1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* opaque type to support non-ASCII strings */ 27 typedef string idmap_utf8str<>; 28 typedef idmap_utf8str idmap_utf8str_list<>; 29 30 /* Return status */ 31 typedef int idmap_retcode; 32 33 /* Identity types */ 34 enum idmap_id_type { 35 IDMAP_NONE = 0, 36 IDMAP_UID = 1, 37 IDMAP_GID, 38 IDMAP_SID, 39 IDMAP_USID, 40 IDMAP_GSID, 41 IDMAP_POSIXID 42 }; 43 44 /* The type of ID mapping */ 45 enum idmap_map_type { 46 IDMAP_MAP_TYPE_UNKNOWN = 0, 47 IDMAP_MAP_TYPE_DS_AD, 48 IDMAP_MAP_TYPE_DS_NLDAP, 49 IDMAP_MAP_TYPE_RULE_BASED, 50 IDMAP_MAP_TYPE_EPHEMERAL, 51 IDMAP_MAP_TYPE_LOCAL_SID, 52 IDMAP_MAP_TYPE_KNOWN_SID, 53 IDMAP_MAP_TYPE_IDMU 54 }; 55 56 57 /* Source of ID mapping */ 58 enum idmap_map_src { 59 IDMAP_MAP_SRC_UNKNOWN = 0, 60 IDMAP_MAP_SRC_NEW, 61 IDMAP_MAP_SRC_CACHE, 62 IDMAP_MAP_SRC_HARD_CODED, 63 IDMAP_MAP_SRC_ALGORITHMIC 64 }; 65 66 67 /* SID */ 68 struct idmap_sid { 69 string prefix<>; 70 uint32_t rid; 71 }; 72 73 /* Identity (sid-posix) */ 74 union idmap_id switch(idmap_id_type idtype) { 75 case IDMAP_UID: uint32_t uid; 76 case IDMAP_GID: uint32_t gid; 77 case IDMAP_SID: idmap_sid sid; 78 case IDMAP_USID: idmap_sid usid; 79 case IDMAP_GSID: idmap_sid gsid; 80 case IDMAP_NONE: void; 81 case IDMAP_POSIXID: void; 82 }; 83 84 85 /* Name-based mapping rules */ 86 struct idmap_namerule { 87 bool is_user; 88 bool is_wuser; 89 int direction; 90 idmap_utf8str windomain; 91 idmap_utf8str winname; 92 idmap_utf8str unixname; 93 bool is_nt4; 94 }; 95 struct idmap_namerules_res { 96 idmap_retcode retcode; 97 uint64_t lastrowid; 98 idmap_namerule rules<>; 99 }; 100 101 /* How ID is mapped */ 102 struct idmap_how_ds_based { 103 idmap_utf8str dn; 104 idmap_utf8str attr; 105 idmap_utf8str value; 106 }; 107 108 union idmap_how switch(idmap_map_type map_type) { 109 case IDMAP_MAP_TYPE_UNKNOWN: void; 110 case IDMAP_MAP_TYPE_DS_AD: idmap_how_ds_based ad; 111 case IDMAP_MAP_TYPE_DS_NLDAP: idmap_how_ds_based nldap; 112 case IDMAP_MAP_TYPE_RULE_BASED: idmap_namerule rule; 113 case IDMAP_MAP_TYPE_EPHEMERAL: void; 114 case IDMAP_MAP_TYPE_LOCAL_SID: void; 115 case IDMAP_MAP_TYPE_KNOWN_SID: void; 116 case IDMAP_MAP_TYPE_IDMU: idmap_how_ds_based idmu; 117 }; 118 119 struct idmap_info { 120 idmap_map_src src; 121 idmap_how how; 122 }; 123 124 125 /* Id result */ 126 struct idmap_id_res { 127 idmap_retcode retcode; 128 idmap_id id; 129 int direction; 130 idmap_info info; 131 }; 132 struct idmap_ids_res { 133 idmap_retcode retcode; 134 idmap_id_res ids<>; 135 }; 136 137 138 /* 139 * Flag supported by mapping requests 140 */ 141 142 /* Don't allocate a new value for the mapping */ 143 const IDMAP_REQ_FLG_NO_NEW_ID_ALLOC = 0x00000001; 144 145 /* Validate the given identity before mapping */ 146 const IDMAP_REQ_FLG_VALIDATE = 0x00000002; 147 148 /* Avoid name service lookups to prevent looping */ 149 const IDMAP_REQ_FLG_NO_NAMESERVICE = 0x00000004; 150 151 /* Request how a mapping was formed */ 152 const IDMAP_REQ_FLG_MAPPING_INFO = 0x00000008; 153 154 /* 155 * This libidmap only flag is defined in idmap.h 156 * It enables use of the libidmap cache 157 * const IDMAP_REQ_FLG_USE_CACHE = 0x00000010; 158 */ 159 160 /* Request mapping for