idmap_api.c revision 479ac37569625bae44ffb80071d4bc865fc710ed
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER START
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * The contents of this file are subject to the terms of the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Common Development and Distribution License (the "License").
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You may not use this file except in compliance with the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * See the License for the specific language governing permissions
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * and limitations under the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * When distributing Covered Code, include this CDDL HEADER in each
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * If applicable, add the following below this CDDL HEADER, with the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * fields enclosed by brackets "[]" replaced with your own identifying
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * information: Portions Copyright [yyyy] [name of copyright owner]
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER END
0dcc71495bad040a0c83830efc85acf8d897350dnw * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Use is subject to license terms.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#pragma ident "%Z%%M% %I% %E% SMI"
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * libidmap API
479ac37569625bae44ffb80071d4bc865fc710eddm/*LINTLIBRARY*/
479ac37569625bae44ffb80071d4bc865fc710eddm * The following structure determines where the log messages from idmapdlog()
479ac37569625bae44ffb80071d4bc865fc710eddm * go to. It can be stderr (idmap, idmapd -d) and/or syslog (idmapd).
479ac37569625bae44ffb80071d4bc865fc710eddm * logstate.max_pri is integer cutoff necessary to silence low-priority
479ac37569625bae44ffb80071d4bc865fc710eddm * messages to stderr. Syslog has its own means so there a boolean
479ac37569625bae44ffb80071d4bc865fc710eddm * logstate.write_syslog is enough.
479ac37569625bae44ffb80071d4bc865fc710eddm * logstate.degraded is a mode used by idmapd in its degraded state.
479ac37569625bae44ffb80071d4bc865fc710eddmstatic struct {
479ac37569625bae44ffb80071d4bc865fc710eddmstatic idmap_stat idmap_strdupnull(char **, const char *);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#define __ITER_ERR_RETURN(itera, argu, xdr_argu, iretcod)\
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Free memory allocated by libidmap API
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * ptr - memory to be freed
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Create and Initialize idmap client handle for rpc/doors
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * handle - idmap handle
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * clnt_door_call() alloca()s sendsz bytes (twice too, once for
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * the call args buffer and once for the call result buffer), so
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * we want to pick a sendsz that will be large enough, but not
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * too large.
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * Estimate how much stack space is left;
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * st.ss_sp is the top of stack.
d3a612ca42c17c3baa6c96ded00f98db349cc881nw /* stack grows up */
d3a612ca42c17c3baa6c96ded00f98db349cc881nw /* stack grows down */
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * Take much of the stack space left, divided by two,
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * but leave enough for our needs (just a guess!), and
d3a612ca42c17c3baa6c96ded00f98db349cc881nw * if we can't, then roll the dice.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Finalize idmap handle
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * handle - idmap handle
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_get_prop(idmap_handle_t *handle, idmap_prop_type pr, idmap_prop_res *res)
479ac37569625bae44ffb80071d4bc865fc710eddm return (res->retcode); /* This might not be IDMAP_SUCCESS! */
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_get_prop_ds(idmap_handle_t *handle, idmap_prop_type pr,
479ac37569625bae44ffb80071d4bc865fc710eddm return (rc);
479ac37569625bae44ffb80071d4bc865fc710eddm (void) strlcpy(dc->host, res.value.idmap_prop_val_u.dsval.host,
479ac37569625bae44ffb80071d4bc865fc710eddm /* xdr doesn't guarantee 0-termination of char[]: */
479ac37569625bae44ffb80071d4bc865fc710eddm return (rc);
479ac37569625bae44ffb80071d4bc865fc710eddm * Sometimes the property is not set. In that case, str is set to NULL but
479ac37569625bae44ffb80071d4bc865fc710eddm * otherwise IDMAP_SUCCESS is returned.
