xref: /titanic_44/usr/src/lib/libadutils/common/libadutils.h (revision 148c5f43199ca0b43fc8e3b643aab11cd66ea327) 
12b4a7802SBaban Kenkre /*
22b4a7802SBaban Kenkre  * CDDL HEADER START
32b4a7802SBaban Kenkre  *
42b4a7802SBaban Kenkre  * The contents of this file are subject to the terms of the
52b4a7802SBaban Kenkre  * Common Development and Distribution License (the "License").
62b4a7802SBaban Kenkre  * You may not use this file except in compliance with the License.
72b4a7802SBaban Kenkre  *
82b4a7802SBaban Kenkre  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
92b4a7802SBaban Kenkre  * or http://www.opensolaris.org/os/licensing.
102b4a7802SBaban Kenkre  * See the License for the specific language governing permissions
112b4a7802SBaban Kenkre  * and limitations under the License.
122b4a7802SBaban Kenkre  *
132b4a7802SBaban Kenkre  * When distributing Covered Code, include this CDDL HEADER in each
142b4a7802SBaban Kenkre  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
152b4a7802SBaban Kenkre  * If applicable, add the following below this CDDL HEADER, with the
162b4a7802SBaban Kenkre  * fields enclosed by brackets "[]" replaced with your own identifying
172b4a7802SBaban Kenkre  * information: Portions Copyright [yyyy] [name of copyright owner]
182b4a7802SBaban Kenkre  *
192b4a7802SBaban Kenkre  * CDDL HEADER END
202b4a7802SBaban Kenkre  */
212b4a7802SBaban Kenkre /*
22*148c5f43SAlan Wright  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
232b4a7802SBaban Kenkre  */
242b4a7802SBaban Kenkre 
252b4a7802SBaban Kenkre #ifndef	_LIBADUTILS_H
262b4a7802SBaban Kenkre #define	_LIBADUTILS_H
272b4a7802SBaban Kenkre 
282b4a7802SBaban Kenkre #include <stdlib.h>
292b4a7802SBaban Kenkre #include <stdio.h>
302b4a7802SBaban Kenkre #include <sys/types.h>
312b4a7802SBaban Kenkre #include <rpc/rpc.h>
322b4a7802SBaban Kenkre #include <ldap.h>
332b4a7802SBaban Kenkre 
342b4a7802SBaban Kenkre #ifdef	__cplusplus
352b4a7802SBaban Kenkre extern "C" {
362b4a7802SBaban Kenkre #endif
372b4a7802SBaban Kenkre 
382b4a7802SBaban Kenkre #define	ADUTILS_DEF_NUM_RETRIES	2
39*148c5f43SAlan Wright 
40*148c5f43SAlan Wright /*
41*148c5f43SAlan Wright  * Symbolic constants for different sets of debug messages.
42*148c5f43SAlan Wright  */
43*148c5f43SAlan Wright enum ad_debug {
44*148c5f43SAlan Wright 	AD_DEBUG_ALL = 0,
45*148c5f43SAlan Wright 	AD_DEBUG_DNS = 1,
46*148c5f43SAlan Wright 	AD_DEBUG_LDAP = 2,
47*148c5f43SAlan Wright 	AD_DEBUG_DISC = 3,
48*148c5f43SAlan Wright 	AD_DEBUG_MAX = 3
49*148c5f43SAlan Wright };
50*148c5f43SAlan Wright 
512b4a7802SBaban Kenkre #define	ADUTILS_SID_MAX_SUB_AUTHORITIES	15
522b4a7802SBaban Kenkre #define	ADUTILS_MAXBINSID\
532b4a7802SBaban Kenkre 	(1 + 1 + 6 + (ADUTILS_SID_MAX_SUB_AUTHORITIES * 4))
542b4a7802SBaban Kenkre #define	ADUTILS_MAXHEXBINSID	(ADUTILS_MAXBINSID * 3)
552b4a7802SBaban Kenkre 
562b4a7802SBaban Kenkre typedef struct adutils_ad adutils_ad_t;
572b4a7802SBaban Kenkre typedef struct adutils_entry adutils_entry_t;
582b4a7802SBaban Kenkre typedef struct adutils_result adutils_result_t;
592b4a7802SBaban Kenkre typedef struct adutils_ctx adutils_ctx_t;
602b4a7802SBaban Kenkre typedef struct adutils_query_state adutils_query_state_t;
612b4a7802SBaban Kenkre 
622b4a7802SBaban Kenkre /*
632b4a7802SBaban Kenkre  * Typedef for callback routine for adutils_lookup_batch_start.
