1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 /* opaque type to support non-ASCII strings */ 28 typedef string idmap_utf8str<>; 29 30 /* Return status */ 31 typedef int idmap_retcode; 32 33 /* Identity types */ 34 enum idmap_id_type { 35 IDMAP_NONE = 0, 36 IDMAP_UID = 1, 37 IDMAP_GID, 38 IDMAP_SID, 39 IDMAP_USID, 40 IDMAP_GSID, 41 IDMAP_POSIXID 42 }; 43 44 /* The type of ID mapping */ 45 enum idmap_map_type { 46 IDMAP_MAP_TYPE_UNKNOWN = 0, 47 IDMAP_MAP_TYPE_DS_AD, 48 IDMAP_MAP_TYPE_DS_NLDAP, 49 IDMAP_MAP_TYPE_RULE_BASED, 50 IDMAP_MAP_TYPE_EPHEMERAL, 51 IDMAP_MAP_TYPE_LOCAL_SID, 52 IDMAP_MAP_TYPE_KNOWN_SID 53 }; 54 55 56 /* Source of ID mapping */ 57 enum idmap_map_src { 58 IDMAP_MAP_SRC_UNKNOWN = 0, 59 IDMAP_MAP_SRC_NEW, 60 IDMAP_MAP_SRC_CACHE, 61 IDMAP_MAP_SRC_HARD_CODED, 62 IDMAP_MAP_SRC_ALGORITHMIC 63 }; 64 65 66 /* SID */ 67 struct idmap_sid { 68 string prefix<>; 69 uint32_t rid; 70 }; 71 72 /* Identity (sid-posix) */ 73 union idmap_id switch(idmap_id_type idtype) { 74 case IDMAP_UID: uint32_t uid; 75 case IDMAP_GID: uint32_t gid; 76 case IDMAP_SID: idmap_sid sid; 77 case IDMAP_USID: idmap_sid usid; 78 case IDMAP_GSID: idmap_sid gsid; 79 case IDMAP_NONE: void; 80 case IDMAP_POSIXID: void; 81 }; 82 83 84 /* Name-based mapping rules */ 85 struct idmap_namerule { 86 bool is_user; 87 bool is_wuser; 88 int direction; 89 idmap_utf8str windomain; 90 idmap_utf8str winname; 91 idmap_utf8str unixname; 92 bool is_nt4; 93 }; 94 struct idmap_namerules_res { 95 idmap_retcode retcode; 96 uint64_t lastrowid; 97 idmap_namerule rules<>; 98 }; 99 100 /* How ID is mapped */ 101 struct idmap_how_ds_based { 102 idmap_utf8str dn; 103 idmap_utf8str attr; 104 idmap_utf8str value; 105 }; 106 107 union idmap_how switch(idmap_map_type map_type) { 108 case IDMAP_MAP_TYPE_UNKNOWN: void; 109 case IDMAP_MAP_TYPE_DS_AD: idmap_how_ds_based ad; 110 case IDMAP_MAP_TYPE_DS_NLDAP: idmap_how_ds_based nldap; 111 case IDMAP_MAP_TYPE_RULE_BASED: idmap_namerule rule; 112 case IDMAP_MAP_TYPE_EPHEMERAL: void; 113 case IDMAP_MAP_TYPE_LOCAL_SID: void; 114 case IDMAP_MAP_TYPE_KNOWN_SID: void; 115 }; 116 117 struct idmap_info { 118 idmap_map_src src; 119 idmap_how how; 120 }; 121 122 123 /* Id result */ 124 struct idmap_id_res { 125 idmap_retcode retcode; 126 idmap_id id; 127 int direction; 128 idmap_info info; 129 }; 130 struct idmap_ids_res { 131 idmap_retcode retcode; 132 idmap_id_res ids<>; 133 }; 134 135 136 /* 137 * Flag supported by mapping requests 138 */ 139 140 /* Don't allocate a new value for the mapping */ 141 const IDMAP_REQ_FLG_NO_NEW_ID_ALLOC = 0x00000001; 142 143 /* Validate the given identity before mapping */ 144 const IDMAP_REQ_FLG_VALIDATE = 0x00000002; 145 146 /* Avoid name service lookups to prevent looping */ 147 const IDMAP_REQ_FLG_NO_NAMESERVICE = 0x00000004; 148 149 /* Request how a mapping was formed */ 150 const IDMAP_REQ_FLG_MAPPING_INFO = 0x00000008; 151 152 /* 153 * This libidmap only flag is defined in idmap.h 154 * It enables use of the libidmap cache 155 * const IDMAP_REQ_FLG_USE_CACHE = 0x00000010; 156 */ 157 158 /* Request mapping for well-known or local SIDs only */ 159 const IDMAP_REQ_FLG_WK_OR_LOCAL_SIDS_ONLY = 0x00000020; 160 161 162 /* 163 * Mapping direction definitions 164 */ 165 const IDMAP_DIRECTION_UNDEF = -1; /* not defined */ 166 const IDMAP_DIRECTION_BI = 0; /* bi-directional */ 167 const IDMAP_DIRECTION_W2U = 1; /* windows to unix only */ 168 const IDMAP_DIRECTION_U2W = 