479ac37569625bae44ffb80071d4bc865fc710eddmidmap_get_prop_str(idmap_handle_t *handle, idmap_prop_type pr, char **str)
479ac37569625bae44ffb80071d4bc865fc710eddm return (rc);
479ac37569625bae44ffb80071d4bc865fc710eddm rc = idmap_strdupnull(str, res.value.idmap_prop_val_u.utf8val);
479ac37569625bae44ffb80071d4bc865fc710eddm return (rc);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Create/Initialize handle for updates
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * udthandle - update handle
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_udt_create(idmap_handle_t *handle, idmap_udt_handle_t **udthandle)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * All the updates specified by the update handle are committed
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * in a single transaction. i.e either all succeed or none.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * udthandle - update handle with the update requests
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Return value:
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Status of the commit
cd37da7426f0c49c14ad9a8a07638ca971477566nw (xdrproc_t)xdr_idmap_update_batch, (caddr_t)&udthandle->batch,
651c0131ccc65381cbda174bee44a4fd7a518d6bbaban /* reset handle so that it can be used again */
8e22821528b08c6dba4e8176351560f316f6d0dedmstatic void
8e22821528b08c6dba4e8176351560f316f6d0dedmidmap_namerule_parts_clear(char **windomain, char **winname,
cd37da7426f0c49c14ad9a8a07638ca971477566nw char **unixname, boolean_t *is_user, boolean_t *is_wuser,
cd37da7426f0c49c14ad9a8a07638ca971477566nw char **unixname, boolean_t *is_user, boolean_t *is_wuser,
8e22821528b08c6dba4e8176351560f316f6d0dedm if (EMPTY_STRING(rule->winname) && EMPTY_STRING(rule->unixname))
8e22821528b08c6dba4e8176351560f316f6d0dedm * Retrieve the index of the failed batch element. error_index == -1
8e22821528b08c6dba4e8176351560f316f6d0dedm * indicates failure at the beginning, -2 at the end.
8e22821528b08c6dba4e8176351560f316f6d0dedm * If idmap_udt_commit didn't return error, the returned value is undefined.
8e22821528b08c6dba4e8176351560f316f6d0dedm * Return value:
8e22821528b08c6dba4e8176351560f316f6d0dedm * IDMAP_SUCCESS
8e22821528b08c6dba4e8176351560f316f6d0dedm * Retrieve the rule which caused the batch to fail. If
8e22821528b08c6dba4e8176351560f316f6d0dedm * idmap_udt_commit didn't return error or if error_index is < 0, the
8e22821528b08c6dba4e8176351560f316f6d0dedm * retrieved rule is undefined.
8e22821528b08c6dba4e8176351560f316f6d0dedm * Return value:
8e22821528b08c6dba4e8176351560f316f6d0dedm * IDMAP_ERR_NORESULT if there is no error rule.
8e22821528b08c6dba4e8176351560f316f6d0dedm * IDMAP_SUCCESS if the rule was obtained OK.
8e22821528b08c6dba4e8176351560f316f6d0dedm * other error code (IDMAP_ERR_NOMEMORY etc)
cd37da7426f0c49c14ad9a8a07638ca971477566nw char **unixname, boolean_t *is_user, boolean_t *is_wuser,
8e22821528b08c6dba4e8176351560f316f6d0dedm * Retrieve the rule with which there was a conflict. TODO: retrieve
8e22821528b08c6dba4e8176351560f316f6d0dedm * the value.
8e22821528b08c6dba4e8176351560f316f6d0dedm * Return value:
8e22821528b08c6dba4e8176351560f316f6d0dedm * IDMAP_ERR_NORESULT if there is no error rule.
8e22821528b08c6dba4e8176351560f316f6d0dedm * IDMAP_SUCCESS if the rule was obtained OK.
