adutils.h revision cd37da7426f0c49c14ad9a8a07638ca971477566
1N/A * The contents of this file are subject to the terms of the 1N/A * Common Development and Distribution License (the "License"). 1N/A * You may not use this file except in compliance with the License. 1N/A * See the License for the specific language governing permissions 1N/A * and limitations under the License. 1N/A * When distributing Covered Code, include this CDDL HEADER in each 1N/A * If applicable, add the following below this CDDL HEADER, with the 1N/A * fields enclosed by brackets "[]" replaced with your own identifying 1N/A * information: Portions Copyright [yyyy] [name of copyright owner] 1N/A * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 1N/A * Use is subject to license terms. 1N/A#
pragma ident "%Z%%M% %I% %E% SMI" 1N/A * Processes name2sid & sid2name lookups for a given user or computer 1N/A * from an AD Difrectory server using GSSAPI authentication * idmapd interfaces stolen? from other idmapd code? * Eventually these should be an enum here, but instead we share a * namespace with other things in idmapd. * We use the port numbers for normal LDAP and global catalog LDAP as * the enum values for this enumeration. Clever? Silly? You decide. * Although we never actually use these enum values as port numbers and * never will, so this is just cute. * - an ad_t represents an AD partition * - a DS (hostname + port, if port != 0) can be added/removed from an ad_t * - and because libldap supports space-separated lists of servers, a * single hostname value can actually be a set of hostnames. * - an ad_t can be allocated, ref'ed and released; last release * - lookups are batched; see below. * Start a batch, add queries to the batch one by one (the output * pointers should all differ, so that a query's results don't clobber * any other's), end the batch to wait for replies for all outstanding * queries. The output parameters of each query are initialized to NULL * LDAP searches are sent one by one without waiting (i.e., blocking) * for replies. Replies are handled as soon as they are available. * Missing replies are waited for only when idmap_lookup_batch_end() is * If an add1 function returns != 0 then abort the batch by calling * idmap_lookup_batch_end(), but note that some queries may have been * answered, so check the result code of each query. /* Start a batch of lookups */ /* End a batch and release its idmap_query_state_t object */ /* Abandon a batch and release its idmap_query_state_t object */ * - 'dname' is optional; if NULL or empty string then 'name' has to be * a user/group name qualified wih a domainname (e.g., foo@domain), * else the 'name' must not be qualified and the domainname must be * - if 'rid' is NULL then the output SID string will include the last * RID, else it won't and the last RID value will be stored in *rid. * The caller must free() *sid. * - 'rid' is optional; if NULL then 'sid' is expected to have the * user/group RID present, else 'sid' is expected not to have it, and * *rid will be used to qualify the given 'sid' * - 'dname' is optional; if NULL then the fully qualified user/group * name will be stored in *name, else the domain name will be stored in * *dname and the user/group name will be stored in *name without a * The caller must free() *name and *dname (if present).