idmap/idmapd/adutils.h

c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER START
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * The contents of this file are subject to the terms of the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Common Development and Distribution License (the "License").
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You may not use this file except in compliance with the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * or http://www.opensolaris.org/os/licensing.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * See the License for the specific language governing permissions
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * and limitations under the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * When distributing Covered Code, include this CDDL HEADER in each
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * If applicable, add the following below this CDDL HEADER, with the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * fields enclosed by brackets "[]" replaced with your own identifying
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * information: Portions Copyright [yyyy] [name of copyright owner]
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER END
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#ifndef _ADUTILS_H
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#define _ADUTILS_H
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#ifdef __cplusplus
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwextern "C" {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Processes name2sid & sid2name lookups for a given user or computer
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * from an AD Difrectory server using GSSAPI authentication
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <stdio.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <stdlib.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <unistd.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <lber.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <ldap.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <sasl/sasl.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <string.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <ctype.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <sys/types.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <time.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <thread.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <synch.h>
9b214d32697277d03ed2e5d98c4a7bfef16dcf4dJordan Brown#include <rpcsvc/idmap_prot.h>
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkre#include "libadutils.h"
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <sys/idmap.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * idmapd interfaces stolen? from other idmapd code?
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwtypedef uint32_t rid_t;
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desaitypedef uid_t posix_id_t;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwtypedef struct idmap_query_state idmap_query_state_t;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkreint idmap_add_ds(adutils_ad_t *ad, const char *host, int port);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Batch lookups
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Start a batch, add queries to the batch one by one (the output
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * pointers should all differ, so that a query's results don't clobber
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * any other's), end the batch to wait for replies for all outstanding
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * queries.  The output parameters of each query are initialized to NULL
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * or -1 as appropriate.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * LDAP searches are sent one by one without waiting (i.e., blocking)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * for replies.  Replies are handled as soon as they are available.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Missing replies are waited for only when idmap_lookup_batch_end() is
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * called.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * If an add1 function returns != 0 then abort the batch by calling
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * idmap_lookup_batch_end(), but note that some queries may have been
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * answered, so check the result code of each query.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* Start a batch of lookups */
2b4a78020b9c38d1b95e2f3fefa6d6e4be382d1fBaban Kenkreidmap_retcode idmap_lookup_batch_start(adutils_ad_t *ad, int nqueries,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    int directory_based_mapping, const char *default_domain,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai    idmap_query_state_t **state);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* End a batch and release its idmap_query_state_t object */
0dcc71495bad040a0c83830efc85acf8d897350dnwidmap_retcode idmap_lookup_batch_end(idmap_query_state_t **state);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* Abandon a batch and release its idmap_query_state_t object */
84decf41e1c0970e397cc8710dfcf81db5b8c6dajpvoid idmap_lookup_release_batch(idmap_query_state_t **state);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Add a name->SID lookup
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  - 'dname' is optional; if NULL or empty string then 'name' has to be
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  a user/group name qualified wih a domainname (e.g., foo@domain),
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  else the 'name' must not be qualified and the domainname must be
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  passed in 'dname'.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  - if 'rid' is NULL then the output SID string will include the last
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  RID, else it won't and the last RID value will be stored in *rid.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  The caller must free() *sid.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_retcode idmap_name2sid_batch_add1(idmap_query_state_t *state,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        const char *name, const char *dname, idmap_id_type esidtype,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        char **dn, char **attr, char **value, char **canonname,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        char **sid, rid_t *rid, idmap_id_type *sid_type,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        char **unixname,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        posix_id_t *pid, idmap_retcode *rc);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/*
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Add a SID->name lookup
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  - 'rid' is optional; if NULL then 'sid' is expected to have the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  user/group RID present, else 'sid' is expected not to have it, and
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  *rid will be used to qualify the given 'sid'
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  - 'dname' is optional; if NULL then the fully qualified user/group
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  name will be stored in *name, else the domain name will be stored in
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  *dname and the user/group name will be stored in *name without a
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  domain qualifier.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *  The caller must free() *name and *dname (if present).
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_retcode idmap_sid2name_batch_add1(idmap_query_state_t *state,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        const char *sid, const rid_t *rid, idmap_id_type esidtype,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        char **dn, char **attr, char **value, char **name,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        char **dname, idmap_id_type *sid_type, char **unixname,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        posix_id_t *pid, idmap_retcode *rc);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban/*
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * Add a unixname->SID lookup
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babanidmap_retcode idmap_unixname2sid_batch_add1(idmap_query_state_t *state,
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        const char *unixname, int is_user, int is_wuser,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp        char **dn, char **attr, char **value, char **sid, rid_t *rid,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        char **name, char **dname, idmap_id_type *sid_type,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        idmap_retcode *rc);
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai/*
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai * Add a PID->SID lookup
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai */
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desaiidmap_retcode idmap_pid2sid_batch_add1(idmap_query_state_t *state,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        posix_id_t pid, int is_user,
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai        char **dn, char **attr, char **value, char **sid, rid_t *rid,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        char **name, char **dname, idmap_id_type *sid_type,
148c5f43199ca0b43fc8e3b643aab11cd66ea327Alan Wright        idmap_retcode *rc);
e3f2c991a8548408db0a2787bd8b43d5124821d3Keyur Desai
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban/*
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban * Set unixname attribute names for the batch for AD-based name mapping
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban */
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3babanvoid idmap_lookup_batch_set_unixattr(idmap_query_state_t *state,
e8c27ec857e6e2db8c4fe56938b70a89b5bed9f3baban        const char *unixuser_attr, const char *unixgroup_attr);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#ifdef __cplusplus
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw}
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif  /* _ADUTILS_H */