296 		/* Get mapped identity by name */
297 		idmap_mappings_res
298 		IDMAP_GET_MAPPED_ID_BY_NAME(idmap_mapping request) = 5;
299 
300 #ifndef _KERNEL
301 		/* Get configuration property */
302 		idmap_prop_res
303 		IDMAP_GET_PROP(idmap_prop_type) = 6;
304 #endif
305 
306 	} = 1;
307 } = 100172;
308