2; /* unix to windows only */ 169 170 171 /* Identity mappings (sid-posix) */ 172 struct idmap_mapping { 173 int32_t flag; 174 int direction; 175 idmap_id id1; 176 idmap_utf8str id1domain; 177 idmap_utf8str id1name; 178 idmap_id id2; 179 idmap_utf8str id2domain; 180 idmap_utf8str id2name; 181 idmap_info info; 182 }; 183 184 typedef idmap_mapping idmap_mapping_batch<>; 185 186 struct idmap_mappings_res { 187 idmap_retcode retcode; 188 uint64_t lastrowid; 189 idmap_mapping mappings<>; 190 }; 191 192 193 /* Update result */ 194 struct idmap_update_res { 195 idmap_retcode retcode; 196 int64_t error_index; 197 idmap_namerule error_rule; 198 idmap_namerule conflict_rule; 199 }; 200 201 /* Update requests */ 202 enum idmap_opnum { 203 OP_NONE = 0, 204 OP_ADD_NAMERULE = 1, 205 OP_RM_NAMERULE = 2, 206 OP_FLUSH_NAMERULES = 3 207 }; 208 union idmap_update_op switch(idmap_opnum opnum) { 209 case OP_ADD_NAMERULE: 210 case OP_RM_NAMERULE: 211 idmap_namerule rule; 212 default: 213 void; 214 }; 215 typedef idmap_update_op idmap_update_batch<>; 216 217 const AD_DISC_MAXHOSTNAME = 256; 218 219 #ifndef _KERNEL 220 struct idmap_ad_disc_ds_t { 221 int port; 222 int priority; 223 int weight; 224 char host[AD_DISC_MAXHOSTNAME]; 225 }; 226 227 228 /* get-prop, set-prop */ 229 enum idmap_prop_type { 230 PROP_UNKNOWN = 0, 231 PROP_LIST_SIZE_LIMIT = 1, 232 PROP_DEFAULT_DOMAIN = 2, /* default domain name */ 233 PROP_DOMAIN_NAME = 3, /* AD domain name */ 234 PROP_MACHINE_SID = 4, /* machine sid */ 235 PROP_DOMAIN_CONTROLLER = 5, /* domain controller hosts */ 236 PROP_FOREST_NAME = 6, /* forest name */ 237 PROP_SITE_NAME = 7, /* site name */ 238 PROP_GLOBAL_CATALOG = 8, /* global catalog hosts */ 239 PROP_AD_UNIXUSER_ATTR = 9, 240 PROP_AD_UNIXGROUP_ATTR = 10, 241 PROP_NLDAP_WINNAME_ATTR = 11, 242 PROP_DS_NAME_MAPPING_ENABLED = 12 243 }; 244 245 union idmap_prop_val switch(idmap_prop_type prop) { 246 case PROP_LIST_SIZE_LIMIT: 247 uint64_t intval; 248 case PROP_DEFAULT_DOMAIN: 249 case PROP_DOMAIN_NAME: 250 case PROP_MACHINE_SID: 251 case PROP_FOREST_NAME: 252 case PROP_SITE_NAME: 253 case PROP_AD_UNIXUSER_ATTR: 254 case PROP_AD_UNIXGROUP_ATTR: 255 case PROP_NLDAP_WINNAME_ATTR: 256 idmap_utf8str utf8val; 257 case PROP_DS_NAME_MAPPING_ENABLED: 258 bool boolval; 259 case PROP_DOMAIN_CONTROLLER: 260 case PROP_GLOBAL_CATALOG: 261 idmap_ad_disc_ds_t dsval; 262 default: 263 void; 264 }; 265 266 struct idmap_prop_res { 267 idmap_retcode retcode; 268 idmap_prop_val value; 269 bool auto_discovered; 270 }; 271 #endif 272 273 program IDMAP_PROG { 274 version IDMAP_V1 { 275 void 276 IDMAP_NULL(void) = 0; 277 278 /* Batch of requests to get mapped identities */ 279 idmap_ids_res 280 IDMAP_GET_MAPPED_IDS(idmap_mapping_batch batch) = 1; 281 282 /* List all identity mappings */ 283 idmap_mappings_res 284 IDMAP_LIST_MAPPINGS(int64_t lastrowid, 285 uint64_t limit, int32_t flag) = 2; 286 287 /* List all name-based mapping rules */ 288 idmap_namerules_res 289 IDMAP_LIST_NAMERULES(idmap_namerule rule, 290 uint64_t lastrowid, uint64_t limit) = 3; 291 292 /* Batch of update requests */ 293 idmap_update_res 294 IDMAP_UPDATE(idmap_update_batch batch) = 4; 295 296 /* Get mapped identity by name */ 297 idmap_mappings_res 298 IDMAP_GET_MAPPED_ID_BY_NAME(idmap_mapping request) = 5; 299 300 #ifndef _KERNEL 301 /* Get configuration property */ 302 idmap_prop_res 303 IDMAP_GET_PROP(idmap_prop_type) = 6; 304 #endif 305 306 } = 1; 307 } = 100172; 308