642b4a7802SBaban Kenkre  * This callback routine is used to process the result of
652b4a7802SBaban Kenkre  * ldap_result(3LDAP).
662b4a7802SBaban Kenkre  *	ld   - LDAP handle used by ldap_result(3LDAP)
672b4a7802SBaban Kenkre  *	res  - Entry returned by ldap_result(3LDAP)
682b4a7802SBaban Kenkre  *	rc   - Return value of ldap_result(3LDAP)
692b4a7802SBaban Kenkre  *	qid  - Query ID that corresponds to the result.
702b4a7802SBaban Kenkre  *	argp - Argument passed by the caller at the time
712b4a7802SBaban Kenkre  *	       of adutils_lookup_batch_start.
722b4a7802SBaban Kenkre  */
732b4a7802SBaban Kenkre typedef void (*adutils_ldap_res_search_cb)(LDAP *ld, LDAPMessage **res,
742b4a7802SBaban Kenkre 	int rc, int qid, void *argp);
752b4a7802SBaban Kenkre 
762b4a7802SBaban Kenkre typedef enum {
772b4a7802SBaban Kenkre 	ADUTILS_SUCCESS = 0,
782b4a7802SBaban Kenkre 	ADUTILS_ERR_INTERNAL = -10000,
792b4a7802SBaban Kenkre 	ADUTILS_ERR_OTHER,
802b4a7802SBaban Kenkre 	ADUTILS_ERR_NOTFOUND,
812b4a7802SBaban Kenkre 	ADUTILS_ERR_RETRIABLE_NET_ERR,
822b4a7802SBaban Kenkre 	ADUTILS_ERR_MEMORY,
832b4a7802SBaban Kenkre 	ADUTILS_ERR_DOMAIN
842b4a7802SBaban Kenkre } adutils_rc;
852b4a7802SBaban Kenkre 
862b4a7802SBaban Kenkre /*
872b4a7802SBaban Kenkre  * We use the port numbers for normal LDAP and global catalog LDAP as
882b4a7802SBaban Kenkre  * the enum values for this enumeration.  Clever?  Silly?  You decide.
892b4a7802SBaban Kenkre  * Although we never actually use these enum values as port numbers and
902b4a7802SBaban Kenkre  * never will, so this is just cute.
912b4a7802SBaban Kenkre  */
922b4a7802SBaban Kenkre typedef enum adutils_ad_partition {
932b4a7802SBaban Kenkre 	ADUTILS_AD_DATA = 389,
942b4a7802SBaban Kenkre 	ADUTILS_AD_GLOBAL_CATALOG = 3268
952b4a7802SBaban Kenkre } adutils_ad_partition_t;
962b4a7802SBaban Kenkre 
972b4a7802SBaban Kenkre 
982b4a7802SBaban Kenkre /*
992b4a7802SBaban Kenkre  * adutils interfaces:
1002b4a7802SBaban Kenkre  *
1012b4a7802SBaban Kenkre  *  - an adutils_ad_t represents an AD partition
1022b4a7802SBaban Kenkre  *  - a DS (hostname + port, if port != 0) can be added/removed from an
1032b4a7802SBaban Kenkre  *  adutils_ad_t
1042b4a7802SBaban Kenkre  *  - an adutils_ad_t can be allocated, ref'ed and released; last release
1052b4a7802SBaban Kenkre  *  releases resources
1062b4a7802SBaban Kenkre  *
1072b4a7802SBaban Kenkre  *
1082b4a7802SBaban Kenkre  * adutils_lookup_batch_xxx interfaces:
1092b4a7802SBaban Kenkre  *
1102b4a7802SBaban Kenkre  * These interfaces allow the caller to batch AD lookup requests. The
1112b4a7802SBaban Kenkre  * batched requests are processed asynchronously. The actual lookup
1122b4a7802SBaban Kenkre  * is currently implement using libldap's ldap_search_ext(3LDAP) and
1132b4a7802SBaban Kenkre  * ldap_result(3LDAP) APIs.