8e22821528b08c6dba4e8176351560f316f6d0dedm * other error code (IDMAP_ERR_NOMEMORY etc)
8e22821528b08c6dba4e8176351560f316f6d0dedmidmap_udt_get_conflict_rule(idmap_udt_handle_t *udthandle,
cd37da7426f0c49c14ad9a8a07638ca971477566nw char **unixname, boolean_t *is_user, boolean_t *is_wuser,
8e22821528b08c6dba4e8176351560f316f6d0dedm if (udthandle->commit_stat != IDMAP_ERR_W2U_NAMERULE_CONFLICT &&
8e22821528b08c6dba4e8176351560f316f6d0dedm udthandle->commit_stat != IDMAP_ERR_U2W_NAMERULE_CONFLICT) {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Destroy the update handle
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw (void) xdr_free(xdr_idmap_update_batch, (caddr_t)&udthandle->batch);
8e22821528b08c6dba4e8176351560f316f6d0dedm (void) xdr_free(xdr_idmap_namerule, (caddr_t)&udthandle->error_rule);
8e22821528b08c6dba4e8176351560f316f6d0dedm (void) xdr_free(xdr_idmap_namerule, (caddr_t)&udthandle->conflict_rule);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_udt_add_namerule(idmap_udt_handle_t *udthandle, const char *windomain,
cd37da7426f0c49c14ad9a8a07638ca971477566nw boolean_t is_user, boolean_t is_wuser, const char *winname,
651c0131ccc65381cbda174bee44a4fd7a518d6bbaban udthandle->batch.idmap_update_batch_val[udthandle->next].opnum =
651c0131ccc65381cbda174bee44a4fd7a518d6bbaban /* The batch should still be usable */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* ARGSUSED */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_udt_rm_namerule(idmap_udt_handle_t *udthandle, boolean_t is_user,
cd37da7426f0c49c14ad9a8a07638ca971477566nw boolean_t is_wuser, const char *windomain, const char *winname,
651c0131ccc65381cbda174bee44a4fd7a518d6bbaban udthandle->batch.idmap_update_batch_val[udthandle->next].opnum =
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* ARGSUSED */
651c0131ccc65381cbda174bee44a4fd7a518d6bbaban udthandle->batch.idmap_update_batch_val[udthandle->next].opnum =
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Set the number of entries requested per batch by the iterator
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * iter - iterator
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * limit - number of entries requested per batch
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Create iterator to get name-based mapping rules
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * windomain - Windows domain
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * is_user - user or group rules
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * winname - Windows user or group name
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * unixname - Unix user or group name
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * iter - iterator
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_iter_namerules(idmap_handle_t *handle, const char *windomain,
cd37da7426f0c49c14ad9a8a07638ca971477566nw boolean_t is_user, boolean_t is_wuser, const char *winname,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw __ITER_CREATE(tmpiter, arg, handle, IDMAP_LIST_NAMERULES);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Iterate through the name-based mapping rules
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * iter - iterator
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * windomain - Windows domain
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * winname - Windows user or group name
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * unixname - Unix user or group name
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * is_nt4 - NT4 or AD
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * direction - bi(0), win2unix(1), unix2win(2)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Return value:
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * 0 - done
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * 1 - more results available
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * < 0 - error
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_iter_next_namerule(idmap_iter_t *iter, char **windomain,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if (namerules == NULL || namerules->rules.rules_len == 0)
cd37da7426f0c49c14ad9a8a07638ca971477566nw *is_user = namerules->rules.rules_val[iter->next].is_user;
cd37da7426f0c49c14ad9a8a07638ca971477566nw *is_wuser = namerules->rules.rules_val[iter->next].is_wuser;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *direction = namerules->rules.rules_val[iter->next].direction;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Create iterator to get SID to UID/GID mappings
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * iter - iterator
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejpidmap_iter_mappings(idmap_handle_t *handle, idmap_iter_t **iter, int flag)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw __ITER_CREATE(tmpiter, arg, handle, IDMAP_LIST_MAPPINGS);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Iterate through the SID to UID/GID mappings
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * iter - iterator
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid - SID in canonical form
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * pid - UID or GID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Return value:
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * 0 - done
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * 1 - more results available
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * < 0 - error
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_iter_next_mapping(idmap_iter_t *iter, char **sidprefix,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if (mappings == NULL || mappings->mappings.mappings_len == 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw *direction = mappings->mappings.mappings_val[iter->next].
