xref: /titanic_52/usr/src/uts/common/rpcsvc/idmap_prot.x (revision 007a36532dce1d38a2504164c2191710645ba2b9)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /* opaque type to support non-ASCII strings */
27 typedef	string	idmap_utf8str<>;
28 typedef	idmap_utf8str	idmap_utf8str_list<>;
29 
30 /* Return status */
31 typedef int idmap_retcode;
32 
33 /* Identity types */
34 enum idmap_id_type {
35 	IDMAP_NONE = 0,
36 	IDMAP_UID = 1,
37 	IDMAP_GID,
38 	IDMAP_SID,
39 	IDMAP_USID,
40 	IDMAP_GSID,
41 	IDMAP_POSIXID
42 };
43 
44 /* The type of ID mapping */
45 enum idmap_map_type {
46 	IDMAP_MAP_TYPE_UNKNOWN = 0,
47 	IDMAP_MAP_TYPE_DS_AD,
48 	IDMAP_MAP_TYPE_DS_NLDAP,
49 	IDMAP_MAP_TYPE_RULE_BASED,
50 	IDMAP_MAP_TYPE_EPHEMERAL,
51 	IDMAP_MAP_TYPE_LOCAL_SID,
52 	IDMAP_MAP_TYPE_KNOWN_SID,
53 	IDMAP_MAP_TYPE_IDMU
54 };
55 
56 
57 /* Source of ID mapping */
58 enum idmap_map_src {
59 	IDMAP_MAP_SRC_UNKNOWN = 0,
60 	IDMAP_MAP_SRC_NEW,
61 	IDMAP_MAP_SRC_CACHE,
62 	IDMAP_MAP_SRC_HARD_CODED,
63 	IDMAP_MAP_SRC_ALGORITHMIC
64 };
65 
66 
67 /* SID */
68 struct idmap_sid {
69 	string		prefix<>;
70 	uint32_t	rid;
71 };
72 
73 /* Identity (sid-posix) */
74 union idmap_id switch(idmap_id_type idtype) {
75 	case IDMAP_UID: uint32_t uid;
76 	case IDMAP_GID: uint32_t gid;
77 	case IDMAP_SID: idmap_sid sid;
78 	case IDMAP_USID: idmap_sid usid;
79 	case IDMAP_GSID: idmap_sid gsid;
80 	case IDMAP_NONE: void;
81 	case IDMAP_POSIXID: void;
82 };
83 
84 
85 /* Name-based mapping rules */
86 struct idmap_namerule {
87 	bool		is_user;
88 	bool		is_wuser;
89 	int		direction;
90 	idmap_utf8str	windomain;
91 	idmap_utf8str	winname;
92 	idmap_utf8str	unixname;
93 	bool		is_nt4;
94 };
95 struct idmap_namerules_res {
96 	idmap_retcode	retcode;
97 	uint64_t	lastrowid;
98 	idmap_namerule	rules<>;
99 };
100 
101 /* How ID is mapped */
102 struct idmap_how_ds_based {
103 	idmap_utf8str	dn;
104 	idmap_utf8str	attr;
105 	idmap_utf8str	value;
106 };
107 
108 union idmap_how switch(idmap_map_type map_type) {
109 	case IDMAP_MAP_TYPE_UNKNOWN: void;
110 	case IDMAP_MAP_TYPE_DS_AD: idmap_how_ds_based ad;
111 	case IDMAP_MAP_TYPE_DS_NLDAP: idmap_how_ds_based nldap;
112 	case IDMAP_MAP_TYPE_RULE_BASED: idmap_namerule rule;
113 	case IDMAP_MAP_TYPE_EPHEMERAL: void;
114 	case IDMAP_MAP_TYPE_LOCAL_SID: void;
115 	case IDMAP_MAP_TYPE_KNOWN_SID: void;
116 	case IDMAP_MAP_TYPE_IDMU: idmap_how_ds_based idmu;
117 };
118 
119 struct idmap_info {
120 	idmap_map_src	src;
121 	idmap_how	how;
122 };
123 
124 
125 /* Id result */
126 struct idmap_id_res {
127 	idmap_retcode	retcode;
128 	idmap_id	id;
129 	int		direction;
130 	idmap_info	info;
131 };
132 struct idmap_ids_res {
133 	idmap_retcode	retcode;
134 	idmap_id_res	ids<>;
135 };
136 
137 
138 /*
139  * Flag supported by mapping requests
140  */
141 
142 /* Don't allocate a new value for the mapping */
143 const IDMAP_REQ_FLG_NO_NEW_ID_ALLOC	= 0x00000001;
144 
145 /* Validate the given identity before mapping */
146 const IDMAP_REQ_FLG_VALIDATE		= 0x00000002;
147 
148 /* Avoid name service lookups to prevent looping */
149 const IDMAP_REQ_FLG_NO_NAMESERVICE	= 0x00000004;
150 
151 /* Request how a mapping was formed */
152 const IDMAP_REQ_FLG_MAPPING_INFO	= 0x00000008;
153 
154 /*
155  * This libidmap only flag is defined in idmap.h
