xref: /titanic_52/usr/src/cmd/idmap/idmapd/adutils.h (revision 53f3aea0943e36e5fed2615ad5f9fd1f17de51d2)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _ADUTILS_H
28 #define	_ADUTILS_H
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 /*
35  * Processes name2sid & sid2name lookups for a given user or computer
36  * from an AD Difrectory server using GSSAPI authentication
37  */
38 
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <unistd.h>
42 #include <lber.h>
43 #include <ldap.h>
44 #include <sasl/sasl.h>
45 #include <string.h>
46 #include <ctype.h>
47 #include <sys/types.h>
48 #include <time.h>
49 #include <thread.h>
50 #include <synch.h>
51 #include <rpcsvc/idmap_prot.h>
52 #include "libadutils.h"
53 #include <sys/idmap.h>
54 
55 /*
56  * idmapd interfaces stolen? from other idmapd code?
57  */
58 
59 /*
60  * Eventually these should be an enum here, but instead we share a
61  * namespace with other things in idmapd.
62  */
63 #define	_IDMAP_T_OTHER		0
64 #define	_IDMAP_T_UNDEF		-1
65 #define	_IDMAP_T_USER		-1004
66 #define	_IDMAP_T_GROUP		-1005
67 #define	_IDMAP_T_DOMAIN		-1006
68 
69 typedef uint32_t rid_t;
70 typedef uid_t posix_id_t;
71 
72 typedef struct idmap_query_state idmap_query_state_t;
73 
74 int	idmap_add_ds(adutils_ad_t *ad, const char *host, int port);
75 
76 
77 /*
78  * Batch lookups
79  *
80  * Start a batch, add queries to the batch one by one (the output
81  * pointers should all differ, so that a query's results don't clobber
82  * any other's), end the batch to wait for replies for all outstanding
83  * queries.  The output parameters of each query are initialized to NULL
84  * or -1 as appropriate.
85  *
86  * LDAP searches are sent one by one without waiting (i.e., blocking)
87  * for replies.  Replies are handled as soon as they are available.
88  * Missing replies are waited for only when idmap_lookup_batch_end() is
89  * called.
90  *
91  * If an add1 function returns != 0 then abort the batch by calling
92  * idmap_lookup_batch_end(), but note that some queries may have been
93  * answered, so check the result code of each query.
94  */
95 
96 /* Start a batch of lookups */
97 idmap_retcode idmap_lookup_batch_start(adutils_ad_t *ad, int nqueries,
98     int directory_based_mapping, const char *default_domain,
99     idmap_query_state_t **state);
100 
101 /* End a batch and release its idmap_query_state_t object */
102 idmap_retcode idmap_lookup_batch_end(idmap_query_state_t **state);
103 
104 /* Abandon a batch and release its idmap_query_state_t object */
105 void idmap_lookup_release_batch(idmap_query_state_t **state);
106 
107 /*
108  * Add a name->SID lookup
109  *
110  *  - 'dname' is optional; if NULL or empty string then 'name' has to be
111  *  a user/group name qualified wih a domainname (e.g., foo@domain),
112  *  else the 'name' must not be qualified and the domainname must be
113  *  passed in 'dname'.
114  *
115  *  - if 'rid' is NULL then the output SID string will include the last
116  *  RID, else it won't and the last RID value will be stored in *rid.
117  *
118  *  The caller must free() *sid.
119  */
120 idmap_retcode idmap_name2sid_batch_add1(idmap_query_state_t *state,
121 		const char *name, const char *dname, int eunixtype,
122 		char **dn, char **attr, char **value, char **canonname,
123 		char **sid, rid_t *rid, int *sid_type, char **unixname,
124 		posix_id_t *pid, idmap_retcode *rc);
125 /*
126  * Add a SID->name lookup
127  *
128  *  - 'rid' is optional; if NULL then 'sid' is expected to have the
129  *  user/group RID present, else 'sid' is expected not to have it, and
130  *  *rid will be used to qualify the given 'sid'
131  *
132  *  - 'dname' is optional; if NULL then the fully qualified user/group
133  *  name will be stored in *name, else the domain name will be stored in
134  *  *dname and the user/group name will be stored in *name without a
135  *  domain qualifier.
136  *
137  *  The caller must free() *name and *dname (if present).
138  */
139 idmap_retcode idmap_sid2name_batch_add1(idmap_query_state_t *state,
140 		const char *sid, const rid_t *rid, int eunixtype,
141 		char **dn, char **attr, char **value, char **name,
142 		char **dname, int *sid_type, char **unixname,
143 		posix_id_t *pid, idmap_retcode *rc);
144 
145 /*
146  * Add a unixname->SID lookup
147  */
148 idmap_retcode idmap_unixname2sid_batch_add1(idmap_query_state_t *state,
149 		const char *unixname, int is_user, int is_wuser,
150 		char **dn, char **attr, char **value, char **sid, rid_t *rid,
151 		char **name, char **dname, int *sid_type, idmap_retcode *rc);
152 
153 /*
154  * Add a PID->SID lookup
155  */
156 idmap_retcode idmap_pid2sid_batch_add1(idmap_query_state_t *state,
157 		posix_id_t pid, int is_user,
158 		char **dn, char **attr, char **value, char **sid, rid_t *rid,
159 		char **name, char **dname, int *sid_type, idmap_retcode *rc);
160 
161 /*
162  * Set unixname attribute names for the batch for AD-based name mapping
163  */
164 void idmap_lookup_batch_set_unixattr(idmap_query_state_t *state,
165 		const char *unixuser_attr, const char *unixgroup_attr);
166 
167 #ifdef __cplusplus
168 }
169 #endif
170 
171 #endif	/* _ADUTILS_H */
172