cd37da7426f0c49c14ad9a8a07638ca971477566nw *is_user = (mappings->mappings.mappings_val[iter->next].id2
cd37da7426f0c49c14ad9a8a07638ca971477566nw *is_wuser = (mappings->mappings.mappings_val[iter->next].id1
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Destroy the iterator
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw _xdr_argument = (xdrproc_t)xdr_idmap_list_namerules_1_argument;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw _xdr_argument = (xdrproc_t)xdr_idmap_list_mappings_1_argument;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Create handle to get SID to UID/GID mapping entries
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * gh - "get mapping" handle
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_get_create(idmap_handle_t *handle, idmap_get_handle_t **gh)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* sanity checks */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* allocate the handle */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given SID, get UID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sidprefix - SID prefix
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * flag - flag
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * uid - POSIX UID if stat = 0
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_get_uidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp return (idmap_getext_uidbysid(gh, sidprefix, rid, flag, uid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Given SID, get UID
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * sidprefix - SID prefix
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * rid - RID
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * flag - flag
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * stat - status of the get request
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * uid - POSIX UID if stat = 0
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * how - mapping type if stat = 0
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Note: The output parameters will be set by idmap_get_mappings()
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejpidmap_getext_uidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp int flag, uid_t *uid, idmap_info *info, idmap_stat *stat)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* sanity checks */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Extend the request array and the return list */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup the request */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if ((mapping->id1.idmap_id_u.sid.prefix = strdup(sidprefix)) == NULL) {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup pointers for the result */
651c0131ccc65381cbda174bee44a4fd7a518d6bbaban /* Batch created so far should still be usable */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given SID, get GID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sidprefix - SID prefix
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - rid
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * flag - flag
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * gid - POSIX GID if stat = 0
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_get_gidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp return (idmap_getext_gidbysid(gh, sidprefix, rid, flag, gid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Given SID, get GID
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * sidprefix - SID prefix
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * rid - rid
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * flag - flag
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * stat - status of the get request
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * gid - POSIX GID if stat = 0
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * how - mapping type if stat = 0
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Note: The output parameters will be set by idmap_get_mappings()
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejpidmap_getext_gidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp int flag, gid_t *gid, idmap_info *info, idmap_stat *stat)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* sanity checks */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Extend the request array and the return list */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup the request */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if ((mapping->id1.idmap_id_u.sid.prefix = strdup(sidprefix)) == NULL) {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup pointers for the result */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given SID, get POSIX ID i.e. UID/GID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sidprefix - SID prefix
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - rid
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * flag - flag
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * is_user - user or group
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * pid - POSIX UID if stat = 0 and is_user = 1
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * POSIX GID if stat = 0 and is_user = 0
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_get_pidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp return (idmap_getext_pidbysid(gh, sidprefix, rid, flag, pid, is_user,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Given SID, get POSIX ID i.e. UID/GID
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * sidprefix - SID prefix
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * rid - rid
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * flag - flag
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * stat - status of the get request
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * is_user - user or group
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * pid - POSIX UID if stat = 0 and is_user = 1
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * POSIX GID if stat = 0 and is_user = 0
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * how - mapping type if stat = 0
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Note: The output parameters will be set by idmap_get_mappings()