156  * It enables use of the libidmap cache
157  * const IDMAP_REQ_FLG_USE_CACHE	= 0x00000010;
158  */
159 
160 /* Request mapping for well-known or local SIDs only */
161 const IDMAP_REQ_FLG_WK_OR_LOCAL_SIDS_ONLY	= 0x00000020;
162 
163 
164 /*
165  * Mapping direction definitions
166  */
167 const IDMAP_DIRECTION_UNDEF =	-1;	/* not defined */
168 const IDMAP_DIRECTION_BI =	0;	/* bi-directional */
169 const IDMAP_DIRECTION_W2U =	1;	/* windows to unix only */
170 const IDMAP_DIRECTION_U2W =	2;	/* unix to windows only */
171 
172 
173 /* Identity mappings (sid-posix) */
174 struct idmap_mapping {
175 	int32_t		flag;
176 	int		direction;
177 	idmap_id	id1;
178 	idmap_utf8str	id1domain;
179 	idmap_utf8str	id1name;
180 	idmap_id	id2;
181 	idmap_utf8str	id2domain;
182 	idmap_utf8str	id2name;
183 	idmap_info	info;
184 };
185 
186 typedef idmap_mapping	idmap_mapping_batch<>;
187 
188 struct idmap_mappings_res {
189 	idmap_retcode		retcode;
190 	uint64_t		lastrowid;
191 	idmap_mapping		mappings<>;
192 };
193 
194 
195 /* Update result */
196 struct idmap_update_res {
197 	idmap_retcode	retcode;
198 	int64_t	error_index;
199 	idmap_namerule	error_rule;
200 	idmap_namerule	conflict_rule;
201 };
202 
203 /* Update requests */
204 enum idmap_opnum {
205 	OP_NONE = 0,
206 	OP_ADD_NAMERULE = 1,
207 	OP_RM_NAMERULE = 2,
208 	OP_FLUSH_NAMERULES = 3
209 };
210 union idmap_update_op switch(idmap_opnum opnum) {
211 	case OP_ADD_NAMERULE:
212 	case OP_RM_NAMERULE:
213 		idmap_namerule rule;
214 	default:
215 		void;
216 };
217 typedef idmap_update_op idmap_update_batch<>;
218 
219 const AD_DISC_MAXHOSTNAME = 256;
220 
221 #ifndef _KERNEL
222 struct idmap_ad_disc_ds_t {
223 	int	port;
224 	int	priority;
225 	int	weight;
226 	char	host[AD_DISC_MAXHOSTNAME];
227 };
228 
229 
230 /* get-prop, set-prop */
231 enum idmap_prop_type {
232 	PROP_UNKNOWN = 0,
233 	PROP_LIST_SIZE_LIMIT = 1,
234 	PROP_DEFAULT_DOMAIN = 2,	/* default domain name */
235 	PROP_DOMAIN_NAME = 3,		/* AD domain name */
236 	PROP_MACHINE_SID = 4,		/* machine sid */
237 	PROP_DOMAIN_CONTROLLER = 5,	/* domain controller hosts */
238 	PROP_FOREST_NAME = 6,		/* forest name */
239 	PROP_SITE_NAME = 7,		/* site name */
240 	PROP_GLOBAL_CATALOG = 8,	/* global catalog hosts */
241 	PROP_AD_UNIXUSER_ATTR = 9,
242 	PROP_AD_UNIXGROUP_ATTR = 10,
243 	PROP_NLDAP_WINNAME_ATTR = 11,
244 	PROP_DIRECTORY_BASED_MAPPING = 12
245 };
246 
247 union idmap_prop_val switch(idmap_prop_type prop) {
248 	case PROP_LIST_SIZE_LIMIT:
249 		uint64_t intval;
250 	case PROP_DEFAULT_DOMAIN:
251 	case PROP_DOMAIN_NAME:
252 	case PROP_MACHINE_SID:
253 	case PROP_FOREST_NAME:
254 	case PROP_SITE_NAME:
255 	case PROP_AD_UNIXUSER_ATTR:
256 	case PROP_AD_UNIXGROUP_ATTR:
257 	case PROP_NLDAP_WINNAME_ATTR:
258 	case PROP_DIRECTORY_BASED_MAPPING:
259 		idmap_utf8str utf8val;
260 	case PROP_DOMAIN_CONTROLLER:
261 	case PROP_GLOBAL_CATALOG:
262 		idmap_ad_disc_ds_t dsval;
263 	default:
264 		void;
265 };
266 
267 struct idmap_prop_res {
268 	idmap_retcode	retcode;
269 	idmap_prop_val	value;
270 	bool		auto_discovered;
271 };
272 #endif
273 
274 enum idmap_flush_op {
275 	IDMAP_FLUSH_EXPIRE = 0,
276 	IDMAP_FLUSH_DELETE = 1
277 };
278 
279 /*
280  * Represents an error from the directory lookup service.