1142b4a7802SBaban Kenkre  *
1152b4a7802SBaban Kenkre  *	Example:
1162b4a7802SBaban Kenkre  *      	adutils_query_state_t	*qs;
1172b4a7802SBaban Kenkre  *      	adutils_lookup_batch_start(..., &qs);
1182b4a7802SBaban Kenkre  *		for each request {
1192b4a7802SBaban Kenkre  *			rc = adutils_lookup_batch_add(qs, ...);
1202b4a7802SBaban Kenkre  *			if (rc != success)
1212b4a7802SBaban Kenkre  *				break;
1222b4a7802SBaban Kenkre  *		}
1232b4a7802SBaban Kenkre  *		if (rc == success)
1242b4a7802SBaban Kenkre  *			adutils_lookup_batch_end(&qs);
1252b4a7802SBaban Kenkre  *		else
1262b4a7802SBaban Kenkre  *			adutils_lookup_batch_release(&qs);
1272b4a7802SBaban Kenkre  *
1282b4a7802SBaban Kenkre  *	The adutils_lookup_batch_start interface allows the caller to pass
1292b4a7802SBaban Kenkre  *	in a callback function that's invoked when ldap_result() returns
1302b4a7802SBaban Kenkre  *	LDAP_RES_SEARCH_RESULT and LDAP_RES_SEARCH_ENTRY for each request.
1312b4a7802SBaban Kenkre  *
1322b4a7802SBaban Kenkre  *	If no callback is provided then adutils batch API falls back to its
1332b4a7802SBaban Kenkre  *	default behaviour which is:
1342b4a7802SBaban Kenkre  *		For LDAP_RES_SEARCH_ENTRY, add the entry to the entry set.
1352b4a7802SBaban Kenkre  *		For LDAP_RES_SEARCH_RESULT, set return code to
1362b4a7802SBaban Kenkre  *			ADUTILS_ERR_NOTFOUND if the entry set is empty.
1372b4a7802SBaban Kenkre  *
1382b4a7802SBaban Kenkre  *	See $SRC/cmd/idmap/idmapd/adutils.c for an example of
1392b4a7802SBaban Kenkre  *      non-default callback routine.