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejpidmap_getext_pidbysid(idmap_get_handle_t *gh, char *sidprefix, idmap_rid_t rid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp int flag, uid_t *pid, int *is_user, idmap_info *info, idmap_stat *stat)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* sanity checks */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Extend the request array and the return list */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup the request */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if ((mapping->id1.idmap_id_u.sid.prefix = strdup(sidprefix)) == NULL) {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup pointers for the result */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given UID, get SID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * uid - POSIX UID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * flag - flag
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid - SID prefix (if stat == 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - rid
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_get_sidbyuid(idmap_get_handle_t *gh, uid_t uid, int flag,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp return (idmap_getext_sidbyuid(gh, uid, flag, sidprefix, rid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Given UID, get SID
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * uid - POSIX UID
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * flag - flag
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * stat - status of the get request
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * sid - SID prefix (if stat == 0)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * rid - rid
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * how - mapping type if stat = 0
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Note: The output parameters will be set by idmap_get_mappings()
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejpidmap_getext_sidbyuid(idmap_get_handle_t *gh, uid_t uid, int flag,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp char **sidprefix, idmap_rid_t *rid, idmap_info *info, idmap_stat *stat)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* sanity checks */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Extend the request array and the return list */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup the request */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup pointers for the result */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given GID, get SID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * gid - POSIX GID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * flag - flag
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sidprefix - SID prefix (if stat == 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - rid
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwidmap_get_sidbygid(idmap_get_handle_t *gh, gid_t gid, int flag,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp return (idmap_getext_sidbygid(gh, gid, flag, sidprefix, rid,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Given GID, get SID
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * gid - POSIX GID
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * flag - flag
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * stat - status of the get request
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * sidprefix - SID prefix (if stat == 0)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * rid - rid
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * how - mapping type if stat = 0
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * Note: The output parameters will be set by idmap_get_mappings()
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejpidmap_getext_sidbygid(idmap_get_handle_t *gh, gid_t gid, int flag,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp char **sidprefix, idmap_rid_t *rid, idmap_info *info, idmap_stat *stat)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* sanity checks */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Extend the request array and the return list */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if ((retcode = _get_ids_extend_batch(gh)) != IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup the request */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Setup pointers for the result */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Process the batched "get mapping" requests. The results (i.e.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * status and identity) will be available in the data areas
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * provided by individual requests.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Destroy the "get mapping" handle
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw (void) xdr_free(xdr_idmap_mapping_batch, (caddr_t)&gh->batch);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Get windows to unix mapping
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp uid_t *pid, char **unixname, int *direction, idmap_info *info)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw } else if (winname) {
8e22821528b08c6dba4e8176351560f316f6d0dedm retcode = idmap_strdupnull(&request.id1domain, windomain);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw else if (*is_user == 0)
cd37da7426f0c49c14ad9a8a07638ca971477566nw else if (*is_wuser == 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Get unix to windows mapping
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw } else if (unixname) {
cd37da7426f0c49c14ad9a8a07638ca971477566nw else if (*is_wuser == 0)
8edda6281c84e0632a22f9c8dbf0d6f1558878ebbaban if (sidprefix && mapping->id2.idmap_id_u.sid.prefix &&
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#define gettext(s) s
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw {IDMAP_ERR_NORESULT, gettext("No results available"), EINVAL},
651c0131ccc65381cbda174bee44a4fd7a518d6bbaban {IDMAP_ERR_NOTSUPPORTED, gettext("Operation not supported"), ENOTSUP},
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw gettext("Invalid Windows to UNIX name-based rule"), EINVAL},