well-known or local SIDs only */ 161 const IDMAP_REQ_FLG_WK_OR_LOCAL_SIDS_ONLY = 0x00000020; 162 163 164 /* 165 * Mapping direction definitions 166 */ 167 const IDMAP_DIRECTION_UNDEF = -1; /* not defined */ 168 const IDMAP_DIRECTION_BI = 0; /* bi-directional */ 169 const IDMAP_DIRECTION_W2U = 1; /* windows to unix only */ 170 const IDMAP_DIRECTION_U2W = 2; /* unix to windows only */ 171 172 173 /* Identity mappings (sid-posix) */ 174 struct idmap_mapping { 175 int32_t flag; 176 int direction; 177 idmap_id id1; 178 idmap_utf8str id1domain; 179 idmap_utf8str id1name; 180 idmap_id id2; 181 idmap_utf8str id2domain; 182 idmap_utf8str id2name; 183 idmap_info info; 184 }; 185 186 typedef idmap_mapping idmap_mapping_batch<>; 187 188 struct idmap_mappings_res { 189 idmap_retcode retcode; 190 uint64_t lastrowid; 191 idmap_mapping mappings<>; 192 }; 193 194 195 /* Update result */ 196 struct idmap_update_res { 197 idmap_retcode retcode; 198 int64_t error_index; 199 idmap_namerule error_rule; 200 idmap_namerule conflict_rule; 201 }; 202 203 /* Update requests */ 204 enum idmap_opnum { 205 OP_NONE = 0, 206 OP_ADD_NAMERULE = 1, 207 OP_RM_NAMERULE = 2, 208 OP_FLUSH_NAMERULES = 3 209 }; 210 union idmap_update_op switch(idmap_opnum opnum) { 211 case OP_ADD_NAMERULE: 212 case OP_RM_NAMERULE: 213 idmap_namerule rule; 214 default: 215 void; 216 }; 217 typedef idmap_update_op idmap_update_batch<>; 218 219 const AD_DISC_MAXHOSTNAME = 256; 220 221 #ifndef _KERNEL 222 struct idmap_ad_disc_ds_t { 223 int port; 224 int priority; 225 int weight; 226 char host[AD_DISC_MAXHOSTNAME]; 227 }; 228 229 230 /* get-prop, set-prop */ 231 enum idmap_prop_type { 232 PROP_UNKNOWN = 0, 233 PROP_LIST_SIZE_LIMIT = 1, 234 PROP_DEFAULT_DOMAIN = 2, /* default domain name */ 235 PROP_DOMAIN_NAME = 3, /* AD domain name */ 236 PROP_MACHINE_SID = 4, /* machine sid */ 237 PROP_DOMAIN_CONTROLLER = 5, /* domain controller hosts */ 238 PROP_FOREST_NAME = 6, /* forest name */ 239 PROP_SITE_NAME = 7, /* site name */ 240 PROP_GLOBAL_CATALOG = 8, /* global catalog hosts */ 241 PROP_AD_UNIXUSER_ATTR = 9, 242 PROP_AD_UNIXGROUP_ATTR = 10, 243 PROP_NLDAP_WINNAME_ATTR = 11, 244 PROP_DIRECTORY_BASED_MAPPING = 12 245 }; 246 247 union idmap_prop_val switch(idmap_prop_type prop) { 248 case PROP_LIST_SIZE_LIMIT: 249 uint64_t intval; 250 case PROP_DEFAULT_DOMAIN: 251 case PROP_DOMAIN_NAME: 252 case PROP_MACHINE_SID: 253 case PROP_FOREST_NAME: 254 case PROP_SITE_NAME: 255 case PROP_AD_UNIXUSER_ATTR: 256 case PROP_AD_UNIXGROUP_ATTR: 257 case PROP_NLDAP_WINNAME_ATTR: 258 case PROP_DIRECTORY_BASED_MAPPING: 259 idmap_utf8str utf8val; 260 case PROP_DOMAIN_CONTROLLER: 261 case PROP_GLOBAL_CATALOG: 262 idmap_ad_disc_ds_t dsval; 263 default: 264 void; 265 }; 266 267 struct idmap_prop_res { 268 idmap_retcode retcode; 269 idmap_prop_val value; 270 bool auto_discovered; 271 }; 272 #endif 273 274 /* 275 * Represents an error from the directory lookup service. 276 * 277 * code is an ASCII string that is a key for the error. It is not 278 * localized. 279 * 280 * fmt is a format string with %n markers for where to include 281 * params[n-1]. It should be, but NEEDSWORK is not localized to 282 * the caller's locale. 