1402b4a7802SBaban Kenkre  *
1412b4a7802SBaban Kenkre  */
1422b4a7802SBaban Kenkre 
1437a8a68f5SJulian Pullen typedef void (*adutils_logger)(int, const char *, ...);
1447a8a68f5SJulian Pullen 
145*148c5f43SAlan Wright extern void		adutils_set_debug(enum ad_debug item, int val);
1467a8a68f5SJulian Pullen 
1472b4a7802SBaban Kenkre extern adutils_rc	adutils_ad_alloc(adutils_ad_t **new_ad,
148e3f2c991SKeyur Desai 				const char *domain_name,
1492b4a7802SBaban Kenkre 				adutils_ad_partition_t part);
1502b4a7802SBaban Kenkre extern void		adutils_ad_free(adutils_ad_t **ad);
1512b4a7802SBaban Kenkre extern adutils_rc	adutils_add_ds(adutils_ad_t *ad,
1522b4a7802SBaban Kenkre 				const char *host, int port);
1534d61c878SJulian Pullen extern adutils_rc	adutils_add_domain(adutils_ad_t *ad,
1544d61c878SJulian Pullen 				const char *domain_name,
1554d61c878SJulian Pullen 				const char *domain_sid);
1562b4a7802SBaban Kenkre extern void		adutils_freeresult(adutils_result_t **result);
1572b4a7802SBaban Kenkre extern adutils_rc	adutils_lookup(adutils_ad_t *ad,
1582b4a7802SBaban Kenkre 				const char *searchfilter,
1592b4a7802SBaban Kenkre 				const char **attrs, const char *domain,
1602b4a7802SBaban Kenkre 				adutils_result_t **result);
1612b4a7802SBaban Kenkre extern char		**adutils_getattr(const adutils_entry_t *entry,
1622b4a7802SBaban Kenkre 				const char *attrname);
1632b4a7802SBaban Kenkre extern const adutils_entry_t	*adutils_getfirstentry(
1642b4a7802SBaban Kenkre 					adutils_result_t *result);
1652b4a7802SBaban Kenkre extern int		adutils_txtsid2hexbinsid(const char *txt,
1662b4a7802SBaban Kenkre 				const uint32_t *rid,
1672b4a7802SBaban Kenkre 				char *hexbinsid, int hexbinsidlen);
168e3f2c991SKeyur Desai extern char		*adutils_bv_str(BerValue *bval);
169e3f2c991SKeyur Desai extern boolean_t	adutils_bv_uint(BerValue *bval, unsigned int *result);
1702b4a7802SBaban Kenkre extern char		*adutils_bv_objsid2sidstr(BerValue *bval,
1712b4a7802SBaban Kenkre 				uint32_t *rid);
1722b4a7802SBaban Kenkre extern void		adutils_reap_idle_connections(void);
1732b4a7802SBaban Kenkre extern char		*adutils_dn2dns(const char *dn);
1742b4a7802SBaban Kenkre extern adutils_rc	adutils_lookup_batch_start(adutils_ad_t *ad,
1752b4a7802SBaban Kenkre 				int nqueries,
1762b4a7802SBaban Kenkre 				adutils_ldap_res_search_cb ldap_res_search_cb,
1772b4a7802SBaban Kenkre 				void *ldap_res_search_argp,
1782b4a7802SBaban Kenkre 				adutils_query_state_t **state);
1792b4a7802SBaban Kenkre extern adutils_rc	adutils_lookup_batch_add(adutils_query_state_t *state,
1801fcced4cSJordan Brown 				const char *filter, const char * const *attrs,
1812b4a7802SBaban Kenkre 				const char *edomain, adutils_result_t **result,
1822b4a7802SBaban Kenkre 				adutils_rc *rc);
1832b4a7802SBaban Kenkre extern adutils_rc	adutils_lookup_batch_end(
1842b4a7802SBaban Kenkre 				adutils_query_state_t **state);
1852b4a7802SBaban Kenkre extern void		adutils_lookup_batch_release(
1862b4a7802SBaban Kenkre 				adutils_query_state_t **state);
1874d61c878SJulian Pullen extern int		adutils_lookup_check_domain(
1884d61c878SJulian Pullen 				adutils_query_state_t *state,
1894d61c878SJulian Pullen 				const char *domain);
1904d61c878SJulian Pullen extern int		adutils_lookup_check_sid_prefix(
1914d61c878SJulian Pullen 				adutils_query_state_t *state,
1924d61c878SJulian Pullen 				const char *sid);
1937a8a68f5SJulian Pullen extern void		adutils_set_logger(adutils_logger logger);
1942b4a7802SBaban Kenkre 
1951fcced4cSJordan Brown extern boolean_t	domain_eq(const char *a, const char *b);
1961fcced4cSJordan Brown 
1972b4a7802SBaban Kenkre #ifdef	__cplusplus
1982b4a7802SBaban Kenkre }
1992b4a7802SBaban Kenkre #endif
2002b4a7802SBaban Kenkre 
2012b4a7802SBaban Kenkre #endif	/* _LIBADUTILS_H */
202