281  *
282  * code is an ASCII string that is a key for the error.  It is not
283  * localized.
284  *
285  * fmt is a format string with %n markers for where to include
286  * params[n-1].  It should be, but NEEDSWORK is not localized to
287  * the caller's locale.
288  *
289  * params is a list of parameters for the error - e.g. the name that
290  * encountered a failure, the server that reported the failure, et cetera.
291  * The values are to be used both as marked in fmt and for machine
292  * interpretation of the error.
293  */
294 struct directory_error_rpc {
295 	idmap_utf8str	code;
296 	idmap_utf8str	fmt;
297 	idmap_utf8str	params<>;
298 };
299 
300 /*
301  * One value of a multivalued attribute.
302  */
303 typedef opaque			directory_value_rpc<>;
304 
305 /*
306  * The value of an attribute, if found.  Note that this is a list
307  * of directory_value_rpc objects, to support multivalued attributes.
308  */
309 union directory_values_rpc switch (bool found) {
310 	case TRUE:
311 		directory_value_rpc values<>;
312 	case FALSE:
313 		void;
314 };
315 
316 /*
317  * The status of the lookup for any particular identifier.
318  */
319 enum directory_lookup_status_rpc {
320 	DIRECTORY_NOT_FOUND = 0,
321 	DIRECTORY_FOUND = 1,
322 	DIRECTORY_ERROR = 2
323 };
324 
325 /*
326  * This is the data returned for a particular identifier, either a
327  * list of attribute values or an error.
328  */
329 union directory_entry_rpc switch (directory_lookup_status_rpc status) {
330 	case DIRECTORY_NOT_FOUND:
331 		void;
332 	case DIRECTORY_FOUND:
333 		directory_values_rpc attrs<>;
334 	case DIRECTORY_ERROR:
335 		directory_error_rpc err;
336 };
337 
338 /*
339  * This is the result from a request, either a list of the entries for
340  * the identifiers specified, or an error.
341  */
342 union directory_results_rpc switch (bool failed) {
343 	case TRUE:
344 		directory_error_rpc	err;
345 	case FALSE:
346 		directory_entry_rpc	entries<>;
347 };
348 
349 program IDMAP_PROG {
350 	version IDMAP_V1 {
351 		void
352 		IDMAP_NULL(void) = 0;
353 
354 		/* Batch of requests to get mapped identities */
355 		idmap_ids_res
356 		IDMAP_GET_MAPPED_IDS(idmap_mapping_batch batch) = 1;
357 
358 		/* List all identity mappings */
359 		idmap_mappings_res
360 		IDMAP_LIST_MAPPINGS(int64_t lastrowid,
361 			uint64_t limit, int32_t flag) = 2;
362 
363 		/* List all name-based mapping rules */
364 		idmap_namerules_res
365 		IDMAP_LIST_NAMERULES(idmap_namerule rule,
366 			uint64_t lastrowid, uint64_t limit) = 3;
367 
368 		/* Batch of update requests */
369 		idmap_update_res
370 		IDMAP_UPDATE(idmap_update_batch batch) = 4;
371 
372 		/* Get mapped identity by name */
373 		idmap_mappings_res
374 		IDMAP_GET_MAPPED_ID_BY_NAME(idmap_mapping request) = 5;
375 
376 #ifndef _KERNEL
377 		/* Get configuration property */
378 		idmap_prop_res
379 		IDMAP_GET_PROP(idmap_prop_type) = 6;
380 #endif
381 		/*
382 		 * Retrieve directory information about a list of users
383 		 * or groups by name or SID.
384 		 *
385 		 * ids is a list of user names, group names, or SIDs.
386 		 *
387 		 * types is a list of types of the ids in the id list.
388 		 * If the type list is shorter than the id list, the last
389 		 * type listed applies to all of the ids from that point.
390 		 * The defined types are:
391 		 *     'n' - name (could be user or group)
392 		 *     'u' - user
393 		 *     'g' - group
394 		 *     's' - SID
395 		 *
396 		 * attrs is a list of attribute names to retrieve.
397 		 */
398 		directory_results_rpc DIRECTORY_GET_COMMON(
399 			idmap_utf8str_list ids,
400 			idmap_utf8str types,
401 			idmap_utf8str_list attrs) = 7;
402 
403 		idmap_retcode
404 		IDMAP_FLUSH(idmap_flush_op) = 8;
405 	} = 1;
406 } = 100172;
407