283 * 284 * params is a list of parameters for the error - e.g. the name that 285 * encountered a failure, the server that reported the failure, et cetera. 286 * The values are to be used both as marked in fmt and for machine 287 * interpretation of the error. 288 */ 289 struct directory_error_rpc { 290 idmap_utf8str code; 291 idmap_utf8str fmt; 292 idmap_utf8str params<>; 293 }; 294 295 /* 296 * One value of a multivalued attribute. 297 */ 298 typedef opaque directory_value_rpc<>; 299 300 /* 301 * The value of an attribute, if found. Note that this is a list 302 * of directory_value_rpc objects, to support multivalued attributes. 303 */ 304 union directory_values_rpc switch (bool found) { 305 case TRUE: 306 directory_value_rpc values<>; 307 case FALSE: 308 void; 309 }; 310 311 /* 312 * The status of the lookup for any particular identifier. 313 */ 314 enum directory_lookup_status_rpc { 315 DIRECTORY_NOT_FOUND = 0, 316 DIRECTORY_FOUND = 1, 317 DIRECTORY_ERROR = 2 318 }; 319 320 /* 321 * This is the data returned for a particular identifier, either a 322 * list of attribute values or an error. 323 */ 324 union directory_entry_rpc switch (directory_lookup_status_rpc status) { 325 case DIRECTORY_NOT_FOUND: 326 void; 327 case DIRECTORY_FOUND: 328 directory_values_rpc attrs<>; 329 case DIRECTORY_ERROR: 330 directory_error_rpc err; 331 }; 332 333 /* 334 * This is the result from a request, either a list of the entries for 335 * the identifiers specified, or an error. 336 */ 337 union directory_results_rpc switch (bool failed) { 338 case TRUE: 339 directory_error_rpc err; 340 case FALSE: 341 directory_entry_rpc entries<>; 342 }; 343 344 program IDMAP_PROG { 345 version IDMAP_V1 { 346 void 347 IDMAP_NULL(void) = 0; 348 349 /* Batch of requests to get mapped identities */ 350 idmap_ids_res 351 IDMAP_GET_MAPPED_IDS(idmap_mapping_batch batch) = 1; 352 353 /* List all identity mappings */ 354 idmap_mappings_res 355 IDMAP_LIST_MAPPINGS(int64_t lastrowid, 356 uint64_t limit, int32_t flag) = 2; 357 358 /* List all name-based mapping rules */ 359 idmap_namerules_res 360 IDMAP_LIST_NAMERULES(idmap_namerule rule, 361 uint64_t lastrowid, uint64_t limit) = 3; 362 363 /* Batch of update requests */ 364 idmap_update_res 365 IDMAP_UPDATE(idmap_update_batch batch) = 4; 366 367 /* Get mapped identity by name */ 368 idmap_mappings_res 369 IDMAP_GET_MAPPED_ID_BY_NAME(idmap_mapping request) = 5; 370 371 #ifndef _KERNEL 372 /* Get configuration property */ 373 idmap_prop_res 374 IDMAP_GET_PROP(idmap_prop_type) = 6; 375 #endif 376 /* 377 * Retrieve directory information about a list of users 378 * or groups by name or SID. 379 * 380 * ids is a list of user names, group names, or SIDs. 381 * 382 * types is a list of types of the ids in the id list. 383 * If the type list is shorter than the id list, the last 384 * type listed applies to all of the ids from that point. 385 * The defined types are: 386 * 'n' - name (could be user or group) 387 * 'u' - user 388 * 'g' - group 389 * 's' - SID 390 * 391 * attrs is a list of attribute names to retrieve. 392 */ 393 directory_results_rpc DIRECTORY_GET_COMMON( 394 idmap_utf8str_list ids, 395 idmap_utf8str types, 396 idmap_utf8str_list attrs) = 7; 397 398 } = 1; 399 } = 100172; 400