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw gettext("Invalid UNIX to Windows name-based rule"), EINVAL},
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw {IDMAP_ERR_IDTYPE, gettext("Invalid identity type"), EINVAL},
651c0131ccc65381cbda174bee44a4fd7a518d6bbaban {IDMAP_ERR_RPC_HANDLE, gettext("Bad RPC handle"), EBADF},
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw {IDMAP_ERR_CLIENT_HANDLE, gettext("Bad client handle"), EINVAL},
8edda6281c84e0632a22f9c8dbf0d6f1558878ebbaban {IDMAP_ERR_PERMISSION_DENIED, gettext("Permission denied"), EACCES},
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw {IDMAP_ERR_DOMAIN_NOTFOUND, gettext("Domain not found"), EINVAL},
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw {IDMAP_ERR_UPDATE_NOTALLOWED, gettext("Update not allowed"), EINVAL},
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw {IDMAP_ERR_CFG_CHANGE, gettext("Invalid configuration change"), EINVAL},
62c6006265c37877b7a5b3c8ffce913ef559b955baban gettext("Duplicate rule or conflicts with an existing "
62c6006265c37877b7a5b3c8ffce913ef559b955baban gettext("Duplicate rule or conflicts with an existing "
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp gettext("Mapping not found and none created (see -c option)"),
479ac37569625bae44ffb80071d4bc865fc710eddm gettext("Improper winname form found in Native LDAP"), EINVAL},
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Get description of status code
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * status - Status code returned by libidmap API call
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Return Value:
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * human-readable localized description of idmap_stat
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* ARGSUSED */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwconst char *
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_stat2string(idmap_handle_t *handle, idmap_stat status)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Get status code from string
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#define return_cmp(a) \
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (IDMAP_ERR_ ## a);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Map the given status to one that can be returned by the protocol
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw switch (status) {
c5a946bac9ff4ebd4d874e1c94d41a5ffcbad287baban * This is a convenience routine which duplicates a string after
c5a946bac9ff4ebd4d874e1c94d41a5ffcbad287baban * checking for NULL pointers. This function will return success if
c5a946bac9ff4ebd4d874e1c94d41a5ffcbad287baban * either the 'to' OR 'from' pointers are NULL.
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_namerule_cpy(idmap_namerule *to, idmap_namerule *from)
8e22821528b08c6dba4e8176351560f316f6d0dedm retval = idmap_strdupnull(&to->windomain, from->windomain);
8e22821528b08c6dba4e8176351560f316f6d0dedm retval = idmap_strdupnull(&to->unixname, from->unixname);
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejpidmap_how_ds_based_cpy(idmap_how_ds_based *to, idmap_how_ds_based *from)
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp retval = idmap_how_ds_based_cpy(&to->how.idmap_how_u.nldap,
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * This routine is similar to idmap_info_cpy, but the strings
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * are moved from the "from" info to the "to" info.
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * This routine is equivelent of:
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * idmap_info_cpy(to,from);
48258c6b4e17f36ab09fba0bd6307d1fec9dcbcejp * idmap_info_free(from);
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * Get uid given Windows name
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_getuidbywinname(const char *name, const char *domain, uid_t *uid)
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban /* Get mapping */
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban rc = idmap_get_w2u_mapping(ih, NULL, NULL, name, domain, 0,
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * XXX Until we have diagonal mapping support, check if
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * the given name belongs to a user
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * Get gid given Windows name
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_getgidbywinname(const char *name, const char *domain, gid_t *gid)
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban /* Get mapping */
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban rc = idmap_get_w2u_mapping(ih, NULL, NULL, name, domain, 0,
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * XXX Until we have diagonal mapping support, check if
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * the given name belongs to a group
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * Get winname given pid
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_getwinnamebypid(uid_t pid, int is_user, char **name, char **domain)
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban /* Get mapping */
cd37da7426f0c49c14ad9a8a07638ca971477566nw rc = idmap_get_u2w_mapping(ih, &pid, NULL, 0, is_user, NULL, NULL,
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban /* Return on error */
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * The given PID may have been mapped to a locally
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * generated SID in which case there isn't any
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * Windows name
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * Get winname given uid
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_getwinnamebyuid(uid_t uid, char **name, char **domain)
dd5829d1456ba00e6f704e6a88e7eaae608e3c1bbaban * Get winname given gid
cd37da7426f0c49c14ad9a8a07638ca971477566nwidmap_getwinnamebygid(gid_t gid, char **name, char **domain)
479ac37569625bae44ffb80071d4bc865fc710eddm/* printflike */
479ac37569625bae44ffb80071d4bc865fc710eddm * We don't want to fill up the logs with useless messages when
479ac37569625bae44ffb80071d4bc865fc710eddm * we're degraded, but we still want to log.